NTSTATUS
PsLookupProcessByProcessId(
__in HANDLE ProcessId,
__deref_out PEPROCESS *Process
)
/*++
Routine Description:
This function accepts the process id of a process and returns a
referenced pointer to the process.
Arguments:
ProcessId - Specifies the Process ID of the process.
Process - Returns a referenced pointer to the process specified by the
process id.
Return Value:
STATUS_SUCCESS - A process was located based on the contents of
the process id.
STATUS_INVALID_PARAMETER - The process was not found.
--*/
{
PHANDLE_TABLE_ENTRY CidEntry;
PEPROCESS lProcess;
PETHREAD CurrentThread;
NTSTATUS Status;
PAGED_CODE();
Status = STATUS_INVALID_PARAMETER;
CurrentThread = PsGetCurrentThread ();
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
CidEntry = ExMapHandleToPointer(PspCidTable, ProcessId);
if (CidEntry != NULL) {
lProcess = (PEPROCESS)CidEntry->Object;
if (lProcess->Pcb.Header.Type == ProcessObject &&
lProcess->GrantedAccess != 0) {
if (ObReferenceObjectSafe(lProcess)) {
*Process = lProcess;
Status = STATUS_SUCCESS;
}
}
ExUnlockHandleTableEntry(PspCidTable, CidEntry);
}
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
return Status;
}
VOID
NTAPI
ExpTimerDpcRoutine(IN PKDPC Dpc,
IN PVOID DeferredContext,
IN PVOID SystemArgument1,
IN PVOID SystemArgument2)
{
PETIMER Timer = DeferredContext;
BOOLEAN Inserted = FALSE;
/* Reference the timer */
if (!ObReferenceObjectSafe(Timer)) return;
/* Lock the Timer */
KeAcquireSpinLockAtDpcLevel(&Timer->Lock);
/* Check if the timer is associated */
if (Timer->ApcAssociated)
{
/* Queue the APC */
Inserted = KeInsertQueueApc(&Timer->TimerApc,
SystemArgument1,
SystemArgument2,
IO_NO_INCREMENT);
}
/* Release the Timer */
KeReleaseSpinLockFromDpcLevel(&Timer->Lock);
/* Dereference it if we couldn't queue the APC */
if (!Inserted) ObDereferenceObject(Timer);
}
VOID
NTAPI
CmpFlushNotifiesOnKeyBodyList(IN PCM_KEY_CONTROL_BLOCK Kcb,
IN BOOLEAN LockHeld)
{
PLIST_ENTRY NextEntry, ListHead;
PCM_KEY_BODY KeyBody;
/* Sanity check */
LockHeld ? CMP_ASSERT_EXCLUSIVE_REGISTRY_LOCK() : CmpIsKcbLockedExclusive(Kcb);
while (TRUE)
{
/* Is the list empty? */
ListHead = &Kcb->KeyBodyListHead;
if (!IsListEmpty(ListHead))
{
/* Loop the list */
NextEntry = ListHead->Flink;
while (NextEntry != ListHead)
{
/* Get the key body */
KeyBody = CONTAINING_RECORD(NextEntry, CM_KEY_BODY, KeyBodyList);
ASSERT(KeyBody->Type == '20yk');
/* Check for notifications */
if (KeyBody->NotifyBlock)
{
/* Is the lock held? */
if (LockHeld)
{
/* Flush it */
CmpFlushNotify(KeyBody, LockHeld);
ASSERT(KeyBody->NotifyBlock == NULL);
continue;
}
/* Lock isn't held, so we need to take a reference */
if (ObReferenceObjectSafe(KeyBody))
{
/* Now we can flush */
CmpFlushNotify(KeyBody, LockHeld);
ASSERT(KeyBody->NotifyBlock == NULL);
/* Release the reference we took */
ObDereferenceObjectDeferDelete(KeyBody);
continue;
}
}
/* Try the next entry */
NextEntry = NextEntry->Flink;
}
}
/* List has been parsed, exit */
break;
}
}
/*
* @implemented
*/
NTSTATUS
NTAPI
NtRequestPort(IN HANDLE PortHandle,
IN PPORT_MESSAGE LpcRequest)
{
PLPCP_PORT_OBJECT Port, QueuePort, ConnectionPort = NULL;
KPROCESSOR_MODE PreviousMode = KeGetPreviousMode();
NTSTATUS Status;
PLPCP_MESSAGE Message;
PETHREAD Thread = PsGetCurrentThread();
PKSEMAPHORE Semaphore;
ULONG MessageType;
PAGED_CODE();
LPCTRACE(LPC_SEND_DEBUG,
"Handle: %lx. Message: %p. Type: %lx\n",
PortHandle,
LpcRequest,
LpcpGetMessageType(LpcRequest));
/* Get the message type */
MessageType = LpcRequest->u2.s2.Type | LPC_DATAGRAM;
/* Can't have data information on this type of call */
if (LpcRequest->u2.s2.DataInfoOffset) return STATUS_INVALID_PARAMETER;
/* Validate the length */
if (((ULONG)LpcRequest->u1.s1.DataLength + sizeof(PORT_MESSAGE)) >
(ULONG)LpcRequest->u1.s1.TotalLength)
{
/* Fail */
return STATUS_INVALID_PARAMETER;
}
/* Reference the object */
Status = ObReferenceObjectByHandle(PortHandle,
0,
LpcPortObjectType,
PreviousMode,
(PVOID*)&Port,
NULL);
if (!NT_SUCCESS(Status)) return Status;
/* Validate the message length */
if (((ULONG)LpcRequest->u1.s1.TotalLength > Port->MaxMessageLength) ||
((ULONG)LpcRequest->u1.s1.TotalLength <= (ULONG)LpcRequest->u1.s1.DataLength))
{
/* Fail */
ObDereferenceObject(Port);
return STATUS_PORT_MESSAGE_TOO_LONG;
}
/* Allocate a message from the port zone */
Message = LpcpAllocateFromPortZone();
if (!Message)
{
/* Fail if we couldn't allocate a message */
ObDereferenceObject(Port);
return STATUS_NO_MEMORY;
}
/* No callback, just copy the message */
_SEH2_TRY
{
/* Copy it */
LpcpMoveMessage(&Message->Request,
LpcRequest,
LpcRequest + 1,
MessageType,
&Thread->Cid);
}
_SEH2_EXCEPT(EXCEPTION_EXECUTE_HANDLER)
{
/* Fail */
LpcpFreeToPortZone(Message, 0);
ObDereferenceObject(Port);
_SEH2_YIELD(return _SEH2_GetExceptionCode());
}
_SEH2_END;
/* Acquire the LPC lock */
KeAcquireGuardedMutex(&LpcpLock);
/* Right now clear the port context */
Message->PortContext = NULL;
/* Check if this is a not connection port */
if ((Port->Flags & LPCP_PORT_TYPE_MASK) != LPCP_CONNECTION_PORT)
{
/* We want the connected port */
QueuePort = Port->ConnectedPort;
if (!QueuePort)
{
/* We have no connected port, fail */
LpcpFreeToPortZone(Message, 3);
ObDereferenceObject(Port);
return STATUS_PORT_DISCONNECTED;
}
/* Check if this is a communication port */
if ((Port->Flags & LPCP_PORT_TYPE_MASK) == LPCP_CLIENT_PORT)
{
/* Copy the port context and use the connection port */
Message->PortContext = QueuePort->PortContext;
ConnectionPort = QueuePort = Port->ConnectionPort;
if (!ConnectionPort)
{
/* Fail */
LpcpFreeToPortZone(Message, 3);
ObDereferenceObject(Port);
return STATUS_PORT_DISCONNECTED;
}
}
else if ((Port->Flags & LPCP_PORT_TYPE_MASK) !=
LPCP_COMMUNICATION_PORT)
{
/* Use the connection port for anything but communication ports */
ConnectionPort = QueuePort = Port->ConnectionPort;
if (!ConnectionPort)
{
/* Fail */
LpcpFreeToPortZone(Message, 3);
ObDereferenceObject(Port);
return STATUS_PORT_DISCONNECTED;
}
}
/* Reference the connection port if it exists */
if (ConnectionPort) ObReferenceObject(ConnectionPort);
}
else
{
/* Otherwise, for a connection port, use the same port object */
QueuePort = Port;
}
/* Reference QueuePort if we have it */
if (QueuePort && ObReferenceObjectSafe(QueuePort))
{
/* Set sender's port */
Message->SenderPort = Port;
/* Generate the Message ID and set it */
Message->Request.MessageId = LpcpNextMessageId++;
if (!LpcpNextMessageId) LpcpNextMessageId = 1;
Message->Request.CallbackId = 0;
/* No Message ID for the thread */
PsGetCurrentThread()->LpcReplyMessageId = 0;
/* Insert the message in our chain */
InsertTailList(&QueuePort->MsgQueue.ReceiveHead, &Message->Entry);
/* Release the lock and get the semaphore we'll use later */
KeEnterCriticalRegion();
KeReleaseGuardedMutex(&LpcpLock);
/* Now release the semaphore */
Semaphore = QueuePort->MsgQueue.Semaphore;
LpcpCompleteWait(Semaphore);
/* If this is a waitable port, wake it up */
if (QueuePort->Flags & LPCP_WAITABLE_PORT)
{
/* Wake it */
KeSetEvent(&QueuePort->WaitEvent, IO_NO_INCREMENT, FALSE);
}
KeLeaveCriticalRegion();
/* Dereference objects */
if (ConnectionPort) ObDereferenceObject(ConnectionPort);
ObDereferenceObject(QueuePort);
ObDereferenceObject(Port);
LPCTRACE(LPC_SEND_DEBUG, "Port: %p. Message: %p\n", QueuePort, Message);
return STATUS_SUCCESS;
}
Status = STATUS_PORT_DISCONNECTED;
/* All done with a failure*/
LPCTRACE(LPC_SEND_DEBUG,
"Port: %p. Status: %p\n",
Port,
Status);
/* The wait failed, free the message */
if (Message) LpcpFreeToPortZone(Message, 3);
ObDereferenceObject(Port);
if (ConnectionPort) ObDereferenceObject(ConnectionPort);
return Status;
}
/*
* FUNCTION: Terminates the current thread
* See "Windows Internals" - Chapter 13, Page 50-53
*/
VOID
NTAPI
PspExitThread(IN NTSTATUS ExitStatus)
{
CLIENT_DIED_MSG TerminationMsg;
NTSTATUS Status;
PTEB Teb;
PEPROCESS CurrentProcess;
PETHREAD Thread, OtherThread, PreviousThread = NULL;
PVOID DeallocationStack;
SIZE_T Dummy;
BOOLEAN Last = FALSE;
PTERMINATION_PORT TerminationPort, NextPort;
PLIST_ENTRY FirstEntry, CurrentEntry;
PKAPC Apc;
PTOKEN PrimaryToken;
PAGED_CODE();
PSTRACE(PS_KILL_DEBUG, "ExitStatus: %d\n", ExitStatus);
/* Get the Current Thread and Process */
Thread = PsGetCurrentThread();
CurrentProcess = Thread->ThreadsProcess;
ASSERT((Thread) == PsGetCurrentThread());
/* Can't terminate a thread if it attached another process */
if (KeIsAttachedProcess())
{
/* Bugcheck */
KeBugCheckEx(INVALID_PROCESS_ATTACH_ATTEMPT,
(ULONG_PTR)CurrentProcess,
(ULONG_PTR)Thread->Tcb.ApcState.Process,
(ULONG_PTR)Thread->Tcb.ApcStateIndex,
(ULONG_PTR)Thread);
}
/* Lower to Passive Level */
KeLowerIrql(PASSIVE_LEVEL);
/* Can't be a worker thread */
if (Thread->ActiveExWorker)
{
/* Bugcheck */
KeBugCheckEx(ACTIVE_EX_WORKER_THREAD_TERMINATION,
(ULONG_PTR)Thread,
0,
0,
0);
}
/* Can't have pending APCs */
if (Thread->Tcb.CombinedApcDisable != 0)
{
/* Bugcheck */
KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
0,
Thread->Tcb.CombinedApcDisable,
0,
1);
}
/* Lock the thread */
ExWaitForRundownProtectionRelease(&Thread->RundownProtect);
/* Cleanup the power state */
PopCleanupPowerState((PPOWER_STATE)&Thread->Tcb.PowerState);
/* Call the WMI Callback for Threads */
//WmiTraceThread(Thread, NULL, FALSE);
/* Run Thread Notify Routines before we desintegrate the thread */
PspRunCreateThreadNotifyRoutines(Thread, FALSE);
/* Lock the Process before we modify its thread entries */
KeEnterCriticalRegion();
ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
/* Decrease the active thread count, and check if it's 0 */
if (!(--CurrentProcess->ActiveThreads))
{
/* Set the delete flag */
InterlockedOr((PLONG)&CurrentProcess->Flags, PSF_PROCESS_DELETE_BIT);
/* Remember we are last */
Last = TRUE;
/* Check if this termination is due to the thread dying */
if (ExitStatus == STATUS_THREAD_IS_TERMINATING)
{
/* Check if the last thread was pending */
if (CurrentProcess->ExitStatus == STATUS_PENDING)
{
/* Use the last exit status */
CurrentProcess->ExitStatus = CurrentProcess->
LastThreadExitStatus;
}
}
else
{
/* Just a normal exit, write the code */
CurrentProcess->ExitStatus = ExitStatus;
}
/* Loop all the current threads */
FirstEntry = &CurrentProcess->ThreadListHead;
CurrentEntry = FirstEntry->Flink;
while (FirstEntry != CurrentEntry)
{
/* Get the thread on the list */
OtherThread = CONTAINING_RECORD(CurrentEntry,
ETHREAD,
ThreadListEntry);
/* Check if it's a thread that's still alive */
if ((OtherThread != Thread) &&
!(KeReadStateThread(&OtherThread->Tcb)) &&
(ObReferenceObjectSafe(OtherThread)))
{
/* It's a live thread and we referenced it, unlock process */
ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
KeLeaveCriticalRegion();
/* Wait on the thread */
KeWaitForSingleObject(OtherThread,
Executive,
KernelMode,
FALSE,
NULL);
/* Check if we had a previous thread to dereference */
if (PreviousThread) ObDereferenceObject(PreviousThread);
/* Remember the thread and re-lock the process */
PreviousThread = OtherThread;
KeEnterCriticalRegion();
ExAcquirePushLockExclusive(&CurrentProcess->ProcessLock);
}
/* Go to the next thread */
CurrentEntry = CurrentEntry->Flink;
}
}
else if (ExitStatus != STATUS_THREAD_IS_TERMINATING)
{
/* Write down the exit status of the last thread to get killed */
CurrentProcess->LastThreadExitStatus = ExitStatus;
}
/* Unlock the Process */
ExReleasePushLockExclusive(&CurrentProcess->ProcessLock);
KeLeaveCriticalRegion();
/* Check if we had a previous thread to dereference */
if (PreviousThread) ObDereferenceObject(PreviousThread);
/* Check if the process has a debug port and if this is a user thread */
if ((CurrentProcess->DebugPort) && !(Thread->SystemThread))
{
/* Notify the Debug API. */
Last ? DbgkExitProcess(CurrentProcess->ExitStatus) :
DbgkExitThread(ExitStatus);
}
/* Check if this is a Critical Thread */
if ((KdDebuggerEnabled) && (Thread->BreakOnTermination))
{
/* Break to debugger */
PspCatchCriticalBreak("Critical thread 0x%p (in %s) exited\n",
Thread,
CurrentProcess->ImageFileName);
}
/* Check if it's the last thread and this is a Critical Process */
if ((Last) && (CurrentProcess->BreakOnTermination))
{
/* Check if a debugger is here to handle this */
if (KdDebuggerEnabled)
{
/* Break to debugger */
PspCatchCriticalBreak("Critical process 0x%p (in %s) exited\n",
CurrentProcess,
CurrentProcess->ImageFileName);
}
else
{
/* Bugcheck, we can't allow this */
KeBugCheckEx(CRITICAL_PROCESS_DIED,
(ULONG_PTR)CurrentProcess,
0,
0,
0);
}
}
/* Sanity check */
ASSERT(Thread->Tcb.CombinedApcDisable == 0);
/* Process the Termination Ports */
TerminationPort = Thread->TerminationPort;
if (TerminationPort)
{
/* Setup the message header */
TerminationMsg.h.u2.ZeroInit = 0;
TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
sizeof(PORT_MESSAGE);
/* Loop each port */
do
{
/* Save the Create Time */
TerminationMsg.CreateTime = Thread->CreateTime;
/* Loop trying to send message */
while (TRUE)
{
/* Send the LPC Message */
Status = LpcRequestPort(TerminationPort->Port,
&TerminationMsg.h);
if ((Status == STATUS_NO_MEMORY) ||
(Status == STATUS_INSUFFICIENT_RESOURCES))
{
/* Wait a bit and try again */
KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
continue;
}
break;
}
/* Dereference this LPC Port */
ObDereferenceObject(TerminationPort->Port);
/* Move to the next one */
NextPort = TerminationPort->Next;
/* Free the Termination Port Object */
ExFreePoolWithTag(TerminationPort, '=TsP');
/* Keep looping as long as there is a port */
TerminationPort = NextPort;
} while (TerminationPort);
}
else if (((ExitStatus == STATUS_THREAD_IS_TERMINATING) &&
(Thread->DeadThread)) ||
!(Thread->DeadThread))
{
/*
* This case is special and deserves some extra comments. What
* basically happens here is that this thread doesn't have a termination
* port, which means that it died before being fully created. Since we
* still have to notify an LPC Server, we'll use the exception port,
* which we know exists. However, we need to know how far the thread
* actually got created. We have three possibilities:
*
* - NtCreateThread returned an error really early: DeadThread is set.
* - NtCreateThread managed to create the thread: DeadThread is off.
* - NtCreateThread was creating the thread (with DeadThread set,
* but the thread got killed prematurely: STATUS_THREAD_IS_TERMINATING
* is our exit code.)
*
* For the 2 & 3rd scenarios, the thread has been created far enough to
* warrant notification to the LPC Server.
*/
/* Setup the message header */
TerminationMsg.h.u2.ZeroInit = 0;
TerminationMsg.h.u2.s2.Type = LPC_CLIENT_DIED;
TerminationMsg.h.u1.s1.TotalLength = sizeof(TerminationMsg);
TerminationMsg.h.u1.s1.DataLength = sizeof(TerminationMsg) -
sizeof(PORT_MESSAGE);
/* Make sure the process has an exception port */
if (CurrentProcess->ExceptionPort)
{
/* Save the Create Time */
TerminationMsg.CreateTime = Thread->CreateTime;
/* Loop trying to send message */
while (TRUE)
{
/* Send the LPC Message */
Status = LpcRequestPort(CurrentProcess->ExceptionPort,
&TerminationMsg.h);
if ((Status == STATUS_NO_MEMORY) ||
(Status == STATUS_INSUFFICIENT_RESOURCES))
{
/* Wait a bit and try again */
KeDelayExecutionThread(KernelMode, FALSE, &ShortTime);
continue;
}
break;
}
}
}
/* Rundown Win32 Thread if there is one */
if (Thread->Tcb.Win32Thread) PspW32ThreadCallout(Thread,
PsW32ThreadCalloutExit);
/* If we are the last thread and have a W32 Process */
if ((Last) && (CurrentProcess->Win32Process))
{
/* Run it down too */
PspW32ProcessCallout(CurrentProcess, FALSE);
}
/* Make sure Stack Swap is enabled */
if (!Thread->Tcb.EnableStackSwap)
{
/* Stack swap really shouldn't be disabled during exit! */
KeBugCheckEx(KERNEL_STACK_LOCKED_AT_EXIT, 0, 0, 0, 0);
}
/* Cancel I/O for the thread. */
IoCancelThreadIo(Thread);
/* Rundown Timers */
ExTimerRundown();
/* FIXME: Rundown Registry Notifications (NtChangeNotify)
CmNotifyRunDown(Thread); */
/* Rundown Mutexes */
KeRundownThread();
/* Check if we have a TEB */
Teb = Thread->Tcb.Teb;
if (Teb)
{
/* Check if the thread is still alive */
if (!Thread->DeadThread)
{
/* Check if we need to free its stack */
if (Teb->FreeStackOnTermination)
{
/* Set the TEB's Deallocation Stack as the Base Address */
Dummy = 0;
DeallocationStack = Teb->DeallocationStack;
/* Free the Thread's Stack */
ZwFreeVirtualMemory(NtCurrentProcess(),
&DeallocationStack,
&Dummy,
MEM_RELEASE);
}
/* Free the debug handle */
if (Teb->DbgSsReserved[1]) ObCloseHandle(Teb->DbgSsReserved[1],
UserMode);
}
/* Decommit the TEB */
MmDeleteTeb(CurrentProcess, Teb);
Thread->Tcb.Teb = NULL;
}
/* Free LPC Data */
LpcExitThread(Thread);
/* Save the exit status and exit time */
Thread->ExitStatus = ExitStatus;
KeQuerySystemTime(&Thread->ExitTime);
/* Sanity check */
ASSERT(Thread->Tcb.CombinedApcDisable == 0);
/* Check if this is the final thread or not */
if (Last)
{
/* Set the process exit time */
CurrentProcess->ExitTime = Thread->ExitTime;
/* Exit the process */
PspExitProcess(TRUE, CurrentProcess);
/* Get the process token and check if we need to audit */
PrimaryToken = PsReferencePrimaryToken(CurrentProcess);
if (SeDetailedAuditingWithToken(PrimaryToken))
{
/* Audit the exit */
SeAuditProcessExit(CurrentProcess);
}
/* Dereference the process token */
ObFastDereferenceObject(&CurrentProcess->Token, PrimaryToken);
/* Check if this is a VDM Process and rundown the VDM DPCs if so */
if (CurrentProcess->VdmObjects) { /* VdmRundownDpcs(CurrentProcess); */ }
/* Kill the process in the Object Manager */
ObKillProcess(CurrentProcess);
/* Check if we have a section object */
if (CurrentProcess->SectionObject)
{
/* Dereference and clear the Section Object */
ObDereferenceObject(CurrentProcess->SectionObject);
CurrentProcess->SectionObject = NULL;
}
/* Check if the process is part of a job */
if (CurrentProcess->Job)
{
/* Remove the process from the job */
PspExitProcessFromJob(CurrentProcess->Job, CurrentProcess);
}
}
/* Disable APCs */
KeEnterCriticalRegion();
/* Disable APC queueing, force a resumption */
Thread->Tcb.ApcQueueable = FALSE;
KeForceResumeThread(&Thread->Tcb);
/* Re-enable APCs */
KeLeaveCriticalRegion();
/* Flush the User APCs */
FirstEntry = KeFlushQueueApc(&Thread->Tcb, UserMode);
if (FirstEntry)
{
/* Start with the first entry */
CurrentEntry = FirstEntry;
do
{
/* Get the APC */
Apc = CONTAINING_RECORD(CurrentEntry, KAPC, ApcListEntry);
/* Move to the next one */
CurrentEntry = CurrentEntry->Flink;
/* Rundown the APC or de-allocate it */
if (Apc->RundownRoutine)
{
/* Call its own routine */
Apc->RundownRoutine(Apc);
}
else
{
/* Do it ourselves */
ExFreePool(Apc);
}
}
while (CurrentEntry != FirstEntry);
}
/* Clean address space if this was the last thread */
if (Last) MmCleanProcessAddressSpace(CurrentProcess);
/* Call the Lego routine */
if (Thread->Tcb.LegoData) PspRunLegoRoutine(&Thread->Tcb);
/* Flush the APC queue, which should be empty */
FirstEntry = KeFlushQueueApc(&Thread->Tcb, KernelMode);
if ((FirstEntry) || (Thread->Tcb.CombinedApcDisable != 0))
{
/* Bugcheck time */
KeBugCheckEx(KERNEL_APC_PENDING_DURING_EXIT,
(ULONG_PTR)FirstEntry,
Thread->Tcb.CombinedApcDisable,
KeGetCurrentIrql(),
0);
}
/* Signal the process if this was the last thread */
if (Last) KeSetProcess(&CurrentProcess->Pcb, 0, FALSE);
/* Terminate the Thread from the Scheduler */
KeTerminateThread(0);
}
NTSTATUS
PsLookupProcessThreadByCid(
__in PCLIENT_ID Cid,
__deref_opt_out PEPROCESS *Process,
__deref_out PETHREAD *Thread
)
/*++
Routine Description:
This function accepts The Client ID of a thread, and returns a
referenced pointer to the thread, and possibly a referenced pointer
to the process.
Arguments:
Cid - Specifies the Client ID of the thread.
Process - If specified, returns a referenced pointer to the process
specified in the Cid.
Thread - Returns a referenced pointer to the thread specified in the
Cid.
Return Value:
STATUS_SUCCESS - A process and thread were located based on the contents
of the Cid.
STATUS_INVALID_CID - The specified Cid is invalid.
--*/
{
PHANDLE_TABLE_ENTRY CidEntry;
PETHREAD lThread;
PETHREAD CurrentThread;
PEPROCESS lProcess;
NTSTATUS Status;
PAGED_CODE();
lThread = NULL;
CurrentThread = PsGetCurrentThread ();
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
CidEntry = ExMapHandleToPointer(PspCidTable, Cid->UniqueThread);
if (CidEntry != NULL) {
lThread = (PETHREAD)CidEntry->Object;
if (!ObReferenceObjectSafe (lThread)) {
lThread = NULL;
}
ExUnlockHandleTableEntry(PspCidTable, CidEntry);
}
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
Status = STATUS_INVALID_CID;
if (lThread != NULL) {
//
// This could be a thread or a process. Check its a thread.
//
if (lThread->Tcb.Header.Type != ThreadObject ||
lThread->Cid.UniqueProcess != Cid->UniqueProcess ||
lThread->GrantedAccess == 0) {
ObDereferenceObject (lThread);
} else {
*Thread = lThread;
if (ARGUMENT_PRESENT (Process)) {
lProcess = THREAD_TO_PROCESS (lThread);
*Process = lProcess;
//
// Since the thread holds a reference to the process this reference does not have to
// be protected.
//
ObReferenceObject (lProcess);
}
Status = STATUS_SUCCESS;
}
}
return Status;
}
NTSTATUS
PsLookupThreadByThreadId(
__in HANDLE ThreadId,
__deref_out PETHREAD *Thread
)
/*++
Routine Description:
This function accepts the thread id of a thread and returns a
referenced pointer to the thread.
Arguments:
ThreadId - Specifies the Thread ID of the thread.
Thread - Returns a referenced pointer to the thread specified by the
thread id.
Return Value:
STATUS_SUCCESS - A thread was located based on the contents of
the thread id.
STATUS_INVALID_PARAMETER - The thread was not found.
--*/
{
PHANDLE_TABLE_ENTRY CidEntry;
PETHREAD lThread;
PETHREAD CurrentThread;
NTSTATUS Status;
PAGED_CODE();
Status = STATUS_INVALID_PARAMETER;
CurrentThread = PsGetCurrentThread ();
KeEnterCriticalRegionThread (&CurrentThread->Tcb);
CidEntry = ExMapHandleToPointer(PspCidTable, ThreadId);
if (CidEntry != NULL) {
lThread = (PETHREAD)CidEntry->Object;
if (lThread->Tcb.Header.Type == ThreadObject && lThread->GrantedAccess) {
if (ObReferenceObjectSafe(lThread)) {
*Thread = lThread;
Status = STATUS_SUCCESS;
}
}
ExUnlockHandleTableEntry(PspCidTable, CidEntry);
}
KeLeaveCriticalRegionThread (&CurrentThread->Tcb);
return Status;
}