nt.h@ 107420

Last change on this file since 107420 was 107382, checked in by vboxsync, 5 months ago
IPRT/r3/nt: Some FILE_INFORMATION_CLASS doc updates for NT4 and earlier. bugref:10826
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 173.3 KB

Line
1	/* $Id: nt.h 107382 2024-12-19 13:55:07Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2024 Oracle and/or its affiliates.
8	*
9	* This file is part of VirtualBox base platform packages, as
10	* available from https://www.virtualbox.org.
11	*
12	* This program is free software; you can redistribute it and/or
13	* modify it under the terms of the GNU General Public License
14	* as published by the Free Software Foundation, in version 3 of the
15	* License.
16	*
17	* This program is distributed in the hope that it will be useful, but
18	* WITHOUT ANY WARRANTY; without even the implied warranty of
19	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20	* General Public License for more details.
21	*
22	* You should have received a copy of the GNU General Public License
23	* along with this program; if not, see <https://www.gnu.org/licenses>.
24	*
25	* The contents of this file may alternatively be used under the terms
26	* of the Common Development and Distribution License Version 1.0
27	* (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28	* in the VirtualBox distribution, in which case the provisions of the
29	* CDDL are applicable instead of those of the GPL.
30	*
31	* You may elect to license modified versions of this file under the
32	* terms and conditions of either the GPL or the CDDL or both.
33	*
34	* SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35	*/
36
37	#ifndef IPRT_INCLUDED_nt_nt_h
38	#define IPRT_INCLUDED_nt_nt_h
39	#ifndef RT_WITHOUT_PRAGMA_ONCE
40	# pragma once
41	#endif
42
43	/** @def IPRT_NT_MAP_TO_ZW
44	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
45	* to the APIs (takes care of the previous context checks).
46	*/
47	#ifdef DOXYGEN_RUNNING
48	# define IPRT_NT_MAP_TO_ZW
49	#endif
50
51	#ifdef IPRT_NT_MAP_TO_ZW
52	# define NtQueryDirectoryFile ZwQueryDirectoryFile
53	# define NtQueryInformationFile ZwQueryInformationFile
54	# define NtQueryInformationProcess ZwQueryInformationProcess
55	# define NtQueryInformationThread ZwQueryInformationThread
56	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
57	# define NtQuerySystemInformation ZwQuerySystemInformation
58	# define NtQuerySecurityObject ZwQuerySecurityObject
59	# define NtSetInformationFile ZwSetInformationFile
60	# define NtClose ZwClose
61	# define NtCreateFile ZwCreateFile
62	# define NtReadFile ZwReadFile
63	# define NtWriteFile ZwWriteFile
64	# define NtFlushBuffersFile ZwFlushBuffersFile
65	/** @todo this is very incomplete! */
66	#endif
67
68	#include <ntstatus.h>
69
70	/*
71	* Hacks common to both base header sets.
72	*/
73	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
74	#define NtQueryObject Incomplete_NtQueryObject
75	#define ZwQueryObject Incomplete_ZwQueryObject
76	#define NtSetInformationObject Incomplete_NtSetInformationObject
77	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
78	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
79	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
80	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
81	#define _PEB Incomplete__PEB
82	#define PEB Incomplete_PEB
83	#define PPEB Incomplete_PPEB
84	#define _TEB Incomplete__TEB
85	#define TEB Incomplete_TEB
86	#define PTEB Incomplete_PTEB
87	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
88	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
89	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
90	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
91	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
92	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
93
94
95
96	#ifdef IPRT_NT_USE_WINTERNL
97	/*
98	* Use Winternl.h.
99	*/
100	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
101	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
102	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
103
104	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
105	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
106	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
107	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
108	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
109	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
110	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
111	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
112	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
113	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
114	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
115	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
116
117	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
118	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
119	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
120
121	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
122	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
123	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
124	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
125	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
126
127	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
128	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
129	# define NtQueryTimerResolution AddedRecentlyUseOwnPrototype_NtQueryTimerResolution
130	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
131	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
132	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
133	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
134	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
135	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
136	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
137	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
138	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
139	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
140	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
141	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
142
143
144	# pragma warning(push)
145	# pragma warning(disable: 4668)
146	# define WIN32_NO_STATUS
147	# include <windef.h>
148	# include <winnt.h>
149	# include <winternl.h>
150	# undef WIN32_NO_STATUS
151	# include <ntstatus.h>
152	# pragma warning(pop)
153
154	# ifndef OBJ_DONT_REPARSE
155	# define RTNT_NEED_CLIENT_ID
156	# endif
157
158	# undef _FILE_INFORMATION_CLASS
159	# undef FILE_INFORMATION_CLASS
160	# undef FileDirectoryInformation
161
162	# undef NtQueryInformationProcess
163	# undef NtSetInformationProcess
164	# undef PROCESSINFOCLASS
165	# undef _PROCESSINFOCLASS
166	# undef PROCESS_BASIC_INFORMATION
167	# undef PPROCESS_BASIC_INFORMATION
168	# undef _PROCESS_BASIC_INFORMATION
169	# undef ProcessBasicInformation
170	# undef ProcessDebugPort
171	# undef ProcessWow64Information
172	# undef ProcessImageFileName
173	# undef ProcessBreakOnTermination
174
175	# undef RTL_USER_PROCESS_PARAMETERS
176	# undef PRTL_USER_PROCESS_PARAMETERS
177	# undef _RTL_USER_PROCESS_PARAMETERS
178
179	# undef NtQueryInformationThread
180	# undef NtSetInformationThread
181	# undef THREADINFOCLASS
182	# undef _THREADINFOCLASS
183	# undef ThreadIsIoPending
184
185	# undef NtQuerySystemInformation
186	# undef NtSetSystemInformation
187	# undef NtQueryTimerResolution
188	# undef SYSTEM_INFORMATION_CLASS
189	# undef _SYSTEM_INFORMATION_CLASS
190	# undef SystemBasicInformation
191	# undef SystemPerformanceInformation
192	# undef SystemTimeOfDayInformation
193	# undef SystemProcessInformation
194	# undef SystemProcessorPerformanceInformation
195	# undef SystemInterruptInformation
196	# undef SystemExceptionInformation
197	# undef SystemRegistryQuotaInformation
198	# undef SystemLookasideInformation
199	# undef SystemPolicyInformation
200
201	# define RTNT_NEED_NT_GET_PRODUCT_TYPE
202
203	#else
204	/*
205	* Use ntifs.h and wdm.h.
206	*/
207	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
208	# define FORCEINLINE static __forceinline
209	# else
210	# define FORCEINLINE static __inline
211	# endif
212
213	# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
214	# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
215	# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
216	# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
217	# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
218	# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
219	# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
220	# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
221	# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
222	# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
223	# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
224	# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
225	# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
226	# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
227	# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
228	# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
229	# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
230	# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
231	# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
232	# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
233	# define _MEMORY_INFORMATION_CLASS OutdatedWdm__MEMORY_INFORMATION_CLASS
234	# define MEMORY_INFORMATION_CLASS OutdatedWdm_MEMORY_INFORMATION_CLASS
235	# define MemoryBasicInformation OutdatedWdm_MemoryBasicInformation
236	# define NtQueryVirtualMemory OutdatedWdm_NtQueryVirtualMemory
237
238	# pragma warning(push)
239	# ifdef RT_ARCH_X86
240	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
241	# pragma warning(disable: 4163)
242	# endif
243	# pragma warning(disable: 4668)
244	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
245	# if _MSC_VER >= 1800 /RT_MSC_VER_VC120/
246	# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
247	# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
248	# endif
249	# if _MSC_VER >= 1900 /RT_MSC_VER_VC140/
250	# ifdef __cplusplus
251	# pragma warning(disable:5039) /* warning C5039: 'KeInitializeDpc': pointer or reference to potentially throwing function passed to 'extern "C"' function under -EHc. Undefined behavior may occur if this function throws an exception. */
252	# endif
253	# endif
254
255	# include <ntifs.h>
256	# include <wdm.h>
257
258	# ifdef RT_ARCH_X86
259	# undef _InterlockedAddLargeStatistic
260	# endif
261	# pragma warning(pop)
262
263	# undef _FSINFOCLASS
264	# undef FS_INFORMATION_CLASS
265	# undef PFS_INFORMATION_CLASS
266	# undef FileFsVolumeInformation
267	# undef FileFsLabelInformation
268	# undef FileFsSizeInformation
269	# undef FileFsDeviceInformation
270	# undef FileFsAttributeInformation
271	# undef FileFsControlInformation
272	# undef FileFsFullSizeInformation
273	# undef FileFsObjectIdInformation
274	# undef FileFsDriverPathInformation
275	# undef FileFsVolumeFlagsInformation
276	# undef FileFsSectorSizeInformation
277	# undef FileFsDataCopyInformation
278	# undef FileFsMetadataSizeInformation
279	# undef FileFsFullSizeInformationEx
280	# undef FileFsMaximumInformation
281	# undef NtQueryVolumeInformationFile
282	# undef NtSetVolumeInformationFile
283	# undef _MEMORY_INFORMATION_CLASS
284	# undef MEMORY_INFORMATION_CLASS
285	# undef MemoryBasicInformation
286	# undef NtQueryVirtualMemory
287
288	# define IPRT_NT_NEED_API_GROUP_NTIFS
289	# ifndef NTDDI_WIN10_RS1
290	# define RTNT_NEED_NT_GET_PRODUCT_TYPE
291	# elif NTDDI_VERSION < NTDDI_WIN10_RS1
292	# define RTNT_NEED_NT_GET_PRODUCT_TYPE
293	# endif
294
295	#endif
296
297	#undef RtlFreeUnicodeString
298	#undef NtQueryObject
299	#undef ZwQueryObject
300	#undef NtSetInformationObject
301	#undef _OBJECT_INFORMATION_CLASS
302	#undef OBJECT_INFORMATION_CLASS
303	#undef ObjectBasicInformation
304	#undef ObjectTypeInformation
305	#undef _PEB
306	#undef PEB
307	#undef PPEB
308	#undef _TEB
309	#undef TEB
310	#undef PTEB
311	#undef _PEB_LDR_DATA
312	#undef PEB_LDR_DATA
313	#undef PPEB_LDR_DATA
314	#undef _KUSER_SHARED_DATA
315	#undef KUSER_SHARED_DATA
316	#undef PKUSER_SHARED_DATA
317
318
319	#include <iprt/types.h>
320	#include <iprt/assert.h>
321
322
323	/** @name Useful macros
324	* @{ */
325	/** Indicates that we're targeting native NT in the current source. */
326	#define RTNT_USE_NATIVE_NT 1
327	/** Initializes a IO_STATUS_BLOCK. */
328	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { { STATUS_FAILED_DRIVER_ENTRY }, ~(uintptr_t)42 }
329	/** Reinitializes a IO_STATUS_BLOCK. */
330	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
331	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
332	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
333	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
334	/** Constant UNICODE_STRING initializer. */
335	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
336	/** Null UNICODE_STRING initializer. */
337	#define RTNT_NULL_UNISTR() { 0, 0, NULL }
338
339	/** Declaration wrapper for NT apis.
340	* Adds nothrow. Don't use with callbacks. */
341	#define RT_DECL_NTAPI(type) DECL_NOTHROW(NTSYSAPI type NTAPI)
342	/** @} */
343
344
345	/** @name IPRT helper functions for NT
346	* @{ */
347	RT_C_DECLS_BEGIN
348
349	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
350	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
351	PHANDLE phHandle, PULONG_PTR puDisposition);
352	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
353	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
354	RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
355	ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
356	RTDECL(int) RTNtPathClose(HANDLE hHandle);
357
358	/**
359	* Converts a windows-style path to NT format and encoding.
360	*
361	* @returns IPRT status code.
362	* @param pNtName Where to return the NT name. Free using
363	* RTNtPathFree.
364	* @param phRootDir Where to return the root handle, if applicable.
365	* @param pszPath The UTF-8 path.
366	*/
367	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
368
369	/**
370	* Converts a UTF-16 windows-style path to NT format.
371	*
372	* @returns IPRT status code.
373	* @param pNtName Where to return the NT name. Free using
374	* RTNtPathFree.
375	* @param phRootDir Where to return the root handle, if applicable.
376	* @param pwszPath The UTF-16 windows-style path.
377	* @param cwcPath The max length of the windows-style path in
378	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
379	* pwszPath is correctly terminated.
380	*/
381	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
382
383	/**
384	* How to handle ascent ('..' relative to a root handle).
385	*/
386	typedef enum RTNTPATHRELATIVEASCENT
387	{
388	kRTNtPathRelativeAscent_Invalid = 0,
389	kRTNtPathRelativeAscent_Allow,
390	kRTNtPathRelativeAscent_Fail,
391	kRTNtPathRelativeAscent_Ignore,
392	kRTNtPathRelativeAscent_End,
393	kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
394	} RTNTPATHRELATIVEASCENT;
395
396	/**
397	* Converts a relative windows-style path to relative NT format and encoding.
398	*
399	* @returns IPRT status code.
400	* @param pNtName Where to return the NT name. Free using
401	* rtTNtPathToNative with phRootDir set to NULL.
402	* @param phRootDir On input, the handle to the directory the path
403	* is relative to. On output, the handle to
404	* specify as root directory in the object
405	* attributes when accessing the path. If
406	* enmAscent is kRTNtPathRelativeAscent_Allow, it
407	* may have been set to NULL.
408	* @param pszPath The relative UTF-8 path.
409	* @param enmAscent How to handle ascent.
410	* @param fMustReturnAbsolute Must convert to an absolute path. This
411	* is necessary if the root dir is a NT directory
412	* object (e.g. /Devices) since they cannot parse
413	* relative paths it seems.
414	*/
415	RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath,
416	RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
417
418	/**
419	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
420	* chars plus a terminator.
421	*
422	* The NT string must have been returned by RTNtPathFromWinUtf8 or
423	* RTNtPathFromWinUtf16Ex.
424	*
425	* @returns IPRT status code.
426	* @param pNtName The NT path string.
427	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
428	* @sa RTNtPathFree
429	*/
430	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
431
432	/**
433	* Gets the NT path to the object represented by the given handle.
434	*
435	* @returns IPRT status code.
436	* @param pNtName Where to return the NT path. Free using
437	* RTNtPathFree.
438	* @param hHandle The handle.
439	* @param cwcExtra How much extra space is needed.
440	*/
441	RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
442
443	/**
444	* Frees the native path and root handle.
445	*
446	* @param pNtName The NT path after a successful rtNtPathToNative
447	* call or RTNtPathRelativeFromUtf8.
448	* @param phRootDir The root handle variable from rtNtPathToNative,
449	*/
450	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
451
452
453	/**
454	* Checks whether the path could be containing alternative 8.3 names generated
455	* by NTFS, FAT, or other similar file systems.
456	*
457	* @returns Pointer to the first component that might be an 8.3 name, NULL if
458	* not 8.3 path.
459	* @param pwszPath The path to check.
460	*
461	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
462	* however, non-tilde 8.3 aliases are probably rare enough to not be
463	* worth all the extra code necessary to open each path component and
464	* check if we've got the short name or not.
465	*/
466	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
467
468	/**
469	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
470	* components.
471	*
472	* The path is fixed up in place. Errors are ignored.
473	*
474	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
475	* indicating the nature of last problem we ran into.
476	*
477	* @param pUniStr The path to fix up. MaximumLength is the max buffer
478	* length.
479	* @param fPathOnly Whether to only process the path and leave the filename
480	* as passed in.
481	*/
482	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
483
484	/**
485	* Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
486	* working on the input buffer.
487	*
488	* @returns IPRT status code, see RTNtPathExpand8dot3Path().
489	* @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
490	* length.
491	* @param fPathOnly Whether to only process the path and leave the filename
492	* as passed in.
493	* @param pUniStrDst Output string. On success, the caller must use
494	* RTUtf16Free to free what the Buffer member points to.
495	* This is all zeros and NULL on failure.
496	*/
497	RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING pUniStrDst);
498
499
500	RT_C_DECLS_END
501	/** @} */
502
503
504	/** @name NT API delcarations.
505	* @{ */
506	RT_C_DECLS_BEGIN
507
508	/** @name Process access rights missing in ntddk headers
509	* @{ */
510	#ifndef PROCESS_TERMINATE
511	# define PROCESS_TERMINATE UINT32_C(0x00000001)
512	#endif
513	#ifndef PROCESS_CREATE_THREAD
514	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
515	#endif
516	#ifndef PROCESS_SET_SESSIONID
517	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
518	#endif
519	#ifndef PROCESS_VM_OPERATION
520	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
521	#endif
522	#ifndef PROCESS_VM_READ
523	# define PROCESS_VM_READ UINT32_C(0x00000010)
524	#endif
525	#ifndef PROCESS_VM_WRITE
526	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
527	#endif
528	#ifndef PROCESS_DUP_HANDLE
529	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
530	#endif
531	#ifndef PROCESS_CREATE_PROCESS
532	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
533	#endif
534	#ifndef PROCESS_SET_QUOTA
535	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
536	#endif
537	#ifndef PROCESS_SET_INFORMATION
538	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
539	#endif
540	#ifndef PROCESS_QUERY_INFORMATION
541	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
542	#endif
543	#ifndef PROCESS_SUSPEND_RESUME
544	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
545	#endif
546	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
547	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
548	#endif
549	#ifndef PROCESS_SET_LIMITED_INFORMATION
550	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
551	#endif
552	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
553	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
554	#ifndef PROCESS_ALL_ACCESS
555	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
556	#endif
557	/** @} */
558
559	/** @name Thread access rights missing in ntddk headers
560	* @{ */
561	#ifndef THREAD_QUERY_INFORMATION
562	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
563	#endif
564	#ifndef THREAD_SET_THREAD_TOKEN
565	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
566	#endif
567	#ifndef THREAD_IMPERSONATE
568	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
569	#endif
570	#ifndef THREAD_DIRECT_IMPERSONATION
571	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
572	#endif
573	#ifndef THREAD_RESUME
574	# define THREAD_RESUME UINT32_C(0x00001000)
575	#endif
576	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
577	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
578	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
579	/** @} */
580
581	/** @name Special handle values.
582	* @{ */
583	#ifndef NtCurrentProcess
584	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
585	#endif
586	#ifndef NtCurrentThread
587	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
588	#endif
589	#ifndef ZwCurrentProcess
590	# define ZwCurrentProcess() NtCurrentProcess()
591	#endif
592	#ifndef ZwCurrentThread
593	# define ZwCurrentThread() NtCurrentThread()
594	#endif
595	/** @} */
596
597
598	/** @name Directory object access rights.
599	* @{ */
600	#ifndef DIRECTORY_QUERY
601	# define DIRECTORY_QUERY UINT32_C(0x00000001)
602	#endif
603	#ifndef DIRECTORY_TRAVERSE
604	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
605	#endif
606	#ifndef DIRECTORY_CREATE_OBJECT
607	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
608	#endif
609	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
610	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
611	#endif
612	#ifndef DIRECTORY_ALL_ACCESS
613	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
614	#endif
615	/** @} */
616
617
618
619	#ifdef RTNT_NEED_CLIENT_ID
620	typedef struct _CLIENT_ID
621	{
622	HANDLE UniqueProcess;
623	HANDLE UniqueThread;
624	} CLIENT_ID;
625	#endif
626	#ifdef IPRT_NT_USE_WINTERNL
627	typedef CLIENT_ID *PCLIENT_ID;
628	#endif
629
630	/** Extended affinity type, introduced in Windows 7 (?). */
631	typedef struct _KAFFINITY_EX
632	{
633	/** Count of valid bitmap entries. */
634	uint16_t Count;
635	/** Count of allocated bitmap entries. */
636	uint16_t Size;
637	/** Reserved / aligmment padding. */
638	uint32_t Reserved;
639	/** Bitmap where one bit corresponds to a CPU.
640	* @note Started at 20 entries. W10 20H2 increased it to 32. Must be
641	* probed by passing a big buffer to KeInitializeAffinityEx and check
642	* the Size afterwards. */
643	uintptr_t Bitmap[RT_FLEXIBLE_ARRAY_IN_NESTED_UNION];
644	} KAFFINITY_EX;
645	typedef KAFFINITY_EX *PKAFFINITY_EX;
646	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
647
648	/** @name User Shared Data
649	* @{ */
650
651	#ifdef IPRT_NT_USE_WINTERNL
652	typedef struct _KSYSTEM_TIME
653	{
654	ULONG LowPart;
655	LONG High1Time;
656	LONG High2Time;
657	} KSYSTEM_TIME;
658	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
659
660	typedef enum _NT_PRODUCT_TYPE
661	{
662	NtProductWinNt = 1,
663	NtProductLanManNt,
664	NtProductServer
665	} NT_PRODUCT_TYPE;
666
667	#define PROCESSOR_FEATURE_MAX 64
668
669	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
670	{
671	StandardDesign = 0,
672	NEC98x86,
673	EndAlternatives
674	} ALTERNATIVE_ARCHITECTURE_TYPE;
675
676	# if 0
677	typedef struct _XSTATE_FEATURE
678	{
679	ULONG Offset;
680	ULONG Size;
681	} XSTATE_FEATURE;
682	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
683
684	#define MAXIMUM_XSTATE_FEATURES 64
685
686	typedef struct _XSTATE_CONFIGURATION
687	{
688	ULONG64 EnabledFeatures;
689	ULONG Size;
690	ULONG OptimizedSave : 1;
691	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
692	} XSTATE_CONFIGURATION;
693	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
694	# endif
695	#endif /* IPRT_NT_USE_WINTERNL */
696
697	typedef struct _KUSER_SHARED_DATA
698	{
699	ULONG TickCountLowDeprecated; /*< 0x000 /
700	ULONG TickCountMultiplier; /*< 0x004 /
701	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
702	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
703	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
704	USHORT ImageNumberLow; /*< 0x02c /
705	USHORT ImageNumberHigh; /*< 0x02e /
706	WCHAR NtSystemRoot[260]; /*< 0x030 - Seems to be last member in NT 3.51. /
707	ULONG MaxStackTraceDepth; /*< 0x238 /
708	ULONG CryptoExponent; /*< 0x23c /
709	ULONG TimeZoneId; /*< 0x240 /
710	ULONG LargePageMinimum; /*< 0x244 /
711	ULONG AitSamplingValue; /*< 0x248 /
712	ULONG AppCompatFlag; /*< 0x24c /
713	ULONGLONG RNGSeedVersion; /*< 0x250 /
714	ULONG GlobalValidationRunlevel; /*< 0x258 /
715	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
716	ULONG Reserved2; /*< 0x260 /
717	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
718	BOOLEAN ProductTypeIsValid; /*< 0x268 /
719	BOOLEAN Reserved0[1]; /*< 0x269 /
720	USHORT NativeProcessorArchitecture; /*< 0x26a /
721	ULONG NtMajorVersion; /*< 0x26c /
722	ULONG NtMinorVersion; /*< 0x270 /
723	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
724	ULONG Reserved1; /*< 0x2b4 /
725	ULONG Reserved3; /*< 0x2b8 /
726	ULONG volatile TimeSlip; /*< 0x2bc /
727	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
728	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
729	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
730	ULONG SuiteMask; /*< 0x2d0 /
731	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
732	union /*< 0x2d5 /
733	{
734	UCHAR MitigationPolicies; /*< 0x2d5 /
735	struct
736	{
737	UCHAR NXSupportPolicy : 2;
738	UCHAR SEHValidationPolicy : 2;
739	UCHAR CurDirDevicesSkippedForDlls : 2;
740	UCHAR Reserved : 2;
741	};
742	};
743	UCHAR Reserved6[2]; /*< 0x2d6 /
744	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
745	ULONG volatile DismountCount; /*< 0x2dc /
746	ULONG ComPlusPackage; /*< 0x2e0 /
747	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
748	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
749	BOOLEAN SafeBootMode; /*< 0x2ec /
750	UCHAR Reserved12[3]; /*< 0x2ed /
751	union /*< 0x2f0 /
752	{
753	ULONG SharedDataFlags; /*< 0x2f0 /
754	struct
755	{
756	ULONG DbgErrorPortPresent : 1;
757	ULONG DbgElevationEnabled : 1;
758	ULONG DbgVirtEnabled : 1;
759	ULONG DbgInstallerDetectEnabled : 1;
760	ULONG DbgLkgEnabled : 1;
761	ULONG DbgDynProcessorEnabled : 1;
762	ULONG DbgConsoleBrokerEnabled : 1;
763	ULONG DbgSecureBootEnabled : 1;
764	ULONG SpareBits : 24;
765	};
766	};
767	ULONG DataFlagsPad[1]; /*< 0x2f4 /
768	ULONGLONG TestRetInstruction; /*< 0x2f8 /
769	LONGLONG QpcFrequency; /*< 0x300 /
770	ULONGLONG SystemCallPad[3]; /*< 0x308 /
771	union /*< 0x320 /
772	{
773	ULONG64 volatile TickCountQuad; /*< 0x320 /
774	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
775	struct /*< 0x320 /
776	{
777	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
778	ULONG TickCountPad[1]; /*< 0x32c /
779	};
780	};
781	ULONG Cookie; /*< 0x330 /
782	ULONG CookiePad[1]; /*< 0x334 /
783	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
784	ULONGLONG TimeUpdateLock; /*< 0x340 /
785	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
786	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
787	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
788	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
789	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
790	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
791	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
792	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
793	UCHAR Reserved8[14]; /*< 0x372 /
794	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
795	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
796	ULONG LangGenerationCount; /*< 0x3a4 /
797	ULONGLONG Reserved4; /*< 0x3a8 /
798	ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
799	* subtracts from interrupt time. */
800	ULONGLONG volatile QpcBias; /*< 0x3b8 /
801	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
802	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
803	UCHAR Reserved9; /*< 0x3c5 /
804	union /*< 0x3c6 /
805	{
806	USHORT QpcData; /*< 0x3c6 /
807	struct /*< 0x3c6 /
808	{
809	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
810	UCHAR QpcShift; /*< 0x3c7 /
811	};
812	};
813	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
814	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
815	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
816	} KUSER_SHARED_DATA;
817	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
818	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
819	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
820	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
821	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
822	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
823	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
824	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
825	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
826	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
827	/** @def MM_SHARED_USER_DATA_VA
828	* Read only userland mapping of KUSER_SHARED_DATA. */
829	#ifndef MM_SHARED_USER_DATA_VA
830	# if ARCH_BITS == 32
831	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
832	# elif ARCH_BITS == 64
833	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
834	# else
835	# error "Unsupported/undefined ARCH_BITS value."
836	# endif
837	#endif
838	/** @def KI_USER_SHARED_DATA
839	* Read write kernel mapping of KUSER_SHARED_DATA. */
840	#ifndef KI_USER_SHARED_DATA
841	# ifdef RT_ARCH_X86
842	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
843	# elif defined(RT_ARCH_AMD64) \|\| defined(RT_ARCH_ARM64)
844	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
845	# else
846	# error "PORT ME - KI_USER_SHARED_DATA"
847	# endif
848	#endif
849	/** @} */
850
851
852	/** @name Process And Thread Environment Blocks
853	* @{ */
854
855	typedef struct _PEB_LDR_DATA
856	{
857	uint32_t Length;
858	BOOLEAN Initialized;
859	BOOLEAN Padding[3];
860	HANDLE SsHandle;
861	LIST_ENTRY InLoadOrderModuleList;
862	LIST_ENTRY InMemoryOrderModuleList;
863	LIST_ENTRY InInitializationOrderModuleList;
864	/* End NT4 */
865	LIST_ENTRY *EntryInProgress;
866	BOOLEAN ShutdownInProgress;
867	HANDLE ShutdownThreadId;
868	} PEB_LDR_DATA;
869	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
870
871	typedef struct _PEB_COMMON
872	{
873	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
874	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
875	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
876	union
877	{
878	uint8_t BitField; /*< 0x003 / 0x003 /
879	struct
880	{
881	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
882	} Common;
883	struct
884	{
885	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
886	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
887	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
888	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
889	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
890	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
891	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
892	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
893	} W81;
894	struct
895	{
896	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
897	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
898	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
899	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
900	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
901	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
902	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
903	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
904	} W80;
905	struct
906	{
907	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
908	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
909	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
910	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
911	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
912	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
913	} W7;
914	struct
915	{
916	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
917	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
918	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
919	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
920	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
921	} W6;
922	struct
923	{
924	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
925	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
926	} W52;
927	struct
928	{
929	BOOLEAN SpareBool;
930	} W51;
931	} Diff0;
932	#if ARCH_BITS == 64
933	uint32_t Padding0; /*< 0x004 / NA /
934	#endif
935	HANDLE Mutant; /*< 0x008 / 0x004 /
936	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
937	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
938	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
939	PVOID SubSystemData; /*< 0x028 / 0x014 /
940	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
941	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
942	union
943	{
944	struct
945	{
946	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
947	PVOID IFEOKey; /*< 0x048 / 0x024 /
948	union
949	{
950	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
951	struct
952	{
953	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
954	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
955	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
956	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
957	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
958	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
959	} W7, W8, W80, W81;
960	struct
961	{
962	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
963	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
964	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
965	} W6;
966	};
967	#if ARCH_BITS == 64
968	uint32_t Padding1; /*< 0x054 / /
969	#endif
970	} W6, W7, W8, W80, W81;
971	struct
972	{
973	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
974	PVOID SparePtr2; /*< 0x048 / 0x024 /
975	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
976	#if ARCH_BITS == 64
977	uint32_t Padding1; /*< 0x054 / /
978	#endif
979	} W52;
980	struct
981	{
982	PVOID FastPebLockRoutine; /*< NA / 0x020 /
983	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
984	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
985	} W51;
986	} Diff1;
987	union
988	{
989	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
990	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
991	};
992	uint32_t SystemReserved; /*< 0x060 / 0x030 /
993	union
994	{
995	struct
996	{
997	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
998	} W7, W8, W80, W81;
999	struct
1000	{
1001	uint32_t SpareUlong; /*< 0x064 / 0x034 /
1002	} W52, W6;
1003	struct
1004	{
1005	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
1006	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
1007	} W51;
1008	} Diff2;
1009	union
1010	{
1011	struct
1012	{
1013	PVOID ApiSetMap; /*< 0x068 / 0x038 /
1014	} W7, W8, W80, W81;
1015	struct
1016	{
1017	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
1018	} W52, W6;
1019	struct
1020	{
1021	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
1022	} W51;
1023	} Diff3;
1024	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
1025	#if ARCH_BITS == 64
1026	uint32_t Padding2; /*< 0x074 / NA /
1027	#endif
1028	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
1029	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
1030	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
1031	union
1032	{
1033	struct
1034	{
1035	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
1036	} W81;
1037	struct
1038	{
1039	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
1040	} W6, W7, W80;
1041	struct
1042	{
1043	PVOID ReadOnlySharedMemoryHeap;
1044	} W52;
1045	} Diff4;
1046	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
1047	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
1048	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
1049	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
1050	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
1051	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
1052	#if ARCH_BITS == 32
1053	uint32_t Padding2b;
1054	#endif
1055	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
1056	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
1057	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
1058	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
1059	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
1060	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
1061	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
1062	PVOID ProcessHeaps; /< 0x0f0 / 0x090 - Last NT 3.51 member. /
1063	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
1064	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
1065	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
1066	#if ARCH_BITS == 64
1067	uint32_t Padding3; /*< 0x10c / NA /
1068	#endif
1069	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
1070	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
1071	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
1072	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
1073	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
1074	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
1075	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
1076	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
1077	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
1078	#if ARCH_BITS == 64
1079	uint32_t Padding4; /*< 0x134 / NA /
1080	#endif
1081	union
1082	{
1083	struct
1084	{
1085	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
1086	} W7, W8, W80, W81;
1087	struct
1088	{
1089	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
1090	} W52, W6;
1091	} Diff5;
1092	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
1093	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
1094	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
1095	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
1096	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
1097	#if ARCH_BITS == 64
1098	uint32_t Padding5; /*< 0x2c4 / NA /
1099	#endif
1100	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
1101	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
1102	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
1103	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
1104	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
1105	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
1106	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
1107	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
1108	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
1109	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
1110	/* End of PEB in W52 (Windows XP (RTM))! */
1111	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
1112	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
1113	PVOID FlsBitmap; /*< 0x338 / 0x218 /
1114	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
1115	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
1116	/* End of PEB in W52 (Windows Server 2003)! */
1117	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
1118	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
1119	/* End of PEB in W6 (windows Vista)! */
1120	union
1121	{
1122	struct
1123	{
1124	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
1125	} W8, W80, W81;
1126	struct
1127	{
1128	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
1129	} W7;
1130	} Diff6;
1131	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
1132	union
1133	{
1134	uint32_t TracingFlags; /*< 0x378 / 0x240 /
1135	struct
1136	{
1137	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1138	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1139	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
1140	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
1141	} W8, W80, W81;
1142	struct
1143	{
1144	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1145	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1146	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
1147	} W7;
1148	} Diff7;
1149	#if ARCH_BITS == 64
1150	uint32_t Padding6; /*< 0x37c / NA /
1151	#endif
1152	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
1153	/* End of PEB in W8, W81. */
1154	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
1155	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
1156	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
1157	#if ARCH_BITS == 32
1158	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
1159	#endif
1160	} PEB_COMMON;
1161	typedef PEB_COMMON *PPEB_COMMON;
1162
1163	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1164	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1165	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1166	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1167	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1168	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1169	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1170	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1171	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1172
1173	/** The size of the windows 10 (build 14393) PEB structure. */
1174	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1175	/** The size of the windows 8.1 PEB structure. */
1176	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1177	/** The size of the windows 8.0 PEB structure. */
1178	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1179	/** The size of the windows 7 PEB structure. */
1180	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1181	/** The size of the windows vista PEB structure. */
1182	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1183	/** The size of the windows server 2003 PEB structure. */
1184	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1185	/** The size of the windows XP PEB structure. */
1186	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1187
1188	#if 0
1189	typedef struct _NT_TIB
1190	{
1191	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1192	PVOID StackBase;
1193	PVOID StackLimit;
1194	PVOID SubSystemTib;
1195	union
1196	{
1197	PVOID FiberData;
1198	ULONG Version;
1199	};
1200	PVOID ArbitraryUserPointer;
1201	struct _NT_TIB *Self;
1202	} NT_TIB;
1203	typedef NT_TIB *PNT_TIB;
1204	#endif
1205
1206	typedef struct _ACTIVATION_CONTEXT_STACK
1207	{
1208	uint32_t Flags;
1209	uint32_t NextCookieSequenceNumber;
1210	PVOID ActiveFrame;
1211	LIST_ENTRY FrameListCache;
1212	} ACTIVATION_CONTEXT_STACK;
1213
1214	/* Common TEB. */
1215	typedef struct _TEB_COMMON
1216	{
1217	NT_TIB NtTib; /*< 0x000 / 0x000 /
1218	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1219	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1220	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1221	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1222	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1223	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1224	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1225	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1226	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1227	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1228	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1229	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1230	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1231	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1232	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1233	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1234	#if ARCH_BITS == 64
1235	uint32_t Padding0; /*< 0x2c4 / NA /
1236	#endif
1237	union
1238	{
1239	struct
1240	{
1241	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1242	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1243	} W52, W6, W7, W8, W80, W81;
1244	#if ARCH_BITS == 32
1245	struct
1246	{
1247	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1248	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1249	} W51;
1250	#endif
1251	} Diff0;
1252	union
1253	{
1254	struct
1255	{
1256	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1257	} W6, W7, W8, W80, W81;
1258	struct
1259	{
1260	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1261	} W52;
1262	} Diff1;
1263	#if ARCH_BITS == 64
1264	uint32_t Padding1; /*< 0x2ec / NA /
1265	#endif
1266	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1267	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1268	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1269	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1270	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1271	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1272	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1273	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1274	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1275	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1276	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1277	PVOID glSection; /*< 0x1230 / 0xbe4 /
1278	PVOID glTable; /*< 0x1238 / 0xbe8 /
1279	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1280	PVOID glContext; /*< 0x1248 / 0xbf0 /
1281	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1282	#if ARCH_BITS == 64
1283	uint32_t Padding2; /*< 0x1254 / NA /
1284	#endif
1285	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1286	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1287	#if ARCH_BITS == 64
1288	WCHAR Padding3[3]; /*< 0x1472 / NA /
1289	#endif
1290	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1291	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1292	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1293	PVOID Vdm; /*< 0x1690 / 0xf18 /
1294	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1295	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1296	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1297	#if ARCH_BITS == 64
1298	uint32_t Padding4; /*< 0x16b4 / NA /
1299	#endif
1300	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1301	union
1302	{
1303	struct
1304	{
1305	GUID ActivityId; /*< 0x1710 / 0xf50 /
1306	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1307	} W6, W7, W8, W80, W81;
1308	struct
1309	{
1310	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1311	} W52;
1312	} Diff2;
1313	union /*< 0x1728 / 0xf64 /
1314	{
1315	struct
1316	{
1317	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1318	} W8, W80, W81;
1319	struct
1320	{
1321	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1322	} W7, W6;
1323	struct
1324	{
1325	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1326	} W52;
1327	struct
1328	{
1329	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1330	} W51;
1331	} Diff3;
1332	union
1333	{
1334	struct
1335	{
1336	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1337	} W52, W6, W7, W8, W80, W81;
1338	struct
1339	{
1340	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1341	} W51;
1342	} Diff4;
1343	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1344	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1345	union
1346	{
1347	union
1348	{
1349	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1350	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1351	struct
1352	{
1353	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1354	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1355	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1356	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1357	};
1358	} W6, W7, W8, W80, W81;
1359	struct
1360	{
1361	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1362	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1363	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1364	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1365	} W51, W52;
1366	} Diff5;
1367	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1368	#if ARCH_BITS == 64
1369	uint32_t Padding5; /*< 0x174c / NA /
1370	#endif
1371	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1372	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1373	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1374	#if ARCH_BITS == 64
1375	uint32_t Padding6; /*< 0x1764 / NA /
1376	#endif
1377	union /*< 0x1770 / 0xf8c /
1378	{
1379	struct
1380	{
1381	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1382	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1383	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1384	} W8, W80, W81;
1385	struct
1386	{
1387	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1388	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1389	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1390	} W6, W7;
1391	struct
1392	{
1393	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1394	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1395	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1396	} W52;
1397	#if ARCH_BITS == 32
1398	struct _Wx86ThreadState
1399	{
1400	PVOID CallBx86Eip; /*< NA / 0xf88 /
1401	PVOID DeallocationCpu; /*< NA / 0xf8c /
1402	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1403	int8_t OleStubInvoked; /*< NA / 0xf91 /
1404	} W51;
1405	#endif
1406	} Diff6;
1407	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1408	#if ARCH_BITS == 64
1409	PVOID DallocationBStore; /*< 0x1788 / NA /
1410	PVOID BStoreLimit; /*< 0x1790 / NA /
1411	#endif
1412	union
1413	{
1414	struct
1415	{
1416	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1417	} W7, W8, W80, W81;
1418	struct
1419	{
1420	uint32_t ImpersonationLocale;
1421	} W6;
1422	} Diff7;
1423	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1424	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1425	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1426	union /*< 0x17b0 / 0xfa8 /
1427	{
1428	struct
1429	{
1430	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1431	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1432	} W8, W80, W81;
1433	struct
1434	{
1435	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1436	} W7;
1437	} Diff8;
1438	#if ARCH_BITS == 64
1439	uint32_t Padding7; /*< 0x17b4 / NA /
1440	#endif
1441	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1442	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1443	/* End of TEB in W51 (Windows XP)! */
1444	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1445	union
1446	{
1447	struct
1448	{
1449	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1450	} W6, W7, W8, W80, W81;
1451	struct
1452	{
1453	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1454	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1455	/* End of TEB in W52 (Windows server 2003)! */
1456	} W52;
1457	} Diff9;
1458	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1459	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1460	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1461	union
1462	{
1463	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1464	struct
1465	{
1466	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1467	};
1468	};
1469	union
1470	{
1471	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1472	struct
1473	{
1474	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1475	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1476	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1477	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1478	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1479	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1480	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1481	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1482	} Common;
1483	struct
1484	{
1485	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1486	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1487	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1488	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1489	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1490	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1491	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1492	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1493	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1494	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1495	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1496	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1497	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1498	} W8, W80, W81;
1499	struct
1500	{
1501	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1502	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1503	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1504	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1505	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1506	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1507	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1508	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1509	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1510	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1511	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1512	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1513	} W7;
1514	struct
1515	{
1516	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1517	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1518	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1519	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1520	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1521	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1522	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1523	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1524	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1525	} W6;
1526	} Diff10;
1527	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1528	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1529	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1530	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1531	union
1532	{
1533	struct
1534	{
1535	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1536	} W7, W8, W80, W81;
1537	struct
1538	{
1539	uint32_t ProcessRundown;
1540	} W6;
1541	} Diff11;
1542	union
1543	{
1544	struct
1545	{
1546	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1547	/* End of TEB in W7 (windows 7)! */
1548	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1549	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1550	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1551	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1552	/* End of TEB in W10 14393! */
1553	} W8, W80, W81, W10;
1554	struct
1555	{
1556	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1557	} W7;
1558	struct
1559	{
1560	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1561	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1562	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1563	/* End of TEB in W6 (windows Vista)! */
1564	} W6;
1565	} Diff12;
1566	} TEB_COMMON;
1567	typedef TEB_COMMON *PTEB_COMMON;
1568	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1569	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1570	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1571	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1572	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1573	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1574	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1575	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1576	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1577	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1578	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1579	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1580	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1581
1582
1583	/** The size of the windows 8.1 PEB structure. */
1584	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1585	/** The size of the windows 8.1 PEB structure. */
1586	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1587	/** The size of the windows 8.0 PEB structure. */
1588	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1589	/** The size of the windows 7 PEB structure. */
1590	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1591	/** The size of the windows vista PEB structure. */
1592	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1593	/** The size of the windows server 2003 PEB structure. */
1594	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1595	/** The size of the windows XP PEB structure. */
1596	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1597
1598
1599
1600	#define _PEB _PEB_COMMON
1601	typedef PEB_COMMON PEB;
1602	typedef PPEB_COMMON PPEB;
1603
1604	#define _TEB _TEB_COMMON
1605	typedef TEB_COMMON TEB;
1606	typedef PTEB_COMMON PTEB;
1607
1608	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1609	# ifdef RT_ARCH_X86
1610	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1611	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1612	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1613	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1614	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1615	# elif defined(RT_ARCH_AMD64)
1616	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1617	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1618	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1619	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1620	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1621	# elif defined(RT_ARCH_ARM64)
1622	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__getReg(18); } /* The pointer to the TEB lives in x18. */
1623	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return RTNtCurrentTeb()->ProcessEnvironmentBlock; }
1624	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread; }
1625	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return RTNtCurrentTeb()->LastStatusValue; }
1626	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return RTNtCurrentTeb()->LastErrorValue; }
1627	# else
1628	# error "Port me"
1629	# endif
1630	#else
1631	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1632	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1633	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1634	# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1635	# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1636	#endif
1637	#define NtCurrentPeb() RTNtCurrentPeb()
1638
1639	#ifdef IN_RING3
1640	RT_DECL_NTAPI(void) RtlAcquirePebLock(void);
1641	RT_DECL_NTAPI(void) RtlReleasePebLock(void);
1642	#endif
1643
1644	/** @} */
1645
1646
1647	#ifdef IPRT_NT_USE_WINTERNL
1648	RT_DECL_NTAPI(NTSTATUS) NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1649	typedef enum _SECTION_INHERIT
1650	{
1651	ViewShare = 1,
1652	ViewUnmap
1653	} SECTION_INHERIT;
1654	#endif
1655	RT_DECL_NTAPI(NTSTATUS) NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1656	ULONG, ULONG);
1657	RT_DECL_NTAPI(NTSTATUS) NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1658	RT_DECL_NTAPI(NTSTATUS) NtUnmapViewOfSection(HANDLE, PVOID);
1659
1660	#ifdef IPRT_NT_USE_WINTERNL
1661	RT_DECL_NTAPI(NTSTATUS) NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1662	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1663	#endif
1664	RT_DECL_NTAPI(NTSTATUS) NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1665	RT_DECL_NTAPI(NTSTATUS) ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1666	RT_DECL_NTAPI(NTSTATUS) NtAlertThread(HANDLE hThread);
1667	#ifdef IPRT_NT_USE_WINTERNL
1668	RT_DECL_NTAPI(NTSTATUS) ZwAlertThread(HANDLE hThread);
1669	#endif
1670	RT_DECL_NTAPI(NTSTATUS) NtTestAlert(void);
1671
1672	#ifdef IPRT_NT_USE_WINTERNL
1673	RT_DECL_NTAPI(NTSTATUS) NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1674	RT_DECL_NTAPI(NTSTATUS) NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1675	#endif
1676	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1677	RT_DECL_NTAPI(NTSTATUS) ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1678
1679	#ifdef IPRT_NT_USE_WINTERNL
1680	typedef struct _FILE_FS_VOLUME_INFORMATION
1681	{
1682	LARGE_INTEGER VolumeCreationTime;
1683	ULONG VolumeSerialNumber;
1684	ULONG VolumeLabelLength;
1685	BOOLEAN SupportsObjects;
1686	WCHAR VolumeLabel[1];
1687	} FILE_FS_VOLUME_INFORMATION;
1688	typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1689	typedef struct _FILE_FS_LABEL_INFORMATION
1690	{
1691	ULONG VolumeLabelLength;
1692	WCHAR VolumeLabel[1];
1693	} FILE_FS_LABEL_INFORMATION;
1694	typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1695	typedef struct _FILE_FS_SIZE_INFORMATION
1696	{
1697	LARGE_INTEGER TotalAllocationUnits;
1698	LARGE_INTEGER AvailableAllocationUnits;
1699	ULONG SectorsPerAllocationUnit;
1700	ULONG BytesPerSector;
1701	} FILE_FS_SIZE_INFORMATION;
1702	typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1703	typedef struct _FILE_FS_DEVICE_INFORMATION
1704	{
1705	DEVICE_TYPE DeviceType;
1706	ULONG Characteristics;
1707	} FILE_FS_DEVICE_INFORMATION;
1708	typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1709	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1710	{
1711	ULONG FileSystemAttributes;
1712	LONG MaximumComponentNameLength;
1713	ULONG FileSystemNameLength;
1714	WCHAR FileSystemName[1];
1715	} FILE_FS_ATTRIBUTE_INFORMATION;
1716	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1717	typedef struct _FILE_FS_CONTROL_INFORMATION
1718	{
1719	LARGE_INTEGER FreeSpaceStartFiltering;
1720	LARGE_INTEGER FreeSpaceThreshold;
1721	LARGE_INTEGER FreeSpaceStopFiltering;
1722	LARGE_INTEGER DefaultQuotaThreshold;
1723	LARGE_INTEGER DefaultQuotaLimit;
1724	ULONG FileSystemControlFlags;
1725	} FILE_FS_CONTROL_INFORMATION;
1726	typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1727	typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1728	{
1729	LARGE_INTEGER TotalAllocationUnits;
1730	LARGE_INTEGER CallerAvailableAllocationUnits;
1731	LARGE_INTEGER ActualAvailableAllocationUnits;
1732	ULONG SectorsPerAllocationUnit;
1733	ULONG BytesPerSector;
1734	} FILE_FS_FULL_SIZE_INFORMATION;
1735	typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1736	typedef struct _FILE_FS_OBJECTID_INFORMATION
1737	{
1738	UCHAR ObjectId[16];
1739	UCHAR ExtendedInfo[48];
1740	} FILE_FS_OBJECTID_INFORMATION;
1741	typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1742	typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1743	{
1744	BOOLEAN DriverInPath;
1745	ULONG DriverNameLength;
1746	WCHAR DriverName[1];
1747	} FILE_FS_DRIVER_PATH_INFORMATION;
1748	typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1749	typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1750	{
1751	ULONG Flags;
1752	} FILE_FS_VOLUME_FLAGS_INFORMATION;
1753	typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1754	#endif
1755	#if !defined(SSINFO_OFFSET_UNKNOWN) \|\| defined(IPRT_NT_USE_WINTERNL)
1756	typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1757	{
1758	ULONG LogicalBytesPerSector;
1759	ULONG PhysicalBytesPerSectorForAtomicity;
1760	ULONG PhysicalBytesPerSectorForPerformance;
1761	ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1762	ULONG Flags;
1763	ULONG ByteOffsetForSectorAlignment;
1764	ULONG ByteOffsetForPartitionAlignment;
1765	} FILE_FS_SECTOR_SIZE_INFORMATION;
1766	typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1767	# ifndef SSINFO_OFFSET_UNKNOWN
1768	# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1769	# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1770	# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1771	# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1772	# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1773	# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1774	# endif
1775	#endif
1776	#ifdef IPRT_NT_USE_WINTERNL
1777	typedef struct _FILE_FS_DATA_COPY_INFORMATION
1778	{
1779	ULONG NumberOfCopies;
1780	} FILE_FS_DATA_COPY_INFORMATION;
1781	typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1782	typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1783	{
1784	LARGE_INTEGER TotalMetadataAllocationUnits;
1785	ULONG SectorsPerAllocationUnit;
1786	ULONG BytesPerSector;
1787	} FILE_FS_METADATA_SIZE_INFORMATION;
1788	typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1789	typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1790	{
1791	ULONGLONG ActualTotalAllocationUnits;
1792	ULONGLONG ActualAvailableAllocationUnits;
1793	ULONGLONG ActualPoolUnavailableAllocationUnits;
1794	ULONGLONG CallerTotalAllocationUnits;
1795	ULONGLONG CallerAvailableAllocationUnits;
1796	ULONGLONG CallerPoolUnavailableAllocationUnits;
1797	ULONGLONG UsedAllocationUnits;
1798	ULONGLONG TotalReservedAllocationUnits;
1799	ULONGLONG VolumeStorageReserveAllocationUnits;
1800	ULONGLONG AvailableCommittedAllocationUnits;
1801	ULONGLONG PoolAvailableAllocationUnits;
1802	ULONG SectorsPerAllocationUnit;
1803	ULONG BytesPerSector;
1804	} FILE_FS_FULL_SIZE_INFORMATION_EX;
1805	typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1806	#endif /* IPRT_NT_USE_WINTERNL */
1807
1808	typedef enum _FSINFOCLASS
1809	{
1810	FileFsVolumeInformation = 1,
1811	FileFsLabelInformation,
1812	FileFsSizeInformation, /*< FILE_FS_SIZE_INFORMATION /
1813	FileFsDeviceInformation,
1814	FileFsAttributeInformation,
1815	FileFsControlInformation,
1816	FileFsFullSizeInformation,
1817	FileFsObjectIdInformation,
1818	FileFsDriverPathInformation,
1819	FileFsVolumeFlagsInformation,
1820	FileFsSectorSizeInformation,
1821	FileFsDataCopyInformation,
1822	FileFsMetadataSizeInformation,
1823	FileFsFullSizeInformationEx,
1824	FileFsMaximumInformation
1825	} FS_INFORMATION_CLASS;
1826	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1827	RT_DECL_NTAPI(NTSTATUS) NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1828	RT_DECL_NTAPI(NTSTATUS) NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1829
1830	#ifdef IPRT_NT_USE_WINTERNL
1831	typedef struct _FILE_DIRECTORY_INFORMATION
1832	{
1833	ULONG NextEntryOffset;
1834	ULONG FileIndex;
1835	LARGE_INTEGER CreationTime;
1836	LARGE_INTEGER LastAccessTime;
1837	LARGE_INTEGER LastWriteTime;
1838	LARGE_INTEGER ChangeTime;
1839	LARGE_INTEGER EndOfFile;
1840	LARGE_INTEGER AllocationSize;
1841	ULONG FileAttributes;
1842	ULONG FileNameLength;
1843	WCHAR FileName[1];
1844	} FILE_DIRECTORY_INFORMATION;
1845	typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1846	typedef struct _FILE_FULL_DIR_INFORMATION
1847	{
1848	ULONG NextEntryOffset;
1849	ULONG FileIndex;
1850	LARGE_INTEGER CreationTime;
1851	LARGE_INTEGER LastAccessTime;
1852	LARGE_INTEGER LastWriteTime;
1853	LARGE_INTEGER ChangeTime;
1854	LARGE_INTEGER EndOfFile;
1855	LARGE_INTEGER AllocationSize;
1856	ULONG FileAttributes;
1857	ULONG FileNameLength;
1858	ULONG EaSize;
1859	WCHAR FileName[1];
1860	} FILE_FULL_DIR_INFORMATION;
1861	typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1862	typedef struct _FILE_BOTH_DIR_INFORMATION
1863	{
1864	ULONG NextEntryOffset; /*< 0x00: /
1865	ULONG FileIndex; /*< 0x04: /
1866	LARGE_INTEGER CreationTime; /*< 0x08: /
1867	LARGE_INTEGER LastAccessTime; /*< 0x10: /
1868	LARGE_INTEGER LastWriteTime; /*< 0x18: /
1869	LARGE_INTEGER ChangeTime; /*< 0x20: /
1870	LARGE_INTEGER EndOfFile; /*< 0x28: /
1871	LARGE_INTEGER AllocationSize; /*< 0x30: /
1872	ULONG FileAttributes; /*< 0x38: /
1873	ULONG FileNameLength; /*< 0x3c: /
1874	ULONG EaSize; /*< 0x40: /
1875	CCHAR ShortNameLength; /*< 0x44: /
1876	WCHAR ShortName[12]; /*< 0x46: /
1877	WCHAR FileName[1]; /*< 0x5e: /
1878	} FILE_BOTH_DIR_INFORMATION;
1879	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1880	typedef struct _FILE_BASIC_INFORMATION
1881	{
1882	LARGE_INTEGER CreationTime;
1883	LARGE_INTEGER LastAccessTime;
1884	LARGE_INTEGER LastWriteTime;
1885	LARGE_INTEGER ChangeTime;
1886	ULONG FileAttributes;
1887	} FILE_BASIC_INFORMATION;
1888	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1889	typedef struct _FILE_STANDARD_INFORMATION
1890	{
1891	LARGE_INTEGER AllocationSize;
1892	LARGE_INTEGER EndOfFile;
1893	ULONG NumberOfLinks;
1894	BOOLEAN DeletePending;
1895	BOOLEAN Directory;
1896	} FILE_STANDARD_INFORMATION;
1897	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1898	typedef struct _FILE_NAME_INFORMATION
1899	{
1900	ULONG FileNameLength;
1901	WCHAR FileName[1];
1902	} FILE_NAME_INFORMATION;
1903	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1904	typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1905	typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1906	typedef struct _FILE_INTERNAL_INFORMATION
1907	{
1908	LARGE_INTEGER IndexNumber;
1909	} FILE_INTERNAL_INFORMATION;
1910	typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1911	typedef struct _FILE_EA_INFORMATION
1912	{
1913	ULONG EaSize;
1914	} FILE_EA_INFORMATION;
1915	typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1916	typedef struct _FILE_ACCESS_INFORMATION
1917	{
1918	ACCESS_MASK AccessFlags;
1919	} FILE_ACCESS_INFORMATION;
1920	typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1921	typedef struct _FILE_RENAME_INFORMATION
1922	{
1923	union
1924	{
1925	BOOLEAN ReplaceIfExists;
1926	ULONG Flags;
1927	};
1928	HANDLE RootDirectory;
1929	ULONG FileNameLength;
1930	WCHAR FileName[1];
1931	} FILE_RENAME_INFORMATION;
1932	typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1933	typedef struct _FILE_LINK_INFORMATION
1934	{
1935	union
1936	{
1937	BOOLEAN ReplaceIfExists;
1938	ULONG Flags;
1939	};
1940	HANDLE RootDirectory;
1941	ULONG FileNameLength;
1942	WCHAR FileName[1];
1943	} FILE_LINK_INFORMATION;
1944	typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1945	typedef struct _FILE_NAMES_INFORMATION
1946	{
1947	ULONG NextEntryOffset;
1948	ULONG FileIndex;
1949	ULONG FileNameLength;
1950	WCHAR FileName[1];
1951	} FILE_NAMES_INFORMATION;
1952	typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1953	typedef struct _FILE_DISPOSITION_INFORMATION
1954	{
1955	BOOLEAN DeleteFile;
1956	} FILE_DISPOSITION_INFORMATION;
1957	typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1958	typedef struct _FILE_POSITION_INFORMATION
1959	{
1960	LARGE_INTEGER CurrentByteOffset;
1961	} FILE_POSITION_INFORMATION;
1962	typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1963	typedef struct _FILE_FULL_EA_INFORMATION
1964	{
1965	ULONG NextEntryOffset;
1966	UCHAR Flags;
1967	UCHAR EaNameLength;
1968	USHORT EaValueLength;
1969	CHAR EaName[1];
1970	} FILE_FULL_EA_INFORMATION;
1971	typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1972	typedef struct _FILE_MODE_INFORMATION
1973	{
1974	ULONG Mode;
1975	} FILE_MODE_INFORMATION;
1976	typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1977	typedef struct _FILE_ALIGNMENT_INFORMATION
1978	{
1979	ULONG AlignmentRequirement;
1980	} FILE_ALIGNMENT_INFORMATION;
1981	typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1982	typedef struct _FILE_ALL_INFORMATION
1983	{
1984	FILE_BASIC_INFORMATION BasicInformation;
1985	FILE_STANDARD_INFORMATION StandardInformation;
1986	FILE_INTERNAL_INFORMATION InternalInformation;
1987	FILE_EA_INFORMATION EaInformation;
1988	FILE_ACCESS_INFORMATION AccessInformation;
1989	FILE_POSITION_INFORMATION PositionInformation;
1990	FILE_MODE_INFORMATION ModeInformation;
1991	FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1992	FILE_NAME_INFORMATION NameInformation;
1993	} FILE_ALL_INFORMATION;
1994	typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1995	typedef struct _FILE_ALLOCATION_INFORMATION
1996	{
1997	LARGE_INTEGER AllocationSize;
1998	} FILE_ALLOCATION_INFORMATION;
1999	typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
2000	typedef struct _FILE_END_OF_FILE_INFORMATION
2001	{
2002	LARGE_INTEGER EndOfFile;
2003	} FILE_END_OF_FILE_INFORMATION;
2004	typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
2005	typedef struct _FILE_STREAM_INFORMATION
2006	{
2007	ULONG NextEntryOffset;
2008	ULONG StreamNameLength;
2009	LARGE_INTEGER StreamSize;
2010	LARGE_INTEGER StreamAllocationSize;
2011	WCHAR StreamName[1];
2012	} FILE_STREAM_INFORMATION;
2013	typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
2014
2015	typedef struct _FILE_PIPE_INFORMATION
2016	{
2017	ULONG ReadMode;
2018	ULONG CompletionMode;
2019	} FILE_PIPE_INFORMATION;
2020	typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
2021
2022	typedef struct _FILE_PIPE_LOCAL_INFORMATION
2023	{
2024	ULONG NamedPipeType;
2025	ULONG NamedPipeConfiguration;
2026	ULONG MaximumInstances;
2027	ULONG CurrentInstances;
2028	ULONG InboundQuota;
2029	ULONG ReadDataAvailable;
2030	ULONG OutboundQuota;
2031	ULONG WriteQuotaAvailable;
2032	ULONG NamedPipeState;
2033	ULONG NamedPipeEnd;
2034	} FILE_PIPE_LOCAL_INFORMATION;
2035	typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
2036
2037	/** @name Pipe state (FILE_PIPE_LOCAL_INFORMATION::NamedPipeState)
2038	* @{ */
2039	#if !defined(FILE_PIPE_DISCONNECTED_STATE) \|\| defined(DOXYGEN_RUNNING)
2040	# define FILE_PIPE_DISCONNECTED_STATE 0x00000001U
2041	# define FILE_PIPE_LISTENING_STATE 0x00000002U
2042	# define FILE_PIPE_CONNECTED_STATE 0x00000003U
2043	# define FILE_PIPE_CLOSING_STATE 0x00000004U
2044	#endif
2045	/** @} */
2046
2047	/** @name Pipe config (FILE_PIPE_LOCAL_INFORMATION::NamedPipeConfiguration)
2048	* @{ */
2049	#if !defined(FILE_PIPE_INBOUND) \|\| defined(DOXYGEN_RUNNING)
2050	# define FILE_PIPE_INBOUND 0x00000000U
2051	# define FILE_PIPE_OUTBOUND 0x00000001U
2052	# define FILE_PIPE_FULL_DUPLEX 0x00000002U
2053	#endif
2054	/** @} */
2055
2056	/** @name Pipe end (FILE_PIPE_LOCAL_INFORMATION::NamedPipeEnd)
2057	* @{ */
2058	#if !defined(FILE_PIPE_CLIENT_END) \|\| defined(DOXYGEN_RUNNING)
2059	# define FILE_PIPE_CLIENT_END 0x00000000U
2060	# define FILE_PIPE_SERVER_END 0x00000001U
2061	#endif
2062	/** @} */
2063
2064	typedef struct _FILE_PIPE_REMOTE_INFORMATION
2065	{
2066	LARGE_INTEGER CollectDataTime;
2067	ULONG MaximumCollectionCount;
2068	} FILE_PIPE_REMOTE_INFORMATION;
2069	typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
2070	typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
2071	{
2072	ULONG MaximumMessageSize;
2073	ULONG MailslotQuota;
2074	ULONG NextMessageSize;
2075	ULONG MessagesAvailable;
2076	LARGE_INTEGER ReadTimeout;
2077	} FILE_MAILSLOT_QUERY_INFORMATION;
2078	typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
2079	typedef struct _FILE_MAILSLOT_SET_INFORMATION
2080	{
2081	PLARGE_INTEGER ReadTimeout;
2082	} FILE_MAILSLOT_SET_INFORMATION;
2083	typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2084	typedef struct _FILE_COMPRESSION_INFORMATION
2085	{
2086	LARGE_INTEGER CompressedFileSize;
2087	USHORT CompressionFormat;
2088	UCHAR CompressionUnitShift;
2089	UCHAR ChunkShift;
2090	UCHAR ClusterShift;
2091	UCHAR Reserved[3];
2092	} FILE_COMPRESSION_INFORMATION;
2093	typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2094	typedef struct _FILE_OBJECTID_INFORMATION
2095	{
2096	LONGLONG FileReference;
2097	UCHAR ObjectId[16];
2098	union
2099	{
2100	struct
2101	{
2102	UCHAR BirthVolumeId[16];
2103	UCHAR BirthObjectId[16];
2104	UCHAR DomainId[16];
2105	};
2106	UCHAR ExtendedInfo[48];
2107	};
2108	} FILE_OBJECTID_INFORMATION;
2109	typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2110	typedef struct _FILE_COMPLETION_INFORMATION
2111	{
2112	HANDLE Port;
2113	PVOID Key;
2114	} FILE_COMPLETION_INFORMATION;
2115	typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2116	typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2117	{
2118	ULONG ClusterCount;
2119	HANDLE RootDirectory;
2120	ULONG FileNameLength;
2121	WCHAR FileName[1];
2122	} FILE_MOVE_CLUSTER_INFORMATION;
2123	typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2124	typedef struct _FILE_QUOTA_INFORMATION
2125	{
2126	ULONG NextEntryOffset;
2127	ULONG SidLength;
2128	LARGE_INTEGER ChangeTime;
2129	LARGE_INTEGER QuotaUsed;
2130	LARGE_INTEGER QuotaThreshold;
2131	LARGE_INTEGER QuotaLimit;
2132	SID Sid;
2133	} FILE_QUOTA_INFORMATION;
2134	typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2135	typedef struct _FILE_REPARSE_POINT_INFORMATION
2136	{
2137	LONGLONG FileReference;
2138	ULONG Tag;
2139	} FILE_REPARSE_POINT_INFORMATION;
2140	typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2141	typedef struct _FILE_NETWORK_OPEN_INFORMATION
2142	{
2143	LARGE_INTEGER CreationTime;
2144	LARGE_INTEGER LastAccessTime;
2145	LARGE_INTEGER LastWriteTime;
2146	LARGE_INTEGER ChangeTime;
2147	LARGE_INTEGER AllocationSize;
2148	LARGE_INTEGER EndOfFile;
2149	ULONG FileAttributes;
2150	} FILE_NETWORK_OPEN_INFORMATION;
2151	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2152	typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2153	{
2154	ULONG FileAttributes;
2155	ULONG ReparseTag;
2156	} FILE_ATTRIBUTE_TAG_INFORMATION;
2157	typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2158	typedef struct _FILE_TRACKING_INFORMATION
2159	{
2160	HANDLE DestinationFile;
2161	ULONG ObjectInformationLength;
2162	CHAR ObjectInformation[1];
2163	} FILE_TRACKING_INFORMATION;
2164	typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2165	typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2166	{
2167	ULONG NextEntryOffset;
2168	ULONG FileIndex;
2169	LARGE_INTEGER CreationTime;
2170	LARGE_INTEGER LastAccessTime;
2171	LARGE_INTEGER LastWriteTime;
2172	LARGE_INTEGER ChangeTime;
2173	LARGE_INTEGER EndOfFile;
2174	LARGE_INTEGER AllocationSize;
2175	ULONG FileAttributes;
2176	ULONG FileNameLength;
2177	ULONG EaSize;
2178	CCHAR ShortNameLength;
2179	WCHAR ShortName[12];
2180	LARGE_INTEGER FileId;
2181	WCHAR FileName[1];
2182	} FILE_ID_BOTH_DIR_INFORMATION;
2183	typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2184	typedef struct _FILE_ID_FULL_DIR_INFORMATION
2185	{
2186	ULONG NextEntryOffset;
2187	ULONG FileIndex;
2188	LARGE_INTEGER CreationTime;
2189	LARGE_INTEGER LastAccessTime;
2190	LARGE_INTEGER LastWriteTime;
2191	LARGE_INTEGER ChangeTime;
2192	LARGE_INTEGER EndOfFile;
2193	LARGE_INTEGER AllocationSize;
2194	ULONG FileAttributes;
2195	ULONG FileNameLength;
2196	ULONG EaSize;
2197	LARGE_INTEGER FileId;
2198	WCHAR FileName[1];
2199	} FILE_ID_FULL_DIR_INFORMATION;
2200	typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2201	typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2202	{
2203	LARGE_INTEGER ValidDataLength;
2204	} FILE_VALID_DATA_LENGTH_INFORMATION;
2205	typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2206	typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2207	{
2208	ULONG Flags;
2209	} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2210	typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2211	typedef enum _IO_PRIORITY_HINT
2212	{
2213	IoPriorityVeryLow = 0,
2214	IoPriorityLow,
2215	IoPriorityNormal,
2216	IoPriorityHigh,
2217	IoPriorityCritical,
2218	MaxIoPriorityTypes
2219	} IO_PRIORITY_HINT;
2220	AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2221	typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2222	{
2223	IO_PRIORITY_HINT PriorityHint;
2224	} FILE_IO_PRIORITY_HINT_INFORMATION;
2225	typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2226	typedef struct _FILE_SFIO_RESERVE_INFORMATION
2227	{
2228	ULONG RequestsPerPeriod;
2229	ULONG Period;
2230	BOOLEAN RetryFailures;
2231	BOOLEAN Discardable;
2232	ULONG RequestSize;
2233	ULONG NumOutstandingRequests;
2234	} FILE_SFIO_RESERVE_INFORMATION;
2235	typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2236	typedef struct _FILE_SFIO_VOLUME_INFORMATION
2237	{
2238	ULONG MaximumRequestsPerPeriod;
2239	ULONG MinimumPeriod;
2240	ULONG MinimumTransferSize;
2241	} FILE_SFIO_VOLUME_INFORMATION;
2242	typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2243	typedef struct _FILE_LINK_ENTRY_INFORMATION
2244	{
2245	ULONG NextEntryOffset;
2246	LONGLONG ParentFileId;
2247	ULONG FileNameLength;
2248	WCHAR FileName[1];
2249	} FILE_LINK_ENTRY_INFORMATION;
2250	typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2251	typedef struct _FILE_LINKS_INFORMATION
2252	{
2253	ULONG BytesNeeded;
2254	ULONG EntriesReturned;
2255	FILE_LINK_ENTRY_INFORMATION Entry;
2256	} FILE_LINKS_INFORMATION;
2257	typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2258	typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2259	{
2260	ULONG NumberOfProcessIdsInList;
2261	ULONG_PTR ProcessIdList[1];
2262	} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2263	typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2264	typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2265	{
2266	ULONG NextEntryOffset;
2267	ULONG FileIndex;
2268	LARGE_INTEGER CreationTime;
2269	LARGE_INTEGER LastAccessTime;
2270	LARGE_INTEGER LastWriteTime;
2271	LARGE_INTEGER ChangeTime;
2272	LARGE_INTEGER EndOfFile;
2273	LARGE_INTEGER AllocationSize;
2274	ULONG FileAttributes;
2275	ULONG FileNameLength;
2276	LARGE_INTEGER FileId;
2277	GUID LockingTransactionId;
2278	ULONG TxInfoFlags;
2279	WCHAR FileName[1];
2280	} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2281	typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2282	typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2283	{
2284	BOOLEAN IsRemote;
2285	} FILE_IS_REMOTE_DEVICE_INFORMATION;
2286	typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2287	typedef struct _FILE_NUMA_NODE_INFORMATION
2288	{
2289	USHORT NodeNumber;
2290	} FILE_NUMA_NODE_INFORMATION;
2291	typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2292	typedef struct _FILE_STANDARD_LINK_INFORMATION
2293	{
2294	ULONG NumberOfAccessibleLinks;
2295	ULONG TotalNumberOfLinks;
2296	BOOLEAN DeletePending;
2297	BOOLEAN Directory;
2298	} FILE_STANDARD_LINK_INFORMATION;
2299	typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2300	typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2301	{
2302	USHORT StructureVersion;
2303	USHORT StructureSize;
2304	ULONG Protocol;
2305	USHORT ProtocolMajorVersion;
2306	USHORT ProtocolMinorVersion;
2307	USHORT ProtocolRevision;
2308	USHORT Reserved;
2309	ULONG Flags;
2310	struct
2311	{
2312	ULONG Reserved[8];
2313	} GenericReserved;
2314	struct
2315	{
2316	ULONG Reserved[16];
2317	} ProtocolSpecificReserved;
2318	} FILE_REMOTE_PROTOCOL_INFORMATION;
2319	typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2320	typedef struct _FILE_VOLUME_NAME_INFORMATION
2321	{
2322	ULONG DeviceNameLength;
2323	WCHAR DeviceName[1];
2324	} FILE_VOLUME_NAME_INFORMATION;
2325	typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2326	# ifndef FILE_INVALID_FILE_ID
2327	typedef struct _FILE_ID_128
2328	{
2329	BYTE Identifier[16];
2330	} FILE_ID_128;
2331	typedef FILE_ID_128 *PFILE_ID_128;
2332	# endif
2333	typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2334	{
2335	ULONG NextEntryOffset;
2336	ULONG FileIndex;
2337	LARGE_INTEGER CreationTime;
2338	LARGE_INTEGER LastAccessTime;
2339	LARGE_INTEGER LastWriteTime;
2340	LARGE_INTEGER ChangeTime;
2341	LARGE_INTEGER EndOfFile;
2342	LARGE_INTEGER AllocationSize;
2343	ULONG FileAttributes;
2344	ULONG FileNameLength;
2345	ULONG EaSize;
2346	ULONG ReparsePointTag;
2347	FILE_ID_128 FileId;
2348	WCHAR FileName[1];
2349	} FILE_ID_EXTD_DIR_INFORMATION;
2350	typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2351	typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2352	{
2353	ULONG NextEntryOffset;
2354	ULONG FileIndex;
2355	LARGE_INTEGER CreationTime;
2356	LARGE_INTEGER LastAccessTime;
2357	LARGE_INTEGER LastWriteTime;
2358	LARGE_INTEGER ChangeTime;
2359	LARGE_INTEGER EndOfFile;
2360	LARGE_INTEGER AllocationSize;
2361	ULONG FileAttributes;
2362	ULONG FileNameLength;
2363	ULONG EaSize;
2364	ULONG ReparsePointTag;
2365	FILE_ID_128 FileId;
2366	CCHAR ShortNameLength;
2367	WCHAR ShortName[12];
2368	WCHAR FileName[1];
2369	} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2370	typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2371	typedef struct _FILE_ID_INFORMATION
2372	{
2373	ULONGLONG VolumeSerialNumber;
2374	FILE_ID_128 FileId;
2375	} FILE_ID_INFORMATION;
2376	typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2377	typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2378	{
2379	ULONG NextEntryOffset;
2380	FILE_ID_128 ParentFileId;
2381	ULONG FileNameLength;
2382	WCHAR FileName[1];
2383	} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2384	typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2385	typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2386	ULONG BytesNeeded;
2387	ULONG EntriesReturned;
2388	FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2389	} FILE_LINKS_FULL_ID_INFORMATION;
2390	typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2391	typedef struct _FILE_DISPOSITION_INFORMATION_EX
2392	{
2393	ULONG Flags;
2394	} FILE_DISPOSITION_INFORMATION_EX;
2395	typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2396	# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2397	typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2398	{
2399	/FILE_STORAGE_TIER_CLASS/ ULONG Class;
2400	ULONG Flags;
2401	} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2402	typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2403	# endif
2404	# if !defined(IPRT_NT_USE_WINTERNL) \|\| !defined(NTDDI_WIN11_GE) \|\| (WDK_NTDDI_VERSION < NTDDI_WIN11_GE) /* Available since at least SDK 10.0.26100.0 (didn't bother to check for earlier version). */
2405	typedef struct _FILE_STAT_INFORMATION
2406	{
2407	LARGE_INTEGER FileId;
2408	LARGE_INTEGER CreationTime;
2409	LARGE_INTEGER LastAccessTime;
2410	LARGE_INTEGER LastWriteTime;
2411	LARGE_INTEGER ChangeTime;
2412	LARGE_INTEGER AllocationSize;
2413	LARGE_INTEGER EndOfFile;
2414	ULONG FileAttributes;
2415	ULONG ReparseTag;
2416	ULONG NumberOfLinks;
2417	ACCESS_MASK EffectiveAccess;
2418	} FILE_STAT_INFORMATION;
2419	typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2420	# endif
2421	# ifndef LX_FILE_METADATA_HAS_UID
2422	typedef struct _FILE_STAT_LX_INFORMATION
2423	{
2424	LARGE_INTEGER FileId;
2425	LARGE_INTEGER CreationTime;
2426	LARGE_INTEGER LastAccessTime;
2427	LARGE_INTEGER LastWriteTime;
2428	LARGE_INTEGER ChangeTime;
2429	LARGE_INTEGER AllocationSize;
2430	LARGE_INTEGER EndOfFile;
2431	ULONG FileAttributes;
2432	ULONG ReparseTag;
2433	ULONG NumberOfLinks;
2434	ACCESS_MASK EffectiveAccess;
2435	ULONG LxFlags;
2436	ULONG LxUid;
2437	ULONG LxGid;
2438	ULONG LxMode;
2439	ULONG LxDeviceIdMajor;
2440	ULONG LxDeviceIdMinor;
2441	} FILE_STAT_LX_INFORMATION;
2442	typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2443	# endif
2444	# if !defined(IPRT_NT_USE_WINTERNL) \|\| !defined(NTDDI_WIN11_GE) \|\| (WDK_NTDDI_VERSION < NTDDI_WIN11_GE) /* Available since at least SDK 10.0.26100.0 (didn't bother to check for earlier version). */
2445	typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2446	{
2447	ULONG Flags;
2448	} FILE_CASE_SENSITIVE_INFORMATION;
2449	typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2450	# endif
2451
2452	typedef enum _FILE_INFORMATION_CLASS
2453	{
2454	FileDirectoryInformation = 1,
2455	FileFullDirectoryInformation,
2456	FileBothDirectoryInformation,
2457	FileBasicInformation,
2458	FileStandardInformation,
2459	FileInternalInformation,
2460	FileEaInformation,
2461	FileAccessInformation,
2462	FileNameInformation,
2463	FileRenameInformation,
2464	FileLinkInformation,
2465	FileNamesInformation,
2466	FileDispositionInformation,
2467	FilePositionInformation,
2468	FileFullEaInformation,
2469	FileModeInformation,
2470	FileAlignmentInformation,
2471	FileAllInformation,
2472	FileAllocationInformation,
2473	FileEndOfFileInformation,
2474	FileAlternateNameInformation,
2475	FileStreamInformation,
2476	FilePipeInformation,
2477	FilePipeLocalInformation,
2478	FilePipeRemoteInformation,
2479	FileMailslotQueryInformation,
2480	FileMailslotSetInformation,
2481	FileCompressionInformation,
2482	/* NT351 and NT4 have different stuff assigned from here on. */
2483	FileObjectIdInformation, /*< NT4 and earlier has FileCopyOnWriteInformation here - only for setting, not querying. /
2484	FileCompletionInformation,
2485	FileMoveClusterInformation,
2486	FileQuotaInformation, /*< NT35 has FileStorageInformation here (query+set) and NT4 FileOleClassIdInformation (set only). Last for NT35. /
2487	FileReparsePointInformation, /*< NT4 has FileOleStateBitsInformation here (set only). /
2488	FileNetworkOpenInformation,
2489	FileAttributeTagInformation, /*< NT4 has FileObjectIdInformation here (set only). /
2490	FileTrackingInformation, /*< NT4 has FileOleAllInformation here (query only). Last for W2K. /
2491	FileIdBothDirectoryInformation, /*< NT4 has FileOleDirectoryInformation here (dir query only). /
2492	FileIdFullDirectoryInformation, /*< NT4 has FileContentIndexInformation here (set only). /
2493	FileValidDataLengthInformation, /*< NT4 has FileInheritContentIndexInformation here (set only). /
2494	FileShortNameInformation, /*< NT4 has FileOleInformation here (query + set). Last for NT4. /
2495	FileIoCompletionNotificationInformation,
2496	FileIoStatusBlockRangeInformation,
2497	FileIoPriorityHintInformation,
2498	FileSfioReserveInformation,
2499	FileSfioVolumeInformation,
2500	FileHardLinkInformation,
2501	FileProcessIdsUsingFileInformation,
2502	FileNormalizedNameInformation,
2503	FileNetworkPhysicalNameInformation,
2504	FileIdGlobalTxDirectoryInformation,
2505	FileIsRemoteDeviceInformation,
2506	FileUnusedInformation,
2507	FileNumaNodeInformation,
2508	FileStandardLinkInformation,
2509	FileRemoteProtocolInformation,
2510	/* Defined with Windows 10: */
2511	FileRenameInformationBypassAccessCheck,
2512	FileLinkInformationBypassAccessCheck,
2513	FileVolumeNameInformation,
2514	FileIdInformation,
2515	FileIdExtdDirectoryInformation,
2516	FileReplaceCompletionInformation,
2517	FileHardLinkFullIdInformation,
2518	FileIdExtdBothDirectoryInformation,
2519	FileDispositionInformationEx,
2520	FileRenameInformationEx,
2521	FileRenameInformationExBypassAccessCheck,
2522	FileDesiredStorageClassInformation,
2523	FileStatInformation,
2524	FileMemoryPartitionInformation,
2525	FileStatLxInformation,
2526	FileCaseSensitiveInformation,
2527	FileLinkInformationEx,
2528	FileLinkInformationExBypassAccessCheck,
2529	FileStorageReserveIdInformation,
2530	FileCaseSensitiveInformationForceAccessCheck,
2531	FileMaximumInformation
2532	} FILE_INFORMATION_CLASS;
2533	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2534	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2535	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2536	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2537	RT_DECL_NTAPI(NTSTATUS) NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2538	#endif /* IPRT_NT_USE_WINTERNL */
2539	RT_DECL_NTAPI(NTSTATUS) NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2540	RT_DECL_NTAPI(NTSTATUS) NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2541
2542
2543	/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2544	* @{ */
2545	#ifndef SE_GROUP_MANDATORY
2546	# define SE_GROUP_MANDATORY UINT32_C(0x01)
2547	#endif
2548	#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2549	# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2550	#endif
2551	#ifndef SE_GROUP_ENABLED
2552	# define SE_GROUP_ENABLED UINT32_C(0x04)
2553	#endif
2554	#ifndef SE_GROUP_OWNER
2555	# define SE_GROUP_OWNER UINT32_C(0x08)
2556	#endif
2557	#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2558	# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2559	#endif
2560	#ifndef SE_GROUP_INTEGRITY
2561	# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2562	#endif
2563	#ifndef SE_GROUP_INTEGRITY_ENABLED
2564	# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2565	#endif
2566	#ifndef SE_GROUP_RESOURCE
2567	# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2568	#endif
2569	#ifndef SE_GROUP_LOGON_ID
2570	# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2571	#endif
2572	/** @} */
2573
2574
2575	#ifdef IPRT_NT_USE_WINTERNL
2576
2577	/** For use with KeyBasicInformation. */
2578	typedef struct _KEY_BASIC_INFORMATION
2579	{
2580	LARGE_INTEGER LastWriteTime;
2581	ULONG TitleIndex;
2582	ULONG NameLength;
2583	WCHAR Name[1];
2584	} KEY_BASIC_INFORMATION;
2585	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2586
2587	/** For use with KeyNodeInformation. */
2588	typedef struct _KEY_NODE_INFORMATION
2589	{
2590	LARGE_INTEGER LastWriteTime;
2591	ULONG TitleIndex;
2592	ULONG ClassOffset; /*< Offset from the start of the structure. /
2593	ULONG ClassLength;
2594	ULONG NameLength;
2595	WCHAR Name[1];
2596	} KEY_NODE_INFORMATION;
2597	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2598
2599	/** For use with KeyFullInformation. */
2600	typedef struct _KEY_FULL_INFORMATION
2601	{
2602	LARGE_INTEGER LastWriteTime;
2603	ULONG TitleIndex;
2604	ULONG ClassOffset; /*< Offset of the Class member. /
2605	ULONG ClassLength;
2606	ULONG SubKeys;
2607	ULONG MaxNameLen;
2608	ULONG MaxClassLen;
2609	ULONG Values;
2610	ULONG MaxValueNameLen;
2611	ULONG MaxValueDataLen;
2612	WCHAR Class[1];
2613	} KEY_FULL_INFORMATION;
2614	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2615
2616	/** For use with KeyNameInformation. */
2617	typedef struct _KEY_NAME_INFORMATION
2618	{
2619	ULONG NameLength;
2620	WCHAR Name[1];
2621	} KEY_NAME_INFORMATION;
2622	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2623
2624	/** For use with KeyCachedInformation. */
2625	typedef struct _KEY_CACHED_INFORMATION
2626	{
2627	LARGE_INTEGER LastWriteTime;
2628	ULONG TitleIndex;
2629	ULONG SubKeys;
2630	ULONG MaxNameLen;
2631	ULONG Values;
2632	ULONG MaxValueNameLen;
2633	ULONG MaxValueDataLen;
2634	ULONG NameLength;
2635	} KEY_CACHED_INFORMATION;
2636	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2637
2638	/** For use with KeyVirtualizationInformation. */
2639	typedef struct _KEY_VIRTUALIZATION_INFORMATION
2640	{
2641	ULONG VirtualizationCandidate : 1;
2642	ULONG VirtualizationEnabled : 1;
2643	ULONG VirtualTarget : 1;
2644	ULONG VirtualStore : 1;
2645	ULONG VirtualSource : 1;
2646	ULONG Reserved : 27;
2647	} KEY_VIRTUALIZATION_INFORMATION;
2648	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2649
2650	typedef enum _KEY_INFORMATION_CLASS
2651	{
2652	KeyBasicInformation = 0,
2653	KeyNodeInformation,
2654	KeyFullInformation,
2655	KeyNameInformation,
2656	KeyCachedInformation,
2657	KeyFlagsInformation,
2658	KeyVirtualizationInformation,
2659	KeyHandleTagsInformation,
2660	MaxKeyInfoClass
2661	} KEY_INFORMATION_CLASS;
2662	RT_DECL_NTAPI(NTSTATUS) NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2663	RT_DECL_NTAPI(NTSTATUS) NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2664
2665	typedef struct _MEMORY_SECTION_NAME
2666	{
2667	UNICODE_STRING SectionFileName;
2668	WCHAR NameBuffer[1];
2669	} MEMORY_SECTION_NAME;
2670
2671	#ifdef IPRT_NT_USE_WINTERNL
2672	typedef struct _PROCESS_BASIC_INFORMATION
2673	{
2674	NTSTATUS ExitStatus;
2675	PPEB PebBaseAddress;
2676	ULONG_PTR AffinityMask;
2677	int32_t BasePriority;
2678	ULONG_PTR UniqueProcessId;
2679	ULONG_PTR InheritedFromUniqueProcessId;
2680	} PROCESS_BASIC_INFORMATION;
2681	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2682	#endif
2683
2684	typedef enum _PROCESSINFOCLASS
2685	{
2686	ProcessBasicInformation = 0, /*< 0 / 0x00 /
2687	ProcessQuotaLimits, /*< 1 / 0x01 /
2688	ProcessIoCounters, /*< 2 / 0x02 /
2689	ProcessVmCounters, /*< 3 / 0x03 /
2690	ProcessTimes, /*< 4 / 0x04 /
2691	ProcessBasePriority, /*< 5 / 0x05 /
2692	ProcessRaisePriority, /*< 6 / 0x06 /
2693	ProcessDebugPort, /*< 7 / 0x07 /
2694	ProcessExceptionPort, /*< 8 / 0x08 /
2695	ProcessAccessToken, /*< 9 / 0x09 /
2696	ProcessLdtInformation, /*< 10 / 0x0a /
2697	ProcessLdtSize, /*< 11 / 0x0b /
2698	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
2699	ProcessIoPortHandlers, /*< 13 / 0x0d /
2700	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
2701	ProcessWorkingSetWatch, /*< 15 / 0x0f /
2702	ProcessUserModeIOPL, /*< 16 / 0x10 /
2703	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
2704	ProcessPriorityClass, /*< 18 / 0x12 /
2705	ProcessWx86Information, /*< 19 / 0x13 /
2706	ProcessHandleCount, /*< 20 / 0x14 /
2707	ProcessAffinityMask, /*< 21 / 0x15 /
2708	ProcessPriorityBoost, /*< 22 / 0x16 /
2709	ProcessDeviceMap, /*< 23 / 0x17 /
2710	ProcessSessionInformation, /*< 24 / 0x18 /
2711	ProcessForegroundInformation, /*< 25 / 0x19 /
2712	ProcessWow64Information, /*< 26 / 0x1a /
2713	ProcessImageFileName, /*< 27 / 0x1b /
2714	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
2715	ProcessBreakOnTermination, /*< 29 / 0x1d /
2716	ProcessDebugObjectHandle, /*< 30 / 0x1e /
2717	ProcessDebugFlags, /*< 31 / 0x1f /
2718	ProcessHandleTracing, /*< 32 / 0x20 /
2719	ProcessIoPriority, /*< 33 / 0x21 /
2720	ProcessExecuteFlags, /*< 34 / 0x22 /
2721	ProcessTlsInformation, /*< 35 / 0x23 /
2722	ProcessCookie, /*< 36 / 0x24 /
2723	ProcessImageInformation, /*< 37 / 0x25 /
2724	ProcessCycleTime, /*< 38 / 0x26 /
2725	ProcessPagePriority, /*< 39 / 0x27 /
2726	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
2727	ProcessThreadStackAllocation, /*< 41 / 0x29 /
2728	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
2729	ProcessImageFileNameWin32, /*< 43 / 0x2b /
2730	ProcessImageFileMapping, /*< 44 / 0x2c /
2731	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
2732	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
2733	ProcessGroupInformation, /*< 47 / 0x2f /
2734	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
2735	ProcessOwnerInformation, /*< 49 / 0x31 /
2736	ProcessWindowInformation, /*< 50 / 0x32 /
2737	ProcessHandleInformation, /*< 51 / 0x33 /
2738	ProcessMitigationPolicy, /*< 52 / 0x34 /
2739	ProcessDynamicFunctionTableInformation, /*< 53 / 0x35 /
2740	ProcessHandleCheckingMode, /*< 54 / 0x36 /
2741	ProcessKeepAliveCount, /*< 55 / 0x37 /
2742	ProcessRevokeFileHandles, /*< 56 / 0x38 /
2743	ProcessWorkingSetControl, /*< 57 / 0x39 /
2744	ProcessHandleTable, /*< 58 / 0x3a /
2745	ProcessCheckStackExtentsMode, /*< 59 / 0x3b /
2746	ProcessCommandLineInformation, /*< 60 / 0x3c /
2747	ProcessProtectionInformation, /*< 61 / 0x3d /
2748	ProcessMemoryExhaustion, /*< 62 / 0x3e /
2749	ProcessFaultInformation, /*< 63 / 0x3f /
2750	ProcessTelemetryIdInformation, /*< 64 / 0x40 /
2751	ProcessCommitReleaseInformation, /*< 65 / 0x41 /
2752	ProcessDefaultCpuSetsInformation, /*< 66 / 0x42 - aka ProcessReserved1Information /
2753	ProcessAllowedCpuSetsInformation, /*< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 /
2754	ProcessSubsystemProcess, /*< 68 / 0x44 /
2755	ProcessJobMemoryInformation, /*< 69 / 0x45 /
2756	ProcessInPrivate, /*< 70 / 0x46 /
2757	ProcessRaiseUMExceptionOnInvalidHandleClose,/*< 71 / 0x47 /
2758	ProcessIumChallengeResponse, /*< 72 / 0x48 /
2759	ProcessChildProcessInformation, /*< 73 / 0x49 /
2760	ProcessHighGraphicsPriorityInformation, /*< 74 / 0x4a /
2761	ProcessSubsystemInformation, /*< 75 / 0x4b /
2762	ProcessEnergyValues, /*< 76 / 0x4c /
2763	ProcessPowerThrottlingState, /*< 77 / 0x4d /
2764	ProcessReserved3Information, /*< 78 / 0x4e /
2765	ProcessWin32kSyscallFilterInformation, /*< 79 / 0x4f /
2766	ProcessDisableSystemAllowedCpuSets, /*< 80 / 0x50 /
2767	ProcessWakeInformation, /*< 81 / 0x51 /
2768	ProcessEnergyTrackingState, /*< 82 / 0x52 /
2769	ProcessManageWritesToExecutableMemory, /*< 83 / 0x53 /
2770	ProcessCaptureTrustletLiveDump, /*< 84 / 0x54 /
2771	ProcessTelemetryCoverage, /*< 85 / 0x55 /
2772	ProcessEnclaveInformation, /*< 86 / 0x56 /
2773	ProcessEnableReadWriteVmLogging, /*< 87 / 0x57 /
2774	ProcessUptimeInformation, /*< 88 / 0x58 /
2775	ProcessImageSection, /*< 89 / 0x59 /
2776	ProcessDebugAuthInformation, /*< 90 / 0x5a /
2777	ProcessSystemResourceManagement, /*< 92 / 0x5b /
2778	ProcessSequenceNumber, /*< 93 / 0x5c /
2779	MaxProcessInfoClass
2780	} PROCESSINFOCLASS;
2781	AssertCompile(ProcessSequenceNumber == 0x5c);
2782	#endif
2783	#if defined(IPRT_NT_USE_WINTERNL) \|\| defined(WDK_NTDDI_VERSION) /* Present in ntddk.h from 7600.16385.1, but not in W10. */
2784	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2785	#endif
2786	#ifdef IPRT_NT_USE_WINTERNL
2787	#if ARCH_BITS == 32
2788	/** 64-bit API pass thru to WOW64 processes. */
2789	RT_DECL_NTAPI(NTSTATUS) NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2790	#endif
2791
2792	typedef enum _THREADINFOCLASS
2793	{
2794	ThreadBasicInformation = 0,
2795	ThreadTimes,
2796	ThreadPriority,
2797	ThreadBasePriority,
2798	ThreadAffinityMask,
2799	ThreadImpersonationToken,
2800	ThreadDescriptorTableEntry,
2801	ThreadEnableAlignmentFaultFixup,
2802	ThreadEventPair_Reusable,
2803	ThreadQuerySetWin32StartAddress,
2804	ThreadZeroTlsCell,
2805	ThreadPerformanceCount,
2806	ThreadAmILastThread,
2807	ThreadIdealProcessor,
2808	ThreadPriorityBoost,
2809	ThreadSetTlsArrayAddress,
2810	ThreadIsIoPending,
2811	ThreadHideFromDebugger,
2812	ThreadBreakOnTermination,
2813	ThreadSwitchLegacyState,
2814	ThreadIsTerminated,
2815	ThreadLastSystemCall,
2816	ThreadIoPriority,
2817	ThreadCycleTime,
2818	ThreadPagePriority,
2819	ThreadActualBasePriority,
2820	ThreadTebInformation,
2821	ThreadCSwitchMon,
2822	ThreadCSwitchPmu,
2823	ThreadWow64Context,
2824	ThreadGroupInformation,
2825	ThreadUmsInformation,
2826	ThreadCounterProfiling,
2827	ThreadIdealProcessorEx,
2828	ThreadCpuAccountingInformation,
2829	MaxThreadInfoClass
2830	} THREADINFOCLASS;
2831	RT_DECL_NTAPI(NTSTATUS) NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2832
2833	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2834	RT_DECL_NTAPI(NTSTATUS) ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2835
2836	RT_DECL_NTAPI(NTSTATUS) NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2837	RT_DECL_NTAPI(NTSTATUS) NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2838	RT_DECL_NTAPI(NTSTATUS) NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2839	RT_DECL_NTAPI(NTSTATUS) NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2840
2841	RT_DECL_NTAPI(NTSTATUS) NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2842	RT_DECL_NTAPI(NTSTATUS) NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2843
2844	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2845	RT_DECL_NTAPI(NTSTATUS) RtlCopySid(ULONG, PSID, PSID);
2846	RT_DECL_NTAPI(NTSTATUS) RtlCreateAcl(PACL, ULONG, ULONG);
2847	RT_DECL_NTAPI(NTSTATUS) RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2848	RT_DECL_NTAPI(BOOLEAN) RtlEqualSid(PSID, PSID);
2849	RT_DECL_NTAPI(NTSTATUS) RtlGetVersion(PRTL_OSVERSIONINFOW);
2850	RT_DECL_NTAPI(NTSTATUS) RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2851	RT_DECL_NTAPI(NTSTATUS) RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2852	RT_DECL_NTAPI(PULONG) RtlSubAuthoritySid(PSID, ULONG);
2853
2854	#endif /* IPRT_NT_USE_WINTERNL */
2855
2856	#ifdef RTNT_NEED_NT_GET_PRODUCT_TYPE
2857	RT_DECL_NTAPI(BOOLEAN) RtlGetNtProductType(enum _NT_PRODUCT_TYPE ); /< @since NT 3.1 /
2858	#endif
2859
2860	/** For use with ObjectBasicInformation.
2861	* A watered down version of this struct appears under the name
2862	* PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2863	* the first four members, so don't trust the rest. */
2864	typedef struct _OBJECT_BASIC_INFORMATION
2865	{
2866	ULONG Attributes;
2867	ACCESS_MASK GrantedAccess;
2868	ULONG HandleCount;
2869	ULONG PointerCount;
2870	/* Not in ntifs.h: */
2871	ULONG PagedPoolCharge;
2872	ULONG NonPagedPoolCharge;
2873	ULONG Reserved[3];
2874	ULONG NameInfoSize;
2875	ULONG TypeInfoSize;
2876	ULONG SecurityDescriptorSize;
2877	LARGE_INTEGER CreationTime;
2878	} OBJECT_BASIC_INFORMATION;
2879	typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2880
2881	/** For use with ObjectHandleFlagInformation. */
2882	typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2883	{
2884	BOOLEAN Inherit;
2885	BOOLEAN ProtectFromClose;
2886	} OBJECT_HANDLE_FLAG_INFORMATION;
2887	typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2888
2889	/**
2890	* Returned via ObjectTypesInformation, see also OBJECT_TYPES_INFORMATION.
2891	* The next structure address is calculate:
2892	* (uintptr_t)Name.Buffer + RT_ALIGN_32(Name.MaximumLength, sizeof(uintptr_t))
2893	*/
2894	typedef struct _OBJECT_TYPE_INFORMATION
2895	{ /* 64-bit offset */
2896	UNICODE_STRING TypeName; /*< 0x00 /
2897	ULONG TotalNumberOfObjects; /*< 0x10 /
2898	ULONG TotalNumberOfHandles; /*< 0x14 /
2899	ULONG TotalPagedPoolUsage; /*< 0x18 - not set by W10 19044 /
2900	ULONG TotalNonPagedPoolUsage; /*< 0x1c - not set by W10 19044 /
2901	ULONG TotalNamePoolUsage; /*< 0x20 - not set by W10 19044 /
2902	ULONG TotalHandleTableUsage; /*< 0x24 - not set by W10 19044 /
2903	ULONG HighWaterNumberOfObjects; /*< 0x28 /
2904	ULONG HighWaterNumberOfHandles; /*< 0x2c /
2905	ULONG HighWaterPagedPoolUsage; /*< 0x30 - not set by W10 19044 /
2906	ULONG HighWaterNonPagedPoolUsage; /*< 0x34 - not set by W10 19044 /
2907	ULONG HighWaterNamePoolUsage; /*< 0x38 - not set by W10 19044 /
2908	ULONG HighWaterHandleTableUsage; /*< 0x3c - not set by W10 19044 /
2909	ULONG InvalidAttributes; /*< 0x40 /
2910	GENERIC_MAPPING GenericMapping; /*< 0x44 /
2911	ULONG ValidAccessMask; /*< 0x54 /
2912	BOOLEAN SecurityRequired; /*< 0x58 /
2913	BOOLEAN MaintainHandleCount; /*< 0x59 /
2914	UCHAR TypeIndex; /*< 0x5a /
2915	UCHAR ReservedZero; /*< 0x5b /
2916	ULONG PoolType; /*< 0x5c /
2917	ULONG DefaultPagedPoolCharge; /*< 0x60 - not set by W10 19044 /
2918	ULONG DefaultNonPagedPoolCharge; /*< 0x64 - not set by W10 19044 /
2919	/* The name string follows after the structure. */
2920	} OBJECT_TYPE_INFORMATION;
2921	AssertCompileSize(OBJECT_TYPE_INFORMATION, sizeof(UNICODE_STRING) + 0x58);
2922	typedef OBJECT_TYPE_INFORMATION *POBJECT_TYPE_INFORMATION;
2923
2924	/** Returned via ObjectTypesInformation. */
2925	typedef struct _OBJECT_TYPES_INFORMATION
2926	{
2927	ULONG NumberOfTypes;
2928	OBJECT_TYPE_INFORMATION FirstType;
2929	} OBJECT_TYPES_INFORMATION;
2930	typedef OBJECT_TYPES_INFORMATION *POBJECT_TYPES_INFORMATION;
2931
2932	typedef enum _OBJECT_INFORMATION_CLASS
2933	{
2934	ObjectBasicInformation = 0,
2935	ObjectNameInformation,
2936	ObjectTypeInformation,
2937	ObjectTypesInformation,
2938	ObjectHandleFlagInformation,
2939	ObjectSessionInformation,
2940	MaxObjectInfoClass
2941	} OBJECT_INFORMATION_CLASS;
2942	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2943	#ifdef IN_RING0
2944	# define NtQueryObject ZwQueryObject
2945	#endif
2946	RT_DECL_NTAPI(NTSTATUS) NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2947	RT_DECL_NTAPI(NTSTATUS) NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2948	RT_DECL_NTAPI(NTSTATUS) NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2949
2950	RT_DECL_NTAPI(NTSTATUS) NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2951
2952	typedef struct _OBJECT_DIRECTORY_INFORMATION
2953	{
2954	UNICODE_STRING Name;
2955	UNICODE_STRING TypeName;
2956	} OBJECT_DIRECTORY_INFORMATION;
2957	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2958	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2959
2960	RT_DECL_NTAPI(NTSTATUS) NtSuspendProcess(HANDLE);
2961	RT_DECL_NTAPI(NTSTATUS) NtResumeProcess(HANDLE);
2962	/** @name ProcessDefaultHardErrorMode bit definitions.
2963	* @{ */
2964	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
2965	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2966	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2967	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2968	/** @} */
2969	RT_DECL_NTAPI(NTSTATUS) NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2970	RT_DECL_NTAPI(NTSTATUS) NtTerminateProcess(HANDLE, LONG);
2971
2972	/** Returned by NtQUerySection with SectionBasicInformation. */
2973	typedef struct _SECTION_BASIC_INFORMATION
2974	{
2975	PVOID BaseAddress;
2976	ULONG AllocationAttributes;
2977	LARGE_INTEGER MaximumSize;
2978	} SECTION_BASIC_INFORMATION;
2979	typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2980
2981	/** Retured by ProcessImageInformation as well as NtQuerySection. */
2982	typedef struct _SECTION_IMAGE_INFORMATION
2983	{
2984	PVOID TransferAddress;
2985	ULONG ZeroBits;
2986	SIZE_T MaximumStackSize;
2987	SIZE_T CommittedStackSize;
2988	ULONG SubSystemType;
2989	union
2990	{
2991	struct
2992	{
2993	USHORT SubSystemMinorVersion;
2994	USHORT SubSystemMajorVersion;
2995	};
2996	ULONG SubSystemVersion;
2997	};
2998	ULONG GpValue;
2999	USHORT ImageCharacteristics;
3000	USHORT DllCharacteristics;
3001	USHORT Machine;
3002	BOOLEAN ImageContainsCode;
3003	union /*< Since Vista, used to be a spare BOOLEAN. /
3004	{
3005	struct
3006	{
3007	UCHAR ComPlusNativeRead : 1;
3008	UCHAR ComPlusILOnly : 1;
3009	UCHAR ImageDynamicallyRelocated : 1;
3010	UCHAR ImageMAppedFlat : 1;
3011	UCHAR Reserved : 4;
3012	};
3013	UCHAR ImageFlags;
3014	};
3015	ULONG LoaderFlags;
3016	ULONG ImageFileSize; /*< Since XP? /
3017	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
3018	} SECTION_IMAGE_INFORMATION;
3019	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
3020
3021	typedef enum _SECTION_INFORMATION_CLASS
3022	{
3023	SectionBasicInformation = 0,
3024	SectionImageInformation,
3025	MaxSectionInfoClass
3026	} SECTION_INFORMATION_CLASS;
3027	RT_DECL_NTAPI(NTSTATUS) NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
3028
3029	RT_DECL_NTAPI(NTSTATUS) NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
3030	RT_DECL_NTAPI(NTSTATUS) NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3031	RT_DECL_NTAPI(NTSTATUS) NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
3032	#ifndef SYMBOLIC_LINK_QUERY
3033	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
3034	#endif
3035	#ifndef SYMBOLIC_LINK_ALL_ACCESS
3036	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
3037	#endif
3038
3039	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
3040	RT_DECL_NTAPI(NTSTATUS) NtResumeThread(HANDLE, PULONG);
3041	RT_DECL_NTAPI(NTSTATUS) NtSuspendThread(HANDLE, PULONG);
3042	RT_DECL_NTAPI(NTSTATUS) NtTerminateThread(HANDLE, LONG);
3043	RT_DECL_NTAPI(NTSTATUS) NtGetContextThread(HANDLE, PCONTEXT);
3044	RT_DECL_NTAPI(NTSTATUS) NtSetContextThread(HANDLE, PCONTEXT);
3045	RT_DECL_NTAPI(NTSTATUS) ZwYieldExecution(void);
3046
3047
3048	#ifndef SEC_FILE
3049	# define SEC_FILE UINT32_C(0x00800000)
3050	#endif
3051	#ifndef SEC_IMAGE
3052	# define SEC_IMAGE UINT32_C(0x01000000)
3053	#endif
3054	#ifndef SEC_PROTECTED_IMAGE
3055	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
3056	#endif
3057	#ifndef SEC_NOCACHE
3058	# define SEC_NOCACHE UINT32_C(0x10000000)
3059	#endif
3060	#ifndef MEM_ROTATE
3061	# define MEM_ROTATE UINT32_C(0x00800000)
3062	#endif
3063	typedef enum _MEMORY_INFORMATION_CLASS
3064	{
3065	MemoryBasicInformation = 0,
3066	MemoryWorkingSetList,
3067	MemorySectionName,
3068	MemoryBasicVlmInformation
3069	} MEMORY_INFORMATION_CLASS;
3070	#ifndef IPRT_NT_USE_WINTERNL
3071	# ifndef WDK_NTDDI_VERSION /* W10 ntifs.h has it, 7600.16385.1 didn't. */
3072	typedef struct _MEMORY_BASIC_INFORMATION
3073	{
3074	PVOID BaseAddress;
3075	PVOID AllocationBase;
3076	ULONG AllocationProtect;
3077	# if ARCH_BITS == 64
3078	USHORT PartitionId;
3079	# endif
3080	SIZE_T RegionSize;
3081	ULONG State;
3082	ULONG Protect;
3083	ULONG Type;
3084	} MEMORY_BASIC_INFORMATION;
3085	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
3086	# endif
3087	# define NtQueryVirtualMemory ZwQueryVirtualMemory
3088	#endif
3089	#if defined(IPRT_NT_USE_WINTERNL) \|\| !defined(WDK_NTDDI_VERSION) /* W10 ntifs.h has it, 7600.16385.1 didn't. */
3090	RT_DECL_NTAPI(NTSTATUS) NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
3091	#endif
3092	#ifdef IPRT_NT_USE_WINTERNL
3093	RT_DECL_NTAPI(NTSTATUS) NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
3094	RT_DECL_NTAPI(NTSTATUS) NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
3095	#endif
3096	RT_DECL_NTAPI(NTSTATUS) NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
3097
3098	typedef enum _SYSTEM_INFORMATION_CLASS
3099	{
3100	SystemBasicInformation = 0,
3101	SystemCpuInformation,
3102	SystemPerformanceInformation,
3103	SystemTimeOfDayInformation,
3104	SystemInformation_Unknown_4,
3105	SystemProcessInformation,
3106	SystemInformation_Unknown_6,
3107	SystemInformation_Unknown_7,
3108	SystemProcessorPerformanceInformation,
3109	SystemInformation_Unknown_9,
3110	SystemInformation_Unknown_10,
3111	SystemModuleInformation,
3112	SystemInformation_Unknown_12,
3113	SystemInformation_Unknown_13,
3114	SystemInformation_Unknown_14,
3115	SystemInformation_Unknown_15,
3116	SystemHandleInformation,
3117	SystemInformation_Unknown_17,
3118	SystemPageFileInformation,
3119	SystemInformation_Unknown_19,
3120	SystemInformation_Unknown_20,
3121	SystemCacheInformation,
3122	SystemInformation_Unknown_22,
3123	SystemInterruptInformation,
3124	SystemDpcBehaviourInformation,
3125	SystemFullMemoryInformation,
3126	SystemLoadGdiDriverInformation, /* 26 */
3127	SystemUnloadGdiDriverInformation, /* 27 */
3128	SystemTimeAdjustmentInformation,
3129	SystemSummaryMemoryInformation,
3130	SystemInformation_Unknown_30,
3131	SystemInformation_Unknown_31,
3132	SystemInformation_Unknown_32,
3133	SystemExceptionInformation,
3134	SystemCrashDumpStateInformation,
3135	SystemKernelDebuggerInformation,
3136	SystemContextSwitchInformation,
3137	SystemRegistryQuotaInformation,
3138	SystemInformation_Unknown_38,
3139	SystemInformation_Unknown_39,
3140	SystemInformation_Unknown_40,
3141	SystemInformation_Unknown_41,
3142	SystemInformation_Unknown_42,
3143	SystemInformation_Unknown_43,
3144	SystemCurrentTimeZoneInformation,
3145	SystemLookasideInformation,
3146	SystemSetTimeSlipEvent,
3147	SystemCreateSession,
3148	SystemDeleteSession,
3149	SystemInformation_Unknown_49,
3150	SystemRangeStartInformation,
3151	SystemVerifierInformation,
3152	SystemInformation_Unknown_52,
3153	SystemSessionProcessInformation,
3154	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3155	SystemInformation_Unknown_55,
3156	SystemInformation_Unknown_56,
3157	SystemExtendedProcessInformation,
3158	SystemInformation_Unknown_58,
3159	SystemInformation_Unknown_59,
3160	SystemInformation_Unknown_60,
3161	SystemInformation_Unknown_61,
3162	SystemInformation_Unknown_62,
3163	SystemInformation_Unknown_63,
3164	SystemExtendedHandleInformation, /* 64 */
3165	SystemInformation_Unknown_65,
3166	SystemInformation_Unknown_66,
3167	SystemInformation_Unknown_67, /*< See https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/codeintegrity.htm /
3168	SystemInformation_Unknown_68,
3169	SystemInformation_HotPatchInfo, /* 69 */
3170	SystemInformation_Unknown_70,
3171	SystemInformation_Unknown_71,
3172	SystemInformation_Unknown_72,
3173	SystemInformation_Unknown_73,
3174	SystemInformation_Unknown_74,
3175	SystemInformation_Unknown_75,
3176	SystemInformation_Unknown_76,
3177	SystemInformation_Unknown_77,
3178	SystemInformation_Unknown_78,
3179	SystemInformation_Unknown_79,
3180	SystemInformation_Unknown_80,
3181	SystemInformation_Unknown_81,
3182	SystemInformation_Unknown_82,
3183	SystemInformation_Unknown_83,
3184	SystemInformation_Unknown_84,
3185	SystemInformation_Unknown_85,
3186	SystemInformation_Unknown_86,
3187	SystemInformation_Unknown_87,
3188	SystemInformation_Unknown_88,
3189	SystemInformation_Unknown_89,
3190	SystemInformation_Unknown_90,
3191	SystemInformation_Unknown_91,
3192	SystemInformation_Unknown_92,
3193	SystemInformation_Unknown_93,
3194	SystemInformation_Unknown_94,
3195	SystemInformation_Unknown_95,
3196	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3197	SystemInformation_Unknown_97,
3198	SystemInformation_Unknown_98,
3199	SystemInformation_Unknown_99,
3200	SystemInformation_Unknown_100,
3201	SystemInformation_Unknown_101,
3202	SystemInformation_Unknown_102,
3203	SystemInformation_Unknown_103,
3204	SystemInformation_Unknown_104,
3205	SystemInformation_Unknown_105,
3206	SystemInformation_Unknown_107,
3207	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3208
3209	/** @todo fill gap. they've added a whole bunch of things */
3210	SystemPolicyInformation = 134,
3211	SystemInformationClassMax
3212	} SYSTEM_INFORMATION_CLASS;
3213
3214	#ifdef IPRT_NT_USE_WINTERNL
3215	typedef struct _VM_COUNTERS
3216	{
3217	SIZE_T PeakVirtualSize;
3218	SIZE_T VirtualSize;
3219	ULONG PageFaultCount;
3220	SIZE_T PeakWorkingSetSize;
3221	SIZE_T WorkingSetSize;
3222	SIZE_T QuotaPeakPagedPoolUsage;
3223	SIZE_T QuotaPagedPoolUsage;
3224	SIZE_T QuotaPeakNonPagedPoolUsage;
3225	SIZE_T QuotaNonPagedPoolUsage;
3226	SIZE_T PagefileUsage;
3227	SIZE_T PeakPagefileUsage;
3228	} VM_COUNTERS;
3229	typedef VM_COUNTERS *PVM_COUNTERS;
3230	#endif
3231
3232	#if 0
3233	typedef struct _IO_COUNTERS
3234	{
3235	ULONGLONG ReadOperationCount;
3236	ULONGLONG WriteOperationCount;
3237	ULONGLONG OtherOperationCount;
3238	ULONGLONG ReadTransferCount;
3239	ULONGLONG WriteTransferCount;
3240	ULONGLONG OtherTransferCount;
3241	} IO_COUNTERS;
3242	typedef IO_COUNTERS *PIO_COUNTERS;
3243	#endif
3244
3245	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3246	{
3247	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
3248	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
3249	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
3250	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
3251	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
3252	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
3253	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
3254	int32_t BasePriority; /*< 0x40 / 0x48 /
3255	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
3256	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
3257	ULONG HandleCount; /*< 0x4c / 0x60 /
3258	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
3259	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
3260	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
3261	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
3262	/* After this follows the threads, then the ProcessName.Buffer. */
3263	} RTNT_SYSTEM_PROCESS_INFORMATION;
3264	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3265	#ifndef IPRT_NT_USE_WINTERNL
3266	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3267	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3268	#endif
3269
3270	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3271	{
3272	USHORT UniqueProcessId;
3273	USHORT CreatorBackTraceIndex;
3274	UCHAR ObjectTypeIndex;
3275	UCHAR HandleAttributes;
3276	USHORT HandleValue;
3277	PVOID Object;
3278	ULONG GrantedAccess;
3279	} SYSTEM_HANDLE_ENTRY_INFO;
3280	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3281
3282	/** Returned by SystemHandleInformation */
3283	typedef struct _SYSTEM_HANDLE_INFORMATION
3284	{
3285	ULONG NumberOfHandles;
3286	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3287	} SYSTEM_HANDLE_INFORMATION;
3288	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3289
3290	/** Extended handle information entry.
3291	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3292	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3293	{
3294	PVOID Object;
3295	HANDLE UniqueProcessId;
3296	HANDLE HandleValue;
3297	ACCESS_MASK GrantedAccess;
3298	USHORT CreatorBackTraceIndex;
3299	USHORT ObjectTypeIndex;
3300	ULONG HandleAttributes;
3301	ULONG Reserved;
3302	} SYSTEM_HANDLE_ENTRY_INFO_EX;
3303	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3304
3305	/** Returned by SystemExtendedHandleInformation. */
3306	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3307	{
3308	ULONG_PTR NumberOfHandles;
3309	ULONG_PTR Reserved;
3310	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3311	} SYSTEM_HANDLE_INFORMATION_EX;
3312	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3313
3314	/** Returned by SystemSessionProcessInformation. */
3315	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3316	{
3317	ULONG SessionId;
3318	ULONG BufferLength;
3319	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3320	PVOID Buffer;
3321	} SYSTEM_SESSION_PROCESS_INFORMATION;
3322	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3323
3324	typedef struct _RTL_PROCESS_MODULE_INFORMATION
3325	{
3326	HANDLE Section; /*< 0x00 / 0x00 /
3327	PVOID MappedBase; /*< 0x04 / 0x08 /
3328	PVOID ImageBase; /*< 0x08 / 0x10 /
3329	ULONG ImageSize; /*< 0x0c / 0x18 /
3330	ULONG Flags; /*< 0x10 / 0x1c /
3331	USHORT LoadOrderIndex; /*< 0x14 / 0x20 /
3332	USHORT InitOrderIndex; /*< 0x16 / 0x22 /
3333	USHORT LoadCount; /*< 0x18 / 0x24 /
3334	USHORT OffsetToFileName; /*< 0x1a / 0x26 /
3335	UCHAR FullPathName[256]; /*< 0x1c / 0x28 /
3336	} RTL_PROCESS_MODULE_INFORMATION;
3337	typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3338
3339	/** Returned by SystemModuleInformation. */
3340	typedef struct _RTL_PROCESS_MODULES
3341	{
3342	ULONG NumberOfModules;
3343	RTL_PROCESS_MODULE_INFORMATION Modules[1]; /*< 0x04 / 0x08 /
3344	} RTL_PROCESS_MODULES;
3345	typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3346
3347	RT_DECL_NTAPI(NTSTATUS) NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3348	#ifndef IPRT_NT_MAP_TO_ZW
3349	RT_DECL_NTAPI(NTSTATUS) ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3350	#endif
3351
3352	RT_DECL_NTAPI(NTSTATUS) NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3353	RT_DECL_NTAPI(NTSTATUS) NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3354
3355	RT_DECL_NTAPI(NTSTATUS) NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3356	RT_DECL_NTAPI(NTSTATUS) NtYieldExecution(void);
3357	#ifndef IPRT_NT_USE_WINTERNL
3358	RT_DECL_NTAPI(NTSTATUS) NtWaitForSingleObject(HANDLE, BOOLEAN, PLARGE_INTEGER);
3359	#endif
3360	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3361	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3362	RT_DECL_NTAPI(NTSTATUS) NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3363
3364	#ifdef IPRT_NT_USE_WINTERNL
3365	RT_DECL_NTAPI(NTSTATUS) NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3366	#endif
3367
3368	#ifdef IPRT_NT_USE_WINTERNL
3369	typedef enum _EVENT_TYPE
3370	{
3371	/* Manual reset event. */
3372	NotificationEvent = 0,
3373	/* Automaitc reset event. */
3374	SynchronizationEvent
3375	} EVENT_TYPE;
3376	#endif
3377	RT_DECL_NTAPI(NTSTATUS) NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3378	RT_DECL_NTAPI(NTSTATUS) NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3379	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3380	RT_DECL_NTAPI(NTSTATUS) NtClearEvent(HANDLE);
3381	RT_DECL_NTAPI(NTSTATUS) NtResetEvent(HANDLE, PULONG);
3382	RT_DECL_NTAPI(NTSTATUS) NtSetEvent(HANDLE, PULONG);
3383	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3384	typedef enum _EVENT_INFORMATION_CLASS
3385	{
3386	EventBasicInformation = 0
3387	} EVENT_INFORMATION_CLASS;
3388	/** Data returned by NtQueryEvent + EventBasicInformation. */
3389	typedef struct EVENT_BASIC_INFORMATION
3390	{
3391	EVENT_TYPE EventType;
3392	ULONG EventState;
3393	} EVENT_BASIC_INFORMATION;
3394	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3395	RT_DECL_NTAPI(NTSTATUS) NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3396
3397	#ifdef IPRT_NT_USE_WINTERNL
3398	/** For NtQueryValueKey. */
3399	typedef enum _KEY_VALUE_INFORMATION_CLASS
3400	{
3401	KeyValueBasicInformation = 0,
3402	KeyValueFullInformation,
3403	KeyValuePartialInformation,
3404	KeyValueFullInformationAlign64,
3405	KeyValuePartialInformationAlign64
3406	} KEY_VALUE_INFORMATION_CLASS;
3407
3408	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3409	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3410	{
3411	ULONG TitleIndex;
3412	ULONG Type;
3413	ULONG DataLength;
3414	UCHAR Data[1];
3415	} KEY_VALUE_PARTIAL_INFORMATION;
3416	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3417	#endif
3418	RT_DECL_NTAPI(NTSTATUS) NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3419	RT_DECL_NTAPI(NTSTATUS) NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3420
3421
3422	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3423
3424
3425	typedef struct _CURDIR
3426	{
3427	UNICODE_STRING DosPath;
3428	HANDLE Handle; /*< 0x10 / 0x08 /
3429	} CURDIR;
3430	AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3431	typedef CURDIR *PCURDIR;
3432
3433	typedef struct _RTL_DRIVE_LETTER_CURDIR
3434	{
3435	USHORT Flags;
3436	USHORT Length;
3437	ULONG TimeStamp;
3438	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
3439	} RTL_DRIVE_LETTER_CURDIR;
3440	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3441
3442	typedef struct _RTL_USER_PROCESS_PARAMETERS
3443	{
3444	ULONG MaximumLength; /*< 0x000 / 0x000 /
3445	ULONG Length; /*< 0x004 / 0x004 /
3446	ULONG Flags; /*< 0x008 / 0x008 /
3447	ULONG DebugFlags; /*< 0x00c / 0x00c /
3448	HANDLE ConsoleHandle; /*< 0x010 / 0x010 /
3449	ULONG ConsoleFlags; /*< 0x018 / 0x014 /
3450	HANDLE StandardInput; /*< 0x020 / 0x018 /
3451	HANDLE StandardOutput; /*< 0x028 / 0x01c /
3452	HANDLE StandardError; /*< 0x030 / 0x020 /
3453	CURDIR CurrentDirectory; /*< 0x038 / 0x024 /
3454	UNICODE_STRING DllPath; /*< 0x050 / 0x030 /
3455	UNICODE_STRING ImagePathName; /*< 0x060 / 0x038 /
3456	UNICODE_STRING CommandLine; /*< 0x070 / 0x040 /
3457	PWSTR Environment; /*< 0x080 / 0x048 /
3458	ULONG StartingX; /*< 0x088 / 0x04c /
3459	ULONG StartingY; /*< 0x090 / 0x050 /
3460	ULONG CountX; /*< 0x094 / 0x054 /
3461	ULONG CountY; /*< 0x098 / 0x058 /
3462	ULONG CountCharsX; /*< 0x09c / 0x05c /
3463	ULONG CountCharsY; /*< 0x0a0 / 0x060 /
3464	ULONG FillAttribute; /*< 0x0a4 / 0x064 /
3465	ULONG WindowFlags; /*< 0x0a8 / 0x068 /
3466	ULONG ShowWindowFlags; /*< 0x0ac / 0x06c /
3467	UNICODE_STRING WindowTitle; /*< 0x0b0 / 0x070 /
3468	UNICODE_STRING DesktopInfo; /*< 0x0c0 / 0x078 /
3469	UNICODE_STRING ShellInfo; /*< 0x0d0 / 0x080 /
3470	UNICODE_STRING RuntimeInfo; /*< 0x0e0 / 0x088 /
3471	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /*< 0x0f0 / 0x090 /
3472	SIZE_T EnvironmentSize; /*< 0x3f0 / 0x - Added in Vista /
3473	SIZE_T EnvironmentVersion; /*< 0x3f8 / 0x - Added in Windows 7. /
3474	PVOID PackageDependencyData; /*< 0x400 / 0x - Added Windows 8? /
3475	ULONG ProcessGroupId; /*< 0x408 / 0x - Added Windows 8? /
3476	ULONG LoaderThreads; /*< 0x40c / 0x - Added Windows 10? /
3477	} RTL_USER_PROCESS_PARAMETERS;
3478	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3479	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3480
3481	typedef struct _RTL_USER_PROCESS_INFORMATION
3482	{
3483	ULONG Size;
3484	HANDLE ProcessHandle;
3485	HANDLE ThreadHandle;
3486	CLIENT_ID ClientId;
3487	SECTION_IMAGE_INFORMATION ImageInformation;
3488	} RTL_USER_PROCESS_INFORMATION;
3489	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3490
3491
3492	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3493	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3494	RT_DECL_NTAPI(NTSTATUS) RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3495	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3496	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3497	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3498	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3499	RT_DECL_NTAPI(VOID) RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3500	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3501	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3502
3503	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3504	typedef struct _RTL_CRITICAL_SECTION
3505	{
3506	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3507	LONG LockCount;
3508	LONG Recursioncount;
3509	HANDLE OwningThread;
3510	HANDLE LockSemaphore;
3511	ULONG_PTR SpinCount;
3512	} RTL_CRITICAL_SECTION;
3513	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3514	#endif
3515
3516	/RT_DECL_NTAPI(ULONG) RtlNtStatusToDosError(NTSTATUS rcNt);/
3517
3518	/** @def RTL_QUERY_REGISTRY_TYPECHECK
3519	* WDK 8.1+, backported in updates, ignored in older. */
3520	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
3521	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3522	#endif
3523	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3524	* WDK 8.1+, backported in updates, ignored in older. */
3525	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
3526	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3527	#endif
3528
3529	RT_DECL_NTAPI(VOID) RtlFreeUnicodeString(PUNICODE_STRING);
3530
3531	RT_C_DECLS_END
3532	/** @} */
3533
3534
3535	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
3536	/** @name NT Kernel APIs
3537	* @{ */
3538	RT_C_DECLS_BEGIN
3539
3540	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
3541
3542	RT_DECL_NTAPI(VOID) KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3543	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3544	RT_DECL_NTAPI(VOID) KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3545	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3546	RT_DECL_NTAPI(VOID) KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3547	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3548	RT_DECL_NTAPI(BOOLEAN) KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3549	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3550	RT_DECL_NTAPI(BOOLEAN) KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3551	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3552	RT_DECL_NTAPI(BOOLEAN) KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3553	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3554	RT_DECL_NTAPI(VOID) KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3555	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3556	RT_DECL_NTAPI(VOID) KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3557	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3558	RT_DECL_NTAPI(BOOLEAN) KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3559	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3560	RT_DECL_NTAPI(BOOLEAN) KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3561	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3562	/** Works like anding the complemented subtrahend with the minuend. */
3563	RT_DECL_NTAPI(BOOLEAN) KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3564	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3565	RT_DECL_NTAPI(BOOLEAN) KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3566	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3567	RT_DECL_NTAPI(BOOLEAN) KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3568	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3569	RT_DECL_NTAPI(BOOLEAN) KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3570	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3571	RT_DECL_NTAPI(ULONG) KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3572	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3573	RT_DECL_NTAPI(KEPROCESSORINDEX) KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3574	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3575	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3576	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
3577	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
3578	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
3579	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3580	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3581	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3582	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3583	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
3584	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3585	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
3586	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3587	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3588	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
3589	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3590	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
3591	typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3592
3593	RT_DECL_NTAPI(BOOLEAN) ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3594	PVOID pvOptionalConditions, PHANDLE phFound);
3595	RT_DECL_NTAPI(NTSTATUS) ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3596	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3597	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3598	RT_DECL_NTAPI(HANDLE) PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3599	RT_DECL_NTAPI(UCHAR *) PsGetProcessImageFileName(PEPROCESS);
3600	RT_DECL_NTAPI(BOOLEAN) PsIsProcessBeingDebugged(PEPROCESS);
3601	RT_DECL_NTAPI(ULONG) PsGetProcessSessionId(PEPROCESS);
3602	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
3603	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
3604
3605	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3606	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3607
3608	RT_C_DECLS_END
3609	/** @ */
3610	#endif /* IN_RING0 */
3611
3612
3613	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
3614	/** @name NT Userland APIs
3615	* @{ */
3616	RT_C_DECLS_BEGIN
3617
3618	#if 0 /** @todo figure this out some time... */
3619	typedef struct CSR_MSG_DATA_CREATED_PROCESS
3620	{
3621	HANDLE hProcess;
3622	HANDLE hThread;
3623	CLIENT_ID
3624	DWORD idProcess;
3625	DWORD idThread;
3626	DWORD fCreate;
3627
3628	} CSR_MSG_DATA_CREATED_PROCESS;
3629
3630	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3631	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3632	RT_DECL_NTAPI(NTSTATUS) CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3633	#endif
3634
3635	RT_DECL_NTAPI(VOID) LdrInitializeThunk(PVOID, PVOID, PVOID);
3636
3637	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3638	{
3639	ULONG Flags;
3640	PCUNICODE_STRING FullDllName;
3641	PCUNICODE_STRING BaseDllName;
3642	PVOID DllBase;
3643	ULONG SizeOfImage;
3644	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3645	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3646	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3647
3648	typedef union _LDR_DLL_NOTIFICATION_DATA
3649	{
3650	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3651	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3652	} LDR_DLL_NOTIFICATION_DATA;
3653	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3654	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3655
3656	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3657
3658	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3659	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3660	RT_DECL_NTAPI(NTSTATUS) LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3661	PVOID *pvCookie);
3662	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
3663	RT_DECL_NTAPI(NTSTATUS) LdrUnregisterDllNotification(PVOID pvCookie);
3664	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3665
3666	RT_DECL_NTAPI(NTSTATUS) LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3667	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3668	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3669	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3670	RT_DECL_NTAPI(NTSTATUS) LdrUnloadDll(IN HANDLE hMod);
3671	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3672	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3673	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3674	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3675	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3676	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3677	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3678	/** @since Windows XP. */
3679	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3680	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3681	/** @since Windows XP. */
3682	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3683	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3684	/** @since Windows 7. */
3685	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3686	/** @since Windows 7. */
3687	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3688	/** @since Windows 7. */
3689	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3690	OUT PHANDLE phDll);
3691	/** @since Windows 7. */
3692	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3693	OUT PHANDLE phDll);
3694	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3695	RT_DECL_NTAPI(NTSTATUS) LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3696	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3697	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3698	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3699	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3700	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3701	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3702	/** @since Windows Vista. */
3703	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3704	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3705	/** @since Windows Vista. */
3706	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
3707	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3708	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3709	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3710	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3711	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3712	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3713	/** @since Windows XP. */
3714	RT_DECL_NTAPI(NTSTATUS) LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3715	/** @since Windows XP. */
3716	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
3717	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3718	/** @since Windows XP. */
3719	RT_DECL_NTAPI(NTSTATUS) LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3720	/** @since Windows XP. */
3721	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3722
3723	RT_DECL_NTAPI(NTSTATUS) RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3724	RT_DECL_NTAPI(VOID) RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
3725	RT_DECL_NTAPI(VOID) RtlExitUserThread(NTSTATUS rcExitCode);
3726	RT_DECL_NTAPI(NTSTATUS) RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3727	IN PCUNICODE_STRING pOrgName,
3728	IN PUNICODE_STRING pDefaultSuffix,
3729	IN OUT PUNICODE_STRING pStaticString,
3730	IN OUT PUNICODE_STRING pDynamicString,
3731	IN OUT PUNICODE_STRING *ppResultString,
3732	IN PULONG pfNewFlags OPTIONAL,
3733	IN PSIZE_T pcbFilename OPTIONAL,
3734	IN PSIZE_T pcbNeeded OPTIONAL);
3735	/** @since Windows 8.
3736	* @note Status code is always zero in windows 10 build 14393. */
3737	RT_DECL_NTAPI(NTSTATUS) ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3738	/** @copydoc ApiSetQueryApiSetPresence */
3739	typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3740
3741
3742	# ifdef IPRT_NT_USE_WINTERNL
3743	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3744	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3745	typedef struct _RTL_HEAP_PARAMETERS
3746	{
3747	ULONG Length;
3748	SIZE_T SegmentReserve;
3749	SIZE_T SegmentCommit;
3750	SIZE_T DeCommitFreeBlockThreshold;
3751	SIZE_T DeCommitTotalFreeThreshold;
3752	SIZE_T MaximumAllocationSize;
3753	SIZE_T VirtualMemoryThreshold;
3754	SIZE_T InitialCommit;
3755	SIZE_T InitialReserve;
3756	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3757	SIZE_T Reserved[2];
3758	} RTL_HEAP_PARAMETERS;
3759	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3760	RT_DECL_NTAPI(PVOID) RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3761	PRTL_HEAP_PARAMETERS pParameters);
3762	/** @name Heap flags (for RtlCreateHeap).
3763	* @{ */
3764	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3765	# define HEAP_GROWABLE UINT32_C(0x00000002)
3766	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3767	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3768	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3769	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3770	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3771	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3772	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3773	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3774	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3775	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3776	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3777	# define HEAP_CLASS_0 UINT32_C(0x00000000)
3778	# define HEAP_CLASS_1 UINT32_C(0x00001000)
3779	# define HEAP_CLASS_2 UINT32_C(0x00002000)
3780	# define HEAP_CLASS_3 UINT32_C(0x00003000)
3781	# define HEAP_CLASS_4 UINT32_C(0x00004000)
3782	# define HEAP_CLASS_5 UINT32_C(0x00005000)
3783	# define HEAP_CLASS_6 UINT32_C(0x00006000)
3784	# define HEAP_CLASS_7 UINT32_C(0x00007000)
3785	# define HEAP_CLASS_8 UINT32_C(0x00008000)
3786	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3787	# endif
3788	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3789	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3790	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3791	# define HEAP_CLASS_GDI HEAP_CLASS_3
3792	# define HEAP_CLASS_USER HEAP_CLASS_4
3793	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3794	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3795	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3796	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3797	# ifdef IPRT_NT_USE_WINTERNL
3798	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3799	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3800	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3801	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3802	# endif /* IPRT_NT_USE_WINTERNL */
3803	/** @} */
3804	# ifdef IPRT_NT_USE_WINTERNL
3805	/** @name Heap tagging constants
3806	* @{ */
3807	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3808	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3809	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3810	# define HEAP_TAG_SHIFT 18 */
3811	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3812	/** @} */
3813	RT_DECL_NTAPI(PVOID) RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3814	RT_DECL_NTAPI(PVOID) RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3815	RT_DECL_NTAPI(BOOLEAN) RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3816	# endif /* IPRT_NT_USE_WINTERNL */
3817	RT_DECL_NTAPI(SIZE_T) RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3818	RT_DECL_NTAPI(SIZE_T) RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3819	RT_DECL_NTAPI(NTSTATUS) RtlGetLastNtStatus(VOID);
3820	RT_DECL_NTAPI(ULONG) RtlGetLastWin32Error(VOID);
3821	RT_DECL_NTAPI(VOID) RtlSetLastWin32Error(ULONG uError);
3822	RT_DECL_NTAPI(VOID) RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3823	RT_DECL_NTAPI(VOID) RtlRestoreLastWin32Error(ULONG uError);
3824	RT_DECL_NTAPI(BOOLEAN) RtlQueryPerformanceCounter(PLARGE_INTEGER);
3825	RT_DECL_NTAPI(uint64_t) RtlGetSystemTimePrecise(VOID);
3826	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3827	RT_DECL_NTAPI(uint64_t) RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3828	typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3829	RT_DECL_NTAPI(BOOLEAN) RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3830	typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3831
3832	RT_C_DECLS_END
3833	/** @} */
3834	#endif /* IN_RING3 */
3835
3836	#endif /* !IPRT_INCLUDED_nt_nt_h */
3837

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 107420

Download in other formats: