Microsoft/Windows2000
Microsoft/Windows2000
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
master
Windows2000/private/ntos/ob/obquery.c
Microsoft 45f4a58588 First commit
2020-09-30 17:12:32 +02:00

1470 lines
38 KiB
C
Raw Permalink Blame History

/*++
Copyright (c) 1989 Microsoft Corporation
Module Name:
obquery.c
Abstract:
Query Object system service
Author:
Steve Wood (stevewo) 12-May-1989
--*/
#include "obp.h"
// Local procedure prototypes
// The following structure is used to pass the call back routine
// "ObpSetHandleAttributes" the captured object information and
// the processor mode of the caller.
typedef struct __OBP_SET_HANDLE_ATTRIBUTES
{
OBJECT_HANDLE_FLAG_INFORMATION ObjectInformation;
KPROCESSOR_MODE PreviousMode;
} OBP_SET_HANDLE_ATTRIBUTES, *POBP_SET_HANDLE_ATTRIBUTES;
BOOLEAN ObpSetHandleAttributes(IN OUT PVOID TableEntry, IN ULONG_PTR Parameter);
#if defined(ALLOC_PRAGMA)
#pragma alloc_text(PAGE,NtQueryObject)
#pragma alloc_text(PAGE,ObQueryNameString)
#pragma alloc_text(PAGE,ObQueryTypeName)
#pragma alloc_text(PAGE,ObQueryTypeInfo)
#pragma alloc_text(PAGE,ObQueryObjectAuditingByHandle)
#pragma alloc_text(PAGE,NtSetInformationObject)
#endif
NTSTATUS
NtQueryObject(
IN HANDLE Handle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
OUT PVOID ObjectInformation,
IN ULONG ObjectInformationLength,
OUT PULONG ReturnLength OPTIONAL
)
/*++
Routine description:
This routine is used to query information about a given object
Arguments:
Handle - Supplies a handle to the object being queried. This value is ignored if the requested information class is for type information.
ObjectInformationClass - Specifies the type of information to return
ObjectInformation - Supplies an output buffer for the information being returned
ObjectInformationLength - Specifies, in bytes, the length of the preceding object information buffer
ReturnLength - Optionally receives the length, in bytes, used to store the object information
Return Value:
An appropriate status value
--*/
{
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
PVOID Object;
POBJECT_HEADER ObjectHeader;
POBJECT_HEADER_QUOTA_INFO QuotaInfo;
POBJECT_HEADER_NAME_INFO NameInfo;
POBJECT_TYPE ObjectType;
POBJECT_HEADER ObjectDirectoryHeader;
POBJECT_DIRECTORY ObjectDirectory;
ACCESS_MASK GrantedAccess;
POBJECT_HANDLE_FLAG_INFORMATION HandleFlags;
OBJECT_HANDLE_INFORMATION HandleInformation;
ULONG NameInfoSize;
ULONG SecurityDescriptorSize;
ULONG TempReturnLength;
OBJECT_BASIC_INFORMATION ObjectBasicInfo;
POBJECT_TYPES_INFORMATION TypesInformation;
POBJECT_TYPE_INFORMATION TypeInfo;
ULONG i;
PAGED_CODE();
// Initialize our local variables
TempReturnLength = 0;
// Get previous processor mode and probe output argument if necessary.
PreviousMode = KeGetPreviousMode();
if (PreviousMode != KernelMode) {
try {
if (ObjectInformationClass != ObjectHandleFlagInformation) {
ProbeForWrite(ObjectInformation, ObjectInformationLength, sizeof(ULONG));
} else {
ProbeForWrite(ObjectInformation, ObjectInformationLength, 1);
}
// We'll use a local temp return length variable to pass
// through to the later ob query calls which will increment
// its value. We can't pass the users return length directly
// because the user might also be altering its value behind
// our back.
if (ARGUMENT_PRESENT(ReturnLength)) {
ProbeForWriteUlong(ReturnLength);
}
} except(EXCEPTION_EXECUTE_HANDLER)
{
return(GetExceptionCode());
}
}
// If the query is not for types information then we
// will have to get the object in question. Otherwise
// for types information there really isn't an object
// to grab.
if (ObjectInformationClass != ObjectTypesInformation) {
Status = ObReferenceObjectByHandle(Handle, 0, NULL, PreviousMode, &Object, &HandleInformation);
if (!NT_SUCCESS(Status)) {
return(Status);
}
GrantedAccess = HandleInformation.GrantedAccess;
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
ObjectType = ObjectHeader->Type;
} else {
GrantedAccess = 0;
Object = NULL;
ObjectHeader = NULL;
ObjectType = NULL;
}
// Now process the particular information class being
// requested
switch (ObjectInformationClass) {
case ObjectBasicInformation:
// Make sure the output buffer is long enough and then
// fill in the appropriate fields into our local copy
// of basic information.
if (ObjectInformationLength != sizeof(OBJECT_BASIC_INFORMATION)) {
ObDereferenceObject(Object);
return(STATUS_INFO_LENGTH_MISMATCH);
}
ObjectBasicInfo.Attributes = HandleInformation.HandleAttributes;
if (ObjectHeader->Flags & OB_FLAG_PERMANENT_OBJECT) {
ObjectBasicInfo.Attributes |= OBJ_PERMANENT;
}
if (ObjectHeader->Flags & OB_FLAG_EXCLUSIVE_OBJECT) {
ObjectBasicInfo.Attributes |= OBJ_EXCLUSIVE;
}
ObjectBasicInfo.GrantedAccess = GrantedAccess;
ObjectBasicInfo.HandleCount = ObjectHeader->HandleCount;
ObjectBasicInfo.PointerCount = ObjectHeader->PointerCount;
QuotaInfo = OBJECT_HEADER_TO_QUOTA_INFO(ObjectHeader);
if (QuotaInfo != NULL) {
ObjectBasicInfo.PagedPoolCharge = QuotaInfo->PagedPoolCharge;
ObjectBasicInfo.NonPagedPoolCharge = QuotaInfo->NonPagedPoolCharge;
} else {
ObjectBasicInfo.PagedPoolCharge = 0;
ObjectBasicInfo.NonPagedPoolCharge = 0;
}
if (ObjectType == ObpSymbolicLinkObjectType) {
ObjectBasicInfo.CreationTime = ((POBJECT_SYMBOLIC_LINK)Object)->CreationTime;
} else {
RtlZeroMemory(&ObjectBasicInfo.CreationTime, sizeof(ObjectBasicInfo.CreationTime));
}
// Compute the size of the object name string by taking its name plus
// seperators and traversing up to the root adding each directories
// name length plus seperators
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) {
ObpEnterRootDirectoryMutex();
ObjectDirectory = NameInfo->Directory;
// **** this "IF" is probably not needed because of the preceding
// "IF"
if (ObjectDirectory) {
NameInfoSize = sizeof(OBJ_NAME_PATH_SEPARATOR) + NameInfo->Name.Length;
while (ObjectDirectory) {
ObjectDirectoryHeader = OBJECT_TO_OBJECT_HEADER(ObjectDirectory);
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectDirectoryHeader);
if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) {
NameInfoSize += sizeof(OBJ_NAME_PATH_SEPARATOR) + NameInfo->Name.Length;
ObjectDirectory = NameInfo->Directory;
} else {
break;
}
}
NameInfoSize += sizeof(OBJECT_NAME_INFORMATION) + sizeof(UNICODE_NULL);
}
ObpLeaveRootDirectoryMutex();
} else {
NameInfoSize = 0;
}
ObjectBasicInfo.NameInfoSize = NameInfoSize;
ObjectBasicInfo.TypeInfoSize = ObjectType->Name.Length + sizeof(UNICODE_NULL) +
sizeof(OBJECT_TYPE_INFORMATION);
ObpAcquireDescriptorCacheReadLock();
if ((GrantedAccess & READ_CONTROL) &&
ARGUMENT_PRESENT(ObjectHeader->SecurityDescriptor)) {
SecurityDescriptorSize = RtlLengthSecurityDescriptor(
ObjectHeader->SecurityDescriptor);
} else {
SecurityDescriptorSize = 0;
}
ObpReleaseDescriptorCacheLock();
ObjectBasicInfo.SecurityDescriptorSize = SecurityDescriptorSize;
// Now that we've packaged up our local copy of basic info we need
// to copy it into the output buffer and set the return
// length
try {
*(POBJECT_BASIC_INFORMATION)ObjectInformation = ObjectBasicInfo;
TempReturnLength = ObjectInformationLength;
} except(EXCEPTION_EXECUTE_HANDLER)
{
// Fall through, since we cannot undo what we have done.
}
break;
case ObjectNameInformation:
// Call a local worker routine
Status = ObQueryNameString(Object,
(POBJECT_NAME_INFORMATION)ObjectInformation,
ObjectInformationLength,
&TempReturnLength);
break;
case ObjectTypeInformation:
// Call a local worker routine
Status = ObQueryTypeInfo(ObjectType,
(POBJECT_TYPE_INFORMATION)ObjectInformation,
ObjectInformationLength,
&TempReturnLength);
break;
case ObjectTypesInformation:
try {
// The first thing we do is set the return length to cover the
// types info record. Later in each call to query type info
// this value will be updated as necessary
TempReturnLength = sizeof(OBJECT_TYPES_INFORMATION);
// Make sure there is enough room to hold the types info record
// and if so then compute the number of defined types there are
TypesInformation = (POBJECT_TYPES_INFORMATION)ObjectInformation;
if (ObjectInformationLength < sizeof(OBJECT_TYPES_INFORMATION)) {
Status = STATUS_INFO_LENGTH_MISMATCH;
} else {
TypesInformation->NumberOfTypes = 0;
for (i = 0; i < OBP_MAX_DEFINED_OBJECT_TYPES; i++) {
ObjectType = ObpObjectTypes[i];
if (ObjectType == NULL) {
break;
}
TypesInformation->NumberOfTypes += 1;
}
}
// For each defined type we will query the type info for the
// object type and adjust the TypeInfo pointer to the next
// free spot
TypeInfo = (POBJECT_TYPE_INFORMATION)(TypesInformation + 1);
for (i = 0; i < OBP_MAX_DEFINED_OBJECT_TYPES; i++) {
ObjectType = ObpObjectTypes[i];
if (ObjectType == NULL) {
break;
}
Status = ObQueryTypeInfo(ObjectType,
TypeInfo,
ObjectInformationLength,
&TempReturnLength);
if (NT_SUCCESS(Status)) {
TypeInfo = (POBJECT_TYPE_INFORMATION)
((PCHAR)(TypeInfo + 1) + ALIGN_UP(TypeInfo->TypeName.MaximumLength, ULONG));
}
}
} except(EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
}
break;
case ObjectHandleFlagInformation:
try {
// Set the amount of data we are going to return
TempReturnLength = sizeof(OBJECT_HANDLE_FLAG_INFORMATION);
HandleFlags = (POBJECT_HANDLE_FLAG_INFORMATION)ObjectInformation;
// Make sure we have enough room for the query, and if so we'll
// set the output based on the flags stored in the handle
if (ObjectInformationLength < sizeof(OBJECT_HANDLE_FLAG_INFORMATION)) {
Status = STATUS_INFO_LENGTH_MISMATCH;
} else {
HandleFlags->Inherit = FALSE;
if (HandleInformation.HandleAttributes & OBJ_INHERIT) {
HandleFlags->Inherit = TRUE;
}
HandleFlags->ProtectFromClose = FALSE;
if (HandleInformation.HandleAttributes & OBJ_PROTECT_CLOSE) {
HandleFlags->ProtectFromClose = TRUE;
}
}
} except(EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
}
break;
default:
// To get to this point we must have had an object and the
// information class is not defined, so we should dereference the
// object and return to our user the bad status
ObDereferenceObject(Object);
return(STATUS_INVALID_INFO_CLASS);
}
// Now if the caller asked for a return length we'll set it from
// our local copy
try {
if (ARGUMENT_PRESENT(ReturnLength)) {
*ReturnLength = TempReturnLength;
}
} except(EXCEPTION_EXECUTE_HANDLER)
{
// Fall through, since we cannot undo what we have done.
}
// In the end we can free the object if there was one and return
// to our caller
if (Object != NULL) {
ObDereferenceObject(Object);
}
return(Status);
}
NTSTATUS
NTAPI
NtSetInformationObject(
IN HANDLE Handle,
IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
IN PVOID ObjectInformation,
IN ULONG ObjectInformationLength
)
/*++
Routine description:
This routine is used to set handle information about a specified
handle
Arguments:
Handle - Supplies the handle being modified
ObjectInformationClass - Specifies the class of information being
modified. The only accepted value is ObjectHandleFlagInformation
ObjectInformation - Supplies the buffer containing the handle
flag information structure
ObjectInformationLength - Specifies the length, in bytes, of the
object information buffer
Return Value:
An appropriate status value
--*/
{
OBP_SET_HANDLE_ATTRIBUTES CapturedInformation;
HANDLE ObjectHandle;
PVOID ObjectTable;
KPROCESSOR_MODE PreviousMode;
NTSTATUS Status;
BOOLEAN AttachedToProcess = FALSE;
KAPC_STATE ApcState;
PAGED_CODE();
// Check if the information class and information length are correct.
if (ObjectInformationClass != ObjectHandleFlagInformation) {
return STATUS_INVALID_INFO_CLASS;
}
if (ObjectInformationLength != sizeof(OBJECT_HANDLE_FLAG_INFORMATION)) {
return STATUS_INFO_LENGTH_MISMATCH;
}
// Get previous processor mode and probe and capture the input
// buffer
CapturedInformation.PreviousMode = KeGetPreviousMode();
try {
if (CapturedInformation.PreviousMode != KernelMode) {
ProbeForRead(ObjectInformation, ObjectInformationLength, 1);
}
CapturedInformation.ObjectInformation = *(POBJECT_HANDLE_FLAG_INFORMATION)ObjectInformation;
} except(ExSystemExceptionFilter())
{
return GetExceptionCode();
}
#if 0
// On checked builds, check that if the Kernel handle bit is set,
// then we're coming from Kernel mode. We should probably fail the
// call if bit set && !Kmode
if ((Handle != NtCurrentThread()) && (Handle != NtCurrentProcess())) {
ASSERT((Handle < 0) ? (PreviousMode == KernelMode) : TRUE);
}
#endif
// Get the address of the object table for the current process. Or
// get the system handle table if this is a kernel handle and we are
// in kernel mode
if (IsKernelHandle(Handle, CapturedInformation.PreviousMode)) {
// Make the handle look like a regular handle
ObjectHandle = DecodeKernelHandle(Handle);
// The global kernel handle table
ObjectTable = ObpKernelHandleTable;
// Go to the system process
if (PsGetCurrentProcess() != PsInitialSystemProcess) {
KeStackAttachProcess(&PsInitialSystemProcess->Pcb, &ApcState);
AttachedToProcess = TRUE;
}
} else {
ObjectTable = ObpGetObjectTable();
ObjectHandle = Handle;
}
// Make the change to the handle table entry. The callback
// routine will do the actual change
if (ExChangeHandle(ObjectTable,
ObjectHandle,
ObpSetHandleAttributes,
(ULONG_PTR)&CapturedInformation)) {
Status = STATUS_SUCCESS;
} else {
Status = STATUS_ACCESS_DENIED;
}
// If we are attached to the system process then return
// back to our caller
if (AttachedToProcess) {
KeUnstackDetachProcess(&ApcState);
AttachedToProcess = FALSE;
}
// And return to our caller
return Status;
}
#define OBP_MISSING_NAME_LITERAL L"..."
#define OBP_MISSING_NAME_LITERAL_SIZE (sizeof( OBP_MISSING_NAME_LITERAL ) - sizeof( UNICODE_NULL ))
NTSTATUS
ObQueryNameString(
IN PVOID Object,
OUT POBJECT_NAME_INFORMATION ObjectNameInfo,
IN ULONG Length,
OUT PULONG ReturnLength
)
/*++
Routine description:
This routine processes a query of an object's name information
Arguments:
Object - Supplies the object being queried
ObjectNameInfo - Supplies the buffer to store the name string
information
Length - Specifies the length, in bytes, of the original object
name info buffer.
ReturnLength - Contains the number of bytes already used up
in the object name info. On return this receives an updated
byte count.
(Length minus ReturnLength) is really now many bytes are left
in the output buffer. The buffer supplied to this call may
actually be offset within the original users buffer
Return Value:
An appropriate status value
--*/
{
NTSTATUS Status;
POBJECT_HEADER ObjectHeader;
POBJECT_HEADER_NAME_INFO NameInfo;
POBJECT_HEADER ObjectDirectoryHeader;
POBJECT_DIRECTORY ObjectDirectory;
ULONG NameInfoSize;
PUNICODE_STRING String;
PWCH StringBuffer;
ULONG NameSize;
PAGED_CODE();
// Get the object header and name info record if it exists
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
// If the object type has a query name callback routine then
// that is how we get the name
if (ObjectHeader->Type->TypeInfo.QueryNameProcedure != NULL) {
try {
KIRQL SaveIrql;
ObpBeginTypeSpecificCallOut(SaveIrql);
ObpEndTypeSpecificCallOut(SaveIrql, "Query", ObjectHeader->Type, Object);
Status = (*ObjectHeader->Type->TypeInfo.QueryNameProcedure)(Object,
(BOOLEAN)((NameInfo != NULL) && (NameInfo->Name.Length != 0)),
ObjectNameInfo,
Length,
ReturnLength);
} except(EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
}
return(Status);
}
// Otherwise, the object type does not specify a query name
// procedure so we get to do the work. The first thing
// to check is if the object doesn't even have a name. If
// object doesn't have a name then we'll return an empty name
// info structure.
if ((NameInfo == NULL) || (NameInfo->Name.Buffer == NULL)) {
// Compute the length of our return buffer, set the output
// if necessary and make sure the supplied buffer is large
// enough
NameInfoSize = sizeof(OBJECT_NAME_INFORMATION);
try {
*ReturnLength = NameInfoSize;
} except(EXCEPTION_EXECUTE_HANDLER)
{
return(GetExceptionCode());
}
if (Length < NameInfoSize) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
// Initialize the output buffer to be an empty string
// and then return to our caller
try {
ObjectNameInfo->Name.Length = 0;
ObjectNameInfo->Name.MaximumLength = 0;
ObjectNameInfo->Name.Buffer = NULL;
} except(EXCEPTION_EXECUTE_HANDLER)
{
// Fall through, since we cannot undo what we have done.
// **** This should probably get the exception code and return
// that value
}
return(STATUS_SUCCESS);
}
// First lock the directory mutex to stop before we chase stuff down
ObpEnterRootDirectoryMutex();
try {
// The object does have a name but now see if this is
// just the root directory object in which case the name size
// is only the "\" character
if (Object == ObpRootDirectoryObject) {
NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR);
} else {
// The named object is not the root so for every directory
// working out way up we'll add its size to the name keeping
// track of "\" characters inbetween each component. We first
// start with the object name itself and then move on to
// the directories
ObjectDirectory = NameInfo->Directory;
NameSize = sizeof(OBJ_NAME_PATH_SEPARATOR) + NameInfo->Name.Length;
// While we are not at the root we'll keep moving up
while ((ObjectDirectory != ObpRootDirectoryObject) && (ObjectDirectory)) {
// Get the name information for this directory
ObjectDirectoryHeader = OBJECT_TO_OBJECT_HEADER(ObjectDirectory);
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectDirectoryHeader);
if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) {
// This directory has a name so add it to the accomulated
// size and move up the tree
NameSize += sizeof(OBJ_NAME_PATH_SEPARATOR) + NameInfo->Name.Length;
ObjectDirectory = NameInfo->Directory;
} else {
// This directory does not have a name so we'll give it
// the "..." name and stop the loop
NameSize += sizeof(OBJ_NAME_PATH_SEPARATOR) + OBP_MISSING_NAME_LITERAL_SIZE;
break;
}
}
}
// At this point NameSize is the number of bytes we need to store the
// name of the object from the root down. The total buffer size we are
// going to need will include this size, plus object name information
// structure, plus an ending null character
NameInfoSize = NameSize + sizeof(OBJECT_NAME_INFORMATION) + sizeof(UNICODE_NULL);
// Set the output size and make sure the supplied buffer is large enough
// to hold the information
try {
*ReturnLength = NameInfoSize;
} except(EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
leave;
}
if (Length < NameInfoSize) {
Status = STATUS_INFO_LENGTH_MISMATCH;
leave;
}
// **** the following IF isn't necessary because name info size is
// already guaranteed to be nonzero from about 23 lines above
if (NameInfoSize != 0) {
// Set the String buffer to point to the byte right after the
// last byte in the output string. This following logic actually
// fills in the buffer backwards working from the name back to the
// root
StringBuffer = (PWCH)ObjectNameInfo;
StringBuffer = (PWCH)((PCH)StringBuffer + NameInfoSize);
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
try {
// Terminate the string with a null and backup one unicode
// character
*--StringBuffer = UNICODE_NULL;
// If the object in question is not the root directory
// then we are going to put its name in the string buffer
// When we finally reach the root directory we'll append on
// the final "\"
if (Object != ObpRootDirectoryObject) {
// Add in the objects name
String = &NameInfo->Name;
StringBuffer = (PWCH)((PCH)StringBuffer - String->Length);
RtlMoveMemory(StringBuffer, String->Buffer, String->Length);
// While we are not at the root directory we'll keep
// moving up
ObjectDirectory = NameInfo->Directory;
while ((ObjectDirectory != ObpRootDirectoryObject) && (ObjectDirectory)) {
// Get the name information for this directory
ObjectDirectoryHeader = OBJECT_TO_OBJECT_HEADER(ObjectDirectory);
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectDirectoryHeader);
// Tack on the "\" between the last name we added and
// this new name
*--StringBuffer = OBJ_NAME_PATH_SEPARATOR;
// Preappend the directory name, if it has one, and
// move up to the next directory.
if ((NameInfo != NULL) && (NameInfo->Directory != NULL)) {
String = &NameInfo->Name;
StringBuffer = (PWCH)((PCH)StringBuffer - String->Length);
RtlMoveMemory(StringBuffer, String->Buffer, String->Length);
ObjectDirectory = NameInfo->Directory;
} else {
// The directory is nameless so use the "..." for
// its name and break out of the loop
StringBuffer = (PWCH)((PCH)StringBuffer - OBP_MISSING_NAME_LITERAL_SIZE);
RtlMoveMemory(StringBuffer,
OBP_MISSING_NAME_LITERAL,
OBP_MISSING_NAME_LITERAL_SIZE);
break;
}
}
}
// Tack on the "\" for the root directory and then set the
// output unicode string variable to have the right size
// and point to the right spot.
*--StringBuffer = OBJ_NAME_PATH_SEPARATOR;
ObjectNameInfo->Name.Length = (USHORT)NameSize;
ObjectNameInfo->Name.MaximumLength = (USHORT)(NameSize + sizeof(UNICODE_NULL));
ObjectNameInfo->Name.Buffer = StringBuffer;
} except(EXCEPTION_EXECUTE_HANDLER)
{
// Fall through, since we cannot undo what we have done.
// **** This should probably get the exception code and return
// that value
}
}
Status = STATUS_SUCCESS;
} finally{
ObpLeaveRootDirectoryMutex();
}
return Status;
}
NTSTATUS
ObQueryTypeName(
IN PVOID Object,
PUNICODE_STRING ObjectTypeName,
IN ULONG Length,
OUT PULONG ReturnLength
)
/*++
Routine description:
This routine processes a query of an object's type name
Arguments:
Object - Supplies the object being queried
ObjectTypeName - Supplies the buffer to store the type name
string information
Length - Specifies the length, in bytes, of the object type
name buffer
ReturnLength - Contains the number of bytes already used up
in the object type name buffer. On return this receives
an updated byte count
(Length minus ReturnLength) is really now many bytes are left
in the output buffer. The buffer supplied to this call may
actually be offset within the original users buffer
Return Value:
An appropriate status value
--*/
{
POBJECT_TYPE ObjectType;
POBJECT_HEADER ObjectHeader;
ULONG TypeNameSize;
PUNICODE_STRING String;
PWCH StringBuffer;
ULONG NameSize;
PAGED_CODE();
// From the object get its object type and from that get the size of
// the object type name. The total size for we need for the output
// buffer must fit the name, a terminating null, and a preceding
// unicode string structure
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
ObjectType = ObjectHeader->Type;
NameSize = ObjectType->Name.Length;
TypeNameSize = NameSize + sizeof(UNICODE_NULL) + sizeof(UNICODE_STRING);
// Update the number of bytes we need and make sure the output buffer is
// large enough
// **** to be consistent with all our callers and other routines in
// this module this should probably be a "+=" and not just "="
try {
*ReturnLength = TypeNameSize;
} except(EXCEPTION_EXECUTE_HANDLER)
{
return(GetExceptionCode());
}
if (Length < TypeNameSize) {
return(STATUS_INFO_LENGTH_MISMATCH);
}
// **** this IF is probably not needed because of the earlier computation
// of type name size
if (TypeNameSize != 0) {
// Set string buffer to point to the one byte beyond the
// buffer that we're going to fill in
StringBuffer = (PWCH)ObjectTypeName;
StringBuffer = (PWCH)((PCH)StringBuffer + TypeNameSize);
String = &ObjectType->Name;
try {
// Tack on the terminating null character and copy over
// the type name
*--StringBuffer = UNICODE_NULL;
StringBuffer = (PWCH)((PCH)StringBuffer - String->Length);
RtlMoveMemory(StringBuffer, String->Buffer, String->Length);
// Now set the preceding unicode string to have the right
// lengths and to point to this buffer
ObjectTypeName->Length = (USHORT)NameSize;
ObjectTypeName->MaximumLength = (USHORT)(NameSize + sizeof(UNICODE_NULL));
ObjectTypeName->Buffer = StringBuffer;
} except(EXCEPTION_EXECUTE_HANDLER)
{
// Fall through, since we cannot undo what we have done.
}
}
return(STATUS_SUCCESS);
}
NTSTATUS
ObQueryTypeInfo(
IN POBJECT_TYPE ObjectType,
OUT POBJECT_TYPE_INFORMATION ObjectTypeInfo,
IN ULONG Length,
OUT PULONG ReturnLength
)
/*++
Routine description:
This routine processes the query for object type information
Arguments:
Object - Supplies a pointer to the object type being queried
ObjectTypeInfo - Supplies the buffer to store the type information
Length - Specifies the length, in bytes, of the object type
information buffer
ReturnLength - Contains the number of bytes already used up
in the object type information buffer. On return this receives
an updated byte count
(Length minus ReturnLength) is really now many bytes are left
in the output buffer. The buffer supplied to this call may
actually be offset within the original users buffer
Return Value:
An appropriate status value
--*/
{
NTSTATUS Status;
try {
// The total number of bytes needed for this query includes the
// object type information structure plus the name of the type
// rounded up to a ulong boundary
*ReturnLength += sizeof(*ObjectTypeInfo) + ALIGN_UP(ObjectType->Name.MaximumLength, ULONG);
// Make sure the buffer is large enough for this information and
// then fill in the record
if (Length < *ReturnLength) {
Status = STATUS_INFO_LENGTH_MISMATCH;
} else {
ObjectTypeInfo->TotalNumberOfObjects = ObjectType->TotalNumberOfObjects;
ObjectTypeInfo->TotalNumberOfHandles = ObjectType->TotalNumberOfHandles;
ObjectTypeInfo->HighWaterNumberOfObjects = ObjectType->HighWaterNumberOfObjects;
ObjectTypeInfo->HighWaterNumberOfHandles = ObjectType->HighWaterNumberOfHandles;
ObjectTypeInfo->InvalidAttributes = ObjectType->TypeInfo.InvalidAttributes;
ObjectTypeInfo->GenericMapping = ObjectType->TypeInfo.GenericMapping;
ObjectTypeInfo->ValidAccessMask = ObjectType->TypeInfo.ValidAccessMask;
ObjectTypeInfo->SecurityRequired = ObjectType->TypeInfo.SecurityRequired;
ObjectTypeInfo->MaintainHandleCount = ObjectType->TypeInfo.MaintainHandleCount;
ObjectTypeInfo->PoolType = ObjectType->TypeInfo.PoolType;
ObjectTypeInfo->DefaultPagedPoolCharge = ObjectType->TypeInfo.DefaultPagedPoolCharge;
ObjectTypeInfo->DefaultNonPagedPoolCharge = ObjectType->TypeInfo.DefaultNonPagedPoolCharge;
// The type name goes right after this structure. We cannot use
// rtl routine like RtlCopyUnicodeString that might use the local
// memory to keep state, because this is the user buffer and it
// could be changing by user
ObjectTypeInfo->TypeName.Buffer = (PWSTR)(ObjectTypeInfo + 1);
ObjectTypeInfo->TypeName.Length = ObjectType->Name.Length;
ObjectTypeInfo->TypeName.MaximumLength = ObjectType->Name.MaximumLength;
RtlMoveMemory((PWSTR)(ObjectTypeInfo + 1),
ObjectType->Name.Buffer,
ObjectType->Name.Length);
((PWSTR)(ObjectTypeInfo + 1))[ObjectType->Name.Length / sizeof(WCHAR)] = UNICODE_NULL;
Status = STATUS_SUCCESS;
}
} except(EXCEPTION_EXECUTE_HANDLER)
{
Status = GetExceptionCode();
}
return Status;
}
NTSTATUS
ObQueryObjectAuditingByHandle(
IN HANDLE Handle,
OUT PBOOLEAN GenerateOnClose
)
/*++
Routine description:
This routine tells the caller if the indicated handle will
generate an audit if it is closed
Arguments:
Handle - Supplies the handle being queried
GenerateOnClose - Receives TRUE if the handle will generate
an audit if closed and FALSE otherwise
Return Value:
An appropriate status value
--*/
{
PHANDLE_TABLE ObjectTable;
PHANDLE_TABLE_ENTRY ObjectTableEntry;
PVOID Object;
ULONG CapturedGrantedAccess;
ULONG CapturedAttributes;
NTSTATUS Status;
PAGED_CODE();
// Protect ourselves from being interrupted while we hold a handle table
// entry lock
KeEnterCriticalRegion();
try {
ObpValidateIrql("ObQueryObjectAuditingByHandle");
// For the current process we'll grab its object table and
// then get the object table entry
ObjectTable = ObpGetObjectTable();
ObjectTableEntry = ExMapHandleToPointer(ObjectTable,
Handle);
// If we were given a valid handle we'll look at the attributes
// stored in the object table entry to decide if we generate
// an audit on close
if (ObjectTableEntry != NULL) {
CapturedAttributes = ObjectTableEntry->ObAttributes;
if (CapturedAttributes & OBJ_AUDIT_OBJECT_CLOSE) {
*GenerateOnClose = TRUE;
} else {
*GenerateOnClose = FALSE;
}
ExUnlockHandleTableEntry(ObjectTable, ObjectTableEntry);
Status = STATUS_SUCCESS;
} else {
Status = STATUS_INVALID_HANDLE;
}
} finally{
KeLeaveCriticalRegion();
}
return Status;
}
#if DBG
PUNICODE_STRING
ObGetObjectName(
IN PVOID Object
)
/*++
Routine description:
This routine returns a pointer to the name of object
Arguments:
Object - Supplies the object being queried
Return Value:
The address of the unicode string that stores the object
name if available and NULL otherwise
--*/
{
POBJECT_HEADER ObjectHeader;
POBJECT_HEADER_NAME_INFO NameInfo;
// Translate the input object to a name info structure
ObjectHeader = OBJECT_TO_OBJECT_HEADER(Object);
NameInfo = OBJECT_HEADER_TO_NAME_INFO(ObjectHeader);
// If the object has a name then return the address of
// the name otherwise return null
if ((NameInfo != NULL) && (NameInfo->Name.Length != 0)) {
return &NameInfo->Name;
} else {
return NULL;
}
}
#endif // DBG
// Local support routine
BOOLEAN
ObpSetHandleAttributes(
IN OUT PHANDLE_TABLE_ENTRY ObjectTableEntry,
IN ULONG_PTR Parameter
)
/*++
Routine description:
This is the call back routine for the ExChangeHandle from
NtSetInformationObject
Arguments:
ObjectTableEntry - Supplies a pointer to the object table entry being
modified
Parameter - Supplies a pointer to the OBJECT_HANDLE_FLAG_INFORMATION
structure to set into the table entry
Return Value:
Returns TRUE if the operation is successful otherwise FALSE
--*/
{
POBP_SET_HANDLE_ATTRIBUTES ObjectInformation;
POBJECT_HEADER ObjectHeader;
ObjectInformation = (POBP_SET_HANDLE_ATTRIBUTES)Parameter;
// Get a pointer to the object type via the object header and if the
// caller has asked for inherit but the object type says that inherit
// is an invalid flag then return false
ObjectHeader = (POBJECT_HEADER)(((ULONG_PTR)(ObjectTableEntry->Object)) & ~OBJ_HANDLE_ATTRIBUTES);
if ((ObjectInformation->ObjectInformation.Inherit) && ((ObjectHeader->Type->TypeInfo.InvalidAttributes & OBJ_INHERIT) != 0)) {
return FALSE;
}
// User mode cannot set the object attributes for kernel objects
if ((ObjectHeader->Flags & OB_FLAG_KERNEL_OBJECT) && (ObjectInformation->PreviousMode != KernelMode)) {
return FALSE;
}
// For each piece of information (inheriit and protect from close) that
// is in the object information buffer we'll set or clear the bits in
// the object table entry. The bits modified are the low order bits of
// used to store the pointer to the object header.
if (ObjectInformation->ObjectInformation.Inherit) {
ObjectTableEntry->ObAttributes |= OBJ_INHERIT;
} else {
ObjectTableEntry->ObAttributes &= ~OBJ_INHERIT;
}
if (ObjectInformation->ObjectInformation.ProtectFromClose) {
ObjectTableEntry->ObAttributes |= OBJ_PROTECT_CLOSE;
} else {
ObjectTableEntry->ObAttributes &= ~OBJ_PROTECT_CLOSE;
}
// And return to our caller
return TRUE;
}
Reference in New Issue View Git Blame Copy Permalink