-
Notifications
You must be signed in to change notification settings - Fork 12
/
Copy pathobtypes.h
533 lines (466 loc) · 13.4 KB
/
obtypes.h
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
/*++ NDK Version: 0098
Copyright (c) Alex Ionescu. All rights reserved.
Header Name:
obtypes.h
Abstract:
Type definitions for the Object Manager
Author:
Alex Ionescu ([email protected]) - Updated - 27-Feb-2006
--*/
#ifndef _OBTYPES_H
#define _OBTYPES_H
//
// Dependencies
//
#include <..\ndk\umtypes.h>
#ifndef NTOS_MODE_USER
#include <..\ndk\extypes.h>
#endif
#ifdef NTOS_MODE_USER
//
// Definitions for Object Creation
//
#define OBJ_INHERIT 0x00000002L
#define OBJ_PERMANENT 0x00000010L
#define OBJ_EXCLUSIVE 0x00000020L
#define OBJ_CASE_INSENSITIVE 0x00000040L
#define OBJ_OPENIF 0x00000080L
#define OBJ_OPENLINK 0x00000100L
#define OBJ_KERNEL_HANDLE 0x00000200L
#define OBJ_FORCE_ACCESS_CHECK 0x00000400L
#define OBJ_VALID_ATTRIBUTES 0x000007F2L
#define InitializeObjectAttributes(p,n,a,r,s) { \
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
(p)->RootDirectory = (r); \
(p)->Attributes = (a); \
(p)->ObjectName = (n); \
(p)->SecurityDescriptor = (s); \
(p)->SecurityQualityOfService = NULL; \
}
//
// Number of custom-defined bits that can be attached to a handle
//
#define OBJ_HANDLE_TAGBITS 0x3
//
// Directory Object Access Rights
//
#define DIRECTORY_QUERY 0x0001
#define DIRECTORY_TRAVERSE 0x0002
#define DIRECTORY_CREATE_OBJECT 0x0004
#define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
//
// Slash separator used in the OB Namespace (and Registry)
//
#define OBJ_NAME_PATH_SEPARATOR L'\\'
//
// Object Information Classes for NtQueryInformationObject
//
typedef enum _OBJECT_INFORMATION_CLASS
{
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectTypesInformation,
ObjectHandleFlagInformation,
ObjectSessionInformation,
MaxObjectInfoClass
} OBJECT_INFORMATION_CLASS;
#else
//
// Object Flags
//
#define OB_FLAG_CREATE_INFO 0x01
#define OB_FLAG_KERNEL_MODE 0x02
#define OB_FLAG_CREATOR_INFO 0x04
#define OB_FLAG_EXCLUSIVE 0x08
#define OB_FLAG_PERMANENT 0x10
#define OB_FLAG_SECURITY 0x20
#define OB_FLAG_SINGLE_PROCESS 0x40
#define OB_FLAG_DEFER_DELETE 0x80
#define OBJECT_TO_OBJECT_HEADER(o) \
CONTAINING_RECORD((o), OBJECT_HEADER, Body)
#define OBJECT_HEADER_TO_NAME_INFO(h) \
((POBJECT_HEADER_NAME_INFO)(!(h)->NameInfoOffset ? \
NULL: ((PCHAR)(h) - (h)->NameInfoOffset)))
#define OBJECT_HEADER_TO_HANDLE_INFO(h) \
((POBJECT_HEADER_HANDLE_INFO)(!(h)->HandleInfoOffset ? \
NULL: ((PCHAR)(h) - (h)->HandleInfoOffset)))
#define OBJECT_HEADER_TO_QUOTA_INFO(h) \
((POBJECT_HEADER_QUOTA_INFO)(!(h)->QuotaInfoOffset ? \
NULL: ((PCHAR)(h) - (h)->QuotaInfoOffset)))
#define OBJECT_HEADER_TO_CREATOR_INFO(h) \
((POBJECT_HEADER_CREATOR_INFO)(!((h)->Flags & \
OB_FLAG_CREATOR_INFO) ? NULL: ((PCHAR)(h) - \
sizeof(OBJECT_HEADER_CREATOR_INFO))))
#define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h) \
((!((h)->Flags & OB_FLAG_EXCLUSIVE)) ? \
NULL: (((POBJECT_HEADER_QUOTA_INFO)((PCHAR)(h) - \
(h)->QuotaInfoOffset))->ExclusiveProcess))
//
// Reasons for Open Callback
//
typedef enum _OB_OPEN_REASON
{
ObCreateHandle,
ObOpenHandle,
ObDuplicateHandle,
ObInheritHandle,
ObMaxOpenReason
} OB_OPEN_REASON;
#endif
//
// Object Duplication Flags
//
#define DUPLICATE_SAME_ATTRIBUTES 0x00000004
//
// Number of hash entries in an Object Directory
//
#define NUMBER_HASH_BUCKETS 37
//
// Types for DosDeviceDriveType
//
#define DOSDEVICE_DRIVE_UNKNOWN 0
#define DOSDEVICE_DRIVE_CALCULATE 1
#define DOSDEVICE_DRIVE_REMOVABLE 2
#define DOSDEVICE_DRIVE_FIXED 3
#define DOSDEVICE_DRIVE_REMOTE 4
#define DOSDEVICE_DRIVE_CDROM 5
#define DOSDEVICE_DRIVE_RAMDISK 6
//
// Dump Control Structure for Object Debugging
//
typedef struct _OB_DUMP_CONTROL
{
PVOID Stream;
ULONG Detail;
} OB_DUMP_CONTROL, *POB_DUMP_CONTROL;
#ifndef NTOS_MODE_USER
//
// Object Type Callbacks
//
typedef VOID
(NTAPI *OB_DUMP_METHOD)(
_In_ PVOID Object,
_In_opt_ POB_DUMP_CONTROL Control
);
typedef NTSTATUS
(NTAPI *OB_OPEN_METHOD)(
_In_ OB_OPEN_REASON Reason,
_In_opt_ PEPROCESS Process,
_In_ PVOID ObjectBody,
_In_ ACCESS_MASK GrantedAccess,
_In_ ULONG HandleCount
);
typedef VOID
(NTAPI *OB_CLOSE_METHOD)(
_In_opt_ PEPROCESS Process,
_In_ PVOID Object,
_In_ ACCESS_MASK GrantedAccess,
_In_ ULONG ProcessHandleCount,
_In_ ULONG SystemHandleCount
);
typedef VOID
(NTAPI *OB_DELETE_METHOD)(
_In_ PVOID Object
);
typedef NTSTATUS
(NTAPI *OB_PARSE_METHOD)(
_In_ PVOID ParseObject,
_In_ PVOID ObjectType,
_Inout_ PACCESS_STATE AccessState,
_In_ KPROCESSOR_MODE AccessMode,
_In_ ULONG Attributes,
_Inout_ PUNICODE_STRING CompleteName,
_Inout_ PUNICODE_STRING RemainingName,
_Inout_opt_ PVOID Context,
_In_opt_ PSECURITY_QUALITY_OF_SERVICE SecurityQos,
_Out_ PVOID *Object
);
typedef NTSTATUS
(NTAPI *OB_SECURITY_METHOD)(
_In_ PVOID Object,
_In_ SECURITY_OPERATION_CODE OperationType,
_In_ PSECURITY_INFORMATION SecurityInformation,
_In_ PSECURITY_DESCRIPTOR SecurityDescriptor,
_Inout_ PULONG CapturedLength,
_Inout_ PSECURITY_DESCRIPTOR *ObjectSecurityDescriptor,
_In_ POOL_TYPE PoolType,
_In_ PGENERIC_MAPPING GenericMapping
);
typedef NTSTATUS
(NTAPI *OB_QUERYNAME_METHOD)(
_In_ PVOID Object,
_In_ BOOLEAN HasObjectName,
_Out_ POBJECT_NAME_INFORMATION ObjectNameInfo,
_In_ ULONG Length,
_Out_ PULONG ReturnLength,
_In_ KPROCESSOR_MODE AccessMode
);
typedef BOOLEAN
(NTAPI *OB_OKAYTOCLOSE_METHOD)(
_In_opt_ PEPROCESS Process,
_In_ PVOID Object,
_In_ HANDLE Handle,
_In_ KPROCESSOR_MODE AccessMode
);
#else
//
// Object Information Types for NtQueryInformationObject
//
typedef struct _OBJECT_NAME_INFORMATION
{
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
#endif
typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION
{
BOOLEAN Inherit;
BOOLEAN ProtectFromClose;
} OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
typedef struct _OBJECT_DIRECTORY_INFORMATION
{
UNICODE_STRING Name;
UNICODE_STRING TypeName;
} OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
//
// Object Type Information
//
typedef struct _OBJECT_TYPE_INFORMATION{
UNICODE_STRING TypeName;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
ULONG PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
typedef struct _OBJECT_ALL_TYPES_INFORMATION{
ULONG NumberOfTypes;
OBJECT_TYPE_INFORMATION TypeInformation[1];
} OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
#ifdef NTOS_MODE_USER
typedef struct _OBJECT_BASIC_INFORMATION
{
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
#else
typedef struct _OBJECT_CREATE_INFORMATION
{
ULONG Attributes;
HANDLE RootDirectory;
PVOID ParseContext;
KPROCESSOR_MODE ProbeMode;
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG SecurityDescriptorCharge;
PSECURITY_DESCRIPTOR SecurityDescriptor;
PSECURITY_QUALITY_OF_SERVICE SecurityQos;
SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService;
} OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION;
//
// Object Type Initialize for ObCreateObjectType
//
typedef struct _OBJECT_TYPE_INITIALIZER
{
USHORT Length;
BOOLEAN UseDefaultObject;
BOOLEAN CaseInsensitive;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
BOOLEAN MaintainTypeList;
POOL_TYPE PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
OB_DUMP_METHOD DumpProcedure;
OB_OPEN_METHOD OpenProcedure;
OB_CLOSE_METHOD CloseProcedure;
OB_DELETE_METHOD DeleteProcedure;
OB_PARSE_METHOD ParseProcedure;
OB_SECURITY_METHOD SecurityProcedure;
OB_QUERYNAME_METHOD QueryNameProcedure;
OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure;
} OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER;
//
// Object Type Object
//
typedef struct _OBJECT_TYPE
{
ERESOURCE Mutex;
LIST_ENTRY TypeList;
UNICODE_STRING Name;
PVOID DefaultObject;
ULONG Index;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
OBJECT_TYPE_INITIALIZER TypeInfo;
ULONG Key;
ERESOURCE ObjectLocks[4];
} OBJECT_TYPE;
//
// Object Directory Structures
//
typedef struct _OBJECT_DIRECTORY_ENTRY
{
struct _OBJECT_DIRECTORY_ENTRY *ChainLink;
PVOID Object;
#if (NTDDI_VERSION >= NTDDI_WS03)
ULONG HashValue;
#endif
} OBJECT_DIRECTORY_ENTRY, *POBJECT_DIRECTORY_ENTRY;
typedef struct _OBJECT_DIRECTORY
{
struct _OBJECT_DIRECTORY_ENTRY *HashBuckets[NUMBER_HASH_BUCKETS];
#if (NTDDI_VERSION < NTDDI_WINXP)
ERESOURCE Lock;
#else
EX_PUSH_LOCK Lock;
#endif
#if (NTDDI_VERSION < NTDDI_WINXP)
BOOLEAN CurrentEntryValid;
#else
struct _DEVICE_MAP *DeviceMap;
#endif
ULONG SessionId;
#if (NTDDI_VERSION == NTDDI_WINXP)
USHORT Reserved;
USHORT SymbolicLinkUsageCount;
#endif
} OBJECT_DIRECTORY, *POBJECT_DIRECTORY;
//
// Object Header Addon Information
//
typedef struct _OBJECT_HEADER_NAME_INFO
{
POBJECT_DIRECTORY Directory;
UNICODE_STRING Name;
ULONG QueryReferences;
ULONG Reserved2;
ULONG DbgReferenceCount;
} OBJECT_HEADER_NAME_INFO, *POBJECT_HEADER_NAME_INFO;
typedef struct _OBJECT_HANDLE_COUNT_ENTRY
{
struct _EPROCESS *Process;
ULONG HandleCount;
} OBJECT_HANDLE_COUNT_ENTRY, *POBJECT_HANDLE_COUNT_ENTRY;
typedef struct _OBJECT_HANDLE_COUNT_DATABASE
{
ULONG CountEntries;
OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1];
} OBJECT_HANDLE_COUNT_DATABASE, *POBJECT_HANDLE_COUNT_DATABASE;
typedef struct _OBJECT_HEADER_HANDLE_INFO
{
union
{
POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase;
OBJECT_HANDLE_COUNT_ENTRY SingleEntry;
};
} OBJECT_HEADER_HANDLE_INFO, *POBJECT_HEADER_HANDLE_INFO;
typedef struct _OBJECT_HEADER_CREATOR_INFO
{
LIST_ENTRY TypeList;
PVOID CreatorUniqueProcess;
USHORT CreatorBackTraceIndex;
USHORT Reserved;
} OBJECT_HEADER_CREATOR_INFO, *POBJECT_HEADER_CREATOR_INFO;
typedef struct _OBJECT_HEADER_QUOTA_INFO
{
ULONG PagedPoolCharge;
ULONG NonPagedPoolCharge;
ULONG SecurityDescriptorCharge;
PEPROCESS ExclusiveProcess;
} OBJECT_HEADER_QUOTA_INFO, *POBJECT_HEADER_QUOTA_INFO;
//
// Object Header
//
typedef struct _OBJECT_HEADER
{
LONG PointerCount;
union
{
LONG HandleCount;
volatile PVOID NextToFree;
};
POBJECT_TYPE Type;
UCHAR NameInfoOffset;
UCHAR HandleInfoOffset;
UCHAR QuotaInfoOffset;
UCHAR Flags;
union
{
POBJECT_CREATE_INFORMATION ObjectCreateInfo;
PVOID QuotaBlockCharged;
};
PSECURITY_DESCRIPTOR SecurityDescriptor;
QUAD Body;
} OBJECT_HEADER, *POBJECT_HEADER;
//
// Object Lookup Context
//
typedef struct _OBP_LOOKUP_CONTEXT
{
POBJECT_DIRECTORY Directory;
PVOID Object;
ULONG HashValue;
USHORT HashIndex;
BOOLEAN DirectoryLocked;
ULONG LockStateSignature;
} OBP_LOOKUP_CONTEXT, *POBP_LOOKUP_CONTEXT;
//
// Device Map
//
typedef struct _DEVICE_MAP
{
POBJECT_DIRECTORY DosDevicesDirectory;
POBJECT_DIRECTORY GlobalDosDevicesDirectory;
ULONG ReferenceCount;
ULONG DriveMap;
UCHAR DriveType[32];
} DEVICE_MAP, *PDEVICE_MAP;
//
// Symbolic Link Object
//
typedef struct _OBJECT_SYMBOLIC_LINK
{
LARGE_INTEGER CreationTime;
UNICODE_STRING LinkTarget;
UNICODE_STRING LinkTargetRemaining;
PVOID LinkTargetObject;
ULONG DosDeviceDriveIndex;
} OBJECT_SYMBOLIC_LINK, *POBJECT_SYMBOLIC_LINK;
//
// Kernel Exports
//
extern POBJECT_TYPE NTSYSAPI ObDirectoryType;
extern PDEVICE_MAP NTSYSAPI ObSystemDeviceMap;
#endif // !NTOS_MODE_USER
#endif // _OBTYPES_H