From: Derek Lesho Subject: [PATCH 5/5] ntoskrnl.exe: Implement PsIsSystemThread. Message-Id: <20190424142509.528-5-dereklesho52@Gmail.com> Date: Wed, 24 Apr 2019 10:25:09 -0400 In-Reply-To: <20190424142509.528-1-dereklesho52@Gmail.com> References: <20190424142509.528-1-dereklesho52@Gmail.com> Signed-off-by: Derek Lesho --- dlls/ntoskrnl.exe/ntoskrnl.c | 9 +++++++++ dlls/ntoskrnl.exe/ntoskrnl.exe.spec | 2 +- dlls/ntoskrnl.exe/tests/driver.c | 19 ++++++++++++++++++- include/ddk/ntifs.h | 1 + 4 files changed, 29 insertions(+), 2 deletions(-) diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c index 5abd9b5469..8842e9844b 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.c +++ b/dlls/ntoskrnl.exe/ntoskrnl.c @@ -3066,6 +3066,15 @@ HANDLE WINAPI PsGetCurrentThreadId(void) } +/*********************************************************************** + * PsIsSystemThread (NTOSKRNL.EXE.@) + */ +BOOLEAN WINAPI PsIsSystemThread(PETHREAD thread) +{ + return ((PKTHREAD)thread)->process == PsInitialSystemProcess; +} + + /*********************************************************************** * PsGetVersion (NTOSKRNL.EXE.@) */ diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec index f8240c529a..09177a7d75 100644 --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec @@ -908,7 +908,7 @@ @ stdcall PsImpersonateClient(ptr ptr long long long) @ extern PsInitialSystemProcess @ stub PsIsProcessBeingDebugged -@ stub PsIsSystemThread +@ stdcall PsIsSystemThread(ptr) @ stub PsIsThreadImpersonating @ stub PsIsThreadTerminating @ stub PsJobType diff --git a/dlls/ntoskrnl.exe/tests/driver.c b/dlls/ntoskrnl.exe/tests/driver.c index 0410c32ccc..0758e043f1 100644 --- a/dlls/ntoskrnl.exe/tests/driver.c +++ b/dlls/ntoskrnl.exe/tests/driver.c @@ -330,7 +330,7 @@ static void test_currentprocess(void) if (!!current) { - DISPATCHER_HEADER *header = current; + DISPATCHER_HEADER *header = (DISPATCHER_HEADER *)current; ok(header->Type == 3, "header->Type != 3, = %u\n", header->Type); ret = wait_single( current, 0 ); ok(ret == STATUS_TIMEOUT, "got %#x\n", ret); @@ -1210,6 +1210,22 @@ static void test_critical_regions(void) ok(result, "got %u, expected 1\n", result); } +static void WINAPI system_thread( void *arg ) +{ + BOOLEAN result = PsIsSystemThread((PETHREAD)KeGetCurrentThread()); + ok((result), "got %u\n", result); + + PsTerminateSystemThread( STATUS_SUCCESS ); +} + +static void test_system_thread(void) +{ + BOOLEAN result = PsIsSystemThread((PETHREAD)KeGetCurrentThread()); + ok(!(result), "got %u\n", result); + + run_thread( system_thread, (void*)0 ); +} + static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *stack, ULONG_PTR *info) { ULONG length = stack->Parameters.DeviceIoControl.OutputBufferLength; @@ -1255,6 +1271,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp, IO_STACK_LOCATION *st test_resource(); test_lookup_thread(); test_critical_regions(); + test_system_thread(); /* print process report */ if (winetest_debug) diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h index ec4d1d5aa7..2c61329d9e 100644 --- a/include/ddk/ntifs.h +++ b/include/ddk/ntifs.h @@ -131,6 +131,7 @@ typedef struct _FS_FILTER_CALLBACKS BOOLEAN WINAPI FsRtlIsNameInExpression(PUNICODE_STRING, PUNICODE_STRING, BOOLEAN, PWCH); NTSTATUS WINAPI ObQueryNameString(PVOID,POBJECT_NAME_INFORMATION,ULONG,PULONG); +BOOLEAN WINAPI PsIsSystemThread(PETHREAD); NTSTATUS WINAPI PsLookupProcessByProcessId(HANDLE,PEPROCESS*); NTSTATUS WINAPI PsLookupThreadByThreadId(HANDLE,PETHREAD*); void WINAPI PsRevertToSelf(void); -- 2.20.1