📄 thread.c
字号:
* @name CsrCreateThread
* @implemented NT4
*
* The CsrCreateThread routine creates a CSR Thread object for an NT Thread.
*
* @param CsrProcess
* Pointer to the CSR Process which will contain the CSR Thread.
*
* @param hThread
* Handle to an existing NT Thread to which to associate this
* CSR Thread.
*
* @param ClientId
* Pointer to the Client ID structure of the NT Thread to associate
* with this CSR Thread.
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL
* othwerwise.
*
* @remarks None.
*
*--*/
NTSTATUS
NTAPI
CsrCreateThread(IN PCSR_PROCESS CsrProcess,
IN HANDLE hThread,
IN PCLIENT_ID ClientId)
{
NTSTATUS Status;
PCSR_THREAD CsrThread;
PCSR_PROCESS CurrentProcess;
PCSR_THREAD CurrentThread = NtCurrentTeb()->CsrClientThread;
CLIENT_ID CurrentCid;
KERNEL_USER_TIMES KernelTimes;
DPRINT("CSRSRV: %s called\n", __FUNCTION__);
/* Get the current thread and CID */
CurrentCid = CurrentThread->ClientId;
/* Acquire the Process Lock */
CsrAcquireProcessLock();
/* Get the current Process and make sure the Thread is valid with this CID */
CurrentThread = CsrLocateThreadByClientId(&CurrentProcess,
&CurrentCid);
/* Something is wrong if we get an empty thread back */
if (!CurrentThread)
{
DPRINT1("CSRSRV:%s: invalid thread!\n", __FUNCTION__);
CsrReleaseProcessLock();
return STATUS_THREAD_IS_TERMINATING;
}
/* Get the Thread Create Time */
Status = NtQueryInformationThread(hThread,
ThreadTimes,
(PVOID)&KernelTimes,
sizeof(KernelTimes),
NULL);
/* Allocate a CSR Thread Structure */
if (!(CsrThread = CsrAllocateThread(CsrProcess)))
{
DPRINT1("CSRSRV:%s: out of memory!\n", __FUNCTION__);
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
/* Save the data we have */
CsrThread->CreateTime = KernelTimes.CreateTime;
CsrThread->ClientId = *ClientId;
CsrThread->ThreadHandle = hThread;
CsrThread->Flags = 0;
/* Insert the Thread into the Process */
CsrInsertThread(CsrProcess, CsrThread);
/* Release the lock and return */
CsrReleaseProcessLock();
return STATUS_SUCCESS;
}
/*++
* @name CsrDereferenceThread
* @implemented NT4
*
* The CsrDereferenceThread routine removes a reference from a CSR Thread.
*
* @param CsrThread
* Pointer to the CSR Thread to dereference.
*
* @return None.
*
* @remarks If the reference count has reached zero (ie: the CSR Thread has
* no more active references), it will be deleted.
*
*--*/
VOID
NTAPI
CsrDereferenceThread(PCSR_THREAD CsrThread)
{
/* Acquire process lock */
CsrAcquireProcessLock();
/* Decrease reference count */
if (!(--CsrThread->ReferenceCount))
{
/* Call the generic cleanup code */
CsrThreadRefcountZero(CsrThread);
}
else
{
/* Just release the lock */
CsrReleaseProcessLock();
}
}
/*++
* @name CsrExecServerThread
* @implemented NT4
*
* The CsrExecServerThread routine creates an NT Thread and then
* initializes a CSR Thread for it.
*
* @param ThreadHandler
* Pointer to the thread's startup routine.
*
* @param Flags
* Initial CSR Thread Flags to set to the CSR Thread.
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL
* othwerwise.
*
* @remarks This routine is similar to CsrAddStaticServerThread, but it
* also creates an NT Thread instead of expecting one to already
* exist.
*
*--*/
NTSTATUS
NTAPI
CsrExecServerThread(IN PVOID ThreadHandler,
IN ULONG Flags)
{
PCSR_THREAD CsrThread;
HANDLE hThread;
CLIENT_ID ClientId;
NTSTATUS Status;
/* Acquire process lock */
CsrAcquireProcessLock();
/* Allocate a CSR Thread in the Root Process */
if (!(CsrThread = CsrAllocateThread(CsrRootProcess)))
{
/* Fail */
CsrReleaseProcessLock();
return STATUS_NO_MEMORY;
}
/* Create the Thread */
Status = RtlCreateUserThread(NtCurrentProcess(),
NULL,
FALSE,
0,
0,
0,
ThreadHandler,
NULL,
&hThread,
&ClientId);
if (!NT_SUCCESS(Status))
{
/* Fail */
CsrDeallocateThread(CsrThread);
CsrReleaseProcessLock();
return Status;
}
/* Setup the Thread Object */
CsrThread->ThreadHandle = hThread;
CsrThread->ClientId = ClientId;
CsrThread->Flags = Flags;
/* Insert it into the Thread List */
InsertHeadList(&CsrRootProcess->ThreadList, &CsrThread->Link);
/* Increase the thread count */
CsrRootProcess->ThreadCount++;
/* Return */
CsrReleaseProcessLock();
return Status;
}
/*++
* @name CsrDestroyThread
* @implemented NT4
*
* The CsrDestroyThread routine destroys the CSR Thread corresponding to
* a given Thread ID.
*
* @param Cid
* Pointer to the Client ID Structure corresponding to the CSR
* Thread which is about to be destroyed.
*
* @return STATUS_SUCCESS in case of success, STATUS_THREAD_IS_TERMINATING
* if the CSR Thread is already terminating.
*
* @remarks None.
*
*--*/
NTSTATUS
NTAPI
CsrDestroyThread(IN PCLIENT_ID Cid)
{
CLIENT_ID ClientId = *Cid;
PCSR_THREAD CsrThread;
PCSR_PROCESS CsrProcess;
/* Acquire lock */
CsrAcquireProcessLock();
/* Find the thread */
CsrThread = CsrLocateThreadByClientId(&CsrProcess,
&ClientId);
/* Make sure we got one back, and that it's not already gone */
if (!CsrThread || CsrThread->Flags & CsrThreadTerminated)
{
/* Release the lock and return failure */
CsrReleaseProcessLock();
return STATUS_THREAD_IS_TERMINATING;
}
/* Set the terminated flag */
CsrThread->Flags |= CsrThreadTerminated;
/* Acquire the Wait Lock */
CsrAcquireWaitLock();
/* Do we have an active wait block? */
if (CsrThread->WaitBlock)
{
/* Notify waiters of termination */
CsrNotifyWaitBlock(CsrThread->WaitBlock,
NULL,
NULL,
NULL,
CsrProcessTerminating,
TRUE);
}
/* Release the Wait Lock */
CsrReleaseWaitLock();
/* Dereference the thread */
CsrLockedDereferenceThread(CsrThread);
/* Release the Process Lock and return success */
CsrReleaseProcessLock();
return STATUS_SUCCESS;
}
/*++
* @name CsrImpersonateClient
* @implemented NT4
*
* The CsrImpersonateClient will impersonate the given CSR Thread.
*
* @param CsrThread
* Pointer to the CSR Thread to impersonate.
*
* @return TRUE if impersionation suceeded, false otherwise.
*
* @remarks Impersonation can be recursive.
*
*--*/
BOOLEAN
NTAPI
CsrImpersonateClient(IN PCSR_THREAD CsrThread)
{
NTSTATUS Status;
PCSR_THREAD CurrentThread = NtCurrentTeb()->CsrClientThread;
/* Use the current thread if none given */
if (!CsrThread) CsrThread = CurrentThread;
/* Still no thread, something is wrong */
if (!CsrThread)
{
/* Failure */
return FALSE;
}
/* Make the call */
Status = NtImpersonateThread(NtCurrentThread(),
CsrThread->ThreadHandle,
&CsrSecurityQos);
if (!NT_SUCCESS(Status))
{
/* Failure */
return FALSE;
}
/* Increase the impersonation count for the current thread */
if (CurrentThread) ++CurrentThread->ImpersonationCount;
/* Return Success */
return TRUE;
}
/*++
* @name CsrRevertToSelf
* @implemented NT4
*
* The CsrRevertToSelf routine will attempt to remove an active impersonation.
*
* @param None.
*
* @return TRUE if the reversion was succesful, false otherwise.
*
* @remarks Impersonation can be recursive; as such, the impersonation token
* will only be deleted once the CSR Thread's impersonaton count
* has reached zero.
*
*--*/
BOOLEAN
NTAPI
CsrRevertToSelf(VOID)
{
NTSTATUS Status;
PCSR_THREAD CurrentThread = NtCurrentTeb()->CsrClientThread;
HANDLE ImpersonationToken = NULL;
/* Check if we have a Current Thread */
if (CurrentThread)
{
/* Make sure impersonation is on */
if (!CurrentThread->ImpersonationCount)
{
return FALSE;
}
else if (--CurrentThread->ImpersonationCount > 0)
{
/* Success; impersonation count decreased but still not zero */
return TRUE;
}
}
/* Impersonation has been totally removed, revert to ourselves */
Status = NtSetInformationThread(NtCurrentThread(),
ThreadImpersonationToken,
&ImpersonationToken,
sizeof(HANDLE));
/* Return TRUE or FALSE */
return NT_SUCCESS(Status);
}
/*++
* @name CsrLockThreadByClientId
* @implemented NT4
*
* The CsrLockThreadByClientId routine locks the CSR Thread corresponding
* to the given Thread ID and optionally returns it.
*
* @param Tid
* Thread ID corresponding to the CSR Thread which will be locked.
*
* @param CsrThread
* Optional pointer to a CSR Thread pointer which will hold the
* CSR Thread corresponding to the given Thread ID.
*
* @return STATUS_SUCCESS in case of success, STATUS_UNSUCCESSFUL
* othwerwise.
*
* @remarks Locking a CSR Thread is defined as acquiring an extra
* reference to it and returning with the Process Lock held.
*
*--*/
NTSTATUS
NTAPI
CsrLockThreadByClientId(IN HANDLE Tid,
OUT PCSR_THREAD *CsrThread OPTIONAL)
{
PLIST_ENTRY ListHead, NextEntry;
PCSR_THREAD CurrentThread = NULL;
NTSTATUS Status = STATUS_UNSUCCESSFUL;
ULONG i;
/* Acquire the lock */
CsrAcquireProcessLock();
/* Convert to Hash */
i = CsrHashThread(Tid);
/* Setup the List Pointers */
ListHead = &CsrThreadHashTable[i];
NextEntry = ListHead;
/* Start Loop */
while (NextEntry != ListHead)
{
/* Get the Process */
CurrentThread = CONTAINING_RECORD(NextEntry, CSR_THREAD, HashLinks);
/* Check for PID Match */
if ((CurrentThread->ClientId.UniqueThread == Tid) &&
!(CurrentThread->Flags & CsrThreadTerminated))
{
/* Get out of here with success */
Status = STATUS_SUCCESS;
break;
}
/* Next entry */
NextEntry = NextEntry->Flink;
}
/* Did the loop find something? */
if (NT_SUCCESS(Status))
{
/* Reference the found thread */
CurrentThread->ReferenceCount++;
}
else
{
/* Nothing found, release the lock */
CsrReleaseProcessLock();
}
/* Return the status and thread */
if (CsrThread) *CsrThread = CurrentThread;
return Status;
}
/*++
* @name CsrReferenceThread
* @implemented NT4
*
* The CsrReferenceThread routine increases the active reference count of
* a CSR Thread.
*
* @param CsrThread
* Pointer to the CSR Thread whose reference count will be increased.
*
* @return None.
*
* @remarks Do not use this routine if the Process Lock is already held.
*
*--*/
VOID
NTAPI
CsrReferenceThread(PCSR_THREAD CsrThread)
{
/* Acquire process lock */
CsrAcquireProcessLock();
/* Increment reference count */
CsrThread->ReferenceCount++;
/* Release the lock */
CsrReleaseProcessLock();
}
/*++
* @name CsrUnlockThread
* @implemented NT4
*
* The CsrUnlockThread undoes a previous CsrLockThreadByClientId operation.
*
* @param CsrThread
* Pointer to a previously locked CSR Thread.
*
* @return STATUS_SUCCESS.
*
* @remarks This routine must be called with the Process Lock held.
*
*--*/
NTSTATUS
NTAPI
CsrUnlockThread(PCSR_THREAD CsrThread)
{
/* Dereference the Thread */
CsrLockedDereferenceThread(CsrThread);
/* Release the lock and return */
CsrReleaseProcessLock();
return STATUS_SUCCESS;
}
/* EOF */
⌨️ 快捷键说明
复制代码
Ctrl + C
搜索代码
Ctrl + F
全屏模式
F11
切换主题
Ctrl + Shift + D
显示快捷键
?
增大字号
Ctrl + =
减小字号
Ctrl + -