VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 66867

Last change on this file since 66867 was 66823, checked in by vboxsync, 8 years ago

include/iprt: Adjustments for Visual C++ v12 / Visual Studio 2013. Most to do with using SDK 7.1 and sal_supp.h there clashing slightly with a related compiler include.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 126.2 KB
Line 
1/* $Id: nt.h 66823 2017-05-08 16:51:09Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43# define NtQuerySystemInformation ZwQuerySystemInformation
44# define NtQuerySecurityObject ZwQuerySecurityObject
45# define NtSetInformationFile ZwSetInformationFile
46# define NtClose ZwClose
47# define NtCreateFile ZwCreateFile
48# define NtReadFile ZwReadFile
49# define NtWriteFile ZwWriteFile
50# define NtFlushBuffersFile ZwFlushBuffersFile
51/** @todo this is very incomplete! */
52#endif
53
54#include <ntstatus.h>
55
56/*
57 * Hacks common to both base header sets.
58 */
59#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60#define NtQueryObject Incomplete_NtQueryObject
61#define ZwQueryObject Incomplete_ZwQueryObject
62#define NtSetInformationObject Incomplete_NtSetInformationObject
63#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67#define _PEB Incomplete__PEB
68#define PEB Incomplete_PEB
69#define PPEB Incomplete_PPEB
70#define _TEB Incomplete__TEB
71#define TEB Incomplete_TEB
72#define PTEB Incomplete_PTEB
73#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82#ifdef IPRT_NT_USE_WINTERNL
83/*
84 * Use Winternl.h.
85 */
86# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129# pragma warning(push)
130# pragma warning(disable: 4668)
131# define WIN32_NO_STATUS
132# include <windef.h>
133# include <winnt.h>
134# include <winternl.h>
135# undef WIN32_NO_STATUS
136# include <ntstatus.h>
137# pragma warning(pop)
138
139
140# undef _FILE_INFORMATION_CLASS
141# undef FILE_INFORMATION_CLASS
142# undef FileDirectoryInformation
143
144# undef NtQueryInformationProcess
145# undef NtSetInformationProcess
146# undef PROCESSINFOCLASS
147# undef _PROCESSINFOCLASS
148# undef PROCESS_BASIC_INFORMATION
149# undef PPROCESS_BASIC_INFORMATION
150# undef _PROCESS_BASIC_INFORMATION
151# undef ProcessBasicInformation
152# undef ProcessDebugPort
153# undef ProcessWow64Information
154# undef ProcessImageFileName
155# undef ProcessBreakOnTermination
156
157# undef RTL_USER_PROCESS_PARAMETERS
158# undef PRTL_USER_PROCESS_PARAMETERS
159# undef _RTL_USER_PROCESS_PARAMETERS
160
161# undef NtQueryInformationThread
162# undef NtSetInformationThread
163# undef THREADINFOCLASS
164# undef _THREADINFOCLASS
165# undef ThreadIsIoPending
166
167# undef NtQuerySystemInformation
168# undef NtSetSystemInformation
169# undef SYSTEM_INFORMATION_CLASS
170# undef _SYSTEM_INFORMATION_CLASS
171# undef SystemBasicInformation
172# undef SystemPerformanceInformation
173# undef SystemTimeOfDayInformation
174# undef SystemProcessInformation
175# undef SystemProcessorPerformanceInformation
176# undef SystemInterruptInformation
177# undef SystemExceptionInformation
178# undef SystemRegistryQuotaInformation
179# undef SystemLookasideInformation
180# undef SystemPolicyInformation
181
182#else
183/*
184 * Use ntifs.h and wdm.h.
185 */
186# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
187# define FORCEINLINE static __forceinline
188# else
189# define FORCEINLINE static __inline
190# endif
191
192# pragma warning(push)
193# ifdef RT_ARCH_X86
194# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
195# pragma warning(disable: 4163)
196# endif
197# pragma warning(disable: 4668)
198# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
199# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
200# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
201# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
202# endif
203
204# include <ntifs.h>
205# include <wdm.h>
206
207# ifdef RT_ARCH_X86
208# undef _InterlockedAddLargeStatistic
209# endif
210# pragma warning(pop)
211
212# define IPRT_NT_NEED_API_GROUP_NTIFS
213#endif
214
215#undef RtlFreeUnicodeString
216#undef NtQueryObject
217#undef ZwQueryObject
218#undef NtSetInformationObject
219#undef _OBJECT_INFORMATION_CLASS
220#undef OBJECT_INFORMATION_CLASS
221#undef ObjectBasicInformation
222#undef ObjectTypeInformation
223#undef _PEB
224#undef PEB
225#undef PPEB
226#undef _TEB
227#undef TEB
228#undef PTEB
229#undef _PEB_LDR_DATA
230#undef PEB_LDR_DATA
231#undef PPEB_LDR_DATA
232#undef _KUSER_SHARED_DATA
233#undef KUSER_SHARED_DATA
234#undef PKUSER_SHARED_DATA
235
236
237#include <iprt/types.h>
238#include <iprt/assert.h>
239
240
241/** @name Useful macros
242 * @{ */
243/** Indicates that we're targeting native NT in the current source. */
244#define RTNT_USE_NATIVE_NT 1
245/** Initializes a IO_STATUS_BLOCK. */
246#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
247/** Reinitializes a IO_STATUS_BLOCK. */
248#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
249 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
250/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
251#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
252/** Constant UNICODE_STRING initializer. */
253#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
254/** @} */
255
256
257/** @name IPRT helper functions for NT
258 * @{ */
259RT_C_DECLS_BEGIN
260
261RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
262 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
263 PHANDLE phHandle, PULONG_PTR puDisposition);
264RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
265 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
266RTDECL(int) RTNtPathClose(HANDLE hHandle);
267
268/**
269 * Converts a windows-style path to NT format and encoding.
270 *
271 * @returns IPRT status code.
272 * @param pNtName Where to return the NT name. Free using
273 * RTNtPathFree.
274 * @param phRootDir Where to return the root handle, if applicable.
275 * @param pszPath The UTF-8 path.
276 */
277RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
278
279/**
280 * Converts a UTF-16 windows-style path to NT format.
281 *
282 * @returns IPRT status code.
283 * @param pNtName Where to return the NT name. Free using
284 * RTNtPathFree.
285 * @param phRootDir Where to return the root handle, if applicable.
286 * @param pwszPath The UTF-16 windows-style path.
287 * @param cwcPath The max length of the windows-style path in
288 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
289 * pwszPath is correctly terminated.
290 */
291RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
292
293/**
294 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
295 * chars plus a terminator.
296 *
297 * The NT string must have been returned by RTNtPathFromWinUtf8 or
298 * RTNtPathFromWinUtf16Ex.
299 *
300 * @returns IPRT status code.
301 * @param pNtName The NT path string.
302 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
303 * @sa RTNtPathFree
304 */
305RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
306
307/**
308 * Frees the native path and root handle.
309 *
310 * @param pNtName The NT path from a successful call to
311 * RTNtPathFromWinUtf8 or RTNtPathFromWinUtf16Ex.
312 * @param phRootDir The root handle variable from the same call.
313 */
314RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
315
316
317/**
318 * Checks whether the path could be containing alternative 8.3 names generated
319 * by NTFS, FAT, or other similar file systems.
320 *
321 * @returns Pointer to the first component that might be an 8.3 name, NULL if
322 * not 8.3 path.
323 * @param pwszPath The path to check.
324 *
325 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
326 * however, non-tilde 8.3 aliases are probably rare enough to not be
327 * worth all the extra code necessary to open each path component and
328 * check if we've got the short name or not.
329 */
330RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
331
332/**
333 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
334 * components.
335 *
336 * The path is fixed up in place. Errors are ignored.
337 *
338 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
339 * indicating the nature of last problem we ran into.
340 *
341 * @param pUniStr The path to fix up. MaximumLength is the max buffer
342 * length.
343 * @param fPathOnly Whether to only process the path and leave the filename
344 * as passed in.
345 */
346RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
347
348
349RT_C_DECLS_END
350/** @} */
351
352
353/** @name NT API delcarations.
354 * @{ */
355RT_C_DECLS_BEGIN
356
357/** @name Process access rights missing in ntddk headers
358 * @{ */
359#ifndef PROCESS_TERMINATE
360# define PROCESS_TERMINATE UINT32_C(0x00000001)
361#endif
362#ifndef PROCESS_CREATE_THREAD
363# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
364#endif
365#ifndef PROCESS_SET_SESSIONID
366# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
367#endif
368#ifndef PROCESS_VM_OPERATION
369# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
370#endif
371#ifndef PROCESS_VM_READ
372# define PROCESS_VM_READ UINT32_C(0x00000010)
373#endif
374#ifndef PROCESS_VM_WRITE
375# define PROCESS_VM_WRITE UINT32_C(0x00000020)
376#endif
377#ifndef PROCESS_DUP_HANDLE
378# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
379#endif
380#ifndef PROCESS_CREATE_PROCESS
381# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
382#endif
383#ifndef PROCESS_SET_QUOTA
384# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
385#endif
386#ifndef PROCESS_SET_INFORMATION
387# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
388#endif
389#ifndef PROCESS_QUERY_INFORMATION
390# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
391#endif
392#ifndef PROCESS_SUSPEND_RESUME
393# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
394#endif
395#ifndef PROCESS_QUERY_LIMITED_INFORMATION
396# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
397#endif
398#ifndef PROCESS_SET_LIMITED_INFORMATION
399# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
400#endif
401#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
402#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
403#ifndef PROCESS_ALL_ACCESS
404# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
405#endif
406/** @} */
407
408/** @name Thread access rights missing in ntddk headers
409 * @{ */
410#ifndef THREAD_QUERY_INFORMATION
411# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
412#endif
413#ifndef THREAD_SET_THREAD_TOKEN
414# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
415#endif
416#ifndef THREAD_IMPERSONATE
417# define THREAD_IMPERSONATE UINT32_C(0x00000100)
418#endif
419#ifndef THREAD_DIRECT_IMPERSONATION
420# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
421#endif
422#ifndef THREAD_RESUME
423# define THREAD_RESUME UINT32_C(0x00001000)
424#endif
425#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
426#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
427#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
428/** @} */
429
430/** @name Special handle values.
431 * @{ */
432#ifndef NtCurrentProcess
433# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
434#endif
435#ifndef NtCurrentThread
436# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
437#endif
438#ifndef ZwCurrentProcess
439# define ZwCurrentProcess() NtCurrentProcess()
440#endif
441#ifndef ZwCurrentThread
442# define ZwCurrentThread() NtCurrentThread()
443#endif
444/** @} */
445
446
447/** @name Directory object access rights.
448 * @{ */
449#ifndef DIRECTORY_QUERY
450# define DIRECTORY_QUERY UINT32_C(0x00000001)
451#endif
452#ifndef DIRECTORY_TRAVERSE
453# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
454#endif
455#ifndef DIRECTORY_CREATE_OBJECT
456# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
457#endif
458#ifndef DIRECTORY_CREATE_SUBDIRECTORY
459# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
460#endif
461#ifndef DIRECTORY_ALL_ACCESS
462# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
463#endif
464/** @} */
465
466
467
468#ifdef IPRT_NT_USE_WINTERNL
469typedef struct _CLIENT_ID
470{
471 HANDLE UniqueProcess;
472 HANDLE UniqueThread;
473} CLIENT_ID;
474typedef CLIENT_ID *PCLIENT_ID;
475#endif
476
477/** Extended affinity type, introduced in Windows 7 (?). */
478typedef struct _KAFFINITY_EX
479{
480 /** Count of valid bitmap entries. */
481 uint16_t Count;
482 /** Count of allocated bitmap entries. */
483 uint16_t Size;
484 /** Reserved / aligmment padding. */
485 uint32_t Reserved;
486 /** Bitmap where one bit corresponds to a CPU. */
487 uintptr_t Bitmap[20];
488} KAFFINITY_EX;
489typedef KAFFINITY_EX *PKAFFINITY_EX;
490typedef KAFFINITY_EX const *PCKAFFINITY_EX;
491
492/** @name User Shared Data
493 * @{ */
494
495#ifdef IPRT_NT_USE_WINTERNL
496typedef struct _KSYSTEM_TIME
497{
498 ULONG LowPart;
499 LONG High1Time;
500 LONG High2Time;
501} KSYSTEM_TIME;
502typedef KSYSTEM_TIME *PKSYSTEM_TIME;
503
504typedef enum _NT_PRODUCT_TYPE
505{
506 NtProductWinNt = 1,
507 NtProductLanManNt,
508 NtProductServer
509} NT_PRODUCT_TYPE;
510
511#define PROCESSOR_FEATURE_MAX 64
512
513typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
514{
515 StandardDesign = 0,
516 NEC98x86,
517 EndAlternatives
518} ALTERNATIVE_ARCHITECTURE_TYPE;
519
520# if 0
521typedef struct _XSTATE_FEATURE
522{
523 ULONG Offset;
524 ULONG Size;
525} XSTATE_FEATURE;
526typedef XSTATE_FEATURE *PXSTATE_FEATURE;
527
528#define MAXIMUM_XSTATE_FEATURES 64
529
530typedef struct _XSTATE_CONFIGURATION
531{
532 ULONG64 EnabledFeatures;
533 ULONG Size;
534 ULONG OptimizedSave : 1;
535 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
536} XSTATE_CONFIGURATION;
537typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
538# endif
539#endif /* IPRT_NT_USE_WINTERNL */
540
541typedef struct _KUSER_SHARED_DATA
542{
543 ULONG TickCountLowDeprecated; /**< 0x000 */
544 ULONG TickCountMultiplier; /**< 0x004 */
545 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
546 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
547 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
548 USHORT ImageNumberLow; /**< 0x02c */
549 USHORT ImageNumberHigh; /**< 0x02e */
550 WCHAR NtSystemRoot[260]; /**< 0x030 */
551 ULONG MaxStackTraceDepth; /**< 0x238 */
552 ULONG CryptoExponent; /**< 0x23c */
553 ULONG TimeZoneId; /**< 0x240 */
554 ULONG LargePageMinimum; /**< 0x244 */
555 ULONG AitSamplingValue; /**< 0x248 */
556 ULONG AppCompatFlag; /**< 0x24c */
557 ULONGLONG RNGSeedVersion; /**< 0x250 */
558 ULONG GlobalValidationRunlevel; /**< 0x258 */
559 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
560 ULONG Reserved2; /**< 0x260 */
561 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
562 BOOLEAN ProductTypeIsValid; /**< 0x268 */
563 BOOLEAN Reserved0[1]; /**< 0x269 */
564 USHORT NativeProcessorArchitecture; /**< 0x26a */
565 ULONG NtMajorVersion; /**< 0x26c */
566 ULONG NtMinorVersion; /**< 0x270 */
567 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
568 ULONG Reserved1; /**< 0x2b4 */
569 ULONG Reserved3; /**< 0x2b8 */
570 ULONG volatile TimeSlip; /**< 0x2bc */
571 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
572 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
573 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
574 ULONG SuiteMask; /**< 0x2d0 */
575 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
576 union /**< 0x2d5 */
577 {
578 UCHAR MitigationPolicies; /**< 0x2d5 */
579 struct
580 {
581 UCHAR NXSupportPolicy : 2;
582 UCHAR SEHValidationPolicy : 2;
583 UCHAR CurDirDevicesSkippedForDlls : 2;
584 UCHAR Reserved : 2;
585 };
586 };
587 UCHAR Reserved6[2]; /**< 0x2d6 */
588 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
589 ULONG volatile DismountCount; /**< 0x2dc */
590 ULONG ComPlusPackage; /**< 0x2e0 */
591 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
592 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
593 BOOLEAN SafeBootMode; /**< 0x2ec */
594 UCHAR Reserved12[3]; /**< 0x2ed */
595 union /**< 0x2f0 */
596 {
597 ULONG SharedDataFlags; /**< 0x2f0 */
598 struct
599 {
600 ULONG DbgErrorPortPresent : 1;
601 ULONG DbgElevationEnabled : 1;
602 ULONG DbgVirtEnabled : 1;
603 ULONG DbgInstallerDetectEnabled : 1;
604 ULONG DbgLkgEnabled : 1;
605 ULONG DbgDynProcessorEnabled : 1;
606 ULONG DbgConsoleBrokerEnabled : 1;
607 ULONG DbgSecureBootEnabled : 1;
608 ULONG SpareBits : 24;
609 };
610 };
611 ULONG DataFlagsPad[1]; /**< 0x2f4 */
612 ULONGLONG TestRetInstruction; /**< 0x2f8 */
613 LONGLONG QpcFrequency; /**< 0x300 */
614 ULONGLONG SystemCallPad[3]; /**< 0x308 */
615 union /**< 0x320 */
616 {
617 ULONG64 volatile TickCountQuad; /**< 0x320 */
618 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
619 struct /**< 0x320 */
620 {
621 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
622 ULONG TickCountPad[1]; /**< 0x32c */
623 };
624 };
625 ULONG Cookie; /**< 0x330 */
626 ULONG CookiePad[1]; /**< 0x334 */
627 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
628 ULONGLONG TimeUpdateLock; /**< 0x340 */
629 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
630 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
631 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
632 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
633 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
634 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
635 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
636 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
637 UCHAR Reserved8[14]; /**< 0x372 */
638 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
639 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
640 ULONG LangGenerationCount; /**< 0x3a4 */
641 ULONGLONG Reserved4; /**< 0x3a8 */
642 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 */
643 ULONGLONG volatile QpcBias; /**< 0x3b8 */
644 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
645 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
646 UCHAR Reserved9; /**< 0x3c5 */
647 union /**< 0x3c6 */
648 {
649 USHORT QpcData; /**< 0x3c6 */
650 struct /**< 0x3c6 */
651 {
652 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
653 UCHAR QpcShift; /**< 0x3c7 */
654 };
655 };
656 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
657 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
658 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
659} KUSER_SHARED_DATA;
660typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
661AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
662AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
663AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
664AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
665AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
666AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
667AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
668AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
669AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
670/** @def MM_SHARED_USER_DATA_VA
671 * Read only userland mapping of KUSER_SHARED_DATA. */
672#ifndef MM_SHARED_USER_DATA_VA
673# if ARCH_BITS == 32
674# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
675# elif ARCH_BITS == 64
676# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
677# else
678# error "Unsupported/undefined ARCH_BITS value."
679# endif
680#endif
681/** @def KI_USER_SHARED_DATA
682 * Read write kernel mapping of KUSER_SHARED_DATA. */
683#ifndef KI_USER_SHARED_DATA
684# ifdef RT_ARCH_X86
685# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
686# elif defined(RT_ARCH_AMD64)
687# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
688# else
689# error "PORT ME - KI_USER_SHARED_DATA"
690# endif
691#endif
692/** @} */
693
694
695/** @name Process And Thread Environment Blocks
696 * @{ */
697
698typedef struct _PEB_LDR_DATA
699{
700 uint32_t Length;
701 BOOLEAN Initialized;
702 BOOLEAN Padding[3];
703 HANDLE SsHandle;
704 LIST_ENTRY InLoadOrderModuleList;
705 LIST_ENTRY InMemoryOrderModuleList;
706 LIST_ENTRY InInitializationOrderModuleList;
707 /* End NT4 */
708 LIST_ENTRY *EntryInProgress;
709 BOOLEAN ShutdownInProgress;
710 HANDLE ShutdownThreadId;
711} PEB_LDR_DATA;
712typedef PEB_LDR_DATA *PPEB_LDR_DATA;
713
714typedef struct _PEB_COMMON
715{
716 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
717 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
718 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
719 union
720 {
721 uint8_t BitField; /**< 0x003 / 0x003 */
722 struct
723 {
724 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
725 } Common;
726 struct
727 {
728 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
729 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
730 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
731 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
732 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
733 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
734 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
735 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
736 } W81;
737 struct
738 {
739 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
740 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
741 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
742 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
743 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
744 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
745 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
746 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
747 } W80;
748 struct
749 {
750 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
751 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
752 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
753 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
754 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
755 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
756 } W7;
757 struct
758 {
759 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
760 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
761 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
762 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
763 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
764 } W6;
765 struct
766 {
767 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
768 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
769 } W52;
770 struct
771 {
772 BOOLEAN SpareBool;
773 } W51;
774 } Diff0;
775#if ARCH_BITS == 64
776 uint32_t Padding0; /**< 0x004 / NA */
777#endif
778 HANDLE Mutant; /**< 0x008 / 0x004 */
779 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
780 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
781 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
782 PVOID SubSystemData; /**< 0x028 / 0x014 */
783 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
784 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
785 union
786 {
787 struct
788 {
789 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
790 PVOID IFEOKey; /**< 0x048 / 0x024 */
791 union
792 {
793 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
794 struct
795 {
796 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
797 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
798 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
799 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
800 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
801 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
802 } W7, W8, W80, W81;
803 struct
804 {
805 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
806 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
807 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
808 } W6;
809 };
810#if ARCH_BITS == 64
811 uint32_t Padding1; /**< 0x054 / */
812#endif
813 } W6, W7, W8, W80, W81;
814 struct
815 {
816 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
817 PVOID SparePtr2; /**< 0x048 / 0x024 */
818 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
819#if ARCH_BITS == 64
820 uint32_t Padding1; /**< 0x054 / */
821#endif
822 } W52;
823 struct
824 {
825 PVOID FastPebLockRoutine; /**< NA / 0x020 */
826 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
827 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
828 } W51;
829 } Diff1;
830 union
831 {
832 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
833 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
834 };
835 uint32_t SystemReserved; /**< 0x060 / 0x030 */
836 union
837 {
838 struct
839 {
840 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
841 } W7, W8, W80, W81;
842 struct
843 {
844 uint32_t SpareUlong; /**< 0x064 / 0x034 */
845 } W52, W6;
846 struct
847 {
848 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
849 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
850 } W51;
851 } Diff2;
852 union
853 {
854 struct
855 {
856 PVOID ApiSetMap; /**< 0x068 / 0x038 */
857 } W7, W8, W80, W81;
858 struct
859 {
860 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
861 } W52, W6;
862 struct
863 {
864 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
865 } W51;
866 } Diff3;
867 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
868#if ARCH_BITS == 64
869 uint32_t Padding2; /**< 0x074 / NA */
870#endif
871 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
872 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
873 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
874 union
875 {
876 struct
877 {
878 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
879 } W81;
880 struct
881 {
882 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
883 } W6, W7, W80;
884 struct
885 {
886 PVOID ReadOnlySharedMemoryHeap;
887 } W52;
888 } Diff4;
889 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
890 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
891 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
892 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
893 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
894 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
895 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
896 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
897 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
898 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
899 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
900 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
901 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
902 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
903 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
904 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
905 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
906#if ARCH_BITS == 64
907 uint32_t Padding3; /**< 0x10c / NA */
908#endif
909 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
910 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
911 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
912 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
913 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
914 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
915 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
916 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
917 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
918#if ARCH_BITS == 64
919 uint32_t Padding4; /**< 0x134 / NA */
920#endif
921 union
922 {
923 struct
924 {
925 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
926 } W7, W8, W80, W81;
927 struct
928 {
929 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
930 } W52, W6;
931 } Diff5;
932 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
933 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
934 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
935 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
936 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
937#if ARCH_BITS == 64
938 uint32_t Padding5; /**< 0x2c4 / NA */
939#endif
940 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
941 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
942 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
943 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
944 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
945 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
946 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
947 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
948 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
949 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
950 /* End of PEB in W52 (Windows XP (RTM))! */
951 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
952 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
953 PVOID FlsBitmap; /**< 0x338 / 0x218 */
954 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
955 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
956 /* End of PEB in W52 (Windows Server 2003)! */
957 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
958 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
959 /* End of PEB in W6 (windows Vista)! */
960 union
961 {
962 struct
963 {
964 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
965 } W8, W80, W81;
966 struct
967 {
968 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
969 } W7;
970 } Diff6;
971 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
972 union
973 {
974 uint32_t TracingFlags; /**< 0x378 / 0x240 */
975 struct
976 {
977 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
978 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
979 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
980 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
981 } W8, W80, W81;
982 struct
983 {
984 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
985 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
986 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
987 } W7;
988 } Diff7;
989#if ARCH_BITS == 64
990 uint32_t Padding6; /**< 0x37c / NA */
991#endif
992 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
993 /* End of PEB in W8, W81. */
994 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
995 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
996 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
997#if ARCH_BITS == 32
998 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
999#endif
1000} PEB_COMMON;
1001typedef PEB_COMMON *PPEB_COMMON;
1002
1003AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1004AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1005AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1006AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1007AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1008AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1009AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1010AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1011AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1012
1013/** The size of the windows 10 (build 14393) PEB structure. */
1014#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1015/** The size of the windows 8.1 PEB structure. */
1016#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1017/** The size of the windows 8.0 PEB structure. */
1018#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1019/** The size of the windows 7 PEB structure. */
1020#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1021/** The size of the windows vista PEB structure. */
1022#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1023/** The size of the windows server 2003 PEB structure. */
1024#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1025/** The size of the windows XP PEB structure. */
1026#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1027
1028#if 0
1029typedef struct _NT_TIB
1030{
1031 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1032 PVOID StackBase;
1033 PVOID StackLimit;
1034 PVOID SubSystemTib;
1035 union
1036 {
1037 PVOID FiberData;
1038 ULONG Version;
1039 };
1040 PVOID ArbitraryUserPointer;
1041 struct _NT_TIB *Self;
1042} NT_TIB;
1043typedef NT_TIB *PNT_TIB;
1044#endif
1045
1046typedef struct _ACTIVATION_CONTEXT_STACK
1047{
1048 uint32_t Flags;
1049 uint32_t NextCookieSequenceNumber;
1050 PVOID ActiveFrame;
1051 LIST_ENTRY FrameListCache;
1052} ACTIVATION_CONTEXT_STACK;
1053
1054/* Common TEB. */
1055typedef struct _TEB_COMMON
1056{
1057 NT_TIB NtTib; /**< 0x000 / 0x000 */
1058 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1059 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1060 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1061 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1062 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1063 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1064 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1065 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1066 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1067 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1068 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1069 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1070 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1071 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1072 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1073 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1074#if ARCH_BITS == 64
1075 uint32_t Padding0; /**< 0x2c4 / NA */
1076#endif
1077 union
1078 {
1079 struct
1080 {
1081 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1082 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1083 } W52, W6, W7, W8, W80, W81;
1084#if ARCH_BITS == 32
1085 struct
1086 {
1087 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1088 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1089 } W51;
1090#endif
1091 } Diff0;
1092 union
1093 {
1094 struct
1095 {
1096 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1097 } W6, W7, W8, W80, W81;
1098 struct
1099 {
1100 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1101 } W52;
1102 } Diff1;
1103#if ARCH_BITS == 64
1104 uint32_t Padding1; /**< 0x2ec / NA */
1105#endif
1106 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1107 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1108 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1109 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1110 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1111 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1112 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1113 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1114 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1115 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1116 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1117 PVOID glSection; /**< 0x1230 / 0xbe4 */
1118 PVOID glTable; /**< 0x1238 / 0xbe8 */
1119 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1120 PVOID glContext; /**< 0x1248 / 0xbf0 */
1121 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1122#if ARCH_BITS == 64
1123 uint32_t Padding2; /**< 0x1254 / NA */
1124#endif
1125 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1126 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1127#if ARCH_BITS == 64
1128 WCHAR Padding3[3]; /**< 0x1472 / NA */
1129#endif
1130 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1131 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1132 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1133 PVOID Vdm; /**< 0x1690 / 0xf18 */
1134 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1135 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1136 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1137#if ARCH_BITS == 64
1138 uint32_t Padding4; /**< 0x16b4 / NA */
1139#endif
1140 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1141 union
1142 {
1143 struct
1144 {
1145 GUID ActivityId; /**< 0x1710 / 0xf50 */
1146 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1147 } W6, W7, W8, W80, W81;
1148 struct
1149 {
1150 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1151 } W52;
1152 } Diff2;
1153 union /**< 0x1728 / 0xf64 */
1154 {
1155 struct
1156 {
1157 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1158 } W8, W80, W81;
1159 struct
1160 {
1161 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1162 } W7, W6;
1163 struct
1164 {
1165 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1166 } W52;
1167 struct
1168 {
1169 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1170 } W51;
1171 } Diff3;
1172 union
1173 {
1174 struct
1175 {
1176 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1177 } W52, W6, W7, W8, W80, W81;
1178 struct
1179 {
1180 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1181 } W51;
1182 } Diff4;
1183 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1184 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1185 union
1186 {
1187 union
1188 {
1189 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1190 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1191 struct
1192 {
1193 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1194 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1195 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1196 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1197 };
1198 } W6, W7, W8, W80, W81;
1199 struct
1200 {
1201 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1202 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1203 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1204 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1205 } W51, W52;
1206 } Diff5;
1207 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1208#if ARCH_BITS == 64
1209 uint32_t Padding5; /**< 0x174c / NA */
1210#endif
1211 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1212 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1213 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1214#if ARCH_BITS == 64
1215 uint32_t Padding6; /**< 0x1764 / NA */
1216#endif
1217 union /**< 0x1770 / 0xf8c */
1218 {
1219 struct
1220 {
1221 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1222 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1223 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1224 } W8, W80, W81;
1225 struct
1226 {
1227 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1228 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1229 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1230 } W6, W7;
1231 struct
1232 {
1233 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1234 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1235 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1236 } W52;
1237#if ARCH_BITS == 32
1238 struct _Wx86ThreadState
1239 {
1240 PVOID CallBx86Eip; /**< NA / 0xf88 */
1241 PVOID DeallocationCpu; /**< NA / 0xf8c */
1242 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1243 int8_t OleStubInvoked; /**< NA / 0xf91 */
1244 } W51;
1245#endif
1246 } Diff6;
1247 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1248#if ARCH_BITS == 64
1249 PVOID DallocationBStore; /**< 0x1788 / NA */
1250 PVOID BStoreLimit; /**< 0x1790 / NA */
1251#endif
1252 union
1253 {
1254 struct
1255 {
1256 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1257 } W7, W8, W80, W81;
1258 struct
1259 {
1260 uint32_t ImpersonationLocale;
1261 } W6;
1262 } Diff7;
1263 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1264 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1265 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1266 union /**< 0x17b0 / 0xfa8 */
1267 {
1268 struct
1269 {
1270 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1271 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1272 } W8, W80, W81;
1273 struct
1274 {
1275 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1276 } W7;
1277 } Diff8;
1278#if ARCH_BITS == 64
1279 uint32_t Padding7; /**< 0x17b4 / NA */
1280#endif
1281 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1282 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1283 /* End of TEB in W51 (Windows XP)! */
1284 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1285 union
1286 {
1287 struct
1288 {
1289 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1290 } W6, W7, W8, W80, W81;
1291 struct
1292 {
1293 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1294 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1295 /* End of TEB in W52 (Windows server 2003)! */
1296 } W52;
1297 } Diff9;
1298 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1299 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1300 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1301 union
1302 {
1303 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1304 struct
1305 {
1306 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1307 };
1308 };
1309 union
1310 {
1311 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1312 struct
1313 {
1314 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1315 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1316 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1317 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1318 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1319 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1320 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1321 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1322 } Common;
1323 struct
1324 {
1325 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1326 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1327 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1328 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1329 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1330 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1331 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1332 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1333 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1334 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1335 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1336 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1337 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1338 } W8, W80, W81;
1339 struct
1340 {
1341 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1342 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1343 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1344 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1345 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1346 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1347 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1348 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1349 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1350 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1351 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1352 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1353 } W7;
1354 struct
1355 {
1356 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1357 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1358 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1359 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1360 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1361 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1362 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1363 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1364 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1365 } W6;
1366 } Diff10;
1367 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1368 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1369 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1370 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1371 union
1372 {
1373 struct
1374 {
1375 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1376 } W7, W8, W80, W81;
1377 struct
1378 {
1379 uint32_t ProcessRundown;
1380 } W6;
1381 } Diff11;
1382 union
1383 {
1384 struct
1385 {
1386 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1387 /* End of TEB in W7 (windows 7)! */
1388 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1389 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1390 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1391 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1392 /* End of TEB in W10 14393! */
1393 } W8, W80, W81, W10;
1394 struct
1395 {
1396 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1397 } W7;
1398 struct
1399 {
1400 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1401 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1402 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1403 /* End of TEB in W6 (windows Vista)! */
1404 } W6;
1405 } Diff12;
1406} TEB_COMMON;
1407typedef TEB_COMMON *PTEB_COMMON;
1408AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1409AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1410AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1411AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1412AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1413AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1414AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1415AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1416AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1417AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1418AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1419AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1420AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1421
1422
1423/** The size of the windows 8.1 PEB structure. */
1424#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1425/** The size of the windows 8.1 PEB structure. */
1426#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1427/** The size of the windows 8.0 PEB structure. */
1428#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1429/** The size of the windows 7 PEB structure. */
1430#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1431/** The size of the windows vista PEB structure. */
1432#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1433/** The size of the windows server 2003 PEB structure. */
1434#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1435/** The size of the windows XP PEB structure. */
1436#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1437
1438
1439
1440#define _PEB _PEB_COMMON
1441typedef PEB_COMMON PEB;
1442typedef PPEB_COMMON PPEB;
1443
1444#define _TEB _TEB_COMMON
1445typedef TEB_COMMON TEB;
1446typedef PTEB_COMMON PTEB;
1447
1448#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1449# ifdef RT_ARCH_X86
1450DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1451DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1452DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1453# elif defined(RT_ARCH_AMD64)
1454DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1455DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1456DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1457# else
1458# error "Port me"
1459# endif
1460#else
1461# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1462# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1463# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1464#endif
1465#define NtCurrentPeb() RTNtCurrentPeb()
1466
1467
1468/** @} */
1469
1470
1471#ifdef IPRT_NT_USE_WINTERNL
1472NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1473typedef enum _SECTION_INHERIT
1474{
1475 ViewShare = 1,
1476 ViewUnmap
1477} SECTION_INHERIT;
1478#endif
1479NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1480 ULONG, ULONG);
1481NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1482NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1483
1484#ifdef IPRT_NT_USE_WINTERNL
1485typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1486{
1487 ULONG FileSystemAttributes;
1488 LONG MaximumComponentNameLength;
1489 ULONG FileSystemNameLength;
1490 WCHAR FileSystemName[1];
1491} FILE_FS_ATTRIBUTE_INFORMATION;
1492typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1493
1494NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1495NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1496NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1497NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1498
1499typedef enum _FSINFOCLASS
1500{
1501 FileFsVolumeInformation = 1,
1502 FileFsLabelInformation,
1503 FileFsSizeInformation,
1504 FileFsDeviceInformation,
1505 FileFsAttributeInformation,
1506 FileFsControlInformation,
1507 FileFsFullSizeInformation,
1508 FileFsObjectIdInformation,
1509 FileFsDriverPathInformation,
1510 FileFsVolumeFlagsInformation,
1511 FileFsSectorSizeInformation,
1512 FileFsDataCopyInformation,
1513 FileFsMaximumInformation
1514} FS_INFORMATION_CLASS;
1515typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1516NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1517
1518typedef struct _FILE_BOTH_DIR_INFORMATION
1519{
1520 ULONG NextEntryOffset;
1521 ULONG FileIndex;
1522 LARGE_INTEGER CreationTime;
1523 LARGE_INTEGER LastAccessTime;
1524 LARGE_INTEGER LastWriteTime;
1525 LARGE_INTEGER ChangeTime;
1526 LARGE_INTEGER EndOfFile;
1527 LARGE_INTEGER AllocationSize;
1528 ULONG FileAttributes;
1529 ULONG FileNameLength;
1530 ULONG EaSize;
1531 CCHAR ShortNameLength;
1532 WCHAR ShortName[12];
1533 WCHAR FileName[1];
1534} FILE_BOTH_DIR_INFORMATION;
1535typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1536typedef struct _FILE_BASIC_INFORMATION
1537{
1538 LARGE_INTEGER CreationTime;
1539 LARGE_INTEGER LastAccessTime;
1540 LARGE_INTEGER LastWriteTime;
1541 LARGE_INTEGER ChangeTime;
1542 ULONG FileAttributes;
1543} FILE_BASIC_INFORMATION;
1544typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1545typedef struct _FILE_STANDARD_INFORMATION
1546{
1547 LARGE_INTEGER AllocationSize;
1548 LARGE_INTEGER EndOfFile;
1549 ULONG NumberOfLinks;
1550 BOOLEAN DeletePending;
1551 BOOLEAN Directory;
1552} FILE_STANDARD_INFORMATION;
1553typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1554typedef struct _FILE_NAME_INFORMATION
1555{
1556 ULONG FileNameLength;
1557 WCHAR FileName[1];
1558} FILE_NAME_INFORMATION;
1559typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1560typedef struct _FILE_NETWORK_OPEN_INFORMATION
1561{
1562 LARGE_INTEGER CreationTime;
1563 LARGE_INTEGER LastAccessTime;
1564 LARGE_INTEGER LastWriteTime;
1565 LARGE_INTEGER ChangeTime;
1566 LARGE_INTEGER AllocationSize;
1567 LARGE_INTEGER EndOfFile;
1568 ULONG FileAttributes;
1569} FILE_NETWORK_OPEN_INFORMATION;
1570typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1571typedef enum _FILE_INFORMATION_CLASS
1572{
1573 FileDirectoryInformation = 1,
1574 FileFullDirectoryInformation,
1575 FileBothDirectoryInformation,
1576 FileBasicInformation,
1577 FileStandardInformation,
1578 FileInternalInformation,
1579 FileEaInformation,
1580 FileAccessInformation,
1581 FileNameInformation,
1582 FileRenameInformation,
1583 FileLinkInformation,
1584 FileNamesInformation,
1585 FileDispositionInformation,
1586 FilePositionInformation,
1587 FileFullEaInformation,
1588 FileModeInformation,
1589 FileAlignmentInformation,
1590 FileAllInformation,
1591 FileAllocationInformation,
1592 FileEndOfFileInformation,
1593 FileAlternateNameInformation,
1594 FileStreamInformation,
1595 FilePipeInformation,
1596 FilePipeLocalInformation,
1597 FilePipeRemoteInformation,
1598 FileMailslotQueryInformation,
1599 FileMailslotSetInformation,
1600 FileCompressionInformation,
1601 FileObjectIdInformation,
1602 FileCompletionInformation,
1603 FileMoveClusterInformation,
1604 FileQuotaInformation,
1605 FileReparsePointInformation,
1606 FileNetworkOpenInformation,
1607 FileAttributeTagInformation,
1608 FileTrackingInformation,
1609 FileIdBothDirectoryInformation,
1610 FileIdFullDirectoryInformation,
1611 FileValidDataLengthInformation,
1612 FileShortNameInformation,
1613 FileIoCompletionNotificationInformation,
1614 FileIoStatusBlockRangeInformation,
1615 FileIoPriorityHintInformation,
1616 FileSfioReserveInformation,
1617 FileSfioVolumeInformation,
1618 FileHardLinkInformation,
1619 FileProcessIdsUsingFileInformation,
1620 FileNormalizedNameInformation,
1621 FileNetworkPhysicalNameInformation,
1622 FileIdGlobalTxDirectoryInformation,
1623 FileIsRemoteDeviceInformation,
1624 FileUnusedInformation,
1625 FileNumaNodeInformation,
1626 FileStandardLinkInformation,
1627 FileRemoteProtocolInformation,
1628 FileRenameInformationBypassAccessCheck,
1629 FileLinkInformationBypassAccessCheck,
1630 FileVolumeNameInformation,
1631 FileIdInformation,
1632 FileIdExtdDirectoryInformation,
1633 FileReplaceCompletionInformation,
1634 FileHardLinkFullIdInformation,
1635 FileMaximumInformation
1636} FILE_INFORMATION_CLASS;
1637typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1638NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1639NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1640 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1641NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1642#endif /* IPRT_NT_USE_WINTERNL */
1643NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1644NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1645
1646#ifdef IPRT_NT_USE_WINTERNL
1647
1648/** For use with KeyBasicInformation. */
1649typedef struct _KEY_BASIC_INFORMATION
1650{
1651 LARGE_INTEGER LastWriteTime;
1652 ULONG TitleIndex;
1653 ULONG NameLength;
1654 WCHAR Name[1];
1655} KEY_BASIC_INFORMATION;
1656typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1657
1658/** For use with KeyNodeInformation. */
1659typedef struct _KEY_NODE_INFORMATION
1660{
1661 LARGE_INTEGER LastWriteTime;
1662 ULONG TitleIndex;
1663 ULONG ClassOffset; /**< Offset from the start of the structure. */
1664 ULONG ClassLength;
1665 ULONG NameLength;
1666 WCHAR Name[1];
1667} KEY_NODE_INFORMATION;
1668typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1669
1670/** For use with KeyFullInformation. */
1671typedef struct _KEY_FULL_INFORMATION
1672{
1673 LARGE_INTEGER LastWriteTime;
1674 ULONG TitleIndex;
1675 ULONG ClassOffset; /**< Offset of the Class member. */
1676 ULONG ClassLength;
1677 ULONG SubKeys;
1678 ULONG MaxNameLen;
1679 ULONG MaxClassLen;
1680 ULONG Values;
1681 ULONG MaxValueNameLen;
1682 ULONG MaxValueDataLen;
1683 WCHAR Class[1];
1684} KEY_FULL_INFORMATION;
1685typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1686
1687/** For use with KeyNameInformation. */
1688typedef struct _KEY_NAME_INFORMATION
1689{
1690 ULONG NameLength;
1691 WCHAR Name[1];
1692} KEY_NAME_INFORMATION;
1693typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1694
1695/** For use with KeyCachedInformation. */
1696typedef struct _KEY_CACHED_INFORMATION
1697{
1698 LARGE_INTEGER LastWriteTime;
1699 ULONG TitleIndex;
1700 ULONG SubKeys;
1701 ULONG MaxNameLen;
1702 ULONG Values;
1703 ULONG MaxValueNameLen;
1704 ULONG MaxValueDataLen;
1705 ULONG NameLength;
1706} KEY_CACHED_INFORMATION;
1707typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1708
1709/** For use with KeyVirtualizationInformation. */
1710typedef struct _KEY_VIRTUALIZATION_INFORMATION
1711{
1712 ULONG VirtualizationCandidate : 1;
1713 ULONG VirtualizationEnabled : 1;
1714 ULONG VirtualTarget : 1;
1715 ULONG VirtualStore : 1;
1716 ULONG VirtualSource : 1;
1717 ULONG Reserved : 27;
1718} KEY_VIRTUALIZATION_INFORMATION;
1719typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1720
1721typedef enum _KEY_INFORMATION_CLASS
1722{
1723 KeyBasicInformation = 0,
1724 KeyNodeInformation,
1725 KeyFullInformation,
1726 KeyNameInformation,
1727 KeyCachedInformation,
1728 KeyFlagsInformation,
1729 KeyVirtualizationInformation,
1730 KeyHandleTagsInformation,
1731 MaxKeyInfoClass
1732} KEY_INFORMATION_CLASS;
1733NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1734NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1735
1736typedef struct _MEMORY_SECTION_NAME
1737{
1738 UNICODE_STRING SectionFileName;
1739 WCHAR NameBuffer[1];
1740} MEMORY_SECTION_NAME;
1741
1742#ifdef IPRT_NT_USE_WINTERNL
1743typedef struct _PROCESS_BASIC_INFORMATION
1744{
1745 NTSTATUS ExitStatus;
1746 PPEB PebBaseAddress;
1747 ULONG_PTR AffinityMask;
1748 int32_t BasePriority;
1749 ULONG_PTR UniqueProcessId;
1750 ULONG_PTR InheritedFromUniqueProcessId;
1751} PROCESS_BASIC_INFORMATION;
1752typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1753#endif
1754
1755typedef enum _PROCESSINFOCLASS
1756{
1757 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1758 ProcessQuotaLimits, /**< 1 / 0x01 */
1759 ProcessIoCounters, /**< 2 / 0x02 */
1760 ProcessVmCounters, /**< 3 / 0x03 */
1761 ProcessTimes, /**< 4 / 0x04 */
1762 ProcessBasePriority, /**< 5 / 0x05 */
1763 ProcessRaisePriority, /**< 6 / 0x06 */
1764 ProcessDebugPort, /**< 7 / 0x07 */
1765 ProcessExceptionPort, /**< 8 / 0x08 */
1766 ProcessAccessToken, /**< 9 / 0x09 */
1767 ProcessLdtInformation, /**< 10 / 0x0a */
1768 ProcessLdtSize, /**< 11 / 0x0b */
1769 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1770 ProcessIoPortHandlers, /**< 13 / 0x0d */
1771 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1772 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1773 ProcessUserModeIOPL, /**< 16 / 0x10 */
1774 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1775 ProcessPriorityClass, /**< 18 / 0x12 */
1776 ProcessWx86Information, /**< 19 / 0x13 */
1777 ProcessHandleCount, /**< 20 / 0x14 */
1778 ProcessAffinityMask, /**< 21 / 0x15 */
1779 ProcessPriorityBoost, /**< 22 / 0x16 */
1780 ProcessDeviceMap, /**< 23 / 0x17 */
1781 ProcessSessionInformation, /**< 24 / 0x18 */
1782 ProcessForegroundInformation, /**< 25 / 0x19 */
1783 ProcessWow64Information, /**< 26 / 0x1a */
1784 ProcessImageFileName, /**< 27 / 0x1b */
1785 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1786 ProcessBreakOnTermination, /**< 29 / 0x1d */
1787 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1788 ProcessDebugFlags, /**< 31 / 0x1f */
1789 ProcessHandleTracing, /**< 32 / 0x20 */
1790 ProcessIoPriority, /**< 33 / 0x21 */
1791 ProcessExecuteFlags, /**< 34 / 0x22 */
1792 ProcessTlsInformation, /**< 35 / 0x23 */
1793 ProcessCookie, /**< 36 / 0x24 */
1794 ProcessImageInformation, /**< 37 / 0x25 */
1795 ProcessCycleTime, /**< 38 / 0x26 */
1796 ProcessPagePriority, /**< 39 / 0x27 */
1797 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1798 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1799 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1800 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1801 ProcessImageFileMapping, /**< 44 / 0x2c */
1802 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1803 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1804 ProcessGroupInformation, /**< 47 / 0x2f */
1805 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1806 ProcessConsoleHostProcess, /**< 49 / 0x31 */
1807 ProcessWindowsInformation, /**< 50 / 0x32 */
1808 ProcessUnknown51,
1809 ProcessUnknown52,
1810 ProcessUnknown53,
1811 ProcessUnknown54,
1812 ProcessUnknown55,
1813 ProcessUnknown56,
1814 ProcessUnknown57,
1815 ProcessUnknown58,
1816 ProcessUnknown59,
1817 ProcessUnknown60,
1818 ProcessUnknown61,
1819 ProcessUnknown62,
1820 ProcessUnknown63,
1821 ProcessUnknown64,
1822 ProcessUnknown65,
1823 ProcessUnknown66,
1824 ProcessMaybe_KeSetCpuSetsProcess, /**< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. */
1825 MaxProcessInfoClass /**< 68 / 0x44 */
1826} PROCESSINFOCLASS;
1827NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1828
1829typedef enum _THREADINFOCLASS
1830{
1831 ThreadBasicInformation = 0,
1832 ThreadTimes,
1833 ThreadPriority,
1834 ThreadBasePriority,
1835 ThreadAffinityMask,
1836 ThreadImpersonationToken,
1837 ThreadDescriptorTableEntry,
1838 ThreadEnableAlignmentFaultFixup,
1839 ThreadEventPair_Reusable,
1840 ThreadQuerySetWin32StartAddress,
1841 ThreadZeroTlsCell,
1842 ThreadPerformanceCount,
1843 ThreadAmILastThread,
1844 ThreadIdealProcessor,
1845 ThreadPriorityBoost,
1846 ThreadSetTlsArrayAddress,
1847 ThreadIsIoPending,
1848 ThreadHideFromDebugger,
1849 ThreadBreakOnTermination,
1850 ThreadSwitchLegacyState,
1851 ThreadIsTerminated,
1852 ThreadLastSystemCall,
1853 ThreadIoPriority,
1854 ThreadCycleTime,
1855 ThreadPagePriority,
1856 ThreadActualBasePriority,
1857 ThreadTebInformation,
1858 ThreadCSwitchMon,
1859 ThreadCSwitchPmu,
1860 ThreadWow64Context,
1861 ThreadGroupInformation,
1862 ThreadUmsInformation,
1863 ThreadCounterProfiling,
1864 ThreadIdealProcessorEx,
1865 ThreadCpuAccountingInformation,
1866 MaxThreadInfoClass
1867} THREADINFOCLASS;
1868NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1869
1870NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1871
1872NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1873NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1874NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1875
1876NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1877NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1878
1879NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1880NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1881NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1882NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1883NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1884NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1885NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1886NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1887NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1888
1889#endif /* IPRT_NT_USE_WINTERNL */
1890
1891typedef enum _OBJECT_INFORMATION_CLASS
1892{
1893 ObjectBasicInformation = 0,
1894 ObjectNameInformation,
1895 ObjectTypeInformation,
1896 ObjectAllInformation,
1897 ObjectDataInformation
1898} OBJECT_INFORMATION_CLASS;
1899typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1900#ifdef IN_RING0
1901# define NtQueryObject ZwQueryObject
1902#endif
1903NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1904NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1905NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1906
1907NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1908
1909typedef struct _OBJECT_DIRECTORY_INFORMATION
1910{
1911 UNICODE_STRING Name;
1912 UNICODE_STRING TypeName;
1913} OBJECT_DIRECTORY_INFORMATION;
1914typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1915NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1916
1917NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1918NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1919/** @name ProcessDefaultHardErrorMode bit definitions.
1920 * @{ */
1921#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1922#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1923#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1924#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1925/** @} */
1926NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1927NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1928
1929/** Retured by ProcessImageInformation as well as NtQuerySection. */
1930typedef struct _SECTION_IMAGE_INFORMATION
1931{
1932 PVOID TransferAddress;
1933 ULONG ZeroBits;
1934 SIZE_T MaximumStackSize;
1935 SIZE_T CommittedStackSize;
1936 ULONG SubSystemType;
1937 union
1938 {
1939 struct
1940 {
1941 USHORT SubSystemMinorVersion;
1942 USHORT SubSystemMajorVersion;
1943 };
1944 ULONG SubSystemVersion;
1945 };
1946 ULONG GpValue;
1947 USHORT ImageCharacteristics;
1948 USHORT DllCharacteristics;
1949 USHORT Machine;
1950 BOOLEAN ImageContainsCode;
1951 union /**< Since Vista, used to be a spare BOOLEAN. */
1952 {
1953 struct
1954 {
1955 UCHAR ComPlusNativeRead : 1;
1956 UCHAR ComPlusILOnly : 1;
1957 UCHAR ImageDynamicallyRelocated : 1;
1958 UCHAR ImageMAppedFlat : 1;
1959 UCHAR Reserved : 4;
1960 };
1961 UCHAR ImageFlags;
1962 };
1963 ULONG LoaderFlags;
1964 ULONG ImageFileSize; /**< Since XP? */
1965 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
1966} SECTION_IMAGE_INFORMATION;
1967typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1968
1969typedef enum _SECTION_INFORMATION_CLASS
1970{
1971 SectionBasicInformation = 0,
1972 SectionImageInformation,
1973 MaxSectionInfoClass
1974} SECTION_INFORMATION_CLASS;
1975NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1976
1977NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1978NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1979NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1980#ifndef SYMBOLIC_LINK_QUERY
1981# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1982#endif
1983#ifndef SYMBOLIC_LINK_ALL_ACCESS
1984# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
1985#endif
1986
1987NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1988NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1989NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1990NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1991NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1992NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1993
1994
1995#ifndef SEC_FILE
1996# define SEC_FILE UINT32_C(0x00800000)
1997#endif
1998#ifndef SEC_IMAGE
1999# define SEC_IMAGE UINT32_C(0x01000000)
2000#endif
2001#ifndef SEC_PROTECTED_IMAGE
2002# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2003#endif
2004#ifndef SEC_NOCACHE
2005# define SEC_NOCACHE UINT32_C(0x10000000)
2006#endif
2007#ifndef MEM_ROTATE
2008# define MEM_ROTATE UINT32_C(0x00800000)
2009#endif
2010typedef enum _MEMORY_INFORMATION_CLASS
2011{
2012 MemoryBasicInformation = 0,
2013 MemoryWorkingSetList,
2014 MemorySectionName,
2015 MemoryBasicVlmInformation
2016} MEMORY_INFORMATION_CLASS;
2017#ifdef IN_RING0
2018typedef struct _MEMORY_BASIC_INFORMATION
2019{
2020 PVOID BaseAddress;
2021 PVOID AllocationBase;
2022 ULONG AllocationProtect;
2023 SIZE_T RegionSize;
2024 ULONG State;
2025 ULONG Protect;
2026 ULONG Type;
2027} MEMORY_BASIC_INFORMATION;
2028typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2029# define NtQueryVirtualMemory ZwQueryVirtualMemory
2030#endif
2031NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2032#ifdef IPRT_NT_USE_WINTERNL
2033NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2034#endif
2035NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2036NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2037
2038typedef enum _SYSTEM_INFORMATION_CLASS
2039{
2040 SystemBasicInformation = 0,
2041 SystemCpuInformation,
2042 SystemPerformanceInformation,
2043 SystemTimeOfDayInformation,
2044 SystemInformation_Unknown_4,
2045 SystemProcessInformation,
2046 SystemInformation_Unknown_6,
2047 SystemInformation_Unknown_7,
2048 SystemProcessorPerformanceInformation,
2049 SystemInformation_Unknown_9,
2050 SystemInformation_Unknown_10,
2051 SystemModuleInformation,
2052 SystemInformation_Unknown_12,
2053 SystemInformation_Unknown_13,
2054 SystemInformation_Unknown_14,
2055 SystemInformation_Unknown_15,
2056 SystemHandleInformation,
2057 SystemInformation_Unknown_17,
2058 SystemPageFileInformation,
2059 SystemInformation_Unknown_19,
2060 SystemInformation_Unknown_20,
2061 SystemCacheInformation,
2062 SystemInformation_Unknown_22,
2063 SystemInterruptInformation,
2064 SystemDpcBehaviourInformation,
2065 SystemFullMemoryInformation,
2066 SystemLoadGdiDriverInformation, /* 26 */
2067 SystemUnloadGdiDriverInformation, /* 27 */
2068 SystemTimeAdjustmentInformation,
2069 SystemSummaryMemoryInformation,
2070 SystemInformation_Unknown_30,
2071 SystemInformation_Unknown_31,
2072 SystemInformation_Unknown_32,
2073 SystemExceptionInformation,
2074 SystemCrashDumpStateInformation,
2075 SystemKernelDebuggerInformation,
2076 SystemContextSwitchInformation,
2077 SystemRegistryQuotaInformation,
2078 SystemInformation_Unknown_38,
2079 SystemInformation_Unknown_39,
2080 SystemInformation_Unknown_40,
2081 SystemInformation_Unknown_41,
2082 SystemInformation_Unknown_42,
2083 SystemInformation_Unknown_43,
2084 SystemCurrentTimeZoneInformation,
2085 SystemLookasideInformation,
2086 SystemSetTimeSlipEvent,
2087 SystemCreateSession,
2088 SystemDeleteSession,
2089 SystemInformation_Unknown_49,
2090 SystemRangeStartInformation,
2091 SystemVerifierInformation,
2092 SystemInformation_Unknown_52,
2093 SystemSessionProcessInformation,
2094 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2095 SystemInformation_Unknown_55,
2096 SystemInformation_Unknown_56,
2097 SystemExtendedProcessInformation,
2098 SystemInformation_Unknown_58,
2099 SystemInformation_Unknown_59,
2100 SystemInformation_Unknown_60,
2101 SystemInformation_Unknown_61,
2102 SystemInformation_Unknown_62,
2103 SystemInformation_Unknown_63,
2104 SystemExtendedHandleInformation, /* 64 */
2105 SystemInformation_Unknown_65,
2106 SystemInformation_Unknown_66,
2107 SystemInformation_Unknown_67,
2108 SystemInformation_Unknown_68,
2109 SystemInformation_HotPatchInfo, /* 69 */
2110 SystemInformation_Unknown_70,
2111 SystemInformation_Unknown_71,
2112 SystemInformation_Unknown_72,
2113 SystemInformation_Unknown_73,
2114 SystemInformation_Unknown_74,
2115 SystemInformation_Unknown_75,
2116 SystemInformation_Unknown_76,
2117 SystemInformation_Unknown_77,
2118 SystemInformation_Unknown_78,
2119 SystemInformation_Unknown_79,
2120 SystemInformation_Unknown_80,
2121 SystemInformation_Unknown_81,
2122 SystemInformation_Unknown_82,
2123 SystemInformation_Unknown_83,
2124 SystemInformation_Unknown_84,
2125 SystemInformation_Unknown_85,
2126 SystemInformation_Unknown_86,
2127 SystemInformation_Unknown_87,
2128 SystemInformation_Unknown_88,
2129 SystemInformation_Unknown_89,
2130 SystemInformation_Unknown_90,
2131 SystemInformation_Unknown_91,
2132 SystemInformation_Unknown_92,
2133 SystemInformation_Unknown_93,
2134 SystemInformation_Unknown_94,
2135 SystemInformation_Unknown_95,
2136 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2137 SystemInformation_Unknown_97,
2138 SystemInformation_Unknown_98,
2139 SystemInformation_Unknown_99,
2140 SystemInformation_Unknown_100,
2141 SystemInformation_Unknown_101,
2142 SystemInformation_Unknown_102,
2143 SystemInformation_Unknown_103,
2144 SystemInformation_Unknown_104,
2145 SystemInformation_Unknown_105,
2146 SystemInformation_Unknown_107,
2147 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2148
2149 /** @todo fill gap. they've added a whole bunch of things */
2150 SystemPolicyInformation = 134,
2151 SystemInformationClassMax
2152} SYSTEM_INFORMATION_CLASS;
2153
2154#ifdef IPRT_NT_USE_WINTERNL
2155typedef struct _VM_COUNTERS
2156{
2157 SIZE_T PeakVirtualSize;
2158 SIZE_T VirtualSize;
2159 ULONG PageFaultCount;
2160 SIZE_T PeakWorkingSetSize;
2161 SIZE_T WorkingSetSize;
2162 SIZE_T QuotaPeakPagedPoolUsage;
2163 SIZE_T QuotaPagedPoolUsage;
2164 SIZE_T QuotaPeakNonPagedPoolUsage;
2165 SIZE_T QuotaNonPagedPoolUsage;
2166 SIZE_T PagefileUsage;
2167 SIZE_T PeakPagefileUsage;
2168} VM_COUNTERS;
2169typedef VM_COUNTERS *PVM_COUNTERS;
2170#endif
2171
2172#if 0
2173typedef struct _IO_COUNTERS
2174{
2175 ULONGLONG ReadOperationCount;
2176 ULONGLONG WriteOperationCount;
2177 ULONGLONG OtherOperationCount;
2178 ULONGLONG ReadTransferCount;
2179 ULONGLONG WriteTransferCount;
2180 ULONGLONG OtherTransferCount;
2181} IO_COUNTERS;
2182typedef IO_COUNTERS *PIO_COUNTERS;
2183#endif
2184
2185typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2186{
2187 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2188 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2189 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2190 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2191 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2192 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2193 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2194 int32_t BasePriority; /**< 0x40 / 0x48 */
2195 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2196 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2197 ULONG HandleCount; /**< 0x4c / 0x60 */
2198 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2199 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2200 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2201 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2202 /* After this follows the threads, then the ProcessName.Buffer. */
2203} RTNT_SYSTEM_PROCESS_INFORMATION;
2204typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2205#ifndef IPRT_NT_USE_WINTERNL
2206typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2207typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2208#endif
2209
2210typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2211{
2212 USHORT UniqueProcessId;
2213 USHORT CreatorBackTraceIndex;
2214 UCHAR ObjectTypeIndex;
2215 UCHAR HandleAttributes;
2216 USHORT HandleValue;
2217 PVOID Object;
2218 ULONG GrantedAccess;
2219} SYSTEM_HANDLE_ENTRY_INFO;
2220typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2221
2222/** Returned by SystemHandleInformation */
2223typedef struct _SYSTEM_HANDLE_INFORMATION
2224{
2225 ULONG NumberOfHandles;
2226 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2227} SYSTEM_HANDLE_INFORMATION;
2228typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2229
2230/** Extended handle information entry.
2231 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2232typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2233{
2234 PVOID Object;
2235 HANDLE UniqueProcessId;
2236 HANDLE HandleValue;
2237 ACCESS_MASK GrantedAccess;
2238 USHORT CreatorBackTraceIndex;
2239 USHORT ObjectTypeIndex;
2240 ULONG HandleAttributes;
2241 ULONG Reserved;
2242} SYSTEM_HANDLE_ENTRY_INFO_EX;
2243typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2244
2245/** Returned by SystemExtendedHandleInformation. */
2246typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2247{
2248 ULONG_PTR NumberOfHandles;
2249 ULONG_PTR Reserved;
2250 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2251} SYSTEM_HANDLE_INFORMATION_EX;
2252typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2253
2254/** Input to SystemSessionProcessInformation. */
2255typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2256{
2257 ULONG SessionId;
2258 ULONG BufferLength;
2259 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2260 PVOID Buffer;
2261} SYSTEM_SESSION_PROCESS_INFORMATION;
2262typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2263
2264NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2265
2266NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2267NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2268
2269NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2270NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2271#ifndef IPRT_NT_USE_WINTERNL
2272NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2273#endif
2274typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2275typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2276NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2277
2278NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2279
2280#ifdef IPRT_NT_USE_WINTERNL
2281typedef enum _EVENT_TYPE
2282{
2283 /* Manual reset event. */
2284 NotificationEvent = 0,
2285 /* Automaitc reset event. */
2286 SynchronizationEvent
2287} EVENT_TYPE;
2288#endif
2289NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2290NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2291typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2292NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2293NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2294NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2295typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2296typedef enum _EVENT_INFORMATION_CLASS
2297{
2298 EventBasicInformation = 0
2299} EVENT_INFORMATION_CLASS;
2300/** Data returned by NtQueryEvent + EventBasicInformation. */
2301typedef struct EVENT_BASIC_INFORMATION
2302{
2303 EVENT_TYPE EventType;
2304 ULONG EventState;
2305} EVENT_BASIC_INFORMATION;
2306typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2307NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2308
2309#ifdef IPRT_NT_USE_WINTERNL
2310/** For NtQueryValueKey. */
2311typedef enum _KEY_VALUE_INFORMATION_CLASS
2312{
2313 KeyValueBasicInformation = 0,
2314 KeyValueFullInformation,
2315 KeyValuePartialInformation,
2316 KeyValueFullInformationAlign64,
2317 KeyValuePartialInformationAlign64
2318} KEY_VALUE_INFORMATION_CLASS;
2319
2320/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2321typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2322{
2323 ULONG TitleIndex;
2324 ULONG Type;
2325 ULONG DataLength;
2326 UCHAR Data[1];
2327} KEY_VALUE_PARTIAL_INFORMATION;
2328typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2329#endif
2330NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2331NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2332
2333
2334NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2335
2336
2337typedef struct _CURDIR
2338{
2339 UNICODE_STRING DosPath;
2340 HANDLE Handle;
2341} CURDIR;
2342typedef CURDIR *PCURDIR;
2343
2344typedef struct _RTL_DRIVE_LETTER_CURDIR
2345{
2346 USHORT Flags;
2347 USHORT Length;
2348 ULONG TimeStamp;
2349 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2350} RTL_DRIVE_LETTER_CURDIR;
2351typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2352
2353typedef struct _RTL_USER_PROCESS_PARAMETERS
2354{
2355 ULONG MaximumLength;
2356 ULONG Length;
2357 ULONG Flags;
2358 ULONG DebugFlags;
2359 HANDLE ConsoleHandle;
2360 ULONG ConsoleFlags;
2361 HANDLE StandardInput;
2362 HANDLE StandardOutput;
2363 HANDLE StandardError;
2364 CURDIR CurrentDirectory;
2365 UNICODE_STRING DllPath;
2366 UNICODE_STRING ImagePathName;
2367 UNICODE_STRING CommandLine;
2368 PWSTR Environment;
2369 ULONG StartingX;
2370 ULONG StartingY;
2371 ULONG CountX;
2372 ULONG CountY;
2373 ULONG CountCharsX;
2374 ULONG CountCharsY;
2375 ULONG FillAttribute;
2376 ULONG WindowFlags;
2377 ULONG ShowWindowFlags;
2378 UNICODE_STRING WindowTitle;
2379 UNICODE_STRING DesktopInfo;
2380 UNICODE_STRING ShellInfo;
2381 UNICODE_STRING RuntimeInfo;
2382 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2383 SIZE_T EnvironmentSize; /**< Added in Vista */
2384 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2385 PVOID PackageDependencyData; /**< Added Windows 8? */
2386 ULONG ProcessGroupId; /**< Added Windows 8? */
2387} RTL_USER_PROCESS_PARAMETERS;
2388typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2389#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2390
2391typedef struct _RTL_USER_PROCESS_INFORMATION
2392{
2393 ULONG Size;
2394 HANDLE ProcessHandle;
2395 HANDLE ThreadHandle;
2396 CLIENT_ID ClientId;
2397 SECTION_IMAGE_INFORMATION ImageInformation;
2398} RTL_USER_PROCESS_INFORMATION;
2399typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2400
2401
2402NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2403 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2404NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2405 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2406 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2407 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2408 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2409NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2410NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2411 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2412
2413#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2414typedef struct _RTL_CRITICAL_SECTION
2415{
2416 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2417 LONG LockCount;
2418 LONG Recursioncount;
2419 HANDLE OwningThread;
2420 HANDLE LockSemaphore;
2421 ULONG_PTR SpinCount;
2422} RTL_CRITICAL_SECTION;
2423typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2424#endif
2425
2426/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2427
2428/** @def RTL_QUERY_REGISTRY_TYPECHECK
2429 * WDK 8.1+, backported in updates, ignored in older. */
2430#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2431# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2432#endif
2433/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2434 * WDK 8.1+, backported in updates, ignored in older. */
2435#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2436# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2437#endif
2438
2439
2440RT_C_DECLS_END
2441/** @} */
2442
2443
2444#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2445/** @name NT Kernel APIs
2446 * @{ */
2447RT_C_DECLS_BEGIN
2448
2449typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2450
2451NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2452typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2453NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2454typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2455NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2456typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2457NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2458typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2459NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2460typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2461NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2462typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2463NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2464typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2465NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2466typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2467NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2468typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2469NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2470typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2471/** Works like anding the complemented subtrahend with the minuend. */
2472NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2473typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2474NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2475typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2476NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2477typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2478NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2479typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2480NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2481typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2482NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2483typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2484typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2485typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2486typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2487typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2488typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2489typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2490typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2491typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2492typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2493typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2494typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2495 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2496 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2497typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2498typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2499typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2500
2501NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2502 PVOID pvOptionalConditions, PHANDLE phFound);
2503NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2504 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2505 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2506NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2507NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2508NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2509NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2510extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2511extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2512
2513typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2514typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2515
2516RT_C_DECLS_END
2517/** @ */
2518#endif /* IN_RING0 */
2519
2520
2521#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2522/** @name NT Userland APIs
2523 * @{ */
2524RT_C_DECLS_BEGIN
2525
2526#if 0 /** @todo figure this out some time... */
2527typedef struct CSR_MSG_DATA_CREATED_PROCESS
2528{
2529 HANDLE hProcess;
2530 HANDLE hThread;
2531 CLIENT_ID
2532 DWORD idProcess;
2533 DWORD idThread;
2534 DWORD fCreate;
2535
2536} CSR_MSG_DATA_CREATED_PROCESS;
2537
2538#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2539#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2540NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2541#endif
2542
2543NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2544
2545typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2546{
2547 ULONG Flags;
2548 PCUNICODE_STRING FullDllName;
2549 PCUNICODE_STRING BaseDllName;
2550 PVOID DllBase;
2551 ULONG SizeOfImage;
2552} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2553typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2554typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2555
2556typedef union _LDR_DLL_NOTIFICATION_DATA
2557{
2558 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2559 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2560} LDR_DLL_NOTIFICATION_DATA;
2561typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2562typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2563
2564typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2565
2566#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2567#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2568NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2569 PVOID *pvCookie);
2570typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2571NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2572typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2573
2574NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2575 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2576typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2577 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2578NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2579typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2580NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2581 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2582typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2583 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2584#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2585#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2586/** @since Windows XP. */
2587NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2588 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2589/** @since Windows XP. */
2590typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2591 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2592/** @since Windows 7. */
2593NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2594/** @since Windows 7. */
2595typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2596/** @since Windows 7. */
2597NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2598 OUT PHANDLE phDll);
2599/** @since Windows 7. */
2600typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2601 OUT PHANDLE phDll);
2602#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2603NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2604typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2605NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2606 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2607typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2608 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2609#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2610/** @since Windows Vista. */
2611NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2612 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2613/** @since Windows Vista. */
2614typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2615 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2616#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2617#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2618#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2619#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2620#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2621/** @since Windows XP. */
2622NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2623/** @since Windows XP. */
2624typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2625#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2626/** @since Windows XP. */
2627NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2628/** @since Windows XP. */
2629typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2630
2631NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2632NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2633NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2634NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2635 IN PCUNICODE_STRING pOrgName,
2636 IN PUNICODE_STRING pDefaultSuffix,
2637 IN OUT PUNICODE_STRING pStaticString,
2638 IN OUT PUNICODE_STRING pDynamicString,
2639 IN OUT PUNICODE_STRING *ppResultString,
2640 IN PULONG pfNewFlags OPTIONAL,
2641 IN PSIZE_T pcbFilename OPTIONAL,
2642 IN PSIZE_T pcbNeeded OPTIONAL);
2643
2644# ifdef IPRT_NT_USE_WINTERNL
2645typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2646typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2647typedef struct _RTL_HEAP_PARAMETERS
2648{
2649 ULONG Length;
2650 SIZE_T SegmentReserve;
2651 SIZE_T SegmentCommit;
2652 SIZE_T DeCommitFreeBlockThreshold;
2653 SIZE_T DeCommitTotalFreeThreshold;
2654 SIZE_T MaximumAllocationSize;
2655 SIZE_T VirtualMemoryThreshold;
2656 SIZE_T InitialCommit;
2657 SIZE_T InitialReserve;
2658 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2659 SIZE_T Reserved[2];
2660} RTL_HEAP_PARAMETERS;
2661typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2662NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2663 PRTL_HEAP_PARAMETERS pParameters);
2664/** @name Heap flags (for RtlCreateHeap).
2665 * @{ */
2666/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2667# define HEAP_GROWABLE UINT32_C(0x00000002)
2668# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2669# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2670# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2671# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2672# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2673# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2674# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2675# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2676# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2677# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2678# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2679# define HEAP_CLASS_0 UINT32_C(0x00000000)
2680# define HEAP_CLASS_1 UINT32_C(0x00001000)
2681# define HEAP_CLASS_2 UINT32_C(0x00002000)
2682# define HEAP_CLASS_3 UINT32_C(0x00003000)
2683# define HEAP_CLASS_4 UINT32_C(0x00004000)
2684# define HEAP_CLASS_5 UINT32_C(0x00005000)
2685# define HEAP_CLASS_6 UINT32_C(0x00006000)
2686# define HEAP_CLASS_7 UINT32_C(0x00007000)
2687# define HEAP_CLASS_8 UINT32_C(0x00008000)
2688# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2689# endif
2690# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2691# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2692# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2693# define HEAP_CLASS_GDI HEAP_CLASS_3
2694# define HEAP_CLASS_USER HEAP_CLASS_4
2695# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2696# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2697# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2698# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2699# ifdef IPRT_NT_USE_WINTERNL
2700/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2701# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2702# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2703# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2704# endif /* IPRT_NT_USE_WINTERNL */
2705/** @} */
2706# ifdef IPRT_NT_USE_WINTERNL
2707/** @name Heap tagging constants
2708 * @{ */
2709# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2710/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2711# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2712# define HEAP_TAG_SHIFT 18 */
2713# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2714/** @} */
2715NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2716NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2717NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2718# endif /* IPRT_NT_USE_WINTERNL */
2719NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2720NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2721NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2722NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2723NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2724NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2725NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2726NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2727NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2728NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2729typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2730
2731RT_C_DECLS_END
2732/** @} */
2733#endif /* IN_RING3 */
2734
2735#endif
2736
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette