MyOS/ps_8h_source.html

#ifndef X86_MATANEL_PROCESS_H

#define X86_MATANEL_PROCESS_H


/*++


Module Name:


    mp.h


Purpose:


    This module contains the header files required for process and thread management.


Author:


    slep (Matanel) 2025.


Revision History:


--*/


// Base includes

#include <stdint.h>

#include <stddef.h>


// Other file includes

#include "me.h"

#include "ht.h"

#include "ob.h"

#include "core.h"


// Exception Includes

#include "exception.h"


// ------------------ ENUMERATORS ------------------


typedef enum _THREAD_STATE {

    THREAD_RUNNING,

    THREAD_READY,

    THREAD_BLOCKED,

    THREAD_TERMINATING,

    THREAD_TERMINATED,

    THREAD_ZOMBIE

} THREAD_STATE, *PTHREAD_STATE;


typedef enum _PROCESS_STATE {

    PROCESS_RUNNING = 0, // A thread in the process is currently running

    PROCESS_READY,  // The process is ready to run. (essentially its threads)

    PROCESS_WAITING,  // Waiting on a mutual exclusion or just sleeping.

    PROCESS_TERMINATING,   // The process is ongoing termination in the kernel.

    PROCESS_TERMINATED,  // Process is terminated, but core parts of its structure has been kept.

    PROCESS_SUSPENDED // The process has been suspended by the kernel, either by choice or forcefully.

} PROCESS_STATE, *PPROCESS_STATE;


typedef enum _PS_PHASE_ROUTINE {

    PS_PHASE_INITIALIZE_SYSTEM = 0,

    PS_PHASE_INITIALIZE_WORKER_THREADS,

} PS_PHASE_ROUTINE;


// ------------------ STRUCTURES ------------------


//

// Thread Access Rights

//

#define MT_THREAD_TERMINATE          0x0001    // Terminate the thread

#define MT_THREAD_SUSPEND_RESUME     0x0002    // Suspend or resume thread execution

#define MT_THREAD_SET_CONTEXT        0x0004    // Modify thread CPU context (registers, RIP/RSP)

#define MT_THREAD_GET_CONTEXT        0x0008    // Read thread CPU context

#define MT_THREAD_QUERY_INFO         0x0010    // Query thread info (state, priority, etc.)

#define MT_THREAD_SET_INFO           0x0020    // Modify thread info (priority, name, affinity)


#define MT_THREAD_ALL_ACCESS         0x003F    // Request all valid thread access rights


//

// Process Access Rights

//

#define MT_PROCESS_TERMINATE          0x0001  // Kill the process

#define MT_PROCESS_CREATE_THREAD      0x0002  // Create a new thread inside process

#define MT_PROCESS_VM_OPERATION       0x0004  // Allocate/Protect/Free process memory

#define MT_PROCESS_VM_READ            0x0008  // Read from process memory

#define MT_PROCESS_VM_WRITE           0x0010  // Write to process memory

#define MT_PROCESS_DUP_HANDLE         0x0020  // Duplicate a handle into this process

#define MT_PROCESS_SET_INFO           0x0040  // Modify process properties/metadata

#define MT_PROCESS_QUERY_INFO         0x0080  // Query process details (PID, exit code, etc.)

#define MT_PROCESS_SUSPEND_RESUME     0x0100  // Suspend / Resume process

#define MT_PROCESS_CREATE_PROCESS     0x0200  // Create a new process.


#define MT_PROCESS_ALL_ACCESS         0x03FF  // Everything above


typedef enum _PROCESS_FLAGS {

    ProcessBreakOnTermination = (1 << 0),

    ProcessBeingTerminated = (1 << 1),

    ProcessBeingDeleted = (1 << 2),

} PROCESS_FLAGS;


typedef struct _LDR_DATA_TABLE_ENTRY {

    void* EntryPoint; // Entry point of module.

    void* Base; // Base address of module. (start address, not entrypoint, like offset 0 of a file)

    uint64_t SizeOfImage; // Size of the loaded module in bytes.

    char FullName[256]; // Path of loaded module (including file and extension).

    uint64_t LoadTime; // Epoch timestamp of time module loaded.


    // The list entry itself.

    DOUBLY_LINKED_LIST LoadedModuleList; // Doubly linked list of LDR_DATA_TABLE_ENTRY

} LDR_DATA_TABLE_ENTRY, * PLDR_DATA_TABLE_ENTRY;


typedef struct _PEB_LDR_DATA {

    DOUBLY_LINKED_LIST LoadedModuleList; // Doubly linked list of LDR_DATA_TABLE_ENTRY

} PEB_LDR_DATA, * PPEB_LDR_DATA;


typedef struct _PEB {

    uint8_t  BeingDebugged;          // Flag set if process is being debugged

    void* ImageBase; // Pointer of executable entry point in memory.

    PEB_LDR_DATA LoaderData;

} PEB, * PPEB;


typedef struct _MT_TIB {

    void* ExceptionList; // SEH Chain.

    void* StackBase; // The base of this thread's stack.

    void* StackLimit; // The maximum address of the stack (any pushes beyond here are guard pages)

} MT_TIB, *PMT_TIB;


typedef struct _TEB {

    MT_TIB MtTib; // GS:[0] should point here.

    uint64_t UniqueProcessId; // Current ID of this thread's process.

    uint64_t UniqueThreadId; // Current ID of this thread.

    PPEB ProcessEnvironmentBlock; // Pointer to this thread's process's PEB.

    int32_t LastErrorValue; // The last error that the thread's has done in an operation (failed function, illegal instruction)

    int32_t LastStatusValue; // Internal MTSTATUS Values.

} TEB, *PTEB;


typedef struct _MT_MODULE_INFO {

    char FullPath[256];

    uint64_t Size;

    void* Base;

} MT_MODULE_INFO;


typedef struct _MTDLL_BASIC_TYPES {

    MT_MODULE_INFO PrimaryExecutable;

    MT_MODULE_INFO Mtdll;

    uint64_t EpochCreation;

} MTDLL_BASIC_TYPES, * PMTDLL_BASIC_TYPES;


typedef struct _EPROCESS {

    struct _IPROCESS InternalProcess; // Internal process structure. (KPROCESS Equivalent-ish)

    char ImageName[24]; // Process image name - e.g "mtoskrnl.mtexe"

    HANDLE PID; // Process Identifier, unique identifier to the process. (do not use HtClose on this, only PsDeleteCid)

    HANDLE ParentProcess; // Parent Process Handle

    uint32_t priority; // TODO

    uint64_t CreationTime; // Timestamp of creation, seconds from 1970 January 1st. (may change)

    // SID TODO. - User info as well, when users.


    PPEB Peb; // Accessible only pageable IRQL (APC_LEVEL and below), and only when process is setupped.

    HANDLE SectionHandle; // Handle for the process section view.

    HANDLE MtdllHandle; // SECTION Handle for MTDLL, i need alternatives.


    // Synchorinzation for internal functions.

    struct _RUNDOWN_REF ProcessRundown; // A process rundown that is used to safely synchronize the teardown or deletion of a process, ensuring no pointer is still active & accessing it.

    struct _PUSH_LOCK ProcessLock; // A process push lock that is used to mutually synchronize access to its locked objects, allowing 1 writer at a time, but multiple readers (if no writers)


    // Thread infos

    struct _ETHREAD* MainThread; // Pointer to the main thread created for the process.

    PUSH_LOCK ThreadListLock; // Protects synchronization in AllThreads.

    DOUBLY_LINKED_LIST AllThreads; // A linked list of pointers to the current threads of the process. (inserted with each new creation)

    uint32_t NumThreads; // Unsigned 32 bit integer representing the amount of threads the process has.

    PUSH_LOCK AddressSpaceLock; // A push lock designed to protect synchronization in creating the next stack for another thread in the PROCESS.

    uintptr_t NextStackHint; // Top down search for the next stack.


    // Handle Table

    PHANDLE_TABLE ObjectTable;


    // Special Flags.

    enum _PROCESS_FLAGS Flags;

    MTSTATUS ExitStatus;


    // VAD (todo process quota)

    struct _MMVAD* VadRoot; // The Root of the VAD for the process. (used to find free virtual addresses spaces in the process, and information about them)

    PUSH_LOCK VadLock; // The push lock to ensure VAD atomicity.

} EPROCESS, *PEPROCESS;


typedef struct _ETHREAD {

    struct _ITHREAD InternalThread; // Internal thread structure. (KTHREAD Equivalent-ish)


    PTEB Teb;

    struct _EXCEPTION_REGISTRATION_RECORD ExceptionRegistration;

    HANDLE TID;           /* thread id */

    HANDLE PID;           // Thread's process PID.

    struct _EVENT* CurrentEvent; /* ptr to current EVENT if any. */

    struct _EPROCESS* ParentProcess; /* pointer to the parent process of the thread */

    struct _DOUBLY_LINKED_LIST ThreadListEntry; // Forward and backward links to queue threads in.

    struct _DOUBLY_LINKED_LIST SchedulerListEntry; // Forward and backward links that the scheduler enqueues and dequeues threads from.

    struct _RUNDOWN_REF ThreadRundown; // A thread rundown that is used to safely synchronize the teardown or deletion of a thread, ensuring no other threads are still accessing it.

    PUSH_LOCK ThreadLock; // Used for mutual synchronization.

    MTSTATUS ExitStatus; // The status the thread exited in.


    // Note that LastStatus and LastError should be stored in the TEB, by the way, the TEB is already established

    // But until I dont finish MTDLL I wont include a ptr to the TEB here.

    MTSTATUS LastStatus; // The last status set by violation.

    bool SystemThread; // Is this thread a system thread?

    bool WorkerThread; // is this thread a worker thread?

    /* TODO: priority, affinity, wait list, etc. */

} ETHREAD, *PETHREAD;


typedef struct _STACK_REAPER_ENTRY {

    struct _STACK_REAPER_ENTRY* Next;

    void* StackBase;

    bool IsLarge;

} STACK_REAPER_ENTRY, * PSTACK_REAPER_ENTRY;


// ------------------ MACROS ------------------

#define PROCESS_STACK_SIZE (32*1024) // 32 KiB

#define PROCESS_STACK_ALIGNMENT 16 // Alignment of 16 Bytes.


// ------------------ TYPE DEFINES ------------------


typedef void* THREAD_PARAMETER;

typedef void (*ThreadEntry)(THREAD_PARAMETER);


// ------------------ FUNCTIONS ------------------


extern EPROCESS PsInitialSystemProcess;


MTSTATUS

PsCreateProcess(

    IN const char* ExecutablePath,

    OUT PHANDLE ProcessHandle,

    IN ACCESS_MASK DesiredAccess,

    _In_Opt HANDLE ParentProcess

);


MTSTATUS

PsCreateThread(

    HANDLE ProcessHandle,

    PHANDLE ThreadHandle,

    ThreadEntry EntryPoint,

    THREAD_PARAMETER ThreadParameter,

    TimeSliceTicks TimeSlice,

    ThreadEntry MtdllEntrypoint

);


extern void MsYieldExecution(PTRAP_FRAME threadRegisters);

MTSTATUS PsCreateSystemThread(ThreadEntry entry, THREAD_PARAMETER parameter, TimeSliceTicks TIMESLICE, _Out_Opt PETHREAD* OutThread);


MTSTATUS

PsInitializeSystem(

    IN enum _PS_PHASE_ROUTINE Phase

);


void PsDeferKernelStackDeletion(void* StackBase, bool IsLarge);


MTSTATUS

PsTerminateProcess(

    IN PEPROCESS Process,

    IN MTSTATUS ExitCode

);


MTSTATUS

PsTerminateThread(

    IN PETHREAD Thread,

    IN MTSTATUS ExitStatus

);


NORETURN

void

PspExitThread(

    IN MTSTATUS ExitStatus

);


void

PsDeleteThread(

    IN void* Object

);


void

PsDeleteProcess(

    IN void* ProcessObject

);


PETHREAD

PsGetNextProcessThread(

    IN PEPROCESS Process,

    _In_Opt PETHREAD LastThread

);


PETHREAD

PsGetCurrentThread(

    void

);


void PsInitializeWorkerThreads(void);


void

PsInitializeCidTable(

    void

);


FORCEINLINE

PEPROCESS


PsGetCurrentProcess(

    void

)


// Will return the current process the thread is attached to (could be its parent thread, could be another in an APC)


{

    if (MeGetCurrentThread()) {

        return MeGetCurrentThread()->ApcState.SavedApcProcess;

    }

    else return NULL;

}


FORCEINLINE

PETHREAD


PsGetEThreadFromIThread(

    IN PITHREAD IThread

)


{

    return CONTAINING_RECORD(IThread, ETHREAD, InternalThread);

}


FORCEINLINE

PEPROCESS


PsGetEProcessFromIProcess(

    IN PIPROCESS IProcess

)


{

    return CONTAINING_RECORD(IProcess, EPROCESS, InternalProcess);

}


FORCEINLINE

bool


PsIsKernelThread(

    IN PETHREAD Thread

)


{

    // safety guard, can't believe i had to put it.

    return (Thread && Thread->SystemThread);

}


FORCEINLINE

MTSTATUS


GetExceptionCode(

    void

)


{

    PETHREAD CurrentThread = PsGetCurrentThread();

    if (CurrentThread) return CurrentThread->LastStatus;

    else return MT_GENERAL_FAILURE; // Fallback

}


HANDLE

PsAllocateProcessId(

    IN  PEPROCESS Process

);


HANDLE

PsAllocateThreadId(

    IN  PETHREAD Thread

);


PEPROCESS

PsLookupProcessByProcessId(

    IN HANDLE ProcessId

);


PETHREAD

PsLookupThreadByThreadId(

    IN HANDLE ThreadId

);


void

PsFreeCid(

    IN HANDLE Cid

);


// Enqueues a thread into the queue with spinlock protection.

FORCEINLINE

void


MeEnqueueThreadWithLock(

    Queue* queue, PETHREAD thread)

{

    IRQL flags;

    MsAcquireSpinlock(&queue->lock, &flags);


    // Initialize the new node's links using the SCHEDULER entry

    thread->SchedulerListEntry.Flink = NULL;


    if (queue->tail) {

        // Link new node to current tail

        thread->SchedulerListEntry.Blink = &queue->tail->SchedulerListEntry;

        // Link current tail to new node

        queue->tail->SchedulerListEntry.Flink = &thread->SchedulerListEntry;

    }

    else {

        // List was empty

        thread->SchedulerListEntry.Blink = NULL;

        queue->head = thread;

    }


    // Update tail to be the new thread

    queue->tail = thread;


    MsReleaseSpinlock(&queue->lock, flags);

}


// Dequeues the head thread from the queue with spinlock protection.

FORCEINLINE

PETHREAD


MeDequeueThreadWithLock(Queue* q)

{

    IRQL flags;

    MsAcquireSpinlock(&q->lock, &flags);


    if (!q->head) {

        MsReleaseSpinlock(&q->lock, flags);

        return NULL;

    }


    PETHREAD t = q->head;


    // Check if there is a next item using the SCHEDULER entry

    if (t->SchedulerListEntry.Flink) {

        // Get the ETHREAD from the generic list entry

        // NOTE: We now use SchedulerListEntry for the CONTAINING_RECORD calculation

        q->head = CONTAINING_RECORD(t->SchedulerListEntry.Flink, ETHREAD, SchedulerListEntry);


        // The new head has no previous item

        q->head->SchedulerListEntry.Blink = NULL;

    }

    else {

        // Queue is now empty

        q->head = NULL;

        q->tail = NULL;

    }


    // Isolate the removed thread

    t->SchedulerListEntry.Flink = NULL;

    t->SchedulerListEntry.Blink = NULL;


    MsReleaseSpinlock(&q->lock, flags);

    return t;

}


// Enqueues the thread given to the queue (No Lock).

FORCEINLINE


void MeEnqueueThread(Queue* queue, PETHREAD thread)

{

    // Initialize the new node's links

    thread->SchedulerListEntry.Flink = NULL;


    if (queue->tail) {

        // Link new node to current tail

        thread->SchedulerListEntry.Blink = &queue->tail->SchedulerListEntry;

        // Link current tail to new node

        queue->tail->SchedulerListEntry.Flink = &thread->SchedulerListEntry;

    }

    else {

        // List was empty

        thread->SchedulerListEntry.Blink = NULL;

        queue->head = thread;

    }


    // Update tail to be the new thread

    queue->tail = thread;

}


// Dequeues the head thread from the queue (No Lock).

FORCEINLINE


PETHREAD MeDequeueThread(Queue* q)

{

    if (!q->head) {

        return NULL;

    }


    PETHREAD t = q->head;


    // Check if there is a next item

    if (t->SchedulerListEntry.Flink) {

        // Get the ETHREAD from the generic list entry

        q->head = CONTAINING_RECORD(t->SchedulerListEntry.Flink, ETHREAD, SchedulerListEntry);


        // The new head has no previous item

        q->head->SchedulerListEntry.Blink = NULL;

    }

    else {

        // Queue is now empty

        q->head = NULL;

        q->tail = NULL;

    }


    // Isolate the removed thread

    t->SchedulerListEntry.Flink = NULL;

    t->SchedulerListEntry.Blink = NULL;


    return t;

}


#endif

_In_Opt
#define _In_Opt
Definition annotations.h:10

FORCEINLINE
#define FORCEINLINE
Definition annotations.h:23

_Out_Opt
#define _Out_Opt
Definition annotations.h:11

NORETURN
#define NORETURN
Definition annotations.h:14

IN
#define IN
Definition annotations.h:8

OUT
#define OUT
Definition annotations.h:9

core.h

EPROCESS
struct _EPROCESS EPROCESS
Definition core.h:51

ACCESS_MASK
uint32_t ACCESS_MASK
Definition core.h:59

PIPROCESS
IPROCESS * PIPROCESS
Definition core.h:40

PHANDLE
int32_t * PHANDLE
Definition core.h:58

IRQL
enum _IRQL IRQL

HANDLE
int32_t HANDLE
Definition core.h:58

PEPROCESS
EPROCESS * PEPROCESS
Definition core.h:52

PITHREAD
ITHREAD * PITHREAD
Definition core.h:36

PTRAP_FRAME
TRAP_FRAME * PTRAP_FRAME
Definition core.h:56

ETHREAD
struct _ETHREAD ETHREAD
Definition core.h:43

PETHREAD
ETHREAD * PETHREAD
Definition core.h:44

DOUBLY_LINKED_LIST
struct _DOUBLY_LINKED_LIST DOUBLY_LINKED_LIST

exception.h

ht.h

PHANDLE_TABLE
struct _HANDLE_TABLE * PHANDLE_TABLE

CONTAINING_RECORD
#define CONTAINING_RECORD(ptr, type, member)
Definition macros.h:11

me.h

MeGetCurrentThread
FORCEINLINE PITHREAD MeGetCurrentThread(void)
Definition me.h:444

TimeSliceTicks
enum _TimeSliceTicks TimeSliceTicks

flags
uint32_t flags
Definition mh.h:2

PUSH_LOCK
struct _PUSH_LOCK PUSH_LOCK

Queue
struct _Queue Queue

MT_GENERAL_FAILURE
#define MT_GENERAL_FAILURE
Definition mtstatus.h:31

MTSTATUS
int32_t MTSTATUS
Definition mtstatus.h:12

ob.h

MeEnqueueThreadWithLock
FORCEINLINE void MeEnqueueThreadWithLock(Queue *queue, PETHREAD thread)
Definition ps.h:385

PS_PHASE_ROUTINE
enum _PS_PHASE_ROUTINE PS_PHASE_ROUTINE

PspExitThread
NORETURN void PspExitThread(IN MTSTATUS ExitStatus)
Definition thread.c:335

_PS_PHASE_ROUTINE
_PS_PHASE_ROUTINE
Definition ps.h:55

PS_PHASE_INITIALIZE_SYSTEM
@ PS_PHASE_INITIALIZE_SYSTEM
Definition ps.h:56

PS_PHASE_INITIALIZE_WORKER_THREADS
@ PS_PHASE_INITIALIZE_WORKER_THREADS
Definition ps.h:57

PsTerminateThread
MTSTATUS PsTerminateThread(IN PETHREAD Thread, IN MTSTATUS ExitStatus)
Definition thread.c:284

PPROCESS_STATE
enum _PROCESS_STATE * PPROCESS_STATE

PsGetCurrentProcess
FORCEINLINE PEPROCESS PsGetCurrentProcess(void)
Definition ps.h:300

PsGetEThreadFromIThread
FORCEINLINE PETHREAD PsGetEThreadFromIThread(IN PITHREAD IThread)
Definition ps.h:315

PsInitializeCidTable
void PsInitializeCidTable(void)
Definition cid.c:27

PROCESS_STATE
enum _PROCESS_STATE PROCESS_STATE

GetExceptionCode
FORCEINLINE MTSTATUS GetExceptionCode(void)
Definition ps.h:346

PsGetNextProcessThread
PETHREAD PsGetNextProcessThread(IN PEPROCESS Process, _In_Opt PETHREAD LastThread)
Definition process.c:563

PsLookupThreadByThreadId
PETHREAD PsLookupThreadByThreadId(IN HANDLE ThreadId)
Definition cid.c:139

MeEnqueueThread
FORCEINLINE void MeEnqueueThread(Queue *queue, PETHREAD thread)
Definition ps.h:452

MeDequeueThreadWithLock
FORCEINLINE PETHREAD MeDequeueThreadWithLock(Queue *q)
Definition ps.h:415

PMTDLL_BASIC_TYPES
struct _MTDLL_BASIC_TYPES * PMTDLL_BASIC_TYPES

PTEB
struct _TEB * PTEB

PsGetEProcessFromIProcess
FORCEINLINE PEPROCESS PsGetEProcessFromIProcess(IN PIPROCESS IProcess)
Definition ps.h:325

PsAllocateThreadId
HANDLE PsAllocateThreadId(IN PETHREAD Thread)
Definition cid.c:89

PLDR_DATA_TABLE_ENTRY
struct _LDR_DATA_TABLE_ENTRY * PLDR_DATA_TABLE_ENTRY

PsCreateThread
MTSTATUS PsCreateThread(HANDLE ProcessHandle, PHANDLE ThreadHandle, ThreadEntry EntryPoint, THREAD_PARAMETER ThreadParameter, TimeSliceTicks TimeSlice, ThreadEntry MtdllEntrypoint)
Definition thread.c:38

LDR_DATA_TABLE_ENTRY
struct _LDR_DATA_TABLE_ENTRY LDR_DATA_TABLE_ENTRY

PPEB_LDR_DATA
struct _PEB_LDR_DATA * PPEB_LDR_DATA

MsYieldExecution
void MsYieldExecution(PTRAP_FRAME threadRegisters)

ThreadEntry
void(* ThreadEntry)(THREAD_PARAMETER)
Definition ps.h:218

PTHREAD_STATE
enum _THREAD_STATE * PTHREAD_STATE

PPEB
struct _PEB * PPEB

PsGetCurrentThread
PETHREAD PsGetCurrentThread(void)
Definition thread.c:279

PsDeferKernelStackDeletion
void PsDeferKernelStackDeletion(void *StackBase, bool IsLarge)
Definition pswork.c:65

THREAD_STATE
enum _THREAD_STATE THREAD_STATE

PsLookupProcessByProcessId
PEPROCESS PsLookupProcessByProcessId(IN HANDLE ProcessId)
Definition cid.c:114

PsInitializeWorkerThreads
void PsInitializeWorkerThreads(void)
Definition pswork.c:93

PROCESS_FLAGS
enum _PROCESS_FLAGS PROCESS_FLAGS

PsTerminateProcess
MTSTATUS PsTerminateProcess(IN PEPROCESS Process, IN MTSTATUS ExitCode)
Definition process.c:435

PsCreateSystemThread
MTSTATUS PsCreateSystemThread(ThreadEntry entry, THREAD_PARAMETER parameter, TimeSliceTicks TIMESLICE, _Out_Opt PETHREAD *OutThread)
Definition thread.c:196

_THREAD_STATE
_THREAD_STATE
Definition ps.h:37

THREAD_TERMINATED
@ THREAD_TERMINATED
Definition ps.h:42

THREAD_ZOMBIE
@ THREAD_ZOMBIE
Definition ps.h:43

THREAD_BLOCKED
@ THREAD_BLOCKED
Definition ps.h:40

THREAD_TERMINATING
@ THREAD_TERMINATING
Definition ps.h:41

THREAD_RUNNING
@ THREAD_RUNNING
Definition ps.h:38

THREAD_READY
@ THREAD_READY
Definition ps.h:39

MT_TIB
struct _MT_TIB MT_TIB

PsIsKernelThread
FORCEINLINE bool PsIsKernelThread(IN PETHREAD Thread)
Definition ps.h:335

PsInitializeSystem
MTSTATUS PsInitializeSystem(IN enum _PS_PHASE_ROUTINE Phase)
Definition psmgr.c:93

MT_MODULE_INFO
struct _MT_MODULE_INFO MT_MODULE_INFO

_PROCESS_FLAGS
_PROCESS_FLAGS
Definition ps.h:91

ProcessBeingDeleted
@ ProcessBeingDeleted
Definition ps.h:94

ProcessBreakOnTermination
@ ProcessBreakOnTermination
Definition ps.h:92

ProcessBeingTerminated
@ ProcessBeingTerminated
Definition ps.h:93

PsDeleteProcess
void PsDeleteProcess(IN void *ProcessObject)
Definition process.c:522

PsAllocateProcessId
HANDLE PsAllocateProcessId(IN PEPROCESS Process)
Definition cid.c:60

TEB
struct _TEB TEB

PMT_TIB
struct _MT_TIB * PMT_TIB

_PROCESS_STATE
_PROCESS_STATE
Definition ps.h:46

PROCESS_WAITING
@ PROCESS_WAITING
Definition ps.h:49

PROCESS_READY
@ PROCESS_READY
Definition ps.h:48

PROCESS_TERMINATING
@ PROCESS_TERMINATING
Definition ps.h:50

PROCESS_RUNNING
@ PROCESS_RUNNING
Definition ps.h:47

PROCESS_SUSPENDED
@ PROCESS_SUSPENDED
Definition ps.h:52

PROCESS_TERMINATED
@ PROCESS_TERMINATED
Definition ps.h:51

THREAD_PARAMETER
void * THREAD_PARAMETER
Definition ps.h:217

MTDLL_BASIC_TYPES
struct _MTDLL_BASIC_TYPES MTDLL_BASIC_TYPES

MeDequeueThread
FORCEINLINE PETHREAD MeDequeueThread(Queue *q)
Definition ps.h:475

PsDeleteThread
void PsDeleteThread(IN void *Object)
Definition thread.c:305

PSTACK_REAPER_ENTRY
struct _STACK_REAPER_ENTRY * PSTACK_REAPER_ENTRY

PsFreeCid
void PsFreeCid(IN HANDLE Cid)
Definition cid.c:164

PEB
struct _PEB PEB

STACK_REAPER_ENTRY
struct _STACK_REAPER_ENTRY STACK_REAPER_ENTRY

PEB_LDR_DATA
struct _PEB_LDR_DATA PEB_LDR_DATA

PsCreateProcess
MTSTATUS PsCreateProcess(IN const char *ExecutablePath, OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, _In_Opt HANDLE ParentProcess)
Definition process.c:181

PsInitialSystemProcess
EPROCESS PsInitialSystemProcess
Definition kernel.c:165

MsAcquireSpinlock
void MsAcquireSpinlock(IN PSPINLOCK lock, IN PIRQL OldIrql)
Definition spinlock.c:13

MsReleaseSpinlock
void MsReleaseSpinlock(IN PSPINLOCK lock, IN IRQL OldIrql)
Definition spinlock.c:45

_APC_STATE::SavedApcProcess
PEPROCESS SavedApcProcess
Definition me.h:254

_DOUBLY_LINKED_LIST
Definition core.h:29

_DOUBLY_LINKED_LIST::Blink
struct _DOUBLY_LINKED_LIST * Blink
Definition core.h:30

_DOUBLY_LINKED_LIST::Flink
struct _DOUBLY_LINKED_LIST * Flink
Definition core.h:31

_EPROCESS
Definition ps.h:145

_EPROCESS::NumThreads
uint32_t NumThreads
Definition ps.h:166

_EPROCESS::ProcessRundown
struct _RUNDOWN_REF ProcessRundown
Definition ps.h:159

_EPROCESS::PID
HANDLE PID
Definition ps.h:148

_EPROCESS::ParentProcess
HANDLE ParentProcess
Definition ps.h:149

_EPROCESS::MtdllHandle
HANDLE MtdllHandle
Definition ps.h:156

_EPROCESS::ObjectTable
PHANDLE_TABLE ObjectTable
Definition ps.h:171

_EPROCESS::Peb
PPEB Peb
Definition ps.h:154

_EPROCESS::ThreadListLock
PUSH_LOCK ThreadListLock
Definition ps.h:164

_EPROCESS::SectionHandle
HANDLE SectionHandle
Definition ps.h:155

_EPROCESS::Flags
enum _PROCESS_FLAGS Flags
Definition ps.h:174

_EPROCESS::ImageName
char ImageName[24]
Definition ps.h:147

_EPROCESS::ExitStatus
MTSTATUS ExitStatus
Definition ps.h:175

_EPROCESS::VadRoot
struct _MMVAD * VadRoot
Definition ps.h:178

_EPROCESS::priority
uint32_t priority
Definition ps.h:150

_EPROCESS::ProcessLock
struct _PUSH_LOCK ProcessLock
Definition ps.h:160

_EPROCESS::MainThread
struct _ETHREAD * MainThread
Definition ps.h:163

_EPROCESS::AddressSpaceLock
PUSH_LOCK AddressSpaceLock
Definition ps.h:167

_EPROCESS::VadLock
PUSH_LOCK VadLock
Definition ps.h:179

_EPROCESS::CreationTime
uint64_t CreationTime
Definition ps.h:151

_EPROCESS::InternalProcess
struct _IPROCESS InternalProcess
Definition ps.h:146

_EPROCESS::NextStackHint
uintptr_t NextStackHint
Definition ps.h:168

_EPROCESS::AllThreads
DOUBLY_LINKED_LIST AllThreads
Definition ps.h:165

_ETHREAD
Definition ps.h:182

_ETHREAD::Teb
PTEB Teb
Definition ps.h:185

_ETHREAD::ThreadRundown
struct _RUNDOWN_REF ThreadRundown
Definition ps.h:193

_ETHREAD::ParentProcess
struct _EPROCESS * ParentProcess
Definition ps.h:190

_ETHREAD::ExceptionRegistration
struct _EXCEPTION_REGISTRATION_RECORD ExceptionRegistration
Definition ps.h:186

_ETHREAD::InternalThread
struct _ITHREAD InternalThread
Definition ps.h:183

_ETHREAD::PID
HANDLE PID
Definition ps.h:188

_ETHREAD::SchedulerListEntry
struct _DOUBLY_LINKED_LIST SchedulerListEntry
Definition ps.h:192

_ETHREAD::TID
HANDLE TID
Definition ps.h:187

_ETHREAD::SystemThread
bool SystemThread
Definition ps.h:200

_ETHREAD::WorkerThread
bool WorkerThread
Definition ps.h:201

_ETHREAD::ExitStatus
MTSTATUS ExitStatus
Definition ps.h:195

_ETHREAD::CurrentEvent
struct _EVENT * CurrentEvent
Definition ps.h:189

_ETHREAD::LastStatus
MTSTATUS LastStatus
Definition ps.h:199

_ETHREAD::ThreadLock
PUSH_LOCK ThreadLock
Definition ps.h:194

_ETHREAD::ThreadListEntry
struct _DOUBLY_LINKED_LIST ThreadListEntry
Definition ps.h:191

_EVENT
Definition ms.h:70

_EXCEPTION_REGISTRATION_RECORD
Definition exception.h:77

_IPROCESS
Definition me.h:260

_ITHREAD
Definition me.h:266

_ITHREAD::ApcState
struct _APC_STATE ApcState
Definition me.h:275

_LDR_DATA_TABLE_ENTRY
Definition ps.h:97

_LDR_DATA_TABLE_ENTRY::LoadTime
uint64_t LoadTime
Definition ps.h:102

_LDR_DATA_TABLE_ENTRY::LoadedModuleList
DOUBLY_LINKED_LIST LoadedModuleList
Definition ps.h:105

_LDR_DATA_TABLE_ENTRY::FullName
char FullName[256]
Definition ps.h:101

_LDR_DATA_TABLE_ENTRY::EntryPoint
void * EntryPoint
Definition ps.h:98

_LDR_DATA_TABLE_ENTRY::SizeOfImage
uint64_t SizeOfImage
Definition ps.h:100

_LDR_DATA_TABLE_ENTRY::Base
void * Base
Definition ps.h:99

_MMVAD
Definition mm.h:514

_MT_MODULE_INFO
Definition ps.h:133

_MT_MODULE_INFO::FullPath
char FullPath[256]
Definition ps.h:134

_MT_MODULE_INFO::Base
void * Base
Definition ps.h:136

_MT_MODULE_INFO::Size
uint64_t Size
Definition ps.h:135

_MT_TIB
Definition ps.h:118

_MT_TIB::StackBase
void * StackBase
Definition ps.h:120

_MT_TIB::StackLimit
void * StackLimit
Definition ps.h:121

_MT_TIB::ExceptionList
void * ExceptionList
Definition ps.h:119

_MTDLL_BASIC_TYPES
Definition ps.h:139

_MTDLL_BASIC_TYPES::PrimaryExecutable
MT_MODULE_INFO PrimaryExecutable
Definition ps.h:140

_MTDLL_BASIC_TYPES::Mtdll
MT_MODULE_INFO Mtdll
Definition ps.h:141

_MTDLL_BASIC_TYPES::EpochCreation
uint64_t EpochCreation
Definition ps.h:142

_PEB_LDR_DATA
Definition ps.h:108

_PEB_LDR_DATA::LoadedModuleList
DOUBLY_LINKED_LIST LoadedModuleList
Definition ps.h:109

_PEB
Definition ps.h:112

_PEB::ImageBase
void * ImageBase
Definition ps.h:114

_PEB::LoaderData
PEB_LDR_DATA LoaderData
Definition ps.h:115

_PEB::BeingDebugged
uint8_t BeingDebugged
Definition ps.h:113

_PUSH_LOCK
Definition ms.h:91

_Queue::tail
PETHREAD tail
Definition ms.h:54

_Queue::head
PETHREAD head
Definition ms.h:53

_Queue::lock
SPINLOCK lock
Definition ms.h:55

_RUNDOWN_REF
Definition ms.h:47

_STACK_REAPER_ENTRY
Definition ps.h:205

_STACK_REAPER_ENTRY::StackBase
void * StackBase
Definition ps.h:207

_STACK_REAPER_ENTRY::IsLarge
bool IsLarge
Definition ps.h:208

_STACK_REAPER_ENTRY::Next
struct _STACK_REAPER_ENTRY * Next
Definition ps.h:206

_TEB
Definition ps.h:124

_TEB::ProcessEnvironmentBlock
PPEB ProcessEnvironmentBlock
Definition ps.h:128

_TEB::LastErrorValue
int32_t LastErrorValue
Definition ps.h:129

_TEB::UniqueProcessId
uint64_t UniqueProcessId
Definition ps.h:126

_TEB::MtTib
MT_TIB MtTib
Definition ps.h:125

_TEB::LastStatusValue
int32_t LastStatusValue
Definition ps.h:130

_TEB::UniqueThreadId
uint64_t UniqueThreadId
Definition ps.h:127