NTSTATUS ModifyRight(FILE_RIGHT_MODIFY* Data)
{
NTSTATUS Status=STATUS_UNSUCCESSFUL;
KdPrint(("输入句柄:Des %08x---Sour %08x",Data->DesHandle,Data->SourceHandle));
ENUMHANDLE_PARAMETER * Param=(ENUMHANDLE_PARAMETER *)ExAllocatePool(NonPagedPool,sizeof(ENUMHANDLE_PARAMETER));
if(Param>0)
{
Param->AccessMask=0;
Param->DesHandle=Data->DesHandle;
Param->SorHadnle=Data->SourceHandle;
KdPrint(("%08x\n",PsGetCurrentProcess()));
PVOID TableAddr=(PVOID)GetHandleTableFromProcessXp(PsGetCurrentProcess());
if(ExEnumHandleTable(TableAddr,
(EX_ENUMERATE_HANDLE_ROUTINE)EnumHandleCallBack,Param,NULL))
{
KdPrint(("Enum Success!\n"));
if(ExEnumHandleTable((PVOID)GetHandleTableFromProcessXp(PsGetCurrentProcess()),
(EX_ENUMERATE_HANDLE_ROUTINE)EnumHandleCallBack,Param,NULL))
{
Status=STATUS_SUCCESS;
}
}
ExFreePool(Param);
}
return Status;
}
BOOLEAN
ObFindHandleForObject(
IN PEPROCESS Process,
IN PVOID Object OPTIONAL,
IN POBJECT_TYPE ObjectType OPTIONAL,
IN POBJECT_HANDLE_INFORMATION HandleInformation OPTIONAL,
OUT PHANDLE Handle
)
/*++
Routine Description:
This routine searchs the handle table for the specified process,
looking for a handle table entry that matches the passed parameters.
If an an Object pointer is specified it must match. If an
ObjectType is specified it must match. If HandleInformation is
specified, then both the HandleAttributes and GrantedAccess mask
must match. If all three match parameters are NULL, then will
match the first allocated handle for the specified process that
matches the specified object pointer.
Arguments:
Process - Specifies the process whose object table is to be searched.
Object - Specifies the object pointer to look for.
ObjectType - Specifies the object type to look for.
HandleInformation - Specifies additional match criteria to look for.
Handle - Specifies the location to receive the handle value whose handle
entry matches the supplied object pointer and optional match criteria.
Return Value:
TRUE if a match was found and FALSE otherwise.
--*/
{
OBJECT_TABLE_ENTRY ObjectTableEntry;
OBP_FIND_HANDLE_DATA EnumParameter;
BOOLEAN Result;
Result = FALSE;
KeWaitForSingleObject( &ObpInitKillMutant,
Executive,
KernelMode,
FALSE,
NULL
);
if (Process->ObjectTable != NULL) {
if (ARGUMENT_PRESENT( Object )) {
EnumParameter.ObjectHeader = OBJECT_TO_OBJECT_HEADER( Object );
}
else {
EnumParameter.ObjectHeader = NULL;
}
EnumParameter.ObjectType = ObjectType;
EnumParameter.HandleInformation = HandleInformation;
if (ExEnumHandleTable( Process->ObjectTable,
ObpEnumFindHandleProcedure,
&EnumParameter,
Handle
)
) {
*Handle = MAKE_OBJECT_HANDLE( *Handle );
Result = TRUE;
}
}
KeReleaseMutant( &ObpInitKillMutant, 0, FALSE, FALSE );
return Result;
}
NTSTATUS
ObInitProcess(
PEPROCESS ParentProcess OPTIONAL,
PEPROCESS NewProcess
)
/*++
Routine Description:
This function initializes a process object table. If the ParentProcess
is specified, then all object handles with the OBJ_INHERIT attribute are
copied from the parent object table to the new process' object table.
The HandleCount field of each object copied is incremented by one. Both
object table mutexes remained locked for the duration of the copy
operation.
Arguments:
ParentProcess - optional pointer to a process object that is the
parent process to inherit object handles from.
NewProcess - pointer to the process object being initialized.
Return Value:
Status code.
The following errors can occur:
- insufficient memory
--*/
{
PHANDLE_TABLE OldObjectTable;
PHANDLE_TABLE NewObjectTable;
ULONG PoolCharges[ MaxPoolType ];
SE_PROCESS_AUDIT_INFO ProcessAuditInfo;
RtlZeroMemory( PoolCharges, sizeof( PoolCharges ) );
if (ARGUMENT_PRESENT( ParentProcess )) {
KeWaitForSingleObject( &ObpInitKillMutant,
Executive,
KernelMode,
FALSE,
NULL
);
OldObjectTable = ParentProcess->ObjectTable;
if ( !OldObjectTable ) {
KeReleaseMutant(&ObpInitKillMutant,0,FALSE,FALSE);
return STATUS_PROCESS_IS_TERMINATING;
}
NewObjectTable = ExDupHandleTable( NewProcess,
OldObjectTable,
ObDupHandleProcedure
);
}
else {
OldObjectTable = NULL;
NewObjectTable = ExCreateHandleTable( NewProcess,
0,
0
);
}
if (NewObjectTable) {
NewProcess->ObjectTable = NewObjectTable;
if ( SeDetailedAuditing ) {
ProcessAuditInfo.Process = NewProcess;
ProcessAuditInfo.Parent = ParentProcess;
ExEnumHandleTable(
NewObjectTable,
ObAuditInheritedHandleProcedure,
(PVOID)&ProcessAuditInfo,
(PHANDLE)NULL
);
}
if ( OldObjectTable ) {
KeReleaseMutant(&ObpInitKillMutant,0,FALSE,FALSE);
}
return( STATUS_SUCCESS );
}
else {
NewProcess->ObjectTable = NULL;
if ( OldObjectTable ) {
KeReleaseMutant(&ObpInitKillMutant,0,FALSE,FALSE);
}
return( STATUS_INSUFFICIENT_RESOURCES );
}
}
