2 * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
3 * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * - Redistributions of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
14 * this list of conditions and the following disclaimer in the
16 * and/or other materials provided with the distribution.
17 * - Neither the names of Kernel Drivers, LLC and Your File System, Inc.
18 * nor the names of their contributors may be used to endorse or promote
19 * products derived from this software without specific prior written
20 * permission from Kernel Drivers, LLC and Your File System, Inc.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
26 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 // File: AFSProcessSupport.cpp
39 #include "AFSCommon.h"
42 AFSProcessNotify( IN HANDLE ParentId,
48 // If this is a create notification then update our tree, otherwise remove the
55 AFSProcessCreate( ParentId,
57 PsGetCurrentProcessId(),
58 PsGetCurrentThreadId());
63 AFSProcessDestroy( ProcessId);
70 AFSProcessNotifyEx( IN OUT PEPROCESS Process,
72 IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo)
74 UNREFERENCED_PARAMETER(Process);
79 AFSProcessCreate( CreateInfo->ParentProcessId,
81 CreateInfo->CreatingThreadId.UniqueProcess,
82 CreateInfo->CreatingThreadId.UniqueThread);
87 AFSProcessDestroy( ProcessId);
93 AFSProcessCreate( IN HANDLE ParentId,
95 IN HANDLE CreatingProcessId,
96 IN HANDLE CreatingThreadId)
98 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
99 AFSProcessCB *pProcessCB = NULL;
104 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
105 AFS_TRACE_LEVEL_VERBOSE,
106 "AFSProcessCreate Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
107 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
108 PsGetCurrentThread());
110 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
113 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
114 AFS_TRACE_LEVEL_VERBOSE,
115 "AFSProcessCreate Parent %08lX Process %08lX %08lX\n",
118 PsGetCurrentThread());
120 pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId,
121 (ULONGLONG)ProcessId);
123 if( pProcessCB != NULL)
126 pProcessCB->CreatingProcessId = (ULONGLONG)CreatingProcessId;
128 pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId;
131 // Now assign the AuthGroup ACE
134 AFSValidateProcessEntry( ProcessId,
140 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
141 AFS_TRACE_LEVEL_ERROR,
142 "AFSProcessCreate Initialization failure for Parent %08lX Process %08lX %08lX\n",
145 PsGetCurrentThread());
148 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
155 AFSProcessDestroy( IN HANDLE ProcessId)
158 NTSTATUS ntStatus = STATUS_SUCCESS;
159 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
160 AFSProcessCB *pProcessCB = NULL;
161 AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL;
162 AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL;
167 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
168 AFS_TRACE_LEVEL_VERBOSE,
169 "AFSProcessDestroy Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
170 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
171 PsGetCurrentThreadId());
173 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
176 // It's a remove so pull the entry
179 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
180 AFS_TRACE_LEVEL_VERBOSE,
181 "AFSProcessDestroy Process %08lX %08lX\n",
183 PsGetCurrentThread());
185 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
186 (ULONGLONG)ProcessId,
187 (AFSBTreeEntry **)&pProcessCB);
189 if( NT_SUCCESS( ntStatus) &&
193 AFSRemoveHashEntry( &pDeviceExt->Specific.Control.ProcessTree.TreeHead,
194 (AFSBTreeEntry *)pProcessCB);
196 pProcessAuthGroup = pProcessCB->AuthGroupList;
198 while( pProcessAuthGroup != NULL)
201 pLastAuthGroup = pProcessAuthGroup->Next;
203 ExFreePool( pProcessAuthGroup);
205 pProcessAuthGroup = pLastAuthGroup;
208 pThreadCB = pProcessCB->ThreadList;
210 while( pThreadCB != NULL)
213 pNextThreadCB = pThreadCB->Next;
215 ExFreePool( pThreadCB);
217 pThreadCB = pNextThreadCB;
220 ExDeleteResourceLite( &pProcessCB->Lock);
222 ExFreePool( pProcessCB);
226 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
227 AFS_TRACE_LEVEL_WARNING,
228 "AFSProcessDestroy Process %08lX not found in ProcessTree Status %08lX %08lX\n",
231 PsGetCurrentThread());
234 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
241 // AFSValidateProcessEntry verifies the consistency of the current process
242 // entry which includes assigning an authentication group ACE if one is not
243 // present. A reference to the active authentication group GUID is returned.
247 AFSValidateProcessEntry( IN HANDLE ProcessId,
248 IN BOOLEAN bProcessTreeLocked)
251 GUID *pAuthGroup = NULL;
252 NTSTATUS ntStatus = STATUS_SUCCESS;
253 AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
254 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
255 ULONGLONG ullProcessID = (ULONGLONG)ProcessId;
256 UNICODE_STRING uniSIDString;
258 AFSSIDEntryCB *pSIDEntryCB = NULL;
259 ULONG ulSessionId = 0;
260 ULONGLONG ullTableHash = 0;
261 AFSThreadCB *pParentThreadCB = NULL;
262 UNICODE_STRING uniGUID;
263 BOOLEAN bImpersonation = FALSE;
268 uniSIDString.Length = 0;
269 uniSIDString.MaximumLength = 0;
270 uniSIDString.Buffer = NULL;
272 if ( !bProcessTreeLocked)
275 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
276 AFS_TRACE_LEVEL_VERBOSE,
277 "AFSValidateProcessEntry Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
278 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
279 PsGetCurrentThread());
281 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
285 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
286 AFS_TRACE_LEVEL_VERBOSE,
287 "%s Entry for ProcessID %I64X\n",
291 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
293 (AFSBTreeEntry **)&pProcessCB);
295 if( !NT_SUCCESS( ntStatus) ||
299 if ( !bProcessTreeLocked)
302 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
304 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
308 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
310 (AFSBTreeEntry **)&pProcessCB);
312 if( !NT_SUCCESS( ntStatus) ||
322 if( !NT_SUCCESS( ntStatus) ||
326 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
327 AFS_TRACE_LEVEL_ERROR,
328 "%s Failed to locate process entry for ProcessID %I64X\n",
332 try_return( ntStatus = STATUS_UNSUCCESSFUL);
335 if ( !bProcessTreeLocked)
338 AFSConvertToShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
343 // Locate and lock the ParentProcessCB if we have one
346 if( pProcessCB->ParentProcessId != 0)
349 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
350 AFS_TRACE_LEVEL_VERBOSE,
351 "%s Locating process entry for Parent ProcessID %I64X\n",
353 pProcessCB->ParentProcessId);
355 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
356 (ULONGLONG)pProcessCB->ParentProcessId,
357 (AFSBTreeEntry **)&pParentProcessCB);
359 if( NT_SUCCESS( ntStatus) &&
360 pParentProcessCB != NULL)
362 AFSAcquireExcl( &pParentProcessCB->Lock,
365 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
366 AFS_TRACE_LEVEL_VERBOSE,
367 "%s Located process entry for Parent ProcessID %I64X\n",
369 pProcessCB->ParentProcessId);
375 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
376 AFS_TRACE_LEVEL_VERBOSE,
377 "%s No parent ID for ProcessID %I64X\n",
382 AFSAcquireExcl( &pProcessCB->Lock,
388 // Mark the process as 64-bit if it is.
391 if( !IoIs32bitProcess( NULL))
394 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
399 ClearFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
404 // Locate the SID for the caller
407 ntStatus = AFSGetCallerSID( &uniSIDString, &bImpersonation);
409 if( !NT_SUCCESS( ntStatus))
412 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
413 AFS_TRACE_LEVEL_ERROR,
414 "%s Failed to locate callers SID for ProcessID %I64X\n",
418 try_return( ntStatus);
421 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
423 if( ulSessionId == (ULONG)-1)
426 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
427 AFS_TRACE_LEVEL_ERROR,
428 "%s Failed to retrieve session ID for ProcessID %I64X\n",
432 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
435 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
436 AFS_TRACE_LEVEL_VERBOSE,
437 "%s Retrieved callers SID %wZ for ProcessID %I64X Session %08lX\n",
444 // If there is an Auth Group for the current process,
445 // our job is finished.
448 if ( bImpersonation == FALSE)
450 pAuthGroup = pProcessCB->ActiveAuthGroup;
452 if( pAuthGroup != NULL &&
453 !AFSIsNoPAGAuthGroup( pAuthGroup))
456 uniGUID.Buffer = NULL;
458 RtlStringFromGUID( *pAuthGroup,
461 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
462 AFS_TRACE_LEVEL_VERBOSE,
463 "%s Located valid AuthGroup GUID %wZ for SID %wZ ProcessID %I64X Session %08lX\n",
470 if( uniGUID.Buffer != NULL)
472 RtlFreeUnicodeString( &uniGUID);
475 try_return( ntStatus = STATUS_SUCCESS);
479 // The current process does not yet have an Auth Group. Try to inherit
480 // one from the parent process thread that created this process.
483 if( pParentProcessCB != NULL)
486 for ( pParentThreadCB = pParentProcessCB->ThreadList;
487 pParentThreadCB != NULL;
488 pParentThreadCB = pParentThreadCB->Next)
491 if( pParentThreadCB->ThreadId == pProcessCB->CreatingThreadId)
498 // If the creating thread was found and it has a thread specific
499 // Auth Group, use that even if it is the No PAG
502 if( pParentThreadCB != NULL &&
503 pParentThreadCB->ActiveAuthGroup != NULL &&
504 !AFSIsNoPAGAuthGroup( pParentThreadCB->ActiveAuthGroup))
506 pProcessCB->ActiveAuthGroup = pParentThreadCB->ActiveAuthGroup;
508 uniGUID.Buffer = NULL;
510 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
513 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
514 AFS_TRACE_LEVEL_VERBOSE,
515 "%s PID %I64X Session %08lX inherited Active AuthGroup %wZ from thread %I64X\n",
520 pParentThreadCB->ThreadId);
522 if( uniGUID.Buffer != NULL)
524 RtlFreeUnicodeString( &uniGUID);
529 // If the parent thread was not found or does not have an auth group
532 else if( pParentProcessCB->ActiveAuthGroup != NULL &&
533 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
535 pProcessCB->ActiveAuthGroup = pParentProcessCB->ActiveAuthGroup;
537 uniGUID.Buffer = NULL;
539 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
542 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
543 AFS_TRACE_LEVEL_VERBOSE,
544 "%s PID %I64X Session %08lX inherited Active AuthGroup %wZ from parent PID %I64X\n",
549 pParentProcessCB->TreeEntry.HashIndex);
551 if( uniGUID.Buffer != NULL)
553 RtlFreeUnicodeString( &uniGUID);
558 // If an Auth Group was inherited, set it to be the active group
561 if( pProcessCB->ActiveAuthGroup != NULL &&
562 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
564 pAuthGroup = pProcessCB->ActiveAuthGroup;
566 uniGUID.Buffer = NULL;
568 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
571 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
572 AFS_TRACE_LEVEL_VERBOSE,
573 "%s Returning(1) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
580 if( uniGUID.Buffer != NULL)
582 RtlFreeUnicodeString( &uniGUID);
585 try_return( ntStatus);
591 // If no Auth Group was inherited, assign one based upon the Session and SID
594 ntStatus = RtlHashUnicodeString( &uniSIDString,
596 HASH_STRING_ALGORITHM_DEFAULT,
599 if( !NT_SUCCESS( ntStatus))
602 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
603 AFS_TRACE_LEVEL_ERROR,
604 "%s Failed to hash SID %wZ for PID %I64X Session %08lX Status %08lX\n",
611 try_return( ntStatus);
614 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
616 AFSAcquireShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
619 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
620 (ULONGLONG)ullTableHash,
621 (AFSBTreeEntry **)&pSIDEntryCB);
623 if( !NT_SUCCESS( ntStatus) ||
627 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
629 AFSAcquireExcl( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
632 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
633 (ULONGLONG)ullTableHash,
634 (AFSBTreeEntry **)&pSIDEntryCB);
636 if( !NT_SUCCESS( ntStatus) ||
640 pSIDEntryCB = (AFSSIDEntryCB *)AFSExAllocatePoolWithTag( NonPagedPool,
641 sizeof( AFSSIDEntryCB),
642 AFS_AG_ENTRY_CB_TAG);
644 if( pSIDEntryCB == NULL)
647 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
649 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
652 RtlZeroMemory( pSIDEntryCB,
653 sizeof( AFSSIDEntryCB));
655 pSIDEntryCB->TreeEntry.HashIndex = (ULONGLONG)ullTableHash;
657 while( ExUuidCreate( &pSIDEntryCB->AuthGroup) == STATUS_RETRY);
659 uniGUID.Buffer = NULL;
661 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
664 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
665 AFS_TRACE_LEVEL_VERBOSE,
666 "%s SID %wZ PID %I64X Session %08lX generated NEW AG %wZ\n",
673 if( uniGUID.Buffer != NULL)
675 RtlFreeUnicodeString( &uniGUID);
678 if( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead == NULL)
680 pDeviceExt->Specific.Control.AuthGroupTree.TreeHead = (AFSBTreeEntry *)pSIDEntryCB;
684 AFSInsertHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
685 &pSIDEntryCB->TreeEntry);
689 AFSConvertToShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
693 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
696 // Store the auth group into the process cb
699 pProcessCB->ActiveAuthGroup = &pSIDEntryCB->AuthGroup;
701 uniGUID.Buffer = NULL;
703 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
706 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
707 AFS_TRACE_LEVEL_VERBOSE,
708 "%s SID %wZ PID %I64X Session %08lX assigned AG %wZ\n",
715 if( uniGUID.Buffer != NULL)
717 RtlFreeUnicodeString( &uniGUID);
721 // Set the AFS_PROCESS_LOCAL_SYSTEM_AUTH flag if the process SID
725 if( AFSIsLocalSystemSID( &uniSIDString))
727 SetFlag( pProcessCB->Flags, AFS_PROCESS_LOCAL_SYSTEM_AUTH);
729 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
730 AFS_TRACE_LEVEL_VERBOSE,
731 "%s Setting PID %I64X Session %08lX with LOCAL SYSTEM AUTHORITY\n",
738 // Return the auth group
741 pAuthGroup = pProcessCB->ActiveAuthGroup;
743 uniGUID.Buffer = NULL;
745 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
748 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
749 AFS_TRACE_LEVEL_VERBOSE,
750 "%s Returning(2) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
757 if( uniGUID.Buffer != NULL)
759 RtlFreeUnicodeString( &uniGUID);
764 if( pProcessCB != NULL)
767 if( bImpersonation == FALSE &&
768 !BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET) &&
769 NT_SUCCESS( ntStatus))
771 ntStatus = AFSProcessSetProcessDacl( pProcessCB);
773 if( !NT_SUCCESS( ntStatus))
779 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET);
783 AFSReleaseResource( &pProcessCB->Lock);
786 if( pParentProcessCB != NULL)
788 AFSReleaseResource( &pParentProcessCB->Lock);
791 if( uniSIDString.Length > 0)
793 RtlFreeUnicodeString( &uniSIDString);
796 if ( !bProcessTreeLocked)
799 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
807 AFSIs64BitProcess( IN ULONGLONG ProcessId)
810 NTSTATUS ntStatus = STATUS_SUCCESS;
811 BOOLEAN bIs64Bit = FALSE;
812 AFSProcessCB *pProcessCB = NULL;
813 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
818 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
819 AFS_TRACE_LEVEL_VERBOSE,
820 "AFSIs64BitProcess Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
821 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
822 PsGetCurrentThread());
824 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
827 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
828 (ULONGLONG)ProcessId,
829 (AFSBTreeEntry **)&pProcessCB);
831 if( pProcessCB != NULL)
833 bIs64Bit = BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
836 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
843 AFSInitializeProcessCB( IN ULONGLONG ParentProcessId,
844 IN ULONGLONG ProcessId)
847 AFSProcessCB *pProcessCB = NULL;
848 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
853 pProcessCB = (AFSProcessCB *)AFSExAllocatePoolWithTag( NonPagedPool,
854 sizeof( AFSProcessCB),
857 if( pProcessCB == NULL)
859 try_return( pProcessCB);
862 RtlZeroMemory( pProcessCB,
863 sizeof( AFSProcessCB));
865 pProcessCB->TreeEntry.HashIndex = (ULONGLONG)ProcessId;
867 pProcessCB->ParentProcessId = (ULONGLONG)ParentProcessId;
869 if( pDeviceExt->Specific.Control.ProcessTree.TreeHead == NULL)
871 pDeviceExt->Specific.Control.ProcessTree.TreeHead = (AFSBTreeEntry *)pProcessCB;
875 AFSInsertHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
876 &pProcessCB->TreeEntry);
879 ExInitializeResourceLite( &pProcessCB->Lock);
881 pProcessCB->ActiveAuthGroup = &AFSNoPAGAuthGroup;
892 AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
893 IN ULONGLONG ThreadId)
896 AFSThreadCB *pThreadCB = NULL, *pCurrentThreadCB = NULL;
901 pThreadCB = (AFSThreadCB *)AFSExAllocatePoolWithTag( NonPagedPool,
902 sizeof( AFSThreadCB),
905 if( pThreadCB == NULL)
907 try_return( pThreadCB);
910 RtlZeroMemory( pThreadCB,
911 sizeof( AFSThreadCB));
913 pThreadCB->ThreadId = ThreadId;
915 if( ProcessCB->ThreadList == NULL)
917 ProcessCB->ThreadList = pThreadCB;
922 pCurrentThreadCB = ProcessCB->ThreadList;
924 while( pCurrentThreadCB != NULL)
927 if( pCurrentThreadCB->Next == NULL)
929 pCurrentThreadCB->Next = pThreadCB;
933 pCurrentThreadCB = pCurrentThreadCB->Next;