kernel
Loading...
Searching...
No Matches
process.c
Go to the documentation of this file.
1/*
2 * PROJECT: MatanelOS Kernel
3 * LICENSE: GPLv3
4 * PURPOSE: Process Creation Implementation
5 */
6
7#include "../../time.h"
8#include "../../includes/me.h"
9#include "../../includes/ps.h"
10#include "../../includes/mg.h"
11#include "../../includes/ms.h"
12#include "../../includes/ob.h"
13#include "../../assert.h"
14#include "../../includes/fs.h"
15#include "../../includes/exception.h"
16
17#define MIN_PID 4u
18#define MAX_PID 0xFFFFFFFCUL
19#define ALIGN_DELTA 6u
20#define MAX_FREE_POOL 1024u
21
22#define PML4_INDEX(addr) (((addr) >> 39) & 0x1FFULL)
23#define KERNEL_PML4_START ((size_t)PML4_INDEX(KernelVaStart))
24#define USER_INITIAL_STACK_TOP USER_VA_END
25
26#define MTDLL_TARGET_ENTRY "LdrInitializeProcess"
27#define MTDLL_PATH "mtdll.mtdll" // root dir
28#define MAX_EXPORTED_FUNC_NAME 256
29extern EPROCESS SystemProcess;
30
31uintptr_t MmSystemRangeStart = PhysicalMemoryOffset; // Changed to PhysicalMemoryOffset, since thats where actual stuff like hypermap, phys to virt, and more happen.
32uintptr_t MmHighestUserAddress = USER_VA_END;
33uintptr_t MmUserStartAddress = USER_VA_START;
34uintptr_t MmUserProbeAddress = 0x00007FFFFFFF0000;
35
36static
37bool
38GetBaseName(const char* fullpath, char* out, size_t outsz) {
39 const char* ext = ".mtexe";
40 size_t ext_len = kstrlen(ext);
41 if (!fullpath || !out || outsz == 0) return false;
42
43 size_t len = kstrlen(fullpath);
44 const char* p = fullpath + len;
45 while (p > fullpath && *(p - 1) != '/') --p;
46
47 size_t name_len = kstrlen(p);
48 if (name_len < ext_len || kstrcmp(p + name_len - ext_len, ext) != 0) return false;
49
50 if (name_len + 1 > outsz) return false; // too small
51 kstrncpy(out, p, name_len + 1);
52 return true;
53}
54
55static
56int
57ReadStringFromFile(PFILE_OBJECT FileObject, uint64_t off, char* buf, size_t buf_len)
58{
59 size_t got = 0;
60 MTSTATUS st;
61
62 if (buf_len == 0) return -1;
63
64 // Read up to buf - 1 bytes (so we leave room for null term)
65 st = FsReadFile(FileObject, off, buf, buf_len - 1, &got);
66 if (MT_FAILURE(st)) return -1;
67
68 /* Ensure NUL termination */
69 buf[got >= (buf_len - 1) ? (buf_len - 1) : got] = '\0';
70
71 // If null term isnt present, we need a larger buffer.
72 if (kmemchr(buf, '\0', got) == NULL) return -1;
73
74 return 0;
75}
76
77// This finds LdrInitializeProcess inside of the MTDLL Export table.
78static
79void*
80PspFindMtdllEntry(
81 IN PFILE_OBJECT MtdllObject
82)
83{
84 MTE_HEADER hdr;
85 size_t br;
86 MTSTATUS st;
87
88 // Read MTE header
89 st = FsReadFile(MtdllObject, 0, &hdr, sizeof(hdr), &br);
90 if (MT_FAILURE(st) || br < sizeof(hdr)) return NULL;
91
92 if (hdr.Magic[0] != 'M' || hdr.Magic[1] != 'T' || hdr.Magic[2] != 'E' || hdr.Magic[3] != '\0') {
93 return NULL;
94 }
95
96 // Null checks
97 if (hdr.exports_rva == 0 || hdr.exports_size < sizeof(MT_EXPORT_ENTRY)) return NULL;
98
99 size_t max_entries = hdr.exports_size / sizeof(MT_EXPORT_ENTRY);
100 if (max_entries == 0) return NULL;
101
102 MT_EXPORT_ENTRY entry;
103 char namebuf[MAX_EXPORTED_FUNC_NAME];
104
105 for (size_t i = 0; i < max_entries; ++i) {
106 uint64_t entry_off = hdr.exports_rva + (uint64_t)(i * sizeof(MT_EXPORT_ENTRY));
107
108 /* read the single MTEXPORT_ENTRY from file */
109 st = FsReadFile(MtdllObject, entry_off, &entry, sizeof(entry), &br);
110 if (MT_FAILURE(st) || br < sizeof(entry)) {
111 break;
112 }
113
114
115 // The entry on disk is ALREADY an RVA.
116 uint64_t name_rva_calculated = entry.name_rva;
117
118 if (name_rva_calculated == 0) continue;
119
120 // Safety check: Ensure RVA is within file bounds (optional but recommended)
121 if (name_rva_calculated >= MtdllObject->FileSize) continue;
122
123 // Read string using the calculated RVA/Offset
124 if (ReadStringFromFile(MtdllObject, name_rva_calculated, namebuf, sizeof(namebuf)) != 0) {
125 continue;
126 }
127
128 // String compare with the export we want.
129 if (kstrcmp(namebuf, MTDLL_TARGET_ENTRY) == 0) {
130 // Return the RVA now.
131 return (void*)(uintptr_t)(entry.func_rva);
132 }
133 }
134
135 return NULL; /* not found */
136}
137
138static
139MTSTATUS
140PspRelocateImage(
141 IN void* ImageBase,
142 IN MTE_HEADER* Header
143)
144{
145 // Calculate the difference between where it is and where it wants to be
146 int64_t delta = (uintptr_t)ImageBase - (uintptr_t)Header->PreferredImageBase;
147
148 // If loaded at preferred address, no work needed
149 if (delta == 0) return MT_SUCCESS;
150
151 // null check
152 if (Header->reloc_rva == 0 || Header->reloc_size == 0) {
153 // Warning: Loaded at wrong address but no relocations found?
154 // Code might crash, but technically not a failure of this function.
155 return MT_SUCCESS;
156 }
157
158 // Point to the relocation table
159 Rela* reloc_table = (Rela*)((uintptr_t)ImageBase + Header->reloc_rva);
160 size_t count = Header->reloc_size / sizeof(Rela);
161
162 // Iterate and Fix
163 for (size_t i = 0; i < count; i++) {
164 Rela* entry = &reloc_table[i];
165
166 // We only care about R_X86_64_RELATIVE (Type 8)
167 if ((entry->r_info & 0xFFFFFFFF) == R_X86_64_RELATIVE) {
168
169 // Pointer to the address we need to fix
170 uintptr_t* target_ptr = (uintptr_t*)((uintptr_t)ImageBase + entry->r_offset);
171
172 // Apply the fix: NewBase + Addend
173 *target_ptr = (uintptr_t)ImageBase + entry->r_addend;
174 }
175 }
176
177 return MT_SUCCESS;
178}
179
180MTSTATUS
181PsCreateProcess(
182 IN const char* ExecutablePath,
183 OUT PHANDLE ProcessHandle,
184 IN ACCESS_MASK DesiredAccess,
185 _In_Opt HANDLE ParentProcess
186)
187
188/*++
189
190 Routine description:
191
192 Creates a user mode process, simple as that.
193
194 Arguments:
195
196 [IN] const char* ExecutablePath - The process's main executable file.
197 [OUT] PHANDLE ProcessHandle - Pointer to store the the process's created handle.
198 [IN] ACCESS_MASK DesiredAccess - The maximum access the process should originally have.
199 [IN OPTIONAL] HANDLE ParentProcess - Optionally supply a handle to the parent of this process.
200
201 Return Values:
202
203 Various MTSTATUS Status codes.
204
205--*/
206
207{
208 MTSTATUS Status;
209 PEPROCESS Process, Parent;
210 // If we have a parent process, attempt to see if the parent process has the access to create another process.
211 if (ParentProcess) {
212 Status = ObReferenceObjectByHandle(
213 ParentProcess,
214 MT_PROCESS_CREATE_PROCESS,
215 PsProcessType,
216 (void**)&Parent,
217 NULL
218 );
219
220 if (MT_FAILURE(Status)) {
221 return Status;
222 }
223 }
224 else {
225 // We have no parent process.
226 Parent = NULL;
227 }
228
229 // Create the EPROCESS Object.
230 Status = ObCreateObject(PsProcessType, sizeof(EPROCESS), (void*)&Process);
231 if (MT_FAILURE(Status)) goto Cleanup;
232
233 // CleanupWithRef from now on.
234 // Assume failure status.
235 Status = MT_GENERAL_FAILURE;
236 // Setup the process now, create its PID.
237 Process->PID = PsAllocateProcessId(Process);
238
239 // Set its parent process handle.
240 Process->ParentProcess = ParentProcess;
241
242 // Set its image name.
243 char filename[24];
244 GetBaseName(ExecutablePath, filename, sizeof(filename));
245 if (filename[0] == '\0') goto CleanupWithRef;
246 kstrncpy(Process->ImageName, filename, sizeof(Process->ImageName));
247
248 // Set initial state
249 Process->InternalProcess.ProcessState |= PROCESS_READY;
250
251 // Create address space.
252 void* DirectoryTablePhysical = NULL;
253 Status = MmCreateProcessAddressSpace(&DirectoryTablePhysical);
254 if (MT_FAILURE(Status)) goto CleanupWithRef;
255 Process->InternalProcess.PageDirectoryPhysical = (uintptr_t)DirectoryTablePhysical;
256 gop_printf(COLOR_RED, "Process CR3: %p\n", DirectoryTablePhysical);
257
258 // Create object table.
259 PHANDLE_TABLE HandleTable = HtCreateHandleTable(Process);
260 if (!HandleTable) goto CleanupWithRef;
261 Process->ObjectTable = HandleTable;
262
263 // Open MTDLL for the process.
264 HANDLE MtdllHandle;
265 Status = FsCreateFile("mtdll.mtdll", MT_FILE_ALL_ACCESS, &MtdllHandle);
266 if (MT_FAILURE(Status)) goto CleanupWithRef;
267 // Reference
268 PFILE_OBJECT MtdllObject;
269 Status = ObReferenceObjectByHandle(MtdllHandle, MT_FILE_ALL_ACCESS, FsFileType, (void**)&MtdllObject, NULL);
270 HtClose(MtdllHandle);
271 if (MT_FAILURE(Status)) goto CleanupWithRef;
272
273 // Find MTDLL Entrypoint now.
274 void* MtdllInitializeProcessRva = PspFindMtdllEntry(MtdllObject);
275 if (!MtdllInitializeProcessRva) {
276 // Close the mtdll file object.
277 ObDereferenceObject(MtdllObject);
278 goto CleanupWithRef;
279 }
280
281 // Create sections for MTDLL
282 HANDLE MtdllSection;
283 Status = MmCreateSection(&MtdllSection, MtdllObject);
284 if (MT_FAILURE(Status)) goto CleanupWithRef;
285
286 // Map them into view.
287 void* MtdllText;
288 void* MtdllBase;
289 Status = MmMapViewOfSection(MtdllSection, Process, &MtdllText, &MtdllBase);
290 if (MT_FAILURE(Status)) goto CleanupWithRef;
291
292 APC_STATE RelocApcState;
293 MeAttachProcess(&Process->InternalProcess, &RelocApcState);
294
295 // Read header from the loaded memory
296 MTE_HEADER* LoadedHeader = (MTE_HEADER*)MtdllBase;
297
298 // Perform Relocations
299 // We wrap this in a try/except because we are touching user memory
300 try {
301 // Verify magic in memory just in case
302 if (LoadedHeader->Magic[0] == 'M' && LoadedHeader->Magic[1] == 'T' && LoadedHeader->Magic[2] == 'E') {
303 // Check to relocate ONLY IF the base address isnt the preferred image base.
304 if (LoadedHeader->PreferredImageBase != (uint64_t)MtdllBase) {
305 PspRelocateImage(MtdllBase, LoadedHeader);
306 }
307 }
308 } except{
309 Status = GetExceptionCode();
310 } end_try;
311
312 MeDetachProcess(&RelocApcState);
313
314 if (MT_FAILURE(Status)) goto CleanupWithRef;
315
316 // Actual LdrInitializeProcess of MTDLL.
317 void* MtdllInitializeProcess = (void*)((uintptr_t)MtdllBase + (uintptr_t)MtdllInitializeProcessRva);
318
319 // Per thread stack calculation.
320 Process->NextStackHint = USER_INITIAL_STACK_TOP;
321
322 // Creation time.
323 Process->CreationTime = MeGetEpoch();
324
325 // Initialize List heads.
326 InitializeListHead(&Process->AllThreads);
327
328 // Get the file handle.
329 HANDLE FileHandle;
330 Status = FsCreateFile(ExecutablePath, MT_FILE_ALL_ACCESS, &FileHandle);
331 if (MT_FAILURE(Status)) goto CleanupWithRef;
332 PFILE_OBJECT FileObject;
333 // Reference the handle, and then close it so only the pointer reference remains (this)
334 Status = ObReferenceObjectByHandle(FileHandle, MT_FILE_ALL_ACCESS, FsFileType, (void**)&FileObject, NULL);
335 HtClose(FileHandle);
336 if (MT_FAILURE(Status)) goto CleanupWithRef;
337 // TODO ADD ADDRESS TO WORKING SET OF PROCESS!!
338
339 // Create the sections for the process.
340 HANDLE SectionHandle;
341 Status = MmCreateSection(&SectionHandle, FileObject);
342 if (MT_FAILURE(Status)) {
343 // If file reference failed it would close the file handle.
344 goto CleanupWithRef;
345 }
346
347 // Set handle.
348 Process->SectionHandle = SectionHandle;
349
350 // Map them into address space.
351 // Start address - entry point.
352 void* StartAddress = NULL;
353 // File base address - The actual executable file base address in memory (should contain mt header)
354 void* FileBaseAddress = NULL;
355 Status = MmMapViewOfSection(SectionHandle, Process, &StartAddress, &FileBaseAddress);
356 // MmpDeleteSection closes the file handle.
357 if (MT_FAILURE(Status)) goto CleanupWithRef;
358
359 // Create PEB.
360 PMTDLL_BASIC_TYPES BasicTypes = NULL;
361 Status = MmCreatePeb(Process, (void**)&Process->Peb, (void**)&BasicTypes);
362
363 // Attempt to set the entry point in the PEB.
364 // Attach to process first.
365 APC_STATE ApcState;
366 MeAttachProcess(&Process->InternalProcess, &ApcState);
367
368 __stac();
369 // Also create basic MTDLL types.
370 try {
371 // For now peb is guranteed to be zeroed since allocating a PFN in fault.c is zeroed, but ill still set it to 0
372 Process->Peb->BeingDebugged = false;
373 Process->Peb->ImageBase = StartAddress;
374 BasicTypes->EpochCreation = MeGetEpoch();
375
376 // Init basic MTDLL types as well.
377 BasicTypes->PrimaryExecutable.Size = FileObject->FileSize;
378 kstrncpy(BasicTypes->PrimaryExecutable.FullPath, ExecutablePath, sizeof(BasicTypes->PrimaryExecutable.FullPath));
379 BasicTypes->PrimaryExecutable.Base = FileBaseAddress;
380
381 // Now for MTDLL itself.
382 BasicTypes->Mtdll.Base = MtdllBase;
383 BasicTypes->Mtdll.Size = MtdllObject->FileSize;
384 kstrncpy(BasicTypes->Mtdll.FullPath, MTDLL_PATH, sizeof(BasicTypes->Mtdll.FullPath));
385
386 // Sucessful.
387 Status = MT_SUCCESS;
388 } except{
389 // Bad.
390 Status = GetExceptionCode();
391 } end_try;
392 __clac();
393
394 // Detach.
395 MeDetachProcess(&ApcState);
396
397 if (MT_FAILURE(Status)) goto CleanupWithRef;
398
399 // Create a handle for the process.
400 HANDLE hProcess;
401 Status = ObCreateHandleForObject(Process, DesiredAccess, &hProcess);
402 if (MT_FAILURE(Status)) goto CleanupWithRef;
403
404
405 // Create a main thread for the process.
406 Process->NextStackHint = USER_INITIAL_STACK_TOP;
407 HANDLE MainThreadHandle;
408 Status = PsCreateThread(hProcess, &MainThreadHandle, (ThreadEntry)StartAddress, (THREAD_PARAMETER)BasicTypes, DEFAULT_TIMESLICE_TICKS, MtdllInitializeProcess);
409 if (MT_FAILURE(Status)) {
410 // This is a failure, since there is not a handle to the process, we must close it.
411 // Destroy the handle.
412 HtClose(hProcess);
413 goto CleanupWithRef;
414 }
415 // We are, successful.
416 if (ProcessHandle) *ProcessHandle = hProcess;
417 Status = MT_SUCCESS;
418
419CleanupWithRef:
420#ifdef DEBUG
421 if (MT_FAILURE(Status)) {
422 assert(false, "Something went wrong.");
423 }
424#endif
425 // If all went smoothly, this should cancel out the reference made by ObCreateHandleForObject. (so we only have 1 reference left by ObCreateObject)
426 // If not, it would reach reference 0, and PspDeleteProcess would execute.
427 ObDereferenceObject(Process);
428 // [[fallthrough]]
429Cleanup:
430 if (Parent) ObDereferenceObject(Parent);
431 return Status;
432}
433
434MTSTATUS
435PsTerminateProcess(
436 IN PEPROCESS Process,
437 IN MTSTATUS ExitCode
438)
439
440/*++
441
442 Routine description:
443
444 Terminates the process, kills its threads.
445
446 Arguments:
447
448 [IN] PEPROCESS Process - The process to terminate from the system.
449 [IN] MTSTATUS ExitCode - The ExitCode that the process will exit in.
450
451 Return Values:
452
453 MTSTATUS Status code representing if the process has terminated successfully.
454 Or a NORETURN if this is the current process.
455
456--*/
457
458{
459 // Declarations
460 PETHREAD Thread = NULL;
461 MTSTATUS Status = MT_NOTHING_TO_TERMINATE;
462 bool SeenOurselves = false;
463 PETHREAD current = PsGetCurrentThread();
464 if (Process->Flags & ProcessBreakOnTermination) {
465 // Attempted termination of a process that is critical to system stability,
466 // we bugcheck.
467 MeBugCheckEx(
468 CRITICAL_PROCESS_DIED,
469 (void*)(uintptr_t)Process,
470 (void*)(uintptr_t)ExitCode,
471#ifdef DEBUG
472 (void*)(uintptr_t)RETADDR(0),
473#else
474 NULL,
475#endif
476 NULL
477 );
478 }
479
480 // Acquire last process rundown.
481 MsWaitForRundownProtectionRelease(&Process->ProcessRundown);
482
483 // Set the process as terminating in its flags.
484 PROCESS_FLAGS FlagBefore = InterlockedOr32((volatile int32_t*)&Process->Flags, ProcessBeingTerminated);
485 if (FlagBefore & ProcessBeingTerminated) return MT_PROCESS_IS_TERMINATING;
486
487 Process->InternalProcess.ProcessState = PROCESS_TERMINATING;
488
489 // Begin terminating all process threads.
490 Thread = PsGetNextProcessThread(Process, Thread);
491 while (Thread) {
492 if (Thread == current) {
493 SeenOurselves = true;
494 Thread = PsGetNextProcessThread(Process, Thread);
495 continue;
496 }
497
498 // Exterminate the thread from this world (system32)
499 PsTerminateThread(Thread, ExitCode);
500 // Get the next victim for our massacre.
501 Thread = PsGetNextProcessThread(Process, Thread);
502
503 // One got exterminated, so we mark it a successful mission.
504 Status = MT_SUCCESS;
505 }
506
507 if (SeenOurselves) {
508 // noreturn
509 PspExitThread(ExitCode);
510 }
511
512 // Should I create a PspExitProcess function as well? I mean it should only dereference stuff, check the ReactOS PspExitProcess
513 // So I dont think its REALLY needed, unless the pointers MUST NOT be dereferenced by other processes
514 // and I can imagine a case where thats needed, so TODO PspExitProcess for self term. (check comment below before taking action)
515 // PspDeleteProcess takes care of the actual dereference stuff too, so idk to be honest.
516
517 // Return if mission successful.
518 return Status;
519}
520
521void
522PsDeleteProcess(
523 IN void* ProcessObject
524)
525
526{
527 PEPROCESS Process = (PEPROCESS)ProcessObject;
528
529 // Set flags
530 InterlockedOr32((volatile int32_t*)&Process->Flags, ProcessBeingDeleted);
531
532 // Delete section handles.
533 if (Process->SectionHandle) {
534 HtClose(Process->SectionHandle);
535 }
536 if (Process->MtdllHandle) {
537 HtClose(Process->MtdllHandle);
538 }
539
540 // TODO (CRITICAL FIXME) (MEMORY LEAK) Working set list delete all active VADs.
541 // VADs deletion would also close the FileObject HANDLE!
542
543 // Delete its CID.
544 PsFreeCid(Process->PID);
545
546 // Delete its handle table, this if statement should only pass if the process has failed creation.
547 // The other place where the process handle table is deleted, is in the last thread termination in PspExitThread.
548 if (Process->ObjectTable) {
549 // Attach to process so pagedpool inside of it are valid (even though they 100% should be valid now)
550 APC_STATE State;
551 MeAttachProcess(&Process->InternalProcess, &State);
552 HtDeleteHandleTable(Process->ObjectTable);
553 MeDetachProcess(&State);
554 Process->ObjectTable = NULL;
555 }
556 // Delete its address space.
557 MmDeleteProcessAddressSpace(Process, Process->InternalProcess.PageDirectoryPhysical);
558
559 // EPROCESS Would be deleted after function return.
560}
561
562PETHREAD
563PsGetNextProcessThread(
564 IN PEPROCESS Process,
565 _In_Opt PETHREAD LastThread
566)
567
568{
569 PETHREAD FoundThread = NULL;
570 PDOUBLY_LINKED_LIST Entry;
571 PDOUBLY_LINKED_LIST ListHead = &Process->AllThreads;
572 // Acquire thread list lock.
573 MsAcquirePushLockShared(&Process->ThreadListLock);
574
575 // Check if we are already starting in another thread list.
576 if (LastThread) {
577 Entry = LastThread->ThreadListEntry.Flink;
578 if (Entry == &LastThread->ThreadListEntry) {
579 // If the thread points to itself (it was removed) (even though this shouldnt happen as we acquire a shared push lock)
580 // We will set entry to NULL, which will go to cleanup.
581 Entry = NULL;
582 }
583 }
584 else {
585 // Start at beginnininng -- that shit made me laugh (29/01/2026 5:00:04 PM)
586 Entry = ListHead->Flink;
587 }
588
589 if (Entry == NULL) {
590 goto Cleanup;
591 }
592
593 // Set the list head and start the loop.
594 while (ListHead != Entry) {
595 // While the pointers arent equal (we arent back the start), we enumerate for the next thread.
596 FoundThread = CONTAINING_RECORD(Entry, ETHREAD, ThreadListEntry);
597 // First use of MT_SUCCEEDED btw.
598 if (MT_SUCCEEDED(ObReferenceObjectByPointer(FoundThread, PsThreadType))) break;
599
600 // Nothing found, keep loopin.
601 FoundThread = NULL;
602 Entry = Entry->Flink;
603 }
604
605Cleanup:
606 // Unlock process.
607 MsReleasePushLockShared(&Process->ThreadListLock);
608 if (LastThread) {
609 // If we had a starting thread we dereference it from the initial reference in the loop
610 // The whole point we did the reference is to keep the object alive that we give in the return value.
611 ObDereferenceObject(LastThread);
612 }
613
614 // Return if we found.
615 return FoundThread;
616}
_In_Opt
#define _In_Opt
Definition annotations.h:10
IN
#define IN
Definition annotations.h:8
OUT
#define OUT
Definition annotations.h:9
assert
#define assert(...)
Definition assert.h:57
InterlockedOr32
FORCEINLINE int32_t InterlockedOr32(volatile int32_t *target, int32_t value)
Definition atomic.h:144
MeDetachProcess
void MeDetachProcess(IN PAPC_STATE ApcState)
Definition attach.c:90
MeAttachProcess
void MeAttachProcess(IN PIPROCESS Process, OUT PAPC_STATE ApcState)
Definition attach.c:24
MeBugCheckEx
NORETURN void MeBugCheckEx(IN enum _BUGCHECK_CODES BugCheckCode, IN void *BugCheckParameter1, IN void *BugCheckParameter2, IN void *BugCheckParameter3, IN void *BugCheckParameter4)
Definition bugcheck.c:245
DEBUG
#define DEBUG
Definition bugcheck.c:15
PsAllocateProcessId
HANDLE PsAllocateProcessId(IN PEPROCESS Process)
Definition cid.c:60
PsFreeCid
void PsFreeCid(IN HANDLE Cid)
Definition cid.c:164
EPROCESS
struct _EPROCESS EPROCESS
Definition core.h:51
ACCESS_MASK
uint32_t ACCESS_MASK
Definition core.h:59
PHANDLE
int32_t * PHANDLE
Definition core.h:58
PDOUBLY_LINKED_LIST
struct _DOUBLY_LINKED_LIST * PDOUBLY_LINKED_LIST
HANDLE
int32_t HANDLE
Definition core.h:58
PEPROCESS
EPROCESS * PEPROCESS
Definition core.h:52
ETHREAD
struct _ETHREAD ETHREAD
Definition core.h:43
PETHREAD
ETHREAD * PETHREAD
Definition core.h:44
end_try
#define end_try
Definition exception.h:145
except
#define except
Definition exception.h:131
MT_FILE_ALL_ACCESS
#define MT_FILE_ALL_ACCESS
Definition fs.h:47
PFILE_OBJECT
struct _FILE_OBJECT * PFILE_OBJECT
kstrlen
size_t kstrlen(const char *str)
Definition gop.c:342
gop_printf
void gop_printf(uint32_t color, const char *fmt,...)
Definition gop.c:633
kstrncpy
char * kstrncpy(char *dst, const char *src, size_t n)
Definition gop.c:365
kstrcmp
int kstrcmp(const char *s1, const char *s2)
Definition gop.c:593
HtCreateHandleTable
PHANDLE_TABLE HtCreateHandleTable(IN PEPROCESS Process)
Definition handle.c:90
HtClose
MTSTATUS HtClose(IN HANDLE Handle)
Definition handle.c:536
HtDeleteHandleTable
void HtDeleteHandleTable(IN PHANDLE_TABLE Table)
Definition handle.c:442
PHANDLE_TABLE
struct _HANDLE_TABLE * PHANDLE_TABLE
__stac
FORCEINLINE void __stac(void)
Definition intrin.h:48
__clac
FORCEINLINE void __clac(void)
Definition intrin.h:53
CONTAINING_RECORD
#define CONTAINING_RECORD(ptr, type, member)
Definition macros.h:11
RETADDR
#define RETADDR(level)
Definition macros.h:53
APC_STATE
struct _APC_STATE APC_STATE
CRITICAL_PROCESS_DIED
@ CRITICAL_PROCESS_DIED
Definition me.h:135
DEFAULT_TIMESLICE_TICKS
@ DEFAULT_TIMESLICE_TICKS
Definition me.h:48
COLOR_RED
#define COLOR_RED
Colors definitions for easier access.
Definition mg.h:30
USER_VA_END
#define USER_VA_END
Definition mm.h:646
PhysicalMemoryOffset
#define PhysicalMemoryOffset
Definition mm.h:56
USER_VA_START
#define USER_VA_START
Definition mm.h:647
R_X86_64_RELATIVE
#define R_X86_64_RELATIVE
Definition mm.h:568
MmCreateProcessAddressSpace
MTSTATUS MmCreateProcessAddressSpace(OUT void **DirectoryTable)
Definition mmproc.c:221
MmDeleteProcessAddressSpace
MTSTATUS MmDeleteProcessAddressSpace(IN PEPROCESS Process, IN uintptr_t PageDirectoryPhysical)
Definition mmproc.c:391
MmCreatePeb
MTSTATUS MmCreatePeb(IN PEPROCESS Process, OUT void **OutPeb, OUT void **OutBasicMtdllTypes)
Definition mmproc.c:502
InitializeListHead
FORCEINLINE void InitializeListHead(PDOUBLY_LINKED_LIST Head)
Definition ms.h:223
MT_SUCCESS
#define MT_SUCCESS
Definition mtstatus.h:22
MT_PROCESS_IS_TERMINATING
#define MT_PROCESS_IS_TERMINATING
Definition mtstatus.h:124
MT_GENERAL_FAILURE
#define MT_GENERAL_FAILURE
Definition mtstatus.h:31
MT_NOTHING_TO_TERMINATE
#define MT_NOTHING_TO_TERMINATE
Definition mtstatus.h:125
MT_FAILURE
#define MT_FAILURE(Status)
Definition mtstatus.h:16
MTSTATUS
int32_t MTSTATUS
Definition mtstatus.h:12
MT_SUCCEEDED
#define MT_SUCCEEDED(Status)
Macros to test status.
Definition mtstatus.h:15
ObCreateHandleForObject
MTSTATUS ObCreateHandleForObject(IN void *Object, IN ACCESS_MASK DesiredAccess, OUT PHANDLE ReturnedHandle)
Definition ob.c:403
ObReferenceObjectByHandle
MTSTATUS ObReferenceObjectByHandle(IN HANDLE Handle, IN uint32_t DesiredAccess, IN POBJECT_TYPE DesiredType, OUT void **Object, _Out_Opt PHANDLE_TABLE_ENTRY HandleInformation)
Definition ob.c:277
ObReferenceObjectByPointer
MTSTATUS ObReferenceObjectByPointer(IN void *Object, IN POBJECT_TYPE DesiredType)
Definition ob.c:205
ObDereferenceObject
void ObDereferenceObject(IN void *Object)
Definition ob.c:554
ObCreateObject
MTSTATUS ObCreateObject(IN POBJECT_TYPE ObjectType, IN uint32_t ObjectSize, OUT void **ObjectCreated)
Definition ob.c:118
MmSystemRangeStart
uintptr_t MmSystemRangeStart
Definition process.c:31
PsGetNextProcessThread
PETHREAD PsGetNextProcessThread(IN PEPROCESS Process, _In_Opt PETHREAD LastThread)
Definition process.c:563
MmUserProbeAddress
uintptr_t MmUserProbeAddress
Definition process.c:34
MTDLL_PATH
#define MTDLL_PATH
Definition process.c:27
PsTerminateProcess
MTSTATUS PsTerminateProcess(IN PEPROCESS Process, IN MTSTATUS ExitCode)
Definition process.c:435
SystemProcess
EPROCESS SystemProcess
PsDeleteProcess
void PsDeleteProcess(IN void *ProcessObject)
Definition process.c:522
MAX_EXPORTED_FUNC_NAME
#define MAX_EXPORTED_FUNC_NAME
Definition process.c:28
USER_INITIAL_STACK_TOP
#define USER_INITIAL_STACK_TOP
Definition process.c:24
MTDLL_TARGET_ENTRY
#define MTDLL_TARGET_ENTRY
Definition process.c:26
MmUserStartAddress
uintptr_t MmUserStartAddress
Definition process.c:33
PsCreateProcess
MTSTATUS PsCreateProcess(IN const char *ExecutablePath, OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, _In_Opt HANDLE ParentProcess)
Definition process.c:181
MmHighestUserAddress
uintptr_t MmHighestUserAddress
Definition process.c:32
GetExceptionCode
FORCEINLINE MTSTATUS GetExceptionCode(void)
Definition ps.h:346
PMTDLL_BASIC_TYPES
struct _MTDLL_BASIC_TYPES * PMTDLL_BASIC_TYPES
ThreadEntry
void(* ThreadEntry)(THREAD_PARAMETER)
Definition ps.h:218
PROCESS_FLAGS
enum _PROCESS_FLAGS PROCESS_FLAGS
ProcessBeingDeleted
@ ProcessBeingDeleted
Definition ps.h:94
ProcessBreakOnTermination
@ ProcessBreakOnTermination
Definition ps.h:92
ProcessBeingTerminated
@ ProcessBeingTerminated
Definition ps.h:93
PROCESS_READY
@ PROCESS_READY
Definition ps.h:48
PROCESS_TERMINATING
@ PROCESS_TERMINATING
Definition ps.h:50
THREAD_PARAMETER
void * THREAD_PARAMETER
Definition ps.h:217
MT_PROCESS_CREATE_PROCESS
#define MT_PROCESS_CREATE_PROCESS
Definition ps.h:87
PsThreadType
POBJECT_TYPE PsThreadType
Definition psmgr.c:31
PsProcessType
POBJECT_TYPE PsProcessType
Definition psmgr.c:30
MsAcquirePushLockShared
void MsAcquirePushLockShared(IN PUSH_LOCK *Lock)
Definition pushlock.c:150
MsReleasePushLockShared
void MsReleasePushLockShared(IN PUSH_LOCK *Lock)
Definition pushlock.c:179
MsWaitForRundownProtectionRelease
void MsWaitForRundownProtectionRelease(IN PRUNDOWN_REF rundown)
Definition rundown.c:64
MmMapViewOfSection
MTSTATUS MmMapViewOfSection(IN HANDLE SectionHandle, IN PEPROCESS Process, OUT void **EntryPointAddress, OUT void **BaseAddress)
Definition section.c:110
MmCreateSection
MTSTATUS MmCreateSection(OUT PHANDLE SectionHandle, IN struct _FILE_OBJECT *FileObject)
Definition section.c:25
_DOUBLY_LINKED_LIST::Flink
struct _DOUBLY_LINKED_LIST * Flink
Definition core.h:31
_EPROCESS::PID
HANDLE PID
Definition ps.h:148
_EPROCESS::ParentProcess
HANDLE ParentProcess
Definition ps.h:149
_EPROCESS::MtdllHandle
HANDLE MtdllHandle
Definition ps.h:156
_EPROCESS::ObjectTable
PHANDLE_TABLE ObjectTable
Definition ps.h:171
_EPROCESS::Peb
PPEB Peb
Definition ps.h:154
_EPROCESS::SectionHandle
HANDLE SectionHandle
Definition ps.h:155
_EPROCESS::Flags
enum _PROCESS_FLAGS Flags
Definition ps.h:174
_EPROCESS::ImageName
char ImageName[24]
Definition ps.h:147
_EPROCESS::CreationTime
uint64_t CreationTime
Definition ps.h:151
_EPROCESS::InternalProcess
struct _IPROCESS InternalProcess
Definition ps.h:146
_EPROCESS::NextStackHint
uintptr_t NextStackHint
Definition ps.h:168
_EPROCESS::AllThreads
DOUBLY_LINKED_LIST AllThreads
Definition ps.h:165
_FILE_OBJECT::FileSize
uint64_t FileSize
Definition fs.h:107
_IPROCESS::ProcessState
uint32_t ProcessState
Definition me.h:263
_IPROCESS::PageDirectoryPhysical
uintptr_t PageDirectoryPhysical
Definition me.h:261
_MT_MODULE_INFO::FullPath
char FullPath[256]
Definition ps.h:134
_MT_MODULE_INFO::Base
void * Base
Definition ps.h:136
_MT_MODULE_INFO::Size
uint64_t Size
Definition ps.h:135
_MTDLL_BASIC_TYPES::PrimaryExecutable
MT_MODULE_INFO PrimaryExecutable
Definition ps.h:140
_MTDLL_BASIC_TYPES::Mtdll
MT_MODULE_INFO Mtdll
Definition ps.h:141
_MTDLL_BASIC_TYPES::EpochCreation
uint64_t EpochCreation
Definition ps.h:142
_PEB::ImageBase
void * ImageBase
Definition ps.h:114
_PEB::BeingDebugged
uint8_t BeingDebugged
Definition ps.h:113
MT_EXPORT_ENTRY
Definition mm.h:593
MT_EXPORT_ENTRY::func_rva
uint64_t func_rva
Definition mm.h:595
MT_EXPORT_ENTRY::name_rva
uint64_t name_rva
Definition mm.h:594
MTE_HEADER
Definition mm.h:571
MTE_HEADER::Magic
uint8_t Magic[4]
Definition mm.h:572
MTE_HEADER::PreferredImageBase
uint64_t PreferredImageBase
Definition mm.h:573
MTE_HEADER::exports_rva
uint64_t exports_rva
Definition mm.h:580
MTE_HEADER::exports_size
uint64_t exports_size
Definition mm.h:581
Rela
Definition mm.h:562
Rela::r_offset
uint64_t r_offset
Definition mm.h:563
Rela::r_info
uint64_t r_info
Definition mm.h:564
Rela::r_addend
int64_t r_addend
Definition mm.h:565
PspExitThread
NORETURN void PspExitThread(IN MTSTATUS ExitStatus)
Definition thread.c:335
PsTerminateThread
MTSTATUS PsTerminateThread(IN PETHREAD Thread, IN MTSTATUS ExitStatus)
Definition thread.c:284
PsCreateThread
MTSTATUS PsCreateThread(HANDLE ProcessHandle, PHANDLE ThreadHandle, ThreadEntry EntryPoint, THREAD_PARAMETER ThreadParameter, TimeSliceTicks TimeSlice, ThreadEntry MtdllEntrypoint)
Definition thread.c:38
PsGetCurrentThread
PETHREAD PsGetCurrentThread(void)
Definition thread.c:279
FsFileType
POBJECT_TYPE FsFileType
Definition vfs.c:26
FsReadFile
MTSTATUS FsReadFile(IN PFILE_OBJECT FileObject, IN uint64_t FileOffset, OUT void *Buffer, IN size_t BufferSize, _Out_Opt size_t *BytesRead)
Definition vfs.c:117
FsCreateFile
MTSTATUS FsCreateFile(IN const char *path, IN ACCESS_MASK DesiredAccess, OUT PHANDLE FileHandleOut)
Definition vfs.c:204