1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 obfuncs.h 8 9 Abstract: 10 11 Function definitions for the Object Manager 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _OBFUNCS_H 20 #define _OBFUNCS_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <pstypes.h> 27 #include <obtypes.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 #ifndef NTOS_MODE_USER 34 35 // 36 // Object Functions 37 // 38 NTKERNELAPI 39 NTSTATUS 40 NTAPI 41 ObAssignSecurity( 42 _In_ PACCESS_STATE AccessState, 43 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 44 _In_ PVOID Object, 45 _In_ POBJECT_TYPE Type 46 ); 47 48 NTKERNELAPI 49 NTSTATUS 50 NTAPI 51 ObCloseHandle( 52 _In_ HANDLE Handle, 53 _In_ KPROCESSOR_MODE AccessMode 54 ); 55 56 NTKERNELAPI 57 NTSTATUS 58 NTAPI 59 ObCreateObject( 60 _In_opt_ KPROCESSOR_MODE ObjectAttributesAccessMode, 61 _In_ POBJECT_TYPE ObjectType, 62 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 63 _In_ KPROCESSOR_MODE AccessMode, 64 _Inout_opt_ PVOID ParseContext, 65 _In_ ULONG ObjectSize, 66 _In_opt_ ULONG PagedPoolCharge, 67 _In_opt_ ULONG NonPagedPoolCharge, 68 _Out_ PVOID *Object 69 ); 70 71 NTKERNELAPI 72 NTSTATUS 73 NTAPI 74 ObCreateObjectType( 75 _In_ PUNICODE_STRING TypeName, 76 _In_ POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, 77 _Reserved_ PVOID Reserved, 78 _Out_ POBJECT_TYPE *ObjectType 79 ); 80 81 NTKERNELAPI 82 VOID 83 NTAPI 84 ObDereferenceSecurityDescriptor( 85 _Inout_ PSECURITY_DESCRIPTOR SecurityDescriptor, 86 _In_ ULONG Count 87 ); 88 89 NTKERNELAPI 90 ULONG 91 NTAPI 92 ObGetObjectPointerCount( 93 _In_ PVOID Object 94 ); 95 96 NTKERNELAPI 97 NTSTATUS 98 NTAPI 99 ObLogSecurityDescriptor( 100 _In_ PSECURITY_DESCRIPTOR InputSecurityDescriptor, 101 _Out_ PSECURITY_DESCRIPTOR *OutputSecurityDescriptor, 102 _In_ ULONG RefBias 103 ); 104 105 NTKERNELAPI 106 NTSTATUS 107 NTAPI 108 ObOpenObjectByName( 109 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 110 _In_ POBJECT_TYPE ObjectType, 111 _In_ KPROCESSOR_MODE AccessMode, 112 _In_opt_ PACCESS_STATE PassedAccessState, 113 _In_ ACCESS_MASK DesiredAccess, 114 _Inout_opt_ PVOID ParseContext, 115 _Out_ PHANDLE Handle 116 ); 117 118 NTKERNELAPI 119 NTSTATUS 120 NTAPI 121 ObReferenceObjectByName( 122 _In_ PUNICODE_STRING ObjectName, 123 _In_ ULONG Attributes, 124 _In_opt_ PACCESS_STATE PassedAccessState, 125 _In_opt_ ACCESS_MASK DesiredAccess, 126 _In_ POBJECT_TYPE ObjectType, 127 _In_ KPROCESSOR_MODE AccessMode, 128 _Inout_opt_ PVOID ParseContext, 129 _Out_ PVOID *Object 130 ); 131 132 NTKERNELAPI 133 VOID 134 NTAPI 135 ObReferenceSecurityDescriptor( 136 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor, 137 _In_ ULONG Count 138 ); 139 140 NTKERNELAPI 141 NTSTATUS 142 NTAPI 143 ObSetSecurityObjectByPointer( 144 _In_ PVOID Object, 145 _In_ SECURITY_INFORMATION SecurityInformation, 146 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor 147 ); 148 149 NTKERNELAPI 150 BOOLEAN 151 NTAPI 152 ObFindHandleForObject( 153 _In_ PEPROCESS Process, 154 _In_ PVOID Object, 155 _In_ POBJECT_TYPE ObjectType, 156 _In_opt_ POBJECT_HANDLE_INFORMATION HandleInformation, 157 _Out_opt_ PHANDLE Handle 158 ); 159 160 NTKERNELAPI 161 VOID 162 NTAPI 163 ObDereferenceObjectDeferDelete( 164 _In_ PVOID Object 165 ); 166 167 #endif 168 169 // 170 // Native Calls 171 // 172 NTSYSCALLAPI 173 NTSTATUS 174 NTAPI 175 NtClose( 176 _In_ HANDLE Handle 177 ); 178 179 __kernel_entry 180 NTSYSCALLAPI 181 NTSTATUS 182 NTAPI 183 NtCloseObjectAuditAlarm( 184 _In_ PUNICODE_STRING SubsystemName, 185 _In_opt_ PVOID HandleId, 186 _In_ BOOLEAN GenerateOnClose 187 ); 188 189 NTSYSCALLAPI 190 NTSTATUS 191 NTAPI 192 NtCreateDirectoryObject( 193 _Out_ PHANDLE DirectoryHandle, 194 _In_ ACCESS_MASK DesiredAccess, 195 _In_ POBJECT_ATTRIBUTES ObjectAttributes 196 ); 197 198 NTSYSCALLAPI 199 NTSTATUS 200 NTAPI 201 NtCreateSymbolicLinkObject( 202 _Out_ PHANDLE SymbolicLinkHandle, 203 _In_ ACCESS_MASK DesiredAccess, 204 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 205 _In_ PUNICODE_STRING Name 206 ); 207 208 __kernel_entry 209 NTSYSCALLAPI 210 NTSTATUS 211 NTAPI 212 NtDeleteObjectAuditAlarm( 213 _In_ PUNICODE_STRING SubsystemName, 214 _In_opt_ PVOID HandleId, 215 _In_ BOOLEAN GenerateOnClose 216 ); 217 218 NTSYSCALLAPI 219 NTSTATUS 220 NTAPI 221 NtDuplicateObject( 222 _In_ HANDLE SourceProcessHandle, 223 _In_ HANDLE SourceHandle, 224 _In_ HANDLE TargetProcessHandle, 225 _Out_ PHANDLE TargetHandle, 226 _In_ ACCESS_MASK DesiredAccess, 227 _In_ ULONG HandleAttributes, 228 _In_ ULONG Options 229 ); 230 231 NTSYSCALLAPI 232 NTSTATUS 233 NTAPI 234 NtMakePermanentObject( 235 _In_ HANDLE Object 236 ); 237 238 NTSYSCALLAPI 239 NTSTATUS 240 NTAPI 241 NtMakeTemporaryObject( 242 _In_ HANDLE Handle 243 ); 244 245 NTSYSCALLAPI 246 NTSTATUS 247 NTAPI 248 NtOpenDirectoryObject( 249 _Out_ PHANDLE FileHandle, 250 _In_ ACCESS_MASK DesiredAccess, 251 _In_ POBJECT_ATTRIBUTES ObjectAttributes 252 ); 253 254 NTSYSCALLAPI 255 NTSTATUS 256 NTAPI 257 NtOpenJobObject( 258 _Out_ PHANDLE JobHandle, 259 _In_ ACCESS_MASK DesiredAccess, 260 _In_ POBJECT_ATTRIBUTES ObjectAttributes 261 ); 262 263 NTSYSCALLAPI 264 NTSTATUS 265 NTAPI 266 NtOpenSymbolicLinkObject( 267 _Out_ PHANDLE SymbolicLinkHandle, 268 _In_ ACCESS_MASK DesiredAccess, 269 _In_ POBJECT_ATTRIBUTES ObjectAttributes 270 ); 271 272 NTSYSCALLAPI 273 NTSTATUS 274 NTAPI 275 NtQueryDirectoryObject( 276 _In_ HANDLE DirectoryHandle, 277 _Out_ PVOID Buffer, 278 _In_ ULONG BufferLength, 279 _In_ BOOLEAN ReturnSingleEntry, 280 _In_ BOOLEAN RestartScan, 281 _Inout_ PULONG Context, 282 _Out_opt_ PULONG ReturnLength 283 ); 284 285 _IRQL_requires_max_(PASSIVE_LEVEL) 286 __kernel_entry 287 NTSYSCALLAPI 288 NTSTATUS 289 NTAPI 290 NtQueryObject( 291 _In_opt_ HANDLE Handle, 292 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 293 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 294 _In_ ULONG ObjectInformationLength, 295 _Out_opt_ PULONG ReturnLength 296 ); 297 298 _IRQL_requires_max_(PASSIVE_LEVEL) 299 __kernel_entry 300 NTSYSCALLAPI 301 NTSTATUS 302 NTAPI 303 NtQuerySecurityObject( 304 _In_ HANDLE Handle, 305 _In_ SECURITY_INFORMATION SecurityInformation, 306 _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, 307 _In_ ULONG Length, 308 _Out_ PULONG LengthNeeded 309 ); 310 311 NTSYSCALLAPI 312 NTSTATUS 313 NTAPI 314 NtQuerySymbolicLinkObject( 315 _In_ HANDLE SymLinkObjHandle, 316 _Out_ PUNICODE_STRING LinkTarget, 317 _Out_opt_ PULONG DataWritten 318 ); 319 320 NTSYSCALLAPI 321 NTSTATUS 322 NTAPI 323 NtSetInformationObject( 324 _In_ HANDLE ObjectHandle, 325 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 326 _In_ PVOID ObjectInformation, 327 _In_ ULONG Length 328 ); 329 330 NTSYSCALLAPI 331 NTSTATUS 332 NTAPI 333 NtSetSecurityObject( 334 _In_ HANDLE Handle, 335 _In_ SECURITY_INFORMATION SecurityInformation, 336 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor 337 ); 338 339 NTSYSCALLAPI 340 NTSTATUS 341 NTAPI 342 NtSignalAndWaitForSingleObject( 343 _In_ HANDLE SignalObject, 344 _In_ HANDLE WaitObject, 345 _In_ BOOLEAN Alertable, 346 _In_ PLARGE_INTEGER Time 347 ); 348 349 NTSYSCALLAPI 350 NTSTATUS 351 NTAPI 352 NtWaitForMultipleObjects( 353 _In_ ULONG Count, 354 _In_ HANDLE Object[], 355 _In_ WAIT_TYPE WaitType, 356 _In_ BOOLEAN Alertable, 357 _In_ PLARGE_INTEGER Time 358 ); 359 360 NTSTATUS 361 NTAPI 362 NtWaitForMultipleObjects32( 363 _In_ ULONG ObjectCount, 364 _In_ PLONG Handles, 365 _In_ WAIT_TYPE WaitType, 366 _In_ BOOLEAN Alertable, 367 _In_opt_ PLARGE_INTEGER TimeOut 368 ); 369 370 NTSYSCALLAPI 371 NTSTATUS 372 NTAPI 373 NtWaitForSingleObject( 374 _In_ HANDLE Object, 375 _In_ BOOLEAN Alertable, 376 _In_opt_ PLARGE_INTEGER Timeout 377 ); 378 379 NTSYSAPI 380 NTSTATUS 381 NTAPI 382 ZwClose( 383 _In_ HANDLE Handle 384 ); 385 386 NTSYSAPI 387 NTSTATUS 388 NTAPI 389 ZwCloseObjectAuditAlarm( 390 _In_ PUNICODE_STRING SubsystemName, 391 _In_ PVOID HandleId, 392 _In_ BOOLEAN GenerateOnClose 393 ); 394 395 NTSYSAPI 396 NTSTATUS 397 NTAPI 398 ZwCreateDirectoryObject( 399 _Out_ PHANDLE DirectoryHandle, 400 _In_ ACCESS_MASK DesiredAccess, 401 _In_ POBJECT_ATTRIBUTES ObjectAttributes 402 ); 403 404 NTSYSAPI 405 NTSTATUS 406 NTAPI 407 ZwCreateSymbolicLinkObject( 408 _Out_ PHANDLE SymbolicLinkHandle, 409 _In_ ACCESS_MASK DesiredAccess, 410 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 411 _In_ PUNICODE_STRING Name 412 ); 413 414 NTSYSAPI 415 NTSTATUS 416 NTAPI 417 ZwDeleteObjectAuditAlarm( 418 _In_ PUNICODE_STRING SubsystemName, 419 _In_ PVOID HandleId, 420 _In_ BOOLEAN GenerateOnClose 421 ); 422 423 _IRQL_requires_max_(PASSIVE_LEVEL) 424 NTSYSAPI 425 NTSTATUS 426 NTAPI 427 ZwDuplicateObject( 428 _In_ HANDLE SourceProcessHandle, 429 _In_ HANDLE SourceHandle, 430 _In_opt_ HANDLE TargetProcessHandle, 431 _Out_opt_ PHANDLE TargetHandle, 432 _In_ ACCESS_MASK DesiredAccess, 433 _In_ ULONG HandleAttributes, 434 _In_ ULONG Options 435 ); 436 437 NTSYSAPI 438 NTSTATUS 439 NTAPI 440 ZwMakePermanentObject( 441 _In_ HANDLE Object 442 ); 443 444 NTSYSAPI 445 NTSTATUS 446 NTAPI 447 ZwMakeTemporaryObject( 448 _In_ HANDLE Handle 449 ); 450 451 NTSYSAPI 452 NTSTATUS 453 NTAPI 454 ZwOpenDirectoryObject( 455 _Out_ PHANDLE FileHandle, 456 _In_ ACCESS_MASK DesiredAccess, 457 _In_ POBJECT_ATTRIBUTES ObjectAttributes 458 ); 459 460 NTSYSAPI 461 NTSTATUS 462 NTAPI 463 ZwOpenJobObject( 464 _Out_ PHANDLE JobHandle, 465 _In_ ACCESS_MASK DesiredAccess, 466 _In_ POBJECT_ATTRIBUTES ObjectAttributes 467 ); 468 469 NTSYSAPI 470 NTSTATUS 471 NTAPI 472 ZwOpenSymbolicLinkObject( 473 _Out_ PHANDLE SymbolicLinkHandle, 474 _In_ ACCESS_MASK DesiredAccess, 475 _In_ POBJECT_ATTRIBUTES ObjectAttributes 476 ); 477 478 _IRQL_requires_max_(PASSIVE_LEVEL) 479 NTSYSAPI 480 NTSTATUS 481 NTAPI 482 ZwQueryDirectoryObject( 483 _In_ HANDLE DirectoryHandle, 484 _Out_ PVOID Buffer, 485 _In_ ULONG BufferLength, 486 _In_ BOOLEAN ReturnSingleEntry, 487 _In_ BOOLEAN RestartScan, 488 _Inout_ PULONG Context, 489 _Out_opt_ PULONG ReturnLength 490 ); 491 492 NTSYSAPI 493 NTSTATUS 494 NTAPI 495 ZwSetInformationObject( 496 _In_ HANDLE ObjectHandle, 497 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 498 _In_ PVOID ObjectInformation, 499 _In_ ULONG Length 500 ); 501 502 NTSYSAPI 503 NTSTATUS 504 NTAPI 505 ZwSignalAndWaitForSingleObject( 506 _In_ HANDLE SignalObject, 507 _In_ HANDLE WaitObject, 508 _In_ BOOLEAN Alertable, 509 _In_opt_ PLARGE_INTEGER Time 510 ); 511 512 NTSYSAPI 513 NTSTATUS 514 NTAPI 515 ZwWaitForMultipleObjects( 516 _In_ ULONG Count, 517 _In_ HANDLE Object[], 518 _In_ WAIT_TYPE WaitType, 519 _In_ BOOLEAN Alertable, 520 _In_ PLARGE_INTEGER Time 521 ); 522 523 #ifdef NTOS_MODE_USER 524 525 _IRQL_requires_max_(PASSIVE_LEVEL) 526 NTSYSAPI 527 NTSTATUS 528 NTAPI 529 ZwQueryObject( 530 _In_opt_ HANDLE Handle, 531 _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, 532 _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, 533 _In_ ULONG ObjectInformationLength, 534 _Out_opt_ PULONG ReturnLength 535 ); 536 537 _IRQL_requires_max_(PASSIVE_LEVEL) 538 NTSYSAPI 539 NTSTATUS 540 NTAPI 541 ZwQuerySecurityObject( 542 _In_ HANDLE Handle, 543 _In_ SECURITY_INFORMATION SecurityInformation, 544 _Out_writes_bytes_to_(Length,*LengthNeeded) PSECURITY_DESCRIPTOR SecurityDescriptor, 545 _In_ ULONG Length, 546 _Out_ PULONG LengthNeeded 547 ); 548 549 _IRQL_requires_max_(PASSIVE_LEVEL) 550 NTSYSAPI 551 NTSTATUS 552 NTAPI 553 ZwQuerySymbolicLinkObject( 554 _In_ HANDLE LinkHandle, 555 _Inout_ PUNICODE_STRING LinkTarget, 556 _Out_opt_ PULONG ReturnedLength 557 ); 558 559 _IRQL_requires_max_(PASSIVE_LEVEL) 560 NTSYSAPI 561 NTSTATUS 562 NTAPI 563 ZwSetSecurityObject( 564 _In_ HANDLE Handle, 565 _In_ SECURITY_INFORMATION SecurityInformation, 566 _In_ PSECURITY_DESCRIPTOR SecurityDescriptor 567 ); 568 569 _When_(Timeout == NULL, _IRQL_requires_max_(APC_LEVEL)) 570 _When_(Timeout->QuadPart != 0, _IRQL_requires_max_(APC_LEVEL)) 571 _When_(Timeout->QuadPart == 0, _IRQL_requires_max_(DISPATCH_LEVEL)) 572 NTSYSAPI 573 NTSTATUS 574 NTAPI 575 ZwWaitForSingleObject( 576 _In_ HANDLE Handle, 577 _In_ BOOLEAN Alertable, 578 _In_opt_ PLARGE_INTEGER Timeout 579 ); 580 581 #endif /* NTOS_MODE_USER */ 582 583 #ifdef __cplusplus 584 }; // extern "C" 585 #endif 586 587 #endif 588