#include <ph.h>
#include <kphuser.h>

Macros
#define	PH_QUERY_HACK_MAX_THREADS 20

#define	QUERY_NORMALLY 0

#define	QUERY_WITH_TIMEOUT 1

#define	QUERY_FAIL 2

Typedefs
typedef struct _PHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT	PHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT

typedef struct _PHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT *	PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT

typedef enum _PHP_QUERY_OBJECT_WORK	PHP_QUERY_OBJECT_WORK

typedef struct _PHP_QUERY_OBJECT_COMMON_CONTEXT	PHP_QUERY_OBJECT_COMMON_CONTEXT

typedef struct _PHP_QUERY_OBJECT_COMMON_CONTEXT *	PPHP_QUERY_OBJECT_COMMON_CONTEXT

Enumerations
enum	_PHP_QUERY_OBJECT_WORK { NtQueryObjectWork, NtQuerySecurityObjectWork, NtSetSecurityObjectWork, KphDuplicateObjectWork }

Functions
PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT	PhpAcquireCallWithTimeoutThread (_In_opt_ PLARGE_INTEGER Timeout)

VOID	PhpReleaseCallWithTimeoutThread (_Inout_ PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT ThreadContext)

NTSTATUS	PhpCallWithTimeout (_Inout_ PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT ThreadContext, _In_ PUSER_THREAD_START_ROUTINE Routine, _In_opt_ PVOID Context, _In_ PLARGE_INTEGER Timeout)

NTSTATUS	PhpCallWithTimeoutThreadStart (_In_ PVOID Parameter)

PPH_GET_CLIENT_ID_NAME	PhSetHandleClientIdFunction (_In_ PPH_GET_CLIENT_ID_NAME GetClientIdName)

NTSTATUS	PhpGetObjectBasicInformation (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _Out_ POBJECT_BASIC_INFORMATION BasicInformation)

NTSTATUS	PhpGetObjectTypeName (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ ULONG ObjectTypeNumber, _Out_ PPH_STRING *TypeName)

NTSTATUS	PhpGetObjectName (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ BOOLEAN WithTimeout, _Out_ PPH_STRING *ObjectName)

PPH_STRING	PhFormatNativeKeyName (_In_ PPH_STRING Name)

NTSTATUS	PhGetSectionFileName (_In_ HANDLE SectionHandle, _Out_ PPH_STRING *FileName)

_Callback_ PPH_STRING	PhStdGetClientIdName (_In_ PCLIENT_ID ClientId)

NTSTATUS	PhpGetBestObjectName (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ PPH_STRING ObjectName, _In_ PPH_STRING TypeName, _Out_ PPH_STRING *BestObjectName)

NTSTATUS	PhGetHandleInformation (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ ULONG ObjectTypeNumber, _Out_opt_ POBJECT_BASIC_INFORMATION BasicInformation, _Out_opt_ PPH_STRING TypeName, _Out_opt_ PPH_STRING ObjectName, _Out_opt_ PPH_STRING *BestObjectName)
	Gets information for a handle.

NTSTATUS	PhGetHandleInformationEx (_In_ HANDLE ProcessHandle, _In_ HANDLE Handle, _In_ ULONG ObjectTypeNumber, _Reserved_ ULONG Flags, _Out_opt_ PNTSTATUS SubStatus, _Out_opt_ POBJECT_BASIC_INFORMATION BasicInformation, _Out_opt_ PPH_STRING TypeName, _Out_opt_ PPH_STRING ObjectName, _Out_opt_ PPH_STRING BestObjectName, _Reserved_ PVOID ExtraInformation)
	Gets information for a handle.

NTSTATUS	PhEnumObjectTypes (_Out_ POBJECT_TYPES_INFORMATION *ObjectTypes)

ULONG	PhGetObjectTypeNumber (_In_ PUNICODE_STRING TypeName)

NTSTATUS	PhCallWithTimeout (_In_ PUSER_THREAD_START_ROUTINE Routine, _In_opt_ PVOID Context, _In_opt_ PLARGE_INTEGER AcquireTimeout, _In_ PLARGE_INTEGER CallTimeout)

NTSTATUS	PhpCommonQueryObjectRoutine (_In_ PVOID Parameter)

NTSTATUS	PhpCommonQueryObjectWithTimeout (_In_ PPHP_QUERY_OBJECT_COMMON_CONTEXT Context)

NTSTATUS	PhCallNtQueryObjectWithTimeout (_In_ HANDLE Handle, _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass, _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation, _In_ ULONG ObjectInformationLength, _Out_opt_ PULONG ReturnLength)

NTSTATUS	PhCallNtQuerySecurityObjectWithTimeout (_In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor, _In_ ULONG Length, _Out_ PULONG LengthNeeded)

NTSTATUS	PhCallNtSetSecurityObjectWithTimeout (_In_ HANDLE Handle, _In_ SECURITY_INFORMATION SecurityInformation, _In_ PSECURITY_DESCRIPTOR SecurityDescriptor)

NTSTATUS	PhCallKphDuplicateObjectWithTimeout (_In_ HANDLE SourceProcessHandle, _In_ HANDLE SourceHandle, _In_opt_ HANDLE TargetProcessHandle, _Out_opt_ PHANDLE TargetHandle, _In_ ACCESS_MASK DesiredAccess, _In_ ULONG HandleAttributes, _In_ ULONG Options)

Macro Definition Documentation

#define PH_QUERY_HACK_MAX_THREADS 20

Definition at line 26 of file hndlinfo.c.

#define QUERY_FAIL 2

#define QUERY_NORMALLY 0

#define QUERY_WITH_TIMEOUT 1

Typedef Documentation

typedef struct _PHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT PHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT

typedef struct _PHP_QUERY_OBJECT_COMMON_CONTEXT PHP_QUERY_OBJECT_COMMON_CONTEXT

typedef enum _PHP_QUERY_OBJECT_WORK PHP_QUERY_OBJECT_WORK

typedef struct _PHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT * PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT

typedef struct _PHP_QUERY_OBJECT_COMMON_CONTEXT * PPHP_QUERY_OBJECT_COMMON_CONTEXT

Enumeration Type Documentation

enum _PHP_QUERY_OBJECT_WORK

Enumerator:

NtQueryObjectWork
NtQuerySecurityObjectWork
NtSetSecurityObjectWork
KphDuplicateObjectWork

Definition at line 40 of file hndlinfo.c.

Function Documentation

NTSTATUS PhCallKphDuplicateObjectWithTimeout	(	_In_ HANDLE	SourceProcessHandle,
		_In_ HANDLE	SourceHandle,
		_In_opt_ HANDLE	TargetProcessHandle,
		_Out_opt_ PHANDLE	TargetHandle,
		_In_ ACCESS_MASK	DesiredAccess,
		_In_ ULONG	HandleAttributes,
		_In_ ULONG	Options
	)

Definition at line 1801 of file hndlinfo.c.

NTSTATUS PhCallNtQueryObjectWithTimeout	(	_In_ HANDLE	Handle,
		_In_ OBJECT_INFORMATION_CLASS	ObjectInformationClass,
		_Out_writes_bytes_opt_(ObjectInformationLength) PVOID	ObjectInformation,
		_In_ ULONG	ObjectInformationLength,
		_Out_opt_ PULONG	ReturnLength
	)

Definition at line 1739 of file hndlinfo.c.

NTSTATUS PhCallNtQuerySecurityObjectWithTimeout	(	_In_ HANDLE	Handle,
		_In_ SECURITY_INFORMATION	SecurityInformation,
		_Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR	SecurityDescriptor,
		_In_ ULONG	Length,
		_Out_ PULONG	LengthNeeded
	)

Definition at line 1761 of file hndlinfo.c.

NTSTATUS PhCallNtSetSecurityObjectWithTimeout	(	_In_ HANDLE	Handle,
		_In_ SECURITY_INFORMATION	SecurityInformation,
		_In_ PSECURITY_DESCRIPTOR	SecurityDescriptor
	)

Definition at line 1783 of file hndlinfo.c.

NTSTATUS PhCallWithTimeout	(	_In_ PUSER_THREAD_START_ROUTINE	Routine,
		_In_opt_ PVOID	Context,
		_In_opt_ PLARGE_INTEGER	AcquireTimeout,
		_In_ PLARGE_INTEGER	CallTimeout
	)

Definition at line 1646 of file hndlinfo.c.

NTSTATUS PhEnumObjectTypes ( _Out_ POBJECT_TYPES_INFORMATION * ObjectTypes )

Definition at line 1415 of file hndlinfo.c.

PPH_STRING PhFormatNativeKeyName ( _In_ PPH_STRING Name )

Definition at line 361 of file hndlinfo.c.

NTSTATUS PhGetHandleInformation	(	_In_ HANDLE	ProcessHandle,
		_In_ HANDLE	Handle,
		_In_ ULONG	ObjectTypeNumber,
		_Out_opt_ POBJECT_BASIC_INFORMATION	BasicInformation,
		_Out_opt_ PPH_STRING *	TypeName,
		_Out_opt_ PPH_STRING *	ObjectName,
		_Out_opt_ PPH_STRING *	BestObjectName
	)

Gets information for a handle.

Parameters

ProcessHandle	A handle to the process in which the handle resides.
Handle	The handle value.
ObjectTypeNumber	The object type number of the handle. You can specify -1 for this parameter if the object type number is not known.
BasicInformation	A variable which receives basic information about the object.
TypeName	A variable which receives the object type name.
ObjectName	A variable which receives the object name.
BestObjectName	A variable which receives the formatted object name.

Return values

STATUS_INVALID_HANDLE	The handle specified in `ProcessHandle` or `Handle` is invalid.
STATUS_INVALID_PARAMETER_3	The value specified in `ObjectTypeNumber` is invalid.

Definition at line 1155 of file hndlinfo.c.

NTSTATUS PhGetHandleInformationEx	(	_In_ HANDLE	ProcessHandle,
		_In_ HANDLE	Handle,
		_In_ ULONG	ObjectTypeNumber,
		_Reserved_ ULONG	Flags,
		_Out_opt_ PNTSTATUS	SubStatus,
		_Out_opt_ POBJECT_BASIC_INFORMATION	BasicInformation,
		_Out_opt_ PPH_STRING *	TypeName,
		_Out_opt_ PPH_STRING *	ObjectName,
		_Out_opt_ PPH_STRING *	BestObjectName,
		_Reserved_ PVOID *	ExtraInformation
	)

Gets information for a handle.

Parameters

ProcessHandle	A handle to the process in which the handle resides.
Handle	The handle value.
ObjectTypeNumber	The object type number of the handle. You can specify -1 for this parameter if the object type number is not known.
Flags	Reserved.
SubStatus	A variable which receives the NTSTATUS value of the last component that fails. If all operations succeed, the value will be STATUS_SUCCESS. If the function returns an error status, this variable is not set.
BasicInformation	A variable which receives basic information about the object.
TypeName	A variable which receives the object type name.
ObjectName	A variable which receives the object name.
BestObjectName	A variable which receives the formatted object name.
ExtraInformation	Reserved.

Return values

STATUS_INVALID_HANDLE	The handle specified in `ProcessHandle` or `Handle` is invalid.
STATUS_INVALID_PARAMETER_3	The value specified in `ObjectTypeNumber` is invalid.

Remarks: If BasicInformation or TypeName are specified, the function will fail if either cannot be queried. ObjectName, BestObjectName and ExtraInformation will return NULL if they cannot be queried.

Definition at line 1232 of file hndlinfo.c.

ULONG PhGetObjectTypeNumber ( _In_ PUNICODE_STRING TypeName )

Definition at line 1455 of file hndlinfo.c.

NTSTATUS PhGetSectionFileName	(	_In_ HANDLE	SectionHandle,
		_Out_ PPH_STRING *	FileName
	)

Definition at line 453 of file hndlinfo.c.

PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT PhpAcquireCallWithTimeoutThread ( _In_opt_ PLARGE_INTEGER Timeout )

Definition at line 1488 of file hndlinfo.c.

NTSTATUS PhpCallWithTimeout	(	_Inout_ PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT	ThreadContext,
		_In_ PUSER_THREAD_START_ROUTINE	Routine,
		_In_opt_ PVOID	Context,
		_In_ PLARGE_INTEGER	Timeout
	)

Definition at line 1549 of file hndlinfo.c.

NTSTATUS PhpCallWithTimeoutThreadStart ( _In_ PVOID Parameter )

Definition at line 1624 of file hndlinfo.c.

NTSTATUS PhpCommonQueryObjectRoutine ( _In_ PVOID Parameter )

Definition at line 1669 of file hndlinfo.c.

NTSTATUS PhpCommonQueryObjectWithTimeout ( _In_ PPHP_QUERY_OBJECT_COMMON_CONTEXT Context )

Definition at line 1721 of file hndlinfo.c.

NTSTATUS PhpGetBestObjectName	(	_In_ HANDLE	ProcessHandle,
		_In_ HANDLE	Handle,
		_In_ PPH_STRING	ObjectName,
		_In_ PPH_STRING	TypeName,
		_Out_ PPH_STRING *	BestObjectName
	)

Definition at line 581 of file hndlinfo.c.

NTSTATUS PhpGetObjectBasicInformation	(	_In_ HANDLE	ProcessHandle,
		_In_ HANDLE	Handle,
		_Out_ POBJECT_BASIC_INFORMATION	BasicInformation
	)

Definition at line 125 of file hndlinfo.c.

NTSTATUS PhpGetObjectName	(	_In_ HANDLE	ProcessHandle,
		_In_ HANDLE	Handle,
		_In_ BOOLEAN	WithTimeout,
		_Out_ PPH_STRING *	ObjectName
	)

Definition at line 286 of file hndlinfo.c.

NTSTATUS PhpGetObjectTypeName	(	_In_ HANDLE	ProcessHandle,
		_In_ HANDLE	Handle,
		_In_ ULONG	ObjectTypeNumber,
		_Out_ PPH_STRING *	TypeName
	)

Definition at line 175 of file hndlinfo.c.

VOID PhpReleaseCallWithTimeoutThread ( _Inout_ PPHP_CALL_WITH_TIMEOUT_THREAD_CONTEXT ThreadContext )

Definition at line 1541 of file hndlinfo.c.

PPH_GET_CLIENT_ID_NAME PhSetHandleClientIdFunction ( _In_ PPH_GET_CLIENT_ID_NAME GetClientIdName )

Definition at line 115 of file hndlinfo.c.

_Callback_ PPH_STRING PhStdGetClientIdName ( _In_ PCLIENT_ID ClientId )

Definition at line 487 of file hndlinfo.c.

Macros

Typedefs

Enumerations

Functions

Macro Definition Documentation

Typedef Documentation

Enumeration Type Documentation

Function Documentation