projects / reactos.git / blob
? search:


ada581ee870372230b9fd2e51741bc1b79c6e6ba
[reactos.git] / reactos / ntoskrnl / ps / kill.c
1 /*
2 * PROJECT: ReactOS Kernel
3 * LICENSE: GPL - See COPYING in the top level directory
4 * FILE: ntoskrnl/ps/kill.c
5 * PURPOSE: Process Manager: Process and Thread Termination
6 * PROGRAMMERS: Alex Ionescu (alex.ionescu@reactos.org)
7 * Filip Navara (xnavara@reactos.org)
8 * Thomas Weidenmueller (w3seek@reactos.org
9 */
10
11 /* INCLUDES *****************************************************************/
12
13 #include <ntoskrnl.h>
14 #define NDEBUG
15 #include <debug.h>
16
17 /* GLOBALS *******************************************************************/
18
19 LIST_ENTRY PspReaperListHead = { NULL, NULL };
20 WORK_QUEUE_ITEM PspReaperWorkItem;
21 LARGE_INTEGER ShortTime = {{-10 * 100 * 1000, -1}};
22
23 /* PRIVATE FUNCTIONS *********************************************************/
24
25 VOID
26 NTAPI
27 PspCatchCriticalBreak(IN PCHAR Message,
28 IN PVOID ProcessOrThread,
29 IN PCHAR ImageName)
30 {
31 CHAR Action[2];
32 BOOLEAN Handled = FALSE;
33 PAGED_CODE();
34
35 /* Check if a debugger is enabled */
36 if (KdDebuggerEnabled)
37 {
38 /* Print out the message */
39 DbgPrint(Message, ProcessOrThread, ImageName);
40 do
41 {
42 /* If a debugger isn't present, don't prompt */
43 if (KdDebuggerNotPresent) break;
44
45 /* A debuger is active, prompt for action */
46 DbgPrompt("Break, or Ignore (bi)?", Action, sizeof(Action));
47 switch (Action[0])
48 {
49 /* Break */
50 case 'B': case 'b':
51
52 /* Do a breakpoint */
53 DbgBreakPoint();
54
55 /* Ignore */
56 case 'I': case 'i':
57
58 /* Handle it */
59 Handled = TRUE;
60
61 /* Unrecognized */
62 default:
63 break;
64 }
65 } while (!Handled);
66 }
67
68 /* Did we ultimately handle this? */
69 if (!Handled)
70 {
71 /* We didn't, bugcheck */
72 KeBugCheckEx(CRITICAL_OBJECT_TERMINATION,
73 ((PKPROCESS)ProcessOrThread)->Header.Type,
74 (ULONG_PTR)ProcessOrThread,
75 (ULONG_PTR)ImageName,
76 (ULONG_PTR)Message);
77 }
78 }
79
80 NTSTATUS
81 NTAPI
82 PspTerminateProcess(IN PEPROCESS Process,
83 IN NTSTATUS ExitStatus)
84 {
85 PETHREAD Thread;
86 NTSTATUS Status = STATUS_NOTHING_TO_TERMINATE;
87 PAGED_CODE();
88 PSTRACE(PS_KILL_DEBUG,
89 "Process: %p ExitStatus: %p\n", Process, ExitStatus);
90 PSREFTRACE(Process);
91
92 /* Check if this is a Critical Process */
93 if (Process->BreakOnTermination)
94 {
95 /* Break to debugger */
96 PspCatchCriticalBreak("Terminating critical process 0x%p (%s)\n",
97 Process,
98 Process->ImageFileName);
99 }
100
101 /* Set the delete flag */
102 InterlockedOr((PLONG)&Process->Flags, PSF_PROCESS_DELETE_BIT);
103
104 /* Get the first thread */
105 Thread = PsGetNextProcessThread(Process, NULL);
106 while (Thread)
107 {
108 /* Kill it */
109 PspTerminateThreadByPointer(Thread, ExitStatus, FALSE);
110 Thread = PsGetNextProcessThread(Process, Thread);
111
112 /* We had at least one thread, so termination is OK */
113 Status = STATUS_SUCCESS;
114 }
115
116 /* Check if there was nothing to terminate or if we have a debug port */
117 if ((Status == STATUS_NOTHING_TO_TERMINATE) || (Process->DebugPort))
118 {
119 /* Clear the handle table anyway */
120 ObClearProcessHandleTable(Process);
121 }
122
123 /* Return status */
124 return Status;
125 }
126
127 NTSTATUS
128 NTAPI
129 PsTerminateProcess(IN PEPROCESS Process,
130 IN NTSTATUS ExitStatus)
131 {
132 /* Call the internal API */
133 return PspTerminateProcess(Process, ExitStatus);
134 }
135
136 VOID
137 NTAPI
138 PspShutdownProcessManager(VOID)
139 {
140 PEPROCESS Process = NULL;
141
142 /* Loop every process */
143 Process = PsGetNextProcess(Process);
144 while (Process)
145 {
146 /* Make sure this isn't the idle or initial process */
147 if ((Process != PsInitialSystemProcess) && (Process != PsIdleProcess))
148 {
149 /* Kill it */
150 PspTerminateProcess(Process, STATUS_SYSTEM_SHUTDOWN);
151 }
152
153 /* Get the next process */
154 Process = PsGetNextProcess(Process);
155 }
156 }
157
158 VOID
159 NTAPI
160 PspExitApcRundown(IN PKAPC Apc)
161 {
162 PAGED_CODE();
163
164 /* Free the APC */
165 ExFreePool(Apc);
166 }
167
168 VOID
169 NTAPI
170 PspReapRoutine(IN PVOID Context)
171 {
172 PSINGLE_LIST_ENTRY NextEntry;
173 PETHREAD Thread;
174 PSTRACE(PS_KILL_DEBUG, "Context: %p\n", Context);
175
176 /* Start main loop */
177 do
178 {
179 /* Write magic value and return the next entry to process */
180 NextEntry = InterlockedExchangePointer(&PspReaperListHead.Flink,
181 (PVOID)1);
182 ASSERT((NextEntry != NULL) && (NextEntry != (PVOID)1));
183
184 /* Start inner loop */
185 do
186 {
187 /* Get the first Thread Entry */
188 Thread = CONTAINING_RECORD(NextEntry, ETHREAD, ReaperLink);
189
190 /* Delete this entry's kernel stack */
191 MmDeleteKernelStack((PVOID)Thread->Tcb.StackBase,
192 Thread->Tcb.LargeStack);
193 Thread->Tcb.InitialStack = NULL;
194
195 /* Move to the next entry */
196 NextEntry = NextEntry->Next;
197
198 /* Dereference this thread */
199 ObDereferenceObject(Thread);
200 } while ((NextEntry != NULL) && (NextEntry != (PVOID)1));
201
202 /* Remove magic value, keep looping if it got changed */
203 } while (InterlockedCompareExchangePointer(&PspReaperListHead.Flink,
204 0,
205 (PVOID)1) != (PVOID)1);
206 }
207
208 VOID
209 NTAPI
210 PspDeleteProcess(IN PVOID ObjectBody)
211 {
212 PEPROCESS Process = (PEPROCESS)ObjectBody;
213 KAPC_STATE ApcState;
214 PAGED_CODE();
215 PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
216 PSREFTRACE(Process);
217
218 /* Check if it has an Active Process Link */
219 if (Process->ActiveProcessLinks.Flink)
220 {
221 /* Remove it from the Active List */
222 KeAcquireGuardedMutex(&PspActiveProcessMutex);
223 RemoveEntryList(&Process->ActiveProcessLinks);
224 KeReleaseGuardedMutex(&PspActiveProcessMutex);
225 }
226
227 /* Check for Auditing information */
228 if (Process->SeAuditProcessCreationInfo.ImageFileName)
229 {
230 /* Free it */
231 ExFreePool(Process->SeAuditProcessCreationInfo.ImageFileName);
232 Process->SeAuditProcessCreationInfo.ImageFileName = NULL;
233 }
234
235 /* Check if we have a job */
236 if (Process->Job)
237 {
238 /* Remove the process from the job */
239 PspRemoveProcessFromJob(Process, Process->Job);
240
241 /* Dereference it */
242 ObDereferenceObject(Process->Job);
243 Process->Job = NULL;
244 }
245
246 /* Increase the stack count */
247 Process->Pcb.StackCount++;
248
249 /* Check if we have a debug port */
250 if (Process->DebugPort)
251 {
252 /* Deference the Debug Port */
253 ObDereferenceObject(Process->DebugPort);
254 Process->DebugPort = NULL;
255 }
256
257 /* Check if we have an exception port */
258 if (Process->ExceptionPort)
259 {
260 /* Deference the Exception Port */
261 ObDereferenceObject(Process->ExceptionPort);
262 Process->ExceptionPort = NULL;
263 }
264
265 /* Check if we have a section object */
266 if (Process->SectionObject)
267 {
268 /* Deference the Section Object */
269 ObDereferenceObject(Process->SectionObject);
270 Process->SectionObject = NULL;
271 }
272
273 #if defined(_X86_)
274 /* Clean Ldt and Vdm objects */
275 PspDeleteLdt(Process);
276 PspDeleteVdmObjects(Process);
277 #endif
278
279 /* Delete the Object Table */
280 if (Process->ObjectTable)
281 {
282 /* Attach to the process */
283 KeStackAttachProcess(&Process->Pcb, &ApcState);
284
285 /* Kill the Object Info */
286 ObKillProcess(Process);
287
288 /* Detach */
289 KeUnstackDetachProcess(&ApcState);
290 }
291
292 /* Check if we have an address space, and clean it */
293 if (Process->HasAddressSpace)
294 {
295 /* Attach to the process */
296 KeStackAttachProcess(&Process->Pcb, &ApcState);
297
298 /* Clean the Address Space */
299 PspExitProcess(FALSE, Process);
300
301 /* Detach */
302 KeUnstackDetachProcess(&ApcState);
303
304 /* Completely delete the Address Space */
305 MmDeleteProcessAddressSpace(Process);
306 }
307
308 /* See if we have a PID */
309 if (Process->UniqueProcessId)
310 {
311 /* Delete the PID */
312 if (!(ExDestroyHandle(PspCidTable, Process->UniqueProcessId, NULL)))
313 {
314 /* Something wrong happened, bugcheck */
315 KeBugCheck(CID_HANDLE_DELETION);
316 }
317 }
318
319 /* Cleanup security information */
320 PspDeleteProcessSecurity(Process);
321
322 /* Check if we have kept information on the Working Set */
323 if (Process->WorkingSetWatch)
324 {
325 /* Free it */
326 ExFreePool(Process->WorkingSetWatch);
327
328 /* And return the quota it was taking up */
329 PsReturnProcessNonPagedPoolQuota(Process, 0x2000);
330 }
331
332 /* Dereference the Device Map */
333 ObDereferenceDeviceMap(Process);
334
335 /* Destroy the Quota Block */
336 PspDestroyQuotaBlock(Process);
337 }
338
339 VOID
340 NTAPI
341 PspDeleteThread(IN PVOID ObjectBody)
342 {
343 PETHREAD Thread = (PETHREAD)ObjectBody;
344 PEPROCESS Process = Thread->ThreadsProcess;
345 PAGED_CODE();
346 PSTRACE(PS_KILL_DEBUG, "ObjectBody: %p\n", ObjectBody);
347 PSREFTRACE(Thread);
348 ASSERT(Thread->Tcb.Win32Thread == NULL);
349
350 /* Check if we have a stack */
351 if (Thread->Tcb.InitialStack)
352 {
353 /* Release it */
354 MmDeleteKernelStack((PVOID)Thread->Tcb.StackBase,
355 Thread->Tcb.LargeStack);
356 }
357
358 /* Check if we have a CID Handle */
359 if (Thread->Cid.UniqueThread)
360 {
361 /* Delete the CID Handle */
362 if (!(ExDestroyHandle(PspCidTable, Thread->Cid.UniqueThread, NULL)))
363 {
364 /* Something wrong happened, bugcheck */
365 KeBugCheck(CID_HANDLE_DELETION);
366 }
367 }
368
369 /* Cleanup impersionation information */
370 PspDeleteThreadSecurity(Thread);
371
372 /* Make sure the thread was inserted, before continuing */
373 if (!Process) return;
374
375 /* Check if the thread list is valid */
376 if (Thread->ThreadListEntry.Flink)
377 {
378 /* Lock the thread's process */
379 KeEnterCriticalRegion();
380 ExAcquirePushLockExclusive(&Process->ProcessLock);
381
382 /* Remove us from the list */
383 RemoveEntryList(&Thread->ThreadListEntry);
384
385 /* Release the lock */
386 ExReleasePushLockExclusive(&Process->ProcessLock);
387 KeLeaveCriticalRegion();
388 }
389
390 /* Dereference the Process */
391 ObDereferenceObject(Process);
392 }
393
394 /*
395 * FUNCTION: Terminates the current thread
396 * See "Windows Internals" - Chapter 13, Page 50-53
397 */
398 VOID
399 NTAPI
400 PspExitThread(IN NTSTATUS ExitStatus)
401 {
402 CLIENT_DIED_MSG TerminationMsg;
403 NTSTATUS Status;
404 PTEB Teb;
405 PEPROCESS CurrentProcess;
406 PETHREAD Thread, OtherThread, PreviousThread = NULL;
407 PVOID DeallocationStack;
408 SIZE_T Dummy;
409 BOOLEAN Last = FALSE;
410 PTERMINATION_PORT TerminationPort, NextPort;
411 PLIST_ENTRY FirstEntry, CurrentEntry;
412 PKAPC Apc;
413 PTOKEN PrimaryToken;
414 PAGED_CODE();
415 PSTRACE(PS_KILL_DEBUG, "ExitStatus: %p\n", ExitStatus);
416
417 /* Get the Current Thread and Process */
418 Thread = PsGetCurrentThread();
419 CurrentProcess = Thread->ThreadsProcess;
420 ASSERT((Thread) == PsGetCurrentThread());
421
422 /* Can't terminate a thread if it attached another process */
423 if (KeIsAttachedProcess())
424 {
425 /* Bugcheck */
426 KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
427 (ULONG_PTR)CurrentProcess,
428 (ULONG_PTR)Thread->Tcb.ApcState.Process,
429 (ULONG_PTR)Thread->Tcb.ApcStateIndex,
430 (ULONG_PTR)Thread);
431 }
432
433 /* Lower to Passive Level */
434 KeLowerIrql(PASSIVE_LEVEL);
435
436 /* Can't be a worker thread */
437 if (Thread->ActiveExWorker)
438 {
439 /* Bugcheck */
440 KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
441 (ULONG_PTR)Thread,
442 0,
443 0,
444 0);
445 }
446
447 /* Can't have pending APCs */
448 if (Thread->Tcb.CombinedApcDisable != 0)
449 {
450 /* Bugcheck */
451 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
452 0,
453 Thread->Tcb.CombinedApcDisable,
454 0,
455 1);
456 }
457
458 /* Lock the thread */
459 ExWaitForRundownProtectionRelease(&Thread->RundownProtect);
460
461 /* Cleanup the power state */
462 PopCleanupPowerState((PPOWER_STATE)&Thread->Tcb.PowerState);
463
464 /* Call the WMI Callback for Threads */
465 //WmiTraceThread(Thread, NULL, FALSE);
466
467 /* Run Thread Notify Routines before we desintegrate the thread */
468 PspRunCreateThreadNotifyRoutines(Thread, FALSE);
469
470 /* Lock the Process before we modify its thread entries */
471 KeEnterCriticalRegion();
472 ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
473
474 /* Decrease the active thread count, and check if it's 0 */
475 if (!(--CurrentProcess->ActiveThreads))
476 {
477 /* Set the delete flag */
478 InterlockedOr((PLONG)&CurrentProcess->Flags, PSF_PROCESS_DELETE_BIT);
479
480 /* Remember we are last */
481 Last = TRUE;
482
483 /* Check if this termination is due to the thread dying */
484 if (ExitStatus == STATUS_THREAD_IS_TERMINATING)
485 {
486 /* Check if the last thread was pending */
487 if (CurrentProcess->ExitStatus == STATUS_PENDING)
488 {
489 /* Use the last exit status */
490 CurrentProcess->ExitStatus = CurrentProcess->
491 LastThreadExitStatus;
492 }
493 }
494 else
495 {
496 /* Just a normal exit, write the code */
497 CurrentProcess->ExitStatus = ExitStatus;
498 }
499
500 /* Loop all the current threads */
501 FirstEntry = &CurrentProcess->ThreadListHead;
502 CurrentEntry = FirstEntry->Flink;
503 while (FirstEntry != CurrentEntry)
504 {
505 /* Get the thread on the list */
506 OtherThread = CONTAINING_RECORD(CurrentEntry,
507 ETHREAD,
508 ThreadListEntry);
509
510 /* Check if it's a thread that's still alive */
511 if ((OtherThread != Thread) &&
512 !(KeReadStateThread(&OtherThread->Tcb)) &&
513 (ObReferenceObjectSafe(OtherThread)))
514 {
515 /* It's a live thread and we referenced it, unlock process */
516 ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
517 KeLeaveCriticalRegion();
518
519 /* Wait on the thread */
520 KeWaitForSingleObject(OtherThread,
521 Executive,
522 KernelMode,
523 FALSE,
524 NULL);
525
526 /* Check if we had a previous thread to dereference */
527 if (PreviousThread) ObDereferenceObject(PreviousThread);
528
529 /* Remember the thread and re-lock the process */
530 PreviousThread = OtherThread;
531 KeEnterCriticalRegion();
532 ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
533 }
534
535 /* Go to the next thread */
536 CurrentEntry = CurrentEntry->Flink;
537 }
538 }
539 else if (ExitStatus != STATUS_THREAD_IS_TERMINATING)
540 {
541 /* Write down the exit status of the last thread to get killed */
542 CurrentProcess->LastThreadExitStatus = ExitStatus;
543 }
544
545 /* Unlock the Process */
546 ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
547 KeLeaveCriticalRegion();
548
549 /* Check if we had a previous thread to dereference */
550 if (PreviousThread) ObDereferenceObject(PreviousThread);
551
552 /* Check if the process has a debug port and if this is a user thread */
553 if ((CurrentProcess->DebugPort) && !(Thread->SystemThread))
554 {
555 /* Notify the Debug API. */
556 Last ? DbgkExitProcess(CurrentProcess->ExitStatus) :
557 DbgkExitThread(ExitStatus);
558 }
559
560 /* Check if this is a Critical Thread */
561 if ((KdDebuggerEnabled) && (Thread->BreakOnTermination))
562 {
563 /* Break to debugger */
564 PspCatchCriticalBreak("Critical thread 0x%p (in %s) exited\n",
565 Thread,
566 CurrentProcess->ImageFileName);
567 }
568
569 /* Check if it's the last thread and this is a Critical Process */
570 if ((Last) && (CurrentProcess->BreakOnTermination))
571 {
572 /* Check if a debugger is here to handle this */
573 if (KdDebuggerEnabled)
574 {
575 /* Break to debugger */
576 PspCatchCriticalBreak("Critical process 0x%p (in %s) exited\n",
577 CurrentProcess,
578 CurrentProcess->ImageFileName);
579 }
580 else
581 {
582 /* Bugcheck, we can't allow this */
583 KeBugCheckEx(CRITICAL_PROCESS_DIED,
584 (ULONG_PTR)CurrentProcess,
585 0,
586 0,
587 0);
588 }
589 }
590
591 /* Sanity check */
592 ASSERT(Thread->Tcb.CombinedApcDisable == 0);
593
594 /* Process the Termination Ports */
595 TerminationPort = Thread->TerminationPort;
596 if (TerminationPort)
597 {
598 /* Setup the message header */
599 TerminationMsg.h.u2.ZeroInit = 0;
600 TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
601 TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
602 TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
603 sizeof(PORT_MESSAGE);
604
605 /* Loop each port */
606 do
607 {
608 /* Save the Create Time */
609 TerminationMsg.CreateTime = Thread->CreateTime;
610
611 /* Loop trying to send message */
612 while (TRUE)
613 {
614 /* Send the LPC Message */
615 Status = LpcRequestPort(TerminationPort->Port,
616 &TerminationMsg.h);
617 if ((Status == STATUS_NO_MEMORY) ||
618 (Status == STATUS_INSUFFICIENT_RESOURCES))
619 {
620 /* Wait a bit and try again */
621 KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
622 continue;
623 }
624 break;
625 }
626
627 /* Dereference this LPC Port */
628 ObDereferenceObject(TerminationPort->Port);
629
630 /* Move to the next one */
631 NextPort = TerminationPort->Next;
632
633 /* Free the Termination Port Object */
634 ExFreePool(TerminationPort);
635
636 /* Keep looping as long as there is a port */
637 TerminationPort = NextPort;
638 } while (TerminationPort);
639 }
640 else if (((ExitStatus == STATUS_THREAD_IS_TERMINATING) &&
641 (Thread->DeadThread)) ||
642 !(Thread->DeadThread))
643 {
644 /*
645 * This case is special and deserves some extra comments. What
646 * basically happens here is that this thread doesn't have a termination
647 * port, which means that it died before being fully created. Since we
648 * still have to notify an LPC Server, we'll use the exception port,
649 * which we know exists. However, we need to know how far the thread
650 * actually got created. We have three possibilites:
651 *
652 * - NtCreateThread returned an error really early: DeadThread is set.
653 * - NtCreateThread managed to create the thread: DeadThread is off.
654 * - NtCreateThread was creating the thread (with Deadthread set,
655 * but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
656 * is our exit code.)
657 *
658 * For the 2 & 3rd scenarios, the thread has been created far enough to
659 * warrant notification to the LPC Server.
660 */
661
662 /* Setup the message header */
663 TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
664 TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
665 TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
666 sizeof(PORT_MESSAGE);
667
668 /* Make sure the process has an exception port */
669 if (CurrentProcess->ExceptionPort)
670 {
671 /* Save the Create Time */
672 TerminationMsg.CreateTime = Thread->CreateTime;
673
674 /* Loop trying to send message */
675 while (TRUE)
676 {
677 /* Send the LPC Message */
678 Status = LpcRequestPort(CurrentProcess->ExceptionPort,
679 &TerminationMsg.h);
680 if ((Status == STATUS_NO_MEMORY) ||
681 (Status == STATUS_INSUFFICIENT_RESOURCES))
682 {
683 /* Wait a bit and try again */
684 KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
685 continue;
686 }
687 break;
688 }
689 }
690 }
691
692 /* Rundown Win32 Thread if there is one */
693 if (Thread->Tcb.Win32Thread) PspW32ThreadCallout(Thread,
694 PsW32ThreadCalloutExit);
695
696 /* If we are the last thread and have a W32 Process */
697 if ((Last) && (CurrentProcess->Win32Process))
698 {
699 /* Run it down too */
700 PspW32ProcessCallout(CurrentProcess, FALSE);
701 }
702
703 /* Make sure Stack Swap is enabled */
704 if (!Thread->Tcb.EnableStackSwap)
705 {
706 /* Stack swap really shouldn't be disabled during exit! */
707 KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
708 }
709
710 /* Cancel I/O for the thread. */
711 IoCancelThreadIo(Thread);
712
713 /* Rundown Timers */
714 ExTimerRundown();
715
716 /* FIXME: Rundown Registry Notifications (NtChangeNotify)
717 CmNotifyRunDown(Thread); */
718
719 /* Rundown Mutexes */
720 KeRundownThread();
721
722 /* Check if we have a TEB */
723 Teb = Thread->Tcb.Teb;
724 if (Teb)
725 {
726 /* Check if the thread is still alive */
727 if (!Thread->DeadThread)
728 {
729 /* Check if we need to free its stack */
730 if (Teb->FreeStackOnTermination)
731 {
732 /* Set the TEB's Deallocation Stack as the Base Address */
733 Dummy = 0;
734 DeallocationStack = Teb->DeallocationStack;
735
736 /* Free the Thread's Stack */
737 ZwFreeVirtualMemory(NtCurrentProcess(),
738 &DeallocationStack,
739 &Dummy,
740 MEM_RELEASE);
741 }
742
743 /* Free the debug handle */
744 if (Teb->DbgSsReserved[1]) ObCloseHandle(Teb->DbgSsReserved[1],
745 UserMode);
746 }
747
748 /* Decommit the TEB */
749 MmDeleteTeb(CurrentProcess, Teb);
750 Thread->Tcb.Teb = NULL;
751 }
752
753 /* Free LPC Data */
754 LpcExitThread(Thread);
755
756 /* Save the exit status and exit time */
757 Thread->ExitStatus = ExitStatus;
758 KeQuerySystemTime(&Thread->ExitTime);
759
760 /* Sanity check */
761 ASSERT(Thread->Tcb.CombinedApcDisable == 0);
762
763 /* Check if this is the final thread or not */
764 if (Last)
765 {
766 /* Set the process exit time */
767 CurrentProcess->ExitTime = Thread->ExitTime;
768
769 /* Exit the process */
770 PspExitProcess(TRUE, CurrentProcess);
771
772 /* Get the process token and check if we need to audit */
773 PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
774 if (SeDetailedAuditingWithToken(PrimaryToken))
775 {
776 /* Audit the exit */
777 SeAuditProcessExit(CurrentProcess);
778 }
779
780 /* Dereference the process token */
781 ObFastDereferenceObject(&CurrentProcess->Token, PrimaryToken);
782
783 /* Check if this is a VDM Process and rundown the VDM DPCs if so */
784 if (CurrentProcess->VdmObjects) { /* VdmRundownDpcs(CurrentProcess); */ }
785
786 /* Kill the process in the Object Manager */
787 ObKillProcess(CurrentProcess);
788
789 /* Check if we have a section object */
790 if (CurrentProcess->SectionObject)
791 {
792 /* Dereference and clear the Section Object */
793 ObDereferenceObject(CurrentProcess->SectionObject);
794 CurrentProcess->SectionObject = NULL;
795 }
796
797 /* Check if the process is part of a job */
798 if (CurrentProcess->Job)
799 {
800 /* Remove the process from the job */
801 PspExitProcessFromJob(CurrentProcess->Job, CurrentProcess);
802 }
803 }
804
805 /* Disable APCs */
806 KeEnterCriticalRegion();
807
808 /* Disable APC queueing, force a resumption */
809 Thread->Tcb.ApcQueueable = FALSE;
810 KeForceResumeThread(&Thread->Tcb);
811
812 /* Re-enable APCs */
813 KeLeaveCriticalRegion();
814
815 /* Flush the User APCs */
816 FirstEntry = KeFlushQueueApc(&Thread->Tcb, UserMode);
817 if (FirstEntry)
818 {
819 /* Start with the first entry */
820 CurrentEntry = FirstEntry;
821 do
822 {
823 /* Get the APC */
824 Apc = CONTAINING_RECORD(CurrentEntry, KAPC, ApcListEntry);
825
826 /* Move to the next one */
827 CurrentEntry = CurrentEntry->Flink;
828
829 /* Rundown the APC or de-allocate it */
830 if (Apc->RundownRoutine)
831 {
832 /* Call its own routine */
833 Apc->RundownRoutine(Apc);
834 }
835 else
836 {
837 /* Do it ourselves */
838 ExFreePool(Apc);
839 }
840 }
841 while (CurrentEntry != FirstEntry);
842 }
843
844 /* Clean address space if this was the last thread */
845 if (Last) MmCleanProcessAddressSpace(CurrentProcess);
846
847 /* Call the Lego routine */
848 if (Thread->Tcb.LegoData) PspRunLegoRoutine(&Thread->Tcb);
849
850 /* Flush the APC queue, which should be empty */
851 FirstEntry = KeFlushQueueApc(&Thread->Tcb, KernelMode);
852 if ((FirstEntry) || (Thread->Tcb.CombinedApcDisable != 0))
853 {
854 /* Bugcheck time */
855 KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
856 (ULONG_PTR)FirstEntry,
857 Thread->Tcb.CombinedApcDisable,
858 KeGetCurrentIrql(),
859 0);
860 }
861
862 /* Signal the process if this was the last thread */
863 if (Last) KeSetProcess(&CurrentProcess->Pcb, 0, FALSE);
864
865 /* Terminate the Thread from the Scheduler */
866 KeTerminateThread(0);
867 }
868
869 VOID
870 NTAPI
871 PsExitSpecialApc(IN PKAPC Apc,
872 IN OUT PKNORMAL_ROUTINE* NormalRoutine,
873 IN OUT PVOID* NormalContext,
874 IN OUT PVOID* SystemArgument1,
875 IN OUT PVOID* SystemArgument2)
876 {
877 NTSTATUS Status;
878 PAGED_CODE();
879 PSTRACE(PS_KILL_DEBUG,
880 "Apc: %p SystemArgument2: %p \n", Apc, SystemArgument2);
881
882 /* Don't do anything unless we are in User-Mode */
883 if (Apc->SystemArgument2)
884 {
885 /* Free the APC */
886 Status = (NTSTATUS)Apc->NormalContext;
887 PspExitApcRundown(Apc);
888
889 /* Terminate the Thread */
890 PspExitThread(Status);
891 }
892 }
893
894 VOID
895 NTAPI
896 PspExitNormalApc(IN PVOID NormalContext,
897 IN PVOID SystemArgument1,
898 IN PVOID SystemArgument2)
899 {
900 PKAPC Apc = (PKAPC)SystemArgument1;
901 PETHREAD Thread = PsGetCurrentThread();
902 PAGED_CODE();
903 PSTRACE(PS_KILL_DEBUG, "SystemArgument2: %p \n", SystemArgument2);
904
905 /* This should never happen */
906 ASSERT(!(((ULONG_PTR)SystemArgument2) & 1));
907
908 /* If we're here, this is not a System Thread, so kill it from User-Mode */
909 KeInitializeApc(Apc,
910 &Thread->Tcb,
911 OriginalApcEnvironment,
912 PsExitSpecialApc,
913 PspExitApcRundown,
914 PspExitNormalApc,
915 UserMode,
916 NormalContext);
917
918 /* Now insert the APC with the User-Mode Flag */
919 if (!(KeInsertQueueApc(Apc,
920 Apc,
921 (PVOID)((ULONG_PTR)SystemArgument2 | 1),
922 2)))
923 {
924 /* Failed to insert, free the APC */
925 PspExitApcRundown(Apc);
926 }
927
928 /* Set the APC Pending flag */
929 Thread->Tcb.ApcState.UserApcPending = TRUE;
930 }
931
932 /*
933 * See "Windows Internals" - Chapter 13, Page 49
934 */
935 NTSTATUS
936 NTAPI
937 PspTerminateThreadByPointer(IN PETHREAD Thread,
938 IN NTSTATUS ExitStatus,
939 IN BOOLEAN bSelf)
940 {
941 PKAPC Apc;
942 NTSTATUS Status = STATUS_SUCCESS;
943 ULONG Flags;
944 PAGED_CODE();
945 PSTRACE(PS_KILL_DEBUG, "Thread: %p ExitStatus: %p\n", Thread, ExitStatus);
946 PSREFTRACE(Thread);
947
948 /* Check if this is a Critical Thread, and Bugcheck */
949 if (Thread->BreakOnTermination)
950 {
951 /* Break to debugger */
952 PspCatchCriticalBreak("Terminating critical thread 0x%p (%s)\n",
953 Thread,
954 Thread->ThreadsProcess->ImageFileName);
955 }
956
957 /* Check if we are already inside the thread */
958 if ((bSelf) || (PsGetCurrentThread() == Thread))
959 {
960 /* This should only happen at passive */
961 ASSERT_IRQL_EQUAL(PASSIVE_LEVEL);
962
963 /* Mark it as terminated */
964 PspSetCrossThreadFlag(Thread, CT_TERMINATED_BIT);
965
966 /* Directly terminate the thread */
967 PspExitThread(ExitStatus);
968 }
969
970 /* This shouldn't be a system thread */
971 if (Thread->SystemThread) return STATUS_ACCESS_DENIED;
972
973 /* Allocate the APC */
974 Apc = ExAllocatePoolWithTag(NonPagedPool, sizeof(KAPC), TAG_TERMINATE_APC);
975 if (!Apc) return STATUS_INSUFFICIENT_RESOURCES;
976
977 /* Set the Terminated Flag */
978 Flags = Thread->CrossThreadFlags | CT_TERMINATED_BIT;
979
980 /* Set it, and check if it was already set while we were running */
981 if (!(InterlockedExchange((PLONG)&Thread->CrossThreadFlags, Flags) &
982 CT_TERMINATED_BIT))
983 {
984 /* Initialize a Kernel Mode APC to Kill the Thread */
985 KeInitializeApc(Apc,
986 &Thread->Tcb,
987 OriginalApcEnvironment,
988 PsExitSpecialApc,
989 PspExitApcRundown,
990 PspExitNormalApc,
991 KernelMode,
992 (PVOID)ExitStatus);
993
994 /* Insert it into the APC Queue */
995 if (!KeInsertQueueApc(Apc, Apc, NULL, 2))
996 {
997 /* The APC was already in the queue, fail */
998 Status = STATUS_UNSUCCESSFUL;
999 }
1000 else
1001 {
1002 /* Forcefully resume the thread and return */
1003 KeForceResumeThread(&Thread->Tcb);
1004 return Status;
1005 }
1006 }
1007
1008 /* We failed, free the APC */
1009 ExFreePool(Apc);
1010
1011 /* Return Status */
1012 return Status;
1013 }
1014
1015 BOOLEAN
1016 NTAPI
1017 PspIsProcessExiting(IN PEPROCESS Process)
1018 {
1019 return Process->Flags & PSF_PROCESS_EXITING_BIT;
1020 }
1021
1022 VOID
1023 NTAPI
1024 PspExitProcess(IN BOOLEAN LastThread,
1025 IN PEPROCESS Process)
1026 {
1027 ULONG Actual;
1028 PAGED_CODE();
1029 PSTRACE(PS_KILL_DEBUG,
1030 "LastThread: %p Process: %p\n", LastThread, Process);
1031 PSREFTRACE(Process);
1032
1033 /* Set Process Exit flag */
1034 InterlockedOr((PLONG)&Process->Flags, PSF_PROCESS_EXITING_BIT);
1035
1036 /* Check if we are the last thread */
1037 if (LastThread)
1038 {
1039 /* Notify the WMI Process Callback */
1040 //WmiTraceProcess(Process, FALSE);
1041
1042 /* Run the Notification Routines */
1043 PspRunCreateProcessNotifyRoutines(Process, FALSE);
1044 }
1045
1046 /* Cleanup the power state */
1047 PopCleanupPowerState((PPOWER_STATE)&Process->Pcb.PowerState);
1048
1049 /* Clear the security port */
1050 if (!Process->SecurityPort)
1051 {
1052 /* So we don't double-dereference */
1053 Process->SecurityPort = (PVOID)1;
1054 }
1055 else if (Process->SecurityPort != (PVOID)1)
1056 {
1057 /* Dereference it */
1058 ObDereferenceObject(Process->SecurityPort);
1059 Process->SecurityPort = (PVOID)1;
1060 }
1061
1062 /* Check if we are the last thread */
1063 if (LastThread)
1064 {
1065 /* Check if we have to set the Timer Resolution */
1066 if (Process->SetTimerResolution)
1067 {
1068 /* Set it to default */
1069 ZwSetTimerResolution(KeMaximumIncrement, 0, &Actual);
1070 }
1071
1072 /* Check if we are part of a Job that has a completion port */
1073 if ((Process->Job) && (Process->Job->CompletionPort))
1074 {
1075 /* FIXME: Check job status code and do I/O completion if needed */
1076 }
1077
1078 /* FIXME: Notify the Prefetcher */
1079 }
1080 else
1081 {
1082 /* Clear process' address space here */
1083 MmCleanProcessAddressSpace(Process);
1084 }
1085 }
1086
1087 /* PUBLIC FUNCTIONS **********************************************************/
1088
1089 /*
1090 * @implemented
1091 */
1092 NTSTATUS
1093 NTAPI
1094 PsTerminateSystemThread(IN NTSTATUS ExitStatus)
1095 {
1096 PETHREAD Thread = PsGetCurrentThread();
1097
1098 /* Make sure this is a system thread */
1099 if (!Thread->SystemThread) return STATUS_INVALID_PARAMETER;
1100
1101 /* Terminate it for real */
1102 return PspTerminateThreadByPointer(Thread, ExitStatus, TRUE);
1103 }
1104
1105 /*
1106 * @implemented
1107 */
1108 NTSTATUS
1109 NTAPI
1110 NtTerminateProcess(IN HANDLE ProcessHandle OPTIONAL,
1111 IN NTSTATUS ExitStatus)
1112 {
1113 NTSTATUS Status;
1114 PEPROCESS Process, CurrentProcess = PsGetCurrentProcess();
1115 PETHREAD Thread, CurrentThread = PsGetCurrentThread();
1116 BOOLEAN KillByHandle;
1117 PAGED_CODE();
1118 PSTRACE(PS_KILL_DEBUG,
1119 "ProcessHandle: %p ExitStatus: %p\n", ProcessHandle, ExitStatus);
1120
1121 /* Were we passed a process handle? */
1122 if (ProcessHandle)
1123 {
1124 /* Yes we were, use it */
1125 KillByHandle = TRUE;
1126 }
1127 else
1128 {
1129 /* We weren't... we assume this is suicide */
1130 KillByHandle = FALSE;
1131 ProcessHandle = NtCurrentProcess();
1132 }
1133
1134 /* Get the Process Object */
1135 Status = ObReferenceObjectByHandle(ProcessHandle,
1136 PROCESS_TERMINATE,
1137 PsProcessType,
1138 KeGetPreviousMode(),
1139 (PVOID*)&Process,
1140 NULL);
1141 if (!NT_SUCCESS(Status)) return(Status);
1142
1143 /* Check if this is a Critical Process, and Bugcheck */
1144 if (Process->BreakOnTermination)
1145 {
1146 /* Break to debugger */
1147 PspCatchCriticalBreak("Terminating critical process 0x%p (%s)\n",
1148 Process,
1149 Process->ImageFileName);
1150 }
1151
1152 /* Lock the Process */
1153 if (!ExAcquireRundownProtection(&Process->RundownProtect))
1154 {
1155 /* Failed to lock, fail */
1156 ObDereferenceObject (Process);
1157 return STATUS_PROCESS_IS_TERMINATING;
1158 }
1159
1160 /* Set the delete flag, unless the process is comitting suicide */
1161 if (KillByHandle) PspSetProcessFlag(Process, PSF_PROCESS_DELETE_BIT);
1162
1163 /* Get the first thread */
1164 Status = STATUS_NOTHING_TO_TERMINATE;
1165 Thread = PsGetNextProcessThread(Process, NULL);
1166 if (Thread)
1167 {
1168 /* We know we have at least a thread */
1169 Status = STATUS_SUCCESS;
1170
1171 /* Loop and kill the others */
1172 do
1173 {
1174 /* Ensure it's not ours*/
1175 if (Thread != CurrentThread)
1176 {
1177 /* Kill it */
1178 PspTerminateThreadByPointer(Thread, ExitStatus, FALSE);
1179 }
1180
1181 /* Move to the next thread */
1182 Thread = PsGetNextProcessThread(Process, Thread);
1183 } while (Thread);
1184 }
1185
1186 /* Unlock the process */
1187 ExReleaseRundownProtection(&Process->RundownProtect);
1188
1189 /* Check if we are killing ourselves */
1190 if (Process == CurrentProcess)
1191 {
1192 /* Also make sure the caller gave us our handle */
1193 if (KillByHandle)
1194 {
1195 /* Dereference the process */
1196 ObDereferenceObject(Process);
1197
1198 /* Terminate ourselves */
1199 PspTerminateThreadByPointer(CurrentThread, ExitStatus, TRUE);
1200 }
1201 }
1202 else if (ExitStatus == DBG_TERMINATE_PROCESS)
1203 {
1204 /* Disable debugging on this process */
1205 DbgkClearProcessDebugObject(Process, NULL);
1206 }
1207
1208 /* Check if there was nothing to terminate, or if we have a Debug Port */
1209 if ((Status == STATUS_NOTHING_TO_TERMINATE) ||
1210 ((Process->DebugPort) && (KillByHandle)))
1211 {
1212 /* Clear the handle table */
1213 ObClearProcessHandleTable(Process);
1214
1215 /* Return status now */
1216 Status = STATUS_SUCCESS;
1217 }
1218
1219 /* Decrease the reference count we added */
1220 ObDereferenceObject(Process);
1221
1222 /* Return status */
1223 return Status;
1224 }
1225
1226 NTSTATUS
1227 NTAPI
1228 NtTerminateThread(IN HANDLE ThreadHandle,
1229 IN NTSTATUS ExitStatus)
1230 {
1231 PETHREAD Thread;
1232 PETHREAD CurrentThread = PsGetCurrentThread();
1233 NTSTATUS Status;
1234 PAGED_CODE();
1235 PSTRACE(PS_KILL_DEBUG,
1236 "ThreadHandle: %p ExitStatus: %p\n", ThreadHandle, ExitStatus);
1237
1238 /* Handle the special NULL case */
1239 if (!ThreadHandle)
1240 {
1241 /* Check if we're the only thread left */
1242 if (PsGetCurrentProcess()->ActiveThreads == 1)
1243 {
1244 /* This is invalid */
1245 return STATUS_CANT_TERMINATE_SELF;
1246 }
1247
1248 /* Terminate us directly */
1249 goto TerminateSelf;
1250 }
1251 else if (ThreadHandle == NtCurrentThread())
1252 {
1253 TerminateSelf:
1254 /* Terminate this thread */
1255 return PspTerminateThreadByPointer(CurrentThread,
1256 ExitStatus,
1257 TRUE);
1258 }
1259
1260 /* We are terminating another thread, get the Thread Object */
1261 Status = ObReferenceObjectByHandle(ThreadHandle,
1262 THREAD_TERMINATE,
1263 PsThreadType,
1264 KeGetPreviousMode(),
1265 (PVOID*)&Thread,
1266 NULL);
1267 if (!NT_SUCCESS(Status)) return Status;
1268
1269 /* Check to see if we're running in the same thread */
1270 if (Thread != CurrentThread)
1271 {
1272 /* Terminate it */
1273 Status = PspTerminateThreadByPointer(Thread, ExitStatus, FALSE);
1274
1275 /* Dereference the Thread and return */
1276 ObDereferenceObject(Thread);
1277 }
1278 else
1279 {
1280 /* Dereference the thread and terminate ourselves */
1281 ObDereferenceObject(Thread);
1282 goto TerminateSelf;
1283 }
1284
1285 /* Return status */
1286 return Status;
1287 }
1288
1289 NTSTATUS
1290 NTAPI
1291 NtRegisterThreadTerminatePort(IN HANDLE PortHandle)
1292 {
1293 NTSTATUS Status;
1294 PTERMINATION_PORT TerminationPort;
1295 PVOID TerminationLpcPort;
1296 PETHREAD Thread;
1297 PAGED_CODE();
1298 PSTRACE(PS_KILL_DEBUG, "PortHandle: %p\n", PortHandle);
1299
1300 /* Get the Port */
1301 Status = ObReferenceObjectByHandle(PortHandle,
1302 PORT_ALL_ACCESS,
1303 LpcPortObjectType,
1304 KeGetPreviousMode(),
1305 &TerminationLpcPort,
1306 NULL);
1307 if (!NT_SUCCESS(Status)) return(Status);
1308
1309 /* Allocate the Port and make sure it suceeded */
1310 TerminationPort = ExAllocatePoolWithTag(NonPagedPool,
1311 sizeof(TERMINATION_PORT),
1312 '=TsP');
1313 if(TerminationPort)
1314 {
1315 /* Associate the Port */
1316 Thread = PsGetCurrentThread();
1317 TerminationPort->Port = TerminationLpcPort;
1318 TerminationPort->Next = Thread->TerminationPort;
1319 Thread->TerminationPort = TerminationPort;
1320
1321 /* Return success */
1322 return STATUS_SUCCESS;
1323 }
1324
1325 /* Dereference and Fail */
1326 ObDereferenceObject(TerminationPort);
1327 return STATUS_INSUFFICIENT_RESOURCES;
1328 }
A free Windows-compatible Operating System