2 * Copyright (c) 2008, 2009, 2010, 2011 Kernel Drivers, LLC.
3 * Copyright (c) 2009, 2010, 2011 Your File System, Inc.
6 * Redistribution and use in source and binary forms, with or without
7 * modification, are permitted provided that the following conditions
10 * - Redistributions of source code must retain the above copyright notice,
11 * this list of conditions and the following disclaimer.
12 * - Redistributions in binary form must reproduce the above copyright
14 * this list of conditions and the following disclaimer in the
16 * and/or other materials provided with the distribution.
17 * - Neither the names of Kernel Drivers, LLC and Your File System, Inc.
18 * nor the names of their contributors may be used to endorse or promote
19 * products derived from this software without specific prior written
20 * permission from Kernel Drivers, LLC and Your File System, Inc.
22 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
23 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
24 * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
25 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER
26 * OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
27 * EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
28 * PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
29 * PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF
30 * LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING
31 * NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
32 * SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
36 // File: AFSProcessSupport.cpp
39 #include "AFSCommon.h"
42 AFSProcessNotify( IN HANDLE ParentId,
48 // If this is a create notification then update our tree, otherwise remove the
55 AFSProcessCreate( ParentId,
57 PsGetCurrentProcessId(),
58 PsGetCurrentThreadId());
63 AFSProcessDestroy( ProcessId);
70 AFSProcessNotifyEx( IN OUT PEPROCESS Process,
72 IN OUT PPS_CREATE_NOTIFY_INFO CreateInfo)
78 AFSProcessCreate( CreateInfo->ParentProcessId,
80 CreateInfo->CreatingThreadId.UniqueProcess,
81 CreateInfo->CreatingThreadId.UniqueThread);
86 AFSProcessDestroy( ProcessId);
92 AFSProcessCreate( IN HANDLE ParentId,
94 IN HANDLE CreatingProcessId,
95 IN HANDLE CreatingThreadId)
97 NTSTATUS ntStatus = STATUS_SUCCESS;
98 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
99 AFSProcessCB *pProcessCB = NULL;
104 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
105 AFS_TRACE_LEVEL_VERBOSE,
106 "AFSProcessCreate Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
107 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
108 PsGetCurrentThread());
110 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
113 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
114 AFS_TRACE_LEVEL_VERBOSE,
115 "AFSProcessCreate Parent %08lX Process %08lX %08lX\n",
118 PsGetCurrentThread());
120 pProcessCB = AFSInitializeProcessCB( (ULONGLONG)ParentId,
121 (ULONGLONG)ProcessId);
123 if( pProcessCB != NULL)
126 pProcessCB->CreatingProcessId = (ULONGLONG)CreatingProcessId;
128 pProcessCB->CreatingThreadId = (ULONGLONG)CreatingThreadId;
131 // Now assign the AuthGroup ACE
134 AFSValidateProcessEntry( ProcessId);
139 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
140 AFS_TRACE_LEVEL_ERROR,
141 "AFSProcessCreate Initialization failure for Parent %08lX Process %08lX %08lX\n",
144 PsGetCurrentThread());
147 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
154 AFSProcessDestroy( IN HANDLE ProcessId)
157 NTSTATUS ntStatus = STATUS_SUCCESS;
158 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
159 AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
160 AFSProcessAuthGroupCB *pProcessAuthGroup = NULL, *pLastAuthGroup = NULL;
161 AFSThreadCB *pThreadCB = NULL, *pNextThreadCB = NULL;
166 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
167 AFS_TRACE_LEVEL_VERBOSE,
168 "AFSProcessDestroy Acquiring Control ProcessTree.TreeLock lock %08lX EXCL %08lX\n",
169 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
170 PsGetCurrentThreadId());
172 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
175 // It's a remove so pull the entry
178 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
179 AFS_TRACE_LEVEL_VERBOSE,
180 "AFSProcessDestroy Process %08lX %08lX\n",
182 PsGetCurrentThread());
184 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
185 (ULONGLONG)ProcessId,
186 (AFSBTreeEntry **)&pProcessCB);
188 if( NT_SUCCESS( ntStatus) &&
192 AFSRemoveHashEntry( &pDeviceExt->Specific.Control.ProcessTree.TreeHead,
193 (AFSBTreeEntry *)pProcessCB);
195 pProcessAuthGroup = pProcessCB->AuthGroupList;
197 while( pProcessAuthGroup != NULL)
200 pLastAuthGroup = pProcessAuthGroup->Next;
202 ExFreePool( pProcessAuthGroup);
204 pProcessAuthGroup = pLastAuthGroup;
207 pThreadCB = pProcessCB->ThreadList;
209 while( pThreadCB != NULL)
212 pNextThreadCB = pThreadCB->Next;
214 ExFreePool( pThreadCB);
216 pThreadCB = pNextThreadCB;
219 ExDeleteResourceLite( &pProcessCB->Lock);
221 ExFreePool( pProcessCB);
225 AFSDbgLogMsg( AFS_SUBSYSTEM_PROCESS_PROCESSING,
226 AFS_TRACE_LEVEL_WARNING,
227 "AFSProcessDestroy Process %08lX not found in ProcessTree Status %08lX %08lX\n",
230 PsGetCurrentThread());
233 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
240 // AFSValidateProcessEntry verifies the consistency of the current process
241 // entry which includes assigning an authentication group ACE if one is not
242 // present. A reference to the active authentication group GUID is returned.
246 AFSValidateProcessEntry( IN HANDLE ProcessId)
249 GUID *pAuthGroup = NULL;
250 NTSTATUS ntStatus = STATUS_SUCCESS;
251 AFSProcessCB *pProcessCB = NULL, *pParentProcessCB = NULL;
252 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
253 ULONGLONG ullProcessID = (ULONGLONG)ProcessId;
254 UNICODE_STRING uniSIDString;
256 AFSSIDEntryCB *pSIDEntryCB = NULL;
257 ULONG ulSessionId = 0;
258 ULONGLONG ullTableHash = 0;
259 AFSThreadCB *pParentThreadCB = NULL;
260 UNICODE_STRING uniGUID;
261 BOOLEAN bImpersonation = FALSE;
266 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
267 AFS_TRACE_LEVEL_VERBOSE,
268 "AFSValidateProcessEntry Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
269 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
270 PsGetCurrentThread());
272 uniSIDString.Length = 0;
273 uniSIDString.MaximumLength = 0;
274 uniSIDString.Buffer = NULL;
276 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
279 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
280 AFS_TRACE_LEVEL_VERBOSE,
281 "%s Entry for ProcessID %I64X\n",
285 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
287 (AFSBTreeEntry **)&pProcessCB);
289 if( !NT_SUCCESS( ntStatus) ||
293 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
295 AFSAcquireExcl( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
298 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
300 (AFSBTreeEntry **)&pProcessCB);
302 if( !NT_SUCCESS( ntStatus) ||
312 if( !NT_SUCCESS( ntStatus) ||
316 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
317 AFS_TRACE_LEVEL_ERROR,
318 "%s Failed to locate process entry for ProcessID %I64X\n",
322 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
324 try_return( ntStatus = STATUS_UNSUCCESSFUL);
327 AFSConvertToShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
331 // Locate and lock the ParentProcessCB if we have one
334 if( pProcessCB->ParentProcessId != 0)
337 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
338 AFS_TRACE_LEVEL_VERBOSE,
339 "%s Locating process entry for Parent ProcessID %I64X\n",
341 pProcessCB->ParentProcessId);
343 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
344 (ULONGLONG)pProcessCB->ParentProcessId,
345 (AFSBTreeEntry **)&pParentProcessCB);
347 if( NT_SUCCESS( ntStatus) &&
348 pParentProcessCB != NULL)
350 AFSAcquireExcl( &pParentProcessCB->Lock,
353 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
354 AFS_TRACE_LEVEL_VERBOSE,
355 "%s Located process entry for Parent ProcessID %I64X\n",
357 pProcessCB->ParentProcessId);
363 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
364 AFS_TRACE_LEVEL_VERBOSE,
365 "%s No parent ID for ProcessID %I64X\n",
370 AFSAcquireExcl( &pProcessCB->Lock,
373 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
378 // Mark the process as 64-bit if it is.
381 if( !IoIs32bitProcess( NULL))
384 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
389 ClearFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
394 // Locate the SID for the caller
397 ntStatus = AFSGetCallerSID( &uniSIDString, &bImpersonation);
399 if( !NT_SUCCESS( ntStatus))
402 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
403 AFS_TRACE_LEVEL_ERROR,
404 "%s Failed to locate callers SID for ProcessID %I64X\n",
408 try_return( ntStatus);
411 ulSessionId = AFSGetSessionId( (HANDLE)ullProcessID, &bImpersonation);
413 if( ulSessionId == (ULONG)-1)
416 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
417 AFS_TRACE_LEVEL_ERROR,
418 "%s Failed to retrieve session ID for ProcessID %I64X\n",
422 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
425 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
426 AFS_TRACE_LEVEL_VERBOSE,
427 "%s Retrieved callers SID %wZ for ProcessID %I64X Session %08lX\n",
434 // If there is an Auth Group for the current process,
435 // our job is finished.
438 if ( bImpersonation == FALSE)
440 pAuthGroup = pProcessCB->ActiveAuthGroup;
442 if( pAuthGroup != NULL &&
443 !AFSIsNoPAGAuthGroup( pAuthGroup))
446 uniGUID.Buffer = NULL;
448 RtlStringFromGUID( *pAuthGroup,
451 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
452 AFS_TRACE_LEVEL_VERBOSE,
453 "%s Located valid AuthGroup GUID %wZ for SID %wZ ProcessID %I64X Session %08lX\n",
460 if( uniGUID.Buffer != NULL)
462 RtlFreeUnicodeString( &uniGUID);
465 try_return( ntStatus = STATUS_SUCCESS);
469 // The current process does not yet have an Auth Group. Try to inherit
470 // one from the parent process thread that created this process.
473 if( pParentProcessCB != NULL)
476 for ( pParentThreadCB = pParentProcessCB->ThreadList;
477 pParentThreadCB != NULL;
478 pParentThreadCB = pParentThreadCB->Next)
481 if( pParentThreadCB->ThreadId == pProcessCB->CreatingThreadId)
488 // If the creating thread was found and it has a thread specific
489 // Auth Group, use that even if it is the No PAG
492 if( pParentThreadCB != NULL &&
493 pParentThreadCB->ActiveAuthGroup != NULL &&
494 !AFSIsNoPAGAuthGroup( pParentThreadCB->ActiveAuthGroup))
496 pProcessCB->ActiveAuthGroup = pParentThreadCB->ActiveAuthGroup;
498 uniGUID.Buffer = NULL;
500 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
503 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
504 AFS_TRACE_LEVEL_VERBOSE,
505 "%s PID %I64X Session %08lX inherited Active AuthGroup %wZ from thread %I64X\n",
510 pParentThreadCB->ThreadId);
512 if( uniGUID.Buffer != NULL)
514 RtlFreeUnicodeString( &uniGUID);
519 // If the parent thread was not found or does not have an auth group
522 else if( pParentProcessCB->ActiveAuthGroup != NULL &&
523 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
525 pProcessCB->ActiveAuthGroup = pParentProcessCB->ActiveAuthGroup;
527 uniGUID.Buffer = NULL;
529 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
532 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
533 AFS_TRACE_LEVEL_VERBOSE,
534 "%s PID %I64X Session %08lX inherited Active AuthGroup %wZ from parent PID %I64X\n",
539 pParentProcessCB->TreeEntry.HashIndex);
541 if( uniGUID.Buffer != NULL)
543 RtlFreeUnicodeString( &uniGUID);
548 // If an Auth Group was inherited, set it to be the active group
551 if( pProcessCB->ActiveAuthGroup != NULL &&
552 !AFSIsNoPAGAuthGroup( pParentProcessCB->ActiveAuthGroup))
554 pAuthGroup = pProcessCB->ActiveAuthGroup;
556 uniGUID.Buffer = NULL;
558 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
561 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
562 AFS_TRACE_LEVEL_VERBOSE,
563 "%s Returning(1) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
570 if( uniGUID.Buffer != NULL)
572 RtlFreeUnicodeString( &uniGUID);
575 try_return( ntStatus);
581 // If no Auth Group was inherited, assign one based upon the Session and SID
584 ntStatus = RtlHashUnicodeString( &uniSIDString,
586 HASH_STRING_ALGORITHM_DEFAULT,
589 if( !NT_SUCCESS( ntStatus))
592 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
593 AFS_TRACE_LEVEL_ERROR,
594 "%s Failed to hash SID %wZ for PID %I64X Session %08lX Status %08lX\n",
601 try_return( ntStatus);
604 ullTableHash = ( ((ULONGLONG)ulSessionId << 32) | ulSIDHash);
606 AFSAcquireShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
609 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
610 (ULONGLONG)ullTableHash,
611 (AFSBTreeEntry **)&pSIDEntryCB);
613 if( !NT_SUCCESS( ntStatus) ||
617 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
619 AFSAcquireExcl( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock,
622 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
623 (ULONGLONG)ullTableHash,
624 (AFSBTreeEntry **)&pSIDEntryCB);
626 if( !NT_SUCCESS( ntStatus) ||
630 pSIDEntryCB = (AFSSIDEntryCB *)AFSExAllocatePoolWithTag( NonPagedPool,
631 sizeof( AFSSIDEntryCB),
632 AFS_AG_ENTRY_CB_TAG);
634 if( pSIDEntryCB == NULL)
637 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
639 try_return( ntStatus = STATUS_INSUFFICIENT_RESOURCES);
642 RtlZeroMemory( pSIDEntryCB,
643 sizeof( AFSSIDEntryCB));
645 pSIDEntryCB->TreeEntry.HashIndex = (ULONGLONG)ullTableHash;
647 while( ExUuidCreate( &pSIDEntryCB->AuthGroup) == STATUS_RETRY);
649 uniGUID.Buffer = NULL;
651 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
654 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
655 AFS_TRACE_LEVEL_VERBOSE,
656 "%s SID %wZ PID %I64X Session %08lX generated NEW AG %wZ\n",
663 if( uniGUID.Buffer != NULL)
665 RtlFreeUnicodeString( &uniGUID);
668 if( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead == NULL)
670 pDeviceExt->Specific.Control.AuthGroupTree.TreeHead = (AFSBTreeEntry *)pSIDEntryCB;
674 AFSInsertHashEntry( pDeviceExt->Specific.Control.AuthGroupTree.TreeHead,
675 &pSIDEntryCB->TreeEntry);
679 AFSConvertToShared( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
683 AFSReleaseResource( pDeviceExt->Specific.Control.AuthGroupTree.TreeLock);
686 // Store the auth group into the process cb
689 pProcessCB->ActiveAuthGroup = &pSIDEntryCB->AuthGroup;
691 uniGUID.Buffer = NULL;
693 RtlStringFromGUID( pSIDEntryCB->AuthGroup,
696 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
697 AFS_TRACE_LEVEL_VERBOSE,
698 "%s SID %wZ PID %I64X Session %08lX assigned AG %wZ\n",
705 if( uniGUID.Buffer != NULL)
707 RtlFreeUnicodeString( &uniGUID);
711 // Set the AFS_PROCESS_LOCAL_SYSTEM_AUTH flag if the process SID
715 if( AFSIsLocalSystemSID( &uniSIDString))
717 SetFlag( pProcessCB->Flags, AFS_PROCESS_LOCAL_SYSTEM_AUTH);
719 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
720 AFS_TRACE_LEVEL_VERBOSE,
721 "%s Setting PID %I64X Session %08lX with LOCAL SYSTEM AUTHORITY\n",
728 // Return the auth group
731 pAuthGroup = pProcessCB->ActiveAuthGroup;
733 uniGUID.Buffer = NULL;
735 RtlStringFromGUID( *(pProcessCB->ActiveAuthGroup),
738 AFSDbgLogMsg( AFS_SUBSYSTEM_AUTHGROUP_PROCESSING,
739 AFS_TRACE_LEVEL_VERBOSE,
740 "%s Returning(2) Active AuthGroup %wZ for SID %wZ PID %I64X Session %08lX\n",
747 if( uniGUID.Buffer != NULL)
749 RtlFreeUnicodeString( &uniGUID);
754 if( pProcessCB != NULL)
757 if( bImpersonation == FALSE &&
758 !BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET) &&
759 NT_SUCCESS( ntStatus))
761 ntStatus = AFSProcessSetProcessDacl( pProcessCB);
763 if( !NT_SUCCESS( ntStatus))
769 SetFlag( pProcessCB->Flags, AFS_PROCESS_FLAG_ACE_SET);
773 AFSReleaseResource( &pProcessCB->Lock);
776 if( pParentProcessCB != NULL)
778 AFSReleaseResource( &pParentProcessCB->Lock);
781 if( uniSIDString.Length > 0)
783 RtlFreeUnicodeString( &uniSIDString);
791 AFSIs64BitProcess( IN ULONGLONG ProcessId)
794 NTSTATUS ntStatus = STATUS_SUCCESS;
795 BOOLEAN bIs64Bit = FALSE;
796 AFSProcessCB *pProcessCB = NULL;
797 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
802 AFSDbgLogMsg( AFS_SUBSYSTEM_LOCK_PROCESSING,
803 AFS_TRACE_LEVEL_VERBOSE,
804 "AFSIs64BitProcess Acquiring Control ProcessTree.TreeLock lock %08lX SHARED %08lX\n",
805 pDeviceExt->Specific.Control.ProcessTree.TreeLock,
806 PsGetCurrentThread());
808 AFSAcquireShared( pDeviceExt->Specific.Control.ProcessTree.TreeLock,
811 ntStatus = AFSLocateHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
812 (ULONGLONG)ProcessId,
813 (AFSBTreeEntry **)&pProcessCB);
815 if( pProcessCB != NULL)
817 bIs64Bit = BooleanFlagOn( pProcessCB->Flags, AFS_PROCESS_FLAG_IS_64BIT);
820 AFSReleaseResource( pDeviceExt->Specific.Control.ProcessTree.TreeLock);
827 AFSInitializeProcessCB( IN ULONGLONG ParentProcessId,
828 IN ULONGLONG ProcessId)
831 AFSProcessCB *pProcessCB = NULL;
832 AFSDeviceExt *pDeviceExt = (AFSDeviceExt *)AFSDeviceObject->DeviceExtension;
837 pProcessCB = (AFSProcessCB *)AFSExAllocatePoolWithTag( NonPagedPool,
838 sizeof( AFSProcessCB),
841 if( pProcessCB == NULL)
843 try_return( pProcessCB);
846 RtlZeroMemory( pProcessCB,
847 sizeof( AFSProcessCB));
849 pProcessCB->TreeEntry.HashIndex = (ULONGLONG)ProcessId;
851 pProcessCB->ParentProcessId = (ULONGLONG)ParentProcessId;
853 if( pDeviceExt->Specific.Control.ProcessTree.TreeHead == NULL)
855 pDeviceExt->Specific.Control.ProcessTree.TreeHead = (AFSBTreeEntry *)pProcessCB;
859 AFSInsertHashEntry( pDeviceExt->Specific.Control.ProcessTree.TreeHead,
860 &pProcessCB->TreeEntry);
863 ExInitializeResourceLite( &pProcessCB->Lock);
865 pProcessCB->ActiveAuthGroup = &AFSNoPAGAuthGroup;
876 AFSInitializeThreadCB( IN AFSProcessCB *ProcessCB,
877 IN ULONGLONG ThreadId)
880 AFSThreadCB *pThreadCB = NULL, *pCurrentThreadCB = NULL;
885 pThreadCB = (AFSThreadCB *)AFSExAllocatePoolWithTag( NonPagedPool,
886 sizeof( AFSThreadCB),
889 if( pThreadCB == NULL)
891 try_return( pThreadCB);
894 RtlZeroMemory( pThreadCB,
895 sizeof( AFSThreadCB));
897 pThreadCB->ThreadId = ThreadId;
899 if( ProcessCB->ThreadList == NULL)
901 ProcessCB->ThreadList = pThreadCB;
906 pCurrentThreadCB = ProcessCB->ThreadList;
908 while( pCurrentThreadCB != NULL)
911 if( pCurrentThreadCB->Next == NULL)
913 pCurrentThreadCB->Next = pThreadCB;
917 pCurrentThreadCB = pCurrentThreadCB->Next;