1 /****************************************************************************** 2 * Process Manager Functions * 3 ******************************************************************************/ 4 $if (_WDMDDK_) 5 6 NTKERNELAPI 7 NTSTATUS 8 NTAPI 9 PsWrapApcWow64Thread( 10 _Inout_ PVOID *ApcContext, 11 _Inout_ PVOID *ApcRoutine); 12 13 /* 14 * PEPROCESS 15 * PsGetCurrentProcess(VOID) 16 */ 17 #define PsGetCurrentProcess IoGetCurrentProcess 18 19 #if !defined(_PSGETCURRENTTHREAD_) 20 #define _PSGETCURRENTTHREAD_ 21 _IRQL_requires_max_(DISPATCH_LEVEL) 22 FORCEINLINE 23 PETHREAD 24 NTAPI 25 PsGetCurrentThread(VOID) 26 { 27 return (PETHREAD)KeGetCurrentThread(); 28 } 29 #endif /* !_PSGETCURRENTTHREAD_ */ 30 31 $endif (_WDMDDK_) 32 $if (_NTDDK_) 33 34 __kernel_entry 35 NTSYSCALLAPI 36 NTSTATUS 37 NTAPI 38 NtOpenProcess( 39 _Out_ PHANDLE ProcessHandle, 40 _In_ ACCESS_MASK DesiredAccess, 41 _In_ POBJECT_ATTRIBUTES ObjectAttributes, 42 _In_opt_ PCLIENT_ID ClientId); 43 44 __kernel_entry 45 NTSYSCALLAPI 46 NTSTATUS 47 NTAPI 48 NtQueryInformationProcess( 49 _In_ HANDLE ProcessHandle, 50 _In_ PROCESSINFOCLASS ProcessInformationClass, 51 _Out_ PVOID ProcessInformation, 52 _In_ ULONG ProcessInformationLength, 53 _Out_opt_ PULONG ReturnLength); 54 $endif (_NTDDK_) 55 $if (_NTIFS_) 56 57 _Must_inspect_result_ 58 _IRQL_requires_max_(APC_LEVEL) 59 NTKERNELAPI 60 NTSTATUS 61 NTAPI 62 PsLookupProcessByProcessId( 63 _In_ HANDLE ProcessId, 64 _Outptr_ PEPROCESS *Process); 65 66 _Must_inspect_result_ 67 _IRQL_requires_max_(APC_LEVEL) 68 NTKERNELAPI 69 NTSTATUS 70 NTAPI 71 PsLookupThreadByThreadId( 72 _In_ HANDLE UniqueThreadId, 73 _Outptr_ PETHREAD *Thread); 74 $endif (_NTIFS_) 75 76 #if (NTDDI_VERSION >= NTDDI_WIN2K) 77 78 $if (_WDMDDK_) 79 _IRQL_requires_max_(APC_LEVEL) 80 _Post_satisfies_(return <= 0) 81 _Must_inspect_result_ 82 NTKERNELAPI 83 NTSTATUS 84 NTAPI 85 PsCreateSystemThread( 86 _Out_ PHANDLE ThreadHandle, 87 _In_ ULONG DesiredAccess, 88 _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes, 89 _In_opt_ HANDLE ProcessHandle, 90 _Out_opt_ PCLIENT_ID ClientId, 91 _In_ PKSTART_ROUTINE StartRoutine, 92 _In_opt_ _When_(return==0, __drv_aliasesMem) PVOID StartContext); 93 94 _IRQL_requires_max_(PASSIVE_LEVEL) 95 NTKERNELAPI 96 NTSTATUS 97 NTAPI 98 PsTerminateSystemThread( 99 _In_ NTSTATUS ExitStatus); 100 101 $endif (_WDMDDK_) 102 $if (_NTDDK_) 103 104 _IRQL_requires_max_(PASSIVE_LEVEL) 105 NTKERNELAPI 106 NTSTATUS 107 NTAPI 108 PsSetCreateProcessNotifyRoutine( 109 _In_ PCREATE_PROCESS_NOTIFY_ROUTINE NotifyRoutine, 110 _In_ BOOLEAN Remove); 111 112 _IRQL_requires_max_(PASSIVE_LEVEL) 113 NTKERNELAPI 114 NTSTATUS 115 NTAPI 116 PsSetCreateThreadNotifyRoutine( 117 _In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine); 118 119 _IRQL_requires_max_(PASSIVE_LEVEL) 120 NTKERNELAPI 121 NTSTATUS 122 NTAPI 123 PsSetLoadImageNotifyRoutine( 124 _In_ PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine); 125 126 NTKERNELAPI 127 HANDLE 128 NTAPI 129 PsGetCurrentProcessId(VOID); 130 131 _IRQL_requires_max_(DISPATCH_LEVEL) 132 NTKERNELAPI 133 HANDLE 134 NTAPI 135 PsGetCurrentThreadId(VOID); 136 137 NTKERNELAPI 138 BOOLEAN 139 NTAPI 140 PsGetVersion( 141 OUT PULONG MajorVersion OPTIONAL, 142 OUT PULONG MinorVersion OPTIONAL, 143 OUT PULONG BuildNumber OPTIONAL, 144 OUT PUNICODE_STRING CSDVersion OPTIONAL); 145 $endif (_NTDDK_) 146 $if (_NTIFS_) 147 148 _IRQL_requires_max_(APC_LEVEL) 149 NTKERNELAPI 150 PACCESS_TOKEN 151 NTAPI 152 PsReferenceImpersonationToken( 153 _Inout_ PETHREAD Thread, 154 _Out_ PBOOLEAN CopyOnOpen, 155 _Out_ PBOOLEAN EffectiveOnly, 156 _Out_ PSECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 157 158 _IRQL_requires_max_(APC_LEVEL) 159 NTKERNELAPI 160 LARGE_INTEGER 161 NTAPI 162 PsGetProcessExitTime(VOID); 163 164 _IRQL_requires_max_(DISPATCH_LEVEL) 165 NTKERNELAPI 166 BOOLEAN 167 NTAPI 168 PsIsThreadTerminating( 169 _In_ PETHREAD Thread); 170 171 _Must_inspect_result_ 172 _IRQL_requires_max_(PASSIVE_LEVEL) 173 NTKERNELAPI 174 NTSTATUS 175 NTAPI 176 PsImpersonateClient( 177 _Inout_ PETHREAD Thread, 178 _In_opt_ PACCESS_TOKEN Token, 179 _In_ BOOLEAN CopyOnOpen, 180 _In_ BOOLEAN EffectiveOnly, 181 _In_ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); 182 183 _IRQL_requires_max_(PASSIVE_LEVEL) 184 NTKERNELAPI 185 BOOLEAN 186 NTAPI 187 PsDisableImpersonation( 188 _Inout_ PETHREAD Thread, 189 _Inout_ PSE_IMPERSONATION_STATE ImpersonationState); 190 191 _IRQL_requires_max_(PASSIVE_LEVEL) 192 NTKERNELAPI 193 VOID 194 NTAPI 195 PsRestoreImpersonation( 196 _Inout_ PETHREAD Thread, 197 _In_ PSE_IMPERSONATION_STATE ImpersonationState); 198 199 _IRQL_requires_max_(PASSIVE_LEVEL) 200 NTKERNELAPI 201 VOID 202 NTAPI 203 PsRevertToSelf(VOID); 204 205 _IRQL_requires_max_(APC_LEVEL) 206 NTKERNELAPI 207 VOID 208 NTAPI 209 PsChargePoolQuota( 210 _In_ PEPROCESS Process, 211 _In_ POOL_TYPE PoolType, 212 _In_ ULONG_PTR Amount); 213 214 _IRQL_requires_max_(APC_LEVEL) 215 NTKERNELAPI 216 VOID 217 NTAPI 218 PsReturnPoolQuota( 219 _In_ PEPROCESS Process, 220 _In_ POOL_TYPE PoolType, 221 _In_ ULONG_PTR Amount); 222 223 _IRQL_requires_max_(PASSIVE_LEVEL) 224 NTKERNELAPI 225 NTSTATUS 226 NTAPI 227 PsAssignImpersonationToken( 228 _In_ PETHREAD Thread, 229 _In_opt_ HANDLE Token); 230 231 _IRQL_requires_max_(PASSIVE_LEVEL) 232 NTKERNELAPI 233 HANDLE 234 NTAPI 235 PsReferencePrimaryToken( 236 _Inout_ PEPROCESS Process); 237 $endif (_NTIFS_) 238 #endif /* (NTDDI_VERSION >= NTDDI_WIN2K) */ 239 $if (_NTDDK_ || _NTIFS_) 240 #if (NTDDI_VERSION >= NTDDI_WINXP) 241 $endif (_NTDDK_ || _NTIFS_) 242 243 $if (_NTDDK_) 244 _IRQL_requires_max_(DISPATCH_LEVEL) 245 NTKERNELAPI 246 HANDLE 247 NTAPI 248 PsGetProcessId( 249 _In_ PEPROCESS Process); 250 251 _IRQL_requires_max_(DISPATCH_LEVEL) 252 NTKERNELAPI 253 HANDLE 254 NTAPI 255 PsGetThreadId( 256 _In_ PETHREAD Thread); 257 258 NTKERNELAPI 259 PEPROCESS 260 NTAPI 261 PsGetThreadProcess( 262 _In_ PETHREAD Thread 263 ); 264 265 NTKERNELAPI 266 NTSTATUS 267 NTAPI 268 PsRemoveCreateThreadNotifyRoutine( 269 _In_ PCREATE_THREAD_NOTIFY_ROUTINE NotifyRoutine); 270 271 _IRQL_requires_max_(PASSIVE_LEVEL) 272 NTKERNELAPI 273 NTSTATUS 274 NTAPI 275 PsRemoveLoadImageNotifyRoutine( 276 _In_ PLOAD_IMAGE_NOTIFY_ROUTINE NotifyRoutine); 277 278 _IRQL_requires_max_(DISPATCH_LEVEL) 279 NTKERNELAPI 280 LONGLONG 281 NTAPI 282 PsGetProcessCreateTimeQuadPart( 283 _In_ PEPROCESS Process); 284 $endif (_NTDDK_) 285 $if (_NTIFS_) 286 287 _IRQL_requires_max_(PASSIVE_LEVEL) 288 NTKERNELAPI 289 VOID 290 NTAPI 291 PsDereferencePrimaryToken( 292 _In_ PACCESS_TOKEN PrimaryToken); 293 294 _IRQL_requires_max_(PASSIVE_LEVEL) 295 NTKERNELAPI 296 VOID 297 NTAPI 298 PsDereferenceImpersonationToken( 299 _In_ PACCESS_TOKEN ImpersonationToken); 300 301 _Must_inspect_result_ 302 _IRQL_requires_max_(APC_LEVEL) 303 NTKERNELAPI 304 NTSTATUS 305 NTAPI 306 PsChargeProcessPoolQuota( 307 _In_ PEPROCESS Process, 308 _In_ POOL_TYPE PoolType, 309 _In_ ULONG_PTR Amount); 310 311 NTKERNELAPI 312 BOOLEAN 313 NTAPI 314 PsIsSystemThread( 315 _In_ PETHREAD Thread); 316 $endif (_NTIFS_) 317 $if (_NTDDK_ || _NTIFS_) 318 #endif /* (NTDDI_VERSION >= NTDDI_WINXP) */ 319 $endif (_NTDDK_ || _NTIFS_) 320 321 $if (_NTDDK_) 322 #if (NTDDI_VERSION >= NTDDI_WS03) 323 NTKERNELAPI 324 HANDLE 325 NTAPI 326 PsGetThreadProcessId( 327 IN PETHREAD Thread); 328 #endif /* (NTDDI_VERSION >= NTDDI_WS03) */ 329 330 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 331 NTKERNELAPI 332 PVOID 333 NTAPI 334 PsGetCurrentThreadTeb( 335 VOID); 336 #endif /* (NTDDI_VERSION >= NTDDI_WS03SP1) */ 337 338 #if (NTDDI_VERSION >= NTDDI_VISTA) 339 340 NTKERNELAPI 341 BOOLEAN 342 NTAPI 343 PsSetCurrentThreadPrefetching( 344 IN BOOLEAN Prefetching); 345 346 NTKERNELAPI 347 BOOLEAN 348 NTAPI 349 PsIsCurrentThreadPrefetching(VOID); 350 351 #endif /* (NTDDI_VERSION >= NTDDI_VISTA) */ 352 353 #if (NTDDI_VERSION >= NTDDI_VISTASP1) 354 NTKERNELAPI 355 NTSTATUS 356 NTAPI 357 PsSetCreateProcessNotifyRoutineEx( 358 IN PCREATE_PROCESS_NOTIFY_ROUTINE_EX NotifyRoutine, 359 IN BOOLEAN Remove); 360 #endif /* (NTDDI_VERSION >= NTDDI_VISTASP1) */ 361 $endif (_NTDDK_) 362