- Generated by
1.8.2
|
Process Hacker
|
Go to the source code of this file.
Data Structures | |
| struct | _HANDLE_TABLE_ENTRY |
| struct | _OBJECT_HEADER |
Macros | |
| #define | OBJ_PROTECT_CLOSE 0x00000001 |
| #define | OBJ_HANDLE_ATTRIBUTES (OBJ_PROTECT_CLOSE | OBJ_INHERIT | OBJ_AUDIT_OBJECT_CLOSE) |
| #define | ObpAccessProtectCloseBit 0x2000000 |
| #define | ObpDecodeGrantedAccess(Access) ((Access) & ~ObpAccessProtectCloseBit) |
| #define | OBJECT_TO_OBJECT_HEADER(Object) CONTAINING_RECORD((Object), OBJECT_HEADER, Body) |
| #define | MAX_STACK_DEPTH 64 |
| #define | RTL_WALK_USER_MODE_STACK 0x00000001 |
| #define | RTL_WALK_VALID_FLAGS 0x00000001 |
Typedefs | |
| typedef enum _KAPC_ENVIRONMENT | KAPC_ENVIRONMENT |
| typedef enum _KAPC_ENVIRONMENT * | PKAPC_ENVIRONMENT |
| typedef VOID(NTAPI * | PKNORMAL_ROUTINE )(__in PVOID NormalContext, __in PVOID SystemArgument1, __in PVOID SystemArgument2) |
| typedef VOID | KKERNEL_ROUTINE (__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2) |
| typedef VOID(NTAPI * | PKRUNDOWN_ROUTINE )(__in PRKAPC Apc) |
| typedef struct _EX_PUSH_LOCK_WAIT_BLOCK * | PEX_PUSH_LOCK_WAIT_BLOCK |
| typedef VOID(FASTCALL * | _ExfUnblockPushLock )(__inout PEX_PUSH_LOCK PushLock, __inout_opt PEX_PUSH_LOCK_WAIT_BLOCK WaitBlock) |
| typedef struct _HANDLE_TABLE_ENTRY | HANDLE_TABLE_ENTRY |
| typedef struct _HANDLE_TABLE_ENTRY * | PHANDLE_TABLE_ENTRY |
| typedef struct _HANDLE_TABLE | HANDLE_TABLE |
| typedef struct _HANDLE_TABLE * | PHANDLE_TABLE |
| typedef BOOLEAN(NTAPI * | PEX_ENUM_HANDLE_CALLBACK_61 )(__inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context) |
| typedef BOOLEAN(NTAPI * | PEX_ENUM_HANDLE_CALLBACK )(__in PHANDLE_TABLE HandleTable, __inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context) |
| typedef struct _OBJECT_CREATE_INFORMATION | OBJECT_CREATE_INFORMATION |
| typedef struct _OBJECT_CREATE_INFORMATION * | POBJECT_CREATE_INFORMATION |
| typedef struct _OBJECT_HEADER | OBJECT_HEADER |
| typedef struct _OBJECT_HEADER * | POBJECT_HEADER |
| typedef POBJECT_TYPE(NTAPI * | _ObGetObjectType )(__in PVOID Object) |
| typedef NTSTATUS(NTAPI * | _PsAcquireProcessExitSynchronization )(__in PEPROCESS Process) |
| typedef NTSTATUS(NTAPI * | _PsReleaseProcessExitSynchronization )(__in PEPROCESS Process) |
| typedef NTSTATUS(NTAPI * | _PsSuspendProcess )(__in PEPROCESS Process) |
| typedef NTSTATUS(NTAPI * | _PsResumeProcess )(__in PEPROCESS Process) |
| typedef BOOLEAN(NTAPI * | _PsIsProtectedProcess )(__in PEPROCESS Process) |
| typedef struct _EJOB * | PEJOB |
Enumerations | |
| enum | _KAPC_ENVIRONMENT { OriginalApcEnvironment, AttachedApcEnvironment, CurrentApcEnvironment, InsertApcEnvironment } |
Functions | |
| typedef | KKERNEL_ROUTINE (NTAPI *PKKERNEL_ROUTINE) |
| NTKERNELAPI VOID NTAPI | KeInitializeApc (__out PRKAPC Apc, __in PRKTHREAD Thread, __in KAPC_ENVIRONMENT Environment, __in PKKERNEL_ROUTINE KernelRoutine, __in_opt PKRUNDOWN_ROUTINE RundownRoutine, __in_opt PKNORMAL_ROUTINE NormalRoutine, __in_opt KPROCESSOR_MODE ProcessorMode, __in_opt PVOID NormalContext) |
| NTKERNELAPI BOOLEAN NTAPI | KeInsertQueueApc (__inout PRKAPC Apc, __in_opt PVOID SystemArgument1, __in_opt PVOID SystemArgument2, __in KPRIORITY Increment) |
| NTKERNELAPI BOOLEAN NTAPI | ExEnumHandleTable (__in PHANDLE_TABLE HandleTable, __in PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, __inout PVOID Context, __out_opt PHANDLE Handle) |
| NTSYSCALLAPI NTSTATUS NTAPI | ZwQuerySystemInformation (__in SYSTEM_INFORMATION_CLASS SystemInformationClass, __out_bcount_opt(SystemInformationLength) PVOID SystemInformation, __in ULONG SystemInformationLength, __out_opt PULONG ReturnLength) |
| FORCEINLINE PVOID | ObpDecodeObject (PVOID Object) |
| FORCEINLINE ULONG | ObpGetHandleAttributes (PHANDLE_TABLE_ENTRY HandleTableEntry) |
| NTKERNELAPI NTSTATUS NTAPI | ObOpenObjectByName (__in POBJECT_ATTRIBUTES ObjectAttributes, __in POBJECT_TYPE ObjectType, __in KPROCESSOR_MODE PreviousMode, __in_opt PACCESS_STATE AccessState, __in_opt ACCESS_MASK DesiredAccess, __in PVOID ParseContext, __out PHANDLE Handle) |
| NTKERNELAPI NTSTATUS NTAPI | ObSetHandleAttributes (__in HANDLE Handle, __in POBJECT_HANDLE_FLAG_INFORMATION HandleFlags, __in KPROCESSOR_MODE PreviousMode) |
| NTKERNELAPI NTSTATUS | ObCloseHandle (__in HANDLE Handle, __in KPROCESSOR_MODE PreviousMode) |
| NTSYSCALLAPI NTSTATUS NTAPI | ZwQueryInformationProcess (__in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __out_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength, __out_opt PULONG ReturnLength) |
| NTSYSCALLAPI NTSTATUS NTAPI | ZwSetInformationProcess (__in HANDLE ProcessHandle, __in PROCESSINFOCLASS ProcessInformationClass, __in_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength) |
| NTSYSCALLAPI NTSTATUS NTAPI | ZwQueryInformationThread (__in HANDLE ThreadHandle, __in THREADINFOCLASS ThreadInformationClass, __out_bcount(ThreadInformationLength) PVOID ThreadInformation, __in ULONG ThreadInformationLength, __out_opt PULONG ReturnLength) |
| NTKERNELAPI NTSTATUS NTAPI | PsLookupProcessThreadByCid (__in PCLIENT_ID ClientId, __out_opt PEPROCESS *Process, __out PETHREAD *Thread) |
| NTKERNELAPI PVOID NTAPI | PsGetThreadWin32Thread (__in PETHREAD Thread) |
| NTKERNELAPI NTSTATUS NTAPI | PsGetContextThread (__in PETHREAD Thread, __inout PCONTEXT ThreadContext, __in KPROCESSOR_MODE PreviousMode) |
| NTKERNELAPI NTSTATUS NTAPI | PsSetContextThread (__in PETHREAD Thread, __in PCONTEXT ThreadContext, __in KPROCESSOR_MODE PreviousMode) |
| NTKERNELAPI PEJOB NTAPI | PsGetProcessJob (__in PEPROCESS Process) |
| NTSYSAPI ULONG NTAPI | RtlWalkFrameChain (__out PVOID *Callers, __in ULONG Count, __in ULONG Flags) |
Variables | |
| ULONG | KphDynNtVersion |
| ULONG | KphDynObDecodeShift |
| ULONG | KphDynObAttributesShift |
| POBJECT_TYPE * | IoDriverObjectType |
| POBJECT_TYPE * | PsJobType |
| #define OBJ_HANDLE_ATTRIBUTES (OBJ_PROTECT_CLOSE | OBJ_INHERIT | OBJ_AUDIT_OBJECT_CLOSE) |
| #define OBJECT_TO_OBJECT_HEADER | ( | Object | ) | CONTAINING_RECORD((Object), OBJECT_HEADER, Body) |
| #define ObpDecodeGrantedAccess | ( | Access | ) | ((Access) & ~ObpAccessProtectCloseBit) |
| typedef VOID(FASTCALL * _ExfUnblockPushLock)(__inout PEX_PUSH_LOCK PushLock, __inout_opt PEX_PUSH_LOCK_WAIT_BLOCK WaitBlock) |
| typedef POBJECT_TYPE(NTAPI * _ObGetObjectType)(__in PVOID Object) |
| typedef NTSTATUS(NTAPI * _PsAcquireProcessExitSynchronization)(__in PEPROCESS Process) |
| typedef BOOLEAN(NTAPI * _PsIsProtectedProcess)(__in PEPROCESS Process) |
| typedef NTSTATUS(NTAPI * _PsReleaseProcessExitSynchronization)(__in PEPROCESS Process) |
| typedef NTSTATUS(NTAPI * _PsResumeProcess)(__in PEPROCESS Process) |
| typedef NTSTATUS(NTAPI * _PsSuspendProcess)(__in PEPROCESS Process) |
| typedef struct _HANDLE_TABLE HANDLE_TABLE |
| typedef struct _HANDLE_TABLE_ENTRY HANDLE_TABLE_ENTRY |
| typedef enum _KAPC_ENVIRONMENT KAPC_ENVIRONMENT |
| typedef VOID KKERNEL_ROUTINE(__in PRKAPC Apc, __inout PKNORMAL_ROUTINE *NormalRoutine, __inout PVOID *NormalContext, __inout PVOID *SystemArgument1, __inout PVOID *SystemArgument2) |
| typedef struct _OBJECT_CREATE_INFORMATION OBJECT_CREATE_INFORMATION |
| typedef struct _OBJECT_HEADER OBJECT_HEADER |
| typedef BOOLEAN(NTAPI * PEX_ENUM_HANDLE_CALLBACK)(__in PHANDLE_TABLE HandleTable, __inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context) |
| typedef BOOLEAN(NTAPI * PEX_ENUM_HANDLE_CALLBACK_61)(__inout PHANDLE_TABLE_ENTRY HandleTableEntry, __in HANDLE Handle, __in PVOID Context) |
| typedef struct _EX_PUSH_LOCK_WAIT_BLOCK* PEX_PUSH_LOCK_WAIT_BLOCK |
| typedef struct _HANDLE_TABLE * PHANDLE_TABLE |
| typedef struct _HANDLE_TABLE_ENTRY * PHANDLE_TABLE_ENTRY |
| typedef enum _KAPC_ENVIRONMENT * PKAPC_ENVIRONMENT |
| typedef VOID(NTAPI * PKNORMAL_ROUTINE)(__in PVOID NormalContext, __in PVOID SystemArgument1, __in PVOID SystemArgument2) |
| typedef struct _OBJECT_CREATE_INFORMATION * POBJECT_CREATE_INFORMATION |
| typedef struct _OBJECT_HEADER * POBJECT_HEADER |
| enum _KAPC_ENVIRONMENT |
| NTKERNELAPI BOOLEAN NTAPI ExEnumHandleTable | ( | __in PHANDLE_TABLE | HandleTable, |
| __in PEX_ENUM_HANDLE_CALLBACK | EnumHandleProcedure, | ||
| __inout PVOID | Context, | ||
| __out_opt PHANDLE | Handle | ||
| ) |
| NTKERNELAPI VOID NTAPI KeInitializeApc | ( | __out PRKAPC | Apc, |
| __in PRKTHREAD | Thread, | ||
| __in KAPC_ENVIRONMENT | Environment, | ||
| __in PKKERNEL_ROUTINE | KernelRoutine, | ||
| __in_opt PKRUNDOWN_ROUTINE | RundownRoutine, | ||
| __in_opt PKNORMAL_ROUTINE | NormalRoutine, | ||
| __in_opt KPROCESSOR_MODE | ProcessorMode, | ||
| __in_opt PVOID | NormalContext | ||
| ) |
| NTKERNELAPI BOOLEAN NTAPI KeInsertQueueApc | ( | __inout PRKAPC | Apc, |
| __in_opt PVOID | SystemArgument1, | ||
| __in_opt PVOID | SystemArgument2, | ||
| __in KPRIORITY | Increment | ||
| ) |
| typedef KKERNEL_ROUTINE | ( | NTAPI * | PKKERNEL_ROUTINE | ) |
| NTKERNELAPI NTSTATUS ObCloseHandle | ( | __in HANDLE | Handle, |
| __in KPROCESSOR_MODE | PreviousMode | ||
| ) |
| NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByName | ( | __in POBJECT_ATTRIBUTES | ObjectAttributes, |
| __in POBJECT_TYPE | ObjectType, | ||
| __in KPROCESSOR_MODE | PreviousMode, | ||
| __in_opt PACCESS_STATE | AccessState, | ||
| __in_opt ACCESS_MASK | DesiredAccess, | ||
| __in PVOID | ParseContext, | ||
| __out PHANDLE | Handle | ||
| ) |
| FORCEINLINE ULONG ObpGetHandleAttributes | ( | PHANDLE_TABLE_ENTRY | HandleTableEntry | ) |
| NTKERNELAPI NTSTATUS NTAPI ObSetHandleAttributes | ( | __in HANDLE | Handle, |
| __in POBJECT_HANDLE_FLAG_INFORMATION | HandleFlags, | ||
| __in KPROCESSOR_MODE | PreviousMode | ||
| ) |
| NTKERNELAPI NTSTATUS NTAPI PsGetContextThread | ( | __in PETHREAD | Thread, |
| __inout PCONTEXT | ThreadContext, | ||
| __in KPROCESSOR_MODE | PreviousMode | ||
| ) |
| NTKERNELAPI PEJOB NTAPI PsGetProcessJob | ( | __in PEPROCESS | Process | ) |
| NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread | ( | __in PETHREAD | Thread | ) |
| NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid | ( | __in PCLIENT_ID | ClientId, |
| __out_opt PEPROCESS * | Process, | ||
| __out PETHREAD * | Thread | ||
| ) |
| NTKERNELAPI NTSTATUS NTAPI PsSetContextThread | ( | __in PETHREAD | Thread, |
| __in PCONTEXT | ThreadContext, | ||
| __in KPROCESSOR_MODE | PreviousMode | ||
| ) |
| NTSYSAPI ULONG NTAPI RtlWalkFrameChain | ( | __out PVOID * | Callers, |
| __in ULONG | Count, | ||
| __in ULONG | Flags | ||
| ) |
| NTSYSCALLAPI NTSTATUS NTAPI ZwQueryInformationProcess | ( | __in HANDLE | ProcessHandle, |
| __in PROCESSINFOCLASS | ProcessInformationClass, | ||
| __out_bcount(ProcessInformationLength) PVOID | ProcessInformation, | ||
| __in ULONG | ProcessInformationLength, | ||
| __out_opt PULONG | ReturnLength | ||
| ) |
| NTSYSCALLAPI NTSTATUS NTAPI ZwQueryInformationThread | ( | __in HANDLE | ThreadHandle, |
| __in THREADINFOCLASS | ThreadInformationClass, | ||
| __out_bcount(ThreadInformationLength) PVOID | ThreadInformation, | ||
| __in ULONG | ThreadInformationLength, | ||
| __out_opt PULONG | ReturnLength | ||
| ) |
| NTSYSCALLAPI NTSTATUS NTAPI ZwQuerySystemInformation | ( | __in SYSTEM_INFORMATION_CLASS | SystemInformationClass, |
| __out_bcount_opt(SystemInformationLength) PVOID | SystemInformation, | ||
| __in ULONG | SystemInformationLength, | ||
| __out_opt PULONG | ReturnLength | ||
| ) |
| NTSYSCALLAPI NTSTATUS NTAPI ZwSetInformationProcess | ( | __in HANDLE | ProcessHandle, |
| __in PROCESSINFOCLASS | ProcessInformationClass, | ||
| __in_bcount(ProcessInformationLength) PVOID | ProcessInformation, | ||
| __in ULONG | ProcessInformationLength | ||
| ) |
| POBJECT_TYPE* IoDriverObjectType |
| ULONG KphDynObAttributesShift |
| ULONG KphDynObDecodeShift |
| POBJECT_TYPE* PsJobType |
1.8.2