nt.h@ 52403

Last change on this file since 52403 was 52364, checked in by vboxsync, 11 years ago
nt.h: NtOpenKey, NtQuerySecurityObject, NtQueryValueKey, RtlEqualSid, RtlExpandEnvironmentStrings_U.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 81.7 KB

Line
1	/* $Id: nt.h 52364 2014-08-13 06:09:41Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQuerySystemInformation ZwQuerySystemInformation
43	# define NtQuerySecurityObject ZwQuerySecurityObject
44	# define NtClose ZwClose
45	# define NtCreateFile ZwCreateFile
46	# define NtReadFile ZwReadFile
47	# define NtWriteFile ZwWriteFile
48	/** @todo this is very incomplete! */
49	#endif
50
51	#include <ntstatus.h>
52
53	/*
54	* Hacks common to both base header sets.
55	*/
56	#define NtQueryObject Incomplete_NtQueryObject
57	#define ZwQueryObject Incomplete_ZwQueryObject
58	#define NtSetInformationObject Incomplete_NtSetInformationObject
59	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
60	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
61	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
62	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
63	#define _PEB Incomplete__PEB
64	#define PEB Incomplete_PEB
65	#define PPEB Incomplete_PPEB
66	#define _TEB Incomplete__TEB
67	#define TEB Incomplete_TEB
68	#define PTEB Incomplete_PTEB
69	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
70	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
71	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
72
73
74	#ifdef IPRT_NT_USE_WINTERNL
75	/*
76	* Use Winternl.h.
77	*/
78	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
79	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
80	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
81
82	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
83	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
84	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
85	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
86	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
87	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
88	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
89	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
90	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
91	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
92	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
93	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
94
95	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
96	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
97	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
98
99	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
100	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
101	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
102	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
103	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
104
105	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
106	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
107	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
108	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
109	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
110	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
111	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
112	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
113	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
114	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
115	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
116	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
117	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
118	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
119
120
121	# define WIN32_NO_STATUS
122	# include <windef.h>
123	# include <winnt.h>
124	# include <winternl.h>
125	# undef WIN32_NO_STATUS
126	# include <ntstatus.h>
127
128
129	# undef _FILE_INFORMATION_CLASS
130	# undef FILE_INFORMATION_CLASS
131	# undef FileDirectoryInformation
132
133	# undef NtQueryInformationProcess
134	# undef NtSetInformationProcess
135	# undef PROCESSINFOCLASS
136	# undef _PROCESSINFOCLASS
137	# undef PROCESS_BASIC_INFORMATION
138	# undef PPROCESS_BASIC_INFORMATION
139	# undef _PROCESS_BASIC_INFORMATION
140	# undef ProcessBasicInformation
141	# undef ProcessDebugPort
142	# undef ProcessWow64Information
143	# undef ProcessImageFileName
144	# undef ProcessBreakOnTermination
145
146	# undef RTL_USER_PROCESS_PARAMETERS
147	# undef PRTL_USER_PROCESS_PARAMETERS
148	# undef _RTL_USER_PROCESS_PARAMETERS
149
150	# undef NtQueryInformationThread
151	# undef NtSetInformationThread
152	# undef THREADINFOCLASS
153	# undef _THREADINFOCLASS
154	# undef ThreadIsIoPending
155
156	# undef NtQuerySystemInformation
157	# undef NtSetSystemInformation
158	# undef SYSTEM_INFORMATION_CLASS
159	# undef _SYSTEM_INFORMATION_CLASS
160	# undef SystemBasicInformation
161	# undef SystemPerformanceInformation
162	# undef SystemTimeOfDayInformation
163	# undef SystemProcessInformation
164	# undef SystemProcessorPerformanceInformation
165	# undef SystemInterruptInformation
166	# undef SystemExceptionInformation
167	# undef SystemRegistryQuotaInformation
168	# undef SystemLookasideInformation
169	# undef SystemPolicyInformation
170
171	#else
172	/*
173	* Use ntifs.h and wdm.h.
174	*/
175	# ifdef RT_ARCH_X86
176	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
177	# pragma warning(disable : 4163)
178	# endif
179
180	# include <ntifs.h>
181	# include <wdm.h>
182
183	# ifdef RT_ARCH_X86
184	# pragma warning(default : 4163)
185	# undef _InterlockedAddLargeStatistic
186	# endif
187
188	# define IPRT_NT_NEED_API_GROUP_NTIFS
189	#endif
190
191	#undef NtQueryObject
192	#undef ZwQueryObject
193	#undef NtSetInformationObject
194	#undef _OBJECT_INFORMATION_CLASS
195	#undef OBJECT_INFORMATION_CLASS
196	#undef ObjectBasicInformation
197	#undef ObjectTypeInformation
198	#undef _PEB
199	#undef PEB
200	#undef PPEB
201	#undef _TEB
202	#undef TEB
203	#undef PTEB
204	#undef _PEB_LDR_DATA
205	#undef PEB_LDR_DATA
206	#undef PPEB_LDR_DATA
207
208
209	#include <iprt/types.h>
210	#include <iprt/assert.h>
211
212
213	/** @name Useful macros
214	* @{ */
215	/** Indicates that we're targetting native NT in the current source. */
216	#define RTNT_USE_NATIVE_NT 1
217	/** Initializes a IO_STATUS_BLOCK. */
218	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
219	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
220	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
221	/** Constant UNICODE_STRING initializer. */
222	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
223	/** @} */
224
225
226	/** @name IPRT helper functions for NT
227	* @{ */
228	RT_C_DECLS_BEGIN
229
230	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
231	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
232	PHANDLE phHandle, PULONG_PTR puDisposition);
233	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
234	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
235	RTDECL(int) RTNtPathClose(HANDLE hHandle);
236
237	RT_C_DECLS_END
238	/** @} */
239
240
241	/** @name NT API delcarations.
242	* @{ */
243	RT_C_DECLS_BEGIN
244
245	/** @name Process access rights missing in ntddk headers
246	* @{ */
247	#ifndef PROCESS_TERMINATE
248	# define PROCESS_TERMINATE UINT32_C(0x00000001)
249	#endif
250	#ifndef PROCESS_CREATE_THREAD
251	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
252	#endif
253	#ifndef PROCESS_SET_SESSIONID
254	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
255	#endif
256	#ifndef PROCESS_VM_OPERATION
257	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
258	#endif
259	#ifndef PROCESS_VM_READ
260	# define PROCESS_VM_READ UINT32_C(0x00000010)
261	#endif
262	#ifndef PROCESS_VM_WRITE
263	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
264	#endif
265	#ifndef PROCESS_DUP_HANDLE
266	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
267	#endif
268	#ifndef PROCESS_CREATE_PROCESS
269	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
270	#endif
271	#ifndef PROCESS_SET_QUOTA
272	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
273	#endif
274	#ifndef PROCESS_SET_INFORMATION
275	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
276	#endif
277	#ifndef PROCESS_QUERY_INFORMATION
278	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
279	#endif
280	#ifndef PROCESS_SUSPEND_RESUME
281	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
282	#endif
283	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
284	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
285	#endif
286	#ifndef PROCESS_SET_LIMITED_INFORMATION
287	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
288	#endif
289	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
290	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
291	#ifndef PROCESS_ALL_ACCESS
292	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
293	#endif
294	/** @} */
295
296	/** @name Thread access rights missing in ntddk headers
297	* @{ */
298	#ifndef THREAD_QUERY_INFORMATION
299	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
300	#endif
301	#ifndef THREAD_SET_THREAD_TOKEN
302	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
303	#endif
304	#ifndef THREAD_IMPERSONATE
305	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
306	#endif
307	#ifndef THREAD_DIRECT_IMPERSONATION
308	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
309	#endif
310	#ifndef THREAD_RESUME
311	# define THREAD_RESUME UINT32_C(0x00001000)
312	#endif
313	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
314	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
315	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
316	/** @} */
317
318	/** @name Special handle values.
319	* @{ */
320	#ifndef NtCurrentProcess
321	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
322	#endif
323	#ifndef NtCurrentThread
324	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
325	#endif
326	#ifndef ZwCurrentProcess
327	# define ZwCurrentProcess() NtCurrentProcess()
328	#endif
329	#ifndef ZwCurrentThread
330	# define ZwCurrentThread() NtCurrentThread()
331	#endif
332	/** @} */
333
334
335	/** @name Directory object access rights.
336	* @{ */
337	#ifndef DIRECTORY_QUERY
338	# define DIRECTORY_QUERY UINT32_C(0x00000001)
339	#endif
340	#ifndef DIRECTORY_TRAVERSE
341	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
342	#endif
343	#ifndef DIRECTORY_CREATE_OBJECT
344	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
345	#endif
346	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
347	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
348	#endif
349	#ifndef DIRECTORY_ALL_ACCESS
350	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
351	#endif
352	/** @} */
353
354
355
356	#ifdef IPRT_NT_USE_WINTERNL
357	typedef struct _CLIENT_ID
358	{
359	HANDLE UniqueProcess;
360	HANDLE UniqueThread;
361	} CLIENT_ID;
362	typedef CLIENT_ID *PCLIENT_ID;
363	#endif
364
365	/** @name Process And Thread Environment Blocks
366	* @{ */
367
368	typedef struct _PEB_LDR_DATA
369	{
370	uint32_t Length;
371	BOOLEAN Initialized;
372	BOOLEAN Padding[3];
373	HANDLE SsHandle;
374	LIST_ENTRY InLoadOrderModuleList;
375	LIST_ENTRY InMemoryOrderModuleList;
376	LIST_ENTRY InInitializationOrderModuleList;
377	/* End NT4 */
378	LIST_ENTRY *EntryInProgress;
379	BOOLEAN ShutdownInProgress;
380	HANDLE ShutdownThreadId;
381	} PEB_LDR_DATA;
382	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
383
384	typedef struct _PEB_COMMON
385	{
386	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
387	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
388	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
389	union
390	{
391	uint8_t BitField; /*< 0x003 / 0x003 /
392	struct
393	{
394	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
395	} Common;
396	struct
397	{
398	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
399	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
400	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
401	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
402	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
403	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
404	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
405	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
406	} W81;
407	struct
408	{
409	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
410	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
411	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
412	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
413	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
414	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
415	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
416	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
417	} W80;
418	struct
419	{
420	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
421	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
422	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
423	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
424	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
425	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
426	} W7;
427	struct
428	{
429	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
430	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
431	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
432	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
433	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
434	} W6;
435	struct
436	{
437	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
438	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
439	} W52;
440	struct
441	{
442	BOOLEAN SpareBool;
443	} W51;
444	} Diff0;
445	#if ARCH_BITS == 64
446	uint32_t Padding0; /*< 0x004 / NA /
447	#endif
448	HANDLE Mutant; /*< 0x008 / 0x004 /
449	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
450	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
451	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
452	PVOID SubSystemData; /*< 0x028 / 0x014 /
453	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
454	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
455	union
456	{
457	struct
458	{
459	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
460	PVOID IFEOKey; /*< 0x048 / 0x024 /
461	union
462	{
463	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
464	struct
465	{
466	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
467	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
468	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
469	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
470	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
471	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
472	} W7, W8, W80, W81;
473	struct
474	{
475	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
476	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
477	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
478	} W6;
479	};
480	#if ARCH_BITS == 64
481	uint32_t Padding1; /*< 0x054 / /
482	#endif
483	} W6, W7, W8, W80, W81;
484	struct
485	{
486	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
487	PVOID SparePtr2; /*< 0x048 / 0x024 /
488	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
489	#if ARCH_BITS == 64
490	uint32_t Padding1; /*< 0x054 / /
491	#endif
492	} W52;
493	struct
494	{
495	PVOID FastPebLockRoutine; /*< NA / 0x020 /
496	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
497	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
498	} W51;
499	} Diff1;
500	union
501	{
502	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
503	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
504	};
505	uint32_t SystemReserved; /*< 0x060 / 0x030 /
506	union
507	{
508	struct
509	{
510	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
511	} W7, W8, W80, W81;
512	struct
513	{
514	uint32_t SpareUlong; /*< 0x064 / 0x034 /
515	} W52, W6;
516	struct
517	{
518	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
519	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
520	} W51;
521	} Diff2;
522	union
523	{
524	struct
525	{
526	PVOID ApiSetMap; /*< 0x068 / 0x038 /
527	} W7, W8, W80, W81;
528	struct
529	{
530	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
531	} W52, W6;
532	struct
533	{
534	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
535	} W51;
536	} Diff3;
537	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
538	#if ARCH_BITS == 64
539	uint32_t Padding2; /*< 0x074 / NA /
540	#endif
541	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
542	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
543	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
544	union
545	{
546	struct
547	{
548	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
549	} W81;
550	struct
551	{
552	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
553	} W6, W7, W80;
554	struct
555	{
556	PVOID ReadOnlySharedMemoryHeap;
557	} W52;
558	} Diff4;
559	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
560	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
561	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
562	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
563	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
564	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
565	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
566	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
567	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
568	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
569	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
570	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
571	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
572	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
573	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
574	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
575	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
576	#if ARCH_BITS == 64
577	uint32_t Padding3; /*< 0x10c / NA /
578	#endif
579	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
580	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
581	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
582	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
583	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
584	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
585	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
586	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
587	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
588	#if ARCH_BITS == 64
589	uint32_t Padding4; /*< 0x134 / NA /
590	#endif
591	union
592	{
593	struct
594	{
595	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
596	} W7, W8, W80, W81;
597	struct
598	{
599	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
600	} W52, W6;
601	} Diff5;
602	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
603	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
604	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
605	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
606	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
607	#if ARCH_BITS == 64
608	uint32_t Padding5; /*< 0x2c4 / NA /
609	#endif
610	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
611	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
612	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
613	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
614	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
615	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
616	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
617	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
618	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
619	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
620	/* End of PEB in W52 (Windows XP (RTM))! */
621	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
622	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
623	PVOID FlsBitmap; /*< 0x338 / 0x218 /
624	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
625	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
626	/* End of PEB in W52 (Windows Server 2003)! */
627	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
628	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
629	/* End of PEB in W6 (windows Vista)! */
630	union
631	{
632	struct
633	{
634	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
635	} W8, W80, W81;
636	struct
637	{
638	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
639	} W7;
640	} Diff6;
641	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
642	union
643	{
644	uint32_t TracingFlags; /*< 0x378 / 0x240 /
645	struct
646	{
647	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
648	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
649	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
650	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
651	} W8, W80, W81;
652	struct
653	{
654	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
655	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
656	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
657	} W7;
658	} Diff7;
659	#if ARCH_BITS == 64
660	uint32_t Padding6; /*< 0x37c / NA /
661	#endif
662	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
663	} PEB_COMMON;
664	typedef PEB_COMMON *PPEB_COMMON;
665
666	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
667	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
668	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
669	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
670	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
671	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
672	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
673	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
674	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
675
676	/** The size of the windows 8.1 PEB structure. */
677	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
678	/** The size of the windows 8.0 PEB structure. */
679	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
680	/** The size of the windows 7 PEB structure. */
681	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
682	/** The size of the windows vista PEB structure. */
683	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
684	/** The size of the windows server 2003 PEB structure. */
685	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
686	/** The size of the windows XP PEB structure. */
687	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
688
689	#if 0
690	typedef struct _NT_TIB
691	{
692	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
693	PVOID StackBase;
694	PVOID StackLimit;
695	PVOID SubSystemTib;
696	union
697	{
698	PVOID FiberData;
699	ULONG Version;
700	};
701	PVOID ArbitraryUserPointer;
702	struct _NT_TIB *Self;
703	} NT_TIB;
704	typedef NT_TIB *PNT_TIB;
705	#endif
706
707	typedef struct _ACTIVATION_CONTEXT_STACK
708	{
709	uint32_t Flags;
710	uint32_t NextCookieSequenceNumber;
711	PVOID ActiveFrame;
712	LIST_ENTRY FrameListCache;
713	} ACTIVATION_CONTEXT_STACK;
714
715	/* Common TEB. */
716	typedef struct _TEB_COMMON
717	{
718	NT_TIB NtTib; /*< 0x000 / 0x000 /
719	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
720	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
721	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
722	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
723	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
724	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
725	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
726	PVOID CsrClientThread; /*< 0x070 / 0x03c /
727	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
728	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
729	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
730	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
731	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
732	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
733	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
734	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
735	#if ARCH_BITS == 64
736	uint32_t Padding0; /*< 0x2c4 / NA /
737	#endif
738	union
739	{
740	struct
741	{
742	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
743	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
744	} W52, W6, W7, W8, W80, W81;
745	#if ARCH_BITS == 32
746	struct
747	{
748	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
749	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
750	} W51;
751	#endif
752	} Diff0;
753	union
754	{
755	struct
756	{
757	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
758	} W6, W7, W8, W80, W81;
759	struct
760	{
761	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
762	} W52;
763	} Diff1;
764	#if ARCH_BITS == 64
765	uint32_t Padding1; /*< 0x2ec / NA /
766	#endif
767	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
768	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
769	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
770	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
771	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
772	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
773	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
774	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
775	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
776	PVOID glReserved2; /*< 0x1220 / 0xbdc /
777	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
778	PVOID glSection; /*< 0x1230 / 0xbe4 /
779	PVOID glTable; /*< 0x1238 / 0xbe8 /
780	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
781	PVOID glContext; /*< 0x1248 / 0xbf0 /
782	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
783	#if ARCH_BITS == 64
784	uint32_t Padding2; /*< 0x1254 / NA /
785	#endif
786	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
787	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
788	#if ARCH_BITS == 64
789	WCHAR Padding3[3]; /*< 0x1472 / NA /
790	#endif
791	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
792	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
793	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
794	PVOID Vdm; /*< 0x1690 / 0xf18 /
795	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
796	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
797	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
798	#if ARCH_BITS == 64
799	uint32_t Padding4; /*< 0x16b4 / NA /
800	#endif
801	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
802	union
803	{
804	struct
805	{
806	GUID ActivityId; /*< 0x1710 / 0xf50 /
807	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
808	} W6, W7, W8, W80, W81;
809	struct
810	{
811	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
812	} W52;
813	} Diff2;
814	union /*< 0x1728 / 0xf64 /
815	{
816	struct
817	{
818	PVOID PerflibData; /*< 0x1728 / 0xf64 /
819	} W8, W80, W81;
820	struct
821	{
822	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
823	} W7, W6;
824	struct
825	{
826	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
827	} W52;
828	struct
829	{
830	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
831	} W51;
832	} Diff3;
833	union
834	{
835	struct
836	{
837	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
838	} W52, W6, W7, W8, W80, W81;
839	struct
840	{
841	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
842	} W51;
843	} Diff4;
844	PVOID WinSockData; /*< 0x1738 / 0xf6c /
845	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
846	union
847	{
848	union
849	{
850	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
851	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
852	struct
853	{
854	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
855	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
856	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
857	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
858	};
859	} W6, W7, W8, W80, W81;
860	struct
861	{
862	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
863	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
864	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
865	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
866	} W51, W52;
867	} Diff5;
868	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
869	#if ARCH_BITS == 64
870	uint32_t Padding5; /*< 0x174c / NA /
871	#endif
872	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
873	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
874	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
875	#if ARCH_BITS == 64
876	uint32_t Padding6; /*< 0x1764 / NA /
877	#endif
878	union /*< 0x1770 / 0xf8c /
879	{
880	struct
881	{
882	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
883	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
884	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
885	} W8, W80, W81;
886	struct
887	{
888	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
889	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
890	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
891	} W6, W7;
892	struct
893	{
894	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
895	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
896	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
897	} W52;
898	#if ARCH_BITS == 32
899	struct _Wx86ThreadState
900	{
901	PVOID CallBx86Eip; /*< NA / 0xf88 /
902	PVOID DeallocationCpu; /*< NA / 0xf8c /
903	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
904	int8_t OleStubInvoked; /*< NA / 0xf91 /
905	} W51;
906	#endif
907	} Diff6;
908	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
909	#if ARCH_BITS == 64
910	PVOID DallocationBStore; /*< 0x1788 / NA /
911	PVOID BStoreLimit; /*< 0x1790 / NA /
912	#endif
913	union
914	{
915	struct
916	{
917	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
918	} W7, W8, W80, W81;
919	struct
920	{
921	uint32_t ImpersonationLocale;
922	} W6;
923	} Diff7;
924	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
925	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
926	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
927	union /*< 0x17b0 / 0xfa8 /
928	{
929	struct
930	{
931	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
932	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
933	} W8, W80, W81;
934	struct
935	{
936	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
937	} W7;
938	} Diff8;
939	#if ARCH_BITS == 64
940	uint32_t Padding7; /*< 0x17b4 / NA /
941	#endif
942	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
943	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
944	/* End of TEB in W51 (Windows XP)! */
945	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
946	union
947	{
948	struct
949	{
950	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
951	} W6, W7, W8, W80, W81;
952	struct
953	{
954	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
955	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
956	/* End of TEB in W52 (Windows server 2003)! */
957	} W52;
958	} Diff9;
959	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
960	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
961	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
962	union
963	{
964	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
965	struct
966	{
967	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
968	};
969	};
970	union
971	{
972	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
973	struct
974	{
975	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
976	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
977	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
978	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
979	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
980	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
981	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
982	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
983	} Common;
984	struct
985	{
986	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
987	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
988	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
989	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
990	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
991	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
992	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
993	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
994	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
995	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
996	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
997	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
998	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
999	} W8, W80, W81;
1000	struct
1001	{
1002	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1003	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1004	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1005	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1006	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1007	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1008	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1009	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1010	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1011	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1012	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1013	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1014	} W7;
1015	struct
1016	{
1017	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1018	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1019	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1020	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1021	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1022	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1023	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1024	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1025	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1026	} W6;
1027	} Diff10;
1028	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1029	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1030	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1031	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1032	union
1033	{
1034	struct
1035	{
1036	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1037	} W7, W8, W80, W81;
1038	struct
1039	{
1040	uint32_t ProcessRundown;
1041	} W6;
1042	} Diff11;
1043	union
1044	{
1045	struct
1046	{
1047	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1048	/* End of TEB in W7 (windows 7)! */
1049	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1050	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1051	} W8, W80, W81;
1052	struct
1053	{
1054	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1055	} W7;
1056	struct
1057	{
1058	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1059	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1060	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1061	/* End of TEB in W6 (windows Vista)! */
1062	} W6;
1063	} Diff12;
1064	} TEB_COMMON;
1065	typedef TEB_COMMON *PTEB_COMMON;
1066	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1067	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1068	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1069	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1070	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1071	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1072	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1073	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1074	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1075	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1076	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1077	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1078	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1079
1080
1081	/** The size of the windows 8.1 PEB structure. */
1082	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1083	/** The size of the windows 8.0 PEB structure. */
1084	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1085	/** The size of the windows 7 PEB structure. */
1086	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1087	/** The size of the windows vista PEB structure. */
1088	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1089	/** The size of the windows server 2003 PEB structure. */
1090	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1091	/** The size of the windows XP PEB structure. */
1092	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1093
1094
1095
1096	#define _PEB _PEB_COMMON
1097	typedef PEB_COMMON PEB;
1098	typedef PPEB_COMMON PPEB;
1099
1100	#define _TEB _TEB_COMMON
1101	typedef TEB_COMMON TEB;
1102	typedef PTEB_COMMON PTEB;
1103
1104	#define NtCurrentPeb() (((PTEB)NtCurrentTeb())->ProcessEnvironmentBlock)
1105
1106	/** @} */
1107
1108
1109	#ifdef IPRT_NT_USE_WINTERNL
1110	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1111	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1112
1113	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1114	{
1115	ULONG FileSystemAttributes;
1116	LONG MaximumComponentNameLength;
1117	ULONG FileSystemNameLength;
1118	WCHAR FileSystemName[1];
1119	} FILE_FS_ATTRIBUTE_INFORMATION;
1120	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1121
1122	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1123	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1124	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1125	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1126
1127	typedef enum _FSINFOCLASS
1128	{
1129	FileFsVolumeInformation = 1,
1130	FileFsLabelInformation,
1131	FileFsSizeInformation,
1132	FileFsDeviceInformation,
1133	FileFsAttributeInformation,
1134	FileFsControlInformation,
1135	FileFsFullSizeInformation,
1136	FileFsObjectIdInformation,
1137	FileFsDriverPathInformation,
1138	FileFsVolumeFlagsInformation,
1139	FileFsSectorSizeInformation,
1140	FileFsDataCopyInformation,
1141	FileFsMaximumInformation
1142	} FS_INFORMATION_CLASS;
1143	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1144	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1145
1146	typedef struct _FILE_BOTH_DIR_INFORMATION
1147	{
1148	ULONG NextEntryOffset;
1149	ULONG FileIndex;
1150	LARGE_INTEGER CreationTime;
1151	LARGE_INTEGER LastAccessTime;
1152	LARGE_INTEGER LastWriteTime;
1153	LARGE_INTEGER ChangeTime;
1154	LARGE_INTEGER EndOfFile;
1155	LARGE_INTEGER AllocationSize;
1156	ULONG FileAttributes;
1157	ULONG FileNameLength;
1158	ULONG EaSize;
1159	CCHAR ShortNameLength;
1160	WCHAR ShortName[12];
1161	WCHAR FileName[1];
1162	} FILE_BOTH_DIR_INFORMATION;
1163	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1164	typedef struct _FILE_STANDARD_INFORMATION
1165	{
1166	LARGE_INTEGER AllocationSize;
1167	LARGE_INTEGER EndOfFile;
1168	ULONG NumberOfLinks;
1169	BOOLEAN DeletePending;
1170	BOOLEAN Directory;
1171	} FILE_STANDARD_INFORMATION;
1172	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1173	typedef struct _FILE_NAME_INFORMATION
1174	{
1175	ULONG FileNameLength;
1176	WCHAR FileName[1];
1177	} FILE_NAME_INFORMATION;
1178	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1179	typedef enum _FILE_INFORMATION_CLASS
1180	{
1181	FileDirectoryInformation = 1,
1182	FileFullDirectoryInformation,
1183	FileBothDirectoryInformation,
1184	FileBasicInformation,
1185	FileStandardInformation,
1186	FileInternalInformation,
1187	FileEaInformation,
1188	FileAccessInformation,
1189	FileNameInformation,
1190	FileRenameInformation,
1191	FileLinkInformation,
1192	FileNamesInformation,
1193	FileDispositionInformation,
1194	FilePositionInformation,
1195	FileFullEaInformation,
1196	FileModeInformation,
1197	FileAlignmentInformation,
1198	FileAllInformation,
1199	FileAllocationInformation,
1200	FileEndOfFileInformation,
1201	FileAlternateNameInformation,
1202	FileStreamInformation,
1203	FilePipeInformation,
1204	FilePipeLocalInformation,
1205	FilePipeRemoteInformation,
1206	FileMailslotQueryInformation,
1207	FileMailslotSetInformation,
1208	FileCompressionInformation,
1209	FileObjectIdInformation,
1210	FileCompletionInformation,
1211	FileMoveClusterInformation,
1212	FileQuotaInformation,
1213	FileReparsePointInformation,
1214	FileNetworkOpenInformation,
1215	FileAttributeTagInformation,
1216	FileTrackingInformation,
1217	FileIdBothDirectoryInformation,
1218	FileIdFullDirectoryInformation,
1219	FileValidDataLengthInformation,
1220	FileShortNameInformation,
1221	FileIoCompletionNotificationInformation,
1222	FileIoStatusBlockRangeInformation,
1223	FileIoPriorityHintInformation,
1224	FileSfioReserveInformation,
1225	FileSfioVolumeInformation,
1226	FileHardLinkInformation,
1227	FileProcessIdsUsingFileInformation,
1228	FileNormalizedNameInformation,
1229	FileNetworkPhysicalNameInformation,
1230	FileIdGlobalTxDirectoryInformation,
1231	FileIsRemoteDeviceInformation,
1232	FileUnusedInformation,
1233	FileNumaNodeInformation,
1234	FileStandardLinkInformation,
1235	FileRemoteProtocolInformation,
1236	FileRenameInformationBypassAccessCheck,
1237	FileLinkInformationBypassAccessCheck,
1238	FileVolumeNameInformation,
1239	FileIdInformation,
1240	FileIdExtdDirectoryInformation,
1241	FileReplaceCompletionInformation,
1242	FileHardLinkFullIdInformation,
1243	FileMaximumInformation
1244	} FILE_INFORMATION_CLASS;
1245	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1246	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1247	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1248	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1249
1250	typedef struct _MEMORY_SECTION_NAME
1251	{
1252	UNICODE_STRING SectionFileName;
1253	WCHAR NameBuffer[1];
1254	} MEMORY_SECTION_NAME;
1255
1256	#ifdef IPRT_NT_USE_WINTERNL
1257	typedef struct _PROCESS_BASIC_INFORMATION
1258	{
1259	NTSTATUS ExitStatus;
1260	PPEB PebBaseAddress;
1261	ULONG_PTR AffinityMask;
1262	int32_t BasePriority;
1263	ULONG_PTR UniqueProcessId;
1264	ULONG_PTR InheritedFromUniqueProcessId;
1265	} PROCESS_BASIC_INFORMATION;
1266	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1267	#endif
1268
1269	typedef enum _PROCESSINFOCLASS
1270	{
1271	ProcessBasicInformation = 0,
1272	ProcessQuotaLimits,
1273	ProcessIoCounters,
1274	ProcessVmCounters,
1275	ProcessTimes,
1276	ProcessBasePriority,
1277	ProcessRaisePriority,
1278	ProcessDebugPort,
1279	ProcessExceptionPort,
1280	ProcessAccessToken,
1281	ProcessLdtInformation,
1282	ProcessLdtSize,
1283	ProcessDefaultHardErrorMode,
1284	ProcessIoPortHandlers,
1285	ProcessPooledUsageAndLimits,
1286	ProcessWorkingSetWatch,
1287	ProcessUserModeIOPL,
1288	ProcessEnableAlignmentFaultFixup,
1289	ProcessPriorityClass,
1290	ProcessWx86Information,
1291	ProcessHandleCount,
1292	ProcessAffinityMask,
1293	ProcessPriorityBoost,
1294	ProcessDeviceMap,
1295	ProcessSessionInformation,
1296	ProcessForegroundInformation,
1297	ProcessWow64Information,
1298	ProcessImageFileName,
1299	ProcessLUIDDeviceMapsEnabled,
1300	ProcessBreakOnTermination,
1301	ProcessDebugObjectHandle,
1302	ProcessDebugFlags,
1303	ProcessHandleTracing,
1304	ProcessIoPriority,
1305	ProcessExecuteFlags,
1306	ProcessTlsInformation,
1307	ProcessCookie,
1308	ProcessImageInformation,
1309	ProcessCycleTime,
1310	ProcessPagePriority,
1311	ProcessInstrumentationCallbak,
1312	ProcessThreadStackAllocation,
1313	ProcessWorkingSetWatchEx,
1314	ProcessImageFileNameWin32,
1315	ProcessImageFileMapping,
1316	ProcessAffinityUpdateMode,
1317	ProcessMemoryAllocationMode,
1318	ProcessGroupInformation,
1319	ProcessTokenVirtualizationEnabled,
1320	ProcessConsoleHostProcess,
1321	ProcessWindowsInformation,
1322	MaxProcessInfoClass
1323	} PROCESSINFOCLASS;
1324	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1325
1326	typedef enum _THREADINFOCLASS
1327	{
1328	ThreadBasicInformation = 0,
1329	ThreadTimes,
1330	ThreadPriority,
1331	ThreadBasePriority,
1332	ThreadAffinityMask,
1333	ThreadImpersonationToken,
1334	ThreadDescriptorTableEntry,
1335	ThreadEnableAlignmentFaultFixup,
1336	ThreadEventPair_Reusable,
1337	ThreadQuerySetWin32StartAddress,
1338	ThreadZeroTlsCell,
1339	ThreadPerformanceCount,
1340	ThreadAmILastThread,
1341	ThreadIdealProcessor,
1342	ThreadPriorityBoost,
1343	ThreadSetTlsArrayAddress,
1344	ThreadIsIoPending,
1345	ThreadHideFromDebugger,
1346	ThreadBreakOnTermination,
1347	ThreadSwitchLegacyState,
1348	ThreadIsTerminated,
1349	ThreadLastSystemCall,
1350	ThreadIoPriority,
1351	ThreadCycleTime,
1352	ThreadPagePriority,
1353	ThreadActualBasePriority,
1354	ThreadTebInformation,
1355	ThreadCSwitchMon,
1356	ThreadCSwitchPmu,
1357	ThreadWow64Context,
1358	ThreadGroupInformation,
1359	ThreadUmsInformation,
1360	ThreadCounterProfiling,
1361	ThreadIdealProcessorEx,
1362	ThreadCpuAccountingInformation,
1363	MaxThreadInfoClass
1364	} THREADINFOCLASS;
1365	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1366
1367	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1368
1369	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1370	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1371
1372	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1373	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1374
1375	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1376	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1377	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1378	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1379	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1380	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1381	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1382	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1383	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1384
1385	#endif /* IPRT_NT_USE_WINTERNL */
1386
1387	typedef enum _OBJECT_INFORMATION_CLASS
1388	{
1389	ObjectBasicInformation = 0,
1390	ObjectNameInformation,
1391	ObjectTypeInformation,
1392	ObjectAllInformation,
1393	ObjectDataInformation
1394	} OBJECT_INFORMATION_CLASS;
1395	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1396	#ifdef IN_RING0
1397	# define NtQueryObject ZwQueryObject
1398	#endif
1399	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1400	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1401	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1402
1403	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1404
1405	typedef struct _OBJECT_DIRECTORY_INFORMATION
1406	{
1407	UNICODE_STRING Name;
1408	UNICODE_STRING TypeName;
1409	} OBJECT_DIRECTORY_INFORMATION;
1410	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1411	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1412
1413	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1414	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1415	/** @name ProcessDefaultHardErrorMode bit definitions.
1416	* @{ */
1417	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1418	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1419	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1420	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1421	/** @} */
1422	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1423	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1424
1425	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1426	typedef struct _SECTION_IMAGE_INFORMATION
1427	{
1428	PVOID TransferAddress;
1429	ULONG ZeroBits;
1430	SIZE_T MaximumStackSize;
1431	SIZE_T CommittedStackSize;
1432	ULONG SubSystemType;
1433	union
1434	{
1435	struct
1436	{
1437	USHORT SubSystemMinorVersion;
1438	USHORT SubSystemMajorVersion;
1439	};
1440	ULONG SubSystemVersion;
1441	};
1442	ULONG GpValue;
1443	USHORT ImageCharacteristics;
1444	USHORT DllCharacteristics;
1445	USHORT Machine;
1446	BOOLEAN ImageContainsCode;
1447	union /*< Since Vista, used to be a spare BOOLEAN. /
1448	{
1449	struct
1450	{
1451	UCHAR ComPlusNativeRead : 1;
1452	UCHAR ComPlusILOnly : 1;
1453	UCHAR ImageDynamicallyRelocated : 1;
1454	UCHAR ImageMAppedFlat : 1;
1455	UCHAR Reserved : 4;
1456	};
1457	UCHAR ImageFlags;
1458	};
1459	ULONG LoaderFlags;
1460	ULONG ImageFileSize; /*< Since XP? /
1461	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1462	} SECTION_IMAGE_INFORMATION;
1463	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1464
1465	typedef enum _SECTION_INFORMATION_CLASS
1466	{
1467	SectionBasicInformation = 0,
1468	SectionImageInformation,
1469	MaxSectionInfoClass
1470	} SECTION_INFORMATION_CLASS;
1471	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1472
1473	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1474	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1475	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1476	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1477	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1478	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1479
1480
1481	#ifndef SEC_FILE
1482	# define SEC_FILE UINT32_C(0x00800000)
1483	#endif
1484	#ifndef SEC_IMAGE
1485	# define SEC_IMAGE UINT32_C(0x01000000)
1486	#endif
1487	#ifndef SEC_PROTECTED_IMAGE
1488	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1489	#endif
1490	#ifndef SEC_NOCACHE
1491	# define SEC_NOCACHE UINT32_C(0x10000000)
1492	#endif
1493	#ifndef MEM_ROTATE
1494	# define MEM_ROTATE UINT32_C(0x00800000)
1495	#endif
1496	typedef enum _MEMORY_INFORMATION_CLASS
1497	{
1498	MemoryBasicInformation = 0,
1499	MemoryWorkingSetList,
1500	MemorySectionName,
1501	MemoryBasicVlmInformation
1502	} MEMORY_INFORMATION_CLASS;
1503	#ifdef IN_RING0
1504	typedef struct _MEMORY_BASIC_INFORMATION
1505	{
1506	PVOID BaseAddress;
1507	PVOID AllocationBase;
1508	ULONG AllocationProtect;
1509	SIZE_T RegionSize;
1510	ULONG State;
1511	ULONG Protect;
1512	ULONG Type;
1513	} MEMORY_BASIC_INFORMATION;
1514	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1515	# define NtQueryVirtualMemory ZwQueryVirtualMemory
1516	#endif
1517	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1518	#ifdef IPRT_NT_USE_WINTERNL
1519	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1520	#endif
1521	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1522	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1523
1524	typedef enum _SYSTEM_INFORMATION_CLASS
1525	{
1526	SystemBasicInformation = 0,
1527	SystemCpuInformation,
1528	SystemPerformanceInformation,
1529	SystemTimeOfDayInformation,
1530	SystemInformation_Unknown_4,
1531	SystemProcessInformation,
1532	SystemInformation_Unknown_6,
1533	SystemInformation_Unknown_7,
1534	SystemProcessorPerformanceInformation,
1535	SystemInformation_Unknown_9,
1536	SystemInformation_Unknown_10,
1537	SystemModuleInformation,
1538	SystemInformation_Unknown_12,
1539	SystemInformation_Unknown_13,
1540	SystemInformation_Unknown_14,
1541	SystemInformation_Unknown_15,
1542	SystemHandleInformation,
1543	SystemInformation_Unknown_17,
1544	SystemPageFileInformation,
1545	SystemInformation_Unknown_19,
1546	SystemInformation_Unknown_20,
1547	SystemCacheInformation,
1548	SystemInformation_Unknown_22,
1549	SystemInterruptInformation,
1550	SystemDpcBehaviourInformation,
1551	SystemFullMemoryInformation,
1552	SystemLoadGdiDriverInformation, /* 26 */
1553	SystemUnloadGdiDriverInformation, /* 27 */
1554	SystemTimeAdjustmentInformation,
1555	SystemSummaryMemoryInformation,
1556	SystemInformation_Unknown_30,
1557	SystemInformation_Unknown_31,
1558	SystemInformation_Unknown_32,
1559	SystemExceptionInformation,
1560	SystemCrashDumpStateInformation,
1561	SystemKernelDebuggerInformation,
1562	SystemContextSwitchInformation,
1563	SystemRegistryQuotaInformation,
1564	SystemInformation_Unknown_38,
1565	SystemInformation_Unknown_39,
1566	SystemInformation_Unknown_40,
1567	SystemInformation_Unknown_41,
1568	SystemInformation_Unknown_42,
1569	SystemInformation_Unknown_43,
1570	SystemCurrentTimeZoneInformation,
1571	SystemLookasideInformation,
1572	SystemSetTimeSlipEvent,
1573	SystemCreateSession,
1574	SystemDeleteSession,
1575	SystemInformation_Unknown_49,
1576	SystemRangeStartInformation,
1577	SystemVerifierInformation,
1578	SystemInformation_Unknown_52,
1579	SystemSessionProcessInformation,
1580	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1581	SystemInformation_Unknown_55,
1582	SystemInformation_Unknown_56,
1583	SystemExtendedProcessInformation,
1584	SystemInformation_Unknown_58,
1585	SystemInformation_Unknown_59,
1586	SystemInformation_Unknown_60,
1587	SystemInformation_Unknown_61,
1588	SystemInformation_Unknown_62,
1589	SystemInformation_Unknown_63,
1590	SystemExtendedHandleInformation, /* 64 */
1591
1592	/** @todo fill gap. they've added a whole bunch of things */
1593	SystemPolicyInformation = 134,
1594	SystemInformationClassMax
1595	} SYSTEM_INFORMATION_CLASS;
1596
1597	#ifdef IPRT_NT_USE_WINTERNL
1598	typedef struct _VM_COUNTERS
1599	{
1600	SIZE_T PeakVirtualSize;
1601	SIZE_T VirtualSize;
1602	ULONG PageFaultCount;
1603	SIZE_T PeakWorkingSetSize;
1604	SIZE_T WorkingSetSize;
1605	SIZE_T QuotaPeakPagedPoolUsage;
1606	SIZE_T QuotaPagedPoolUsage;
1607	SIZE_T QuotaPeakNonPagedPoolUsage;
1608	SIZE_T QuotaNonPagedPoolUsage;
1609	SIZE_T PagefileUsage;
1610	SIZE_T PeakPagefileUsage;
1611	} VM_COUNTERS;
1612	typedef VM_COUNTERS *PVM_COUNTERS;
1613	#endif
1614
1615	#if 0
1616	typedef struct _IO_COUNTERS
1617	{
1618	ULONGLONG ReadOperationCount;
1619	ULONGLONG WriteOperationCount;
1620	ULONGLONG OtherOperationCount;
1621	ULONGLONG ReadTransferCount;
1622	ULONGLONG WriteTransferCount;
1623	ULONGLONG OtherTransferCount;
1624	} IO_COUNTERS;
1625	typedef IO_COUNTERS *PIO_COUNTERS;
1626	#endif
1627
1628	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1629	{
1630	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
1631	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
1632	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
1633	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
1634	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
1635	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
1636	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
1637	int32_t BasePriority; /*< 0x40 / 0x48 /
1638	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
1639	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
1640	ULONG HandleCount; /*< 0x4c / 0x60 /
1641	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
1642	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
1643	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
1644	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
1645	/* After this follows the threads, then the ProcessName.Buffer. */
1646	} RTNT_SYSTEM_PROCESS_INFORMATION;
1647	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1648	#ifndef IPRT_NT_USE_WINTERNL
1649	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1650	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1651	#endif
1652
1653	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1654	{
1655	USHORT UniqueProcessId;
1656	USHORT CreatorBackTraceIndex;
1657	UCHAR ObjectTypeIndex;
1658	UCHAR HandleAttributes;
1659	USHORT HandleValue;
1660	PVOID Object;
1661	ULONG GrantedAccess;
1662	} SYSTEM_HANDLE_ENTRY_INFO;
1663	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1664
1665	/** Returned by SystemHandleInformation */
1666	typedef struct _SYSTEM_HANDLE_INFORMATION
1667	{
1668	ULONG NumberOfHandles;
1669	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1670	} SYSTEM_HANDLE_INFORMATION;
1671	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1672
1673	/** Extended handle information entry.
1674	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1675	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1676	{
1677	PVOID Object;
1678	HANDLE UniqueProcessId;
1679	HANDLE HandleValue;
1680	ACCESS_MASK GrantedAccess;
1681	USHORT CreatorBackTraceIndex;
1682	USHORT ObjectTypeIndex;
1683	ULONG HandleAttributes;
1684	ULONG Reserved;
1685	} SYSTEM_HANDLE_ENTRY_INFO_EX;
1686	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
1687
1688	/** Returned by SystemExtendedHandleInformation. */
1689	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1690	{
1691	ULONG_PTR NumberOfHandles;
1692	ULONG_PTR Reserved;
1693	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
1694	} SYSTEM_HANDLE_INFORMATION_EX;
1695	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
1696
1697	/** Input to SystemSessionProcessInformation. */
1698	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1699	{
1700	ULONG SessionId;
1701	ULONG BufferLength;
1702	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
1703	PVOID Buffer;
1704	} SYSTEM_SESSION_PROCESS_INFORMATION;
1705	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
1706
1707	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1708
1709	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
1710	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
1711	#ifndef IPRT_NT_USE_WINTERNL
1712	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
1713	#endif
1714	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
1715	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
1716
1717	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
1718
1719
1720	#ifdef IPRT_NT_USE_WINTERNL
1721	/** For NtQueryValueKey. */
1722	typedef enum _KEY_VALUE_INFORMATION_CLASS
1723	{
1724	KeyValueBasicInformation = 0,
1725	KeyValueFullInformation,
1726	KeyValuePartialInformation,
1727	KeyValueFullInformationAlign64,
1728	KeyValuePartialInformationAlign64
1729	} KEY_VALUE_INFORMATION_CLASS;
1730
1731	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
1732	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
1733	{
1734	ULONG TitleIndex;
1735	ULONG Type;
1736	ULONG DataLength;
1737	UCHAR Data[1];
1738	} KEY_VALUE_PARTIAL_INFORMATION;
1739	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
1740	#endif
1741	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1742	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1743
1744
1745	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
1746
1747
1748	typedef struct _CURDIR
1749	{
1750	UNICODE_STRING DosPath;
1751	HANDLE Handle;
1752	} CURDIR;
1753	typedef CURDIR *PCURDIR;
1754
1755	typedef struct _RTL_DRIVE_LETTER_CURDIR
1756	{
1757	USHORT Flags;
1758	USHORT Length;
1759	ULONG TimeStamp;
1760	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
1761	} RTL_DRIVE_LETTER_CURDIR;
1762	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
1763
1764	typedef struct _RTL_USER_PROCESS_PARAMETERS
1765	{
1766	ULONG MaximumLength;
1767	ULONG Length;
1768	ULONG Flags;
1769	ULONG DebugFlags;
1770	HANDLE ConsoleHandle;
1771	ULONG ConsoleFlags;
1772	HANDLE StandardInput;
1773	HANDLE StandardOutput;
1774	HANDLE StandardError;
1775	CURDIR CurrentDirectory;
1776	UNICODE_STRING DllPath;
1777	UNICODE_STRING ImagePathName;
1778	UNICODE_STRING CommandLine;
1779	PWSTR Environment;
1780	ULONG StartingX;
1781	ULONG StartingY;
1782	ULONG CountX;
1783	ULONG CountY;
1784	ULONG CountCharsX;
1785	ULONG CountCharsY;
1786	ULONG FillAttribute;
1787	ULONG WindowFlags;
1788	ULONG ShowWindowFlags;
1789	UNICODE_STRING WindowTitle;
1790	UNICODE_STRING DesktopInfo;
1791	UNICODE_STRING ShellInfo;
1792	UNICODE_STRING RuntimeInfo;
1793	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
1794	SIZE_T EnvironmentSize; /*< Added in Vista /
1795	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
1796	PVOID PackageDependencyData; /*< Added Windows 8? /
1797	ULONG ProcessGroupId; /*< Added Windows 8? /
1798	} RTL_USER_PROCESS_PARAMETERS;
1799	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
1800	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
1801
1802	typedef struct _RTL_USER_PROCESS_INFORMATION
1803	{
1804	ULONG Size;
1805	HANDLE ProcessHandle;
1806	HANDLE ThreadHandle;
1807	CLIENT_ID ClientId;
1808	SECTION_IMAGE_INFORMATION ImageInformation;
1809	} RTL_USER_PROCESS_INFORMATION;
1810	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
1811
1812
1813	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
1814	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
1815	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
1816	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
1817	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
1818	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
1819	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
1820	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
1821	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
1822	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
1823
1824	RT_C_DECLS_END
1825	/** @} */
1826
1827
1828	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
1829	/** @name NT Kernel APIs
1830	* @{ */
1831	RT_C_DECLS_BEGIN
1832
1833	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
1834	PVOID pvOptionalConditions, PHANDLE phFound);
1835	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
1836	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
1837	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
1838	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
1839	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
1840	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
1841	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
1842	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
1843	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
1844
1845	RT_C_DECLS_END
1846	/** @ */
1847	#endif /* IN_RING0 */
1848
1849
1850	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
1851	/** @name NT Userland APIs
1852	* @{ */
1853	RT_C_DECLS_BEGIN
1854
1855	#if 0 /** @todo figure this out some time... */
1856	typedef struct CSR_MSG_DATA_CREATED_PROCESS
1857	{
1858	HANDLE hProcess;
1859	HANDLE hThread;
1860	CLIENT_ID
1861	DWORD idProcess;
1862	DWORD idThread;
1863	DWORD fCreate;
1864
1865	} CSR_MSG_DATA_CREATED_PROCESS;
1866
1867	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
1868	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
1869	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
1870	#endif
1871	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
1872	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
1873
1874	RT_C_DECLS_END
1875	/** @} */
1876	#endif /* IN_RING3 */
1877
1878	#endif
1879

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 52403

Download in other formats: