Scribd
Upload
36 views118 pages

Proc Inj Win THR Pool

The document discusses Windows thread pool objects like worker factories, tasks, I/O, and timers. It covers the NT APIs used to create, query, and set information on these objects and shows their data structures. Functions like NtCreateWorkerFactory, TpPostTask, and SetThreadpoolTimer are described.

Uploaded by

what.about.russia.ua
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
36 views118 pages

Proc Inj Win THR Pool

The document discusses Windows thread pool objects like worker factories, tasks, I/O, and timers. It covers the NT APIs used to create, query, and set information on these objects and shows their data structures. Functions like NtCreateWorkerFactory, TpPostTask, and SetThreadpoolTimer are described.

Uploaded by

what.about.russia.ua
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 118

Create
Shutdown

Query
Set

Ready
Wait
Release
NTSTATUS NTAPI NtCreateWorkerFactory(
_Out_ PHANDLE WorkerFactoryHandleReturn,
_In_ ACCESS_MASK DesiredAccess,
_In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
_In_ HANDLE CompletionPortHandle,

_In_ HANDLE WorkerProcessHandle,


_In_ PVOID StartRoutine,

_In_opt_ PVOID StartParameter,


_In_opt_ ULONG MaxThreadCount,
_In_opt_ SIZE_T StackReserve,
_In_opt_ SIZE_T StackCommit
);
NTSTATUS NTAPI NtCreateWorkerFactory(..., HANDLE WorkerProcessHandle, ...)
{
[snip]

KPROCESS * pWorkerProcessObject;
ObpReferenceObjectByHandleWithTag(WorkerProcessHandle, ..., &pWorkerProcessObject);

if ( KeGetCurrentThread()->ApcState.Process != pWorkerProcessObject)
{
return STATUS_INVALID_PARAMETER;
}

[snip]
}
NTSTATUS NTAPI NtQueryInformationWorkerFactory(
_In_ HANDLE WorkerFactoryHandle,
_In_ QUERY_WORKERFACTORYINFOCLASS WorkerFactoryInformationClass,
_In_reads_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation,
_In_ ULONG WorkerFactoryInformationLength,
_Out_opt_ PULONG ReturnLength
);
typedef enum _QUERY_WORKERFACTORYINFOCLASS
{
WorkerFactoryBasicInformation = 7,
} QUERY_WORKERFACTORYINFOCLASS, * PQUERY_WORKERFACTORYINFOCLASS;
typedef struct _WORKER_FACTORY_BASIC_INFORMATION
{
[snip]

PVOID StartRoutine;
[snip]
} WORKER_FACTORY_BASIC_INFORMATION, * PWORKER_FACTORY_BASIC_INFORMATION;
NTSTATUS NTAPI NtSetInformationWorkerFactory(
_In_ HANDLE WorkerFactoryHandle,
_In_ SET_WORKERFACTORYINFOCLASS WorkerFactoryInformationClass,
_In_reads_bytes_(WorkerFactoryInformationLength) PVOID WorkerFactoryInformation,
_In_ ULONG WorkerFactoryInformationLength,
);
typedef enum _SET_WORKERFACTORYINFOCLASS
{
WorkerFactoryTimeout = 0,
WorkerFactoryRetryTimeout = 1,
WorkerFactoryIdleTimeout = 2,
WorkerFactoryBindingCount = 3,

WorkerFactoryThreadMinimum = 4,

WorkerFactoryThreadMaximum = 5,
WorkerFactoryPaused = 6,
WorkerFactoryAdjustThreadGoal = 8,
WorkerFactoryCallbackType = 9,
WorkerFactoryStackInformation = 10,
WorkerFactoryThreadBasePriority = 11,
WorkerFactoryTimeoutWaiters = 12,
WorkerFactoryFlags = 13,
WorkerFactoryThreadSoftMaximum = 14
} SET_WORKERFACTORYINFOCLASS, * PSET_WORKERFACTORYINFOCLASS;
typedef struct _TP_WORK
{
_TPP_CLEANUP_GROUP_MEMBER CleanupGroupMember;

TP_TASK Task;

TPP_WORK_STATE WorkState;
INT32 __PADDING__[1];
} TP_WORK, * PTP_WORK;
NTSTATUS NTAPI TpPostTask(TP_TASK* TpTask, TP_POOL* TpPool, int CallbackPriority, …)
{
[snip]

TPP_QUEUE* TaskQueue = &TpPool->TaskQueue[CallbackPriority];

InsertTailList(&TaskQueue->Queue, &TpTask->ListEntry);

[snip]
}
Create

Open

Query
Set

Remove
typedef struct _TP_IO
{
_TPP_CLEANUP_GROUP_MEMBER CleanupGroupMember;

TP_DIRECT Direct;

HANDLE File;
INT32 PendingIrpCount;
INT32 __PADDING__[1];
} TP_WORK, * PTP_WORK;
NTSTATUS NTAPI TpBindFileToDirect(HANDLE hFile, TP_DIRECT* TpDirect, TP_POOL* TpPool)
{
[snip]

FILE_COMPLETION_INFORMATION FileCompletionInfo{ 0 };
FileCompletionInfo.Key = TpDirect;
FileCompletionInfo.Port = TpPool->CompletionPort;

NtSetInformationFile(
hFile,
&IoStatusBlock,
&FileCompletionInfo,
sizeof(FILE_COMPLETION_INFORMATION),
FileCompletionInformation);

[snip]
}




PTP_TIMER NTAPI CreateThreadpoolTimer(
_In_ PTP_TIMER_CALLBACK TimerCallback,
_In_Opt PVOID TimerContext,
_In_Opt PTP_CALLBACK_ENVIRON TpCallbackEnviron
);

void NTAPI SetThreadpoolTimer(


_In_ PTP_TIMER_CALLBACK TimerCallback,
_In_Opt PFILETIME DueTime,
_In_ DWORD Period,
_In_ DWORD WindowLength
);
typedef struct _TP_TIMER
{
[snip]
TPP_PH_LINKS WindowEndLinks;
TPP_PH_LINKS WindowStartLinks;
[snip]
} TP_TIMER, * PTP_TIMER;
NTSTATUS NTAPI TppEnqueueTimer(TPP_TIMER_QUEUE* TimerQueue, TP_TIMER* TpTimer)
{
[snip]
TppPHInsert(&TimerQueue->WindowStart, &TpTimer->WindowStartLinks);
TppPHInsert(&TimerQueue->WindowEnd, &TpTimer->WindowEndLinks);
[snip]
}

You might also like