2006-05-10 17:47:44 +00:00
|
|
|
/*++ NDK Version: 0098
|
2005-11-22 04:57:45 +00:00
|
|
|
|
|
|
|
|
Copyright (c) Alex Ionescu. All rights reserved.
|
|
|
|
|
|
|
|
|
|
Header Name:
|
|
|
|
|
|
|
|
|
|
psfuncs.h
|
|
|
|
|
|
|
|
|
|
Abstract:
|
|
|
|
|
|
|
|
|
|
Function definitions for the Process Manager
|
|
|
|
|
|
|
|
|
|
Author:
|
|
|
|
|
|
2006-05-10 17:47:44 +00:00
|
|
|
Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006
|
2005-11-22 04:57:45 +00:00
|
|
|
|
|
|
|
|
--*/
|
|
|
|
|
|
2005-06-18 23:33:40 +00:00
|
|
|
#ifndef _PSFUNCS_H
|
|
|
|
|
#define _PSFUNCS_H
|
|
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Dependencies
|
|
|
|
|
//
|
2005-11-25 00:17:40 +00:00
|
|
|
#include <umtypes.h>
|
|
|
|
|
#include <pstypes.h>
|
|
|
|
|
|
2008-06-16 09:20:47 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
extern "C" {
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-11-25 00:17:40 +00:00
|
|
|
#ifndef NTOS_MODE_USER
|
2005-06-18 23:33:40 +00:00
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Win32K Process/Thread Functions
|
|
|
|
|
//
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2008-10-16 17:21:08 +00:00
|
|
|
PVOID
|
2005-11-22 04:57:45 +00:00
|
|
|
NTAPI
|
2006-07-20 14:53:47 +00:00
|
|
|
PsGetCurrentThreadWin32Thread(
|
2005-11-22 04:57:45 +00:00
|
|
|
VOID
|
|
|
|
|
);
|
2005-08-10 18:09:44 +00:00
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2008-10-18 20:34:36 +00:00
|
|
|
PVOID
|
2005-11-22 04:57:45 +00:00
|
|
|
NTAPI
|
2006-07-20 14:53:47 +00:00
|
|
|
PsGetCurrentProcessWin32Process(
|
2005-11-22 04:57:45 +00:00
|
|
|
VOID
|
|
|
|
|
);
|
2005-08-10 18:09:44 +00:00
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PVOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsGetProcessWin32Process(
|
|
|
|
|
PEPROCESS Process
|
|
|
|
|
);
|
2005-06-26 16:06:32 +00:00
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
VOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PsSetProcessWin32Process(
|
|
|
|
|
PEPROCESS Process,
|
|
|
|
|
PVOID Win32Process
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
VOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PsSetThreadWin32Thread(
|
|
|
|
|
PETHREAD Thread,
|
|
|
|
|
PVOID Win32Thread
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-06-26 16:06:32 +00:00
|
|
|
PVOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsGetThreadWin32Thread(
|
|
|
|
|
PETHREAD Thread
|
2005-06-18 23:33:40 +00:00
|
|
|
);
|
|
|
|
|
|
2008-09-27 16:24:50 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
PTEB
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadTeb(
|
|
|
|
|
IN PETHREAD Thread
|
|
|
|
|
);
|
|
|
|
|
|
2009-08-06 11:16:42 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
HANDLE
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadId(
|
|
|
|
|
IN PETHREAD Thread
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2006-06-23 21:21:45 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetThreadHardErrorsAreDisabled(
|
|
|
|
|
PETHREAD Thread
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2007-10-19 23:21:45 +00:00
|
|
|
VOID
|
2006-06-23 21:21:45 +00:00
|
|
|
NTAPI
|
|
|
|
|
PsSetThreadHardErrorsAreDisabled(
|
|
|
|
|
PETHREAD Thread,
|
|
|
|
|
IN BOOLEAN Disabled
|
|
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2007-10-19 23:21:45 +00:00
|
|
|
VOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsEstablishWin32Callouts(
|
2006-05-10 17:47:44 +00:00
|
|
|
PWIN32_CALLOUTS_FPNS CalloutData
|
2005-06-18 23:33:40 +00:00
|
|
|
);
|
|
|
|
|
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-12-06 01:53:03 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnProcessNonPagedPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2005-12-06 01:53:03 +00:00
|
|
|
);
|
|
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Process Impersonation Functions
|
|
|
|
|
//
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
VOID
|
2005-09-05 04:48:20 +00:00
|
|
|
NTAPI
|
2005-11-22 04:57:45 +00:00
|
|
|
PsRevertThreadToSelf(
|
|
|
|
|
IN PETHREAD Thread
|
2005-06-18 23:33:40 +00:00
|
|
|
);
|
|
|
|
|
|
2005-11-22 04:57:45 +00:00
|
|
|
//
|
|
|
|
|
// Misc. Functions
|
|
|
|
|
//
|
2006-11-15 20:24:55 +00:00
|
|
|
NTKERNELAPI
|
2006-10-30 14:17:37 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsLookupProcessThreadByCid(
|
|
|
|
|
IN PCLIENT_ID Cid,
|
|
|
|
|
OUT PEPROCESS *Process OPTIONAL,
|
|
|
|
|
OUT PETHREAD *Thread
|
|
|
|
|
);
|
|
|
|
|
|
2007-04-07 05:33:30 +00:00
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsIsProtectedProcess(
|
|
|
|
|
IN PEPROCESS Process
|
|
|
|
|
);
|
|
|
|
|
|
2008-09-25 14:39:38 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
|
BOOLEAN
|
|
|
|
|
NTAPI
|
|
|
|
|
PsIsSystemProcess(
|
|
|
|
|
IN PEPROCESS Process
|
|
|
|
|
);
|
|
|
|
|
|
2009-06-10 19:24:38 +00:00
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsSetProcessPriorityByClass(
|
|
|
|
|
IN PEPROCESS Process,
|
|
|
|
|
IN PSPROCESSPRIORITYMODE Type
|
|
|
|
|
);
|
|
|
|
|
|
2009-08-03 21:01:48 +00:00
|
|
|
HANDLE
|
|
|
|
|
NTAPI
|
|
|
|
|
PsGetProcessInheritedFromUniqueProcessId(
|
|
|
|
|
IN PEPROCESS Process
|
|
|
|
|
);
|
|
|
|
|
|
2007-09-26 16:41:35 +00:00
|
|
|
//
|
|
|
|
|
// Quota Functions
|
|
|
|
|
//
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargePoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
|
|
|
|
IN POOL_TYPE PoolType,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargeProcessNonPagedPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargeProcessPagedPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
PsChargeProcessPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
|
|
|
|
IN POOL_TYPE PoolType,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
|
|
|
|
IN POOL_TYPE PoolType,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnProcessNonPagedPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
|
VOID
|
|
|
|
|
NTAPI
|
|
|
|
|
PsReturnProcessPagedPoolQuota(
|
|
|
|
|
IN PEPROCESS Process,
|
2008-05-06 23:19:22 +00:00
|
|
|
IN SIZE_T Amount
|
2007-09-26 16:41:35 +00:00
|
|
|
);
|
|
|
|
|
|
2005-06-18 23:33:40 +00:00
|
|
|
#endif
|
2005-11-25 00:17:40 +00:00
|
|
|
|
|
|
|
|
//
|
|
|
|
|
// Native Calls
|
|
|
|
|
//
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtAlertResumeThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
OUT PULONG SuspendCount
|
|
|
|
|
);
|
|
|
|
|
|
2006-10-23 21:28:17 +00:00
|
|
|
typedef ULONG APPHELPCACHESERVICECLASS;
|
2006-11-15 20:24:55 +00:00
|
|
|
NTSYSCALLAPI
|
2006-10-23 21:28:17 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtApphelpCacheControl(
|
|
|
|
|
IN APPHELPCACHESERVICECLASS Service,
|
|
|
|
|
IN PVOID ServiceData
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtAlertThread(
|
|
|
|
|
IN HANDLE ThreadHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtAssignProcessToJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
HANDLE ProcessHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateJobObject(
|
|
|
|
|
PHANDLE JobHandle,
|
|
|
|
|
ACCESS_MASK DesiredAccess,
|
|
|
|
|
POBJECT_ATTRIBUTES ObjectAttributes
|
|
|
|
|
);
|
|
|
|
|
|
2006-10-23 21:19:15 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateJobSet(
|
|
|
|
|
IN ULONG NumJob,
|
|
|
|
|
IN PJOB_SET_ARRAY UserJobSet,
|
|
|
|
|
IN ULONG Flags
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateProcess(
|
|
|
|
|
OUT PHANDLE ProcessHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
|
|
|
IN HANDLE ParentProcess,
|
|
|
|
|
IN BOOLEAN InheritObjectTable,
|
|
|
|
|
IN HANDLE SectionHandle OPTIONAL,
|
|
|
|
|
IN HANDLE DebugPort OPTIONAL,
|
|
|
|
|
IN HANDLE ExceptionPort OPTIONAL
|
|
|
|
|
);
|
|
|
|
|
|
2006-10-23 21:19:15 +00:00
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateProcessEx(
|
|
|
|
|
OUT PHANDLE ProcessHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
|
|
|
IN HANDLE ParentProcess,
|
|
|
|
|
IN ULONG Flags,
|
|
|
|
|
IN HANDLE SectionHandle OPTIONAL,
|
|
|
|
|
IN HANDLE DebugPort OPTIONAL,
|
|
|
|
|
IN HANDLE ExceptionPort OPTIONAL,
|
|
|
|
|
IN BOOLEAN InJob
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtCreateThread(
|
|
|
|
|
OUT PHANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
OUT PCLIENT_ID ClientId,
|
|
|
|
|
IN PCONTEXT ThreadContext,
|
|
|
|
|
IN PINITIAL_TEB UserStack,
|
|
|
|
|
IN BOOLEAN CreateSuspended
|
|
|
|
|
);
|
|
|
|
|
|
2006-09-07 21:36:15 +00:00
|
|
|
#ifndef NTOS_MODE_USER
|
2007-01-01 14:50:16 +00:00
|
|
|
#if defined(_M_IX86)
|
2006-09-07 21:36:15 +00:00
|
|
|
FORCEINLINE
|
|
|
|
|
PTEB
|
|
|
|
|
NtCurrentTeb(VOID)
|
|
|
|
|
{
|
|
|
|
|
#ifndef __GNUC__
|
|
|
|
|
return (PTEB)(ULONG_PTR)__readfsdword(0x18);
|
|
|
|
|
#else
|
|
|
|
|
struct _TEB *ret;
|
|
|
|
|
|
|
|
|
|
__asm__ __volatile__ (
|
|
|
|
|
"movl %%fs:0x18, %0\n"
|
|
|
|
|
: "=r" (ret)
|
|
|
|
|
: /* no inputs */
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
return ret;
|
|
|
|
|
#endif
|
|
|
|
|
}
|
Merge 34739 - 34769, 34796 - 34905, 34916 - 34967, 34970 - 35135, 35167, 35325, 35326, 35443 - 35506, 35510 - 35546, 35587, 35616,
35644 from ros-amd64-bringup branch:
- Update AMD64 intrinsic Interlocked functions
- Add _InterlockedExchange64 to intin_x86.h
-Fix definitions of IsBadHugeReadPtr, IsBadHugeWritePtr, IsBadReadPtr, IsBadStringPtrA, IsBadStringPtrW, IsBadWritePtr and SetProcessWorkingSetSize
- Define CONTEXT and XMM_SAVE_AREA32, taken from WINE
- Include _M_AMD64 for defintitions in ioaccess.h
- Add Interlocked intrinisc definitions for AMD64 platform
- Add KI_USER_SHARED_DATA and KeGetCurrentIrql() prototype to winddh
- Fix prototypes for KfAcquireSpinLock, KfReleaseSpinLock, KeAcquireInStackQueuedSpinLock and KeReleaseInStackQueuedSpinLock on amd64
- Fix rotl declaration, add mysteriously missing rotr.
winnt.h:
- Fix CONTEXT_AMD64 and friends, add various constants.
- Define RUNTIME_FUNCTION, RtlCaptureContext, RtlRestoreContext, RtlAddFunctionTable, RtlInstallFunctionTableCallback, RtlDeleteFunctionTable.
- Fix definitions for EXCEPTION_RECORD and friends to support amd64.
- Define IMAGE_THUNK_DATA64 and related constants.
- Define IMAGE_TLS_DIRECTORY64 and related constants.
- Remove WINEisms
- Remove multiple declarations and minor fixes.
- Fix KESEG0_BASE for amd64
- Fix definition for NdisCopyLookaheadData on amd64
- Only add function prototypes if NO_INTERLOCKED_INTRINSICS is defined
- Move the inlined InterlockedAnd/Or from rtl to winbase.h and rename it to InterlockedAnd/Or_Inline
- Fix TreeView_EnsureVisible macro.
- Add missing 64 bit intrinsic Interlocked functions
- Fix _InterlockedDecrement64
- Fix InterlockedExchangeAddSizeT
- Fix __writecrx instrinsics
- Fix ExQueryPoolBlockSize prototype
- Make KI_USER_SHARED_DATA and IMAGE_ORDINAL_FLAG64 a ULONGLONG
- Fix definition if IMAGE_OPTIONAL_HEADER64
- Add KPCR structure
- Add __readcrx intrinsics
- Ad some definitions to winddk.h
- Add a field for a DbgPrint function pointer to the ROS_LOADER_PARAMETER_BLOCK for early debug prints in ntoskrnl
- Update KPCR and KIPCR
- Add KeGetPcr() and update KeGetCurrentProcessorNumber
- Fix SECURITY_DESCRIPTOR_RELATIVE and KDPC_DATA
- Implement byteswap intrinsics
- Add macro definitions for KeQuerySystemTime, KeQueryTickCount and KeQueryInterruptTime to ddk
- Add NtCurrentTeb inline function
- Update amd64 prototypes for KeGetCurrentIrql, KfRaiseIrql, KfLowerIrql, KeRaiseIrqlToDpcLevel, KeRaiseIrqlToSynchLevel, KeLowerIrql, KeRaiseIrql
- Implement __readcr8, __writecr8, __lidt and __sidt intrinsics.
- Implement KeGetCurrentIrql as intrinsic.
- Make KeGetCurrentIrql, KeLowerIrql, KfRaiseIrql, KeRaiseIrql, KeRaiseIrqlToDpcLevel and KeRaiseIrqlToSynchLevel intrinsics as in the WDK 2008.
- Fix _interlockedbittest intrinsics
- Fix __readmsr and __writemsr on amd64
- Fix __readgsqword, it was using a long internally. Add volatile keyword to segment addressing intrinsics. Add "memory" to clobber list on all those that do write.
- Merge __readcr and __writecr x86 / x64 definitions, because they are the same. Implement __readdr and __writedr for x64.
- __readcr3() returns an unsigned __int64, fix x86 MmGetPageDirectory accordingly.
svn path=/trunk/; revision=35646
2008-08-25 21:57:13 +00:00
|
|
|
#elif defined (_M_AMD64)
|
|
|
|
|
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
|
|
|
|
|
{
|
|
|
|
|
return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
|
|
|
|
|
}
|
2006-09-07 21:36:15 +00:00
|
|
|
#endif
|
2007-01-01 14:50:16 +00:00
|
|
|
#else
|
|
|
|
|
struct _TEB * NtCurrentTeb(void);
|
|
|
|
|
#endif
|
2006-09-07 21:36:15 +00:00
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtImpersonateThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN HANDLE ThreadToImpersonate,
|
|
|
|
|
IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtIsProcessInJob(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN HANDLE JobHandle OPTIONAL
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenProcess(
|
|
|
|
|
OUT PHANDLE ProcessHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
IN PCLIENT_ID ClientId
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenThread(
|
|
|
|
|
OUT PHANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
IN PCLIENT_ID ClientId
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenThreadToken(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN BOOLEAN OpenAsSelf,
|
|
|
|
|
OUT PHANDLE TokenHandle
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtOpenThreadTokenEx(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN BOOLEAN OpenAsSelf,
|
|
|
|
|
IN ULONG HandleAttributes,
|
|
|
|
|
OUT PHANDLE TokenHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtQueryInformationJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
PVOID JobInformation,
|
|
|
|
|
ULONG JobInformationLength,
|
|
|
|
|
PULONG ReturnLength
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
#ifndef _NTDDK_
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtQueryInformationProcess(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
OUT PVOID ProcessInformation,
|
|
|
|
|
IN ULONG ProcessInformationLength,
|
|
|
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
|
|
|
);
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtQueryInformationThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
OUT PVOID ThreadInformation,
|
|
|
|
|
IN ULONG ThreadInformationLength,
|
|
|
|
|
OUT PULONG ReturnLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtRegisterThreadTerminatePort(
|
|
|
|
|
HANDLE TerminationPort
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtResumeThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
OUT PULONG SuspendCount
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtResumeProcess(
|
|
|
|
|
IN HANDLE ProcessHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSetInformationJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
PVOID JobInformation,
|
|
|
|
|
ULONG JobInformationLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSetInformationProcess(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
IN PVOID ProcessInformation,
|
|
|
|
|
IN ULONG ProcessInformationLength
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSetInformationThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
IN PVOID ThreadInformation,
|
|
|
|
|
IN ULONG ThreadInformationLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSuspendProcess(
|
|
|
|
|
IN HANDLE ProcessHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-05-10 17:47:44 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtSuspendThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN PULONG PreviousSuspendCount
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtTerminateProcess(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN NTSTATUS ExitStatus
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtTerminateThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN NTSTATUS ExitStatus
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSCALLAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
NtTerminateJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
NTSTATUS ExitStatus
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwAlertResumeThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
OUT PULONG SuspendCount
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwAlertThread(
|
|
|
|
|
IN HANDLE ThreadHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwAssignProcessToJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
HANDLE ProcessHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwCreateJobObject(
|
|
|
|
|
PHANDLE JobHandle,
|
|
|
|
|
ACCESS_MASK DesiredAccess,
|
|
|
|
|
POBJECT_ATTRIBUTES ObjectAttributes
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwCreateProcess(
|
|
|
|
|
OUT PHANDLE ProcessHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
|
|
|
IN HANDLE ParentProcess,
|
|
|
|
|
IN BOOLEAN InheritObjectTable,
|
|
|
|
|
IN HANDLE SectionHandle OPTIONAL,
|
|
|
|
|
IN HANDLE DebugPort OPTIONAL,
|
|
|
|
|
IN HANDLE ExceptionPort OPTIONAL
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwCreateThread(
|
|
|
|
|
OUT PHANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
OUT PCLIENT_ID ClientId,
|
|
|
|
|
IN PCONTEXT ThreadContext,
|
|
|
|
|
IN PINITIAL_TEB UserStack,
|
|
|
|
|
IN BOOLEAN CreateSuspended
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwImpersonateThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN HANDLE ThreadToImpersonate,
|
|
|
|
|
IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwIsProcessInJob(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN HANDLE JobHandle OPTIONAL
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenProcess(
|
|
|
|
|
OUT PHANDLE ProcessHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
IN PCLIENT_ID ClientId
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenThread(
|
|
|
|
|
OUT PHANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
|
IN PCLIENT_ID ClientId
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenThreadToken(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN BOOLEAN OpenAsSelf,
|
|
|
|
|
OUT PHANDLE TokenHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwOpenThreadTokenEx(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN ACCESS_MASK DesiredAccess,
|
|
|
|
|
IN BOOLEAN OpenAsSelf,
|
|
|
|
|
IN ULONG HandleAttributes,
|
|
|
|
|
OUT PHANDLE TokenHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwQueryInformationJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
PVOID JobInformation,
|
|
|
|
|
ULONG JobInformationLength,
|
|
|
|
|
PULONG ReturnLength
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
#ifndef _NTDDK_
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwQueryInformationProcess(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
OUT PVOID ProcessInformation,
|
|
|
|
|
IN ULONG ProcessInformationLength,
|
|
|
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
|
|
|
);
|
|
|
|
|
#endif
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwQueryInformationThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
OUT PVOID ThreadInformation,
|
|
|
|
|
IN ULONG ThreadInformationLength,
|
|
|
|
|
OUT PULONG ReturnLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwRegisterThreadTerminatePort(
|
|
|
|
|
HANDLE TerminationPort
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwResumeThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
OUT PULONG SuspendCount
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwResumeProcess(
|
|
|
|
|
IN HANDLE ProcessHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSetInformationJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
JOBOBJECTINFOCLASS JobInformationClass,
|
|
|
|
|
PVOID JobInformation,
|
|
|
|
|
ULONG JobInformationLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSetInformationProcess(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
|
IN PVOID ProcessInformation,
|
|
|
|
|
IN ULONG ProcessInformationLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSetInformationThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN THREADINFOCLASS ThreadInformationClass,
|
|
|
|
|
IN PVOID ThreadInformation,
|
|
|
|
|
IN ULONG ThreadInformationLength
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSuspendProcess(
|
|
|
|
|
IN HANDLE ProcessHandle
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwSuspendThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN PULONG PreviousSuspendCount
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwTerminateProcess(
|
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
|
IN NTSTATUS ExitStatus
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwTerminateThread(
|
|
|
|
|
IN HANDLE ThreadHandle,
|
|
|
|
|
IN NTSTATUS ExitStatus
|
|
|
|
|
);
|
|
|
|
|
|
2006-03-04 17:27:40 +00:00
|
|
|
NTSYSAPI
|
2005-11-25 00:17:40 +00:00
|
|
|
NTSTATUS
|
|
|
|
|
NTAPI
|
|
|
|
|
ZwTerminateJobObject(
|
|
|
|
|
HANDLE JobHandle,
|
|
|
|
|
NTSTATUS ExitStatus
|
|
|
|
|
);
|
|
|
|
|
|
2008-06-16 09:20:47 +00:00
|
|
|
#ifdef __cplusplus
|
|
|
|
|
}
|
|
|
|
|
#endif
|
|
|
|
|
|
2005-11-25 00:17:40 +00:00
|
|
|
#endif
|