2006-11-08 11:47:44 +00:00
|
|
|
/*
|
2021-05-02 18:52:18 +00:00
|
|
|
* PROJECT: ReactOS Kernel
|
|
|
|
* LICENSE: GPL-2.0-or-later (https://spdx.org/licenses/GPL-2.0-or-later)
|
|
|
|
* PURPOSE: Info Classes for the Process Manager
|
|
|
|
* COPYRIGHT: Copyright Alex Ionescu <alex.ionescu@reactos.org>
|
|
|
|
* Copyright Thomas Weidenmueller <w3seek@reactos.org>
|
2021-06-06 17:47:51 +00:00
|
|
|
* Copyright 2020-2021 George Bișoc <george.bisoc@reactos.org>
|
2021-05-02 18:52:18 +00:00
|
|
|
*/
|
|
|
|
|
|
|
|
#include "icif.h"
|
|
|
|
|
|
|
|
//
|
|
|
|
// Process Information Classes
|
|
|
|
//
|
|
|
|
static const INFORMATION_CLASS_INFO PsProcessInfoClass[] =
|
|
|
|
{
|
|
|
|
/* ProcessBasicInformation */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PROCESS_BASIC_INFORMATION,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessQuotaLimits */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
QUOTA_LIMITS,
|
|
|
|
ULONG,
|
2021-07-15 06:55:06 +00:00
|
|
|
ICIF_QUERY | ICIF_SET | ICIF_SET_SIZE_VARIABLE
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessIoCounters */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
IO_COUNTERS,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessVmCounters */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
VM_COUNTERS,
|
|
|
|
ULONG,
|
|
|
|
ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE
|
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessTimes */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
KERNEL_USER_TIMES,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessBasePriority */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
KPRIORITY,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessRaisePriority */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessDebugPort */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
HANDLE,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessExceptionPort */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
HANDLE,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessAccessToken */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PROCESS_ACCESS_TOKEN,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessLdtInformation */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PROCESS_LDT_INFORMATION,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessLdtSize */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PROCESS_LDT_SIZE,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessDefaultHardErrorMode */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessIoPortHandlers */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
UCHAR,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessPooledUsageAndLimits */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
POOLED_USAGE_AND_LIMITS,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessWorkingSetWatch */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PROCESS_WS_WATCH_INFORMATION,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET | ICIF_SET_SIZE_VARIABLE
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
2021-06-20 13:46:58 +00:00
|
|
|
/* ProcessUserModeIOPL is only implemented in x86 */
|
|
|
|
#if defined (_X86_)
|
|
|
|
IQS_NO_TYPE_LENGTH
|
2021-05-02 18:52:18 +00:00
|
|
|
(
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
2021-06-20 13:46:58 +00:00
|
|
|
#else
|
|
|
|
IQS_NONE,
|
|
|
|
#endif
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessEnableAlignmentFaultFixup */
|
|
|
|
IQS
|
|
|
|
(
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
BOOLEAN,
|
2021-05-02 18:52:18 +00:00
|
|
|
CHAR,
|
|
|
|
BOOLEAN,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
CHAR,
|
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessPriorityClass */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
PROCESS_PRIORITY_CLASS,
|
|
|
|
ULONG,
|
|
|
|
PROCESS_PRIORITY_CLASS,
|
|
|
|
CHAR,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessWx86Information */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessHandleCount */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessAffinityMask */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
KAFFINITY,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessPriorityBoost */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessDeviceMap */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
RTL_FIELD_TYPE(PROCESS_DEVICEMAP_INFORMATION, Query),
|
|
|
|
ULONG,
|
|
|
|
RTL_FIELD_TYPE(PROCESS_DEVICEMAP_INFORMATION, Set),
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessSessionInformation */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PROCESS_SESSION_INFORMATION,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessForegroundInformation */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
CHAR,
|
|
|
|
CHAR,
|
|
|
|
BOOLEAN,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
CHAR,
|
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessWow64Information */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
2021-06-20 13:46:58 +00:00
|
|
|
ULONG_PTR,
|
2021-05-02 18:52:18 +00:00
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessImageFileName */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
UNICODE_STRING,
|
|
|
|
ULONG,
|
|
|
|
ICIF_QUERY | ICIF_QUERY_SIZE_VARIABLE
|
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessLUIDDeviceMapsEnabled */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessBreakOnTermination */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessDebugObjectHandle */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
HANDLE,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessDebugFlags */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessHandleTracing */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
PROCESS_HANDLE_TRACING_QUERY,
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ULONG,
|
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessIoPriority */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessExecuteFlags */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessTlsInformation */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessCookie */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessImageInformation */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
SECTION_IMAGE_INFORMATION,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessCycleTime */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessPagePriority */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessInstrumentationCallback */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessThreadStackAllocation */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessWorkingSetWatchEx */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessImageFileNameWin32 */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
CHAR,
|
|
|
|
CHAR,
|
|
|
|
ICIF_NONE
|
|
|
|
),
|
|
|
|
|
|
|
|
/* ProcessImageFileMapping */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessAffinityUpdateMode */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ProcessMemoryAllocationMode */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
//
|
|
|
|
// Thread Information Classes
|
|
|
|
//
|
|
|
|
static const INFORMATION_CLASS_INFO PsThreadInfoClass[] =
|
|
|
|
{
|
|
|
|
/* ThreadBasicInformation */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
THREAD_BASIC_INFORMATION,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadTimes */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
KERNEL_USER_TIMES,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadPriority */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
KPRIORITY,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadBasePriority */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
LONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadAffinityMask */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
KAFFINITY,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadImpersonationToken */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
HANDLE,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadDescriptorTableEntry is only implemented in x86 as well as the descriptor entry */
|
|
|
|
#if defined(_X86_)
|
|
|
|
/* ThreadDescriptorTableEntry */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
DESCRIPTOR_TABLE_ENTRY,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
#else
|
|
|
|
IQS_NONE,
|
|
|
|
#endif
|
|
|
|
|
|
|
|
/* ThreadEnableAlignmentFaultFixup */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
CHAR,
|
|
|
|
CHAR,
|
|
|
|
BOOLEAN,
|
|
|
|
UCHAR,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadEventPair_Reusable */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadQuerySetWin32StartAddress */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
PVOID,
|
|
|
|
ULONG,
|
|
|
|
ULONG_PTR,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadZeroTlsCell */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
2021-06-20 13:46:58 +00:00
|
|
|
ULONG,
|
2021-05-02 18:52:18 +00:00
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadPerformanceCount */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
LARGE_INTEGER,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadAmILastThread */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadIdealProcessor */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG_PTR,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadPriorityBoost */
|
|
|
|
IQS
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
|
|
|
ULONG_PTR,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadSetTlsArrayAddress */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
PVOID,
|
|
|
|
ULONG,
|
|
|
|
ICIF_SET | ICIF_SIZE_VARIABLE
|
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadIsIoPending */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadHideFromDebugger */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
CHAR,
|
|
|
|
ULONG,
|
|
|
|
ICIF_SET | ICIF_SET_SIZE_VARIABLE
|
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadBreakOnTermination */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY | ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadSwitchLegacyState */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_SET
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadIsTerminated */
|
|
|
|
IQS_SAME
|
|
|
|
(
|
|
|
|
ULONG,
|
|
|
|
ULONG,
|
[NTOS:PS] Enable alignment probing for thread/process information classes
In addition to that, here are some stuff done in this commit whilst testing:
- ICIF_QUERY_SIZE_VARIABLE and friends were badly misused, they should be used only when an information class whose information length size is dyanmic and not fixed. By removing such flags from erroneous classes, this fixes the STATUS_INFO_LENGTH_MISMATCH testcases.
- Use CHAR instead of UCHAR for classes that do not need alignment probing, as every other class in the table do, for the sake of consistency.
- ProcessEnableAlignmentFaultFixup uses BOOLEAN as type size, not CHAR. This fixes a testcase failure on ROS.
- Check for information length size before proceeding further on querying the process' cookie information.
- ProcessHandleTracing wants an alignment of a ULONG, not CHAR.
- Move PROCESS_LDT_INFORMATION and PROCESS_LDT_SIZE outside of NTOS_MODE_USER macro case. This fixes a compilation issue when enabling the alignment probing. My mistake of having them inside NTOS_MODE_USER case, sorry.
- On functions like NtQueryInformationThread and the Process equivalent, complete probing is not done at the beginning of the function, complete probing including if the buffer is writable alongside with datatype misalignment check that is. Instead such check is done on each information class case basis. With that said, we have to explicitly tell DefaultQueryInfoBufferCheck if we want a complete probing or not initially.
2021-05-03 13:46:35 +00:00
|
|
|
ICIF_QUERY
|
2021-05-02 18:52:18 +00:00
|
|
|
),
|
|
|
|
|
|
|
|
/* ThreadLastSystemCall */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadIoPriority */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadCycleTime */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadPagePriority */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadActualBasePriority */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadTebInformation */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
|
|
|
|
/* ThreadCSwitchMon */
|
2021-06-06 17:47:51 +00:00
|
|
|
IQS_NONE,
|
2021-05-02 18:52:18 +00:00
|
|
|
};
|