Process Hacker
ntfill.h File Reference

Go to the source code of this file.

Data Structures

struct  _HANDLE_TABLE_ENTRY
 
struct  _OBJECT_HEADER
 

Macros

#define OBJ_PROTECT_CLOSE   0x00000001
 
#define OBJ_HANDLE_ATTRIBUTES   (OBJ_PROTECT_CLOSE | OBJ_INHERIT | OBJ_AUDIT_OBJECT_CLOSE)
 
#define ObpAccessProtectCloseBit   0x2000000
 
#define ObpDecodeGrantedAccess(Access)   ((Access) & ~ObpAccessProtectCloseBit)
 
#define OBJECT_TO_OBJECT_HEADER(Object)   CONTAINING_RECORD((Object), OBJECT_HEADER, Body)
 
#define MAX_STACK_DEPTH   64
 
#define RTL_WALK_USER_MODE_STACK   0x00000001
 
#define RTL_WALK_VALID_FLAGS   0x00000001
 

Typedefs

typedef enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT
 
typedef enum _KAPC_ENVIRONMENTPKAPC_ENVIRONMENT
 
typedef VOID(NTAPI * PKNORMAL_ROUTINE )(__in PVOID NormalContext, __in PVOID SystemArgument1, __in PVOID SystemArgument2)
 
typedef VOID KKERNEL_ROUTINE (__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2)
 
typedef VOID(NTAPI * PKRUNDOWN_ROUTINE )(__in PRKAPC Apc)
 
typedef struct
_EX_PUSH_LOCK_WAIT_BLOCK * 
PEX_PUSH_LOCK_WAIT_BLOCK
 
typedef VOID(FASTCALL_ExfUnblockPushLock )(__inout PEX_PUSH_LOCK PushLock, __inout_opt PEX_PUSH_LOCK_WAIT_BLOCK WaitBlock)
 
typedef struct _HANDLE_TABLE_ENTRY HANDLE_TABLE_ENTRY
 
typedef struct
_HANDLE_TABLE_ENTRY
PHANDLE_TABLE_ENTRY
 
typedef struct _HANDLE_TABLE HANDLE_TABLE
 
typedef struct _HANDLE_TABLE * PHANDLE_TABLE
 
typedef BOOLEAN(NTAPI * PEX_ENUM_HANDLE_CALLBACK_61 )(__inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context)
 
typedef BOOLEAN(NTAPI * PEX_ENUM_HANDLE_CALLBACK )(__in PHANDLE_TABLE HandleTable, __inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context)
 
typedef struct
_OBJECT_CREATE_INFORMATION 
OBJECT_CREATE_INFORMATION
 
typedef struct
_OBJECT_CREATE_INFORMATION * 
POBJECT_CREATE_INFORMATION
 
typedef struct _OBJECT_HEADER OBJECT_HEADER
 
typedef struct _OBJECT_HEADERPOBJECT_HEADER
 
typedef POBJECT_TYPE(NTAPI * _ObGetObjectType )(__in PVOID Object)
 
typedef NTSTATUS(NTAPI * _PsAcquireProcessExitSynchronization )(__in PEPROCESS Process)
 
typedef NTSTATUS(NTAPI * _PsReleaseProcessExitSynchronization )(__in PEPROCESS Process)
 
typedef NTSTATUS(NTAPI * _PsSuspendProcess )(__in PEPROCESS Process)
 
typedef NTSTATUS(NTAPI * _PsResumeProcess )(__in PEPROCESS Process)
 
typedef BOOLEAN(NTAPI * _PsIsProtectedProcess )(__in PEPROCESS Process)
 
typedef struct _EJOB * PEJOB
 

Enumerations

enum  _KAPC_ENVIRONMENT { OriginalApcEnvironment, AttachedApcEnvironment, CurrentApcEnvironment, InsertApcEnvironment }
 

Functions

typedef KKERNEL_ROUTINE (NTAPI *PKKERNEL_ROUTINE)
 
NTKERNELAPI VOID NTAPI KeInitializeApc (__out PRKAPC Apc, __in PRKTHREAD Thread, __in KAPC_ENVIRONMENT Environment, __in PKKERNEL_ROUTINE KernelRoutine, __in_opt PKRUNDOWN_ROUTINE RundownRoutine, __in_opt PKNORMAL_ROUTINE NormalRoutine, __in_opt KPROCESSOR_MODE ProcessorMode, __in_opt PVOID NormalContext)
 
NTKERNELAPI BOOLEAN NTAPI KeInsertQueueApc (__inout PRKAPC Apc, __in_opt PVOID SystemArgument1, __in_opt PVOID SystemArgument2, __in KPRIORITY Increment)
 
NTKERNELAPI BOOLEAN NTAPI ExEnumHandleTable (__in PHANDLE_TABLE HandleTable, __in PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, __inout PVOID Context, __out_opt PHANDLE Handle)
 
NTSYSCALLAPI NTSTATUS NTAPI ZwQuerySystemInformation (__in SYSTEM_INFORMATION_CLASS SystemInformationClass, __out_bcount_opt(SystemInformationLength) PVOID SystemInformation, __in ULONG SystemInformationLength, __out_opt PULONG ReturnLength)
 
FORCEINLINE PVOID ObpDecodeObject (PVOID Object)
 
FORCEINLINE ULONG ObpGetHandleAttributes (PHANDLE_TABLE_ENTRY HandleTableEntry)
 
NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByName (__in POBJECT_ATTRIBUTES ObjectAttributes, __in POBJECT_TYPE ObjectType, __in KPROCESSOR_MODE PreviousMode, __in_opt PACCESS_STATE AccessState, __in_opt ACCESS_MASK DesiredAccess, __in PVOID ParseContext, __out PHANDLE Handle)
 
NTKERNELAPI NTSTATUS NTAPI ObSetHandleAttributes (__in HANDLE Handle, __in POBJECT_HANDLE_FLAG_INFORMATION HandleFlags, __in KPROCESSOR_MODE PreviousMode)
 
NTKERNELAPI NTSTATUS ObCloseHandle (__in HANDLE Handle, __in KPROCESSOR_MODE PreviousMode)
 
NTSYSCALLAPI NTSTATUS NTAPI ZwQueryInformationProcess (__in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __out_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength, __out_opt PULONG ReturnLength)
 
NTSYSCALLAPI NTSTATUS NTAPI ZwSetInformationProcess (__in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __in_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength)
 
NTSYSCALLAPI NTSTATUS NTAPI ZwQueryInformationThread (__in HANDLE ThreadHandle, __in THREADINFOCLASS ThreadInformationClass, __out_bcount(ThreadInformationLength) PVOID ThreadInformation, __in ULONG ThreadInformationLength, __out_opt PULONG ReturnLength)
 
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid (__in PCLIENT_ID ClientId, __out_opt PEPROCESS *Process, __out PETHREAD *Thread)
 
NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread (__in PETHREAD Thread)
 
NTKERNELAPI NTSTATUS NTAPI PsGetContextThread (__in PETHREAD Thread, __inout PCONTEXT ThreadContext, __in KPROCESSOR_MODE PreviousMode)
 
NTKERNELAPI NTSTATUS NTAPI PsSetContextThread (__in PETHREAD Thread, __in PCONTEXT ThreadContext, __in KPROCESSOR_MODE PreviousMode)
 
NTKERNELAPI PEJOB NTAPI PsGetProcessJob (__in PEPROCESS Process)
 
NTSYSAPI ULONG NTAPI RtlWalkFrameChain (__out PVOID *Callers, __in ULONG Count, __in ULONG Flags)
 

Variables

ULONG KphDynNtVersion
 
ULONG KphDynObDecodeShift
 
ULONG KphDynObAttributesShift
 
POBJECT_TYPE * IoDriverObjectType
 
POBJECT_TYPE * PsJobType
 

Macro Definition Documentation

#define MAX_STACK_DEPTH   64

Definition at line 341 of file ntfill.h.

#define OBJ_HANDLE_ATTRIBUTES   (OBJ_PROTECT_CLOSE | OBJ_INHERIT | OBJ_AUDIT_OBJECT_CLOSE)

Definition at line 131 of file ntfill.h.

#define OBJ_PROTECT_CLOSE   0x00000001

Definition at line 130 of file ntfill.h.

#define OBJECT_TO_OBJECT_HEADER (   Object)    CONTAINING_RECORD((Object), OBJECT_HEADER, Body)

Definition at line 204 of file ntfill.h.

#define ObpAccessProtectCloseBit   0x2000000

Definition at line 134 of file ntfill.h.

#define ObpDecodeGrantedAccess (   Access)    ((Access) & ~ObpAccessProtectCloseBit)

Definition at line 136 of file ntfill.h.

#define RTL_WALK_USER_MODE_STACK   0x00000001

Definition at line 343 of file ntfill.h.

#define RTL_WALK_VALID_FLAGS   0x00000001

Definition at line 344 of file ntfill.h.

Typedef Documentation

typedef VOID(FASTCALL * _ExfUnblockPushLock)(__inout PEX_PUSH_LOCK PushLock, __inout_opt PEX_PUSH_LOCK_WAIT_BLOCK WaitBlock)

Definition at line 70 of file ntfill.h.

typedef POBJECT_TYPE(NTAPI * _ObGetObjectType)(__in PVOID Object)

Definition at line 206 of file ntfill.h.

typedef NTSTATUS(NTAPI * _PsAcquireProcessExitSynchronization)(__in PEPROCESS Process)

Definition at line 241 of file ntfill.h.

typedef BOOLEAN(NTAPI * _PsIsProtectedProcess)(__in PEPROCESS Process)

Definition at line 257 of file ntfill.h.

typedef NTSTATUS(NTAPI * _PsReleaseProcessExitSynchronization)(__in PEPROCESS Process)

Definition at line 245 of file ntfill.h.

typedef NTSTATUS(NTAPI * _PsResumeProcess)(__in PEPROCESS Process)

Definition at line 253 of file ntfill.h.

typedef NTSTATUS(NTAPI * _PsSuspendProcess)(__in PEPROCESS Process)

Definition at line 249 of file ntfill.h.

typedef struct _HANDLE_TABLE HANDLE_TABLE

Definition at line 90 of file ntfill.h.

typedef VOID KKERNEL_ROUTINE(__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2)

Definition at line 28 of file ntfill.h.

typedef struct _OBJECT_CREATE_INFORMATION OBJECT_CREATE_INFORMATION

Definition at line 179 of file ntfill.h.

typedef struct _OBJECT_HEADER OBJECT_HEADER
typedef struct _EJOB* PEJOB

Definition at line 327 of file ntfill.h.

typedef BOOLEAN(NTAPI * PEX_ENUM_HANDLE_CALLBACK)(__in PHANDLE_TABLE HandleTable, __inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context)

Definition at line 99 of file ntfill.h.

typedef BOOLEAN(NTAPI * PEX_ENUM_HANDLE_CALLBACK_61)(__inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context)

Definition at line 92 of file ntfill.h.

typedef struct _EX_PUSH_LOCK_WAIT_BLOCK* PEX_PUSH_LOCK_WAIT_BLOCK

Definition at line 68 of file ntfill.h.

typedef struct _HANDLE_TABLE * PHANDLE_TABLE

Definition at line 90 of file ntfill.h.

typedef VOID(NTAPI * PKNORMAL_ROUTINE)(__in PVOID NormalContext, __in PVOID SystemArgument1, __in PVOID SystemArgument2)

Definition at line 22 of file ntfill.h.

typedef VOID(NTAPI * PKRUNDOWN_ROUTINE)(__in PRKAPC Apc)

Definition at line 38 of file ntfill.h.

typedef struct _OBJECT_CREATE_INFORMATION * POBJECT_CREATE_INFORMATION

Definition at line 179 of file ntfill.h.

typedef struct _OBJECT_HEADER * POBJECT_HEADER

Enumeration Type Documentation

Enumerator:
OriginalApcEnvironment 
AttachedApcEnvironment 
CurrentApcEnvironment 
InsertApcEnvironment 

Definition at line 14 of file ntfill.h.

Function Documentation

NTKERNELAPI BOOLEAN NTAPI ExEnumHandleTable ( __in PHANDLE_TABLE  HandleTable,
__in PEX_ENUM_HANDLE_CALLBACK  EnumHandleProcedure,
__inout PVOID  Context,
__out_opt PHANDLE  Handle 
)
NTKERNELAPI VOID NTAPI KeInitializeApc ( __out PRKAPC  Apc,
__in PRKTHREAD  Thread,
__in KAPC_ENVIRONMENT  Environment,
__in PKKERNEL_ROUTINE  KernelRoutine,
__in_opt PKRUNDOWN_ROUTINE  RundownRoutine,
__in_opt PKNORMAL_ROUTINE  NormalRoutine,
__in_opt KPROCESSOR_MODE  ProcessorMode,
__in_opt PVOID  NormalContext 
)
NTKERNELAPI BOOLEAN NTAPI KeInsertQueueApc ( __inout PRKAPC  Apc,
__in_opt PVOID  SystemArgument1,
__in_opt PVOID  SystemArgument2,
__in KPRIORITY  Increment 
)
typedef KKERNEL_ROUTINE ( NTAPI *  PKKERNEL_ROUTINE)
NTKERNELAPI NTSTATUS ObCloseHandle ( __in HANDLE  Handle,
__in KPROCESSOR_MODE  PreviousMode 
)
NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByName ( __in POBJECT_ATTRIBUTES  ObjectAttributes,
__in POBJECT_TYPE  ObjectType,
__in KPROCESSOR_MODE  PreviousMode,
__in_opt PACCESS_STATE  AccessState,
__in_opt ACCESS_MASK  DesiredAccess,
__in PVOID  ParseContext,
__out PHANDLE  Handle 
)
FORCEINLINE PVOID ObpDecodeObject ( PVOID  Object)

Definition at line 139 of file ntfill.h.

FORCEINLINE ULONG ObpGetHandleAttributes ( PHANDLE_TABLE_ENTRY  HandleTableEntry)

Definition at line 158 of file ntfill.h.

NTKERNELAPI NTSTATUS NTAPI ObSetHandleAttributes ( __in HANDLE  Handle,
__in POBJECT_HANDLE_FLAG_INFORMATION  HandleFlags,
__in KPROCESSOR_MODE  PreviousMode 
)
NTKERNELAPI NTSTATUS NTAPI PsGetContextThread ( __in PETHREAD  Thread,
__inout PCONTEXT  ThreadContext,
__in KPROCESSOR_MODE  PreviousMode 
)
NTKERNELAPI PEJOB NTAPI PsGetProcessJob ( __in PEPROCESS  Process)
NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread ( __in PETHREAD  Thread)
NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid ( __in PCLIENT_ID  ClientId,
__out_opt PEPROCESS *  Process,
__out PETHREAD *  Thread 
)
NTKERNELAPI NTSTATUS NTAPI PsSetContextThread ( __in PETHREAD  Thread,
__in PCONTEXT  ThreadContext,
__in KPROCESSOR_MODE  PreviousMode 
)
NTSYSAPI ULONG NTAPI RtlWalkFrameChain ( __out PVOID *  Callers,
__in ULONG  Count,
__in ULONG  Flags 
)
NTSYSCALLAPI NTSTATUS NTAPI ZwQueryInformationProcess ( __in HANDLE  ProcessHandle,
__in PROCESSINFOCLASS  ProcessInformationClass,
__out_bcount(ProcessInformationLength) PVOID  ProcessInformation,
__in ULONG  ProcessInformationLength,
__out_opt PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI ZwQueryInformationThread ( __in HANDLE  ThreadHandle,
__in THREADINFOCLASS  ThreadInformationClass,
__out_bcount(ThreadInformationLength) PVOID  ThreadInformation,
__in ULONG  ThreadInformationLength,
__out_opt PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI ZwQuerySystemInformation ( __in SYSTEM_INFORMATION_CLASS  SystemInformationClass,
__out_bcount_opt(SystemInformationLength) PVOID  SystemInformation,
__in ULONG  SystemInformationLength,
__out_opt PULONG  ReturnLength 
)
NTSYSCALLAPI NTSTATUS NTAPI ZwSetInformationProcess ( __in HANDLE  ProcessHandle,
__in PROCESSINFOCLASS  ProcessInformationClass,
__in_bcount(ProcessInformationLength) PVOID  ProcessInformation,
__in ULONG  ProcessInformationLength 
)

Variable Documentation

POBJECT_TYPE* IoDriverObjectType
ULONG KphDynNtVersion

Definition at line 56 of file dyndata.h.

ULONG KphDynObAttributesShift
ULONG KphDynObDecodeShift
POBJECT_TYPE* PsJobType