#include <kph.h>#include <dyndata.h>#ifdef ALLOC_PRAGMA#pragma alloc_t

1.  
2. #include <kph.h>
3. #include <dyndata.h>
4.  
5. #ifdef ALLOC_PRAGMA
6. #pragma alloc_text(PAGE, KpiOpenProcess)
7. #pragma alloc_text(PAGE, KpiOpenProcessToken)
8. #pragma alloc_text(PAGE, KpiOpenProcessJob)
9. #pragma alloc_text(PAGE, KpiTerminateProcess)
10. #pragma alloc_text(PAGE, KpiQueryInformationProcess)
11. #pragma alloc_text(PAGE, KpiSetInformationProcess)
12. #endif
13.  
14. /**
15.  * Opens a process.
16.  *
17.  * \param ProcessHandle A variable which receives the process handle.
18.  * \param DesiredAccess The desired access to the process.
19.  * \param ClientId The identifier of a process or thread. If \a UniqueThread is present, the process
20.  * of the identified thread will be opened. If \a UniqueProcess is present, the identified process
21.  * will be opened.
22.  * \param Key An access key.
23.  * \li If a L2 key is provided, no access checks are performed.
24.  * \li If a L1 key is provided, only read access is permitted but no additional access checks are
25.  * performed.
26.  * \li If no valid key is provided, the function fails.
27.  * \param Client The client that initiated the request.
28.  * \param AccessMode The mode in which to perform access checks.
29.  */
30. NTSTATUS KpiOpenProcess(
31.     _Out_ PHANDLE ProcessHandle,
32.     _In_ ACCESS_MASK DesiredAccess,
33.     _In_ PCLIENT_ID ClientId,
34.     _In_opt_ KPH_KEY Key,
35.     _In_ PKPH_CLIENT Client,
36.     _In_ KPROCESSOR_MODE AccessMode
37.     )
38. {
39.     NTSTATUS status;
40.     CLIENT_ID clientId;
41.     PEPROCESS PROCESS;
42.     PETHREAD thread;
43.     KPH_KEY_LEVEL requiredKeyLevel;
44.     HANDLE processHandle;
45.  
46.     PAGED_CODE();
47.  
48.     IF (AccessMode != KernelMode)
49.     {
50.         __try
51.         {
52.             ProbeForWrite(ProcessHandle, SIZEOF(HANDLE), SIZEOF(HANDLE));
53.             ProbeForRead(ClientId, SIZEOF(CLIENT_ID), SIZEOF(ULONG));
54.             clientId = *ClientId;
55.         }
56.         __except (EXCEPTION_EXECUTE_HANDLER)
57.         {
58.             RETURN GetExceptionCode();
59.         }
60.     }
61.     ELSE
62.     {
63.         clientId = *ClientId;
64.     }
65.  
66.     // Use the thread ID if it was specified.
67.     IF (clientId.UniqueThread)
68.     {
69.         status = PsLookupProcessThreadByCid(&clientId, &PROCESS, &thread);
70.  
71.         IF (NT_SUCCESS(status))
72.         {
73.             // We don't actually need the thread.
74.             ObDereferenceObject(thread);
75.         }
76.     }
77.     ELSE
78.     {
79.         status = PsLookupProcessByProcessId(clientId.UniqueProcess, &PROCESS);
80.     }
81.  
82.     IF (!NT_SUCCESS(status))
83.         RETURN status;
84.  
85.     requiredKeyLevel = KphKeyLevel1;
86.  
87.     IF ((DesiredAccess & KPH_PROCESS_READ_ACCESS) != DesiredAccess)
88.         requiredKeyLevel = KphKeyLevel2;
89.  
90.     IF (NT_SUCCESS(status = KphValidateKey(requiredKeyLevel, Key, Client, AccessMode)))
91.     {
92.         // Always open in KernelMode to skip ordinary access checks.
93.         status = ObOpenObjectByPointer(
94.             PROCESS,
95.             0,
96.             NULL,
97.             DesiredAccess,
98.             *PsProcessType,
99.             KernelMode,
100.             &processHandle
101.             );
102.  
103.         IF (NT_SUCCESS(status))
104.         {
105.             IF (AccessMode != KernelMode)
106.             {
107.                 __try
108.                 {
109.                     *ProcessHandle = processHandle;
110.                 }
111.                 __except (EXCEPTION_EXECUTE_HANDLER)
112.                 {
113.                     status = GetExceptionCode();
114.                 }
115.             }
116.             ELSE
117.             {
118.                 *ProcessHandle = processHandle;
119.             }
120.         }
121.     }
122.  
123.     ObDereferenceObject(PROCESS);
124.  
125.     RETURN status;
126. }
127.