3 Copyright (c) Alex Ionescu. All rights reserved.
11 Function definitions for the Process Manager
15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
32 #ifndef NTOS_MODE_USER
35 // Win32K Process/Thread Functions
40 PsGetCurrentThreadWin32Thread(
47 PsGetCurrentProcessWin32Process(
54 PsGetProcessWin32Process(
55 _In_ PEPROCESS Process
61 PsSetProcessWin32Process(
62 _Inout_ PEPROCESS Process
,
63 _In_opt_ PVOID Win32Process
,
64 _In_opt_ PVOID OldWin32Process
70 PsSetThreadWin32Thread(
71 _Inout_ PETHREAD Thread
,
72 _In_opt_ PVOID Win32Thread
,
73 _In_opt_ PVOID OldWin32Thread
79 PsGetThreadWin32Thread(
86 PsGetProcessWin32WindowStation(
87 _In_ PEPROCESS Process
93 PsSetProcessWindowStation(
94 _Inout_ PEPROCESS Process
,
95 _In_opt_ PVOID WindowStation
122 PsGetThreadFreezeCount(
129 PsGetThreadHardErrorsAreDisabled(
136 PsSetThreadHardErrorsAreDisabled(
137 _Inout_ PETHREAD Thread
,
138 _In_ BOOLEAN Disabled
144 PsEstablishWin32Callouts(
145 _In_ PWIN32_CALLOUTS_FPNS CalloutData
151 PsReturnProcessNonPagedPoolQuota(
152 _In_ PEPROCESS Process
,
159 PsGetCurrentProcessSessionId(
164 // Process Impersonation Functions
169 PsIsThreadImpersonating(
176 PsRevertThreadToSelf(
177 _Inout_ PETHREAD Thread
186 PsLookupProcessThreadByCid(
188 _Out_opt_ PEPROCESS
*Process
,
189 _Out_ PETHREAD
*Thread
194 PsIsProtectedProcess(
195 _In_ PEPROCESS Process
202 _In_ PEPROCESS Process
207 PsSetProcessPriorityByClass(
208 _In_ PEPROCESS Process
,
209 _In_ PSPROCESSPRIORITYMODE Type
214 PsGetProcessInheritedFromUniqueProcessId(
215 _In_ PEPROCESS Process
221 PsGetProcessExitStatus(
222 _In_ PEPROCESS Process
228 PsGetProcessSessionId(
229 _In_ PEPROCESS Process
235 PsGetProcessExitProcessCalled(
236 _In_ PEPROCESS Process
246 _In_ PEPROCESS Process
,
247 _In_ POOL_TYPE PoolType
,
254 PsChargeProcessNonPagedPoolQuota(
255 _In_ PEPROCESS Process
,
262 PsChargeProcessPagedPoolQuota(
263 _In_ PEPROCESS Process
,
270 PsChargeProcessPoolQuota(
271 _In_ PEPROCESS Process
,
272 _In_ POOL_TYPE PoolType
,
280 _In_ PEPROCESS Process
,
281 _In_ POOL_TYPE PoolType
,
288 PsReturnProcessNonPagedPoolQuota(
289 _In_ PEPROCESS Process
,
296 PsReturnProcessPagedPoolQuota(
297 _In_ PEPROCESS Process
,
304 PsGetProcessSecurityPort(
305 _In_ PEPROCESS Process
311 PsSetProcessSecurityPort(
312 _Inout_ PEPROCESS Process
,
313 _In_ PVOID SecurityPort
319 PsGetCurrentThreadProcessId(
332 _In_ HANDLE ThreadHandle
,
333 _Out_opt_ PULONG SuspendCount
339 NtApphelpCacheControl(
340 _In_ APPHELPCACHESERVICECLASS Service
,
341 _In_opt_ PAPPHELP_CACHE_SERVICE_LOOKUP ServiceData
348 _In_ HANDLE ThreadHandle
354 NtAssignProcessToJobObject(
355 _In_ HANDLE JobHandle
,
356 _In_ HANDLE ProcessHandle
363 _Out_ PHANDLE JobHandle
,
364 _In_ ACCESS_MASK DesiredAccess
,
365 _In_ POBJECT_ATTRIBUTES ObjectAttributes
372 _In_ PJOB_SET_ARRAY UserJobSet
,
380 _Out_ PHANDLE ProcessHandle
,
381 _In_ ACCESS_MASK DesiredAccess
,
382 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
383 _In_ HANDLE ParentProcess
,
384 _In_ BOOLEAN InheritObjectTable
,
385 _In_opt_ HANDLE SectionHandle
,
386 _In_opt_ HANDLE DebugPort
,
387 _In_opt_ HANDLE ExceptionPort
394 _Out_ PHANDLE ProcessHandle
,
395 _In_ ACCESS_MASK DesiredAccess
,
396 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
397 _In_ HANDLE ParentProcess
,
399 _In_opt_ HANDLE SectionHandle
,
400 _In_opt_ HANDLE DebugPort
,
401 _In_opt_ HANDLE ExceptionPort
,
409 _Out_ PHANDLE ThreadHandle
,
410 _In_ ACCESS_MASK DesiredAccess
,
411 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
412 _In_ HANDLE ProcessHandle
,
413 _Out_ PCLIENT_ID ClientId
,
414 _In_ PCONTEXT ThreadContext
,
415 _In_ PINITIAL_TEB UserStack
,
416 _In_ BOOLEAN CreateSuspended
419 #ifndef NTOS_MODE_USER
420 FORCEINLINE
struct _TEB
* NtCurrentTeb(VOID
)
423 return (PTEB
)__readfsdword(0x18);
424 #elif defined (_M_AMD64)
425 return (struct _TEB
*)__readgsqword(FIELD_OFFSET(NT_TIB
, Self
));
426 #elif defined (_M_ARM)
427 return (struct _TEB
*)KeGetPcr()->Used_Self
;
431 struct _TEB
* NtCurrentTeb(void);
438 _In_ HANDLE ThreadHandle
,
439 _In_ HANDLE ThreadToImpersonate
,
440 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
447 _In_ HANDLE ProcessHandle
,
448 _In_opt_ HANDLE JobHandle
456 _Out_ PHANDLE ProcessHandle
,
457 _In_ ACCESS_MASK DesiredAccess
,
458 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
459 _In_opt_ PCLIENT_ID ClientId
462 _Must_inspect_result_
468 _In_ HANDLE ProcessHandle
,
469 _In_ ACCESS_MASK DesiredAccess
,
470 _Out_ PHANDLE TokenHandle
477 _Out_ PHANDLE ThreadHandle
,
478 _In_ ACCESS_MASK DesiredAccess
,
479 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
480 _In_ PCLIENT_ID ClientId
487 _In_ HANDLE ThreadHandle
,
488 _In_ ACCESS_MASK DesiredAccess
,
489 _In_ BOOLEAN OpenAsSelf
,
490 _Out_ PHANDLE TokenHandle
497 _In_ HANDLE ThreadHandle
,
498 _In_ ACCESS_MASK DesiredAccess
,
499 _In_ BOOLEAN OpenAsSelf
,
500 _In_ ULONG HandleAttributes
,
501 _Out_ PHANDLE TokenHandle
507 NtQueryInformationJobObject(
508 _In_ HANDLE JobHandle
,
509 _In_ JOBOBJECTINFOCLASS JobInformationClass
,
510 _Out_bytecap_(JobInformationLength
) PVOID JobInformation
,
511 _In_ ULONG JobInformationLength
,
512 _Out_ PULONG ReturnLength
520 NtQueryInformationProcess(
521 _In_ HANDLE ProcessHandle
,
522 _In_ PROCESSINFOCLASS ProcessInformationClass
,
523 _Out_ PVOID ProcessInformation
,
524 _In_ ULONG ProcessInformationLength
,
525 _Out_opt_ PULONG ReturnLength
532 NtQueryInformationThread(
533 _In_ HANDLE ThreadHandle
,
534 _In_ THREADINFOCLASS ThreadInformationClass
,
535 _Out_ PVOID ThreadInformation
,
536 _In_ ULONG ThreadInformationLength
,
537 _Out_opt_ PULONG ReturnLength
543 NtRegisterThreadTerminatePort(
544 _In_ HANDLE TerminationPort
551 _In_ HANDLE ThreadHandle
,
552 _Out_opt_ PULONG SuspendCount
559 _In_ HANDLE ProcessHandle
565 NtSetInformationJobObject(
566 _In_ HANDLE JobHandle
,
567 _In_ JOBOBJECTINFOCLASS JobInformationClass
,
568 _In_bytecount_(JobInformationLength
) PVOID JobInformation
,
569 _In_ ULONG JobInformationLength
575 NtSetInformationProcess(
576 _In_ HANDLE ProcessHandle
,
577 _In_ PROCESSINFOCLASS ProcessInformationClass
,
578 _In_ PVOID ProcessInformation
,
579 _In_ ULONG ProcessInformationLength
586 NtSetInformationThread(
587 _In_ HANDLE ThreadHandle
,
588 _In_ THREADINFOCLASS ThreadInformationClass
,
589 _In_reads_bytes_(ThreadInformationLength
) PVOID ThreadInformation
,
590 _In_ ULONG ThreadInformationLength
597 _In_ HANDLE ProcessHandle
604 _In_ HANDLE ThreadHandle
,
605 _In_ PULONG PreviousSuspendCount
612 _In_ HANDLE ProcessHandle
,
613 _In_ NTSTATUS ExitStatus
620 _In_ HANDLE ThreadHandle
,
621 _In_ NTSTATUS ExitStatus
627 NtTerminateJobObject(
628 _In_ HANDLE JobHandle
,
629 _In_ NTSTATUS ExitStatus
636 _In_ HANDLE ThreadHandle
,
637 _Out_opt_ PULONG SuspendCount
644 _In_ HANDLE ThreadHandle
650 ZwAssignProcessToJobObject(
651 _In_ HANDLE JobHandle
,
652 _In_ HANDLE ProcessHandle
659 _Out_ PHANDLE JobHandle
,
660 _In_ ACCESS_MASK DesiredAccess
,
661 _In_ POBJECT_ATTRIBUTES ObjectAttributes
668 _Out_ PHANDLE ProcessHandle
,
669 _In_ ACCESS_MASK DesiredAccess
,
670 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
671 _In_ HANDLE ParentProcess
,
672 _In_ BOOLEAN InheritObjectTable
,
673 _In_opt_ HANDLE SectionHandle
,
674 _In_opt_ HANDLE DebugPort
,
675 _In_opt_ HANDLE ExceptionPort
682 _Out_ PHANDLE ThreadHandle
,
683 _In_ ACCESS_MASK DesiredAccess
,
684 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes
,
685 _In_ HANDLE ProcessHandle
,
686 _Out_ PCLIENT_ID ClientId
,
687 _In_ PCONTEXT ThreadContext
,
688 _In_ PINITIAL_TEB UserStack
,
689 _In_ BOOLEAN CreateSuspended
696 _In_ HANDLE ThreadHandle
,
697 _In_ HANDLE ThreadToImpersonate
,
698 _In_ PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
705 _In_ HANDLE ProcessHandle
,
706 _In_opt_ HANDLE JobHandle
709 _IRQL_requires_max_(PASSIVE_LEVEL
)
713 ZwOpenProcessTokenEx(
714 _In_ HANDLE ProcessHandle
,
715 _In_ ACCESS_MASK DesiredAccess
,
716 _In_ ULONG HandleAttributes
,
717 _Out_ PHANDLE TokenHandle
724 _Out_ PHANDLE ThreadHandle
,
725 _In_ ACCESS_MASK DesiredAccess
,
726 _In_ POBJECT_ATTRIBUTES ObjectAttributes
,
727 _In_ PCLIENT_ID ClientId
734 _In_ HANDLE ThreadHandle
,
735 _In_ ACCESS_MASK DesiredAccess
,
736 _In_ BOOLEAN OpenAsSelf
,
737 _Out_ PHANDLE TokenHandle
744 _In_ HANDLE ThreadHandle
,
745 _In_ ACCESS_MASK DesiredAccess
,
746 _In_ BOOLEAN OpenAsSelf
,
747 _In_ ULONG HandleAttributes
,
748 _Out_ PHANDLE TokenHandle
754 ZwQueryInformationJobObject(
755 _In_ HANDLE JobHandle
,
756 _In_ JOBOBJECTINFOCLASS JobInformationClass
,
757 _Out_bytecap_(JobInformationLength
) PVOID JobInformation
,
758 _In_ ULONG JobInformationLength
,
759 _Out_ PULONG ReturnLength
766 ZwQueryInformationProcess(
767 _In_ HANDLE ProcessHandle
,
768 _In_ PROCESSINFOCLASS ProcessInformationClass
,
769 _Out_ PVOID ProcessInformation
,
770 _In_ ULONG ProcessInformationLength
,
771 _Out_opt_ PULONG ReturnLength
778 ZwQueryInformationThread(
779 _In_ HANDLE ThreadHandle
,
780 _In_ THREADINFOCLASS ThreadInformationClass
,
781 _Out_ PVOID ThreadInformation
,
782 _In_ ULONG ThreadInformationLength
,
783 _Out_opt_ PULONG ReturnLength
789 ZwRegisterThreadTerminatePort(
790 _In_ HANDLE TerminationPort
797 _In_ HANDLE ThreadHandle
,
798 _Out_opt_ PULONG SuspendCount
805 _In_ HANDLE ProcessHandle
811 ZwSetInformationJobObject(
812 _In_ HANDLE JobHandle
,
813 _In_ JOBOBJECTINFOCLASS JobInformationClass
,
814 _In_ PVOID JobInformation
,
815 _In_ ULONG JobInformationLength
821 ZwSetInformationProcess(
822 _In_ HANDLE ProcessHandle
,
823 _In_ PROCESSINFOCLASS ProcessInformationClass
,
824 _In_ PVOID ProcessInformation
,
825 _In_ ULONG ProcessInformationLength
828 _IRQL_requires_max_(PASSIVE_LEVEL
)
832 ZwSetInformationThread(
833 _In_ HANDLE ThreadHandle
,
834 _In_ THREADINFOCLASS ThreadInformationClass
,
835 _In_reads_bytes_(ThreadInformationLength
) PVOID ThreadInformation
,
836 _In_ ULONG ThreadInformationLength
843 _In_ HANDLE ProcessHandle
850 _In_ HANDLE ThreadHandle
,
851 _In_ PULONG PreviousSuspendCount
854 _IRQL_requires_max_(PASSIVE_LEVEL
)
859 _In_opt_ HANDLE ProcessHandle
,
860 _In_ NTSTATUS ExitStatus
867 _In_ HANDLE ThreadHandle
,
868 _In_ NTSTATUS ExitStatus
874 ZwTerminateJobObject(
875 _In_ HANDLE JobHandle
,
876 _In_ NTSTATUS ExitStatus