3 Copyright (c) Alex Ionescu. All rights reserved.
11 Type definitions for the Object Manager
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
26 #ifndef NTOS_MODE_USER
32 // Definitions for Object Creation
34 #define OBJ_INHERIT 0x00000002L
35 #define OBJ_PERMANENT 0x00000010L
36 #define OBJ_EXCLUSIVE 0x00000020L
37 #define OBJ_CASE_INSENSITIVE 0x00000040L
38 #define OBJ_OPENIF 0x00000080L
39 #define OBJ_OPENLINK 0x00000100L
40 #define OBJ_KERNEL_HANDLE 0x00000200L
41 #define OBJ_FORCE_ACCESS_CHECK 0x00000400L
42 #define OBJ_VALID_ATTRIBUTES 0x000007F2L
44 #define InitializeObjectAttributes(p,n,a,r,s) { \
45 (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
46 (p)->RootDirectory = (r); \
47 (p)->Attributes = (a); \
48 (p)->ObjectName = (n); \
49 (p)->SecurityDescriptor = (s); \
50 (p)->SecurityQualityOfService = NULL; \
54 // Number of custom-defined bits that can be attached to a handle
56 #define OBJ_HANDLE_TAGBITS 0x3
59 // Directory Object Access Rights
61 #define DIRECTORY_QUERY 0x0001
62 #define DIRECTORY_TRAVERSE 0x0002
63 #define DIRECTORY_CREATE_OBJECT 0x0004
64 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
65 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
68 // Slash separator used in the OB Namespace (and Registry)
70 #define OBJ_NAME_PATH_SEPARATOR L'\\'
73 // Object Information Classes for NtQueryInformationObject
75 typedef enum _OBJECT_INFORMATION_CLASS
77 ObjectBasicInformation
,
78 ObjectNameInformation
,
79 ObjectTypeInformation
,
80 ObjectTypesInformation
,
81 ObjectHandleFlagInformation
,
82 ObjectSessionInformation
,
84 } OBJECT_INFORMATION_CLASS
;
89 // Undocumented Attribute for Kernel-Only Access
91 #define OBJ_KERNEL_EXCLUSIVE 0x00010000L
92 #define OBJ_VALID_KERNEL_ATTRIBUTES (OBJ_VALID_ATTRIBUTES | \
97 #define OB_FLAG_CREATE_INFO 0x01
98 #define OB_FLAG_KERNEL_MODE 0x02
99 #define OB_FLAG_CREATOR_INFO 0x04
100 #define OB_FLAG_EXCLUSIVE 0x08
101 #define OB_FLAG_PERMANENT 0x10
102 #define OB_FLAG_SECURITY 0x20
103 #define OB_FLAG_SINGLE_PROCESS 0x40
104 #define OB_FLAG_DEFER_DELETE 0x80
107 // Object Flags encoded in "QueryReferences" field
109 #define OB_FLAG_KERNEL_EXCLUSIVE 0x40000000
111 #define OBJECT_TO_OBJECT_HEADER(o) \
112 CONTAINING_RECORD((o), OBJECT_HEADER, Body)
114 #define OBJECT_HEADER_TO_NAME_INFO(h) \
115 ((POBJECT_HEADER_NAME_INFO)(!(h)->NameInfoOffset ? \
116 NULL: ((PCHAR)(h) - (h)->NameInfoOffset)))
118 #define OBJECT_HEADER_TO_HANDLE_INFO(h) \
119 ((POBJECT_HEADER_HANDLE_INFO)(!(h)->HandleInfoOffset ? \
120 NULL: ((PCHAR)(h) - (h)->HandleInfoOffset)))
122 #define OBJECT_HEADER_TO_QUOTA_INFO(h) \
123 ((POBJECT_HEADER_QUOTA_INFO)(!(h)->QuotaInfoOffset ? \
124 NULL: ((PCHAR)(h) - (h)->QuotaInfoOffset)))
126 #define OBJECT_HEADER_TO_CREATOR_INFO(h) \
127 ((POBJECT_HEADER_CREATOR_INFO)(!((h)->Flags & \
128 OB_FLAG_CREATOR_INFO) ? NULL: ((PCHAR)(h) - \
129 sizeof(OBJECT_HEADER_CREATOR_INFO))))
131 #define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h) \
132 ((!((h)->Flags & OB_FLAG_EXCLUSIVE)) ? \
133 NULL: (((POBJECT_HEADER_QUOTA_INFO)((PCHAR)(h) - \
134 (h)->QuotaInfoOffset))->ExclusiveProcess))
137 // Reasons for Open Callback
139 typedef enum _OB_OPEN_REASON
151 // Object Duplication Flags
153 #define DUPLICATE_SAME_ATTRIBUTES 0x00000004
156 // Number of hash entries in an Object Directory
158 #define NUMBER_HASH_BUCKETS 37
161 // Types for DosDeviceDriveType
163 #define DOSDEVICE_DRIVE_UNKNOWN 0
164 #define DOSDEVICE_DRIVE_CALCULATE 1
165 #define DOSDEVICE_DRIVE_REMOVABLE 2
166 #define DOSDEVICE_DRIVE_FIXED 3
167 #define DOSDEVICE_DRIVE_REMOTE 4
168 #define DOSDEVICE_DRIVE_CDROM 5
169 #define DOSDEVICE_DRIVE_RAMDISK 6
172 // Dump Control Structure for Object Debugging
174 typedef struct _OB_DUMP_CONTROL
178 } OB_DUMP_CONTROL
, *POB_DUMP_CONTROL
;
180 #ifndef NTOS_MODE_USER
183 // Object Type Callbacks
186 (NTAPI
*OB_DUMP_METHOD
)(
188 _In_opt_ POB_DUMP_CONTROL Control
192 (NTAPI
*OB_OPEN_METHOD
)(
193 _In_ OB_OPEN_REASON Reason
,
194 _In_opt_ PEPROCESS Process
,
195 _In_ PVOID ObjectBody
,
196 _In_ ACCESS_MASK GrantedAccess
,
197 _In_ ULONG HandleCount
201 (NTAPI
*OB_CLOSE_METHOD
)(
202 _In_opt_ PEPROCESS Process
,
204 _In_ ACCESS_MASK GrantedAccess
,
205 _In_ ULONG ProcessHandleCount
,
206 _In_ ULONG SystemHandleCount
210 (NTAPI
*OB_DELETE_METHOD
)(
215 (NTAPI
*OB_PARSE_METHOD
)(
216 _In_ PVOID ParseObject
,
217 _In_ PVOID ObjectType
,
218 _Inout_ PACCESS_STATE AccessState
,
219 _In_ KPROCESSOR_MODE AccessMode
,
220 _In_ ULONG Attributes
,
221 _Inout_ PUNICODE_STRING CompleteName
,
222 _Inout_ PUNICODE_STRING RemainingName
,
223 _Inout_opt_ PVOID Context
,
224 _In_opt_ PSECURITY_QUALITY_OF_SERVICE SecurityQos
,
229 (NTAPI
*OB_SECURITY_METHOD
)(
231 _In_ SECURITY_OPERATION_CODE OperationType
,
232 _In_ PSECURITY_INFORMATION SecurityInformation
,
233 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
,
234 _Inout_ PULONG CapturedLength
,
235 _Inout_ PSECURITY_DESCRIPTOR
*ObjectSecurityDescriptor
,
236 _In_ POOL_TYPE PoolType
,
237 _In_ PGENERIC_MAPPING GenericMapping
241 (NTAPI
*OB_QUERYNAME_METHOD
)(
243 _In_ BOOLEAN HasObjectName
,
244 _Out_ POBJECT_NAME_INFORMATION ObjectNameInfo
,
246 _Out_ PULONG ReturnLength
,
247 _In_ KPROCESSOR_MODE AccessMode
251 (NTAPI
*OB_OKAYTOCLOSE_METHOD
)(
252 _In_opt_ PEPROCESS Process
,
255 _In_ KPROCESSOR_MODE AccessMode
261 // Object Information Types for NtQueryInformationObject
263 typedef struct _OBJECT_NAME_INFORMATION
266 } OBJECT_NAME_INFORMATION
, *POBJECT_NAME_INFORMATION
;
270 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION
273 BOOLEAN ProtectFromClose
;
274 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION
, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION
;
276 typedef struct _OBJECT_DIRECTORY_INFORMATION
279 UNICODE_STRING TypeName
;
280 } OBJECT_DIRECTORY_INFORMATION
, *POBJECT_DIRECTORY_INFORMATION
;
283 // Object Type Information
285 typedef struct _OBJECT_TYPE_INFORMATION
287 UNICODE_STRING TypeName
;
288 ULONG TotalNumberOfObjects
;
289 ULONG TotalNumberOfHandles
;
290 ULONG TotalPagedPoolUsage
;
291 ULONG TotalNonPagedPoolUsage
;
292 ULONG TotalNamePoolUsage
;
293 ULONG TotalHandleTableUsage
;
294 ULONG HighWaterNumberOfObjects
;
295 ULONG HighWaterNumberOfHandles
;
296 ULONG HighWaterPagedPoolUsage
;
297 ULONG HighWaterNonPagedPoolUsage
;
298 ULONG HighWaterNamePoolUsage
;
299 ULONG HighWaterHandleTableUsage
;
300 ULONG InvalidAttributes
;
301 GENERIC_MAPPING GenericMapping
;
302 ULONG ValidAccessMask
;
303 BOOLEAN SecurityRequired
;
304 BOOLEAN MaintainHandleCount
;
306 ULONG DefaultPagedPoolCharge
;
307 ULONG DefaultNonPagedPoolCharge
;
308 } OBJECT_TYPE_INFORMATION
, *POBJECT_TYPE_INFORMATION
;
310 typedef struct _OBJECT_ALL_TYPES_INFORMATION
313 //OBJECT_TYPE_INFORMATION TypeInformation[1];
314 } OBJECT_ALL_TYPES_INFORMATION
, *POBJECT_ALL_TYPES_INFORMATION
;
316 #ifdef NTOS_MODE_USER
318 typedef struct _OBJECT_BASIC_INFORMATION
321 ACCESS_MASK GrantedAccess
;
324 ULONG PagedPoolUsage
;
325 ULONG NonPagedPoolUsage
;
327 ULONG NameInformationLength
;
328 ULONG TypeInformationLength
;
329 ULONG SecurityDescriptorLength
;
330 LARGE_INTEGER CreateTime
;
331 } OBJECT_BASIC_INFORMATION
, *POBJECT_BASIC_INFORMATION
;
335 typedef struct _OBJECT_CREATE_INFORMATION
338 HANDLE RootDirectory
;
340 KPROCESSOR_MODE ProbeMode
;
341 ULONG PagedPoolCharge
;
342 ULONG NonPagedPoolCharge
;
343 ULONG SecurityDescriptorCharge
;
344 PSECURITY_DESCRIPTOR SecurityDescriptor
;
345 PSECURITY_QUALITY_OF_SERVICE SecurityQos
;
346 SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
;
347 } OBJECT_CREATE_INFORMATION
, *POBJECT_CREATE_INFORMATION
;
350 // Object Type Initialize for ObCreateObjectType
352 typedef struct _OBJECT_TYPE_INITIALIZER
355 BOOLEAN UseDefaultObject
;
356 BOOLEAN CaseInsensitive
;
357 ULONG InvalidAttributes
;
358 GENERIC_MAPPING GenericMapping
;
359 ULONG ValidAccessMask
;
360 BOOLEAN SecurityRequired
;
361 BOOLEAN MaintainHandleCount
;
362 BOOLEAN MaintainTypeList
;
364 ULONG DefaultPagedPoolCharge
;
365 ULONG DefaultNonPagedPoolCharge
;
366 OB_DUMP_METHOD DumpProcedure
;
367 OB_OPEN_METHOD OpenProcedure
;
368 OB_CLOSE_METHOD CloseProcedure
;
369 OB_DELETE_METHOD DeleteProcedure
;
370 OB_PARSE_METHOD ParseProcedure
;
371 OB_SECURITY_METHOD SecurityProcedure
;
372 OB_QUERYNAME_METHOD QueryNameProcedure
;
373 OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure
;
374 } OBJECT_TYPE_INITIALIZER
, *POBJECT_TYPE_INITIALIZER
;
377 // Object Type Object
379 typedef struct _OBJECT_TYPE
386 ULONG TotalNumberOfObjects
;
387 ULONG TotalNumberOfHandles
;
388 ULONG HighWaterNumberOfObjects
;
389 ULONG HighWaterNumberOfHandles
;
390 OBJECT_TYPE_INITIALIZER TypeInfo
;
392 ERESOURCE ObjectLocks
[4];
396 // Object Directory Structures
398 typedef struct _OBJECT_DIRECTORY_ENTRY
400 struct _OBJECT_DIRECTORY_ENTRY
*ChainLink
;
402 #if (NTDDI_VERSION >= NTDDI_WS03)
405 } OBJECT_DIRECTORY_ENTRY
, *POBJECT_DIRECTORY_ENTRY
;
407 typedef struct _OBJECT_DIRECTORY
409 struct _OBJECT_DIRECTORY_ENTRY
*HashBuckets
[NUMBER_HASH_BUCKETS
];
410 #if (NTDDI_VERSION < NTDDI_WINXP)
415 #if (NTDDI_VERSION < NTDDI_WINXP)
416 BOOLEAN CurrentEntryValid
;
418 struct _DEVICE_MAP
*DeviceMap
;
421 #if (NTDDI_VERSION == NTDDI_WINXP)
423 USHORT SymbolicLinkUsageCount
;
425 } OBJECT_DIRECTORY
, *POBJECT_DIRECTORY
;
428 // Object Header Addon Information
430 typedef struct _OBJECT_HEADER_NAME_INFO
432 POBJECT_DIRECTORY Directory
;
434 ULONG QueryReferences
;
436 ULONG DbgReferenceCount
;
437 } OBJECT_HEADER_NAME_INFO
, *POBJECT_HEADER_NAME_INFO
;
439 typedef struct _OBJECT_HANDLE_COUNT_ENTRY
441 struct _EPROCESS
*Process
;
443 } OBJECT_HANDLE_COUNT_ENTRY
, *POBJECT_HANDLE_COUNT_ENTRY
;
445 typedef struct _OBJECT_HANDLE_COUNT_DATABASE
448 OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries
[1];
449 } OBJECT_HANDLE_COUNT_DATABASE
, *POBJECT_HANDLE_COUNT_DATABASE
;
451 typedef struct _OBJECT_HEADER_HANDLE_INFO
455 POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase
;
456 OBJECT_HANDLE_COUNT_ENTRY SingleEntry
;
458 } OBJECT_HEADER_HANDLE_INFO
, *POBJECT_HEADER_HANDLE_INFO
;
460 typedef struct _OBJECT_HEADER_CREATOR_INFO
463 PVOID CreatorUniqueProcess
;
464 USHORT CreatorBackTraceIndex
;
466 } OBJECT_HEADER_CREATOR_INFO
, *POBJECT_HEADER_CREATOR_INFO
;
468 typedef struct _OBJECT_HEADER_QUOTA_INFO
470 ULONG PagedPoolCharge
;
471 ULONG NonPagedPoolCharge
;
472 ULONG SecurityDescriptorCharge
;
473 PEPROCESS ExclusiveProcess
;
474 } OBJECT_HEADER_QUOTA_INFO
, *POBJECT_HEADER_QUOTA_INFO
;
479 typedef struct _OBJECT_HEADER
485 volatile PVOID NextToFree
;
488 UCHAR NameInfoOffset
;
489 UCHAR HandleInfoOffset
;
490 UCHAR QuotaInfoOffset
;
494 POBJECT_CREATE_INFORMATION ObjectCreateInfo
;
495 PVOID QuotaBlockCharged
;
497 PSECURITY_DESCRIPTOR SecurityDescriptor
;
499 } OBJECT_HEADER
, *POBJECT_HEADER
;
502 // Object Lookup Context
504 typedef struct _OBP_LOOKUP_CONTEXT
506 POBJECT_DIRECTORY Directory
;
510 BOOLEAN DirectoryLocked
;
511 ULONG LockStateSignature
;
512 } OBP_LOOKUP_CONTEXT
, *POBP_LOOKUP_CONTEXT
;
517 typedef struct _DEVICE_MAP
519 POBJECT_DIRECTORY DosDevicesDirectory
;
520 POBJECT_DIRECTORY GlobalDosDevicesDirectory
;
521 ULONG ReferenceCount
;
524 } DEVICE_MAP
, *PDEVICE_MAP
;
527 // Symbolic Link Object
529 typedef struct _OBJECT_SYMBOLIC_LINK
531 LARGE_INTEGER CreationTime
;
532 UNICODE_STRING LinkTarget
;
533 UNICODE_STRING LinkTargetRemaining
;
534 PVOID LinkTargetObject
;
535 ULONG DosDeviceDriveIndex
;
536 } OBJECT_SYMBOLIC_LINK
, *POBJECT_SYMBOLIC_LINK
;
541 extern POBJECT_TYPE NTSYSAPI ObDirectoryType
;
542 extern PDEVICE_MAP NTSYSAPI ObSystemDeviceMap
;
544 #endif // !NTOS_MODE_USER