From: Derek Lesho Subject: [PATCH v4 09/11] ntoskrnl.exe: Implement PsIsSystemThread. Message-Id: <20190411194558.31939-9-dereklesho52@Gmail.com> Date: Thu, 11 Apr 2019 15:45:56 -0400 In-Reply-To: <20190411182706.25812-9-dereklesho52@Gmail.com> References: <20190411182706.25812-9-dereklesho52@Gmail.com> Signed-off-by: Derek Lesho --- dlls/ntoskrnl.exe/ntoskrnl.c | 9 +++++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- dlls/ntoskrnl.exe/tests/driver.c | 18 ++++++++++++++++++ include/ddk/ntifs.h | 1 + 4 files changed, 29 insertions(+), 1 deletion(-) diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index eec14b7608..f74c2362de 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -3015,6 +3015,15 @@ HANDLE WINAPI PsGetCurrentThreadId(void) } +/*********************************************************************** + * PsIsSystemThread (NTOSKRNL.EXE.@) + */ +BOOLEAN WINAPI PsIsSystemThread(PETHREAD thread) +{ + return ((PKTHREAD)thread)->process == PsInitialSystemProcess; +} + + /*********************************************************************** * PsGetVersion (NTOSKRNL.EXE.@) */ diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index 7f09ba644c..8c347999ba 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -907,7 +907,7 @@ @ stdcall PsImpersonateClient(ptr ptr long long long) @ extern PsInitialSystemProcess @ stub PsIsProcessBeingDebugged -@ stub PsIsSystemThread +@ stdcall PsIsSystemThread(ptr) @ stub PsIsThreadImpersonating @ stub PsIsThreadTerminating @ stub PsJobType diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index 79923b9852..0968581114 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -29,6 +29,7 @@ #include "winternl.h" #include "winioctl.h" #include "ddk/ntddk.h" +#include "ddk/ntifs.h" #include "ddk/wdm.h" #include "driver.h" @@ -1182,6 +1183,22 @@ static void test_lookup_thread(void) ok(status == STATUS_INVALID_PARAMETER, "PsLookupThreadByThreadId returned %#x\n", status); } +static void WINAPI system_thread( void *arg ) +{ + BOOLEAN result = PsIsSystemThread((PETHREAD)KeGetCurrentThread()); + ok((result), "got %u\n", result); + + PsTerminateSystemThread( STATUS_SUCCESS ); +} + +static void test_system_thread(void) +{ + BOOLEAN result = PsIsSystemThread((PETHREAD)KeGetCurrentThread()); + ok(!(result), "got %u\n", result); + + run_thread( system_thread, (void*)0 ); +} + static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack, ULONG_PTR *info) { ULONG length = stack->Parameters.DeviceIoControl.OutputBufferLength; @@ -1226,6 +1243,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st test_ob_reference(test_input->path); test_resource(); test_lookup_thred(); + test_system_thread(); /* print process report */ if (winetest_debug) diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h index ec4d1d5aa7..2c61329d9e 100644 --- a/include/ddk/ntifs.h +++ b/include/ddk/ntifs.h @@ -131,6 +131,7 @@ typedef struct _FS_FILTER_CALLBACKS BOOLEAN WINAPI FsRtlIsNameInExpression(PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PWCH); NTSTATUS WINAPI ObQueryNameString(PVOID,POBJECT_NAME_INFORMATION,ULONG,PULONG); +BOOLEAN WINAPI PsIsSystemThread(PETHREAD); NTSTATUS WINAPI PsLookupProcessByProcessId(HANDLE,PEPROCESS*); NTSTATUS WINAPI PsLookupThreadByThreadId(HANDLE,PETHREAD*); void WINAPI PsRevertToSelf(void); -- 2.20.1