2010-03-13 00:34:48 +00:00
|
|
|
/******************************************************************************
|
|
|
|
* Process Manager Functions *
|
|
|
|
******************************************************************************/
|
2010-03-23 00:27:32 +00:00
|
|
|
$if (_WDMDDK_)
|
2010-03-23 21:04:48 +00:00
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsWrapApcWow64Thread(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Inout_ PVOID *ApcContext,
|
|
|
|
_Inout_ PVOID *ApcRoutine);
|
2010-03-23 21:04:48 +00:00
|
|
|
|
2010-03-13 00:34:48 +00:00
|
|
|
/*
|
|
|
|
* PEPROCESS
|
|
|
|
* PsGetCurrentProcess(VOID)
|
|
|
|
*/
|
|
|
|
#define PsGetCurrentProcess IoGetCurrentProcess
|
|
|
|
|
|
|
|
#if !defined(_PSGETCURRENTTHREAD_)
|
|
|
|
#define _PSGETCURRENTTHREAD_
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
2010-03-13 00:34:48 +00:00
|
|
|
FORCEINLINE
|
|
|
|
PETHREAD
|
|
|
|
NTAPI
|
2010-03-18 22:45:30 +00:00
|
|
|
PsGetCurrentThread(VOID)
|
2010-03-13 00:34:48 +00:00
|
|
|
{
|
|
|
|
return (PETHREAD)KeGetCurrentThread();
|
|
|
|
}
|
2010-03-23 21:04:48 +00:00
|
|
|
#endif /* !_PSGETCURRENTTHREAD_ */
|
2010-03-13 00:34:48 +00:00
|
|
|
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_WDMDDK_)
|
2010-03-23 21:04:48 +00:00
|
|
|
$if (_NTDDK_)
|
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
__kernel_entry
|
2010-03-23 21:04:48 +00:00
|
|
|
NTSYSCALLAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
NtOpenProcess(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Out_ PHANDLE ProcessHandle,
|
|
|
|
_In_ ACCESS_MASK DesiredAccess,
|
|
|
|
_In_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
_In_opt_ PCLIENT_ID ClientId);
|
2010-03-23 21:04:48 +00:00
|
|
|
|
|
|
|
NTSYSCALLAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
NtQueryInformationProcess(
|
|
|
|
IN HANDLE ProcessHandle,
|
|
|
|
IN PROCESSINFOCLASS ProcessInformationClass,
|
|
|
|
OUT PVOID ProcessInformation OPTIONAL,
|
|
|
|
IN ULONG ProcessInformationLength,
|
|
|
|
OUT PULONG ReturnLength OPTIONAL);
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTDDK_)
|
|
|
|
$if (_NTIFS_)
|
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsLookupProcessByProcessId(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ HANDLE ProcessId,
|
|
|
|
_Outptr_ PEPROCESS *Process);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsLookupThreadByThreadId(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ HANDLE UniqueThreadId,
|
|
|
|
_Outptr_ PETHREAD *Thread);
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTIFS_)
|
2010-03-13 00:34:48 +00:00
|
|
|
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_WIN2K)
|
|
|
|
|
2010-03-23 21:04:48 +00:00
|
|
|
$if (_WDMDDK_)
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
|
|
|
_Post_satisfies_(return <= 0)
|
|
|
|
_Must_inspect_result_
|
2010-03-23 21:04:48 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsCreateSystemThread(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Out_ PHANDLE ThreadHandle,
|
|
|
|
_In_ ULONG DesiredAccess,
|
|
|
|
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
|
|
|
|
_In_opt_ HANDLE ProcessHandle,
|
|
|
|
_Out_opt_ PCLIENT_ID ClientId,
|
|
|
|
_In_ PKSTART_ROUTINE StartRoutine,
|
|
|
|
_In_opt_ _When_(return==0, __drv_aliasesMem) PVOID StartContext);
|
2010-03-23 21:04:48 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-23 21:04:48 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsTerminateSystemThread(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ NTSTATUS ExitStatus);
|
2010-03-23 21:04:48 +00:00
|
|
|
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_WDMDDK_)
|
2010-03-23 00:27:32 +00:00
|
|
|
$if (_NTDDK_)
|
2010-03-23 21:04:48 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsSetCreateProcessNotifyRoutine(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PCREATE_PROCESS_NOTIFY_ROUTINE NotifyRoutine,
|
|
|
|
_In_ BOOLEAN Remove);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsSetCreateThreadNotifyRoutine(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsSetLoadImageNotifyRoutine(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
HANDLE
|
|
|
|
NTAPI
|
|
|
|
PsGetCurrentProcessId(VOID);
|
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
HANDLE
|
|
|
|
NTAPI
|
|
|
|
PsGetCurrentThreadId(VOID);
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
PsGetVersion(
|
|
|
|
OUT PULONG MajorVersion OPTIONAL,
|
|
|
|
OUT PULONG MinorVersion OPTIONAL,
|
|
|
|
OUT PULONG BuildNumber OPTIONAL,
|
|
|
|
OUT PUNICODE_STRING CSDVersion OPTIONAL);
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTDDK_)
|
|
|
|
$if (_NTIFS_)
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
PACCESS_TOKEN
|
|
|
|
NTAPI
|
|
|
|
PsReferenceImpersonationToken(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Inout_ PETHREAD Thread,
|
|
|
|
_Out_ PBOOLEAN CopyOnOpen,
|
|
|
|
_Out_ PBOOLEAN EffectiveOnly,
|
|
|
|
_Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
|
2010-03-13 00:34:48 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
LARGE_INTEGER
|
|
|
|
NTAPI
|
|
|
|
PsGetProcessExitTime(VOID);
|
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
PsIsThreadTerminating(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PETHREAD Thread);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsImpersonateClient(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Inout_ PETHREAD Thread,
|
|
|
|
_In_opt_ PACCESS_TOKEN Token,
|
|
|
|
_In_ BOOLEAN CopyOnOpen,
|
|
|
|
_In_ BOOLEAN EffectiveOnly,
|
|
|
|
_In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
PsDisableImpersonation(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Inout_ PETHREAD Thread,
|
|
|
|
_Inout_ PSE_IMPERSONATION_STATE ImpersonationState);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
PsRestoreImpersonation(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Inout_ PETHREAD Thread,
|
|
|
|
_In_ PSE_IMPERSONATION_STATE ImpersonationState);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
PsRevertToSelf(VOID);
|
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
PsChargePoolQuota(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
_In_ POOL_TYPE PoolType,
|
|
|
|
_In_ ULONG_PTR Amount);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
PsReturnPoolQuota(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
_In_ POOL_TYPE PoolType,
|
|
|
|
_In_ ULONG_PTR Amount);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsAssignImpersonationToken(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PETHREAD Thread,
|
|
|
|
_In_opt_ HANDLE Token);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
HANDLE
|
|
|
|
NTAPI
|
|
|
|
PsReferencePrimaryToken(
|
2012-01-22 14:43:53 +00:00
|
|
|
_Inout_ PEPROCESS Process);
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTIFS_)
|
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */
|
|
|
|
$if (_NTDDK_ || _NTIFS_)
|
2010-03-23 00:27:32 +00:00
|
|
|
#if (NTDDI_VERSION >= NTDDI_WINXP)
|
2012-01-13 17:45:26 +00:00
|
|
|
$endif (_NTDDK_ || _NTIFS_)
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2010-03-27 15:31:25 +00:00
|
|
|
$if (_NTDDK_)
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
HANDLE
|
|
|
|
NTAPI
|
|
|
|
PsGetProcessId(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PEPROCESS Process);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
HANDLE
|
|
|
|
NTAPI
|
|
|
|
PsGetThreadId(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PETHREAD Thread);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsRemoveCreateThreadNotifyRoutine(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsRemoveLoadImageNotifyRoutine(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine);
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(DISPATCH_LEVEL)
|
2010-03-23 00:27:32 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
LONGLONG
|
|
|
|
NTAPI
|
|
|
|
PsGetProcessCreateTimeQuadPart(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PEPROCESS Process);
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTDDK_)
|
|
|
|
$if (_NTIFS_)
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
PsDereferencePrimaryToken(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PACCESS_TOKEN PrimaryToken);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_IRQL_requires_max_(PASSIVE_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
VOID
|
|
|
|
NTAPI
|
|
|
|
PsDereferenceImpersonationToken(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PACCESS_TOKEN ImpersonationToken);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
2012-01-22 14:43:53 +00:00
|
|
|
_Must_inspect_result_
|
|
|
|
_IRQL_requires_max_(APC_LEVEL)
|
2010-03-27 15:31:25 +00:00
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsChargeProcessPoolQuota(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PEPROCESS Process,
|
|
|
|
_In_ POOL_TYPE PoolType,
|
|
|
|
_In_ ULONG_PTR Amount);
|
2010-03-27 15:31:25 +00:00
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
PsIsSystemThread(
|
2012-01-22 14:43:53 +00:00
|
|
|
_In_ PETHREAD Thread);
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTIFS_)
|
|
|
|
$if (_NTDDK_ || _NTIFS_)
|
2010-03-23 00:27:32 +00:00
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WINXP) */
|
2012-01-13 17:45:26 +00:00
|
|
|
$endif (_NTDDK_ || _NTIFS_)
|
2010-03-23 00:27:32 +00:00
|
|
|
|
2010-03-27 15:31:25 +00:00
|
|
|
$if (_NTDDK_)
|
2010-03-23 00:27:32 +00:00
|
|
|
#if (NTDDI_VERSION >= NTDDI_WS03)
|
|
|
|
NTKERNELAPI
|
|
|
|
HANDLE
|
|
|
|
NTAPI
|
|
|
|
PsGetThreadProcessId(
|
|
|
|
IN PETHREAD Thread);
|
2010-03-23 21:04:48 +00:00
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_WS03) */
|
2010-03-23 00:27:32 +00:00
|
|
|
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_VISTA)
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
PsSetCurrentThreadPrefetching(
|
|
|
|
IN BOOLEAN Prefetching);
|
|
|
|
|
|
|
|
NTKERNELAPI
|
|
|
|
BOOLEAN
|
|
|
|
NTAPI
|
|
|
|
PsIsCurrentThreadPrefetching(VOID);
|
|
|
|
|
2010-03-23 21:04:48 +00:00
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_VISTA) */
|
2010-03-23 00:27:32 +00:00
|
|
|
|
|
|
|
#if (NTDDI_VERSION >= NTDDI_VISTASP1)
|
|
|
|
NTKERNELAPI
|
|
|
|
NTSTATUS
|
|
|
|
NTAPI
|
|
|
|
PsSetCreateProcessNotifyRoutineEx(
|
|
|
|
IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine,
|
|
|
|
IN BOOLEAN Remove);
|
2010-03-23 21:04:48 +00:00
|
|
|
#endif /* (NTDDI_VERSION >= NTDDI_VISTASP1) */
|
2010-03-27 15:31:25 +00:00
|
|
|
$endif (_NTDDK_)
|