|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
psp.h
Abstract:
Private Interfaces for process structure.
Author:
Mark Lucovsky (markl) 20-Apr-1989
Revision History:
--*/
#ifndef _PSP_
#define _PSP_
#pragma warning(disable:4054) // Cast of function pointer to PVOID
#pragma warning(disable:4055) // Cast of function pointer
#pragma warning(disable:4115) // named type definition in parentheses
#pragma warning(disable:4127) // condition expression is constant
#pragma warning(disable:4152) // Casting function pointers
#pragma warning(disable:4201) // nameless struct/union
#pragma warning(disable:4214) // bit field types other than int
#pragma warning(disable:4324) // alignment sensitive to declspec
#pragma warning(disable:4327) // alignment on assignment
#pragma warning(disable:4328) // alignment on assignment
#include "ntos.h"
#include "ntrtl.h"
#include "nturtl.h"
#include "zwapi.h"
#include "ki.h"
#if defined(_X86_)
#include <vdmntos.h>
#endif
#define NOEXTAPI
#include "wdbgexts.h"
#include "ntdbg.h"
#include <string.h>
#if defined(_WIN64)
#include <wow64t.h>
#endif
#ifdef POOL_TAGGING
#define ExAllocatePool(a,b) ExAllocatePoolWithTag(a,b,' sP')
#define ExAllocatePoolWithQuota(a,b) ExAllocatePoolWithQuotaTag(a,b,' sP')
#endif
//
// Working Set Watcher is 8kb. This lets us watch about 4mb of working
// set.
//
#define WS_CATCH_SIZE 8192
#define WS_OVERHEAD 16
#define MAX_WS_CATCH_INDEX (((WS_CATCH_SIZE-WS_OVERHEAD)/sizeof(PROCESS_WS_WATCH_INFORMATION)) - 2)
//
// Process Quota Charges:
//
// PagedPool
// Directory Base Page - PAGE_SIZE
//
// NonPaged
// Object Body - sizeof(EPROCESS)
//
#define PSP_PROCESS_PAGED_CHARGE (PAGE_SIZE)
#define PSP_PROCESS_NONPAGED_CHARGE (sizeof(EPROCESS))
//
// Thread Quota Charges:
//
// PagedPool
// Kernel Stack - 0
//
// NonPaged
// Object Body - sizeof(ETHREAD)
//
#define PSP_THREAD_PAGED_CHARGE (0)
#define PSP_THREAD_NONPAGED_CHARGE (sizeof(ETHREAD))
typedef struct _GETSETCONTEXT { KAPC Apc; KPROCESSOR_MODE Mode; KEVENT OperationComplete; CONTEXT Context; KNONVOLATILE_CONTEXT_POINTERS NonVolatileContext;} GETSETCONTEXT, *PGETSETCONTEXT;
typedef struct _SYSTEM_DLL { PVOID Section; PVOID DllBase; PKNORMAL_ROUTINE LoaderInitRoutine;} SYSTEM_DLL, PSYSTEM_DLL;
typedef struct _JOB_WORKING_SET_CHANGE_HEAD { LIST_ENTRY Links; FAST_MUTEX Lock; SIZE_T MinimumWorkingSetSize; SIZE_T MaximumWorkingSetSize;} JOB_WORKING_SET_CHANGE_HEAD, *PJOB_WORKING_SET_CHANGE_HEAD;
typedef struct _JOB_WORKING_SET_CHANGE_RECORD { LIST_ENTRY Links; PEPROCESS Process;} JOB_WORKING_SET_CHANGE_RECORD, *PJOB_WORKING_SET_CHANGE_RECORD;
JOB_WORKING_SET_CHANGE_HEAD PspWorkingSetChangeHead;
//
// Private Entry Points
//
VOIDPspProcessDump( IN PVOID Object, IN POB_DUMP_CONTROL Control OPTIONAL );
VOIDPspProcessDelete( IN PVOID Object );
VOIDPspThreadDump( IN PVOID Object, IN POB_DUMP_CONTROL Control OPTIONAL );
VOIDPspInheritQuota( IN PEPROCESS NewProcess, IN PEPROCESS ParentProcess );
VOIDPspDereferenceQuota( IN PEPROCESS Process );
VOIDPspThreadDelete( IN PVOID Object );
//
// Initialization and loader entrypoints
//
BOOLEANPspInitPhase0 ( IN PLOADER_PARAMETER_BLOCK LoaderBlock );
BOOLEANPspInitPhase1 ( IN PLOADER_PARAMETER_BLOCK LoaderBlock );
NTSTATUSPspInitializeSystemDll( VOID );
NTSTATUSPspLookupSystemDllEntryPoint( IN PSZ EntryPointName, OUT PVOID *EntryPointAddress );
NTSTATUSPspLookupKernelUserEntryPoints( VOID );
USHORTPspNameToOrdinal( IN PSZ EntryPointName, IN ULONG DllBase, IN ULONG NumberOfNames, IN PULONG NameTableBase, IN PUSHORT OrdinalTableBase );
NTSTATUSPspMapSystemDll( IN PEPROCESS Process, OUT PVOID *DllBase OPTIONAL );
//
// Internal Creation Functions
//
NTSTATUSPspCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN ULONG JobMemberLevel );
#define PSP_MAX_CREATE_PROCESS_NOTIFY 8
//
// Define process callouts. These are of type PCREATE_PROCESS_NOTIFY_ROUTINE
// Called on process create and delete.
//
ULONG PspCreateProcessNotifyRoutineCount;EX_CALLBACK PspCreateProcessNotifyRoutine[PSP_MAX_CREATE_PROCESS_NOTIFY];
#define PSP_MAX_CREATE_THREAD_NOTIFY 8
//
// Define thread callouts. These are of type PCREATE_THREAD_NOTIFY_ROUTINE
// Called on thread create and delete.
//
ULONG PspCreateThreadNotifyRoutineCount;EX_CALLBACK PspCreateThreadNotifyRoutine[PSP_MAX_CREATE_THREAD_NOTIFY];
#define PSP_MAX_LOAD_IMAGE_NOTIFY 8
//
// Define image load callbacks. These are of type PLOAD_IMAGE_NOTIFY_ROUTINE
// Called on image load.
//
ULONG PspLoadImageNotifyRoutineCount;EX_CALLBACK PspLoadImageNotifyRoutine[PSP_MAX_LOAD_IMAGE_NOTIFY];
NTSTATUSPspCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle, IN PEPROCESS ProcessPointer, OUT PCLIENT_ID ClientId OPTIONAL, IN PCONTEXT ThreadContext OPTIONAL, IN PINITIAL_TEB InitialTeb OPTIONAL, IN BOOLEAN CreateSuspended, IN PKSTART_ROUTINE StartRoutine OPTIONAL, IN PVOID StartContext );
//
// Startup Routines
//
VOIDPspUserThreadStartup( IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext );
VOIDPspSystemThreadStartup( IN PKSTART_ROUTINE StartRoutine, IN PVOID StartContext );
VOIDPspReaper( IN PVOID StartContext );
VOIDPspNullSpecialApc( IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2 );
//
// Thread Exit Support
//
VOIDPspExitApcRundown( IN PKAPC Apc );
DECLSPEC_NORETURNVOIDPspExitThread( IN NTSTATUS ExitStatus );
NTSTATUSPspTerminateThreadByPointer( IN PETHREAD Thread, IN NTSTATUS ExitStatus );
VOIDPspExitSpecialApc( IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2 );
VOIDPspExitProcess( IN BOOLEAN TrimAddressSpace, IN PEPROCESS Process );
NTSTATUSPspWaitForUsermodeExit( IN PEPROCESS Process );
//
// Context Management
//
VOIDPspSetContext( OUT PKTRAP_FRAME TrapFrame, OUT PKNONVOLATILE_CONTEXT_POINTERS NonVolatileContext, IN PCONTEXT Context, KPROCESSOR_MODE Mode );
VOIDPspGetContext( IN PKTRAP_FRAME TrapFrame, IN PKNONVOLATILE_CONTEXT_POINTERS NonVolatileContext, IN OUT PCONTEXT Context );
VOIDPspGetSetContextSpecialApc( IN PKAPC Apc, IN OUT PKNORMAL_ROUTINE *NormalRoutine, IN OUT PVOID *NormalContext, IN OUT PVOID *SystemArgument1, IN OUT PVOID *SystemArgument2 );
VOIDPspExitNormalApc( IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2 );
//
// private security routines
//
NTSTATUSPspInitializeProcessSecurity( IN PEPROCESS Parent OPTIONAL, IN PEPROCESS Child );
VOIDPspDeleteProcessSecurity( IN PEPROCESS Process );
VOIDPspInitializeThreadSecurity( IN PEPROCESS Process, IN PETHREAD Thread );
VOIDPspDeleteThreadSecurity( IN PETHREAD Thread );
NTSTATUSPspAssignPrimaryToken( IN PEPROCESS Process, IN HANDLE Token OPTIONAL, IN PACCESS_TOKEN TokenPointer OPTIONAL );
NTSTATUSPspSetPrimaryToken( IN HANDLE ProcessHandle, IN PEPROCESS ProcessPointer OPTIONAL, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN TokenPointer OPTIONAL, IN BOOLEAN PrivilegeChecked );
//
// Ldt support routines
//
#if defined(i386)
NTSTATUSPspLdtInitialize( );#endif
//
// Vdm support Routines
#if defined(i386)
NTSTATUSPspVdmInitialize( );#endif
NTSTATUSPspQueryLdtInformation( IN PEPROCESS Process, OUT PVOID LdtInformation, IN ULONG LdtInformationLength, OUT PULONG ReturnLength );
NTSTATUSPspSetLdtInformation( IN PEPROCESS Process, IN PVOID LdtInformation, IN ULONG LdtInformationLength );
NTSTATUSPspSetLdtSize( IN PEPROCESS Process, IN PVOID LdtSize, IN ULONG LdtSizeLength );
VOIDPspDeleteLdt( IN PEPROCESS Process );
//
// Io handling support routines
//
NTSTATUSPspSetProcessIoHandlers( IN PEPROCESS Process, IN PVOID IoHandlerInformation, IN ULONG IoHandlerLength );
VOIDPspDeleteVdmObjects( IN PEPROCESS Process );
NTSTATUSPspQueryDescriptorThread ( PETHREAD Thread, PVOID ThreadInformation, ULONG ThreadInformationLength, PULONG ReturnLength );
//
// Job Object Support Routines
//
VOIDPspInitializeJobStructures( );
VOID PspInitializeJobStructuresPhase1( );
VOIDPspJobTimeLimitsWork( IN PVOID Context );
VOIDPspJobTimeLimitsDpcRoutine( IN PKDPC Dpc, IN PVOID DeferredContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2 );
VOIDPspJobDelete( IN PVOID Object );
VOIDPspJobClose ( IN PEPROCESS Process, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG ProcessHandleCount, IN ULONG SystemHandleCount );
NTSTATUSPspAddProcessToJob( PEJOB Job, PEPROCESS Process );
VOIDPspRemoveProcessFromJob( PEJOB Job, PEPROCESS Process );
VOIDPspExitProcessFromJob( PEJOB Job, PEPROCESS Process );
VOIDPspApplyJobLimitsToProcessSet( PEJOB Job );
VOIDPspApplyJobLimitsToProcess( PEJOB Job, PEPROCESS Process );
BOOLEANPspTerminateAllProcessesInJob( PEJOB Job, NTSTATUS Status, BOOLEAN IncCounter );
VOIDPspFoldProcessAccountingIntoJob( PEJOB Job, PEPROCESS Process );
NTSTATUSPspCaptureTokenFilter( KPROCESSOR_MODE PreviousMode, PJOBOBJECT_SECURITY_LIMIT_INFORMATION SecurityLimitInfo, PPS_JOB_TOKEN_FILTER * TokenFilter );
VOIDPspShutdownJobLimits( VOID );
NTSTATUSPspTerminateProcess( PEPROCESS Process, NTSTATUS Status );
NTSTATUSPspGetJobFromSet ( IN PEJOB ParentJob, IN ULONG JobMemberLevel, OUT PEJOB *pJob);
NTSTATUSPspWin32SessionCallout( IN PKWIN32_JOB_CALLOUT CalloutRoutine, IN PKWIN32_JOBCALLOUT_PARAMETERS Parameters, IN ULONG SessionId );
//
// This test routine is called on checked systems to test this path
//
VOIDPspImageNotifyTest( IN PUNICODE_STRING FullImageName, IN HANDLE ProcessId, IN PIMAGE_INFO ImageInfo );
PEPROCESSPspGetNextJobProcess ( IN PEJOB Job, IN PEPROCESS Process );
VOIDPspQuitNextJobProcess ( IN PEPROCESS Process );
VOIDPspInsertQuotaBlock ( IN PEPROCESS_QUOTA_BLOCK QuotaBlock );
#define PspInitializeProcessLock(xProcess) { \
ExInitializePushLock (&xProcess->ProcessLock); \}
#define PspLockProcessExclusive(xProcess,xCurrentThread) { \
KeEnterCriticalRegionThread (&(xCurrentThread)->Tcb); \ ExAcquirePushLockExclusive (&xProcess->ProcessLock); \}
#define PspLockProcessShared(xProcess,xCurrentThread) { \
KeEnterCriticalRegionThread (&(xCurrentThread)->Tcb); \ ExAcquirePushLockShared (&xProcess->ProcessLock); \}
#define PspUnlockProcessShared(xProcess,xCurrentThread) { \
ExReleasePushLockShared (&xProcess->ProcessLock); \ KeLeaveCriticalRegionThread (&(xCurrentThread)->Tcb); \}
#define PspUnlockProcessExclusive(xProcess,xCurrentThread) { \
ExReleasePushLockExclusive (&xProcess->ProcessLock); \ KeLeaveCriticalRegionThread (&(xCurrentThread)->Tcb); \}
//
// Define macros to lock the security fields of the process and thread
//
#define PspLockProcessSecurityExclusive(xProcess,xCurrentThread) \
PspLockProcessExclusive (xProcess, xCurrentThread)
#define PspLockProcessSecurityShared(xProcess,xCurrentThread) \
PspLockProcessShared (xProcess, xCurrentThread)
#define PspUnlockProcessSecurityShared(xProcess,xCurrentThread) \
PspUnlockProcessShared (xProcess, xCurrentThread)
#define PspUnlockProcessSecurityExclusive(xProcess,xCurrentThread) \
PspUnlockProcessExclusive (xProcess, xCurrentThread)
#define PspInitializeThreadLock(xThread) { \
ExInitializePushLock (&xThread->ThreadLock); \}
#define PspLockThreadSecurityExclusive(xThread,xCurrentThread) { \
KeEnterCriticalRegionThread (&(xCurrentThread)->Tcb); \ ExAcquirePushLockExclusive (&xThread->ThreadLock); \}
#define PspLockThreadSecurityShared(xThread,xCurrentThread) { \
KeEnterCriticalRegionThread (&(xCurrentThread)->Tcb); \ ExAcquirePushLockShared (&xThread->ThreadLock); \}#define PspLockThreadSecurityExclusive(xThread,xCurrentThread) { \
KeEnterCriticalRegionThread (&(xCurrentThread)->Tcb); \ ExAcquirePushLockExclusive (&xThread->ThreadLock); \}
#define PspUnlockThreadSecurityShared(xThread,xCurrentThread) { \
ExReleasePushLockShared (&xThread->ThreadLock); \ KeLeaveCriticalRegionThread (&(xCurrentThread)->Tcb); \}
#define PspUnlockThreadSecurityExclusive(xThread,xCurrentThread) { \
ExReleasePushLockExclusive (&xThread->ThreadLock); \ KeLeaveCriticalRegionThread (&(xCurrentThread)->Tcb); \}
//
// Define macros to lock the global process list
//
#define PspLockProcessList(xCurrentThread) { \
KeEnterCriticalRegionThread (&(xCurrentThread)->Tcb); \ ExAcquireFastMutexUnsafe (&PspActiveProcessMutex); \}
#define PspUnlockProcessList(xCurrentThread) { \
ExReleaseFastMutexUnsafe (&PspActiveProcessMutex); \ KeLeaveCriticalRegionThread (&(xCurrentThread)->Tcb); \}
//
//
// Global Data
//
extern PHANDLE_TABLE PspCidTable;extern HANDLE PspInitialSystemProcessHandle;extern PACCESS_TOKEN PspBootAccessToken;extern KSPIN_LOCK PspEventPairLock;extern SYSTEM_DLL PspSystemDll;extern FAST_MUTEX PspActiveProcessMutex;extern PETHREAD PspShutdownThread;
extern ULONG PspDefaultPagedLimit;extern ULONG PspDefaultNonPagedLimit;extern ULONG PspDefaultPagefileLimit;extern ULONG PsMinimumWorkingSet;
extern EPROCESS_QUOTA_BLOCK PspDefaultQuotaBlock;extern BOOLEAN PspDoingGiveBacks;
extern PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout;extern PKWIN32_THREAD_CALLOUT PspW32ThreadCallout;extern PKWIN32_JOB_CALLOUT PspW32JobCallout;extern ULONG PspW32ProcessSize;extern ULONG PspW32ThreadSize;extern SCHAR PspForegroundQuantum[3];
#define PSP_NUMBER_OF_SCHEDULING_CLASSES 10
#define PSP_DEFAULT_SCHEDULING_CLASSES 5
extern const SCHAR PspJobSchedulingClasses[PSP_NUMBER_OF_SCHEDULING_CLASSES];extern BOOLEAN PspUseJobSchedulingClasses;
extern FAST_MUTEX PspJobListLock;extern LIST_ENTRY PspJobList;extern KDPC PspJobLimeLimitsDpc;extern KTIMER PspJobTimeLimitsTimer;extern WORK_QUEUE_ITEM PspJobTimeLimitsWorkItem;extern KSPIN_LOCK PspQuotaLock;
#endif // _PSP_
|
