Process Hacker
object.c File Reference
#include <kph.h>
#include <dyndata.h>

Go to the source code of this file.

Macros

#define KERNEL_HANDLE_BIT   (0xffffffff80000000)
 
#define IsKernelHandle(Handle)   ((LONG_PTR)(Handle) < 0)
 
#define MakeKernelHandle(Handle)   ((HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_BIT))
 

Typedefs

typedef struct
_KPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT 
KPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT
 
typedef struct
_KPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT * 
PKPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT
 

Functions

BOOLEAN KphpEnumerateProcessHandlesEnumCallback61 (__inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context)
 
BOOLEAN KphpEnumerateProcessHandlesEnumCallback (__in PHANDLE_TABLE HandleTable, __inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context)
 
POBJECT_TYPE KphGetObjectType (__in PVOID Object)
 Gets the type of an object.
 
PHANDLE_TABLE KphReferenceProcessHandleTable (__in PEPROCESS Process)
 Gets a pointer to the handle table of a process.
 
VOID KphDereferenceProcessHandleTable (__in PEPROCESS Process)
 Dereferences the handle table of a process.
 
VOID KphUnlockHandleTableEntry (__in PHANDLE_TABLE HandleTable, __in PHANDLE_TABLE_ENTRY HandleTableEntry)
 
NTSTATUS KpiEnumerateProcessHandles (__in HANDLE ProcessHandle, __out_bcount(BufferLength) PVOID Buffer, __in_opt ULONG BufferLength, __out_opt PULONG ReturnLength, __in KPROCESSOR_MODE AccessMode)
 Enumerates the handles of a process.
 
NTSTATUS KphQueryNameObject (__in PVOID Object, __out_bcount(BufferLength) POBJECT_NAME_INFORMATION Buffer, __in ULONG BufferLength, __out PULONG ReturnLength)
 Queries the name of an object.
 
NTSTATUS KphQueryNameFileObject (__in PFILE_OBJECT FileObject, __out_bcount(BufferLength) POBJECT_NAME_INFORMATION Buffer, __in ULONG BufferLength, __out PULONG ReturnLength)
 Queries the name of a file object.
 
NTSTATUS KpiQueryInformationObject (__in HANDLE ProcessHandle, __in HANDLE Handle, __in KPH_OBJECT_INFORMATION_CLASS ObjectInformationClass, __out_bcount(ObjectInformationLength) PVOID ObjectInformation, __in ULONG ObjectInformationLength, __out_opt PULONG ReturnLength, __in KPROCESSOR_MODE AccessMode)
 Queries object information.
 
NTSTATUS KpiSetInformationObject (__in HANDLE ProcessHandle, __in HANDLE Handle, __in KPH_OBJECT_INFORMATION_CLASS ObjectInformationClass, __in_bcount(ObjectInformationLength) PVOID ObjectInformation, __in ULONG ObjectInformationLength, __in KPROCESSOR_MODE AccessMode)
 Sets object information.
 
NTSTATUS KphDuplicateObject (__in PEPROCESS SourceProcess, __in_opt PEPROCESS TargetProcess, __in HANDLE SourceHandle, __out_opt PHANDLE TargetHandle, __in ACCESS_MASK DesiredAccess, __in ULONG HandleAttributes, __in ULONG Options, __in KPROCESSOR_MODE AccessMode)
 Re-opens an object.
 
NTSTATUS KpiDuplicateObject (__in HANDLE SourceProcessHandle, __in HANDLE SourceHandle, __in_opt HANDLE TargetProcessHandle, __out_opt PHANDLE TargetHandle, __in ACCESS_MASK DesiredAccess, __in ULONG HandleAttributes, __in ULONG Options, __in KPROCESSOR_MODE AccessMode)
 Re-opens an object.
 
NTSTATUS KphOpenNamedObject (__out PHANDLE ObjectHandle, __in ACCESS_MASK DesiredAccess, __in POBJECT_ATTRIBUTES ObjectAttributes, __in POBJECT_TYPE ObjectType, __in KPROCESSOR_MODE AccessMode)
 

Macro Definition Documentation

#define IsKernelHandle (   Handle)    ((LONG_PTR)(Handle) < 0)

Definition at line 31 of file object.c.

#define KERNEL_HANDLE_BIT   (0xffffffff80000000)

Definition at line 28 of file object.c.

#define MakeKernelHandle (   Handle)    ((HANDLE)((ULONG_PTR)(Handle) | KERNEL_HANDLE_BIT))

Definition at line 32 of file object.c.

Typedef Documentation

typedef struct _KPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT KPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT
typedef struct _KPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT * PKPHP_ENUMERATE_PROCESS_HANDLES_CONTEXT

Function Documentation

VOID KphDereferenceProcessHandleTable ( __in PEPROCESS  Process)

Dereferences the handle table of a process.

Parameters
ProcessA process object.

Definition at line 152 of file object.c.

NTSTATUS KphDuplicateObject ( __in PEPROCESS  SourceProcess,
__in_opt PEPROCESS  TargetProcess,
__in HANDLE  SourceHandle,
__out_opt PHANDLE  TargetHandle,
__in ACCESS_MASK  DesiredAccess,
__in ULONG  HandleAttributes,
__in ULONG  Options,
__in KPROCESSOR_MODE  AccessMode 
)

Re-opens an object.

Parameters
SourceProcessThe source process from which the object will be referenced.
TargetProcessThe target process to which the object handle will be duplicated.
SourceHandleThe source handle, present in SourceProcess.
TargetHandleA variable which receives the new handle.
DesiredAccessThe desired access to the object for the new handle.
HandleAttributesThe attributes of the new handle.
OptionsA combination of the following:
  • DUPLICATE_CLOSE_SOURCE The handle will be closed in the source process instead of being duplicated to the target process. The TargetProcess and TargetHandle parameters are ignored.
  • DUPLICATE_SAME_ACCESS The new handle will have the same granted access as the existing handle.
  • DUPLICATE_SAME_ATTRIBUTES The new handle will have the same attributes as the existing handle.
AccessModeThe mode in which access checks will be performed.

Definition at line 1343 of file object.c.

POBJECT_TYPE KphGetObjectType ( __in PVOID  Object)

Gets the type of an object.

Parameters
ObjectA pointer to an object.
Returns
A pointer to the object's type object, or NULL if an error occurred.

Definition at line 81 of file object.c.

NTSTATUS KphOpenNamedObject ( __out PHANDLE  ObjectHandle,
__in ACCESS_MASK  DesiredAccess,
__in POBJECT_ATTRIBUTES  ObjectAttributes,
__in POBJECT_TYPE  ObjectType,
__in KPROCESSOR_MODE  AccessMode 
)

Definition at line 1587 of file object.c.

BOOLEAN KphpEnumerateProcessHandlesEnumCallback ( __in PHANDLE_TABLE  HandleTable,
__inout PHANDLE_TABLE_ENTRY  HandleTableEntry,
__in HANDLE  Handle,
__in PVOID  Context 
)

Definition at line 257 of file object.c.

BOOLEAN KphpEnumerateProcessHandlesEnumCallback61 ( __inout PHANDLE_TABLE_ENTRY  HandleTableEntry,
__in HANDLE  Handle,
__in PVOID  Context 
)

Definition at line 186 of file object.c.

NTSTATUS KphQueryNameFileObject ( __in PFILE_OBJECT  FileObject,
__out_bcount(BufferLength) POBJECT_NAME_INFORMATION  Buffer,
__in ULONG  BufferLength,
__out PULONG  ReturnLength 
)

Queries the name of a file object.

Parameters
FileObjectA pointer to a file object.
BufferThe buffer in which the object name will be stored.
BufferLengthThe number of bytes available in Buffer.
ReturnLengthA variable which receives the number of bytes required to be available in Buffer.

Definition at line 484 of file object.c.

NTSTATUS KphQueryNameObject ( __in PVOID  Object,
__out_bcount(BufferLength) POBJECT_NAME_INFORMATION  Buffer,
__in ULONG  BufferLength,
__out PULONG  ReturnLength 
)

Queries the name of an object.

Parameters
ObjectA pointer to an object.
BufferThe buffer in which the object name will be stored.
BufferLengthThe number of bytes available in Buffer.
ReturnLengthA variable which receives the number of bytes required to be available in Buffer.

Definition at line 433 of file object.c.

PHANDLE_TABLE KphReferenceProcessHandleTable ( __in PEPROCESS  Process)

Gets a pointer to the handle table of a process.

Parameters
ProcessA process object.
Returns
A pointer to the handle table, or NULL if the process is terminating or the request is not supported. You must call KphDereferenceProcessHandleTable() when the handle table is no longer needed.

Definition at line 123 of file object.c.

VOID KphUnlockHandleTableEntry ( __in PHANDLE_TABLE  HandleTable,
__in PHANDLE_TABLE_ENTRY  HandleTableEntry 
)

Definition at line 161 of file object.c.

NTSTATUS KpiDuplicateObject ( __in HANDLE  SourceProcessHandle,
__in HANDLE  SourceHandle,
__in_opt HANDLE  TargetProcessHandle,
__out_opt PHANDLE  TargetHandle,
__in ACCESS_MASK  DesiredAccess,
__in ULONG  HandleAttributes,
__in ULONG  Options,
__in KPROCESSOR_MODE  AccessMode 
)

Re-opens an object.

Parameters
SourceProcessHandleA handle to the source process from which the object will be referenced.
SourceHandleThe source handle, present in SourceProcess.
TargetProcessHandleA handle to the target process to which the object handle will be duplicated.
TargetHandleA variable which receives the new handle.
DesiredAccessThe desired access to the object for the new handle.
HandleAttributesThe attributes of the new handle.
OptionsA combination of the following:
  • DUPLICATE_CLOSE_SOURCE The handle will be closed in the source process instead of being duplicated to the target process. The TargetProcess and TargetHandle parameters are ignored.
  • DUPLICATE_SAME_ACCESS The new handle will have the same granted access as the existing handle.
  • DUPLICATE_SAME_ATTRIBUTES The new handle will have the same attributes as the existing handle.
AccessModeThe mode in which access checks will be performed.

Definition at line 1487 of file object.c.

NTSTATUS KpiEnumerateProcessHandles ( __in HANDLE  ProcessHandle,
__out_bcount(BufferLength) PVOID  Buffer,
__in_opt ULONG  BufferLength,
__out_opt PULONG  ReturnLength,
__in KPROCESSOR_MODE  AccessMode 
)

Enumerates the handles of a process.

Parameters
ProcessHandleA handle to a process.
BufferThe buffer in which the handle information will be stored.
BufferLengthThe number of bytes available in Buffer.
ReturnLengthA variable which receives the number of bytes required to be available in Buffer.
AccessModeThe mode in which to perform access checks.

Definition at line 285 of file object.c.

NTSTATUS KpiQueryInformationObject ( __in HANDLE  ProcessHandle,
__in HANDLE  Handle,
__in KPH_OBJECT_INFORMATION_CLASS  ObjectInformationClass,
__out_bcount(ObjectInformationLength) PVOID  ObjectInformation,
__in ULONG  ObjectInformationLength,
__out_opt PULONG  ReturnLength,
__in KPROCESSOR_MODE  AccessMode 
)

Queries object information.

Parameters
ProcessHandleA handle to a process.
HandleA handle which is present in the process referenced by ProcessHandle.
ObjectInformationClassThe type of information to retrieve.
ObjectInformationThe buffer in which the information will be stored.
ObjectInformationLengthThe number of bytes available in ObjectInformation.
ReturnLengthA variable which receives the number of bytes required to be available in ObjectInformation.
AccessModeThe mode in which to perform access checks.

Definition at line 637 of file object.c.

NTSTATUS KpiSetInformationObject ( __in HANDLE  ProcessHandle,
__in HANDLE  Handle,
__in KPH_OBJECT_INFORMATION_CLASS  ObjectInformationClass,
__in_bcount(ObjectInformationLength) PVOID  ObjectInformation,
__in ULONG  ObjectInformationLength,
__in KPROCESSOR_MODE  AccessMode 
)

Sets object information.

Parameters
ProcessHandleA handle to a process.
HandleA handle which is present in the process referenced by ProcessHandle.
ObjectInformationClassThe type of information to set.
ObjectInformationA buffer which contains the information to set.
ObjectInformationLengthThe number of bytes present in ObjectInformation.
AccessModeThe mode in which to perform access checks.

Definition at line 1218 of file object.c.