/*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: obfuncs.h Abstract: Function definitions for the Object Manager Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _OBFUNCS_H #define _OBFUNCS_H // // Dependencies // #include #include #include #ifdef __cplusplus extern "C" { #endif #ifndef NTOS_MODE_USER // // Object Functions // NTKERNELAPI NTSTATUS NTAPI ObAssignSecurity( _In_ PACCESS_STATE AccessState, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ PVOID Object, _In_ POBJECT_TYPE Type ); NTKERNELAPI NTSTATUS NTAPI ObCloseHandle( _In_ HANDLE Handle, _In_ KPROCESSOR_MODE AccessMode ); NTKERNELAPI NTSTATUS NTAPI ObCreateObject( _In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _In_ ULONG ObjectSize, _In_opt_ ULONG PagedPoolCharge, _In_opt_ ULONG NonPagedPoolCharge, _Out_ PVOID *Object ); NTKERNELAPI NTSTATUS NTAPI ObCreateObjectType( _In_ PUNICODE_STRING TypeName, _In_ POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, _Reserved_ PVOID Reserved, _Out_ POBJECT_TYPE *ObjectType ); NTKERNELAPI VOID NTAPI ObDereferenceSecurityDescriptor( _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Count ); NTKERNELAPI ULONG NTAPI ObGetObjectPointerCount( _In_ PVOID Object ); NTKERNELAPI NTSTATUS NTAPI ObLogSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR InputSecurityDescriptor, _Out_ PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, _In_ ULONG RefBias ); NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByName( _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _In_opt_ PACCESS_STATE PassedAccessState, _In_ ACCESS_MASK DesiredAccess, _Inout_opt_ PVOID ParseContext, _Out_ PHANDLE Handle ); NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName( _In_ PUNICODE_STRING ObjectName, _In_ ULONG Attributes, _In_opt_ PACCESS_STATE PassedAccessState, _In_opt_ ACCESS_MASK DesiredAccess, _In_ POBJECT_TYPE ObjectType, _In_ KPROCESSOR_MODE AccessMode, _Inout_opt_ PVOID ParseContext, _Out_ PVOID *Object ); NTKERNELAPI VOID NTAPI ObReferenceSecurityDescriptor( _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Count ); NTKERNELAPI NTSTATUS NTAPI ObSetSecurityObjectByPointer( _In_ PVOID Object, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor ); NTKERNELAPI BOOLEAN NTAPI ObFindHandleForObject( _In_ PEPROCESS Process, _In_ PVOID Object, _In_ POBJECT_TYPE ObjectType, _In_opt_ POBJECT_HANDLE_INFORMATION HandleInformation, _Out_opt_ PHANDLE Handle ); NTKERNELAPI VOID NTAPI ObDereferenceObjectDeferDelete( _In_ PVOID Object ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtClose( _In_ HANDLE Handle ); __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateDirectoryObject( _Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject( _Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name ); __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( _In_ PUNICODE_STRING SubsystemName, _In_opt_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose ); NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateObject( _In_ HANDLE SourceProcessHandle, _In_ HANDLE SourceHandle, _In_ HANDLE TargetProcessHandle, _Out_ PHANDLE TargetHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ ULONG Options ); NTSYSCALLAPI NTSTATUS NTAPI NtMakePermanentObject( _In_ HANDLE Object ); NTSYSCALLAPI NTSTATUS NTAPI NtMakeTemporaryObject( _In_ HANDLE Handle ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenDirectoryObject( _Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenJobObject( _Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject( _Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryObject( _In_ HANDLE DirectoryHandle, _Out_ PVOID Buffer, _In_ ULONG BufferLength, _In_ BOOLEAN ReturnSingleEntry, _In_ BOOLEAN RestartScan, _Inout_ PULONG Context, _Out_opt_ PULONG ReturnLength ); _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject( _In_opt_ HANDLE Handle, _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength, _Out_opt_ PULONG ReturnLength ); _IRQL_requires_max_(PASSIVE_LEVEL) __kernel_entry NTSYSCALLAPI NTSTATUS NTAPI NtQuerySecurityObject( _In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Length, _Out_ PULONG LengthNeeded ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject( _In_ HANDLE SymLinkObjHandle, _Out_ PUNICODE_STRING LinkTarget, _Out_opt_ PULONG DataWritten ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationObject( _In_ HANDLE ObjectHandle, _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, _In_ PVOID ObjectInformation, _In_ ULONG Length ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject( _In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor ); NTSYSCALLAPI NTSTATUS NTAPI NtSignalAndWaitForSingleObject( _In_ HANDLE SignalObject, _In_ HANDLE WaitObject, _In_ BOOLEAN Alertable, _In_ PLARGE_INTEGER Time ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForMultipleObjects( _In_ ULONG Count, _In_ HANDLE Object[], _In_ WAIT_TYPE WaitType, _In_ BOOLEAN Alertable, _In_ PLARGE_INTEGER Time ); NTSTATUS NTAPI NtWaitForMultipleObjects32( _In_ ULONG ObjectCount, _In_ PLONG Handles, _In_ WAIT_TYPE WaitType, _In_ BOOLEAN Alertable, _In_opt_ PLARGE_INTEGER TimeOut ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForSingleObject( _In_ HANDLE Object, _In_ BOOLEAN Alertable, _In_opt_ PLARGE_INTEGER Timeout ); NTSYSAPI NTSTATUS NTAPI ZwClose( _In_ HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI ZwCloseObjectAuditAlarm( _In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject( _Out_ PHANDLE DirectoryHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject( _Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes, _In_ PUNICODE_STRING Name ); NTSYSAPI NTSTATUS NTAPI ZwDeleteObjectAuditAlarm( _In_ PUNICODE_STRING SubsystemName, _In_ PVOID HandleId, _In_ BOOLEAN GenerateOnClose ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwDuplicateObject( _In_ HANDLE SourceProcessHandle, _In_ HANDLE SourceHandle, _In_opt_ HANDLE TargetProcessHandle, _Out_opt_ PHANDLE TargetHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ ULONG Options ); NTSYSAPI NTSTATUS NTAPI ZwMakePermanentObject( _In_ HANDLE Object ); NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject( _In_ HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject( _Out_ PHANDLE FileHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenJobObject( _Out_ PHANDLE JobHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject( _Out_ PHANDLE SymbolicLinkHandle, _In_ ACCESS_MASK DesiredAccess, _In_ POBJECT_ATTRIBUTES ObjectAttributes ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwQueryDirectoryObject( _In_ HANDLE DirectoryHandle, _Out_ PVOID Buffer, _In_ ULONG BufferLength, _In_ BOOLEAN ReturnSingleEntry, _In_ BOOLEAN RestartScan, _Inout_ PULONG Context, _Out_opt_ PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationObject( _In_ HANDLE ObjectHandle, _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, _In_ PVOID ObjectInformation, _In_ ULONG Length ); NTSYSAPI NTSTATUS NTAPI ZwSignalAndWaitForSingleObject( _In_ HANDLE SignalObject, _In_ HANDLE WaitObject, _In_ BOOLEAN Alertable, _In_opt_ PLARGE_INTEGER Time ); NTSYSAPI NTSTATUS NTAPI ZwWaitForMultipleObjects( _In_ ULONG Count, _In_ HANDLE Object[], _In_ WAIT_TYPE WaitType, _In_ BOOLEAN Alertable, _In_ PLARGE_INTEGER Time ); #ifdef NTOS_MODE_USER _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwQueryObject( _In_opt_ HANDLE Handle, _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength, _Out_opt_ PULONG ReturnLength ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwQuerySecurityObject( _In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_to_(Length,*LengthNeeded) PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Length, _Out_ PULONG LengthNeeded ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwQuerySymbolicLinkObject( _In_ HANDLE LinkHandle, _Inout_ PUNICODE_STRING LinkTarget, _Out_opt_ PULONG ReturnedLength ); _IRQL_requires_max_(PASSIVE_LEVEL) NTSYSAPI NTSTATUS NTAPI ZwSetSecurityObject( _In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor ); _When_(Timeout == NULL, _IRQL_requires_max_(APC_LEVEL)) _When_(Timeout->QuadPart != 0, _IRQL_requires_max_(APC_LEVEL)) _When_(Timeout->QuadPart == 0, _IRQL_requires_max_(DISPATCH_LEVEL)) NTSYSAPI NTSTATUS NTAPI ZwWaitForSingleObject( _In_ HANDLE Handle, _In_ BOOLEAN Alertable, _In_opt_ PLARGE_INTEGER Timeout ); #endif /* NTOS_MODE_USER */ #ifdef __cplusplus }; // extern "C" #endif #endif