[ros-diffs] [weiden] 13301: 1. fixed NtCreateProcess to do some buffer checks and moved the implementation to an internal function so it can be shared with PsCreateSystemProcess(). Also don't leak so many resources on failures

1. fixed NtCreateProcess to do some buffer checks and moved the implementation to an internal function so it can be shared with PsCreateSystemProcess(). Also don't leak so many resources on failures 2. processes should acuire a cid handle for their unique process id 3. fixed several instances in structures where process ids were DWORD/ULONG instead of HANDLEs Modified: trunk/reactos/include/csrss/csrss.h Modified: trunk/reactos/include/ddk/psfuncs.h Modified: trunk/reactos/include/ntos/zwtypes.h Modified: trunk/reactos/lib/kernel32/misc/console.c Modified: trunk/reactos/lib/kernel32/process/create.c Modified: trunk/reactos/lib/kernel32/process/proc.c Modified: trunk/reactos/lib/psapi/psapi.c Modified: trunk/reactos/lib/user32/misc/exit.c Modified: trunk/reactos/ntoskrnl/ex/mutant.c Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c Modified: trunk/reactos/ntoskrnl/include/internal/mm.h Modified: trunk/reactos/ntoskrnl/include/internal/ps.h Modified: trunk/reactos/ntoskrnl/ke/profile.c Modified: trunk/reactos/ntoskrnl/mm/anonmem.c Modified: trunk/reactos/ntoskrnl/mm/pageop.c Modified: trunk/reactos/ntoskrnl/mm/rmap.c Modified: trunk/reactos/ntoskrnl/mm/section.c Modified: trunk/reactos/ntoskrnl/ps/cid.c Modified: trunk/reactos/ntoskrnl/ps/process.c Modified: trunk/reactos/subsys/csrss/api/process.c Modified: trunk/reactos/subsys/csrss/api/wapi.c Modified: trunk/reactos/subsys/csrss/include/api.h Modified: trunk/reactos/subsys/csrss/win32csr/conio.c Modified: trunk/reactos/subsys/csrss/win32csr/exitros.c Modified: trunk/reactos/subsys/win32k/ntuser/misc.c Modified: trunk/reactos/w32api/include/ddk/ntapi.h Modified: trunk/reactos/w32api/include/ddk/ntifs.h _____ Modified: trunk/reactos/include/csrss/csrss.h --- trunk/reactos/include/csrss/csrss.h 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/include/csrss/csrss.h 2005-01-26 00:03:05 UTC (rev 13301) @@ -19,7 +19,7 @@ typedef struct { - ULONG NewProcessId; + HANDLE NewProcessId; ULONG Flags; PCONTROLDISPATCHER CtrlDispatcher; } CSRSS_CREATE_PROCESS_REQUEST, *PCSRSS_CREATE_PROCESS_REQUEST; @@ -359,7 +359,7 @@ typedef struct { - DWORD ProcessId; + HANDLE ProcessId; } CSRSS_REGISTER_SERVICES_PROCESS_REQUEST, *PCSRSS_REGISTER_SERVICES_PROCESS_REQUEST; typedef struct @@ -476,7 +476,7 @@ typedef struct { HANDLE Handle; - DWORD ProcessId; + HANDLE ProcessId; } CSRSS_DUPLICATE_HANDLE_REQUEST, *PCSRSS_DUPLICATE_HANDLE_REQUEST; typedef struct @@ -562,7 +562,7 @@ typedef struct { - DWORD ProcessId; + HANDLE ProcessId; BOOL Register; } CSRSS_REGISTER_LOGON_PROCESS_REQUEST, *PCSRSS_REGISTER_LOGON_PROCESS_REQUEST; _____ Modified: trunk/reactos/include/ddk/psfuncs.h --- trunk/reactos/include/ddk/psfuncs.h 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/include/ddk/psfuncs.h 2005-01-26 00:03:05 UTC (rev 13301) @@ -395,7 +395,7 @@ LARGE_INTEGER STDCALL PsGetProcessExitTime(VOID); BOOLEAN STDCALL PsIsThreadTerminating(struct _ETHREAD* Thread); -NTSTATUS STDCALL PsLookupProcessByProcessId(IN PVOID ProcessId, +NTSTATUS STDCALL PsLookupProcessByProcessId(IN HANDLE ProcessId, OUT PEPROCESS *Process); NTSTATUS STDCALL PsLookupProcessThreadByCid(IN PCLIENT_ID Cid, _____ Modified: trunk/reactos/include/ntos/zwtypes.h --- trunk/reactos/include/ntos/zwtypes.h 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/include/ntos/zwtypes.h 2005-01-26 00:03:05 UTC (rev 13301) @@ -684,8 +684,8 @@ PPEB PebBaseAddress; KAFFINITY AffinityMask; KPRIORITY BasePriority; - ULONG UniqueProcessId; - ULONG InheritedFromUniqueProcessId; + HANDLE UniqueProcessId; + HANDLE InheritedFromUniqueProcessId; } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; // Information class 1 @@ -1332,8 +1332,8 @@ LARGE_INTEGER KernelTime; UNICODE_STRING ProcessName; KPRIORITY BasePriority; - ULONG ProcessId; - ULONG InheritedFromProcessId; + HANDLE ProcessId; + HANDLE InheritedFromProcessId; ULONG HandleCount; ULONG Reserved2[2]; VM_COUNTERS VmCounters; @@ -1350,8 +1350,8 @@ LARGE_INTEGER KernelTime; UNICODE_STRING ProcessName; KPRIORITY BasePriority; - ULONG ProcessId; - ULONG InheritedFromProcessId; + HANDLE ProcessId; + HANDLE InheritedFromProcessId; ULONG HandleCount; ULONG Reserved2[2]; VM_COUNTERS VmCounters; _____ Modified: trunk/reactos/lib/kernel32/misc/console.c --- trunk/reactos/lib/kernel32/misc/console.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/lib/kernel32/misc/console.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -206,7 +206,7 @@ Request.Type = CSRSS_DUPLICATE_HANDLE; Request.Data.DuplicateHandleRequest.Handle = hConsole; - Request.Data.DuplicateHandleRequest.ProcessId = GetCurrentProcessId(); + Request.Data.DuplicateHandleRequest.ProcessId = GetTeb()->Cid.UniqueProcess; Status = CsrClientCallServer(&Request, &Reply, sizeof(CSRSS_API_REQUEST), _____ Modified: trunk/reactos/lib/kernel32/process/create.c --- trunk/reactos/lib/kernel32/process/create.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/lib/kernel32/process/create.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -1157,9 +1157,9 @@ &ProcessBasicInfo, sizeof(ProcessBasicInfo), &retlen); - DPRINT("ProcessBasicInfo.UniqueProcessId %d\n", + DPRINT("ProcessBasicInfo.UniqueProcessId 0x%x\n", ProcessBasicInfo.UniqueProcessId); - lpProcessInformation->dwProcessId = ProcessBasicInfo.UniqueProcessId; + lpProcessInformation->dwProcessId = (DWORD)ProcessBasicInfo.UniqueProcessId; /* * Tell the csrss server we are creating a new process _____ Modified: trunk/reactos/lib/kernel32/process/proc.c --- trunk/reactos/lib/kernel32/process/proc.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/lib/kernel32/process/proc.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -324,7 +324,7 @@ return 0; } - return ProcessBasic.UniqueProcessId; + return (DWORD)ProcessBasic.UniqueProcessId; } _____ Modified: trunk/reactos/lib/psapi/psapi.c --- trunk/reactos/lib/psapi/psapi.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/lib/psapi/psapi.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -83,7 +83,7 @@ } /* return current process */ - *Context->lpidProcess = CurrentProcess->ProcessId; + *Context->lpidProcess = (DWORD)CurrentProcess->ProcessId; /* go to next array slot */ Context->lpidProcess++; _____ Modified: trunk/reactos/lib/user32/misc/exit.c --- trunk/reactos/lib/user32/misc/exit.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/lib/user32/misc/exit.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -104,7 +104,7 @@ NTSTATUS Status; Request.Type = CSRSS_REGISTER_SERVICES_PROCESS; - Request.Data.RegisterServicesProcessRequest.ProcessId = ServicesProcessId; + Request.Data.RegisterServicesProcessRequest.ProcessId = (HANDLE)ServicesProcessId; Status = CsrClientCallServer(&Request, &Reply, _____ Modified: trunk/reactos/ntoskrnl/ex/mutant.c --- trunk/reactos/ntoskrnl/ex/mutant.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/ex/mutant.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -196,7 +196,7 @@ KPROCESSOR_MODE PreviousMode; NTSTATUS Status = STATUS_SUCCESS; - DPRINT1("NtOpenMutant(0x%x, 0x%x, 0x%x)\n", MutantHandle, DesiredAccess, ObjectAttributes); + DPRINT("NtOpenMutant(0x%x, 0x%x, 0x%x)\n", MutantHandle, DesiredAccess, ObjectAttributes); PreviousMode = ExGetPreviousMode(); _____ Modified: trunk/reactos/ntoskrnl/ex/sysinfo.c --- trunk/reactos/ntoskrnl/ex/sysinfo.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/ex/sysinfo.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -401,7 +401,7 @@ return (STATUS_INFO_LENGTH_MISMATCH); } - PsLookupProcessByProcessId((PVOID) 1, &TheIdleProcess); + TheIdleProcess = PsInitialSystemProcess; /* FIXME */ Spi->IdleTime.QuadPart = TheIdleProcess->Pcb.KernelTime * 100000LL; @@ -505,8 +505,6 @@ Spi->SecondLevelTbFills = 0; /* FIXME */ Spi->SystemCalls = 0; /* FIXME */ - ObDereferenceObject(TheIdleProcess); - return (STATUS_SUCCESS); } @@ -609,7 +607,7 @@ SpiCur->BasePriority = pr->Pcb.BasePriority; SpiCur->ProcessId = pr->UniqueProcessId; - SpiCur->InheritedFromProcessId = (DWORD)(pr->InheritedFromUniqueProcessId); + SpiCur->InheritedFromProcessId = pr->InheritedFromUniqueProcessId; SpiCur->HandleCount = ObpGetHandleCountByHandleTable(&pr->HandleTable); SpiCur->VmCounters.PeakVirtualSize = pr->PeakVirtualSize; SpiCur->VmCounters.VirtualSize = pr->VirtualSize.QuadPart; @@ -949,7 +947,7 @@ } DPRINT("SystemFullMemoryInformation\n"); - PsLookupProcessByProcessId((PVOID) 1, &TheIdleProcess); + TheIdleProcess = PsInitialSystemProcess; /* FIXME */ DPRINT("PID: %d, KernelTime: %u PFFree: %d PFUsed: %d\n", TheIdleProcess->UniqueProcessId, @@ -963,8 +961,6 @@ *Spi = MiMemoryConsumers[MC_USER].PagesUsed; - ObDereferenceObject(TheIdleProcess); - return (STATUS_SUCCESS); } _____ Modified: trunk/reactos/ntoskrnl/include/internal/mm.h --- trunk/reactos/ntoskrnl/include/internal/mm.h 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/include/internal/mm.h 2005-01-26 00:03:05 UTC (rev 13301) @@ -296,7 +296,7 @@ * These fields are used to identify the operation if it is against a * virtual memory area. */ - ULONG Pid; + HANDLE Pid; PVOID Address; /* * These fields are used to identify the operation if it is against a @@ -569,10 +569,10 @@ MmReleasePageOp(PMM_PAGEOP PageOp); PMM_PAGEOP -MmGetPageOp(PMEMORY_AREA MArea, ULONG Pid, PVOID Address, +MmGetPageOp(PMEMORY_AREA MArea, HANDLE Pid, PVOID Address, PMM_SECTION_SEGMENT Segment, ULONG Offset, ULONG OpType, BOOL First); PMM_PAGEOP -MmCheckForPageOp(PMEMORY_AREA MArea, ULONG Pid, PVOID Address, +MmCheckForPageOp(PMEMORY_AREA MArea, HANDLE Pid, PVOID Address, PMM_SECTION_SEGMENT Segment, ULONG Offset); VOID MmInitializePageOp(VOID); _____ Modified: trunk/reactos/ntoskrnl/include/internal/ps.h --- trunk/reactos/ntoskrnl/include/internal/ps.h 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/include/internal/ps.h 2005-01-26 00:03:05 UTC (rev 13301) @@ -323,7 +323,7 @@ /* Unknown. */ PKTHREAD LockOwner; /* 090 */ /* Process id. */ - ULONG UniqueProcessId; /* 094 */ + HANDLE UniqueProcessId; /* 094 */ /* Unknown. */ LIST_ENTRY ActiveProcessLinks; /* 098 */ /* Unknown. */ _____ Modified: trunk/reactos/ntoskrnl/ke/profile.c --- trunk/reactos/ntoskrnl/ke/profile.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/ke/profile.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -140,13 +140,13 @@ } else { - ULONG Pid; + HANDLE Pid; PKPROCESS_PROFILE current; PLIST_ENTRY current_entry; PLIST_ENTRY ListHead; Pid = Profile->Process->UniqueProcessId; - ListHead = &ProcessProfileListHashTable[Pid % PROFILE_HASH_TABLE_SIZE]; + ListHead = &ProcessProfileListHashTable[(ULONG_PTR)Pid % PROFILE_HASH_TABLE_SIZE]; current_entry = ListHead; while(current_entry != ListHead) @@ -154,7 +154,7 @@ current = CONTAINING_RECORD(current_entry, KPROCESS_PROFILE, ListEntry); - if (current->Pid == (HANDLE)Pid) + if (current->Pid == Pid) { KiInsertProfileIntoProcess(&current->ProfileListHead, Profile); KeReleaseSpinLock(&ProfileListLock, oldIrql); @@ -166,7 +166,7 @@ current = ExAllocatePool(NonPagedPool, sizeof(KPROCESS_PROFILE)); - current->Pid = (HANDLE)Pid; + current->Pid = Pid; InitializeListHead(&current->ProfileListHead); InsertTailList(ListHead, &current->ListEntry); @@ -188,7 +188,7 @@ } else { - ULONG Pid; + HANDLE Pid; PLIST_ENTRY ListHead; PKPROCESS_PROFILE current; PLIST_ENTRY current_entry; @@ -196,7 +196,7 @@ RemoveEntryList(&Profile->ListEntry); Pid = Profile->Process->UniqueProcessId; - ListHead = &ProcessProfileListHashTable[Pid % PROFILE_HASH_TABLE_SIZE]; + ListHead = &ProcessProfileListHashTable[(ULONG_PTR)Pid % PROFILE_HASH_TABLE_SIZE]; current_entry = ListHead; while(current_entry != ListHead) @@ -204,7 +204,7 @@ current = CONTAINING_RECORD(current_entry, KPROCESS_PROFILE, ListEntry); - if (current->Pid == (HANDLE)Pid) + if (current->Pid == Pid) { if (IsListEmpty(&current->ProfileListHead)) { _____ Modified: trunk/reactos/ntoskrnl/mm/anonmem.c --- trunk/reactos/ntoskrnl/mm/anonmem.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/mm/anonmem.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -272,7 +272,7 @@ /* * Get or create a page operation */ - PageOp = MmGetPageOp(MemoryArea, (ULONG)MemoryArea->Process->UniqueProcessId, + PageOp = MmGetPageOp(MemoryArea, MemoryArea->Process->UniqueProcessId, (PVOID)PAGE_ROUND_DOWN(Address), NULL, 0, MM_PAGEOP_PAGEIN, FALSE); if (PageOp == NULL) _____ Modified: trunk/reactos/ntoskrnl/mm/pageop.c --- trunk/reactos/ntoskrnl/mm/pageop.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/mm/pageop.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -67,7 +67,7 @@ } PMM_PAGEOP -MmCheckForPageOp(PMEMORY_AREA MArea, ULONG Pid, PVOID Address, +MmCheckForPageOp(PMEMORY_AREA MArea, HANDLE Pid, PVOID Address, PMM_SECTION_SEGMENT Segment, ULONG Offset) { ULONG_PTR Hash; @@ -129,7 +129,7 @@ } PMM_PAGEOP -MmGetPageOp(PMEMORY_AREA MArea, ULONG Pid, PVOID Address, +MmGetPageOp(PMEMORY_AREA MArea, HANDLE Pid, PVOID Address, PMM_SECTION_SEGMENT Segment, ULONG Offset, ULONG OpType, BOOL First) /* * FUNCTION: Get a page operation descriptor corresponding to _____ Modified: trunk/reactos/ntoskrnl/mm/rmap.c --- trunk/reactos/ntoskrnl/mm/rmap.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/mm/rmap.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -136,7 +136,7 @@ /* * Get or create a pageop */ - PageOp = MmGetPageOp(MemoryArea, 0, 0, + PageOp = MmGetPageOp(MemoryArea, NULL, 0, MemoryArea->Data.SectionData.Segment, Offset, MM_PAGEOP_PAGEOUT, TRUE); @@ -163,7 +163,7 @@ } else if (Type == MEMORY_AREA_VIRTUAL_MEMORY) { - PageOp = MmGetPageOp(MemoryArea, Address < (PVOID)KERNEL_BASE ? Process->UniqueProcessId : 0, + PageOp = MmGetPageOp(MemoryArea, Address < (PVOID)KERNEL_BASE ? Process->UniqueProcessId : NULL, Address, NULL, 0, MM_PAGEOP_PAGEOUT, TRUE); if (PageOp == NULL) @@ -260,7 +260,7 @@ /* * Get or create a pageop */ - PageOp = MmGetPageOp(MemoryArea, 0, 0, + PageOp = MmGetPageOp(MemoryArea, NULL, 0, MemoryArea->Data.SectionData.Segment, Offset, MM_PAGEOP_PAGEOUT, TRUE); if (PageOp == NULL) @@ -286,7 +286,7 @@ } else if (Type == MEMORY_AREA_VIRTUAL_MEMORY) { - PageOp = MmGetPageOp(MemoryArea, Address < (PVOID)KERNEL_BASE ? Process->UniqueProcessId : 0, + PageOp = MmGetPageOp(MemoryArea, Address < (PVOID)KERNEL_BASE ? Process->UniqueProcessId : NULL, Address, NULL, 0, MM_PAGEOP_PAGEOUT, TRUE); if (PageOp == NULL) { _____ Modified: trunk/reactos/ntoskrnl/mm/section.c --- trunk/reactos/ntoskrnl/mm/section.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/mm/section.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -665,7 +665,7 @@ /* * Get or create a page operation descriptor */ - PageOp = MmGetPageOp(MemoryArea, 0, 0, Segment, Offset, MM_PAGEOP_PAGEIN, FALSE); + PageOp = MmGetPageOp(MemoryArea, NULL, 0, Segment, Offset, MM_PAGEOP_PAGEIN, FALSE); if (PageOp == NULL) { DPRINT1("MmGetPageOp failed\n"); @@ -1187,7 +1187,7 @@ /* * Get or create a pageop */ - PageOp = MmGetPageOp(MemoryArea, 0, 0, Segment, Offset, + PageOp = MmGetPageOp(MemoryArea, NULL, 0, Segment, Offset, MM_PAGEOP_ACCESSFAULT, FALSE); if (PageOp == NULL) { @@ -3589,7 +3589,7 @@ Section = MArea->Data.SectionData.Section; Segment = MArea->Data.SectionData.Segment; - PageOp = MmCheckForPageOp(MArea, 0, NULL, Segment, Offset); + PageOp = MmCheckForPageOp(MArea, NULL, NULL, Segment, Offset); while (PageOp) { @@ -3606,7 +3606,7 @@ MmLockAddressSpace(&MArea->Process->AddressSpace); MmLockSectionSegment(Segment); MmspCompleteAndReleasePageOp(PageOp); - PageOp = MmCheckForPageOp(MArea, 0, NULL, Segment, Offset); + PageOp = MmCheckForPageOp(MArea, NULL, NULL, Segment, Offset); } Entry = MmGetPageEntrySectionSegment(Segment, Offset); _____ Modified: trunk/reactos/ntoskrnl/ps/cid.c --- trunk/reactos/ntoskrnl/ps/cid.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/ps/cid.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -70,7 +70,7 @@ cido->Obj.Object = Object; KeAcquireSpinLock(&CidLock, &oldIrql); - cido->Handle = (HANDLE)(++CidCounter); + cido->Handle = (HANDLE)((ULONG_PTR)(++CidCounter) << 2); InsertTailList(&CidHead, &cido->Entry); KeReleaseSpinLock(&CidLock, oldIrql); _____ Modified: trunk/reactos/ntoskrnl/ps/process.c --- trunk/reactos/ntoskrnl/ps/process.c 2005-01-25 23:57:57 UTC (rev 13300) +++ trunk/reactos/ntoskrnl/ps/process.c 2005-01-26 00:03:05 UTC (rev 13301) @@ -23,7 +23,6 @@ LIST_ENTRY PsProcessListHead; static KSPIN_LOCK PsProcessListLock; -static ULONG PiNextProcessUniqueId = 0; /* TODO */ static LARGE_INTEGER ShortPsLockDelay, PsLockTimeout; static GENERIC_MAPPING PiProcessMapping = {STANDARD_RIGHTS_READ | PROCESS_QUERY_INFORMATION | PROCESS_VM_READ, @@ -192,26 +191,54 @@ { PACCESS_TOKEN Token; HANDLE hToken; - NTSTATUS Status; + KPROCESSOR_MODE PreviousMode; + NTSTATUS Status = STATUS_SUCCESS; + + PreviousMode = ExGetPreviousMode(); + + if(PreviousMode == UserMode) + { + _SEH_TRY + { + ProbeForWrite(TokenHandle, + sizeof(HANDLE), + sizeof(ULONG)); + } + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; - Status = PsOpenTokenOfProcess(ProcessHandle, - &Token); - if (!NT_SUCCESS(Status)) + if(!NT_SUCCESS(Status)) { - return(Status); + return Status; } - Status = ObCreateHandle(PsGetCurrentProcess(), - Token, - DesiredAccess, - FALSE, - &hToken); - ObDereferenceObject(Token); + } + Status = PsOpenTokenOfProcess(ProcessHandle, + &Token); if(NT_SUCCESS(Status)) + { + Status = ObCreateHandle(PsGetCurrentProcess(), + Token, + DesiredAccess, + FALSE, + &hToken); + ObDereferenceObject(Token); + + _SEH_TRY { - Status = MmCopyToCaller(TokenHandle, &hToken, sizeof(HANDLE)); + *TokenHandle = hToken; } - return(Status); + _SEH_HANDLE + { + Status = _SEH_GetExceptionCode(); + } + _SEH_END; + } + + return Status; } @@ -224,7 +251,7 @@ ObReferenceObjectByPointer(Process->Token, TOKEN_ALL_ACCESS, SepTokenObjectType, - UserMode); + KernelMode); return(Process->Token); } @@ -239,16 +266,16 @@ Status = ObReferenceObjectByHandle(ProcessHandle, PROCESS_QUERY_INFORMATION, PsProcessType, - UserMode, + ExGetPreviousMode(), (PVOID*)&Process, NULL); - if (!NT_SUCCESS(Status)) - { - return(Status); - } - *Token = PsReferencePrimaryToken(Process); - ObDereferenceObject(Process); - return(STATUS_SUCCESS); + if(NT_SUCCESS(Status)) + { + *Token = PsReferencePrimaryToken(Process); + ObDereferenceObject(Process); + } + + return Status; } @@ -269,7 +296,7 @@ current_entry = current_entry->Flink; if (current->UniqueProcessId != PsInitialSystemProcess->UniqueProcessId && - current->UniqueProcessId != (ULONG)PsGetCurrentProcessId()) + current->UniqueProcessId != PsGetCurrentProcessId()) { PiTerminateProcessThreads(current, STATUS_SUCCESS); } @@ -373,8 +400,17 @@ } #endif - PsInitialSystemProcess->UniqueProcessId = - InterlockedIncrementUL(&PiNextProcessUniqueId); /* TODO */ + strcpy(PsInitialSystemProcess->ImageFileName, "System"); + + Status = PsCreateCidHandle(PsInitialSystemProcess, + PsProcessType, + &PsInitialSystemProcess->UniqueProcessId); + if(!NT_SUCCESS(Status)) + { + DPRINT1("Failed to create CID handle (unique process id) for the system process!\n"); + return; + } + PsInitialSystemProcess->Win32WindowStation = (HANDLE)0; KeAcquireSpinLock(&PsProcessListLock, &oldIrql); @@ -382,8 +418,6 @@ &PsInitialSystemProcess->ProcessListEntry); InitializeListHead(&PsInitialSystemProcess->ThreadListHead); KeReleaseSpinLock(&PsProcessListLock, oldIrql); - - strcpy(PsInitialSystemProcess->ImageFileName, "System"); SepCreateSystemProcessToken(PsInitialSystemProcess); } @@ -610,109 +644,112 @@ } } -/* - * @implemented - */ -NTSTATUS STDCALL -PsCreateSystemProcess(PHANDLE ProcessHandle, - ACCESS_MASK DesiredAccess, - POBJECT_ATTRIBUTES ObjectAttributes) -{ - HANDLE SystemProcessHandle; - NTSTATUS Status; - - /* FIXME - what about security? should there be any privilege checks or something - security related? */ - - Status = ObCreateHandle(PsGetCurrentProcess(), - PsInitialSystemProcess, - PROCESS_CREATE_PROCESS | PROCESS_CREATE_THREAD | PROCESS_QUERY_INFORMATION, - FALSE, - &SystemProcessHandle); - if(!NT_SUCCESS(Status)) - { - DPRINT1("Failed to create a handle for the system process!\n"); - return Status; - } - - Status = NtCreateProcess(ProcessHandle, - DesiredAccess, - ObjectAttributes, - SystemProcessHandle, - FALSE, - NULL, - NULL, - NULL); - - NtClose(SystemProcessHandle); - - return Status; -} - -NTSTATUS STDCALL -NtCreateProcess(OUT PHANDLE ProcessHandle, +NTSTATUS +PspCreateProcess(OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, - IN HANDLE ParentProcess, + IN HANDLE ParentProcess OPTIONAL, IN BOOLEAN InheritObjectTable, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL) -/* - * FUNCTION: Creates a process. - * ARGUMENTS: - * ProcessHandle (OUT) = Caller supplied storage for the resulting - * handle - * DesiredAccess = Specifies the allowed or desired access to the - * process can be a combination of - * STANDARD_RIGHTS_REQUIRED| .. - * ObjectAttribute = Initialized attributes for the object, contains - * the rootdirectory and the filename - * ParentProcess = Handle to the parent process. - * InheritObjectTable = Specifies to inherit the objects of the parent - * process if true. - * SectionHandle = Handle to a section object to back the image file - * DebugPort = Handle to a DebugPort if NULL the system default debug - * port will be used. - * ExceptionPort = Handle to a exception port. - * REMARKS: - * This function maps to the win32 CreateProcess. - * RETURNS: Status - */ { + HANDLE hProcess; PEPROCESS Process; PEPROCESS pParentProcess; PKPROCESS KProcess; - NTSTATUS Status; KIRQL oldIrql; PVOID LdrStartupAddr; - PVOID ImageBase; - PEPORT pDebugPort; - PEPORT pExceptionPort; PVOID BaseAddress; PMEMORY_AREA MemoryArea; PHYSICAL_ADDRESS BoundaryAddressMultiple; + KPROCESSOR_MODE PreviousMode; + PVOID ImageBase = NULL; + PEPORT pDebugPort = NULL; + PEPORT pExceptionPort = NULL; + PSECTION_OBJECT SectionObject = NULL; + NTSTATUS Status = STATUS_SUCCESS; - DPRINT("NtCreateProcess(ObjectAttributes %x)\n",ObjectAttributes); + DPRINT("PspCreateProcess(ObjectAttributes %x)\n", ObjectAttributes); + + PreviousMode = ExGetPreviousMode(); BoundaryAddressMultiple.QuadPart = 0; - Status = ObReferenceObjectByHandle(ParentProcess, - PROCESS_CREATE_PROCESS, - PsProcessType, - ExGetPreviousMode(), - (PVOID*)&pParentProcess, - NULL); - if (!NT_SUCCESS(Status)) + if(ParentProcess != NULL) + { + Status = ObReferenceObjectByHandle(ParentProcess, + PROCESS_CREATE_PROCESS, + PsProcessType, + PreviousMode, + (PVOID*)&pParentProcess, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to reference the parent process: Status: 0x%x\n", Status); + return(Status); + } + } + else + { + pParentProcess = NULL; + } + + /* + * Add the debug port + */ + if (DebugPort != NULL) { - DPRINT("NtCreateProcess() = %x\n",Status); - return(Status); + Status = ObReferenceObjectByHandle(DebugPort, + PORT_ALL_ACCESS, + LpcPortObjectType, + PreviousMode, + (PVOID*)&pDebugPort, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to reference the debug port: Status: 0x%x\n", Status); + goto exitdereferenceobjects; + } } - Status = ObCreateObject(ExGetPreviousMode(), + /* + * Add the exception port + */ + if (ExceptionPort != NULL) + { + Status = ObReferenceObjectByHandle(ExceptionPort, + PORT_ALL_ACCESS, + LpcPortObjectType, + PreviousMode, + (PVOID*)&pExceptionPort, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to reference the exception port: Status: 0x%x\n", Status); + goto exitdereferenceobjects; + } + } + + if (SectionHandle != NULL) + { + Status = ObReferenceObjectByHandle(SectionHandle, + 0, + MmSectionObjectType, + PreviousMode, + (PVOID*)&SectionObject, + NULL); + if (!NT_SUCCESS(Status)) + { + DPRINT1("Failed to reference process image section: Status: 0x%x\n", Status); + goto exitdereferenceobjects; + } + } + + Status = ObCreateObject(PreviousMode, PsProcessType, ObjectAttributes, - ExGetPreviousMode(), + PreviousMode, NULL, sizeof(EPROCESS), 0, @@ -720,32 +757,92 @@ (PVOID*)&Process); if (!NT_SUCCESS(Status)) { - ObDereferenceObject(pParentProcess); - DPRINT("ObCreateObject() = %x\n",Status); - return(Status); + DPRINT1("Failed to create process object, Status: 0x%x\n", Status); + +exitdereferenceobjects: + if(SectionObject != NULL) + ObDereferenceObject(SectionObject); + if(pExceptionPort != NULL) + ObDereferenceObject(pExceptionPort); + if(pDebugPort != NULL) + ObDereferenceObject(pDebugPort); + if(pParentProcess != NULL) + ObDereferenceObject(pParentProcess); + return Status; } - Status = ObInsertObject ((PVOID)Process, - NULL, - DesiredAccess, - 0, - NULL, - ProcessHandle); - if (!NT_SUCCESS(Status)) - { - ObDereferenceObject (Process); - ObDereferenceObject (pParentProcess); - DPRINT("ObInsertObject() = %x\n",Status); - return Status; - } + KProcess = &Process->Pcb; + + RtlZeroMemory(Process, sizeof(EPROCESS)); + + Status = PsCreateCidHandle(Process, + PsProcessType, + &Process->UniqueProcessId); + if(!NT_SUCCESS(Status)) + { + DPRINT1("Failed to create CID handle (unique process ID)! Status: 0x%x\n", Status); + ObDereferenceObject(Process); + goto exitdereferenceobjects; + } - KeInitializeDispatcherHeader(&Process->Pcb.DispatcherHeader, + Process->DebugPort = pDebugPort; + Process->ExceptionPort = pExceptionPort; + + if(SectionObject != NULL) + { + UNICODE_STRING FileName; + PWCHAR szSrc; + PCHAR szDest; + USHORT lnFName = 0; + + /* + * Determine the image file name and save it to the EPROCESS structure + */ + + FileName = SectionObject->FileObject->FileName; + szSrc = (PWCHAR)(FileName.Buffer + (FileName.Length / sizeof(WCHAR)) - 1); + while(szSrc >= FileName.Buffer) + { + if(*szSrc == L'\\') + { + szSrc++; + break; + } + else + { + szSrc--; + lnFName++; + } + } + + /* copy the image file name to the process and truncate it to 15 characters + if necessary */ + szDest = Process->ImageFileName; + lnFName = min(lnFName, sizeof(Process->ImageFileName) - 1); + while(lnFName-- > 0) + { + *(szDest++) = (UCHAR)*(szSrc++); + } + /* *szDest = '\0'; */ + } + + KeInitializeDispatcherHeader(&KProcess->DispatcherHeader, InternalProcessType, sizeof(EPROCESS), FALSE); - KProcess = &Process->Pcb; + /* Inherit parent process's affinity. */ - KProcess->Affinity = pParentProcess->Pcb.Affinity; + if(pParentProcess != NULL) + { + KProcess->Affinity = pParentProcess->Pcb.Affinity; + Process->InheritedFromUniqueProcessId = pParentProcess->UniqueProcessId; + Process->SessionId = pParentProcess->SessionId; + } + else + { + KProcess->Affinity = KeActiveProcessors; + } + KProcess->BasePriority = PROCESS_PRIO_NORMAL; KProcess->IopmOffset = 0xffff; KProcess->LdtDescriptor[0] = 0; @@ -755,13 +852,11 @@ KProcess->AutoAlignment = 0; MmInitializeAddressSpace(Process, &Process->AddressSpace); - Process->UniqueProcessId = InterlockedIncrementUL(&PiNextProcessUniqueId); /* TODO */ - Process->InheritedFromUniqueProcessId = - (HANDLE)pParentProcess->UniqueProcessId; + ObCreateHandleTable(pParentProcess, InheritObjectTable, Process); - MmCopyMmInfo(ParentProcess, Process); + MmCopyMmInfo(pParentProcess ? pParentProcess : PsInitialSystemProcess, Process); KeInitializeEvent(&Process->LockEvent, SynchronizationEvent, FALSE); Process->LockCount = 0; @@ -778,50 +873,6 @@ Process->Pcb.State = PROCESS_STATE_ACTIVE; /* - * Add the debug port - */ - if (DebugPort != NULL) - { - Status = ObReferenceObjectByHandle(DebugPort, - PORT_ALL_ACCESS, - LpcPortObjectType, - UserMode, - (PVOID*)&pDebugPort, - NULL); - if (!NT_SUCCESS(Status)) - { - ObDereferenceObject(Process); - ObDereferenceObject(pParentProcess); - ZwClose(*ProcessHandle); - *ProcessHandle = NULL; - return(Status); - } - Process->DebugPort = pDebugPort; - } - - /* - * Add the exception port - */ - if (ExceptionPort != NULL) - { - Status = ObReferenceObjectByHandle(ExceptionPort, - PORT_ALL_ACCESS, - LpcPortObjectType, - UserMode, - (PVOID*)&pExceptionPort, - NULL); - if (!NT_SUCCESS(Status)) - { - ObDereferenceObject(Process); - ObDereferenceObject(pParentProcess); - ZwClose(*ProcessHandle); - *ProcessHandle = NULL; - return(Status); - } - Process->ExceptionPort = pExceptionPort; - } - - /* * Now we have created the process proper */ @@ -843,7 +894,8 @@ { MmUnlockAddressSpace(&Process->AddressSpace); DPRINT1("Failed to protect the highest 64KB of the process address space\n"); - KEBUGCHECK(0); + ObDereferenceObject(Process); + goto exitdereferenceobjects; } /* Protect the lowest 64KB of the process address space */ @@ -863,7 +915,8 @@ { MmUnlockAddressSpace(&Process->AddressSpace); DPRINT1("Failed to protect the lowest 64KB of the process address space\n"); - KEBUGCHECK(0); + ObDereferenceObject(Process); + goto exitdereferenceobjects; } #endif @@ -883,7 +936,8 @@ { MmUnlockAddressSpace(&Process->AddressSpace); DPRINT1("Failed to protect the memory above the shared user page\n"); - KEBUGCHECK(0); [truncated at 1000 lines; 675 more skipped]