|
|
/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
psquery.c
Abstract:
This module implements the set and query functions for process and thread objects.
Author:
Mark Lucovsky (markl) 17-Aug-1989
Revision History:
--*/
#include "psp.h"
#include "winerror.h"
#if defined(_WIN64)
#include <wow64t.h>
#endif
//
// Process Pooled Quota Usage and Limits
// NtQueryInformationProcess using ProcessPooledUsageAndLimits
//
//
// this is the csrss process !
//
extern PEPROCESS ExpDefaultErrorPortProcess;BOOLEAN PsWatchEnabled = FALSE;
#ifdef ALLOC_DATA_PRAGMA
#pragma const_seg("PAGECONST")
#endif
const KPRIORITY PspPriorityTable[PROCESS_PRIORITY_CLASS_ABOVE_NORMAL+1] = {8,4,8,13,24,6,10};
NTSTATUSPsConvertToGuiThread( VOID );
NTSTATUSPspQueryWorkingSetWatch( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode );
NTSTATUSPspQueryQuotaLimits( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode );
NTSTATUSPspQueryPooledQuotaLimits( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode );
NTSTATUSPspSetQuotaLimits( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength, IN KPROCESSOR_MODE PreviousMode );
#ifdef ALLOC_PRAGMA
#pragma alloc_text(PAGE, PsEstablishWin32Callouts)
#pragma alloc_text(PAGE, PsConvertToGuiThread)
#pragma alloc_text(PAGE, NtQueryInformationProcess)
#pragma alloc_text(PAGE, NtSetInformationProcess)
#pragma alloc_text(PAGE, NtQueryPortInformationProcess)
#pragma alloc_text(PAGE, NtQueryInformationThread)
#pragma alloc_text(PAGE, NtSetInformationThread)
#pragma alloc_text(PAGE, PsSetProcessPriorityByClass)
#pragma alloc_text(PAGE, PspSetPrimaryToken)
#pragma alloc_text(PAGE, PspSetQuotaLimits)
#pragma alloc_text(PAGE, PspQueryQuotaLimits)
#pragma alloc_text(PAGE, PspQueryPooledQuotaLimits)
#pragma alloc_text(PAGELK, PspQueryWorkingSetWatch)
#endif
NTSTATUSPspQueryWorkingSetWatch( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode ){ PPAGEFAULT_HISTORY WorkingSetCatcher; ULONG SpaceNeeded; PEPROCESS Process; KIRQL OldIrql; NTSTATUS st;
UNREFERENCED_PARAMETER (ProcessInformationClass);
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
WorkingSetCatcher = Process->WorkingSetWatch; if (WorkingSetCatcher == NULL) { ObDereferenceObject (Process); return STATUS_UNSUCCESSFUL; }
MmLockPagableSectionByHandle (ExPageLockHandle); ExAcquireSpinLock (&WorkingSetCatcher->SpinLock,&OldIrql);
if (WorkingSetCatcher->CurrentIndex) {
//
// Null Terminate the first empty entry in the buffer
//
WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingPc = NULL;
//Store a special Va value if the buffer was full and
//page faults could have been lost
if (WorkingSetCatcher->CurrentIndex != WorkingSetCatcher->MaxIndex) { WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingVa = NULL; } else { WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingVa = (PVOID) 1; }
SpaceNeeded = (WorkingSetCatcher->CurrentIndex+1) * sizeof(PROCESS_WS_WATCH_INFORMATION); } else { ExReleaseSpinLock (&WorkingSetCatcher->SpinLock, OldIrql); MmUnlockPagableImageSection (ExPageLockHandle); ObDereferenceObject (Process); return STATUS_NO_MORE_ENTRIES; }
if (ProcessInformationLength < SpaceNeeded) { ExReleaseSpinLock (&WorkingSetCatcher->SpinLock, OldIrql); MmUnlockPagableImageSection (ExPageLockHandle); ObDereferenceObject (Process); return STATUS_BUFFER_TOO_SMALL; }
//
// Mark the Working Set buffer as full and then drop the lock
// and copy the bytes
//
WorkingSetCatcher->CurrentIndex = MAX_WS_CATCH_INDEX;
ExReleaseSpinLock (&WorkingSetCatcher->SpinLock,OldIrql);
try { RtlCopyMemory (ProcessInformation, &WorkingSetCatcher->WatchInfo[0], SpaceNeeded); if (ARGUMENT_PRESENT (ReturnLength) ) { *ReturnLength = SpaceNeeded; } } except (EXCEPTION_EXECUTE_HANDLER) { st = GetExceptionCode (); }
ExAcquireSpinLock (&WorkingSetCatcher->SpinLock, &OldIrql); WorkingSetCatcher->CurrentIndex = 0; ExReleaseSpinLock (&WorkingSetCatcher->SpinLock, OldIrql);
MmUnlockPagableImageSection (ExPageLockHandle); ObDereferenceObject (Process);
return st;}
NTSTATUSPspQueryQuotaLimits( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode ){ QUOTA_LIMITS QuotaLimits; PEPROCESS Process; NTSTATUS st; PEPROCESS_QUOTA_BLOCK QuotaBlock;
UNREFERENCED_PARAMETER (ProcessInformationClass);
if ( ProcessInformationLength != (ULONG) sizeof(QUOTA_LIMITS) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
QuotaBlock = Process->QuotaBlock;
if (QuotaBlock != &PspDefaultQuotaBlock) { QuotaLimits.PagedPoolLimit = QuotaBlock->QuotaEntry[PsPagedPool].Limit; QuotaLimits.NonPagedPoolLimit = QuotaBlock->QuotaEntry[PsNonPagedPool].Limit; QuotaLimits.PagefileLimit = QuotaBlock->QuotaEntry[PsPageFile].Limit; QuotaLimits.TimeLimit.LowPart = 0xffffffff; QuotaLimits.TimeLimit.HighPart = 0xffffffff; } else { QuotaLimits.PagedPoolLimit = (SIZE_T)-1; QuotaLimits.NonPagedPoolLimit = (SIZE_T)-1; QuotaLimits.PagefileLimit = (SIZE_T)-1; QuotaLimits.TimeLimit.LowPart = 0xffffffff; QuotaLimits.TimeLimit.HighPart = 0xffffffff; }
QuotaLimits.MinimumWorkingSetSize = ((SIZE_T) Process->Vm.MinimumWorkingSetSize) << PAGE_SHIFT; QuotaLimits.MaximumWorkingSetSize = ((SIZE_T) Process->Vm.MaximumWorkingSetSize) << PAGE_SHIFT;
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code.
//
st = STATUS_SUCCESS;
try { *(PQUOTA_LIMITS) ProcessInformation = QuotaLimits;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(QUOTA_LIMITS); } } except (EXCEPTION_EXECUTE_HANDLER) { st = GetExceptionCode(); }
return st;}
NTSTATUSPspQueryPooledQuotaLimits( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL, IN KPROCESSOR_MODE PreviousMode ){ PEPROCESS Process; NTSTATUS st; PEPROCESS_QUOTA_BLOCK QuotaBlock; POOLED_USAGE_AND_LIMITS UsageAndLimits;
UNREFERENCED_PARAMETER (ProcessInformationClass);
if ( ProcessInformationLength != (ULONG) sizeof(POOLED_USAGE_AND_LIMITS) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
QuotaBlock = Process->QuotaBlock;
UsageAndLimits.PagedPoolLimit = QuotaBlock->QuotaEntry[PsPagedPool].Limit; UsageAndLimits.NonPagedPoolLimit = QuotaBlock->QuotaEntry[PsNonPagedPool].Limit; UsageAndLimits.PagefileLimit = QuotaBlock->QuotaEntry[PsPageFile].Limit;
UsageAndLimits.PagedPoolUsage = QuotaBlock->QuotaEntry[PsPagedPool].Usage; UsageAndLimits.NonPagedPoolUsage = QuotaBlock->QuotaEntry[PsNonPagedPool].Usage; UsageAndLimits.PagefileUsage = QuotaBlock->QuotaEntry[PsPageFile].Usage;
UsageAndLimits.PeakPagedPoolUsage = QuotaBlock->QuotaEntry[PsPagedPool].Peak; UsageAndLimits.PeakNonPagedPoolUsage = QuotaBlock->QuotaEntry[PsNonPagedPool].Peak; UsageAndLimits.PeakPagefileUsage = QuotaBlock->QuotaEntry[PsPageFile].Peak;
//
// Since the quota charge and return are lock free we may see Peak and Limit out of step.
// Usage <= Limit and Usage <= Peak
// Since Limit is adjusted up and down it does not hold that Peak <= Limit.
//
#define PSMAX(a,b) ((a > b)?(a):(b))
UsageAndLimits.PagedPoolLimit = PSMAX (UsageAndLimits.PagedPoolLimit, UsageAndLimits.PagedPoolUsage); UsageAndLimits.NonPagedPoolLimit = PSMAX (UsageAndLimits.NonPagedPoolLimit, UsageAndLimits.NonPagedPoolUsage); UsageAndLimits.PagefileLimit = PSMAX (UsageAndLimits.PagefileLimit, UsageAndLimits.PagefileUsage);
UsageAndLimits.PeakPagedPoolUsage = PSMAX (UsageAndLimits.PeakPagedPoolUsage, UsageAndLimits.PagedPoolUsage); UsageAndLimits.PeakNonPagedPoolUsage = PSMAX (UsageAndLimits.PeakNonPagedPoolUsage, UsageAndLimits.NonPagedPoolUsage); UsageAndLimits.PeakPagefileUsage = PSMAX (UsageAndLimits.PeakPagefileUsage, UsageAndLimits.PagefileUsage);
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PPOOLED_USAGE_AND_LIMITS) ProcessInformation = UsageAndLimits;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(POOLED_USAGE_AND_LIMITS); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;}
NTSTATUSPspSetPrimaryToken( IN HANDLE ProcessHandle OPTIONAL, IN PEPROCESS ProcessPointer OPTIONAL, IN HANDLE TokenHandle OPTIONAL, IN PACCESS_TOKEN TokenPointer OPTIONAL, IN BOOLEAN PrivilegeChecked )/*++
Sets the primary token for a process. The token and process supplied can be either by handle or by pointer.
--*/{ NTSTATUS Status; BOOLEAN HasPrivilege; BOOLEAN IsChildToken; PEPROCESS Process; KPROCESSOR_MODE PreviousMode;
//
// Check to see if the supplied token is a child of the caller's
// token. If so, we don't need to do the privilege check.
//
PreviousMode = KeGetPreviousMode ();
if (TokenPointer == NULL) { //
// Reference the specified token, and make sure it can be assigned
// as a primary token.
//
Status = ObReferenceObjectByHandle (TokenHandle, TOKEN_ASSIGN_PRIMARY, SeTokenObjectType, PreviousMode, &TokenPointer, NULL);
if (!NT_SUCCESS (Status)) { return Status; } }
//
// If the privilege check has already been done (when the token was
// assign to a job for example). We don't want to do it here.
//
if (!PrivilegeChecked) { Status = SeIsChildTokenByPointer (TokenPointer, &IsChildToken);
if (!NT_SUCCESS (Status)) {
if (TokenHandle != NULL) { ObDereferenceObject (TokenPointer); } return Status; }
if (!IsChildToken) {
//
// SeCheckPrivilegedObject will perform auditing as appropriate
//
HasPrivilege = SeCheckPrivilegedObject (SeAssignPrimaryTokenPrivilege, ProcessHandle, PROCESS_SET_INFORMATION, PreviousMode);
if (!HasPrivilege) {
if (TokenHandle != NULL) { ObDereferenceObject (TokenPointer); }
return STATUS_PRIVILEGE_NOT_HELD; } }
}
if (ProcessPointer == NULL) { Status = ObReferenceObjectByHandle (ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (Status)) {
if (TokenHandle != NULL) { ObDereferenceObject (TokenPointer); } return Status; } } else { Process = ProcessPointer; }
//
// Check for proper access to the token, and assign the primary
// token for the process.
//
Status = PspAssignPrimaryToken (Process, NULL, TokenPointer);
//
// Recompute the process's access to itself for use
// with the CurrentProcess() pseudo handle.
//
if (NT_SUCCESS (Status)) {
NTSTATUS accesst; BOOLEAN AccessCheck; BOOLEAN MemoryAllocated; PSECURITY_DESCRIPTOR SecurityDescriptor; SECURITY_SUBJECT_CONTEXT SubjectContext;
Status = ObGetObjectSecurity (Process, &SecurityDescriptor, &MemoryAllocated);
if (NT_SUCCESS (Status)) { SubjectContext.ProcessAuditId = Process; SubjectContext.PrimaryToken = PsReferencePrimaryToken (Process); SubjectContext.ClientToken = NULL; AccessCheck = SeAccessCheck (SecurityDescriptor, &SubjectContext, FALSE, MAXIMUM_ALLOWED, 0, NULL, &PsProcessType->TypeInfo.GenericMapping, PreviousMode, &Process->GrantedAccess, &accesst);
PsDereferencePrimaryTokenEx(Process, SubjectContext.PrimaryToken); ObReleaseObjectSecurity (SecurityDescriptor, MemoryAllocated);
if (!AccessCheck) { Process->GrantedAccess = 0; }
//
// To keep consistency with process creation, grant these
// bits otherwise CreateProcessAsUser messes up really badly for
// restricted tokens and we end up with a process that has no
// access to itself when new token is set on the suspended
// process.
//
Process->GrantedAccess |= (PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_QUERY_INFORMATION | PROCESS_TERMINATE | PROCESS_CREATE_THREAD | PROCESS_DUP_HANDLE | PROCESS_CREATE_PROCESS | PROCESS_SET_INFORMATION); } //
// Since the process token is being set,
// Set the device map for process to NULL.
// During the next reference to the process' device map,
// the object manager will set the device map for the process
//
if (ObIsLUIDDeviceMapsEnabled() != 0) { ObDereferenceDeviceMap( Process ); } }
if (ProcessHandle != NULL) { ObDereferenceObject (Process); }
if (TokenHandle != NULL) { ObDereferenceObject (TokenPointer); }
return Status;}
NTSTATUSNtQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL )
{ PEPROCESS Process; KPROCESSOR_MODE PreviousMode; NTSTATUS st; PROCESS_BASIC_INFORMATION BasicInfo; VM_COUNTERS_EX VmCounters; IO_COUNTERS IoCounters; KERNEL_USER_TIMES SysUserTime; HANDLE DebugPort; ULONG HandleCount; ULONG DefaultHardErrorMode; ULONG DisableBoost; ULONG BreakOnTerminationEnabled; PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo; PROCESS_SESSION_INFORMATION SessionInfo; PROCESS_PRIORITY_CLASS PriorityClass; ULONG_PTR Wow64Info; ULONG Flags; PUNICODE_STRING pTempNameInfo;
PAGED_CODE();
//
// Get previous processor mode and probe output argument if necessary.
//
PreviousMode = KeGetPreviousMode(); if (PreviousMode != KernelMode) { try { ProbeForWrite(ProcessInformation, ProcessInformationLength, sizeof(ULONG)); if (ARGUMENT_PRESENT(ReturnLength)) { ProbeForWriteUlong(ReturnLength); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } }
//
// Check argument validity.
//
switch ( ProcessInformationClass ) {
case ProcessImageFileName: { ULONG LengthNeeded = 0;
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if (!NT_SUCCESS(st)) { return st; }
//
// SeLocateProcessImageName will allocate space for a UNICODE_STRING and point pTempNameInfo
// at that string. This memory will be freed later in the routine.
//
st = SeLocateProcessImageName(Process, &pTempNameInfo);
if (!NT_SUCCESS(st)) { ObDereferenceObject(Process); return st; }
LengthNeeded = sizeof(UNICODE_STRING) + pTempNameInfo->MaximumLength;
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try {
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = LengthNeeded; }
if (ProcessInformationLength >= LengthNeeded) { RtlCopyMemory( ProcessInformation, pTempNameInfo, sizeof(UNICODE_STRING) + pTempNameInfo->MaximumLength ); ((PUNICODE_STRING) ProcessInformation)->Buffer = (PWSTR)((PUCHAR) ProcessInformation + sizeof(UNICODE_STRING));
} else { st = STATUS_INFO_LENGTH_MISMATCH; }
} except(EXCEPTION_EXECUTE_HANDLER) { st = GetExceptionCode (); } ObDereferenceObject(Process); ExFreePool( pTempNameInfo );
return st;
}
case ProcessWorkingSetWatch:
return PspQueryWorkingSetWatch( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength, PreviousMode );
case ProcessBasicInformation:
if ( ProcessInformationLength != (ULONG) sizeof(PROCESS_BASIC_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
BasicInfo.ExitStatus = Process->ExitStatus; BasicInfo.PebBaseAddress = Process->Peb; BasicInfo.AffinityMask = Process->Pcb.Affinity; BasicInfo.BasePriority = Process->Pcb.BasePriority; BasicInfo.UniqueProcessId = (ULONG_PTR)Process->UniqueProcessId; BasicInfo.InheritedFromUniqueProcessId = (ULONG_PTR)Process->InheritedFromUniqueProcessId;
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PPROCESS_BASIC_INFORMATION) ProcessInformation = BasicInfo;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(PROCESS_BASIC_INFORMATION); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessDefaultHardErrorMode:
if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
DefaultHardErrorMode = Process->DefaultHardErrorProcessing;
ObDereferenceObject(Process);
try { *(PULONG) ProcessInformation = DefaultHardErrorMode;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS; case ProcessQuotaLimits:
return PspQueryQuotaLimits( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength, PreviousMode );
case ProcessPooledUsageAndLimits:
return PspQueryPooledQuotaLimits( ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, ReturnLength, PreviousMode );
case ProcessIoCounters:
if ( ProcessInformationLength != (ULONG) sizeof(IO_COUNTERS) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
IoCounters.ReadOperationCount = Process->ReadOperationCount.QuadPart; IoCounters.WriteOperationCount = Process->WriteOperationCount.QuadPart; IoCounters.OtherOperationCount = Process->OtherOperationCount.QuadPart; IoCounters.ReadTransferCount = Process->ReadTransferCount.QuadPart; IoCounters.WriteTransferCount = Process->WriteTransferCount.QuadPart; IoCounters.OtherTransferCount = Process->OtherTransferCount.QuadPart;
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PIO_COUNTERS) ProcessInformation = IoCounters;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(IO_COUNTERS); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessVmCounters:
if (ProcessInformationLength != (ULONG) sizeof (VM_COUNTERS) && ProcessInformationLength != (ULONG) sizeof (VM_COUNTERS_EX)) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
//
// Note: At some point, we might have to grab the statistics
// lock to reliably read this stuff
//
VmCounters.PeakVirtualSize = Process->PeakVirtualSize; VmCounters.VirtualSize = Process->VirtualSize; VmCounters.PageFaultCount = Process->Vm.PageFaultCount; VmCounters.PeakWorkingSetSize = ((SIZE_T) Process->Vm.PeakWorkingSetSize) << PAGE_SHIFT; VmCounters.WorkingSetSize = ((SIZE_T) Process->Vm.WorkingSetSize) << PAGE_SHIFT; VmCounters.QuotaPeakPagedPoolUsage = Process->QuotaPeak[PsPagedPool]; VmCounters.QuotaPagedPoolUsage = Process->QuotaUsage[PsPagedPool]; VmCounters.QuotaPeakNonPagedPoolUsage = Process->QuotaPeak[PsNonPagedPool]; VmCounters.QuotaNonPagedPoolUsage = Process->QuotaUsage[PsNonPagedPool]; VmCounters.PagefileUsage = ((SIZE_T) Process->QuotaUsage[PsPageFile]) << PAGE_SHIFT; VmCounters.PeakPagefileUsage = ((SIZE_T) Process->QuotaPeak[PsPageFile]) << PAGE_SHIFT; VmCounters.PrivateUsage = ((SIZE_T) Process->CommitCharge) << PAGE_SHIFT;
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { RtlCopyMemory(ProcessInformation, &VmCounters, ProcessInformationLength);
if (ARGUMENT_PRESENT (ReturnLength) ) { *ReturnLength = ProcessInformationLength; } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessTimes:
if ( ProcessInformationLength != (ULONG) sizeof(KERNEL_USER_TIMES) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
//
// Need some type of interlock on KiTimeLock
//
SysUserTime.KernelTime.QuadPart = UInt32x32To64(Process->Pcb.KernelTime, KeMaximumIncrement);
SysUserTime.UserTime.QuadPart = UInt32x32To64(Process->Pcb.UserTime, KeMaximumIncrement);
SysUserTime.CreateTime = Process->CreateTime; SysUserTime.ExitTime = Process->ExitTime;
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PKERNEL_USER_TIMES) ProcessInformation = SysUserTime;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(KERNEL_USER_TIMES); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessDebugPort :
//
if ( ProcessInformationLength != (ULONG) sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
if (Process->DebugPort == NULL) {
DebugPort = NULL;
} else {
DebugPort = (HANDLE)-1;
}
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PHANDLE) ProcessInformation = DebugPort;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(HANDLE); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessDebugObjectHandle : //
if (ProcessInformationLength != sizeof (HANDLE)) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
st = DbgkOpenProcessDebugPort (Process, PreviousMode, &DebugPort);
if (!NT_SUCCESS (st)) { DebugPort = NULL; }
ObDereferenceObject (Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PHANDLE) ProcessInformation = DebugPort;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(HANDLE); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return st;
case ProcessDebugFlags :
if (ProcessInformationLength != sizeof (ULONG)) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
try { *(PULONG) ProcessInformation = (Process->Flags&PS_PROCESS_FLAGS_NO_DEBUG_INHERIT)?0:PROCESS_DEBUG_INHERIT;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(HANDLE); } } except (EXCEPTION_EXECUTE_HANDLER) { st = GetExceptionCode (); }
ObDereferenceObject (Process);
return st;
case ProcessHandleCount :
if ( ProcessInformationLength != (ULONG) sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
HandleCount = ObGetProcessHandleCount (Process);
ObDereferenceObject(Process);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PULONG) ProcessInformation = HandleCount;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessLdtInformation :
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
st = PspQueryLdtInformation (Process, ProcessInformation, ProcessInformationLength, ReturnLength);
ObDereferenceObject(Process); return st;
case ProcessWx86Information :
return STATUS_INVALID_INFO_CLASS;
case ProcessPriorityBoost: if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
DisableBoost = Process->Pcb.DisableBoost ? 1 : 0;
ObDereferenceObject(Process);
try { *(PULONG)ProcessInformation = DisableBoost;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
return st;
case ProcessDeviceMap: DeviceMapInfo = (PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation; if ( ProcessInformationLength < sizeof(DeviceMapInfo->Query) ) { return STATUS_INFO_LENGTH_MISMATCH; }
if ( ProcessInformationLength == sizeof(PROCESS_DEVICEMAP_INFORMATION_EX) ) { try { Flags = ((PPROCESS_DEVICEMAP_INFORMATION_EX)DeviceMapInfo)->Flags; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); } if ( (Flags & ~(PROCESS_LUID_DOSDEVICES_ONLY)) || (ObIsLUIDDeviceMapsEnabled() == 0) ) { return STATUS_INVALID_PARAMETER; } } else { if ( ProcessInformationLength == sizeof(DeviceMapInfo->Query) ) { Flags = 0; } else { return STATUS_INFO_LENGTH_MISMATCH; } }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
st = ObQueryDeviceMapInformation( Process, DeviceMapInfo, Flags ); ObDereferenceObject(Process); return st;
case ProcessSessionInformation :
if ( ProcessInformationLength != (ULONG) sizeof(PROCESS_SESSION_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
SessionInfo.SessionId = MmGetSessionId (Process);
ObDereferenceObject(Process);
try { *(PPROCESS_SESSION_INFORMATION) ProcessInformation = SessionInfo;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(PROCESS_SESSION_INFORMATION); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessPriorityClass:
if ( ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
PriorityClass.Foreground = FALSE; PriorityClass.PriorityClass = Process->PriorityClass;
ObDereferenceObject(Process);
try { *(PPROCESS_PRIORITY_CLASS) ProcessInformation = PriorityClass;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(PROCESS_PRIORITY_CLASS); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessWow64Information:
if ( ProcessInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
Wow64Info = 0;
//
// Acquire process rundown protection as we are about to look at process structures torn down at
// process exit.
//
if (ExAcquireRundownProtection (&Process->RundownProtect)) { PWOW64_PROCESS Wow64Process;
if ((Wow64Process = PS_GET_WOW64_PROCESS (Process)) != NULL) { Wow64Info = (ULONG_PTR)(Wow64Process->Wow64); }
ExReleaseRundownProtection (&Process->RundownProtect); }
ObDereferenceObject(Process);
try { *(PULONG_PTR)ProcessInformation = Wow64Info;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG_PTR); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return( STATUS_SUCCESS );
case ProcessLUIDDeviceMapsEnabled:
if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { *(PULONG)ProcessInformation = ObIsLUIDDeviceMapsEnabled();
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return( STATUS_SUCCESS );
case ProcessBreakOnTermination:
if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
if (Process->Flags & PS_PROCESS_FLAGS_BREAK_ON_TERMINATION) {
BreakOnTerminationEnabled = 1;
} else {
BreakOnTerminationEnabled = 0;
}
ObDereferenceObject(Process);
try {
*(PULONG)ProcessInformation = BreakOnTerminationEnabled;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ProcessHandleTracing: { PPROCESS_HANDLE_TRACING_QUERY Pht; PHANDLE_TABLE HandleTable; PHANDLE_TRACE_DEBUG_INFO DebugInfo; HANDLE_TRACE_DB_ENTRY Trace; PPROCESS_HANDLE_TRACING_ENTRY NextTrace; ULONG StacksLeft; ULONG i, j;
if (ProcessInformationLength < FIELD_OFFSET (PROCESS_HANDLE_TRACING_QUERY, HandleTrace)) { return STATUS_INFO_LENGTH_MISMATCH; }
Pht = (PPROCESS_HANDLE_TRACING_QUERY) ProcessInformation; StacksLeft = (ProcessInformationLength - FIELD_OFFSET (PROCESS_HANDLE_TRACING_QUERY, HandleTrace)) / sizeof (Pht->HandleTrace[0]); NextTrace = &Pht->HandleTrace[0];
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; } HandleTable = ObReferenceProcessHandleTable (Process);
if (HandleTable != NULL) { DebugInfo = HandleTable->DebugInfo; if (DebugInfo != 0) { try { Pht->TotalTraces = 0; j = DebugInfo->CurrentStackIndex % HANDLE_TRACE_DB_MAX_STACKS; for (i = 0; i < HANDLE_TRACE_DB_MAX_STACKS; i++) { RtlCopyMemory (&Trace, &DebugInfo->TraceDb[j], sizeof (Trace)); if ((Pht->Handle == Trace.Handle || Pht->Handle == 0) && Trace.Type != 0) { Pht->TotalTraces++; if (StacksLeft > 0) { StacksLeft--; NextTrace->Handle = Trace.Handle; NextTrace->ClientId = Trace.ClientId; NextTrace->Type = Trace.Type; RtlCopyMemory (NextTrace->Stacks, Trace.StackTrace, min (sizeof (NextTrace->Stacks), sizeof (Trace.StackTrace))); NextTrace++;
} else { st = STATUS_INFO_LENGTH_MISMATCH; } } if (j == 0) { j = HANDLE_TRACE_DB_MAX_STACKS - 1; } else { j--; } } if (ARGUMENT_PRESENT (ReturnLength)) { *ReturnLength = (ULONG) ((PUCHAR) NextTrace - (PUCHAR) Pht); } } except (EXCEPTION_EXECUTE_HANDLER) { st = GetExceptionCode (); } } else { st = STATUS_INVALID_PARAMETER; } ObDereferenceProcessHandleTable (Process); } else { st = STATUS_PROCESS_IS_TERMINATING; }
ObDereferenceObject(Process); return st; }
default:
return STATUS_INVALID_INFO_CLASS; }
}
NTSTATUSNtQueryPortInformationProcess( VOID )
/*++
Routine Description:
This function tests whether a debug port or an exception port is attached to the current process and returns a corresponding value. This function is used to bypass raising an exception through the system when no associated ports are present.
N.B. This improves performance considerably with respect to raising software exceptions in user mode on AMD64 and IA64 systems.
Arguments:
None.
Return Value:
A success value of TRUE is returned if either a debug or exception port is associated with the current process. Otherwise, a success value of FALSE is returned.
--*/
{
PEPROCESS Process; PETHREAD Thread;
//
// If the process has a debug port and it is not being hidden from the
// debugger, then return a success status of TRUE. Otherwise, is the
// process has an exception port, then return a success status of TRUE.
// Otherwise, return a success status of FALSE.
//
Thread = PsGetCurrentThread(); Process = PsGetCurrentProcessByThread(Thread); if ((Process->DebugPort != NULL) && ((Thread->CrossThreadFlags & PS_CROSS_THREAD_FLAGS_HIDEFROMDBG) == 0)) {
return TRUE;
} else if (Process->ExceptionPort != NULL) { return TRUE;
} else { return FALSE; }}
NTSTATUSPspSetQuotaLimits( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength, IN KPROCESSOR_MODE PreviousMode ){ PEPROCESS Process; PETHREAD CurrentThread; QUOTA_LIMITS RequestedLimits; PEPROCESS_QUOTA_BLOCK NewQuotaBlock; NTSTATUS st, ReturnStatus; BOOLEAN OkToIncrease; PEJOB Job; KAPC_STATE ApcState;
UNREFERENCED_PARAMETER (ProcessInformationClass);
if ( ProcessInformationLength != sizeof(QUOTA_LIMITS) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { RequestedLimits = *(PQUOTA_LIMITS) ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_QUOTA, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
CurrentThread = PsGetCurrentThread ();
//
// Now we are ready to set the quota limits for the process
//
// If the process already has a quota block, then all we allow
// is working set changes.
//
// If the process has no quota block, all that can be done is a
// quota set operation. The quotas must be high enough that the
// current usage can be charged without causing a quota overflow.
//
// If a quota field is zero, we pick the value.
//
// Setting quotas requires the SeIncreaseQuotaPrivilege (except for
// working set size since this is only advisory).
//
ReturnStatus = STATUS_SUCCESS;
if (Process->QuotaBlock == &PspDefaultQuotaBlock) { if (RequestedLimits.MinimumWorkingSetSize && RequestedLimits.MaximumWorkingSetSize) {
if (RequestedLimits.MinimumWorkingSetSize != (SIZE_T)-1 && RequestedLimits.MaximumWorkingSetSize != (SIZE_T)-1) { Job = Process->Job; if (Job != NULL) { KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquireResourceSharedLite (&Job->JobLock, TRUE);
if (Job->LimitFlags & JOB_OBJECT_LIMIT_WORKINGSET) { RequestedLimits.MinimumWorkingSetSize = Job->MinimumWorkingSetSize; RequestedLimits.MaximumWorkingSetSize = Job->MaximumWorkingSetSize; }
ExReleaseResourceLite (&Job->JobLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb); } }
if (SeSinglePrivilegeCheck (SeIncreaseBasePriorityPrivilege, PreviousMode)) { OkToIncrease = TRUE; } else { OkToIncrease = FALSE; }
KeStackAttachProcess (&Process->Pcb, &ApcState);
ReturnStatus = MmAdjustWorkingSetSize ( RequestedLimits.MinimumWorkingSetSize, RequestedLimits.MaximumWorkingSetSize, FALSE, OkToIncrease);
KeUnstackDetachProcess (&ApcState);
} else {
//
// You must have a privilege to assign quotas
//
if (!SeSinglePrivilegeCheck (SeIncreaseQuotaPrivilege, PreviousMode)) { ObDereferenceObject (Process); return STATUS_PRIVILEGE_NOT_HELD; }
NewQuotaBlock = ExAllocatePoolWithTag (NonPagedPool, sizeof(*NewQuotaBlock), 'bQsP'); if (NewQuotaBlock == NULL) { ObDereferenceObject (Process); return STATUS_NO_MEMORY; } RtlZeroMemory (NewQuotaBlock, sizeof (*NewQuotaBlock));
//
// Initialize the quota block
//
NewQuotaBlock->ReferenceCount = 1; NewQuotaBlock->ProcessCount = 1;
NewQuotaBlock->QuotaEntry[PsNonPagedPool].Peak = Process->QuotaPeak[PsNonPagedPool]; NewQuotaBlock->QuotaEntry[PsPagedPool].Peak = Process->QuotaPeak[PsPagedPool]; NewQuotaBlock->QuotaEntry[PsPageFile].Peak = Process->QuotaPeak[PsPageFile];
//
// Now compute limits
//
//
// Get the defaults that the system would pick.
//
NewQuotaBlock->QuotaEntry[PsPagedPool].Limit = PspDefaultPagedLimit; NewQuotaBlock->QuotaEntry[PsNonPagedPool].Limit = PspDefaultNonPagedLimit; NewQuotaBlock->QuotaEntry[PsPageFile].Limit = PspDefaultPagefileLimit;
// Everything is set. Now double check to quota block field
// If we still have no quota block then assign and succeed.
// Otherwise punt.
//
if (InterlockedCompareExchangePointer (&Process->QuotaBlock, NewQuotaBlock, &PspDefaultQuotaBlock) != &PspDefaultQuotaBlock) { ExFreePool (NewQuotaBlock); } else { PspInsertQuotaBlock (NewQuotaBlock); }
ReturnStatus = STATUS_SUCCESS; } } else {
//
// Only allow a working set size change
//
if (RequestedLimits.MinimumWorkingSetSize && RequestedLimits.MaximumWorkingSetSize) {
if (RequestedLimits.MinimumWorkingSetSize != (SIZE_T)-1 && RequestedLimits.MaximumWorkingSetSize != (SIZE_T)-1) { Job = Process->Job; if (Job != NULL) { KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquireResourceSharedLite (&Job->JobLock, TRUE);
if (Job->LimitFlags & JOB_OBJECT_LIMIT_WORKINGSET) { RequestedLimits.MinimumWorkingSetSize = Job->MinimumWorkingSetSize; RequestedLimits.MaximumWorkingSetSize = Job->MaximumWorkingSetSize; }
ExReleaseResourceLite (&Job->JobLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb); } }
if (SeSinglePrivilegeCheck (SeIncreaseBasePriorityPrivilege, PreviousMode)) { OkToIncrease = TRUE; } else { OkToIncrease = FALSE; }
KeStackAttachProcess (&Process->Pcb, &ApcState); ReturnStatus = MmAdjustWorkingSetSize ( RequestedLimits.MinimumWorkingSetSize, RequestedLimits.MaximumWorkingSetSize, FALSE, OkToIncrease );
KeUnstackDetachProcess (&ApcState);
} } ObDereferenceObject(Process);
return ReturnStatus;
}
NTSTATUSNtSetInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength )
/*++
Routine Description:
This function sets the state of a process object.
Arguments:
ProcessHandle - Supplies a handle to a process object.
ProcessInformationClass - Supplies the class of information being set.
ProcessInformation - Supplies a pointer to a record that contains the information to set.
ProcessInformationLength - Supplies the length of the record that contains the information to set.
Return Value:
TBS
--*/
{
PEPROCESS Process; PETHREAD Thread; PETHREAD CurrentThread; KPROCESSOR_MODE PreviousMode; NTSTATUS st; KPRIORITY BasePriority; ULONG BoostValue; ULONG DefaultHardErrorMode; PVOID ExceptionPort; BOOLEAN EnableAlignmentFaultFixup; HANDLE ExceptionPortHandle; ULONG ProbeAlignment; HANDLE PrimaryTokenHandle; BOOLEAN HasPrivilege = FALSE; UCHAR MemoryPriority; PROCESS_PRIORITY_CLASS LocalPriorityClass; PROCESS_FOREGROUND_BACKGROUND LocalForeground; KAFFINITY Affinity, AffinityWithMasks; ULONG DisableBoost; BOOLEAN bDisableBoost; PPROCESS_DEVICEMAP_INFORMATION DeviceMapInfo; HANDLE DirectoryHandle; PROCESS_SESSION_INFORMATION SessionInfo; ULONG EnableBreakOnTermination; PEJOB Job;
PAGED_CODE();
//
// Get previous processor mode and probe input argument if necessary.
//
CurrentThread = PsGetCurrentThread (); PreviousMode = KeGetPreviousModeByThread(&CurrentThread->Tcb);
if (PreviousMode != KernelMode) {
if (ProcessInformationClass == ProcessBasePriority) { ProbeAlignment = sizeof(KPRIORITY);
} else if (ProcessInformationClass == ProcessEnableAlignmentFaultFixup) { ProbeAlignment = sizeof(BOOLEAN); } else if (ProcessInformationClass == ProcessForegroundInformation) { ProbeAlignment = sizeof(PROCESS_FOREGROUND_BACKGROUND); } else if (ProcessInformationClass == ProcessPriorityClass) { ProbeAlignment = sizeof(BOOLEAN); } else if (ProcessInformationClass == ProcessAffinityMask) { ProbeAlignment = sizeof (ULONG_PTR); } else { ProbeAlignment = sizeof(ULONG); }
try { ProbeForRead( ProcessInformation, ProcessInformationLength, ProbeAlignment ); } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } }
//
// Check argument validity.
//
switch ( ProcessInformationClass ) {
case ProcessWorkingSetWatch: { PPAGEFAULT_HISTORY WorkingSetCatcher;
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
st = PsChargeProcessNonPagedPoolQuota (Process, WS_CATCH_SIZE); if (NT_SUCCESS(st)) {
WorkingSetCatcher = ExAllocatePoolWithTag (NonPagedPool, WS_CATCH_SIZE, 'sWsP'); if (!WorkingSetCatcher) { st = STATUS_NO_MEMORY; } else {
PsWatchEnabled = TRUE; WorkingSetCatcher->CurrentIndex = 0; WorkingSetCatcher->MaxIndex = MAX_WS_CATCH_INDEX; KeInitializeSpinLock (&WorkingSetCatcher->SpinLock);
//
// This only ever goes on the process and isn't removed till process object deletion.
// We just need to protect against multiple callers here.
//
if (InterlockedCompareExchangePointer (&Process->WorkingSetWatch, WorkingSetCatcher, NULL) == NULL) { st = STATUS_SUCCESS; } else { ExFreePool (WorkingSetCatcher); st = STATUS_PORT_ALREADY_SET; } } if (!NT_SUCCESS (st)) { PsReturnProcessNonPagedPoolQuota (Process, WS_CATCH_SIZE); } }
ObDereferenceObject(Process);
return st; }
case ProcessBasePriority: {
//
// THIS ITEM CODE IS OBSOLETE !
//
if ( ProcessInformationLength != sizeof(KPRIORITY) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { BasePriority = *(KPRIORITY *)ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
if (BasePriority & 0x80000000) { MemoryPriority = MEMORY_PRIORITY_FOREGROUND; BasePriority &= ~0x80000000; } else { MemoryPriority = MEMORY_PRIORITY_BACKGROUND; }
if ( BasePriority > HIGH_PRIORITY || BasePriority <= LOW_PRIORITY ) {
return STATUS_INVALID_PARAMETER; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if (!NT_SUCCESS (st)) { return st; }
if ( BasePriority > Process->Pcb.BasePriority ) {
//
// Increasing the base priority of a process is a
// privileged operation. Check for the privilege
// here.
//
HasPrivilege = SeCheckPrivilegedObject( SeIncreaseBasePriorityPrivilege, ProcessHandle, PROCESS_SET_INFORMATION, PreviousMode );
if (!HasPrivilege) {
ObDereferenceObject(Process); return STATUS_PRIVILEGE_NOT_HELD; } }
KeSetPriorityProcess (&Process->Pcb,BasePriority); MmSetMemoryPriorityProcess (Process, MemoryPriority); ObDereferenceObject (Process);
return STATUS_SUCCESS; }
case ProcessPriorityClass: { if ( ProcessInformationLength != sizeof(PROCESS_PRIORITY_CLASS) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { LocalPriorityClass = *(PPROCESS_PRIORITY_CLASS)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
if (LocalPriorityClass.PriorityClass > PROCESS_PRIORITY_CLASS_ABOVE_NORMAL) { return STATUS_INVALID_PARAMETER; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
if (LocalPriorityClass.PriorityClass != Process->PriorityClass && LocalPriorityClass.PriorityClass == PROCESS_PRIORITY_CLASS_REALTIME) {
//
// Increasing the base priority of a process is a
// privileged operation. Check for the privilege
// here.
//
HasPrivilege = SeCheckPrivilegedObject (SeIncreaseBasePriorityPrivilege, ProcessHandle, PROCESS_SET_INFORMATION, PreviousMode);
if (!HasPrivilege) {
ObDereferenceObject(Process); return STATUS_PRIVILEGE_NOT_HELD; } }
//
// If the process has a job object, override whatever the process
// is calling with with the value from the job object
//
Job = Process->Job; if (Job != NULL) { KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquireResourceSharedLite (&Job->JobLock, TRUE);
if (Job->LimitFlags & JOB_OBJECT_LIMIT_PRIORITY_CLASS) { LocalPriorityClass.PriorityClass = Job->PriorityClass; }
ExReleaseResourceLite (&Job->JobLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb); }
Process->PriorityClass = LocalPriorityClass.PriorityClass;
PsSetProcessPriorityByClass(Process, LocalPriorityClass.Foreground ? PsProcessPriorityForeground : PsProcessPriorityBackground);
ObDereferenceObject(Process);
return STATUS_SUCCESS; }
case ProcessForegroundInformation: {
if ( ProcessInformationLength != sizeof(PROCESS_FOREGROUND_BACKGROUND) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { LocalForeground = *(PPROCESS_FOREGROUND_BACKGROUND)ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
PsSetProcessPriorityByClass(Process, LocalForeground.Foreground ? PsProcessPriorityForeground : PsProcessPriorityBackground);
ObDereferenceObject(Process);
return STATUS_SUCCESS; }
case ProcessRaisePriority: { //
// This code is used to boost the priority of all threads
// within a process. It cannot be used to change a thread into
// a realtime class, or to lower the priority of a thread. The
// argument is a boost value that is added to the base priority
// of the specified process.
//
if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { BoostValue = *(PULONG)ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
//
// Get the process create/delete lock and walk through the
// thread list boosting each thread.
//
if (ExAcquireRundownProtection (&Process->RundownProtect)) { for (Thread = PsGetNextProcessThread (Process, NULL); Thread != NULL; Thread = PsGetNextProcessThread (Process, Thread)) {
KeBoostPriorityThread(&Thread->Tcb,(KPRIORITY)BoostValue); } ExReleaseRundownProtection (&Process->RundownProtect); } else { st = STATUS_PROCESS_IS_TERMINATING; }
ObDereferenceObject(Process);
return st; }
case ProcessDefaultHardErrorMode: { if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { DefaultHardErrorMode = *(PULONG)ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
Process->DefaultHardErrorProcessing = DefaultHardErrorMode; if (DefaultHardErrorMode & PROCESS_HARDERROR_ALIGNMENT_BIT) { KeSetAutoAlignmentProcess(&Process->Pcb,TRUE); } else { KeSetAutoAlignmentProcess(&Process->Pcb,FALSE); }
ObDereferenceObject(Process);
return STATUS_SUCCESS; }
case ProcessQuotaLimits: { return PspSetQuotaLimits (ProcessHandle, ProcessInformationClass, ProcessInformation, ProcessInformationLength, PreviousMode); }
case ProcessExceptionPort : { if ( ProcessInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { ExceptionPortHandle = *(PHANDLE) ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
st = ObReferenceObjectByHandle (ExceptionPortHandle, 0, LpcPortObjectType, PreviousMode, &ExceptionPort, NULL); if (!NT_SUCCESS (st)) { return st; }
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_SET_PORT, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { ObDereferenceObject (ExceptionPort); return st; }
//
// We are only allowed to put the exception port on. It doesn't get remoted till process delete.
//
if (InterlockedCompareExchangePointer (&Process->ExceptionPort, ExceptionPort, NULL) == NULL) { st = STATUS_SUCCESS; } else { ObDereferenceObject (ExceptionPort); st = STATUS_PORT_ALREADY_SET; } ObDereferenceObject(Process);
return st; }
case ProcessAccessToken : {
if ( ProcessInformationLength != sizeof(PROCESS_ACCESS_TOKEN) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { PrimaryTokenHandle = ((PROCESS_ACCESS_TOKEN *)ProcessInformation)->Token; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = PspSetPrimaryToken (ProcessHandle, NULL, PrimaryTokenHandle, NULL, FALSE);
return st; }
case ProcessLdtInformation:
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_SET_INFORMATION | PROCESS_VM_WRITE, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
st = PspSetLdtInformation (Process, ProcessInformation, ProcessInformationLength);
ObDereferenceObject(Process); return st;
case ProcessLdtSize:
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_SET_INFORMATION | PROCESS_VM_WRITE, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
st = PspSetLdtSize (Process, ProcessInformation, ProcessInformationLength);
ObDereferenceObject(Process); return st;
case ProcessIoPortHandlers:
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
st = PspSetProcessIoHandlers (Process, ProcessInformation, ProcessInformationLength);
ObDereferenceObject(Process); return st;
case ProcessUserModeIOPL:
//
// Must make sure the caller is a trusted subsystem with the
// appropriate privilege level before executing this call.
// If the calls returns FALSE we must return an error code.
//
if (!SeSinglePrivilegeCheck(RtlConvertLongToLuid( SE_TCB_PRIVILEGE), PreviousMode )) {
return STATUS_PRIVILEGE_NOT_HELD;
}
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( NT_SUCCESS(st) ) {
#if defined(_X86_) && !defined(_AMD64_)
Ke386SetIOPL(&Process->Pcb);
#endif
ObDereferenceObject(Process); }
return st;
//
// Enable/disable auto-alignment fixup for a process and all its threads.
//
case ProcessEnableAlignmentFaultFixup:
if ( ProcessInformationLength != sizeof(BOOLEAN) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { EnableAlignmentFaultFixup = *(PBOOLEAN)ProcessInformation;
} except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
if ( EnableAlignmentFaultFixup ) { Process->DefaultHardErrorProcessing |= PROCESS_HARDERROR_ALIGNMENT_BIT; } else { Process->DefaultHardErrorProcessing &= ~PROCESS_HARDERROR_ALIGNMENT_BIT; }
KeSetAutoAlignmentProcess( &(Process->Pcb), EnableAlignmentFaultFixup ); ObDereferenceObject(Process); return STATUS_SUCCESS;
case ProcessWx86Information :
return STATUS_INVALID_INFO_CLASS;
case ProcessAffinityMask:
if (ProcessInformationLength != sizeof (KAFFINITY)) { return STATUS_INFO_LENGTH_MISMATCH; }
try { Affinity = *(PKAFFINITY)ProcessInformation;
} except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
AffinityWithMasks = Affinity & KeActiveProcessors;
if (!Affinity || (AffinityWithMasks != Affinity)) { return STATUS_INVALID_PARAMETER; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if (!NT_SUCCESS (st)) { return st; }
//
// If the process has a job object, override whatever the process
// is calling with with the value from the job object
//
Job = Process->Job; if (Job != NULL) { KeEnterCriticalRegionThread (&CurrentThread->Tcb); ExAcquireResourceSharedLite (&Job->JobLock, TRUE);
if (Job->LimitFlags & JOB_OBJECT_LIMIT_AFFINITY) { AffinityWithMasks = Job->Affinity; }
ExReleaseResourceLite (&Job->JobLock); KeLeaveCriticalRegionThread (&CurrentThread->Tcb); }
if (ExAcquireRundownProtection (&Process->RundownProtect)) {
PspLockProcessExclusive (Process, CurrentThread);
KeSetAffinityProcess (&Process->Pcb, AffinityWithMasks);
PspUnlockProcessExclusive (Process, CurrentThread);
ExReleaseRundownProtection (&Process->RundownProtect);
st = STATUS_SUCCESS; } else { st = STATUS_PROCESS_IS_TERMINATING; } ObDereferenceObject(Process); return st;
case ProcessPriorityBoost: if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { DisableBoost = *(PULONG)ProcessInformation; } except(EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
bDisableBoost = (DisableBoost ? TRUE : FALSE);
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if (!NT_SUCCESS (st)) { return st; }
//
// the following allows this api to properly if
// called while the exiting process is blocked holding the
// createdeletelock. This can happen during debugger/server
// lpc transactions that occur in pspexitthread
//
if (!ExAcquireRundownProtection (&Process->RundownProtect)) { st = STATUS_PROCESS_IS_TERMINATING; } else { PLIST_ENTRY Next;
PspLockProcessExclusive (Process, CurrentThread);
Process->Pcb.DisableBoost = bDisableBoost;
for (Next = Process->ThreadListHead.Flink; Next != &Process->ThreadListHead; Next = Next->Flink) { Thread = (PETHREAD)(CONTAINING_RECORD(Next,ETHREAD,ThreadListEntry)); KeSetDisableBoostThread(&Thread->Tcb,bDisableBoost); }
PspUnlockProcessExclusive (Process, CurrentThread);
ExReleaseRundownProtection (&Process->RundownProtect); }
ObDereferenceObject(Process); return st;
case ProcessDebugFlags : { ULONG Flags;
if (ProcessInformationLength != sizeof (ULONG)) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; }
try { Flags = *(PULONG) ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { Flags = 0; st = GetExceptionCode (); } if (NT_SUCCESS (st)) { if (Flags & ~PROCESS_DEBUG_INHERIT) { st = STATUS_INVALID_PARAMETER; } else { if (Flags&PROCESS_DEBUG_INHERIT) { PS_CLEAR_BITS (&Process->Flags, PS_PROCESS_FLAGS_NO_DEBUG_INHERIT); } else { PS_SET_BITS (&Process->Flags, PS_PROCESS_FLAGS_NO_DEBUG_INHERIT); } } }
ObDereferenceObject (Process);
return st; }
case ProcessDeviceMap: DeviceMapInfo = (PPROCESS_DEVICEMAP_INFORMATION)ProcessInformation; if ( ProcessInformationLength != sizeof(DeviceMapInfo->Set) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { DirectoryHandle = DeviceMapInfo->Set.DirectoryHandle; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
//
// The devmap fields here are synchronized using a private ob spinlock. We don't need to protect with a
// lock at this level.
//
st = ObSetDeviceMap( Process, DirectoryHandle );
ObDereferenceObject(Process); return st;
case ProcessSessionInformation :
//
// Update Multi-User session specific process information
//
if ( ProcessInformationLength != (ULONG) sizeof(PROCESS_SESSION_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { SessionInfo = *(PPROCESS_SESSION_INFORMATION) ProcessInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
//
// We only allow TCB to set SessionId's
//
if ( !SeSinglePrivilegeCheck(SeTcbPrivilege,PreviousMode) ) { return( STATUS_PRIVILEGE_NOT_HELD ); }
//
// Reference process object
//
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION | PROCESS_SET_SESSIONID, PsProcessType, PreviousMode, (PVOID *)&Process, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
//
// Update SessionId in the Token
//
if (SessionInfo.SessionId != MmGetSessionId (Process)) { st = STATUS_ACCESS_DENIED; } else { st = STATUS_SUCCESS; }
ObDereferenceObject(Process);
return( st );
case ProcessBreakOnTermination:
if ( ProcessInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try {
EnableBreakOnTermination = *(PULONG)ProcessInformation;
} except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if (!SeSinglePrivilegeCheck (SeDebugPrivilege, PreviousMode)) { return STATUS_PRIVILEGE_NOT_HELD; }
st = ObReferenceObjectByHandle( ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, (PVOID *)&Process, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
if ( EnableBreakOnTermination ) {
PS_SET_BITS (&Process->Flags, PS_PROCESS_FLAGS_BREAK_ON_TERMINATION);
} else {
PS_CLEAR_BITS (&Process->Flags, PS_PROCESS_FLAGS_BREAK_ON_TERMINATION);
}
ObDereferenceObject(Process);
return STATUS_SUCCESS;
case ProcessHandleTracing: { PPROCESS_HANDLE_TRACING_ENABLE Pht; PHANDLE_TABLE HandleTable;
if (ProcessInformationLength != sizeof (PROCESS_HANDLE_TRACING_ENABLE)) { return STATUS_INFO_LENGTH_MISMATCH; }
Pht = (PPROCESS_HANDLE_TRACING_ENABLE) ProcessInformation;
try { if (Pht->Flags != 0) { return STATUS_INVALID_PARAMETER; } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
st = ObReferenceObjectByHandle (ProcessHandle, PROCESS_SET_INFORMATION, PsProcessType, PreviousMode, &Process, NULL);
if (!NT_SUCCESS (st)) { return st; } HandleTable = ObReferenceProcessHandleTable (Process);
if (HandleTable != NULL) { st = ExEnableHandleTracing (HandleTable); ObDereferenceProcessHandleTable (Process); } else { st = STATUS_PROCESS_IS_TERMINATING; }
ObDereferenceObject(Process); return st; }
default: return STATUS_INVALID_INFO_CLASS; }
}
NTSTATUSNtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL )
/*++
Routine Description:
This function queries the state of a thread object and returns the requested information in the specified record structure.
Arguments:
ThreadHandle - Supplies a handle to a thread object.
ThreadInformationClass - Supplies the class of information being requested.
ThreadInformation - Supplies a pointer to a record that is to receive the requested information.
ThreadInformationLength - Supplies the length of the record that is to receive the requested information.
ReturnLength - Supplies an optional pointer to a variable that is to receive the actual length of information that is returned.
Return Value:
TBS
--*/
{
LARGE_INTEGER PerformanceCount; PETHREAD Thread; PEPROCESS Process; ULONG LastThread; KPROCESSOR_MODE PreviousMode; NTSTATUS st; THREAD_BASIC_INFORMATION BasicInfo; KERNEL_USER_TIMES SysUserTime; PVOID Win32StartAddressValue; ULONG DisableBoost; ULONG IoPending ; ULONG BreakOnTerminationEnabled; PETHREAD CurrentThread;
//
// Get previous processor mode and probe output argument if necessary.
//
PAGED_CODE();
CurrentThread = PsGetCurrentThread ();
PreviousMode = KeGetPreviousModeByThread (&CurrentThread->Tcb);
if (PreviousMode != KernelMode) { try { ProbeForWrite(ThreadInformation, ThreadInformationLength, sizeof(ULONG)); if (ARGUMENT_PRESENT(ReturnLength)) { ProbeForWriteUlong(ReturnLength); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } }
//
// Check argument validity.
//
switch ( ThreadInformationClass ) {
case ThreadBasicInformation:
if ( ThreadInformationLength != (ULONG) sizeof(THREAD_BASIC_INFORMATION) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL ); if ( !NT_SUCCESS(st) ) { return st; }
if (KeReadStateThread(&Thread->Tcb)) { BasicInfo.ExitStatus = Thread->ExitStatus; } else { BasicInfo.ExitStatus = STATUS_PENDING; }
BasicInfo.TebBaseAddress = (PTEB) Thread->Tcb.Teb; BasicInfo.ClientId = Thread->Cid; BasicInfo.AffinityMask = Thread->Tcb.Affinity; BasicInfo.Priority = Thread->Tcb.Priority; BasicInfo.BasePriority = KeQueryBasePriorityThread(&Thread->Tcb);
ObDereferenceObject(Thread);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PTHREAD_BASIC_INFORMATION) ThreadInformation = BasicInfo;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(THREAD_BASIC_INFORMATION); } } except (EXCEPTION_EXECUTE_HANDLER) { return STATUS_SUCCESS; }
return STATUS_SUCCESS;
case ThreadTimes:
if ( ThreadInformationLength != (ULONG) sizeof(KERNEL_USER_TIMES) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
SysUserTime.KernelTime.QuadPart = UInt32x32To64(Thread->Tcb.KernelTime, KeMaximumIncrement);
SysUserTime.UserTime.QuadPart = UInt32x32To64(Thread->Tcb.UserTime, KeMaximumIncrement);
SysUserTime.CreateTime.QuadPart = PS_GET_THREAD_CREATE_TIME(Thread); if (KeReadStateThread(&Thread->Tcb)) { SysUserTime.ExitTime = Thread->ExitTime; } else { SysUserTime.ExitTime.QuadPart = 0; } ObDereferenceObject(Thread);
//
// Either of these may cause an access violation. The
// exception handler will return access violation as
// status code. No further cleanup needs to be done.
//
try { *(PKERNEL_USER_TIMES) ThreadInformation = SysUserTime;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(KERNEL_USER_TIMES); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
case ThreadDescriptorTableEntry :
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
st = PspQueryDescriptorThread (Thread, ThreadInformation, ThreadInformationLength, ReturnLength);
ObDereferenceObject(Thread);
return st;
case ThreadQuerySetWin32StartAddress: if ( ThreadInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
Win32StartAddressValue = Thread->Win32StartAddress; ObDereferenceObject(Thread);
try { *(PVOID *) ThreadInformation = Win32StartAddressValue;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG_PTR); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
return st;
//
// Query thread cycle counter.
//
case ThreadPerformanceCount: if ( ThreadInformationLength != sizeof(LARGE_INTEGER) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
#if defined (PERF_DATA)
PerformanceCount.LowPart = Thread->PerformanceCountLow; PerformanceCount.HighPart = Thread->PerformanceCountHigh;#else
PerformanceCount.QuadPart = 0;#endif
ObDereferenceObject(Thread);
try { *(PLARGE_INTEGER)ThreadInformation = PerformanceCount;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(LARGE_INTEGER); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
return st;
case ThreadAmILastThread: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
Process = THREAD_TO_PROCESS (CurrentThread);
if (Process->ActiveThreads == 1) { LastThread = 1; } else { LastThread = 0; }
try { *(PULONG)ThreadInformation = LastThread;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
return STATUS_SUCCESS;
case ThreadPriorityBoost: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
DisableBoost = Thread->Tcb.DisableBoost ? 1 : 0;
ObDereferenceObject(Thread);
try { *(PULONG)ThreadInformation = DisableBoost;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
return st;
case ThreadIsIoPending:
if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle (ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, &Thread, NULL);
if (!NT_SUCCESS (st)) { return st; }
//
// Its impossible to synchronize this cross thread.
// Since the result is worthless the second its fetched
// this isn't a problem.
//
IoPending = !IsListEmpty (&Thread->IrpList);
ObDereferenceObject (Thread);
try { *(PULONG)ThreadInformation = IoPending ;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); } } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
return STATUS_SUCCESS ;
case ThreadBreakOnTermination:
if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_QUERY_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
if (Thread->CrossThreadFlags & PS_CROSS_THREAD_FLAGS_BREAK_ON_TERMINATION) {
BreakOnTerminationEnabled = 1;
} else {
BreakOnTerminationEnabled = 0;
} ObDereferenceObject(Thread);
try {
*(PULONG) ThreadInformation = BreakOnTerminationEnabled;
if (ARGUMENT_PRESENT(ReturnLength) ) { *ReturnLength = sizeof(ULONG); }
} except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
return STATUS_SUCCESS;
default: return STATUS_INVALID_INFO_CLASS; }
}
NTSTATUSNtSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength )
/*++
Routine Description:
This function sets the state of a thread object.
Arguments:
ThreadHandle - Supplies a handle to a thread object.
ThreadInformationClass - Supplies the class of information being set.
ThreadInformation - Supplies a pointer to a record that contains the information to set.
ThreadInformationLength - Supplies the length of the record that contains the information to set.
Return Value:
TBS
--*/
{ PETHREAD Thread; PETHREAD CurrentThread; PEPROCESS Process; KPROCESSOR_MODE PreviousMode; NTSTATUS st; KAFFINITY Affinity, AffinityWithMasks; KPRIORITY Priority; LONG BasePriority; ULONG TlsIndex; PVOID TlsArrayAddress; PVOID Win32StartAddressValue; ULONG ProbeAlignment; BOOLEAN EnableAlignmentFaultFixup; ULONG EnableBreakOnTermination; ULONG IdealProcessor; ULONG DisableBoost; PVOID *ExpansionSlots; HANDLE ImpersonationTokenHandle; BOOLEAN HasPrivilege; PEJOB Job; PTEB Teb;
PAGED_CODE();
//
// Get previous processor mode and probe input argument if necessary.
//
CurrentThread = PsGetCurrentThread ();
PreviousMode = KeGetPreviousModeByThread (&CurrentThread->Tcb);
if (PreviousMode != KernelMode) { try {
switch (ThreadInformationClass) {
case ThreadPriority : ProbeAlignment = sizeof(KPRIORITY); break; case ThreadAffinityMask : case ThreadQuerySetWin32StartAddress : ProbeAlignment = sizeof (ULONG_PTR); break; case ThreadEnableAlignmentFaultFixup : ProbeAlignment = sizeof (BOOLEAN); break; default : ProbeAlignment = sizeof(ULONG); }
ProbeForRead( ThreadInformation, ThreadInformationLength, ProbeAlignment ); } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } }
//
// Check argument validity.
//
switch ( ThreadInformationClass ) {
case ThreadPriority:
if ( ThreadInformationLength != sizeof(KPRIORITY) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { Priority = *(KPRIORITY *)ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
if ( Priority > HIGH_PRIORITY || Priority <= LOW_PRIORITY ) {
return STATUS_INVALID_PARAMETER; }
if ( Priority >= LOW_REALTIME_PRIORITY ) {
//
// Increasing the priority of a thread beyond
// LOW_REALTIME_PRIORITY is a privileged operation.
//
HasPrivilege = SeCheckPrivilegedObject( SeIncreaseBasePriorityPrivilege, ThreadHandle, THREAD_SET_INFORMATION, PreviousMode );
if (!HasPrivilege) { return STATUS_PRIVILEGE_NOT_HELD; } }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
KeSetPriorityThread(&Thread->Tcb,Priority);
ObDereferenceObject(Thread);
return STATUS_SUCCESS;
case ThreadBasePriority:
if (ThreadInformationLength != sizeof (LONG)) { return STATUS_INFO_LENGTH_MISMATCH; }
try { BasePriority = *(PLONG)ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode (); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if (!NT_SUCCESS(st)) { return st; } Process = THREAD_TO_PROCESS(Thread);
if (BasePriority > THREAD_BASE_PRIORITY_MAX || BasePriority < THREAD_BASE_PRIORITY_MIN) { if (BasePriority == THREAD_BASE_PRIORITY_LOWRT+1 || BasePriority == THREAD_BASE_PRIORITY_IDLE-1) { ; } else {
//
// Allow csrss, or realtime processes to select any
// priority
//
if (PsGetCurrentProcessByThread (CurrentThread) == ExpDefaultErrorPortProcess || Process->PriorityClass == PROCESS_PRIORITY_CLASS_REALTIME) { ; } else { ObDereferenceObject(Thread); return STATUS_INVALID_PARAMETER; } } }
//
// If the thread is running within a job object, and the job
// object has a priority class limit, do not allow
// priority adjustments that raise the thread's priority, unless
// the priority class is realtime
//
Job = Process->Job; if (Job != NULL && (Job->LimitFlags & JOB_OBJECT_LIMIT_PRIORITY_CLASS)) { if (Process->PriorityClass != PROCESS_PRIORITY_CLASS_REALTIME){ if (BasePriority > 0) { ObDereferenceObject(Thread); return STATUS_SUCCESS; } } }
KeSetBasePriorityThread(&Thread->Tcb,BasePriority);
ObDereferenceObject(Thread);
return STATUS_SUCCESS;
case ThreadEnableAlignmentFaultFixup:
if ( ThreadInformationLength != sizeof(BOOLEAN) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { EnableAlignmentFaultFixup = *(PBOOLEAN)ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
KeSetAutoAlignmentThread (&(Thread->Tcb), EnableAlignmentFaultFixup);
ObDereferenceObject(Thread);
return STATUS_SUCCESS;
case ThreadAffinityMask:
if ( ThreadInformationLength != sizeof(KAFFINITY) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { Affinity = *(PKAFFINITY)ThreadInformation;
} except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
if (!Affinity) { return STATUS_INVALID_PARAMETER; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
Process = THREAD_TO_PROCESS(Thread);
if (ExAcquireRundownProtection (&Process->RundownProtect)) {
PspLockProcessShared (Process, CurrentThread);
AffinityWithMasks = Affinity & Process->Pcb.Affinity; if (AffinityWithMasks != Affinity) { st = STATUS_INVALID_PARAMETER; } else { KeSetAffinityThread (&Thread->Tcb, AffinityWithMasks); st = STATUS_SUCCESS; }
PspUnlockProcessShared (Process, CurrentThread);
ExReleaseRundownProtection (&Process->RundownProtect); } else { st = STATUS_PROCESS_IS_TERMINATING; }
ObDereferenceObject(Thread);
return st;
case ThreadImpersonationToken:
if ( ThreadInformationLength != sizeof(HANDLE) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { ImpersonationTokenHandle = *(PHANDLE) ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_THREAD_TOKEN, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
//
// Check for proper access to (and type of) the token, and assign
// it as the thread's impersonation token.
//
st = PsAssignImpersonationToken( Thread, ImpersonationTokenHandle );
ObDereferenceObject(Thread);
return st;
case ThreadQuerySetWin32StartAddress: if ( ThreadInformationLength != sizeof(ULONG_PTR) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { Win32StartAddressValue = *(PVOID *) ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
Thread->Win32StartAddress = (PVOID)Win32StartAddressValue; ObDereferenceObject(Thread);
return st;
case ThreadIdealProcessor:
if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { IdealProcessor = *(PULONG)ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
if ( IdealProcessor > MAXIMUM_PROCESSORS ) { return STATUS_INVALID_PARAMETER; }
st = ObReferenceObjectByHandle (ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, &Thread, NULL); if (!NT_SUCCESS (st)) { return st; }
//
// this is sort of a slimey way of returning info from this set only
// api
//
st = (NTSTATUS)KeSetIdealProcessorThread (&Thread->Tcb, (CCHAR)IdealProcessor);
//
// We could be making cross process and/or cross thread references here.
// Acquire rundown protection to make sure the teb can't go away.
//
Teb = Thread->Tcb.Teb; if (Teb != NULL && ExAcquireRundownProtection (&Thread->RundownProtect)) { PEPROCESS TargetProcess; BOOLEAN Attached; KAPC_STATE ApcState;
Attached = FALSE; //
// See if we are crossing process boundaries and if so attach to the target
//
TargetProcess = THREAD_TO_PROCESS (Thread); if (TargetProcess != PsGetCurrentProcessByThread (CurrentThread)) { KeStackAttachProcess (&TargetProcess->Pcb, &ApcState); Attached = TRUE; }
try { Teb->IdealProcessor = Thread->Tcb.IdealProcessor; } except (EXCEPTION_EXECUTE_HANDLER) { }
if (Attached) { KeUnstackDetachProcess (&ApcState); }
ExReleaseRundownProtection (&Thread->RundownProtect);
}
ObDereferenceObject (Thread);
return st;
case ThreadPriorityBoost: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { DisableBoost = *(PULONG)ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
KeSetDisableBoostThread(&Thread->Tcb,DisableBoost ? TRUE : FALSE);
ObDereferenceObject(Thread);
return st;
case ThreadZeroTlsCell: if ( ThreadInformationLength != sizeof(ULONG) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { TlsIndex = *(PULONG) ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
ObDereferenceObject (Thread);
if (Thread != CurrentThread) { return STATUS_INVALID_PARAMETER; } { PTEB Teb;
Process = THREAD_TO_PROCESS (Thread);
// The 32bit TEB needs to be set if this is a WOW64 process on a 64BIT system.
// This code isn't 100% correct since threads have a conversion state where they
// are chaning from 64 to 32 and they don't have a TEB32 yet. Fortunatly, the slots
// will be zero when the thread is created so no damage is done by not clearing it here.
// Note that the test for the process type is inside the inner loop. This
// is bad programming, but this function is hardly time constrained and
// fixing this with complex macros would not be worth it due to the loss of clairity.
for (Thread = PsGetNextProcessThread (Process, NULL); Thread != NULL; Thread = PsGetNextProcessThread (Process, Thread)) {
//
// We are doing cross thread TEB references and need to prevent TEB deletion.
//
if (ExAcquireRundownProtection (&Thread->RundownProtect)) { Teb = Thread->Tcb.Teb; if (Teb != NULL) { try { #if defined(_WIN64)
PTEB32 Teb32 = NULL; PLONG ExpansionSlots32;
if (Process->Wow64Process) { //wow64 process
Teb32 = WOW64_GET_TEB32(Teb); //No probing needed on regular TEB.
} #endif
if ( TlsIndex > TLS_MINIMUM_AVAILABLE-1 ) { if ( TlsIndex < (TLS_MINIMUM_AVAILABLE+TLS_EXPANSION_SLOTS) - 1 ) { //
// This is an expansion slot, so see if the thread
// has an expansion cell
//
#if defined(_WIN64)
if (Process->Wow64Process) { //Wow64 process.
if (Teb32) { ExpansionSlots32 = ULongToPtr(ProbeAndReadUlong(&(Teb32->TlsExpansionSlots))); if (ExpansionSlots32) { ProbeAndWriteLong(ExpansionSlots32 + TlsIndex - TLS_MINIMUM_AVAILABLE, 0); } } } else #endif
{ ExpansionSlots = Teb->TlsExpansionSlots; ProbeForReadSmallStructure (ExpansionSlots, TLS_EXPANSION_SLOTS*4, 8); if ( ExpansionSlots ) { ExpansionSlots[TlsIndex-TLS_MINIMUM_AVAILABLE] = 0; }
} } } else { #if defined(_WIN64)
if (Process->Wow64Process) { //wow64 process
if(Teb32) { ProbeAndWriteUlong(Teb32->TlsSlots + TlsIndex, 0); } } else #endif
{ Teb->TlsSlots[TlsIndex] = NULL; } } } except (EXCEPTION_EXECUTE_HANDLER) { }
} ExReleaseRundownProtection (&Thread->RundownProtect); }
} } return st; break;
case ThreadSetTlsArrayAddress: if ( ThreadInformationLength != sizeof(PVOID) ) { return STATUS_INFO_LENGTH_MISMATCH; }
try { TlsArrayAddress = *(PVOID *)ThreadInformation; } except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if ( !NT_SUCCESS(st) ) { return st; }
Thread->Tcb.TlsArray = TlsArrayAddress;
ObDereferenceObject(Thread);
return st; break;
case ThreadHideFromDebugger: if (ThreadInformationLength != 0) { return STATUS_INFO_LENGTH_MISMATCH; }
st = ObReferenceObjectByHandle (ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, &Thread, NULL);
if (!NT_SUCCESS (st)) { return st; }
PS_SET_BITS (&Thread->CrossThreadFlags, PS_CROSS_THREAD_FLAGS_HIDEFROMDBG);
ObDereferenceObject(Thread);
return st; break;
case ThreadBreakOnTermination:
if (ThreadInformationLength != sizeof (ULONG)) { return STATUS_INFO_LENGTH_MISMATCH; }
try {
EnableBreakOnTermination = *(PULONG)ThreadInformation;
} except (EXCEPTION_EXECUTE_HANDLER) { return GetExceptionCode(); } if (!SeSinglePrivilegeCheck (SeDebugPrivilege, PreviousMode)) { return STATUS_PRIVILEGE_NOT_HELD; }
st = ObReferenceObjectByHandle( ThreadHandle, THREAD_SET_INFORMATION, PsThreadType, PreviousMode, (PVOID *)&Thread, NULL );
if (!NT_SUCCESS (st)) { return st; }
if ( EnableBreakOnTermination ) {
PS_SET_BITS (&Thread->CrossThreadFlags, PS_CROSS_THREAD_FLAGS_BREAK_ON_TERMINATION);
} else {
PS_CLEAR_BITS (&Thread->CrossThreadFlags, PS_CROSS_THREAD_FLAGS_BREAK_ON_TERMINATION);
}
ObDereferenceObject(Thread);
return STATUS_SUCCESS;
default: return STATUS_INVALID_INFO_CLASS; }}
VOIDPsWatchWorkingSet( IN NTSTATUS Status, IN PVOID PcValue, IN PVOID Va )
/*++
Routine Description:
This function collects data about page faults and stores information about the page fault in the current process's data structure.
Arguments:
Status - Supplies the success completion status.
PcValue - Supplies the instruction address that caused the page fault.
Va - Supplies the virtual address that caused the page fault.
--*/
{
PEPROCESS Process; PPAGEFAULT_HISTORY WorkingSetCatcher; KIRQL OldIrql; BOOLEAN TransitionFault = FALSE;
//
// Both transition and demand zero faults count as soft faults. Only disk
// reads count as hard faults.
//
if ( Status <= STATUS_PAGE_FAULT_DEMAND_ZERO ) { TransitionFault = TRUE; }
Process = PsGetCurrentProcess(); WorkingSetCatcher = Process->WorkingSetWatch; if (WorkingSetCatcher == NULL) { return; }
ExAcquireSpinLock(&WorkingSetCatcher->SpinLock,&OldIrql); if (WorkingSetCatcher->CurrentIndex >= WorkingSetCatcher->MaxIndex) { ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); return; }
//
// Store the Pc and Va values in the buffer. Use the least sig. bit
// of the Va to store whether it was a soft or hard fault
//
WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingPc = PcValue; WorkingSetCatcher->WatchInfo[WorkingSetCatcher->CurrentIndex].FaultingVa = TransitionFault ? (PVOID)((ULONG_PTR)Va | 1) : (PVOID)((ULONG_PTR)Va & 0xfffffffe) ; WorkingSetCatcher->CurrentIndex++; ExReleaseSpinLock(&WorkingSetCatcher->SpinLock,OldIrql); return;}
#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg("PAGEDATA")
#endif
PKWIN32_PROCESS_CALLOUT PspW32ProcessCallout = NULL;PKWIN32_THREAD_CALLOUT PspW32ThreadCallout = NULL;PKWIN32_JOB_CALLOUT PspW32JobCallout = NULL;#ifdef ALLOC_DATA_PRAGMA
#pragma data_seg()
#endif
extern PKWIN32_POWEREVENT_CALLOUT PopEventCallout;extern PKWIN32_POWERSTATE_CALLOUT PopStateCallout;
NTKERNELAPIVOIDPsEstablishWin32Callouts( IN PKWIN32_CALLOUTS_FPNS pWin32Callouts )
/*++
Routine Description:
This function is used by the Win32 kernel mode component to register callout functions for process/thread init/deinit functions and to report the sizes of the structures.
Arguments:
ProcessCallout - Supplies the address of the function to be called when a process is either created or deleted.
ThreadCallout - Supplies the address of the function to be called when a thread is either created or deleted.
GlobalAtomTableCallout - Supplies the address of the function to be called to get the correct global atom table for the current process
PowerEventCallout - Supplies the address of a function to be called when a power event occurs.
PowerStateCallout - Supplies the address of a function to be called when the power state changes.
JobCallout - Supplies the address of a function to be called when the job state changes or a process is assigned to a job.
BatchFlushRoutine - Supplies the address of the function to be called
Return Value:
None.
--*/
{ PAGED_CODE();
PspW32ProcessCallout = pWin32Callouts->ProcessCallout; PspW32ThreadCallout = pWin32Callouts->ThreadCallout; ExGlobalAtomTableCallout = pWin32Callouts->GlobalAtomTableCallout; KeGdiFlushUserBatch = (PGDI_BATCHFLUSH_ROUTINE)pWin32Callouts->BatchFlushRoutine; PopEventCallout = pWin32Callouts->PowerEventCallout; PopStateCallout = pWin32Callouts->PowerStateCallout; PspW32JobCallout = pWin32Callouts->JobCallout;// PoSetSystemState(ES_SYSTEM_REQUIRED);
ExDesktopOpenProcedureCallout = pWin32Callouts->DesktopOpenProcedure; ExDesktopOkToCloseProcedureCallout = pWin32Callouts->DesktopOkToCloseProcedure; ExDesktopCloseProcedureCallout = pWin32Callouts->DesktopCloseProcedure; ExDesktopDeleteProcedureCallout = pWin32Callouts->DesktopDeleteProcedure; ExWindowStationOkToCloseProcedureCallout = pWin32Callouts->WindowStationOkToCloseProcedure; ExWindowStationCloseProcedureCallout = pWin32Callouts->WindowStationCloseProcedure; ExWindowStationDeleteProcedureCallout = pWin32Callouts->WindowStationDeleteProcedure; ExWindowStationParseProcedureCallout = pWin32Callouts->WindowStationParseProcedure; ExWindowStationOpenProcedureCallout = pWin32Callouts->WindowStationOpenProcedure;
}
VOIDPsSetProcessPriorityByClass( IN PEPROCESS Process, IN PSPROCESSPRIORITYMODE PriorityMode ){ KPRIORITY BasePriority; UCHAR MemoryPriority; ULONG QuantumIndex; PEJOB Job;
PAGED_CODE();
BasePriority = PspPriorityTable[Process->PriorityClass];
if (PriorityMode == PsProcessPriorityForeground ) { QuantumIndex = PsPrioritySeperation; MemoryPriority = MEMORY_PRIORITY_FOREGROUND; } else { QuantumIndex = 0; MemoryPriority = MEMORY_PRIORITY_BACKGROUND; }
if (Process->PriorityClass != PROCESS_PRIORITY_CLASS_IDLE) { Job = Process->Job; if (Job != NULL && PspUseJobSchedulingClasses ) { Process->Pcb.ThreadQuantum = PspJobSchedulingClasses[Job->SchedulingClass]; } else { Process->Pcb.ThreadQuantum = PspForegroundQuantum[QuantumIndex]; } } else { Process->Pcb.ThreadQuantum = THREAD_QUANTUM; }
KeSetPriorityProcess (&Process->Pcb,BasePriority); if (PriorityMode != PsProcessPrioritySpinning ) { MmSetMemoryPriorityProcess(Process, MemoryPriority); }}
#if defined(_X86_)
#pragma optimize ("y",off)
#endif
NTSTATUSPsConvertToGuiThread( VOID )
/*++
Routine Description:
This function converts a thread to a GUI thread. This involves giving the thread a larger variable sized stack, and allocating appropriate w32 thread and process objects.
Arguments:
None.
Environment:
On x86 this function needs to build an EBP frame. The function KeSwitchKernelStack depends on this fact. The '#pragma optimize ("y",off)' below disables frame pointer omission for all builds.
Return Value:
TBD
--*/
{ PVOID NewStack; PVOID OldStack; PETHREAD Thread; PEPROCESS Process; NTSTATUS Status;
PAGED_CODE();
Thread = PsGetCurrentThread();
if (KeGetPreviousModeByThread(&Thread->Tcb) == KernelMode) { return STATUS_INVALID_PARAMETER; }
if (!PspW32ProcessCallout) { return STATUS_ACCESS_DENIED; }
//
// If the thread is using the shadow service table, then an attempt is
// being made to convert a thread that has already been converted, or
// a limit violation has occured on the Win32k system service table.
//
if (Thread->Tcb.ServiceTable != (PVOID)&KeServiceDescriptorTable[0]) { return STATUS_ALREADY_WIN32; }
Process = PsGetCurrentProcessByThread (Thread);
//
// Get a larger kernel stack if we haven't already.
//
if (!Thread->Tcb.LargeStack) {
NewStack = MmCreateKernelStack(TRUE, Thread->Tcb.InitialNode);
if ( !NewStack ) {
try { NtCurrentTeb()->LastErrorValue = (LONG)ERROR_NOT_ENOUGH_MEMORY; } except (EXCEPTION_EXECUTE_HANDLER) { }
return STATUS_NO_MEMORY; }
#if defined(_IA64_)
OldStack = KeSwitchKernelStack(NewStack, (UCHAR *)NewStack - KERNEL_LARGE_STACK_COMMIT, (UCHAR *)NewStack + KERNEL_LARGE_BSTORE_COMMIT);#else
OldStack = KeSwitchKernelStack(NewStack, (UCHAR *)NewStack - KERNEL_LARGE_STACK_COMMIT);#endif // defined(_IA64_)
MmDeleteKernelStack(OldStack, FALSE);
}
PERFINFO_CONVERT_TO_GUI_THREAD(Thread);
//
// We are all clean on the stack, now call out and then link the Win32 structures
// to the base exec structures
//
Status = (PspW32ProcessCallout) (Process, TRUE);
if (!NT_SUCCESS (Status)) { return Status; }
//
// Switch the thread to use the shadow system serive table which will
// enable it to execute Win32k services.
//
Thread->Tcb.ServiceTable = (PVOID)&KeServiceDescriptorTableShadow[0];
ASSERT (Thread->Tcb.Win32Thread == 0);
//
// Make the thread callout.
//
Status = (PspW32ThreadCallout)(Thread,PsW32ThreadCalloutInitialize); if (!NT_SUCCESS (Status)) { Thread->Tcb.ServiceTable = (PVOID)&KeServiceDescriptorTable[0]; }
return Status;
}
#if defined(_X86_)
#pragma optimize ("y",on)
#endif
|
