Support

Support for KasperskyOS

KasperskyOS Community Edition

Developing security policies

Methods of KasperskyOS core endpoints

Processes endpoint

KasperskyOS Community Edition
Online Help
FAQ Download Forum Contact support

Processes endpoint

21 May 2024

ID kernel_methods_processes

Get as PDF

This endpoint is intended for managing processes.

Information about methods of the endpoint is provided in the table below.

Methods of the task.Task endpoint (kl.core.Task interface)

Method

Method purpose and parameters

Potential danger of the method

Create

Purpose

Creates a process.

Parameters

  • [in] name – process name.
  • [in] eiid – process class name.
  • [in] path – name of the executable file in ROMFS.
  • [in] stackSize – thread stack limit (in bytes) used by default when creating process threads.
  • [in] priority – priority of the initial thread.
  • [in] flags – flags defining the parameters for creating the process.
  • [out] child – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the created process.
  • [out] rc – return code.

Allows the following:

  • Create a process that will be privileged from the perspective of the solution security policy (indicating the name of the process class with privileges).
  • Reserve a process name so that another process with this name cannot be created.
  • Create a process that will cause the operating system to stop if an unhandled exception occurs.
  • Load code from an executable file into process memory for subsequent execution of that code.
  • Exhaust RAM by creating a multitude of processes.
  • Exhaust the kernel memory by creating a multitude of objects within it.

LoadSeg

Purpose

Loads an ELF image segment into process memory from the MDL buffer.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] mdl – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the MDL buffer containing the ELF image segment.
  • [in] segAttr – structure containing the parameters for loading the ELF image segment.
  • [out] rc – return code.
  • [out] retaddr – base address of the virtual memory region of the process where the ELF image segment is loaded.

Allows code to be loaded into process memory for subsequent execution of that code.

VmReserve

Purpose

Reserves the virtual memory region in a process that was created as an empty process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] addr – preferred base address of the virtual memory region, or 0 for the address to be selected automatically.
  • [in] size – size of the virtual memory region in bytes.
  • [in] flags – flags defining the parameters of the virtual memory region.
  • [out] outAddr – base address of the reserved virtual memory region.
  • [out] rc – return code.

Allows the following:

  • Exhaust the kernel memory by creating a multitude of objects within it.
  • Reserve virtual memory regions in another process that was created as an empty process and has not yet been started (if its handle is available). (The handle permissions mask must allow reservation of virtual memory.)

VmFree

Purpose

Frees the virtual memory region that was reserved by calling the VmReserve method in a process that was created as an empty process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] addr – base address of the virtual memory region.
  • [in] size – size of the virtual memory region in bytes.
  • [out] rc – return code.

Frees virtual memory regions in another process that was created as an empty process and has not yet been started (if its handle is available). (The handle permissions mask must allow freeing of virtual memory.)

SetEntry

Purpose

Defines the program entry point and the ELF image load offset.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] state – structure containing the address of the program entry point and the ELF image load offset (in bytes).
  • [out] rc – return code.

Creates conditions for executing code loaded into process memory.

LoadElfSyms

Purpose

Loads the symbol table .symtab and string table .strtab from MDL buffers into the memory of a process that was created as an empty process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] symMdl – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the MDL buffer containing the symbol table .symtab.
  • [in] symSegAttr – structure containing the parameters for loading the symbol table .symtab.
  • [in] symSize – size of the symbol table .symtab (in bytes).
  • [in] strMdl – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the MDL buffer containing the string table .strtab.
  • [in] strSegAttr – structure containing the parameters for loading the string table .strtab.
  • [in] strSize – size of the string table .strtab (in bytes).
  • [out] rc – return code.

N/A

LoadElfHdr

Purpose

Writes the ELF image header to the PCB of a process that was created as an empty process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] hdrData – sequence containing the ELF image header.
  • [out] rc – return code.

N/A

SetEnv

Purpose

Writes data to the SCP of a child process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the child process.
  • [in] env – sequence containing data to be written to the SCP.
  • [out] rc – return code.

Allows the kernel memory to be used up by creating a multitude of objects within it.

FreeSelfEnv

Purpose

Deletes the SCP of the calling process.

Parameters

  • [out] rc – return code.

N/A

Resume

Purpose

Starts a process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [out] rc – return code.

Allows the following:

  • Execute code loaded into process memory.
  • Start a multitude of previously created processes to reduce the computing resources available to other processes (it is recommended to monitor the priority of the initial thread when the Create method is called).

Exit

Purpose

Terminates the calling process.

Parameters

  • [in] status – exit code of the process.
  • [out] rc – return code.

N/A

Terminate

Purpose

Terminates a process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [out] rc – return code.

Allows another process to be terminated if its handle is available. (The handle permissions mask must allow termination of the process.)

GetExitInfo

Purpose

Gets information about a terminated process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the terminated process.
  • [out] status – value indicating the reason for process termination.
  • [out] info – union containing information about the terminated process.
  • [out] rc – return code.

N/A

GetThreadContext

Purpose

Gets the context of a thread that is part of a frozen process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process that is in a frozen state.
  • [in] index – thread index. It is used to enumerate threads. Enumeration starts with zero. A thread in which an unhandled exception occurred has a zero index.
  • [out] context – structure containing the thread ID (TID) and thread context.
  • [out] rc – return code.

Enables disrupted isolation of a process that is in a frozen state. For example, the thread context may contain the values of variables.

GetNextVmRegion

Purpose

Gets information about the virtual memory region that belongs to a frozen process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process that is in a frozen state.
  • [in] after – address that is followed by the virtual memory region.
  • [out] next – base address of the virtual memory region.
  • [out] size – size of the virtual memory region in bytes.
  • [out] flags – flags indicating the parameters of the virtual memory region.
  • [out] handle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the MDL buffer mapped to a virtual memory region.
  • [out] rc – return code.

Enables disrupted isolation of a process that is in a frozen state. Process isolation is disrupted due to the opened access to the process memory region.

TerminateAfterFreezing

Purpose

Terminates a frozen process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process that is in a frozen state.
  • [out] rc – return code.

Enables termination of a frozen process. This does not allow collection of data about this process for diagnostic purposes.

GetName

Purpose

Gets the name of a calling process.

Parameters

  • [out] name – process name.
  • [out] rc – return code.

N/A

GetPath

Purpose

Gets the name of the executable file (in ROMFS) that was used to create the calling process.

Parameters

  • [out] path – name of the executable file.
  • [out] rc – return code.

N/A

GetInitialThreadPriority

Purpose

Gets the priority of the initial thread of a process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [out] priority – priority of the initial thread.
  • [out] rc – return code.

N/A

SetInitialThreadPriority

Purpose

Defines the priority of the initial thread of a process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] priority – priority of the initial thread.
  • [out] rc – return code.

Allows the priority of the initial thread of a process to be elevated to reduce the CPU time available to all other threads, including from other processes.

It is recommended to monitor the priority of an initial thread.

GetTasksList

Purpose

Gets information about existing processes.

Parameters

  • [out] notice – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the notification receiver that is configured to receive notifications regarding the termination of processes.
  • [out] strings – sequence containing the parameters of processes.
  • [out] pids – sequence containing the identifiers of processes (the PID of each process).
  • [out] rc – return code.

Allows the kernel memory to be used up by creating a multitude of objects within it.

SetInitialThreadSchedPolicy

Purpose

Defines the scheduler class and priority of the initial thread of a process.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] policy – scheduler class of the initial thread of the process.
  • [in] priority – priority of the initial thread of a process.
  • [in] params – union containing the parameters of the scheduler class of the initial thread of the process.
  • [out] rc – return code.

Allows the following:

  • Convert the initial thread of a process into a real-time thread that takes up all the CPU time from all other threads, including from other processes (it is recommended to monitor the scheduler class of the initial thread of the process).
  • Elevate the priority of the initial thread of a process to reduce the CPU time available to all other threads, including from other processes (it is recommended to monitor the priority of the initial thread of the process).

ReseedAslr

Purpose

Defines the seed value for ASLR support.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] seed – sequence containing the seed value.
  • [out] rc – return code.

N/A

GetElfSyms

Purpose

Gets the address and size of the symbol table .symtab and string table .strtab for the calling process.

Parameters

  • [out] relocBase – ELF image load offset (in bytes).
  • [out] syms – address of the symbol table .symtab.
  • [out] symsCnt – size (in bytes) of the symbol table .symtab.
  • [out] strs – address of the string table .strtab.
  • [out] strsSize – size (in bytes) of the string table .strtab.
  • [out] rc – return code.

N/A

TransferHandle

Purpose

Transfers a handle to a process that is not yet running.

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [in] srcHandle – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle field contains the transferred handle.
  • [in] srcBadge – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the resource transfer context object.
  • [in] dstRights – permissions mask of the descendant of the transferred handle.
  • [out] dstHandle – value of the descendant of the transferred handle (from the handle space of the process that received the handle).
  • [out] rc – return code.

Allows the kernel memory to be used up by creating a multitude of objects within it.

GetPid

Purpose

Gets the process ID (PID).

Parameters

  • [in] task – value whose binary representation consists of multiple fields, including a handle field and a handle permissions mask field. The handle identifies the process.
  • [out] pid – process ID.
  • [out] rc – return code.

N/A

Did you find this article helpful?
What can we do better?
Thank you for your feedback! You're helping us improve.
Thank you for your feedback! You're helping us improve.