1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 obtypes.h 8 9 Abstract: 10 11 Type definitions for the Object Manager 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _OBTYPES_H 20 #define _OBTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #ifndef NTOS_MODE_USER 27 #include <extypes.h> 28 #endif 29 30 #ifdef NTOS_MODE_USER 31 // 32 // Definitions for Object Creation 33 // 34 #define OBJ_INHERIT 0x00000002L 35 #define OBJ_PERMANENT 0x00000010L 36 #define OBJ_EXCLUSIVE 0x00000020L 37 #define OBJ_CASE_INSENSITIVE 0x00000040L 38 #define OBJ_OPENIF 0x00000080L 39 #define OBJ_OPENLINK 0x00000100L 40 #define OBJ_KERNEL_HANDLE 0x00000200L 41 #define OBJ_FORCE_ACCESS_CHECK 0x00000400L 42 #define OBJ_VALID_ATTRIBUTES 0x000007F2L 43 44 #define InitializeObjectAttributes(p,n,a,r,s) { \ 45 (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ 46 (p)->RootDirectory = (r); \ 47 (p)->Attributes = (a); \ 48 (p)->ObjectName = (n); \ 49 (p)->SecurityDescriptor = (s); \ 50 (p)->SecurityQualityOfService = NULL; \ 51 } 52 53 // 54 // Number of custom-defined bits that can be attached to a handle 55 // 56 #define OBJ_HANDLE_TAGBITS 0x3 57 58 // 59 // Directory Object Access Rights 60 // 61 #define DIRECTORY_QUERY 0x0001 62 #define DIRECTORY_TRAVERSE 0x0002 63 #define DIRECTORY_CREATE_OBJECT 0x0004 64 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 65 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF) 66 67 // 68 // Slash separator used in the OB Namespace (and Registry) 69 // 70 #define OBJ_NAME_PATH_SEPARATOR L'\\' 71 72 // 73 // Object Information Classes for NtQueryInformationObject 74 // 75 typedef enum _OBJECT_INFORMATION_CLASS 76 { 77 ObjectBasicInformation, 78 ObjectNameInformation, 79 ObjectTypeInformation, 80 ObjectTypesInformation, 81 ObjectHandleFlagInformation, 82 ObjectSessionInformation, 83 MaxObjectInfoClass 84 } OBJECT_INFORMATION_CLASS; 85 86 #else 87 88 // 89 // Undocumented Attribute for Kernel-Only Access 90 // 91 #define OBJ_KERNEL_EXCLUSIVE 0x00010000L 92 #define OBJ_VALID_KERNEL_ATTRIBUTES (OBJ_VALID_ATTRIBUTES | \ 93 OBJ_KERNEL_EXCLUSIVE) 94 // 95 // Object Flags 96 // 97 #define OB_FLAG_CREATE_INFO 0x01 98 #define OB_FLAG_KERNEL_MODE 0x02 99 #define OB_FLAG_CREATOR_INFO 0x04 100 #define OB_FLAG_EXCLUSIVE 0x08 101 #define OB_FLAG_PERMANENT 0x10 102 #define OB_FLAG_SECURITY 0x20 103 #define OB_FLAG_SINGLE_PROCESS 0x40 104 #define OB_FLAG_DEFER_DELETE 0x80 105 106 // 107 // Object Flags encoded in "QueryReferences" field 108 // 109 #define OB_FLAG_KERNEL_EXCLUSIVE 0x40000000 110 111 #define OBJECT_TO_OBJECT_HEADER(o) \ 112 CONTAINING_RECORD((o), OBJECT_HEADER, Body) 113 114 #define OBJECT_HEADER_TO_NAME_INFO(h) \ 115 ((POBJECT_HEADER_NAME_INFO)(!(h)->NameInfoOffset ? \ 116 NULL: ((PCHAR)(h) - (h)->NameInfoOffset))) 117 118 #define OBJECT_HEADER_TO_HANDLE_INFO(h) \ 119 ((POBJECT_HEADER_HANDLE_INFO)(!(h)->HandleInfoOffset ? \ 120 NULL: ((PCHAR)(h) - (h)->HandleInfoOffset))) 121 122 #define OBJECT_HEADER_TO_QUOTA_INFO(h) \ 123 ((POBJECT_HEADER_QUOTA_INFO)(!(h)->QuotaInfoOffset ? \ 124 NULL: ((PCHAR)(h) - (h)->QuotaInfoOffset))) 125 126 #define OBJECT_HEADER_TO_CREATOR_INFO(h) \ 127 ((POBJECT_HEADER_CREATOR_INFO)(!((h)->Flags & \ 128 OB_FLAG_CREATOR_INFO) ? NULL: ((PCHAR)(h) - \ 129 sizeof(OBJECT_HEADER_CREATOR_INFO)))) 130 131 #define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h) \ 132 ((!((h)->Flags & OB_FLAG_EXCLUSIVE)) ? \ 133 NULL: (((POBJECT_HEADER_QUOTA_INFO)((PCHAR)(h) - \ 134 (h)->QuotaInfoOffset))->ExclusiveProcess)) 135 136 // 137 // Reasons for Open Callback 138 // 139 typedef enum _OB_OPEN_REASON 140 { 141 ObCreateHandle, 142 ObOpenHandle, 143 ObDuplicateHandle, 144 ObInheritHandle, 145 ObMaxOpenReason 146 } OB_OPEN_REASON; 147 148 #endif 149 150 // 151 // Object Duplication Flags 152 // 153 #define DUPLICATE_SAME_ATTRIBUTES 0x00000004 154 155 // 156 // Number of hash entries in an Object Directory 157 // 158 #define NUMBER_HASH_BUCKETS 37 159 160 // 161 // Types for DosDeviceDriveType 162 // 163 #define DOSDEVICE_DRIVE_UNKNOWN 0 164 #define DOSDEVICE_DRIVE_CALCULATE 1 165 #define DOSDEVICE_DRIVE_REMOVABLE 2 166 #define DOSDEVICE_DRIVE_FIXED 3 167 #define DOSDEVICE_DRIVE_REMOTE 4 168 #define DOSDEVICE_DRIVE_CDROM 5 169 #define DOSDEVICE_DRIVE_RAMDISK 6 170 171 // 172 // Dump Control Structure for Object Debugging 173 // 174 typedef struct _OB_DUMP_CONTROL 175 { 176 PVOID Stream; 177 ULONG Detail; 178 } OB_DUMP_CONTROL, *POB_DUMP_CONTROL; 179 180 #ifndef NTOS_MODE_USER 181 182 // 183 // Object Type Callbacks 184 // 185 typedef VOID 186 (NTAPI *OB_DUMP_METHOD)( 187 _In_ PVOID Object, 188 _In_opt_ POB_DUMP_CONTROL Control 189 ); 190 191 typedef NTSTATUS 192 (NTAPI *OB_OPEN_METHOD)( 193 _In_ OB_OPEN_REASON Reason, 194 _In_opt_ PEPROCESS Process, 195 _In_ PVOID ObjectBody, 196 _In_ ACCESS_MASK GrantedAccess, 197 _In_ ULONG HandleCount 198 ); 199 200 typedef VOID 201 (NTAPI *OB_CLOSE_METHOD)( 202 _In_opt_ PEPROCESS Process, 203 _In_ PVOID Object, 204 _In_ ACCESS_MASK GrantedAccess, 205 _In_ ULONG ProcessHandleCount, 206 _In_ ULONG SystemHandleCount 207 ); 208 209 typedef VOID 210 (NTAPI *OB_DELETE_METHOD)( 211 _In_ PVOID Object 212 ); 213 214 typedef NTSTATUS 215 (NTAPI *OB_PARSE_METHOD)( 216 _In_ PVOID ParseObject, 217 _In_ PVOID ObjectType, 218 _Inout_ PACCESS_STATE AccessState, 219 _In_ KPROCESSOR_MODE AccessMode, 220 _In_ ULONG Attributes, 221 _Inout_ PUNICODE_STRING CompleteName, 222 _Inout_ PUNICODE_STRING RemainingName, 223 _Inout_opt_ PVOID Context, 224 _In_opt_ PSECURITY_QUALITY_OF_SERVICE SecurityQos, 225 _Out_ PVOID *Object 226 ); 227 228 typedef NTSTATUS 229 (NTAPI *OB_SECURITY_METHOD)( 230 _In_ PVOID Object, 231 _In_ SECURITY_OPERATION_CODE OperationType, 232 _In_ PSECURITY_INFORMATION SecurityInformation, 233 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 234 _Inout_ PULONG CapturedLength, 235 _Inout_ PSECURITY_DESCRIPTOR *ObjectSecurityDescriptor, 236 _In_ POOL_TYPE PoolType, 237 _In_ PGENERIC_MAPPING GenericMapping 238 ); 239 240 typedef NTSTATUS 241 (NTAPI *OB_QUERYNAME_METHOD)( 242 _In_ PVOID Object, 243 _In_ BOOLEAN HasObjectName, 244 _Out_ POBJECT_NAME_INFORMATION ObjectNameInfo, 245 _In_ ULONG Length, 246 _Out_ PULONG ReturnLength, 247 _In_ KPROCESSOR_MODE AccessMode 248 ); 249 250 typedef BOOLEAN 251 (NTAPI *OB_OKAYTOCLOSE_METHOD)( 252 _In_opt_ PEPROCESS Process, 253 _In_ PVOID Object, 254 _In_ HANDLE Handle, 255 _In_ KPROCESSOR_MODE AccessMode 256 ); 257 258 #else 259 260 // 261 // Object Information Types for NtQueryInformationObject 262 // 263 typedef struct _OBJECT_NAME_INFORMATION 264 { 265 UNICODE_STRING Name; 266 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 267 268 #endif 269 270 typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION 271 { 272 BOOLEAN Inherit; 273 BOOLEAN ProtectFromClose; 274 } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; 275 276 typedef struct _OBJECT_DIRECTORY_INFORMATION 277 { 278 UNICODE_STRING Name; 279 UNICODE_STRING TypeName; 280 } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; 281 282 // 283 // Object Type Information 284 // 285 typedef struct _OBJECT_TYPE_INFORMATION 286 { 287 UNICODE_STRING TypeName; 288 ULONG TotalNumberOfObjects; 289 ULONG TotalNumberOfHandles; 290 ULONG TotalPagedPoolUsage; 291 ULONG TotalNonPagedPoolUsage; 292 ULONG TotalNamePoolUsage; 293 ULONG TotalHandleTableUsage; 294 ULONG HighWaterNumberOfObjects; 295 ULONG HighWaterNumberOfHandles; 296 ULONG HighWaterPagedPoolUsage; 297 ULONG HighWaterNonPagedPoolUsage; 298 ULONG HighWaterNamePoolUsage; 299 ULONG HighWaterHandleTableUsage; 300 ULONG InvalidAttributes; 301 GENERIC_MAPPING GenericMapping; 302 ULONG ValidAccessMask; 303 BOOLEAN SecurityRequired; 304 BOOLEAN MaintainHandleCount; 305 ULONG PoolType; 306 ULONG DefaultPagedPoolCharge; 307 ULONG DefaultNonPagedPoolCharge; 308 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 309 310 typedef struct _OBJECT_ALL_TYPES_INFORMATION 311 { 312 ULONG NumberOfTypes; 313 //OBJECT_TYPE_INFORMATION TypeInformation[1]; 314 } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION; 315 316 #ifdef NTOS_MODE_USER 317 318 typedef struct _OBJECT_BASIC_INFORMATION 319 { 320 ULONG Attributes; 321 ACCESS_MASK GrantedAccess; 322 ULONG HandleCount; 323 ULONG PointerCount; 324 ULONG PagedPoolUsage; 325 ULONG NonPagedPoolUsage; 326 ULONG Reserved[3]; 327 ULONG NameInformationLength; 328 ULONG TypeInformationLength; 329 ULONG SecurityDescriptorLength; 330 LARGE_INTEGER CreateTime; 331 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 332 333 #else 334 335 typedef struct _OBJECT_CREATE_INFORMATION 336 { 337 ULONG Attributes; 338 HANDLE RootDirectory; 339 PVOID ParseContext; 340 KPROCESSOR_MODE ProbeMode; 341 ULONG PagedPoolCharge; 342 ULONG NonPagedPoolCharge; 343 ULONG SecurityDescriptorCharge; 344 PSECURITY_DESCRIPTOR SecurityDescriptor; 345 PSECURITY_QUALITY_OF_SERVICE SecurityQos; 346 SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; 347 } OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION; 348 349 // 350 // Object Type Initialize for ObCreateObjectType 351 // 352 typedef struct _OBJECT_TYPE_INITIALIZER 353 { 354 USHORT Length; 355 BOOLEAN UseDefaultObject; 356 BOOLEAN CaseInsensitive; 357 ULONG InvalidAttributes; 358 GENERIC_MAPPING GenericMapping; 359 ULONG ValidAccessMask; 360 BOOLEAN SecurityRequired; 361 BOOLEAN MaintainHandleCount; 362 BOOLEAN MaintainTypeList; 363 POOL_TYPE PoolType; 364 ULONG DefaultPagedPoolCharge; 365 ULONG DefaultNonPagedPoolCharge; 366 OB_DUMP_METHOD DumpProcedure; 367 OB_OPEN_METHOD OpenProcedure; 368 OB_CLOSE_METHOD CloseProcedure; 369 OB_DELETE_METHOD DeleteProcedure; 370 OB_PARSE_METHOD ParseProcedure; 371 OB_SECURITY_METHOD SecurityProcedure; 372 OB_QUERYNAME_METHOD QueryNameProcedure; 373 OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure; 374 } OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER; 375 376 // 377 // Object Type Object 378 // 379 typedef struct _OBJECT_TYPE 380 { 381 ERESOURCE Mutex; 382 LIST_ENTRY TypeList; 383 UNICODE_STRING Name; 384 PVOID DefaultObject; 385 ULONG Index; 386 ULONG TotalNumberOfObjects; 387 ULONG TotalNumberOfHandles; 388 ULONG HighWaterNumberOfObjects; 389 ULONG HighWaterNumberOfHandles; 390 OBJECT_TYPE_INITIALIZER TypeInfo; 391 ULONG Key; 392 ERESOURCE ObjectLocks[4]; 393 } OBJECT_TYPE; 394 395 // 396 // Object Directory Structures 397 // 398 typedef struct _OBJECT_DIRECTORY_ENTRY 399 { 400 struct _OBJECT_DIRECTORY_ENTRY *ChainLink; 401 PVOID Object; 402 #if (NTDDI_VERSION >= NTDDI_WS03) 403 ULONG HashValue; 404 #endif 405 } OBJECT_DIRECTORY_ENTRY, *POBJECT_DIRECTORY_ENTRY; 406 407 typedef struct _OBJECT_DIRECTORY 408 { 409 struct _OBJECT_DIRECTORY_ENTRY *HashBuckets[NUMBER_HASH_BUCKETS]; 410 #if (NTDDI_VERSION < NTDDI_WINXP) 411 ERESOURCE Lock; 412 #else 413 EX_PUSH_LOCK Lock; 414 #endif 415 #if (NTDDI_VERSION < NTDDI_WINXP) 416 BOOLEAN CurrentEntryValid; 417 #else 418 struct _DEVICE_MAP *DeviceMap; 419 #endif 420 ULONG SessionId; 421 #if (NTDDI_VERSION == NTDDI_WINXP) 422 USHORT Reserved; 423 USHORT SymbolicLinkUsageCount; 424 #endif 425 } OBJECT_DIRECTORY, *POBJECT_DIRECTORY; 426 427 // 428 // Object Header Addon Information 429 // 430 typedef struct _OBJECT_HEADER_NAME_INFO 431 { 432 POBJECT_DIRECTORY Directory; 433 UNICODE_STRING Name; 434 ULONG QueryReferences; 435 ULONG Reserved2; 436 ULONG DbgReferenceCount; 437 #ifdef _WIN64 438 ULONG64 Reserved3; 439 #endif 440 } OBJECT_HEADER_NAME_INFO, *POBJECT_HEADER_NAME_INFO; 441 442 typedef struct _OBJECT_HANDLE_COUNT_ENTRY 443 { 444 struct _EPROCESS *Process; 445 ULONG HandleCount; 446 } OBJECT_HANDLE_COUNT_ENTRY, *POBJECT_HANDLE_COUNT_ENTRY; 447 448 typedef struct _OBJECT_HANDLE_COUNT_DATABASE 449 { 450 ULONG CountEntries; 451 OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]; 452 } OBJECT_HANDLE_COUNT_DATABASE, *POBJECT_HANDLE_COUNT_DATABASE; 453 454 typedef struct _OBJECT_HEADER_HANDLE_INFO 455 { 456 union 457 { 458 POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase; 459 OBJECT_HANDLE_COUNT_ENTRY SingleEntry; 460 }; 461 } OBJECT_HEADER_HANDLE_INFO, *POBJECT_HEADER_HANDLE_INFO; 462 463 typedef struct _OBJECT_HEADER_CREATOR_INFO 464 { 465 LIST_ENTRY TypeList; 466 PVOID CreatorUniqueProcess; 467 USHORT CreatorBackTraceIndex; 468 USHORT Reserved; 469 } OBJECT_HEADER_CREATOR_INFO, *POBJECT_HEADER_CREATOR_INFO; 470 471 typedef struct _OBJECT_HEADER_QUOTA_INFO 472 { 473 ULONG PagedPoolCharge; 474 ULONG NonPagedPoolCharge; 475 ULONG SecurityDescriptorCharge; 476 PEPROCESS ExclusiveProcess; 477 #ifdef _WIN64 478 ULONG64 Reserved; 479 #endif 480 } OBJECT_HEADER_QUOTA_INFO, *POBJECT_HEADER_QUOTA_INFO; 481 482 // 483 // Object Header 484 // 485 typedef struct _OBJECT_HEADER 486 { 487 LONG_PTR PointerCount; 488 union 489 { 490 LONG_PTR HandleCount; 491 volatile PVOID NextToFree; 492 }; 493 POBJECT_TYPE Type; 494 UCHAR NameInfoOffset; 495 UCHAR HandleInfoOffset; 496 UCHAR QuotaInfoOffset; 497 UCHAR Flags; 498 union 499 { 500 POBJECT_CREATE_INFORMATION ObjectCreateInfo; 501 PVOID QuotaBlockCharged; 502 }; 503 PSECURITY_DESCRIPTOR SecurityDescriptor; 504 QUAD Body; 505 } OBJECT_HEADER, *POBJECT_HEADER; 506 507 // 508 // Object Lookup Context 509 // 510 typedef struct _OBP_LOOKUP_CONTEXT 511 { 512 POBJECT_DIRECTORY Directory; 513 PVOID Object; 514 ULONG HashValue; 515 USHORT HashIndex; 516 BOOLEAN DirectoryLocked; 517 ULONG LockStateSignature; 518 } OBP_LOOKUP_CONTEXT, *POBP_LOOKUP_CONTEXT; 519 520 // 521 // Device Map 522 // 523 typedef struct _DEVICE_MAP 524 { 525 POBJECT_DIRECTORY DosDevicesDirectory; 526 POBJECT_DIRECTORY GlobalDosDevicesDirectory; 527 ULONG ReferenceCount; 528 ULONG DriveMap; 529 UCHAR DriveType[32]; 530 } DEVICE_MAP, *PDEVICE_MAP; 531 532 // 533 // Symbolic Link Object 534 // 535 typedef struct _OBJECT_SYMBOLIC_LINK 536 { 537 LARGE_INTEGER CreationTime; 538 UNICODE_STRING LinkTarget; 539 UNICODE_STRING LinkTargetRemaining; 540 PVOID LinkTargetObject; 541 ULONG DosDeviceDriveIndex; 542 } OBJECT_SYMBOLIC_LINK, *POBJECT_SYMBOLIC_LINK; 543 544 // 545 // Kernel Exports 546 // 547 extern PDEVICE_MAP NTSYSAPI ObSystemDeviceMap; 548 549 #endif // !NTOS_MODE_USER 550 551 #endif // _OBTYPES_H 552