[PATCH 1/5] ntoskrnl.exe: Implement PsLookupThreadByThreadId.

Derek Lesho dereklesho52 at gmail.com
Wed Apr 17 14:42:48 CDT 2019 

I have taken Jacek's advice and have split up my previous patchset into
three smaller ones, this being the first.

On Wed, Apr 17, 2019 at 3:41 PM Derek Lesho <dereklesho52 at gmail.com> wrote:

> Signed-off-by: Derek Lesho <dereklesho52 at Gmail.com>
> ---
>  dlls/ntoskrnl.exe/ntoskrnl.c        | 18 ++++++++++++++++++
>  dlls/ntoskrnl.exe/ntoskrnl.exe.spec |  2 +-
>  dlls/ntoskrnl.exe/tests/driver.c    | 18 ++++++++++++++++++
>  include/ddk/ntifs.h                 |  1 +
>  4 files changed, 38 insertions(+), 1 deletion(-)
>
> diff --git a/dlls/ntoskrnl.exe/ntoskrnl.c b/dlls/ntoskrnl.exe/ntoskrnl.c
> index 3789abda35..0ab150ea65 100644
> --- a/dlls/ntoskrnl.exe/ntoskrnl.c
> +++ b/dlls/ntoskrnl.exe/ntoskrnl.c
> @@ -3233,6 +3233,24 @@ NTSTATUS WINAPI PsLookupProcessByProcessId(HANDLE
> processid, PEPROCESS *process)
>  }
>
>
> +/*****************************************************
> + *           PsLookupThreadByThreadId   (NTOSKRNL.EXE.@)
> + */
> +NTSTATUS WINAPI PsLookupThreadByThreadId(HANDLE threadid, PETHREAD
> *thread)
> +{
> +    NTSTATUS status;
> +    HANDLE hThread = OpenThread( THREAD_ALL_ACCESS, FALSE,
> HandleToUlong(threadid) );
> +
> +    if (!hThread)
> +        return STATUS_INVALID_PARAMETER;
> +
> +    status = ObReferenceObjectByHandle( hThread, THREAD_ALL_ACCESS,
> PsThreadType, KernelMode, (void**)thread, NULL );
> +
> +    NtClose( hThread );
> +    return status;
> +}
> +
> +
>  /*****************************************************
>   *           IoSetThreadHardErrorMode  (NTOSKRNL.EXE.@)
>   */
> diff --git a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
> b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
> index 141c8aa639..f965ff55ec 100644
> --- a/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
> +++ b/dlls/ntoskrnl.exe/ntoskrnl.exe.spec
> @@ -914,7 +914,7 @@
>  @ stub PsJobType
>  @ stdcall PsLookupProcessByProcessId(ptr ptr)
>  @ stub PsLookupProcessThreadByCid
> -@ stub PsLookupThreadByThreadId
> +@ stdcall PsLookupThreadByThreadId(ptr ptr)
>  @ extern PsProcessType
>  @ stub PsReferenceImpersonationToken
>  @ stub PsReferencePrimaryToken
> diff --git a/dlls/ntoskrnl.exe/tests/driver.c
> b/dlls/ntoskrnl.exe/tests/driver.c
> index c3839da3bf..4b846869fc 100644
> --- a/dlls/ntoskrnl.exe/tests/driver.c
> +++ b/dlls/ntoskrnl.exe/tests/driver.c
> @@ -29,6 +29,7 @@
>  #include "winternl.h"
>  #include "winioctl.h"
>  #include "ddk/ntddk.h"
> +#include "ddk/ntifs.h"
>  #include "ddk/wdm.h"
>
>  #include "driver.h"
> @@ -1167,6 +1168,22 @@ static void test_resource(void)
>      ok(status == STATUS_SUCCESS, "got status %#x\n", status);
>  }
>
> +static void test_lookup_thread(void)
> +{
> +    NTSTATUS status;
> +    PETHREAD thread = NULL;
> +
> +    status = PsLookupThreadByThreadId(PsGetCurrentThreadId(), &thread);
> +    ok(!status, "PsLookupThreadByThreadId failed: %#x\n", status);
> +    ok((PKTHREAD)thread == KeGetCurrentThread(), "thread !=
> KeGetCurrentThread\n");
> +
> +    if (thread)
> +        ObDereferenceObject(thread);
> +
> +    status = PsLookupThreadByThreadId(NULL, &thread);
> +    ok(status == STATUS_INVALID_PARAMETER, "PsLookupThreadByThreadId
> returned %#x\n", status);
> +}
> +
>  static NTSTATUS main_test(DEVICE_OBJECT *device, IRP *irp,
> IO_STACK_LOCATION *stack, ULONG_PTR *info)
>  {
>      ULONG length = stack->Parameters.DeviceIoControl.OutputBufferLength;
> @@ -1210,6 +1227,7 @@ static NTSTATUS main_test(DEVICE_OBJECT *device, IRP
> *irp, IO_STACK_LOCATION *st
>      test_lookaside_list();
>      test_ob_reference(test_input->path);
>      test_resource();
> +    test_lookup_thread();
>
>      /* print process report */
>      if (winetest_debug)
> diff --git a/include/ddk/ntifs.h b/include/ddk/ntifs.h
> index abe357fbc9..9b57ae7ad7 100644
> --- a/include/ddk/ntifs.h
> +++ b/include/ddk/ntifs.h
> @@ -131,6 +131,7 @@ typedef struct _FS_FILTER_CALLBACKS
>
>  BOOLEAN WINAPI FsRtlIsNameInExpression(PUNICODE_STRING, PUNICODE_STRING,
> BOOLEAN, PWCH);
>  NTSTATUS WINAPI
> ObQueryNameString(PVOID,POBJECT_NAME_INFORMATION,ULONG,PULONG);
> +NTSTATUS WINAPI PsLookupThreadByThreadId(HANDLE,PETHREAD*);
>  void WINAPI PsRevertToSelf(void);
>
>  #endif
> --
> 2.20.1
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.winehq.org/pipermail/wine-devel/attachments/20190417/5d3023ec/attachment.html>

More information about the wine-devel mailing list