process.c File Reference

#include <kph.h>
#include <dyndata.h>

Go to the source code of this file.

Functions
NTSTATUS	KpiOpenProcess (__out PHANDLE ProcessHandle, __in ACCESS_MASK DesiredAccess, __in PCLIENT_ID ClientId, __in KPROCESSOR_MODE AccessMode)
	Opens a process.
NTSTATUS	KpiOpenProcessToken (__in HANDLE ProcessHandle, __in ACCESS_MASK DesiredAccess, __out PHANDLE TokenHandle, __in KPROCESSOR_MODE AccessMode)
	Opens the token of a process.
NTSTATUS	KpiOpenProcessJob (__in HANDLE ProcessHandle, __in ACCESS_MASK DesiredAccess, __out PHANDLE JobHandle, __in KPROCESSOR_MODE AccessMode)
	Opens the job object of a process.
NTSTATUS	KpiSuspendProcess (__in HANDLE ProcessHandle, __in KPROCESSOR_MODE AccessMode)
	Suspends a process.
NTSTATUS	KpiResumeProcess (__in HANDLE ProcessHandle, __in KPROCESSOR_MODE AccessMode)
	Resumes a process.
NTSTATUS	KphTerminateProcessInternal (__in PEPROCESS Process, __in NTSTATUS ExitStatus)
	Terminates a process using PsTerminateProcess.
NTSTATUS	KpiTerminateProcess (__in HANDLE ProcessHandle, __in NTSTATUS ExitStatus, __in KPROCESSOR_MODE AccessMode)
	Terminates a process using PsTerminateProcess.
NTSTATUS	KpiQueryInformationProcess (__in HANDLE ProcessHandle, __in KPH_PROCESS_INFORMATION_CLASS ProcessInformationClass, __out_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength, __out_opt PULONG ReturnLength, __in KPROCESSOR_MODE AccessMode)
	Queries process information.
NTSTATUS	KpiSetInformationProcess (__in HANDLE ProcessHandle, __in KPH_PROCESS_INFORMATION_CLASS ProcessInformationClass, __in_bcount(ProcessInformationLength) PVOID ProcessInformation, __in ULONG ProcessInformationLength, __in KPROCESSOR_MODE AccessMode)
	Sets process information.
BOOLEAN	KphAcquireProcessRundownProtection (__in PEPROCESS Process)
	Prevents a process from terminating.
VOID	KphReleaseProcessRundownProtection (__in PEPROCESS Process)
	Allows a process to terminate.

Function Documentation

BOOLEAN KphAcquireProcessRundownProtection

(

__in PEPROCESS

Process

)

Prevents a process from terminating.

Parameters

Process

A process object.

Returns

TRUE if the function succeeded, FALSE if the process is currently terminating or the request is not supported.

Definition at line 904 of file process.c.

VOID KphReleaseProcessRundownProtection

(

__in PEPROCESS

Process

)

Allows a process to terminate.

Parameters

Process

A process object.

Definition at line 927 of file process.c.

NTSTATUS KphTerminateProcessInternal	(	__in PEPROCESS	Process,
		__in NTSTATUS	ExitStatus
	)

Terminates a process using PsTerminateProcess.

Parameters

Process	A process object.
ExitStatus	A status value which indicates why the process is being terminated.

Definition at line 386 of file process.c.

NTSTATUS KpiOpenProcess	(	__out PHANDLE	ProcessHandle,
		__in ACCESS_MASK	DesiredAccess,
		__in PCLIENT_ID	ClientId,
		__in KPROCESSOR_MODE	AccessMode
	)

Opens a process.

Parameters

ProcessHandle	A variable which receives the process handle.
DesiredAccess	The desired access to the process.
ClientId	The identifier of a process or thread. If UniqueThread is present, the process of the identified thread will be opened. If UniqueProcess is present, the identified process will be opened.
AccessMode	The mode in which to perform access checks.

Definition at line 47 of file process.c.

NTSTATUS KpiOpenProcessJob	(	__in HANDLE	ProcessHandle,
		__in ACCESS_MASK	DesiredAccess,
		__out PHANDLE	JobHandle,
		__in KPROCESSOR_MODE	AccessMode
	)

Opens the job object of a process.

Parameters

ProcessHandle	A handle to a process.
DesiredAccess	The desired access to the token.
JobHandle	A variable which receives the job object handle.
AccessMode	The mode in which to perform access checks.

Definition at line 224 of file process.c.

NTSTATUS KpiOpenProcessToken	(	__in HANDLE	ProcessHandle,
		__in ACCESS_MASK	DesiredAccess,
		__out PHANDLE	TokenHandle,
		__in KPROCESSOR_MODE	AccessMode
	)

Opens the token of a process.

Parameters

ProcessHandle	A handle to a process.
DesiredAccess	The desired access to the token.
TokenHandle	A variable which receives the token handle.
AccessMode	The mode in which to perform access checks.

Definition at line 141 of file process.c.

NTSTATUS KpiQueryInformationProcess	(	__in HANDLE	ProcessHandle,
		__in KPH_PROCESS_INFORMATION_CLASS	ProcessInformationClass,
		__out_bcount(ProcessInformationLength) PVOID	ProcessInformation,
		__in ULONG	ProcessInformationLength,
		__out_opt PULONG	ReturnLength,
		__in KPROCESSOR_MODE	AccessMode
	)

Queries process information.

Parameters

ProcessHandle	A handle to a process.
ProcessInformationClass	The type of information to query.
ProcessInformation	The buffer in which the information will be stored.
ProcessInformationLength	The number of bytes available in ProcessInformation.
ReturnLength	A variable which receives the number of bytes required to be available in ProcessInformation.
AccessMode	The mode in which to perform access checks.

Definition at line 537 of file process.c.

NTSTATUS KpiResumeProcess	(	__in HANDLE	ProcessHandle,
		__in KPROCESSOR_MODE	AccessMode
	)

Resumes a process.

Parameters

ProcessHandle	A handle to a process.
AccessMode	The mode in which to perform access checks.

Definition at line 348 of file process.c.

NTSTATUS KpiSetInformationProcess	(	__in HANDLE	ProcessHandle,
		__in KPH_PROCESS_INFORMATION_CLASS	ProcessInformationClass,
		__in_bcount(ProcessInformationLength) PVOID	ProcessInformation,
		__in ULONG	ProcessInformationLength,
		__in KPROCESSOR_MODE	AccessMode
	)

Sets process information.

Parameters

ProcessHandle	A handle to a process.
ProcessInformationClass	The type of information to set.
ProcessInformation	A buffer which contains the information to set.
ProcessInformationLength	The number of bytes present in ProcessInformation.
AccessMode	The mode in which to perform access checks.

Definition at line 747 of file process.c.

NTSTATUS KpiSuspendProcess	(	__in HANDLE	ProcessHandle,
		__in KPROCESSOR_MODE	AccessMode
	)

Suspends a process.

Parameters

ProcessHandle	A handle to a process.
AccessMode	The mode in which to perform access checks.

Definition at line 311 of file process.c.

NTSTATUS KpiTerminateProcess	(	__in HANDLE	ProcessHandle,
		__in NTSTATUS	ExitStatus,
		__in KPROCESSOR_MODE	AccessMode
	)

Terminates a process using PsTerminateProcess.

Parameters

ProcessHandle	A handle to a process.
ExitStatus	A status value which indicates why the process is being terminated.
AccessMode	The mode in which to perform access checks.

Definition at line 467 of file process.c.