psquery.c File Reference

#include "psp.h"
#include "winerror.h"

Go to the source code of this file.

Defines
#define	WS_CATCH_SIZE   8192
#define	WS_OVERHEAD   16
#define	MAX_WS_CATCH_INDEX   (((WS_CATCH_SIZE-WS_OVERHEAD)/sizeof(PROCESS_WS_WATCH_INFORMATION)) - 2)
Functions
NTSTATUS	PsConvertToGuiThread (VOID)
NTSTATUS	PspQueryWorkingSetWatch (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS	PspQueryQuotaLimits (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS	PspQueryPooledQuotaLimits (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS	PspSetQuotaLimits (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength, IN KPROCESSOR_MODE PreviousMode)
NTSTATUS	PspSetPrimaryToken (IN HANDLE ProcessHandle, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN TokenPointer OPTIONAL)
NTSTATUS	NtQueryInformationProcess (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL)
NTSTATUS	NtSetInformationProcess (IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength)
NTSTATUS	NtQueryInformationThread (IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL)
NTSTATUS	NtSetInformationThread (IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength)
NTSTATUS	PsWatchWorkingSet (IN NTSTATUS Status, IN PVOID PcValue, IN PVOID Va)
NTKERNELAPI VOID	PsEstablishWin32Callouts (IN PKWIN32_PROCESS_CALLOUT ProcessCallout, IN PKWIN32_THREAD_CALLOUT ThreadCallout, IN PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout, IN PKWIN32_POWEREVENT_CALLOUT PowerEventCallout, IN PKWIN32_POWERSTATE_CALLOUT PowerStateCallout, IN PKWIN32_JOB_CALLOUT JobCallout, IN PVOID BatchFlushRoutine)
VOID	PsSetProcessPriorityByClass (IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE PriorityMode)
Variables
KMUTANT	ObpInitKillMutant
PEPROCESS	ExpDefaultErrorPortProcess
BOOLEAN	PsWatchEnabled
KPRIORITY	PspPriorityTable [PROCESS_PRIORITY_CLASS_ABOVE_NORMAL+1] = {8,4,8,13,24,6,10}
PKWIN32_PROCESS_CALLOUT	PspW32ProcessCallout
PKWIN32_THREAD_CALLOUT	PspW32ThreadCallout
PKWIN32_JOB_CALLOUT	PspW32JobCallout
PKWIN32_POWEREVENT_CALLOUT	PopEventCallout
PKWIN32_POWERSTATE_CALLOUT	PopStateCallout

---

Define Documentation

#define MAX_WS_CATCH_INDEX   (((WS_CATCH_SIZE-WS_OVERHEAD)/sizeof(PROCESS_WS_WATCH_INFORMATION)) - 2)

Definition at line 50 of file psquery.c. Referenced by NtSetInformationProcess(), and PspQueryWorkingSetWatch().

#define WS_CATCH_SIZE   8192

Definition at line 48 of file psquery.c. Referenced by NtSetInformationProcess().

#define WS_OVERHEAD   16

Definition at line 49 of file psquery.c.

---

Function Documentation

NTSTATUS NtQueryInformationProcess (  IN HANDLE  ProcessHandle, IN PROCESSINFOCLASS  ProcessInformationClass, OUT PVOID  ProcessInformation, IN ULONG  ProcessInformationLength, OUT PULONG ReturnLength  OPTIONAL )

Definition at line 531 of file psquery.c. References DebugPort, EXCEPTION_EXECUTE_HANDLER, Executive, FALSE, _HANDLE_TABLE::HandleCount, KeMaximumIncrement, KeReleaseMutant(), KernelMode, KeWaitForSingleObject(), KPROCESSOR_MODE, NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObpInitKillMutant, ObQueryDeviceMapInformation(), ObReferenceObjectByHandle(), PAGE_SHIFT, PAGED_CODE, PagedPool, ProbeForWrite(), ProbeForWriteUlong, PspQueryLdtInformation(), PspQueryPooledQuotaLimits(), PspQueryQuotaLimits(), PspQueryWorkingSetWatch(), and PsProcessType. Referenced by _EndTask(), CreateCtrlThread(), GetHardErrorText(), GetNetworkDrives(), UserClientShutdown(), and WaitForInputIdle(). { PEPROCESS Process; KPROCESSOR_MODE PreviousMode; NTSTATUS st; PROCESS_BASIC_INFORMATION BasicInfo; VM_COUNTERS VmCounters; IO_COUNTERS IoCounters; KERNEL_USER_TIMES SysUserTime; HANDLE DebugPort; ULONG HandleCount; ULONG DefaultHardErrorMode; HANDLE Wx86Info; PHANDLE_TABLE Ht; ULONG DisableBoost; PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo; PROCESS_SESSION_INFORMATION SessionInfo; PROCESS_PRIORITY_CLASS PriorityClass; ULONG_PTR Wow64Info; PAGED_CODE(); // // Get previous processor mode and probe output argument if necessary. // PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { try { ProbeForWrite(ProcessInformation, ProcessInformationLength, sizeof(ULONG)); if (ARGUMENT_PRESENT(ReturnLength)) { ProbeForWriteUlong(ReturnLength); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } // // Check argument validity. // switch ( ProcessInformationClass ) { case ProcessWorkingSetWatch: return PspQueryWorkingSetWatch( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength, PreviousMode ); case ProcessBasicInformation: if ( ProcessInformationLength != (ULONG) sizeof(PROCESS_BASIC_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } BasicInfo.ExitStatus = Process->ExitStatus; BasicInfo.PebBaseAddress = Process->Peb; BasicInfo.AffinityMask = Process->Pcb.Affinity; BasicInfo.BasePriority = Process->Pcb.BasePriority; BasicInfo.UniqueProcessId = (ULONG_PTR)Process->UniqueProcessId; BasicInfo.InheritedFromUniqueProcessId = (ULONG_PTR)Process->InheritedFromUniqueProcessId; ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PPROCESS_BASIC_INFORMATION) ProcessInformation = BasicInfo; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(PROCESS_BASIC_INFORMATION); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessDefaultHardErrorMode: if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } DefaultHardErrorMode = Process->DefaultHardErrorProcessing; ObDereferenceObject(Process); try { *(PULONG) ProcessInformation = DefaultHardErrorMode; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessQuotaLimits: return PspQueryQuotaLimits( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength, PreviousMode ); case ProcessPooledUsageAndLimits: return PspQueryPooledQuotaLimits( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength, PreviousMode ); case ProcessIoCounters: if ( ProcessInformationLength != (ULONG) sizeof(IO_COUNTERS) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } IoCounters.ReadOperationCount = Process->ReadOperationCount.QuadPart; IoCounters.WriteOperationCount = Process->WriteOperationCount.QuadPart; IoCounters.OtherOperationCount = Process->OtherOperationCount.QuadPart; IoCounters.ReadTransferCount = Process->ReadTransferCount.QuadPart; IoCounters.WriteTransferCount = Process->WriteTransferCount.QuadPart; IoCounters.OtherTransferCount = Process->OtherTransferCount.QuadPart; ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PIO_COUNTERS) ProcessInformation = IoCounters; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(IO_COUNTERS); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessVmCounters: if ( ProcessInformationLength != (ULONG) sizeof(VM_COUNTERS) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // Note: At some point, we might have to grab the statistics // lock to reliably read this stuff // VmCounters.PeakVirtualSize = Process->PeakVirtualSize; VmCounters.VirtualSize = Process->VirtualSize; VmCounters.PageFaultCount = Process->Vm.PageFaultCount; VmCounters.PeakWorkingSetSize = Process->Vm.PeakWorkingSetSize << PAGE_SHIFT; VmCounters.WorkingSetSize = Process->Vm.WorkingSetSize << PAGE_SHIFT; VmCounters.QuotaPeakPagedPoolUsage = Process->QuotaPeakPoolUsage[PagedPool]; VmCounters.QuotaPagedPoolUsage = Process->QuotaPoolUsage[PagedPool]; VmCounters.QuotaPeakNonPagedPoolUsage = Process->QuotaPeakPoolUsage[NonPagedPool]; VmCounters.QuotaNonPagedPoolUsage = Process->QuotaPoolUsage[NonPagedPool]; VmCounters.PagefileUsage = Process->PagefileUsage << PAGE_SHIFT; VmCounters.PeakPagefileUsage = Process->PeakPagefileUsage << PAGE_SHIFT; ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PVM_COUNTERS) ProcessInformation = VmCounters; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(VM_COUNTERS); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessTimes: if ( ProcessInformationLength != (ULONG) sizeof(KERNEL_USER_TIMES) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // Need some type of interlock on KiTimeLock // SysUserTime.KernelTime.QuadPart = UInt32x32To64(Process->Pcb.KernelTime, KeMaximumIncrement); SysUserTime.UserTime.QuadPart = UInt32x32To64(Process->Pcb.UserTime, KeMaximumIncrement); SysUserTime.CreateTime = Process->CreateTime; SysUserTime.ExitTime = Process->ExitTime; ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PKERNEL_USER_TIMES) ProcessInformation = SysUserTime; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(KERNEL_USER_TIMES); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessDebugPort : // // Hack for RtlQueryProcessDebugInformation: // if length is sizeof(HANDLE)+1, return a handle // to the object so that the debugger may be temporarily // disabled by clearing and replacing the port. // if ( ProcessInformationLength != (ULONG) sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if (Process->DebugPort == NULL) { DebugPort = NULL; } else if (ProcessInformationLength == (ULONG) sizeof(HANDLE)) { DebugPort = (HANDLE)-1; } ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PHANDLE) ProcessInformation = DebugPort; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(HANDLE); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_ACCESS_VIOLATION; } return STATUS_SUCCESS; case ProcessHandleCount : if ( ProcessInformationLength != (ULONG) sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } KeWaitForSingleObject( &ObpInitKillMutant, Executive, KernelMode, FALSE, NULL ); Ht = (PHANDLE_TABLE)Process->ObjectTable; if ( Ht ) { HandleCount = Ht->HandleCount; } else { HandleCount = 0; } KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE ); ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PULONG) ProcessInformation = HandleCount; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(HANDLE); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessLdtInformation : st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } try { st = PspQueryLdtInformation( Process, ProcessInformation, ProcessInformationLength, ReturnLength ); } except(EXCEPTION_EXECUTE_HANDLER) { st = STATUS_SUCCESS; } ObDereferenceObject(Process); return st; case ProcessWx86Information : if ( ProcessInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; } Wx86Info = NULL; #ifndef i386 st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if ((ULONG_PTR)Process->VdmObjects == sizeof(WX86TIB)) { Wx86Info = Process->VdmObjects; } ObDereferenceObject(Process); #endif try { *(PHANDLE) ProcessInformation = Wx86Info; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(HANDLE); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ProcessPriorityBoost: if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } DisableBoost = Process->Pcb.DisableBoost ? 1 : 0; ObDereferenceObject(Process); try { *(PULONG)ProcessInformation = DisableBoost; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return st; case ProcessDeviceMap: DeviceMapInfo = (PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation; if ( ProcessInformationLength != sizeof(DeviceMapInfo->Query) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } st = ObQueryDeviceMapInformation( Process, DeviceMapInfo ); ObDereferenceObject(Process); return st; case ProcessSessionInformation : if ( ProcessInformationLength != (ULONG) sizeof(PROCESS_SESSION_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } SessionInfo.SessionId = Process->SessionId; ObDereferenceObject(Process); try { *(PPROCESS_SESSION_INFORMATION) ProcessInformation = SessionInfo; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(PROCESS_SESSION_INFORMATION); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return( STATUS_SUCCESS ); case ProcessPriorityClass: if ( ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } PriorityClass.Foreground = FALSE; PriorityClass.PriorityClass = Process->PriorityClass; ObDereferenceObject(Process); try { *(PPROCESS_PRIORITY_CLASS) ProcessInformation = PriorityClass; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(PROCESS_PRIORITY_CLASS); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return( STATUS_SUCCESS ); case ProcessWow64Information: if ( ProcessInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Wow64Info = 0; if (Process->Wow64Process != NULL) { Wow64Info = (ULONG_PTR)(Process->Wow64Process->Wow64); } ObDereferenceObject(Process); try { *(PULONG_PTR)ProcessInformation = Wow64Info; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG_PTR); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return( STATUS_SUCCESS ); default: return STATUS_INVALID_INFO_CLASS; } }

NTSTATUS NtQueryInformationThread (  IN HANDLE  ThreadHandle, IN THREADINFOCLASS  ThreadInformationClass, OUT PVOID  ThreadInformation, IN ULONG  ThreadInformationLength, OUT PULONG ReturnLength  OPTIONAL )

Definition at line 2706 of file psquery.c. References APC_LEVEL, EXCEPTION_EXECUTE_HANDLER, KeLowerIrql(), KeMaximumIncrement, KeQueryBasePriorityThread(), KeRaiseIrql(), KeReadStateThread(), KernelMode, KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PAGED_CODE, ProbeForWrite(), ProbeForWriteUlong, PS_GET_THREAD_CREATE_TIME, PsGetCurrentThread, PspQueryDescriptorThread(), PsThreadType, THREAD_TO_PROCESS, ThreadHandle, and _EPROCESS::ThreadListHead. Referenced by CreateWindowsWindow(), RtlCheckForOrphanedCriticalSections(), RtlDestroyQueryDebugBuffer(), RtlFreeUserThreadStack(), RtlpIOWorkerThread(), RtlpWorkerThread(), and RtlQueryProcessDebugInformation(). : This function queries the state of a thread object and returns the requested information in the specified record structure. Arguments: ThreadHandle - Supplies a handle to a thread object. ThreadInformationClass - Supplies the class of information being requested. ThreadInformation - Supplies a pointer to a record that is to receive the requested information. ThreadInformationLength - Supplies the length of the record that is to receive the requested information. ReturnLength - Supplies an optional pointer to a variable that is to receive the actual length of information that is returned. Return Value: TBS --*/ { LARGE_INTEGER PerformanceCount; PETHREAD Thread; PEPROCESS Process; ULONG LastThread; KPROCESSOR_MODE PreviousMode; NTSTATUS st; THREAD_BASIC_INFORMATION BasicInfo; KERNEL_USER_TIMES SysUserTime; PVOID Win32StartAddressValue; ULONG DisableBoost; ULONG IoPending ; KIRQL irql ; // // Get previous processor mode and probe output argument if necessary. // PAGED_CODE(); PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { try { ProbeForWrite(ThreadInformation, ThreadInformationLength, sizeof(ULONG)); if (ARGUMENT_PRESENT(ReturnLength)) { ProbeForWriteUlong(ReturnLength); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } // // Check argument validity. // switch ( ThreadInformationClass ) { case ThreadBasicInformation: if ( ThreadInformationLength != (ULONG) sizeof(THREAD_BASIC_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if (KeReadStateThread(&Thread->Tcb)) { BasicInfo.ExitStatus = Thread->ExitStatus; } else { BasicInfo.ExitStatus = STATUS_PENDING; } BasicInfo.TebBaseAddress = (PTEB) Thread->Tcb.Teb; BasicInfo.ClientId = Thread->Cid; BasicInfo.AffinityMask = Thread->Tcb.Affinity; BasicInfo.Priority = Thread->Tcb.Priority; BasicInfo.BasePriority = KeQueryBasePriorityThread(&Thread->Tcb); ObDereferenceObject(Thread); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PTHREAD_BASIC_INFORMATION) ThreadInformation = BasicInfo; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(THREAD_BASIC_INFORMATION); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ThreadTimes: if ( ThreadInformationLength != (ULONG) sizeof(KERNEL_USER_TIMES) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } SysUserTime.KernelTime.QuadPart = UInt32x32To64(Thread->Tcb.KernelTime, KeMaximumIncrement); SysUserTime.UserTime.QuadPart = UInt32x32To64(Thread->Tcb.UserTime, KeMaximumIncrement); SysUserTime.CreateTime.QuadPart = PS_GET_THREAD_CREATE_TIME(Thread); if (KeReadStateThread(&Thread->Tcb)) { SysUserTime.ExitTime = Thread->ExitTime; } else { SysUserTime.ExitTime.QuadPart = 0; } ObDereferenceObject(Thread); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PKERNEL_USER_TIMES) ThreadInformation = SysUserTime; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(KERNEL_USER_TIMES); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; case ThreadDescriptorTableEntry : st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } st = PspQueryDescriptorThread( Thread, ThreadInformation, ThreadInformationLength, ReturnLength ); ObDereferenceObject(Thread); return st; case ThreadQuerySetWin32StartAddress: if ( ThreadInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Win32StartAddressValue = Thread->Win32StartAddress; ObDereferenceObject(Thread); try { *(PVOID *) ThreadInformation = Win32StartAddressValue; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG_PTR); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return st; // // Query thread cycle counter. // case ThreadPerformanceCount: if ( ThreadInformationLength != sizeof(LARGE_INTEGER) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } PerformanceCount.LowPart = Thread->PerformanceCountLow; PerformanceCount.HighPart = Thread->PerformanceCountHigh; ObDereferenceObject(Thread); try { *(PLARGE_INTEGER)ThreadInformation = PerformanceCount; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(LARGE_INTEGER); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return st; case ThreadAmILastThread: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } Thread = PsGetCurrentThread(); Process = THREAD_TO_PROCESS(Thread); if ( (Process->ThreadListHead.Flink == Process->ThreadListHead.Blink) && (Process->ThreadListHead.Flink == &Thread->ThreadListEntry) ) { LastThread = 1; } else { LastThread = 0; } try { *(PULONG)ThreadInformation = LastThread; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return STATUS_SUCCESS; case ThreadPriorityBoost: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } DisableBoost = Thread->Tcb.DisableBoost ? 1 : 0; ObDereferenceObject(Thread); try { *(PULONG)ThreadInformation = DisableBoost; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return st; case ThreadIsIoPending: // // NB: Darryl wanted it pointed out that this is, // of course, transitory information, somewhat // lame, and better handled by tracking the number // of pending io's from usermode. // if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // Raise the IRQL so that the IrpList cannot be modified by a completion // APC. // KeRaiseIrql( APC_LEVEL, &irql ); IoPending = !IsListEmpty( &Thread->IrpList ); KeLowerIrql( irql ); ObDereferenceObject(Thread); try { *(PULONG)ThreadInformation = IoPending ; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } return STATUS_SUCCESS ; default: return STATUS_INVALID_INFO_CLASS; } }

NTSTATUS NtSetInformationProcess (  IN HANDLE  ProcessHandle, IN PROCESSINFOCLASS  ProcessInformationClass, IN PVOID  ProcessInformation, IN ULONG  ProcessInformationLength )

Definition at line 1510 of file psquery.c. References C_ASSERT(), DebugPort, DirectoryHandle, ExAcquireResourceShared, ExAllocatePool, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), ExReleaseResource, FALSE, IS_SYSTEM_THREAD, Ke386SetIOPL(), KeActiveProcessors, KeAttachProcess(), KeBoostPriorityThread(), KeDetachProcess(), KeEnterCriticalRegion, KeInitializeSpinLock(), KeLeaveCriticalRegion, KeReadStateProcess(), KernelMode, KeSetAffinityThread(), KeSetAutoAlignmentProcess(), KeSetDisableBoostThread(), KeSetPriorityProcess(), KPROCESSOR_MODE, LpcPortObjectType, MAX_WS_CATCH_INDEX, MEMORY_PRIORITY_BACKGROUND, MEMORY_PRIORITY_FOREGROUND, MmSetMemoryPriorityProcess(), NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), ObSetDeviceMap(), PAGED_CODE, ProbeForRead, PsDereferencePrimaryToken, PsGetCurrentProcess, PsLockPollOnTimeout, PsLockProcess(), PsLockReturnTimeout, PsProcessPriorityBackground, PsProcessPriorityForeground, PsProcessType, PspSetLdtInformation(), PspSetLdtSize(), PspSetPrimaryToken(), PspSetProcessIoHandlers(), PspSetQuotaLimits(), PsReferencePrimaryToken(), PsSetProcessPriorityByClass(), PsUnlockProcess(), PsWatchEnabled, SeCheckPrivilegedObject(), SeIncreaseBasePriorityPrivilege, SeSetSessionIdToken(), SeSinglePrivilegeCheck(), SeTcbPrivilege, _ETHREAD::Tcb, _KTHREAD::Teb, Token, TRUE, and WS_CATCH_SIZE. Referenced by CreateDAclToken(), LdrpInitializeProcess(), and TestTokenAssignPrimary(). : This function sets the state of a process object. Arguments: ProcessHandle - Supplies a handle to a process object. ProcessInformationClass - Supplies the class of information being set. ProcessInformation - Supplies a pointer to a record that contains the information to set. ProcessInformationLength - Supplies the length of the record that contains the information to set. Return Value: TBS --*/ { PEPROCESS Process; PETHREAD Thread; KPROCESSOR_MODE PreviousMode; NTSTATUS st; KPRIORITY BasePriority; ULONG BoostValue; ULONG DefaultHardErrorMode; PVOID DebugPort; PVOID ExceptionPort; HANDLE DebugPortHandle; BOOLEAN EnableAlignmentFaultFixup; HANDLE ExceptionPortHandle; ULONG ProbeAlignment; HANDLE PrimaryTokenHandle; BOOLEAN HasPrivilege = FALSE; BOOLEAN IsChildToken = FALSE; PLIST_ENTRY Next; UCHAR MemoryPriority; PROCESS_PRIORITY_CLASS LocalPriorityClass; PROCESS_FOREGROUND_BACKGROUND LocalForeground; HANDLE Wx86Info; KAFFINITY Affinity, AffinityWithMasks; ULONG_PTR BigAffinity; ULONG DisableBoost; BOOLEAN bDisableBoost; PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo; HANDLE DirectoryHandle; PROCESS_SESSION_INFORMATION SessionInfo; ULONG BytesCopied; PACCESS_TOKEN Token; PAGED_CODE(); // // Get previous processor mode and probe input argument if necessary. // PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { if (ProcessInformationClass == ProcessBasePriority) { ProbeAlignment = sizeof(KPRIORITY); } else if (ProcessInformationClass == ProcessEnableAlignmentFaultFixup) { ProbeAlignment = sizeof(BOOLEAN); } else if (ProcessInformationClass == ProcessForegroundInformation) { ProbeAlignment = sizeof(PROCESS_FOREGROUND_BACKGROUND); } else if (ProcessInformationClass == ProcessPriorityClass) { ProbeAlignment = sizeof(BOOLEAN); } else if (ProcessInformationClass == ProcessAffinityMask) { ProbeAlignment = sizeof (ULONG_PTR); } else { ProbeAlignment = sizeof(ULONG); } try { ProbeForRead( ProcessInformation, ProcessInformationLength, ProbeAlignment ); } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } // // Check argument validity. // switch ( ProcessInformationClass ) { case ProcessWorkingSetWatch: { PPAGEFAULT_HISTORY WorkingSetCatcher; st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } WorkingSetCatcher = ExAllocatePool(NonPagedPool,WS_CATCH_SIZE); if ( !WorkingSetCatcher ) { ObDereferenceObject(Process); return STATUS_NO_MEMORY; } PsWatchEnabled = TRUE; WorkingSetCatcher->CurrentIndex = 0; WorkingSetCatcher->MaxIndex = MAX_WS_CATCH_INDEX; st = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( st != STATUS_SUCCESS ) { ExFreePool(WorkingSetCatcher); ObDereferenceObject( Process ); return STATUS_PROCESS_IS_TERMINATING; } if ( Process->WorkingSetWatch ) { PsUnlockProcess(Process); ExFreePool(WorkingSetCatcher); ObDereferenceObject(Process); return STATUS_PORT_ALREADY_SET; } KeInitializeSpinLock(&WorkingSetCatcher->SpinLock); Process->WorkingSetWatch = WorkingSetCatcher; PsUnlockProcess(Process); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessBasePriority: { // // THIS ITEM CODE IS OBSOLETE ! // if ( ProcessInformationLength != sizeof(KPRIORITY) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { BasePriority = *(KPRIORITY *)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if ( BasePriority & 0x80000000 ) { MemoryPriority = MEMORY_PRIORITY_FOREGROUND; BasePriority &= ~0x80000000; } else { MemoryPriority = MEMORY_PRIORITY_BACKGROUND; } if ( BasePriority > HIGH_PRIORITY || BasePriority <= LOW_PRIORITY ) { return STATUS_INVALID_PARAMETER; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if ( BasePriority > Process->Pcb.BasePriority ) { // // Increasing the base priority of a process is a // privileged operation. Check for the privilege // here. // HasPrivilege = SeCheckPrivilegedObject( SeIncreaseBasePriorityPrivilege, ProcessHandle, PROCESS_SET_INFORMATION, PreviousMode ); if (!HasPrivilege) { ObDereferenceObject(Process); return STATUS_PRIVILEGE_NOT_HELD; } } KeSetPriorityProcess(&Process->Pcb,BasePriority); MmSetMemoryPriorityProcess(Process, MemoryPriority); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessPriorityClass: { if ( ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { LocalPriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if ( LocalPriorityClass.PriorityClass > PROCESS_PRIORITY_CLASS_ABOVE_NORMAL ) { return STATUS_INVALID_PARAMETER; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if ( LocalPriorityClass.PriorityClass != Process->PriorityClass && LocalPriorityClass.PriorityClass == PROCESS_PRIORITY_CLASS_REALTIME ) { // // Increasing the base priority of a process is a // privileged operation. Check for the privilege // here. // HasPrivilege = SeCheckPrivilegedObject( SeIncreaseBasePriorityPrivilege, ProcessHandle, PROCESS_SET_INFORMATION, PreviousMode ); if (!HasPrivilege) { ObDereferenceObject(Process); return STATUS_PRIVILEGE_NOT_HELD; } } // // If the process has a job object, override whatever the process // is calling with with the value from the job object // if ( Process->Job ) { KeEnterCriticalRegion(); ExAcquireResourceShared(&Process->Job->JobLock, TRUE); if ( Process->Job->LimitFlags & JOB_OBJECT_LIMIT_PRIORITY_CLASS ) { LocalPriorityClass.PriorityClass = Process->Job->PriorityClass; } ExReleaseResource(&Process->Job->JobLock); KeLeaveCriticalRegion(); } Process->PriorityClass = LocalPriorityClass.PriorityClass; PsSetProcessPriorityByClass(Process, LocalPriorityClass.Foreground ? PsProcessPriorityForeground : PsProcessPriorityBackground); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessForegroundInformation: { if ( ProcessInformationLength != sizeof(PROCESS_FOREGROUND_BACKGROUND) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { LocalForeground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } PsSetProcessPriorityByClass(Process, LocalForeground.Foreground ? PsProcessPriorityForeground : PsProcessPriorityBackground); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessRaisePriority: { // // This code is used to boost the priority of all threads // within a process. It cannot be used to change a thread into // a realtime class, or to lower the priority of a thread. The // argument is a boost value that is added to the base priority // of the specified process. // if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { BoostValue = *(PULONG)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // Get the process create/delete lock and walk through the // thread list boosting each thread. // st = PsLockProcess(Process,KernelMode,PsLockReturnTimeout); if ( st != STATUS_SUCCESS ) { ObDereferenceObject( Process ); return( st ); } Next = Process->ThreadListHead.Flink; while ( Next != &Process->ThreadListHead) { Thread = (PETHREAD)(CONTAINING_RECORD(Next,ETHREAD,ThreadListEntry)); KeBoostPriorityThread(&Thread->Tcb,(KPRIORITY)BoostValue); Next = Next->Flink; } PsUnlockProcess(Process); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessDefaultHardErrorMode: { if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { DefaultHardErrorMode = *(PULONG)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Process->DefaultHardErrorProcessing = DefaultHardErrorMode; if (DefaultHardErrorMode & PROCESS_HARDERROR_ALIGNMENT_BIT) { KeSetAutoAlignmentProcess(&Process->Pcb,TRUE); } else { KeSetAutoAlignmentProcess(&Process->Pcb,FALSE); } ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessQuotaLimits: { return PspSetQuotaLimits( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, PreviousMode ); } case ProcessDebugPort : { if ( ProcessInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { DebugPortHandle = *(PHANDLE) ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if ( DebugPortHandle ) { st = ObReferenceObjectByHandle ( DebugPortHandle, 0, LpcPortObjectType, PreviousMode, (PVOID *)&DebugPort, NULL ); if ( !NT_SUCCESS(st) ) { return st; } } else { return STATUS_INVALID_PARAMETER; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_PORT, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { if ( DebugPort ) { ObDereferenceObject(DebugPort); } return st; } // // Conditional set Process->DebugPort // if ( InterlockedCompareExchangePointer(&Process->DebugPort,DebugPort,NULL) == NULL ) { if ( (Process->ExitTime.QuadPart != 0 || KeReadStateProcess(&Process->Pcb) != FALSE) ) { DebugPort = InterlockedExchangePointer(&Process->DebugPort,NULL); if ( DebugPort ) { ObDereferenceObject(DebugPort); } ObDereferenceObject( Process ); return STATUS_PROCESS_IS_TERMINATING; } } else { ObDereferenceObject(Process); ObDereferenceObject(DebugPort); return STATUS_PORT_ALREADY_SET; } KeAttachProcess (&Process->Pcb); if (Process->Peb != NULL) { Process->Peb->BeingDebugged = (BOOLEAN)(Process->DebugPort != NULL ? TRUE : FALSE); #if defined(_WIN64) if (Process->Wow64Process != NULL) { PPEB32 Peb32 = (PPEB32)Process->Wow64Process->Wow64; if (Peb32 != NULL) { Peb32->BeingDebugged = Process->Peb->BeingDebugged; } } #endif } KeDetachProcess(); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessExceptionPort : { if ( ProcessInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { ExceptionPortHandle = *(PHANDLE) ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle ( ExceptionPortHandle, 0, LpcPortObjectType, PreviousMode, (PVOID *)&ExceptionPort, NULL ); if ( !NT_SUCCESS(st) ) { return st; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_PORT, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { ObDereferenceObject(ExceptionPort); return st; } st = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( st != STATUS_SUCCESS ) { ObDereferenceObject(ExceptionPort); ObDereferenceObject( Process ); return STATUS_PROCESS_IS_TERMINATING; } if ( Process->ExceptionPort ) { ObDereferenceObject(Process); ObDereferenceObject(ExceptionPort); PsUnlockProcess(Process); return STATUS_PORT_ALREADY_SET; } else { Process->ExceptionPort = ExceptionPort; } PsUnlockProcess(Process); ObDereferenceObject(Process); return STATUS_SUCCESS; } case ProcessAccessToken : { if ( ProcessInformationLength != sizeof(PROCESS_ACCESS_TOKEN) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { PrimaryTokenHandle = ((PROCESS_ACCESS_TOKEN *)ProcessInformation)->Token; // OnlyThread field of this structure is obsolete. } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = PspSetPrimaryToken( ProcessHandle, PrimaryTokenHandle, NULL ); return st; } case ProcessLdtInformation: st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION | PROCESS_VM_WRITE, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } try { st = PspSetLdtInformation( Process, ProcessInformation, ProcessInformationLength ); } except (EXCEPTION_EXECUTE_HANDLER) { st = STATUS_SUCCESS; } ObDereferenceObject(Process); return st; case ProcessLdtSize: st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION | PROCESS_VM_WRITE, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } try { st = PspSetLdtSize( Process, ProcessInformation, ProcessInformationLength ); } except(EXCEPTION_EXECUTE_HANDLER) { st = GetExceptionCode(); } ObDereferenceObject(Process); return st; case ProcessIoPortHandlers: st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } st = PspSetProcessIoHandlers( Process, ProcessInformation, ProcessInformationLength ); ObDereferenceObject(Process); return st; case ProcessUserModeIOPL: // // Must make sure the caller is a trusted subsystem with the // appropriate privilege level before executing this call. // If the calls returns FALSE we must return an error code. // if (!SeSinglePrivilegeCheck(RtlConvertLongToLuid( SE_TCB_PRIVILEGE), PreviousMode )) { return STATUS_PRIVILEGE_NOT_HELD; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( NT_SUCCESS(st) ) { #ifdef i386 Ke386SetIOPL(&Process->Pcb); #endif ObDereferenceObject(Process); } return st; // // Enable/disable auto-alignment fixup for a process and all its threads. // case ProcessEnableAlignmentFaultFixup: if ( ProcessInformationLength != sizeof(BOOLEAN) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { EnableAlignmentFaultFixup = *(PBOOLEAN)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if ( EnableAlignmentFaultFixup ) { Process->DefaultHardErrorProcessing |= PROCESS_HARDERROR_ALIGNMENT_BIT; } else { Process->DefaultHardErrorProcessing &= ~PROCESS_HARDERROR_ALIGNMENT_BIT; } KeSetAutoAlignmentProcess( &(Process->Pcb), EnableAlignmentFaultFixup ); ObDereferenceObject(Process); return STATUS_SUCCESS; #ifndef i386 case ProcessWx86Information : if ( ProcessInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { Wx86Info = *(PHANDLE) ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if (!NT_SUCCESS(st)) { return st; } // // If Wx86Info == sizeof(WX86TIB) then process is becoming a wx86 process. // If Wx86Info == 0 then process is no longer a Wx86 process. // if ((ULONG_PTR)Wx86Info != sizeof(WX86TIB)) { if ((ULONG_PTR)Wx86Info != 0 || Process != PsGetCurrentProcess()) { ObDereferenceObject( Process ); return STATUS_INVALID_PARAMETER; } Wx86Info = NULL; } Process->VdmObjects = Wx86Info; // // Clean out all of the x86 stacks, this allows dynamic wx86 // to operate with less memory when wx86 is not loaded. // if (Wx86Info == NULL) { NTSTATUS xst; PTEB Teb; PLIST_ENTRY Next; PWX86TIB Wx86Tib; PVOID BaseAddress; SIZE_T StackSize; st = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( st != STATUS_SUCCESS ) { ObDereferenceObject(Process); return STATUS_PROCESS_IS_TERMINATING; } Next = Process->ThreadListHead.Flink; while ( Next != &Process->ThreadListHead) { Thread = (PETHREAD)(CONTAINING_RECORD(Next,ETHREAD,ThreadListEntry)); if ( !IS_SYSTEM_THREAD(Thread) ) { if ( Thread->Tcb.Teb ) { Teb = (PTEB)Thread->Tcb.Teb; try { Wx86Tib = Teb->Vdm; Teb->Vdm = 0; ProbeForRead(Wx86Tib, sizeof(WX86TIB), sizeof(ULONG)); if (Wx86Tib && Wx86Tib->Size == sizeof(WX86TIB)) { StackSize = 0; BaseAddress = Wx86Tib->DeallocationStack; ZwFreeVirtualMemory(ProcessHandle, &BaseAddress, &StackSize, MEM_RELEASE ); if (Teb->Wx86Thread.DeallocationCpu) { BaseAddress = Teb->Wx86Thread.DeallocationCpu; Teb->Wx86Thread.DeallocationCpu = 0; StackSize = 0; st = ZwFreeVirtualMemory(ProcessHandle, &BaseAddress, &StackSize, MEM_RELEASE ); } } } except(EXCEPTION_EXECUTE_HANDLER) { ; } } } Next = Next->Flink; } PsUnlockProcess(Process); } ObDereferenceObject(Process); return STATUS_SUCCESS; #endif case ProcessAffinityMask: #ifdef _WIN64 if ( ProcessInformationLength != sizeof(ULONG_PTR) ) { // // Remove this ifdef when KAFFINITY is made 64 bits. // C_ASSERT(sizeof(KAFFINITY) != sizeof(ULONG_PTR) ); return STATUS_INFO_LENGTH_MISMATCH; } #else if ( ProcessInformationLength != sizeof(KAFFINITY) ) { return STATUS_INFO_LENGTH_MISMATCH; } #endif try { BigAffinity = *(PULONG_PTR)ProcessInformation; Affinity = (KAFFINITY)BigAffinity; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } AffinityWithMasks = Affinity & KeActiveProcessors; if ( !Affinity || ( AffinityWithMasks != Affinity ) ) { return STATUS_INVALID_PARAMETER; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // If the process has a job object, override whatever the process // is calling with with the value from the job object // if ( Process->Job ) { KeEnterCriticalRegion(); ExAcquireResourceShared(&Process->Job->JobLock, TRUE); if ( Process->Job->LimitFlags & JOB_OBJECT_LIMIT_AFFINITY ) { AffinityWithMasks = Process->Job->Affinity; } ExReleaseResource(&Process->Job->JobLock); KeLeaveCriticalRegion(); } { NTSTATUS xst; PLIST_ENTRY Next; PETHREAD OriginalThread; // // the following allows this api to properly if // called while the exiting process is blocked holding the // createdeletelock. This can happen during debugger/server // lpc transactions that occur in pspexitthread // xst = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( xst != STATUS_SUCCESS ) { ObDereferenceObject( Process ); return STATUS_PROCESS_IS_TERMINATING; } Process->Pcb.Affinity = AffinityWithMasks; Next = Process->ThreadListHead.Flink; while ( Next != &Process->ThreadListHead) { Thread = (PETHREAD)(CONTAINING_RECORD(Next,ETHREAD,ThreadListEntry)); KeSetAffinityThread(&Thread->Tcb,AffinityWithMasks); Next = Next->Flink; } PsUnlockProcess(Process); } ObDereferenceObject(Process); return STATUS_SUCCESS; case ProcessPriorityBoost: if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { DisableBoost = *(PULONG)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } bDisableBoost = (DisableBoost ? TRUE : FALSE); st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } { NTSTATUS xst; PLIST_ENTRY Next; PETHREAD OriginalThread; // // the following allows this api to properly if // called while the exiting process is blocked holding the // createdeletelock. This can happen during debugger/server // lpc transactions that occur in pspexitthread // xst = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( xst != STATUS_SUCCESS ) { ObDereferenceObject( Process ); return STATUS_PROCESS_IS_TERMINATING; } Process->Pcb.DisableBoost = bDisableBoost; Next = Process->ThreadListHead.Flink; while ( Next != &Process->ThreadListHead) { Thread = (PETHREAD)(CONTAINING_RECORD(Next,ETHREAD,ThreadListEntry)); KeSetDisableBoostThread(&Thread->Tcb,bDisableBoost); Next = Next->Flink; } PsUnlockProcess(Process); } ObDereferenceObject(Process); return STATUS_SUCCESS; case ProcessDeviceMap: DeviceMapInfo = (PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation; if ( ProcessInformationLength != sizeof(DeviceMapInfo->Set) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { DirectoryHandle = DeviceMapInfo->Set.DirectoryHandle; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // the following allows this api to properly if // called while the exiting process is blocked holding the // createdeletelock. This can happen during debugger/server // lpc transactions that occur in pspexitthread // st = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( st != STATUS_SUCCESS ) { ObDereferenceObject( Process ); return STATUS_PROCESS_IS_TERMINATING; } st = ObSetDeviceMap( Process, DirectoryHandle ); PsUnlockProcess(Process); ObDereferenceObject(Process); return st; case ProcessSessionInformation : // // Update Multi-User session specific process information // if ( ProcessInformationLength != (ULONG) sizeof(PROCESS_SESSION_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { SessionInfo = *(PPROCESS_SESSION_INFORMATION) ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } // // We only allow TCB to set SessionId's // if ( !SeSinglePrivilegeCheck(SeTcbPrivilege,PreviousMode) ) { return( STATUS_PRIVILEGE_NOT_HELD ); } // // Reference process object // st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION | PROCESS_SET_SESSIONID, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // Update SessionId in the Token // Token = PsReferencePrimaryToken( Process ); SeSetSessionIdToken( Token, SessionInfo.SessionId ); PsDereferencePrimaryToken( Token ); // // Update process SessionId // Process->SessionId = SessionInfo.SessionId; st = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( st != STATUS_SUCCESS ) { ObDereferenceObject(Process); return STATUS_PROCESS_IS_TERMINATING; } // // Check if the Peb is NULL . System processes don't have a PEB // if (Process->Peb != NULL) { KeAttachProcess (&Process->Pcb); // // Update SessionId in PEB // Process->Peb->SessionId = Process->SessionId; KeDetachProcess(); } PsUnlockProcess(Process); ObDereferenceObject(Process); return( st ); default: return STATUS_INVALID_INFO_CLASS; } }

NTSTATUS NtSetInformationThread (  IN HANDLE  ThreadHandle, IN THREADINFOCLASS  ThreadInformationClass, IN PVOID  ThreadInformation, IN ULONG  ThreadInformationLength )

Definition at line 3103 of file psquery.c. References _KPROCESS::Affinity, EXCEPTION_EXECUTE_HANDLER, ExpDefaultErrorPortProcess, FALSE, IS_SYSTEM_THREAD, _EPROCESS::Job, KernelMode, KeSetAffinityThread(), KeSetAutoAlignmentThread(), KeSetBasePriorityThread(), KeSetDisableBoostThread(), KeSetIdealProcessorThread(), KeSetPriorityThread(), KPROCESSOR_MODE, _EJOB::LimitFlags, MAXIMUM_PROCESSORS, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PAGED_CODE, _EPROCESS::Pcb, PEEVENT_PAIR, _EPROCESS::PriorityClass, ProbeAndReadLong, ProbeAndWriteLong, ProbeForRead, PsAssignImpersonationToken(), PsGetCurrentProcess, PsGetCurrentThread, PsLockPollOnTimeout, PsLockProcess(), PsThreadType, PsUnlockProcess(), SeCheckPrivilegedObject(), SeIncreaseBasePriorityPrivilege, THREAD_TO_PROCESS, ThreadHandle, _EPROCESS::ThreadListHead, TRUE, and _EPROCESS::Wow64Process. Referenced by CreateDAclToken(), InternalCreateCallbackThread(), MemPrintWriteThread(), NotificationThread(), RtlImpersonateSelf(), RtlQueryProcessDebugInformation(), SepServerRevertToSelf(), TestTokenImpersonation(), W32WinStationDoConnect(), and WinStationAPIInit(). : This function sets the state of a thread object. Arguments: ThreadHandle - Supplies a handle to a thread object. ThreadInformationClass - Supplies the class of information being set. ThreadInformation - Supplies a pointer to a record that contains the information to set. ThreadInformationLength - Supplies the length of the record that contains the information to set. Return Value: TBS --*/ { PEEVENT_PAIR EventPair; HANDLE EventPairHandle; PETHREAD Thread; PEPROCESS Process; KPROCESSOR_MODE PreviousMode; NTSTATUS st; KAFFINITY Affinity, AffinityWithMasks; ULONG_PTR BigAffinity; KPRIORITY Priority; LONG BasePriority; ULONG TlsIndex; PVOID TlsArrayAddress; PVOID Win32StartAddressValue; ULONG ProbeAlignment; BOOLEAN EnableAlignmentFaultFixup; ULONG IdealProcessor; ULONG DisableBoost; PVOID *ExpansionSlots; HANDLE ImpersonationTokenHandle; BOOLEAN HasPrivilege; PAGED_CODE(); // // Get previous processor mode and probe input argument if necessary. // PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { try { switch (ThreadInformationClass) { case ThreadPriority : ProbeAlignment = sizeof(KPRIORITY); break; case ThreadAffinityMask : case ThreadQuerySetWin32StartAddress : ProbeAlignment = sizeof (ULONG_PTR); break; case ThreadEnableAlignmentFaultFixup : ProbeAlignment = sizeof (BOOLEAN); break; default : ProbeAlignment = sizeof(ULONG); } ProbeForRead( ThreadInformation, ThreadInformationLength, ProbeAlignment ); } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } } // // Check argument validity. // switch ( ThreadInformationClass ) { case ThreadPriority: if ( ThreadInformationLength != sizeof(KPRIORITY) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { Priority = *(KPRIORITY *)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if ( Priority > HIGH_PRIORITY || Priority <= LOW_PRIORITY ) { return STATUS_INVALID_PARAMETER; } if ( Priority >= LOW_REALTIME_PRIORITY ) { // // Increasing the priority of a thread beyond // LOW_REALTIME_PRIORITY is a privileged operation. // HasPrivilege = SeCheckPrivilegedObject( SeIncreaseBasePriorityPrivilege, ThreadHandle, THREAD_SET_INFORMATION, PreviousMode ); if (!HasPrivilege) { return STATUS_PRIVILEGE_NOT_HELD; } } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Process = THREAD_TO_PROCESS(Thread); KeSetPriorityThread(&Thread->Tcb,Priority); ObDereferenceObject(Thread); return STATUS_SUCCESS; case ThreadBasePriority: if ( ThreadInformationLength != sizeof(LONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { BasePriority = *(PLONG)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Process = THREAD_TO_PROCESS(Thread); if ( BasePriority > THREAD_BASE_PRIORITY_MAX || BasePriority < THREAD_BASE_PRIORITY_MIN ) { if ( BasePriority == THREAD_BASE_PRIORITY_LOWRT+1 || BasePriority == THREAD_BASE_PRIORITY_IDLE-1 ) { ; } else { // // Allow csrss, or realtime processes to select any // priority // if ( PsGetCurrentProcess() == ExpDefaultErrorPortProcess || Process->PriorityClass == PROCESS_PRIORITY_CLASS_REALTIME ){ ; } else { ObDereferenceObject(Thread); return STATUS_INVALID_PARAMETER; } } } // // If the thread is running within a job object, and the job // object has a priority class limit, do not allow // priority adjustments that raise the thread's priority, unless // the priority class is realtime // if ( Process->Job && (Process->Job->LimitFlags & JOB_OBJECT_LIMIT_PRIORITY_CLASS) ) { if ( Process->PriorityClass != PROCESS_PRIORITY_CLASS_REALTIME ){ if ( BasePriority > 0 ) { ObDereferenceObject(Thread); return STATUS_SUCCESS; } } } KeSetBasePriorityThread(&Thread->Tcb,BasePriority); ObDereferenceObject(Thread); return STATUS_SUCCESS; case ThreadEnableAlignmentFaultFixup: if ( ThreadInformationLength != sizeof(BOOLEAN) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { EnableAlignmentFaultFixup = *(PBOOLEAN)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } KeSetAutoAlignmentThread( &(Thread->Tcb), EnableAlignmentFaultFixup ); ObDereferenceObject(Thread); return STATUS_SUCCESS; case ThreadAffinityMask: if ( ThreadInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { BigAffinity = *(ULONG_PTR *) ThreadInformation; Affinity = (KAFFINITY) BigAffinity; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if ( !Affinity ) { return STATUS_INVALID_PARAMETER; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Process = THREAD_TO_PROCESS(Thread); // // the following allows this api to properly if // called while the exiting process is blocked holding the // createdeletelock. This can happen during debugger/server // lpc transactions that occur in pspexitthread // st = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( st != STATUS_SUCCESS ) { ObDereferenceObject(Thread); return STATUS_PROCESS_IS_TERMINATING; } AffinityWithMasks = Affinity & Process->Pcb.Affinity; if ( AffinityWithMasks != Affinity ) { st = STATUS_INVALID_PARAMETER; } else { KeSetAffinityThread( &Thread->Tcb, AffinityWithMasks ); st = STATUS_SUCCESS; } PsUnlockProcess(Process); ObDereferenceObject(Thread); return st; case ThreadImpersonationToken: if ( ThreadInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { ImpersonationTokenHandle = *(PHANDLE) ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_THREAD_TOKEN, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // Check for proper access to (and type of) the token, and assign // it as the thread's impersonation token. // st = PsAssignImpersonationToken( Thread, ImpersonationTokenHandle ); ObDereferenceObject(Thread); return st; case ThreadQuerySetWin32StartAddress: if ( ThreadInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { Win32StartAddressValue = *(PVOID *) ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Thread->Win32StartAddress = (PVOID)Win32StartAddressValue; ObDereferenceObject(Thread); return st; case ThreadIdealProcessor: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { IdealProcessor = *(PULONG)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if ( IdealProcessor > MAXIMUM_PROCESSORS ) { return STATUS_INVALID_PARAMETER; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } // // this is sort of a slimey way of returning info from this set only // api // st = (NTSTATUS)KeSetIdealProcessorThread(&Thread->Tcb,(CCHAR)IdealProcessor); ObDereferenceObject(Thread); return st; case ThreadPriorityBoost: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { DisableBoost = *(PULONG)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } KeSetDisableBoostThread(&Thread->Tcb,DisableBoost ? TRUE : FALSE); ObDereferenceObject(Thread); return st; case ThreadZeroTlsCell: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { TlsIndex = *(PULONG) ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if ( Thread != PsGetCurrentThread() ) { ObDereferenceObject( Thread ); return STATUS_INVALID_PARAMETER; } { NTSTATUS xst; PTEB Teb; PLIST_ENTRY Next; PETHREAD OriginalThread; OriginalThread = Thread; Process = THREAD_TO_PROCESS(Thread); // // the following allows this api to properly if // called while the exiting process is blocked holding the // createdeletelock. This can happen during debugger/server // lpc transactions that occur in pspexitthread // xst = PsLockProcess(Process,PreviousMode,PsLockPollOnTimeout); if ( xst != STATUS_SUCCESS ) { ObDereferenceObject( OriginalThread ); return STATUS_PROCESS_IS_TERMINATING; } // The 32bit TEB needs to be set if this is a WOW64 process on a 64BIT system. // This code isn't 100% correct since threads have a conversion state where they // are chaning from 64 to 32 and they don't have a TEB32 yet. Fortunatly, the slots // will be zero when the thread is created so no damage is done by not clearing it here. // Note that the test for the process type is inside the inner loop. This // is bad programming, but this function is hardly time constrained and // fixing this with complex macros would not be worth it due to the loss of clairity. Next = Process->ThreadListHead.Flink; while ( Next != &Process->ThreadListHead) { Thread = (PETHREAD)(CONTAINING_RECORD(Next,ETHREAD,ThreadListEntry)); if ( !IS_SYSTEM_THREAD(Thread) ) { if ( Thread->Tcb.Teb ) { Teb = (PTEB)Thread->Tcb.Teb; if ( TlsIndex > TLS_MINIMUM_AVAILABLE-1 ) { if ( TlsIndex < (TLS_MINIMUM_AVAILABLE+TLS_EXPANSION_SLOTS) - 1 ) { // // This is an expansion slot, so see if the thread // has an expansion cell // try { #if defined(_WIN64) if (Process->Wow64Process) { //Wow64 process. PTEB32 Teb32; PLONG ExpansionSlots32; Teb32 = WOW64_GET_TEB32(Teb); //No probing needed on regular TEB. if (Teb32) { ExpansionSlots32 = ULongToPtr(ProbeAndReadLong(&(Teb32->TlsExpansionSlots))); if (ExpansionSlots32) { ProbeAndWriteLong(ExpansionSlots32 + TlsIndex - TLS_MINIMUM_AVAILABLE, 0); } } } else #endif { ExpansionSlots = Teb->TlsExpansionSlots; ProbeForRead(ExpansionSlots,TLS_EXPANSION_SLOTS*4,8); if ( ExpansionSlots ) { ExpansionSlots[TlsIndex-TLS_MINIMUM_AVAILABLE] = 0; } } } except(EXCEPTION_EXECUTE_HANDLER) { ; } } } else { try { #if defined(_WIN64) if (Process->Wow64Process) { //wow64 process PTEB32 Teb32; Teb32 = WOW64_GET_TEB32(Teb); //No probing needed on regular TEB. if(Teb32) { ProbeAndWriteLong(Teb32->TlsSlots + TlsIndex, 0); } } else #endif { Teb->TlsSlots[TlsIndex] = NULL; } } except(EXCEPTION_EXECUTE_HANDLER) { ; } } } } Next = Next->Flink; } PsUnlockProcess(Process); ObDereferenceObject(OriginalThread); } return st; break; case ThreadSetTlsArrayAddress: if ( ThreadInformationLength != sizeof(PVOID) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { TlsArrayAddress = *(PVOID *)ThreadInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Thread->Tcb.TlsArray = TlsArrayAddress; #if defined(_MIPS_) if (Thread == PsGetCurrentThread()) { PCR->TlsArray = TlsArrayAddress; } #endif ObDereferenceObject(Thread); return st; break; case ThreadHideFromDebugger: if ( ThreadInformationLength != 0 ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; } Thread->HideFromDebugger = TRUE; ObDereferenceObject(Thread); return st; break; default: return STATUS_INVALID_INFO_CLASS; } }

NTSTATUS PsConvertToGuiThread (  VOID   )

Definition at line 3964 of file psquery.c. References ASSERT, FALSE, KernelMode, KeServiceDescriptorTable, KeServiceDescriptorTableShadow, KeSwitchKernelStack(), _KTHREAD::LargeStack, MmCreateKernelStack(), MmDeleteKernelStack(), NT_SUCCESS, NTSTATUS(), PAGED_CODE, PERFINFO_CONVERT_TO_GUI_THREAD, PsGetCurrentProcess, PsGetCurrentThread, PspW32ProcessCallout, PspW32ThreadCallout, PsW32ThreadCalloutInitialize, _KTHREAD::ServiceTable, Status, _ETHREAD::Tcb, TRUE, and _KTHREAD::Win32Thread. 03970 : 03971 03972 This function converts a thread to a GUI thread. This involves giving the 03973 thread a larger variable sized stack, and allocating appropriate w32 03974 thread and process objects. 03975 03976 Arguments: 03977 03978 None. 03979 03980 Environment: 03981 03982 On x86 this function needs to build an EBP frame. The function 03983 KeSwitchKernelStack depends on this fact. The '#pragma optimize 03984 ("y",off)' below disables frame pointer omission for all builds. 03985 Note that this modification to the optimizations being 03986 performed is from this point in the source module below. 03987 03988 Return Value: 03989 03990 TBD 03991 03992 --*/ 03993 03994 #if defined(i386) 03995 #pragma optimize ("y",off) 03996 #endif 03997 03998 { 03999 PVOID NewStack; 04000 PVOID OldStack; 04001 PETHREAD Thread; 04002 PEPROCESS Process; 04003 NTSTATUS Status; 04004 04005 PAGED_CODE(); 04006 04007 if (KeGetPreviousMode() == KernelMode) { 04008 return STATUS_INVALID_PARAMETER; 04009 } 04010 04011 if ( !PspW32ProcessCallout ) { 04012 return STATUS_ACCESS_DENIED; 04013 } 04014 04015 04016 Thread = PsGetCurrentThread(); 04017 04018 // 04019 // If the thread is using the shadow service table, then an attempt is 04020 // being made to convert a thread that has already been converted, or 04021 // a limit violation has occured on the Win32k system service table. 04022 // 04023 04024 if ( Thread->Tcb.ServiceTable != (PVOID)&KeServiceDescriptorTable[0] ) { 04025 return STATUS_ALREADY_WIN32; 04026 } 04027 04028 Process = PsGetCurrentProcess(); 04029 04030 // 04031 // Get a larger kernel stack if we haven't already. 04032 // 04033 04034 if ( !Thread->Tcb.LargeStack ) { 04035 04036 NewStack = MmCreateKernelStack(TRUE); 04037 04038 if ( !NewStack ) { 04039 04040 NtCurrentTeb()->LastErrorValue = (LONG)ERROR_NOT_ENOUGH_MEMORY; 04041 04042 return STATUS_NO_MEMORY; 04043 } 04044 04045 #if defined(_IA64_) 04046 OldStack = KeSwitchKernelStack(NewStack, 04047 (UCHAR *)NewStack - KERNEL_LARGE_STACK_COMMIT, 04048 (UCHAR *)NewStack + KERNEL_LARGE_BSTORE_COMMIT); 04049 #else 04050 OldStack = KeSwitchKernelStack(NewStack, 04051 (UCHAR *)NewStack - KERNEL_LARGE_STACK_COMMIT); 04052 #endif // defined(_IA64_) 04053 04054 MmDeleteKernelStack(OldStack, FALSE); 04055 04056 } 04057 04058 PERFINFO_CONVERT_TO_GUI_THREAD(Thread); 04059 04060 // 04061 // We are all clean on the stack, now call out and then link the Win32 structures 04062 // to the base exec structures 04063 // 04064 04065 Status = (PspW32ProcessCallout)(Process,TRUE); 04066 04067 if ( !NT_SUCCESS(Status) ) { 04068 return Status; 04069 } 04070 04071 // 04072 // Switch the thread to use the shadow system serive table which will 04073 // enable it to execute Win32k services. 04074 // 04075 04076 Thread->Tcb.ServiceTable = (PVOID)&KeServiceDescriptorTableShadow[0]; 04077 04078 ASSERT( Thread->Tcb.Win32Thread == 0 ); 04079 04080 04081 // 04082 // Make the thread callout. 04083 // 04084 04085 Status = (PspW32ThreadCallout)(Thread,PsW32ThreadCalloutInitialize); 04086 if ( !NT_SUCCESS(Status) ) { 04087 Thread->Tcb.ServiceTable = (PVOID)&KeServiceDescriptorTable[0]; 04088 } 04089 04090 return Status; 04091 04092 } }

NTKERNELAPI VOID PsEstablishWin32Callouts (  IN PKWIN32_PROCESS_CALLOUT  ProcessCallout, IN PKWIN32_THREAD_CALLOUT  ThreadCallout, IN PKWIN32_GLOBALATOMTABLE_CALLOUT  GlobalAtomTableCallout, IN PKWIN32_POWEREVENT_CALLOUT  PowerEventCallout, IN PKWIN32_POWERSTATE_CALLOUT  PowerStateCallout, IN PKWIN32_JOB_CALLOUT  JobCallout, IN PVOID  BatchFlushRoutine )

Definition at line 3855 of file psquery.c. References ExGlobalAtomTableCallout, KeGdiFlushUserBatch, PAGED_CODE, PGDI_BATCHFLUSH_ROUTINE, PopEventCallout, PopStateCallout, PspW32JobCallout, PspW32ProcessCallout, and PspW32ThreadCallout. : This function is used by the Win32 kernel mode component to register callout functions for process/thread init/deinit functions and to report the sizes of the structures. Arguments: ProcessCallout - Supplies the address of the function to be called when a process is either created or deleted. ThreadCallout - Supplies the address of the function to be called when a thread is either created or deleted. GlobalAtomTableCallout - Supplies the address of the function to be called to get the correct global atom table for the current process PowerEventCallout - Supplies the address of a function to be called when a power event occurs. PowerStateCallout - Supplies the address of a function to be called when the power state changes. JobCallout - Supplies the address of a function to be called when the job state changes or a process is assigned to a job. BatchFlushRoutine - Supplies the address of the function to be called Return Value: None. --*/ { PAGED_CODE(); PspW32ProcessCallout = ProcessCallout; PspW32ThreadCallout = ThreadCallout; ExGlobalAtomTableCallout = GlobalAtomTableCallout; KeGdiFlushUserBatch = (PGDI_BATCHFLUSH_ROUTINE)BatchFlushRoutine; PopEventCallout = PowerEventCallout; PopStateCallout = PowerStateCallout; PspW32JobCallout = JobCallout; // PoSetSystemState(ES_SYSTEM_REQUIRED); }

NTSTATUS PspQueryPooledQuotaLimits (  IN HANDLE  ProcessHandle, IN PROCESSINFOCLASS  ProcessInformationClass, OUT PVOID  ProcessInformation, IN ULONG  ProcessInformationLength, OUT PULONG ReturnLength  OPTIONAL, IN KPROCESSOR_MODE  PreviousMode )

Definition at line 291 of file psquery.c. References EXCEPTION_EXECUTE_HANDLER, ExPageLockHandle, MmLockPagableSectionByHandle(), MmUnlockPagableImageSection(), NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PagedPool, _EPROCESS_QUOTA_BLOCK::PagefileLimit, _EPROCESS_QUOTA_BLOCK::PagefileUsage, _EPROCESS_QUOTA_BLOCK::PeakPagefileUsage, PsProcessType, _EPROCESS_QUOTA_BLOCK::QuotaLock, _EPROCESS_QUOTA_BLOCK::QuotaPeakPoolUsage, _EPROCESS_QUOTA_BLOCK::QuotaPoolLimit, and _EPROCESS_QUOTA_BLOCK::QuotaPoolUsage. Referenced by NtQueryInformationProcess(). { PEPROCESS Process; KIRQL OldIrql; NTSTATUS st; PEPROCESS_QUOTA_BLOCK QuotaBlock; POOLED_USAGE_AND_LIMITS UsageAndLimits; if ( ProcessInformationLength != (ULONG) sizeof(POOLED_USAGE_AND_LIMITS) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } QuotaBlock = Process->QuotaBlock; MmLockPagableSectionByHandle(ExPageLockHandle); ExAcquireSpinLock(&QuotaBlock->QuotaLock,&OldIrql); UsageAndLimits.PagedPoolLimit = QuotaBlock->QuotaPoolLimit[PagedPool]; UsageAndLimits.NonPagedPoolLimit = QuotaBlock->QuotaPoolLimit[NonPagedPool]; UsageAndLimits.PagefileLimit = QuotaBlock->PagefileLimit; UsageAndLimits.PagedPoolUsage = QuotaBlock->QuotaPoolUsage[PagedPool]; UsageAndLimits.NonPagedPoolUsage = QuotaBlock->QuotaPoolUsage[NonPagedPool]; UsageAndLimits.PagefileUsage = QuotaBlock->PagefileUsage; UsageAndLimits.PeakPagedPoolUsage = QuotaBlock->QuotaPeakPoolUsage[PagedPool]; UsageAndLimits.PeakNonPagedPoolUsage = QuotaBlock->QuotaPeakPoolUsage[NonPagedPool]; UsageAndLimits.PeakPagefileUsage = QuotaBlock->PeakPagefileUsage; ExReleaseSpinLock(&QuotaBlock->QuotaLock,OldIrql); MmUnlockPagableImageSection(ExPageLockHandle); ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PPOOLED_USAGE_AND_LIMITS) ProcessInformation = UsageAndLimits; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(POOLED_USAGE_AND_LIMITS); } } except(EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; } return STATUS_SUCCESS; }

NTSTATUS PspQueryQuotaLimits (  IN HANDLE  ProcessHandle, IN PROCESSINFOCLASS  ProcessInformationClass, OUT PVOID  ProcessInformation, IN ULONG  ProcessInformationLength, OUT PULONG ReturnLength  OPTIONAL, IN KPROCESSOR_MODE  PreviousMode )

Definition at line 209 of file psquery.c. References EXCEPTION_EXECUTE_HANDLER, ExPageLockHandle, MmLockPagableSectionByHandle(), MmUnlockPagableImageSection(), NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PAGE_SHIFT, PagedPool, _EPROCESS_QUOTA_BLOCK::PagefileLimit, PspDefaultQuotaBlock, PsProcessType, _EPROCESS_QUOTA_BLOCK::QuotaLock, and _EPROCESS_QUOTA_BLOCK::QuotaPoolLimit. Referenced by NtQueryInformationProcess(). { QUOTA_LIMITS QuotaLimits; PEPROCESS Process; KIRQL OldIrql; NTSTATUS st; PEPROCESS_QUOTA_BLOCK QuotaBlock; if ( ProcessInformationLength != (ULONG) sizeof(QUOTA_LIMITS) ) { return STATUS_INFO_LENGTH_MISMATCH; } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } QuotaBlock = Process->QuotaBlock; MmLockPagableSectionByHandle(ExPageLockHandle); if ( QuotaBlock != &PspDefaultQuotaBlock ) { ExAcquireSpinLock(&QuotaBlock->QuotaLock,&OldIrql); QuotaLimits.PagedPoolLimit = QuotaBlock->QuotaPoolLimit[PagedPool]; QuotaLimits.NonPagedPoolLimit = QuotaBlock->QuotaPoolLimit[NonPagedPool]; QuotaLimits.PagefileLimit = QuotaBlock->PagefileLimit; QuotaLimits.TimeLimit.LowPart = 0xffffffff; QuotaLimits.TimeLimit.HighPart = 0xffffffff; ExReleaseSpinLock(&QuotaBlock->QuotaLock,OldIrql); } else { QuotaLimits.PagedPoolLimit = (SIZE_T)-1; QuotaLimits.NonPagedPoolLimit = (SIZE_T)-1; QuotaLimits.PagefileLimit = (SIZE_T)-1; QuotaLimits.TimeLimit.LowPart = 0xffffffff; QuotaLimits.TimeLimit.HighPart = 0xffffffff; } QuotaLimits.MinimumWorkingSetSize = Process->Vm.MinimumWorkingSetSize << PAGE_SHIFT; QuotaLimits.MaximumWorkingSetSize = Process->Vm.MaximumWorkingSetSize << PAGE_SHIFT; ObDereferenceObject(Process); // // Either of these may cause an access violation. The // exception handler will return access violation as // status code. No further cleanup needs to be done. // try { *(PQUOTA_LIMITS) ProcessInformation = QuotaLimits; if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(QUOTA_LIMITS); } } except(EXCEPTION_EXECUTE_HANDLER) { ; } MmUnlockPagableImageSection(ExPageLockHandle); return STATUS_SUCCESS; }

NTSTATUS PspQueryWorkingSetWatch (  IN HANDLE  ProcessHandle, IN PROCESSINFOCLASS  ProcessInformationClass, OUT PVOID  ProcessInformation, IN ULONG  ProcessInformationLength, OUT PULONG ReturnLength  OPTIONAL, IN KPROCESSOR_MODE  PreviousMode )

Definition at line 113 of file psquery.c. References EXCEPTION_EXECUTE_HANDLER, ExPageLockHandle, MAX_WS_CATCH_INDEX, MmLockPagableSectionByHandle(), MmUnlockPagableImageSection(), NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), and PsProcessType. Referenced by NtQueryInformationProcess(). { PPAGEFAULT_HISTORY WorkingSetCatcher; ULONG SpaceNeeded; PEPROCESS Process; KIRQL OldIrql; NTSTATUS st; st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } if ( !(WorkingSetCatcher = Process->WorkingSetWatch) ) { ObDereferenceObject(Process); return STATUS_UNSUCCESSFUL; } MmLockPagableSectionByHandle(ExPageLockHandle); ExAcquireSpinLock(&WorkingSetCatcher->SpinLock,&OldIrql); if ( WorkingSetCatcher->CurrentIndex ) { // // Null Terminate the first empty entry in the buffer // WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingPc = NULL; //Store a special Va value if the buffer was full and //page faults could have been lost if (WorkingSetCatcher->CurrentIndex != WorkingSetCatcher->MaxIndex) WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingVa = NULL; else WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingVa = (PVOID) 1; SpaceNeeded = (WorkingSetCatcher->CurrentIndex+1) * sizeof(PROCESS_WS_WATCH_INFORMATION); } else { ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); MmUnlockPagableImageSection(ExPageLockHandle); ObDereferenceObject(Process); return STATUS_NO_MORE_ENTRIES; } if ( ProcessInformationLength < SpaceNeeded ) { ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); MmUnlockPagableImageSection(ExPageLockHandle); ObDereferenceObject(Process); return STATUS_BUFFER_TOO_SMALL; } // // Mark the Working Set buffer as full and then drop the lock // and copy the bytes // WorkingSetCatcher->CurrentIndex = MAX_WS_CATCH_INDEX; ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); try { RtlMoveMemory(ProcessInformation,&WorkingSetCatcher->WatchInfo[0],SpaceNeeded); if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = SpaceNeeded; } } except(EXCEPTION_EXECUTE_HANDLER) { ; } ExAcquireSpinLock(&WorkingSetCatcher->SpinLock,&OldIrql); WorkingSetCatcher->CurrentIndex = 0; ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); MmUnlockPagableImageSection(ExPageLockHandle); ObDereferenceObject(Process); return STATUS_SUCCESS; }

NTSTATUS PspSetPrimaryToken (  IN HANDLE  ProcessHandle, IN HANDLE TokenHandle  OPTIONAL, IN PACCESS_TOKEN TokenPointer  OPTIONAL )

Definition at line 366 of file psquery.c. References _SECURITY_SUBJECT_CONTEXT::ClientToken, FALSE, _OBJECT_TYPE_INITIALIZER::GenericMapping, KPROCESSOR_MODE, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObGetObjectSecurity(), ObReferenceObjectByHandle(), ObReleaseObjectSecurity(), _SECURITY_SUBJECT_CONTEXT::PrimaryToken, _SECURITY_SUBJECT_CONTEXT::ProcessAuditId, PsDereferencePrimaryToken, PspAssignPrimaryToken(), PsProcessType, PsReferencePrimaryToken(), SeAccessCheck(), SeAssignPrimaryTokenPrivilege, SeCheckPrivilegedObject(), SeIsChildTokenByPointer(), SeTokenObjectType, and _OBJECT_TYPE::TypeInfo. Referenced by NtAssignProcessToJobObject(), and NtSetInformationProcess(). { NTSTATUS st ; BOOLEAN HasPrivilege ; BOOLEAN IsChildToken ; PEPROCESS Process ; KPROCESSOR_MODE PreviousMode ; // // Check to see if the supplied token is a child of the caller's // token. If so, we don't need to do the privilege check. // PreviousMode = KeGetPreviousMode(); if ( TokenHandle ) { // // Reference the specified token, and make sure it can be assigned // as a primary token. // st = ObReferenceObjectByHandle ( TokenHandle, TOKEN_ASSIGN_PRIMARY, SeTokenObjectType(), PreviousMode, (PVOID *)&TokenPointer, NULL ); if (!NT_SUCCESS(st)) { return( st ); } } st = SeIsChildTokenByPointer( TokenPointer, &IsChildToken ); if (!NT_SUCCESS(st)) { if ( TokenHandle ) { ObDereferenceObject( TokenPointer ); } return( st ); } if (!IsChildToken ) { // // SeCheckPrivilegedObject will perform auditing as appropriate // HasPrivilege = SeCheckPrivilegedObject( SeAssignPrimaryTokenPrivilege, ProcessHandle, PROCESS_SET_INFORMATION, PreviousMode ); if ( !HasPrivilege ) { if ( TokenHandle ) { ObDereferenceObject( TokenPointer ); } return( STATUS_PRIVILEGE_NOT_HELD ); } } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( NT_SUCCESS(st) ) { // // Check for proper access to the token, and assign the primary // token for the process. // st = PspAssignPrimaryToken( Process, NULL, TokenPointer ); // // Recompute the process's access to itself for use // with the CurrentProcess() pseudo handle. // if ( NT_SUCCESS(st) ) { NTSTATUS accesst; BOOLEAN AccessCheck; BOOLEAN MemoryAllocated; PSECURITY_DESCRIPTOR SecurityDescriptor; SECURITY_SUBJECT_CONTEXT SubjectContext; st = ObGetObjectSecurity( Process, &SecurityDescriptor, &MemoryAllocated ); if ( NT_SUCCESS(st) ) { // // Compute the subject security context // SubjectContext.ProcessAuditId = Process; SubjectContext.PrimaryToken = PsReferencePrimaryToken(Process); SubjectContext.ClientToken = NULL; AccessCheck = SeAccessCheck( SecurityDescriptor, &SubjectContext, FALSE, MAXIMUM_ALLOWED, 0, NULL, &PsProcessType->TypeInfo.GenericMapping, PreviousMode, &Process->GrantedAccess, &accesst ); PsDereferencePrimaryToken(SubjectContext.PrimaryToken); ObReleaseObjectSecurity( SecurityDescriptor, MemoryAllocated ); if ( !AccessCheck ) { Process->GrantedAccess = 0; } } } ObDereferenceObject(Process); } if ( TokenHandle) { ObDereferenceObject( TokenPointer ); } return st; }

NTSTATUS PspSetQuotaLimits (  IN HANDLE  ProcessHandle, IN PROCESSINFOCLASS  ProcessInformationClass, IN PVOID  ProcessInformation, IN ULONG  ProcessInformationLength, IN KPROCESSOR_MODE  PreviousMode )

Definition at line 1211 of file psquery.c. References ExAcquireResourceShared, ExAllocatePool, EXCEPTION_EXECUTE_HANDLER, ExFreePool(), ExPageLockHandle, ExReleaseResource, FALSE, KeAttachProcess(), KeDetachProcess(), KeEnterCriticalRegion, KeInitializeSpinLock(), KeLeaveCriticalRegion, MmAdjustWorkingSetSize(), MmLockPagableSectionByHandle(), MmRaisePoolQuota(), MmUnlockPagableImageSection(), NonPagedPool, NT_SUCCESS, NTSTATUS(), NULL, ObDereferenceObject, ObReferenceObjectByHandle(), PagedPool, _EPROCESS_QUOTA_BLOCK::PagefileUsage, PspDefaultNonPagedLimit, PspDefaultPagedLimit, PspDefaultPagefileLimit, PspDefaultQuotaBlock, PsProcessType, _EPROCESS_QUOTA_BLOCK::QuotaLock, _EPROCESS_QUOTA_BLOCK::QuotaPoolUsage, SeIncreaseQuotaPrivilege, SeSinglePrivilegeCheck(), and TRUE. Referenced by NtSetInformationProcess(). { PEPROCESS Process; QUOTA_LIMITS RequestedLimits; KIRQL OldIrql; PEPROCESS_QUOTA_BLOCK NewQuotaBlock; BOOLEAN HasPrivilege = FALSE; NTSTATUS st, ReturnStatus; PVOID UnlockHandle; SIZE_T NewLimit; if ( ProcessInformationLength != sizeof(QUOTA_LIMITS) ) { return STATUS_INFO_LENGTH_MISMATCH; } try { RequestedLimits = *(PQUOTA_LIMITS) ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_QUOTA, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; } UnlockHandle = NULL; // // Now we are ready to set the quota limits for the process // // If the process already has a quota block, then all we allow // is working set changes. // // If the process has no quota block, all that can be done is a // quota set operation. The quotas must be high enough that the // current usage can be charged without causing a quota overflow. // // If a quota field is zero, we pick the value. // // Setting quotas requires the SeIncreaseQuotaPrivilege (except for // working set size since this is only advisory). // ReturnStatus = STATUS_SUCCESS; if ( Process->QuotaBlock == &PspDefaultQuotaBlock ) { if ( RequestedLimits.MinimumWorkingSetSize && RequestedLimits.MaximumWorkingSetSize ) { if ( RequestedLimits.MinimumWorkingSetSize != (SIZE_T)-1 && RequestedLimits.MaximumWorkingSetSize != (SIZE_T)-1 ) { if ( Process->Job ) { KeEnterCriticalRegion(); ExAcquireResourceShared(&Process->Job->JobLock, TRUE); if ( Process->Job->LimitFlags & JOB_OBJECT_LIMIT_WORKINGSET ) { RequestedLimits.MinimumWorkingSetSize = Process->Job->MinimumWorkingSetSize; RequestedLimits.MaximumWorkingSetSize = Process->Job->MaximumWorkingSetSize; } ExReleaseResource(&Process->Job->JobLock); KeLeaveCriticalRegion(); } } KeAttachProcess (&Process->Pcb); ReturnStatus = MmAdjustWorkingSetSize ( RequestedLimits.MinimumWorkingSetSize, RequestedLimits.MaximumWorkingSetSize, FALSE ); KeDetachProcess(); } else { // // You must have a privilege to assign quotas // if ( !SeSinglePrivilegeCheck(SeIncreaseQuotaPrivilege,PreviousMode) ) { ObDereferenceObject(Process); return STATUS_PRIVILEGE_NOT_HELD; } NewQuotaBlock = ExAllocatePool(NonPagedPool,sizeof(*NewQuotaBlock)); if ( !NewQuotaBlock ) { ObDereferenceObject(Process); return STATUS_NO_MEMORY; } RtlZeroMemory(NewQuotaBlock,sizeof(*NewQuotaBlock)); // // Initialize the quota block // KeInitializeSpinLock(&NewQuotaBlock->QuotaLock); NewQuotaBlock->ReferenceCount = 1; // // Grab the quota lock to prevent usage changes // MmLockPagableSectionByHandle(ExPageLockHandle); UnlockHandle = ExPageLockHandle; ExAcquireSpinLock(&PspDefaultQuotaBlock.QuotaLock, &OldIrql ); NewQuotaBlock->QuotaPeakPoolUsage[NonPagedPool] = Process->QuotaPeakPoolUsage[NonPagedPool]; NewQuotaBlock->QuotaPeakPoolUsage[PagedPool] = Process->QuotaPeakPoolUsage[PagedPool]; NewQuotaBlock->QuotaPoolUsage[NonPagedPool] = Process->QuotaPoolUsage[NonPagedPool]; NewQuotaBlock->QuotaPoolUsage[PagedPool] = Process->QuotaPoolUsage[PagedPool]; NewQuotaBlock->PagefileUsage = Process->PagefileUsage; NewQuotaBlock->PeakPagefileUsage = Process->PeakPagefileUsage; // // Now compute limits // // // lou... We need to think this out a bit // // Get the defaults that the system would pick. // NewQuotaBlock->QuotaPoolLimit[PagedPool] = PspDefaultPagedLimit; NewQuotaBlock->QuotaPoolLimit[NonPagedPool] = PspDefaultNonPagedLimit; NewQuotaBlock->PagefileLimit = PspDefaultPagefileLimit; // // Now see if current usage exceeds requested limits. If // so, fail the operation. // // // Paged // if ( NewQuotaBlock->QuotaPoolUsage[PagedPool] > NewQuotaBlock->QuotaPoolLimit[PagedPool] ) { while ( (PspDefaultPagedLimit == 0) && MmRaisePoolQuota(PagedPool,NewQuotaBlock->QuotaPoolLimit[PagedPool],&NewLimit) ) { NewQuotaBlock->QuotaPoolLimit[PagedPool] = NewLimit; if ( NewQuotaBlock->QuotaPoolUsage[PagedPool] <= NewLimit ) { goto LimitRaised0; } } // // current usage exceeds requested limit // ExReleaseSpinLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql ); MmUnlockPagableImageSection(UnlockHandle); ExFreePool(NewQuotaBlock); ObDereferenceObject(Process); return STATUS_QUOTA_EXCEEDED; } // // NonPaged // LimitRaised0: if ( NewQuotaBlock->QuotaPoolUsage[NonPagedPool] > NewQuotaBlock->QuotaPoolLimit[NonPagedPool] ) { while ( (PspDefaultNonPagedLimit == 0) && MmRaisePoolQuota(NonPagedPool,NewQuotaBlock->QuotaPoolLimit[NonPagedPool],&NewLimit) ) { NewQuotaBlock->QuotaPoolLimit[NonPagedPool] = NewLimit; if ( NewQuotaBlock->QuotaPoolUsage[NonPagedPool] <= NewLimit ) { goto LimitRaised1; } } // // current usage exceeds requested limit // ExReleaseSpinLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql ); MmUnlockPagableImageSection(UnlockHandle); ExFreePool(NewQuotaBlock); ObDereferenceObject(Process); return STATUS_QUOTA_EXCEEDED; } // // Pagefile // LimitRaised1: if ( NewQuotaBlock->PagefileUsage > NewQuotaBlock->PagefileLimit ) { // // current usage exceeds requested limit // ExReleaseSpinLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql ); MmUnlockPagableImageSection(UnlockHandle); ExFreePool(NewQuotaBlock); ObDereferenceObject(Process); return STATUS_QUOTA_EXCEEDED; } // Everything is set. Now double check to quota block fieled // If we still have no quota block then assign and succeed. // Otherwise punt. // if ( Process->QuotaBlock != &PspDefaultQuotaBlock ) { ExReleaseSpinLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql ); ExFreePool(NewQuotaBlock); } else { // // return the quotas used by this process, and attach process // to new quota block // if ( Process->QuotaPoolUsage[NonPagedPool] <= PspDefaultQuotaBlock.QuotaPoolUsage[NonPagedPool] ) { PspDefaultQuotaBlock.QuotaPoolUsage[NonPagedPool] -= Process->QuotaPoolUsage[NonPagedPool]; } else { PspDefaultQuotaBlock.QuotaPoolUsage[NonPagedPool] = 0; } if ( Process->QuotaPoolUsage[PagedPool] <= PspDefaultQuotaBlock.QuotaPoolUsage[PagedPool] ) { PspDefaultQuotaBlock.QuotaPoolUsage[PagedPool] -= Process->QuotaPoolUsage[PagedPool]; } else { PspDefaultQuotaBlock.QuotaPoolUsage[PagedPool] = 0; } if ( Process->PagefileUsage <= PspDefaultQuotaBlock.PagefileUsage ) { PspDefaultQuotaBlock.PagefileUsage -= Process->PagefileUsage; } Process->QuotaBlock = NewQuotaBlock; ExReleaseSpinLock(&PspDefaultQuotaBlock.QuotaLock,OldIrql ); } MmUnlockPagableImageSection(UnlockHandle); ReturnStatus = STATUS_SUCCESS; } } else { // // Only allow a working set size change // if ( RequestedLimits.MinimumWorkingSetSize && RequestedLimits.MaximumWorkingSetSize ) { if ( RequestedLimits.MinimumWorkingSetSize != (SIZE_T)-1 && RequestedLimits.MaximumWorkingSetSize != (SIZE_T)-1 ) { if ( Process->Job ) { KeEnterCriticalRegion(); ExAcquireResourceShared(&Process->Job->JobLock, TRUE); if ( Process->Job->LimitFlags & JOB_OBJECT_LIMIT_WORKINGSET ) { RequestedLimits.MinimumWorkingSetSize = Process->Job->MinimumWorkingSetSize; RequestedLimits.MaximumWorkingSetSize = Process->Job->MaximumWorkingSetSize; } ExReleaseResource(&Process->Job->JobLock); KeLeaveCriticalRegion(); } } KeAttachProcess (&Process->Pcb); ReturnStatus = MmAdjustWorkingSetSize ( RequestedLimits.MinimumWorkingSetSize, RequestedLimits.MaximumWorkingSetSize, FALSE ); KeDetachProcess(); } } ObDereferenceObject(Process); return ReturnStatus; }

VOID PsSetProcessPriorityByClass (  IN PEPROCESS  Process, IN PSPROCESSPRIORITYMODE  PriorityMode )

Definition at line 3916 of file psquery.c. References KeSetPriorityProcess(), MEMORY_PRIORITY_BACKGROUND, MEMORY_PRIORITY_FOREGROUND, MmSetMemoryPriorityProcess(), PAGED_CODE, PS_WS_TRIM_BACKGROUND_ONLY_APP, PspForegroundQuantum, PspJobSchedulingClasses, PspPriorityTable, PsPrioritySeperation, PsProcessPriorityForeground, PsProcessPrioritySpinning, PspUseJobSchedulingClasses, and THREAD_QUANTUM. Referenced by NtSetInformationProcess(), PspApplyJobLimitsToProcess(), PspCreateProcess(), and SetForegroundPriorityProcess(). { KPRIORITY BasePriority; UCHAR MemoryPriority; ULONG QuantumIndex; PAGED_CODE(); BasePriority = PspPriorityTable[Process->PriorityClass]; if ( PriorityMode == PsProcessPriorityForeground ) { QuantumIndex = PsPrioritySeperation; MemoryPriority = MEMORY_PRIORITY_FOREGROUND; #if defined(_X86_) Process->MmAgressiveWsTrimMask &= ~PS_WS_TRIM_BACKGROUND_ONLY_APP; #endif // _X86_ } else { QuantumIndex = 0; MemoryPriority = MEMORY_PRIORITY_BACKGROUND; } if ( Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE ) { if ( Process->Job && PspUseJobSchedulingClasses ) { Process->Pcb.ThreadQuantum = PspJobSchedulingClasses[Process->Job->SchedulingClass]; } else { Process->Pcb.ThreadQuantum = PspForegroundQuantum[QuantumIndex]; } } else { Process->Pcb.ThreadQuantum = THREAD_QUANTUM; } KeSetPriorityProcess(&Process->Pcb,BasePriority); if ( PriorityMode != PsProcessPrioritySpinning ) { MmSetMemoryPriorityProcess(Process, MemoryPriority); } }

NTSTATUS PsWatchWorkingSet (  IN NTSTATUS  Status, IN PVOID  PcValue, IN PVOID  Va )

Definition at line 3788 of file psquery.c. References FALSE, NT_SUCCESS, PsGetCurrentProcess, Status, TRUE, and _EPROCESS::WorkingSetWatch. Referenced by KiMemoryFault(). : This function collects data about page faults. For both user and kernel space page faults, it stores information about the page fault in the causing process's data structure. Arguments: Status - type of page fault PcValue - Program Counter value that caused page fault Va - Memory address that was being accessed to cause the page fault --*/ { PEPROCESS Process; PPAGEFAULT_HISTORY WorkingSetCatcher; KIRQL OldIrql; BOOLEAN TransitionFault = FALSE; if ( !NT_SUCCESS( Status )) return Status; //Both transition and demand zero faults count as soft faults. Only disk //reads count as hard faults. if ( Status <= STATUS_PAGE_FAULT_DEMAND_ZERO ) { TransitionFault = TRUE; } Process = PsGetCurrentProcess(); if ( !(WorkingSetCatcher = Process->WorkingSetWatch) ) { return Status; } ExAcquireSpinLock(&WorkingSetCatcher->SpinLock,&OldIrql); if ( WorkingSetCatcher->CurrentIndex >= WorkingSetCatcher->MaxIndex ) { ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); return Status; } //Store the Pc and Va values in the buffer. Use the least sig. bit //of the Va to store whether it was a soft or hard fault WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingPc = PcValue; WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingVa = TransitionFault ? (PVOID)((ULONG_PTR)Va | 1) : (PVOID)((ULONG_PTR)Va & 0xfffffffe) ; WorkingSetCatcher->CurrentIndex++; ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); return Status; }

---

Variable Documentation

PEPROCESS ExpDefaultErrorPortProcess

Definition at line 40 of file psquery.c. Referenced by ExpRaiseHardError(), MiCheckForUserStackOverflow(), MiLoadImageSection(), NtSetDefaultHardErrorPort(), and NtSetInformationThread().

KMUTANT ObpInitKillMutant

Definition at line 35 of file psquery.c.

PKWIN32_POWEREVENT_CALLOUT PopEventCallout

Definition at line 3848 of file psquery.c. Referenced by PsEstablishWin32Callouts().

PKWIN32_POWERSTATE_CALLOUT PopStateCallout

Definition at line 3849 of file psquery.c. Referenced by PsEstablishWin32Callouts().

KPRIORITY PspPriorityTable[PROCESS_PRIORITY_CLASS_ABOVE_NORMAL+1] = {8,4,8,13,24,6,10}

Definition at line 52 of file psquery.c. Referenced by PsSetProcessPriorityByClass().

PKWIN32_JOB_CALLOUT PspW32JobCallout

Definition at line 3847 of file psquery.c. Referenced by NtAssignProcessToJobObject(), NtSetInformationJobObject(), PsEstablishWin32Callouts(), and PspJobDelete().

PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout

Definition at line 3845 of file psquery.c. Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

PKWIN32_THREAD_CALLOUT PspW32ThreadCallout

Definition at line 3846 of file psquery.c. Referenced by PsConvertToGuiThread(), PsEstablishWin32Callouts(), and PspExitThread().

BOOLEAN PsWatchEnabled

Definition at line 41 of file psquery.c.

---