VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 78377

Last change on this file since 78377 was 78303, checked in by vboxsync, 6 years ago

winnt/vboxsf: Converting VBoxMRxQueryFileInfo to VbglR0SfHostReqQueryObjInfo and tried to do some much needed cleaning up in that function. Tried to minimize impact elsewhere to keep the change small. bugref:9172
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 139.5 KB
Line 
1/* $Id: nt.h 78303 2019-04-26 00:44:32Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2019 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef IPRT_INCLUDED_nt_nt_h
28#define IPRT_INCLUDED_nt_nt_h
29#ifndef RT_WITHOUT_PRAGMA_ONCE
30# pragma once
31#endif
32
33/** @def IPRT_NT_MAP_TO_ZW
34 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35 * to the APIs (takes care of the previous context checks).
36 */
37#ifdef DOXYGEN_RUNNING
38# define IPRT_NT_MAP_TO_ZW
39#endif
40
41#ifdef IPRT_NT_MAP_TO_ZW
42# define NtQueryDirectoryFile ZwQueryDirectoryFile
43# define NtQueryInformationFile ZwQueryInformationFile
44# define NtQueryInformationProcess ZwQueryInformationProcess
45# define NtQueryInformationThread ZwQueryInformationThread
46# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47# define NtQuerySystemInformation ZwQuerySystemInformation
48# define NtQuerySecurityObject ZwQuerySecurityObject
49# define NtSetInformationFile ZwSetInformationFile
50# define NtClose ZwClose
51# define NtCreateFile ZwCreateFile
52# define NtReadFile ZwReadFile
53# define NtWriteFile ZwWriteFile
54# define NtFlushBuffersFile ZwFlushBuffersFile
55/** @todo this is very incomplete! */
56#endif
57
58#include <ntstatus.h>
59
60/*
61 * Hacks common to both base header sets.
62 */
63#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64#define NtQueryObject Incomplete_NtQueryObject
65#define ZwQueryObject Incomplete_ZwQueryObject
66#define NtSetInformationObject Incomplete_NtSetInformationObject
67#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71#define _PEB Incomplete__PEB
72#define PEB Incomplete_PEB
73#define PPEB Incomplete_PPEB
74#define _TEB Incomplete__TEB
75#define TEB Incomplete_TEB
76#define PTEB Incomplete_PTEB
77#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86#ifdef IPRT_NT_USE_WINTERNL
87/*
88 * Use Winternl.h.
89 */
90# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
122# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
123# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
124# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
125# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
126# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
127# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
128# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
129# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
130# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
131
132
133# pragma warning(push)
134# pragma warning(disable: 4668)
135# define WIN32_NO_STATUS
136# include <windef.h>
137# include <winnt.h>
138# include <winternl.h>
139# undef WIN32_NO_STATUS
140# include <ntstatus.h>
141# pragma warning(pop)
142
143# ifndef OBJ_DONT_REPARSE
144# define RTNT_NEED_CLIENT_ID
145# endif
146
147# undef _FILE_INFORMATION_CLASS
148# undef FILE_INFORMATION_CLASS
149# undef FileDirectoryInformation
150
151# undef NtQueryInformationProcess
152# undef NtSetInformationProcess
153# undef PROCESSINFOCLASS
154# undef _PROCESSINFOCLASS
155# undef PROCESS_BASIC_INFORMATION
156# undef PPROCESS_BASIC_INFORMATION
157# undef _PROCESS_BASIC_INFORMATION
158# undef ProcessBasicInformation
159# undef ProcessDebugPort
160# undef ProcessWow64Information
161# undef ProcessImageFileName
162# undef ProcessBreakOnTermination
163
164# undef RTL_USER_PROCESS_PARAMETERS
165# undef PRTL_USER_PROCESS_PARAMETERS
166# undef _RTL_USER_PROCESS_PARAMETERS
167
168# undef NtQueryInformationThread
169# undef NtSetInformationThread
170# undef THREADINFOCLASS
171# undef _THREADINFOCLASS
172# undef ThreadIsIoPending
173
174# undef NtQuerySystemInformation
175# undef NtSetSystemInformation
176# undef SYSTEM_INFORMATION_CLASS
177# undef _SYSTEM_INFORMATION_CLASS
178# undef SystemBasicInformation
179# undef SystemPerformanceInformation
180# undef SystemTimeOfDayInformation
181# undef SystemProcessInformation
182# undef SystemProcessorPerformanceInformation
183# undef SystemInterruptInformation
184# undef SystemExceptionInformation
185# undef SystemRegistryQuotaInformation
186# undef SystemLookasideInformation
187# undef SystemPolicyInformation
188
189#else
190/*
191 * Use ntifs.h and wdm.h.
192 */
193# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
194# define FORCEINLINE static __forceinline
195# else
196# define FORCEINLINE static __inline
197# endif
198
199# pragma warning(push)
200# ifdef RT_ARCH_X86
201# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
202# pragma warning(disable: 4163)
203# endif
204# pragma warning(disable: 4668)
205# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
206# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
207# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
208# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
209# endif
210
211# include <ntifs.h>
212# include <wdm.h>
213
214# ifdef RT_ARCH_X86
215# undef _InterlockedAddLargeStatistic
216# endif
217# pragma warning(pop)
218
219# define IPRT_NT_NEED_API_GROUP_NTIFS
220#endif
221
222#undef RtlFreeUnicodeString
223#undef NtQueryObject
224#undef ZwQueryObject
225#undef NtSetInformationObject
226#undef _OBJECT_INFORMATION_CLASS
227#undef OBJECT_INFORMATION_CLASS
228#undef ObjectBasicInformation
229#undef ObjectTypeInformation
230#undef _PEB
231#undef PEB
232#undef PPEB
233#undef _TEB
234#undef TEB
235#undef PTEB
236#undef _PEB_LDR_DATA
237#undef PEB_LDR_DATA
238#undef PPEB_LDR_DATA
239#undef _KUSER_SHARED_DATA
240#undef KUSER_SHARED_DATA
241#undef PKUSER_SHARED_DATA
242
243
244#include <iprt/types.h>
245#include <iprt/assert.h>
246
247
248/** @name Useful macros
249 * @{ */
250/** Indicates that we're targeting native NT in the current source. */
251#define RTNT_USE_NATIVE_NT 1
252/** Initializes a IO_STATUS_BLOCK. */
253#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
254/** Reinitializes a IO_STATUS_BLOCK. */
255#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
256 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
257/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
258#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
259/** Constant UNICODE_STRING initializer. */
260#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
261/** @} */
262
263
264/** @name IPRT helper functions for NT
265 * @{ */
266RT_C_DECLS_BEGIN
267
268RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
269 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
270 PHANDLE phHandle, PULONG_PTR puDisposition);
271RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
272 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
273RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
274 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
275RTDECL(int) RTNtPathClose(HANDLE hHandle);
276
277/**
278 * Converts a windows-style path to NT format and encoding.
279 *
280 * @returns IPRT status code.
281 * @param pNtName Where to return the NT name. Free using
282 * RTNtPathFree.
283 * @param phRootDir Where to return the root handle, if applicable.
284 * @param pszPath The UTF-8 path.
285 */
286RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
287
288/**
289 * Converts a UTF-16 windows-style path to NT format.
290 *
291 * @returns IPRT status code.
292 * @param pNtName Where to return the NT name. Free using
293 * RTNtPathFree.
294 * @param phRootDir Where to return the root handle, if applicable.
295 * @param pwszPath The UTF-16 windows-style path.
296 * @param cwcPath The max length of the windows-style path in
297 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
298 * pwszPath is correctly terminated.
299 */
300RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
301
302/**
303 * How to handle ascent ('..' relative to a root handle).
304 */
305typedef enum RTNTPATHRELATIVEASCENT
306{
307 kRTNtPathRelativeAscent_Invalid = 0,
308 kRTNtPathRelativeAscent_Allow,
309 kRTNtPathRelativeAscent_Fail,
310 kRTNtPathRelativeAscent_Ignore,
311 kRTNtPathRelativeAscent_End,
312 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
313} RTNTPATHRELATIVEASCENT;
314
315/**
316 * Converts a relative windows-style path to relative NT format and encoding.
317 *
318 * @returns IPRT status code.
319 * @param pNtName Where to return the NT name. Free using
320 * rtTNtPathToNative with phRootDir set to NULL.
321 * @param phRootDir On input, the handle to the directory the path
322 * is relative to. On output, the handle to
323 * specify as root directory in the object
324 * attributes when accessing the path. If
325 * enmAscent is kRTNtPathRelativeAscent_Allow, it
326 * may have been set to NULL.
327 * @param pszPath The relative UTF-8 path.
328 * @param enmAscent How to handle ascent.
329 * @param fMustReturnAbsolute Must convert to an absolute path. This
330 * is necessary if the root dir is a NT directory
331 * object (e.g. /Devices) since they cannot parse
332 * relative paths it seems.
333 */
334RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
335 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
336
337/**
338 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
339 * chars plus a terminator.
340 *
341 * The NT string must have been returned by RTNtPathFromWinUtf8 or
342 * RTNtPathFromWinUtf16Ex.
343 *
344 * @returns IPRT status code.
345 * @param pNtName The NT path string.
346 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
347 * @sa RTNtPathFree
348 */
349RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
350
351/**
352 * Frees the native path and root handle.
353 *
354 * @param pNtName The NT path after a successful rtNtPathToNative
355 * call or RTNtPathRelativeFromUtf8.
356 * @param phRootDir The root handle variable from rtNtPathToNative,
357 */
358RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
359
360
361/**
362 * Checks whether the path could be containing alternative 8.3 names generated
363 * by NTFS, FAT, or other similar file systems.
364 *
365 * @returns Pointer to the first component that might be an 8.3 name, NULL if
366 * not 8.3 path.
367 * @param pwszPath The path to check.
368 *
369 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
370 * however, non-tilde 8.3 aliases are probably rare enough to not be
371 * worth all the extra code necessary to open each path component and
372 * check if we've got the short name or not.
373 */
374RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
375
376/**
377 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
378 * components.
379 *
380 * The path is fixed up in place. Errors are ignored.
381 *
382 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
383 * indicating the nature of last problem we ran into.
384 *
385 * @param pUniStr The path to fix up. MaximumLength is the max buffer
386 * length.
387 * @param fPathOnly Whether to only process the path and leave the filename
388 * as passed in.
389 */
390RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
391
392/**
393 * Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
394 * working on the input buffer.
395 *
396 * @returns IPRT status code, see RTNtPathExpand8dot3Path().
397 * @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
398 * length.
399 * @param fPathOnly Whether to only process the path and leave the filename
400 * as passed in.
401 * @param pUniStrDst Output string. On success, the caller must use
402 * RTUtf16Free to free what the Buffer member points to.
403 * This is all zeros and NULL on failure.
404 */
405RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const *pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING *pUniStrDst);
406
407
408RT_C_DECLS_END
409/** @} */
410
411
412/** @name NT API delcarations.
413 * @{ */
414RT_C_DECLS_BEGIN
415
416/** @name Process access rights missing in ntddk headers
417 * @{ */
418#ifndef PROCESS_TERMINATE
419# define PROCESS_TERMINATE UINT32_C(0x00000001)
420#endif
421#ifndef PROCESS_CREATE_THREAD
422# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
423#endif
424#ifndef PROCESS_SET_SESSIONID
425# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
426#endif
427#ifndef PROCESS_VM_OPERATION
428# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
429#endif
430#ifndef PROCESS_VM_READ
431# define PROCESS_VM_READ UINT32_C(0x00000010)
432#endif
433#ifndef PROCESS_VM_WRITE
434# define PROCESS_VM_WRITE UINT32_C(0x00000020)
435#endif
436#ifndef PROCESS_DUP_HANDLE
437# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
438#endif
439#ifndef PROCESS_CREATE_PROCESS
440# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
441#endif
442#ifndef PROCESS_SET_QUOTA
443# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
444#endif
445#ifndef PROCESS_SET_INFORMATION
446# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
447#endif
448#ifndef PROCESS_QUERY_INFORMATION
449# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
450#endif
451#ifndef PROCESS_SUSPEND_RESUME
452# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
453#endif
454#ifndef PROCESS_QUERY_LIMITED_INFORMATION
455# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
456#endif
457#ifndef PROCESS_SET_LIMITED_INFORMATION
458# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
459#endif
460#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
461#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
462#ifndef PROCESS_ALL_ACCESS
463# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
464#endif
465/** @} */
466
467/** @name Thread access rights missing in ntddk headers
468 * @{ */
469#ifndef THREAD_QUERY_INFORMATION
470# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
471#endif
472#ifndef THREAD_SET_THREAD_TOKEN
473# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
474#endif
475#ifndef THREAD_IMPERSONATE
476# define THREAD_IMPERSONATE UINT32_C(0x00000100)
477#endif
478#ifndef THREAD_DIRECT_IMPERSONATION
479# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
480#endif
481#ifndef THREAD_RESUME
482# define THREAD_RESUME UINT32_C(0x00001000)
483#endif
484#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
485#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
486#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
487/** @} */
488
489/** @name Special handle values.
490 * @{ */
491#ifndef NtCurrentProcess
492# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
493#endif
494#ifndef NtCurrentThread
495# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
496#endif
497#ifndef ZwCurrentProcess
498# define ZwCurrentProcess() NtCurrentProcess()
499#endif
500#ifndef ZwCurrentThread
501# define ZwCurrentThread() NtCurrentThread()
502#endif
503/** @} */
504
505
506/** @name Directory object access rights.
507 * @{ */
508#ifndef DIRECTORY_QUERY
509# define DIRECTORY_QUERY UINT32_C(0x00000001)
510#endif
511#ifndef DIRECTORY_TRAVERSE
512# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
513#endif
514#ifndef DIRECTORY_CREATE_OBJECT
515# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
516#endif
517#ifndef DIRECTORY_CREATE_SUBDIRECTORY
518# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
519#endif
520#ifndef DIRECTORY_ALL_ACCESS
521# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
522#endif
523/** @} */
524
525
526
527#ifdef RTNT_NEED_CLIENT_ID
528typedef struct _CLIENT_ID
529{
530 HANDLE UniqueProcess;
531 HANDLE UniqueThread;
532} CLIENT_ID;
533#endif
534#ifdef IPRT_NT_USE_WINTERNL
535typedef CLIENT_ID *PCLIENT_ID;
536#endif
537
538/** Extended affinity type, introduced in Windows 7 (?). */
539typedef struct _KAFFINITY_EX
540{
541 /** Count of valid bitmap entries. */
542 uint16_t Count;
543 /** Count of allocated bitmap entries. */
544 uint16_t Size;
545 /** Reserved / aligmment padding. */
546 uint32_t Reserved;
547 /** Bitmap where one bit corresponds to a CPU. */
548 uintptr_t Bitmap[20];
549} KAFFINITY_EX;
550typedef KAFFINITY_EX *PKAFFINITY_EX;
551typedef KAFFINITY_EX const *PCKAFFINITY_EX;
552
553/** @name User Shared Data
554 * @{ */
555
556#ifdef IPRT_NT_USE_WINTERNL
557typedef struct _KSYSTEM_TIME
558{
559 ULONG LowPart;
560 LONG High1Time;
561 LONG High2Time;
562} KSYSTEM_TIME;
563typedef KSYSTEM_TIME *PKSYSTEM_TIME;
564
565typedef enum _NT_PRODUCT_TYPE
566{
567 NtProductWinNt = 1,
568 NtProductLanManNt,
569 NtProductServer
570} NT_PRODUCT_TYPE;
571
572#define PROCESSOR_FEATURE_MAX 64
573
574typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
575{
576 StandardDesign = 0,
577 NEC98x86,
578 EndAlternatives
579} ALTERNATIVE_ARCHITECTURE_TYPE;
580
581# if 0
582typedef struct _XSTATE_FEATURE
583{
584 ULONG Offset;
585 ULONG Size;
586} XSTATE_FEATURE;
587typedef XSTATE_FEATURE *PXSTATE_FEATURE;
588
589#define MAXIMUM_XSTATE_FEATURES 64
590
591typedef struct _XSTATE_CONFIGURATION
592{
593 ULONG64 EnabledFeatures;
594 ULONG Size;
595 ULONG OptimizedSave : 1;
596 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
597} XSTATE_CONFIGURATION;
598typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
599# endif
600#endif /* IPRT_NT_USE_WINTERNL */
601
602typedef struct _KUSER_SHARED_DATA
603{
604 ULONG TickCountLowDeprecated; /**< 0x000 */
605 ULONG TickCountMultiplier; /**< 0x004 */
606 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
607 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
608 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
609 USHORT ImageNumberLow; /**< 0x02c */
610 USHORT ImageNumberHigh; /**< 0x02e */
611 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
612 ULONG MaxStackTraceDepth; /**< 0x238 */
613 ULONG CryptoExponent; /**< 0x23c */
614 ULONG TimeZoneId; /**< 0x240 */
615 ULONG LargePageMinimum; /**< 0x244 */
616 ULONG AitSamplingValue; /**< 0x248 */
617 ULONG AppCompatFlag; /**< 0x24c */
618 ULONGLONG RNGSeedVersion; /**< 0x250 */
619 ULONG GlobalValidationRunlevel; /**< 0x258 */
620 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
621 ULONG Reserved2; /**< 0x260 */
622 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
623 BOOLEAN ProductTypeIsValid; /**< 0x268 */
624 BOOLEAN Reserved0[1]; /**< 0x269 */
625 USHORT NativeProcessorArchitecture; /**< 0x26a */
626 ULONG NtMajorVersion; /**< 0x26c */
627 ULONG NtMinorVersion; /**< 0x270 */
628 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
629 ULONG Reserved1; /**< 0x2b4 */
630 ULONG Reserved3; /**< 0x2b8 */
631 ULONG volatile TimeSlip; /**< 0x2bc */
632 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
633 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
634 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
635 ULONG SuiteMask; /**< 0x2d0 */
636 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
637 union /**< 0x2d5 */
638 {
639 UCHAR MitigationPolicies; /**< 0x2d5 */
640 struct
641 {
642 UCHAR NXSupportPolicy : 2;
643 UCHAR SEHValidationPolicy : 2;
644 UCHAR CurDirDevicesSkippedForDlls : 2;
645 UCHAR Reserved : 2;
646 };
647 };
648 UCHAR Reserved6[2]; /**< 0x2d6 */
649 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
650 ULONG volatile DismountCount; /**< 0x2dc */
651 ULONG ComPlusPackage; /**< 0x2e0 */
652 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
653 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
654 BOOLEAN SafeBootMode; /**< 0x2ec */
655 UCHAR Reserved12[3]; /**< 0x2ed */
656 union /**< 0x2f0 */
657 {
658 ULONG SharedDataFlags; /**< 0x2f0 */
659 struct
660 {
661 ULONG DbgErrorPortPresent : 1;
662 ULONG DbgElevationEnabled : 1;
663 ULONG DbgVirtEnabled : 1;
664 ULONG DbgInstallerDetectEnabled : 1;
665 ULONG DbgLkgEnabled : 1;
666 ULONG DbgDynProcessorEnabled : 1;
667 ULONG DbgConsoleBrokerEnabled : 1;
668 ULONG DbgSecureBootEnabled : 1;
669 ULONG SpareBits : 24;
670 };
671 };
672 ULONG DataFlagsPad[1]; /**< 0x2f4 */
673 ULONGLONG TestRetInstruction; /**< 0x2f8 */
674 LONGLONG QpcFrequency; /**< 0x300 */
675 ULONGLONG SystemCallPad[3]; /**< 0x308 */
676 union /**< 0x320 */
677 {
678 ULONG64 volatile TickCountQuad; /**< 0x320 */
679 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
680 struct /**< 0x320 */
681 {
682 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
683 ULONG TickCountPad[1]; /**< 0x32c */
684 };
685 };
686 ULONG Cookie; /**< 0x330 */
687 ULONG CookiePad[1]; /**< 0x334 */
688 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
689 ULONGLONG TimeUpdateLock; /**< 0x340 */
690 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
691 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
692 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
693 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
694 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
695 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
696 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
697 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
698 UCHAR Reserved8[14]; /**< 0x372 */
699 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
700 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
701 ULONG LangGenerationCount; /**< 0x3a4 */
702 ULONGLONG Reserved4; /**< 0x3a8 */
703 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
704 * subtracts from interrupt time. */
705 ULONGLONG volatile QpcBias; /**< 0x3b8 */
706 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
707 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
708 UCHAR Reserved9; /**< 0x3c5 */
709 union /**< 0x3c6 */
710 {
711 USHORT QpcData; /**< 0x3c6 */
712 struct /**< 0x3c6 */
713 {
714 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
715 UCHAR QpcShift; /**< 0x3c7 */
716 };
717 };
718 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
719 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
720 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
721} KUSER_SHARED_DATA;
722typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
723AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
724AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
725AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
726AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
727AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
728AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
729AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
730AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
731AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
732/** @def MM_SHARED_USER_DATA_VA
733 * Read only userland mapping of KUSER_SHARED_DATA. */
734#ifndef MM_SHARED_USER_DATA_VA
735# if ARCH_BITS == 32
736# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
737# elif ARCH_BITS == 64
738# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
739# else
740# error "Unsupported/undefined ARCH_BITS value."
741# endif
742#endif
743/** @def KI_USER_SHARED_DATA
744 * Read write kernel mapping of KUSER_SHARED_DATA. */
745#ifndef KI_USER_SHARED_DATA
746# ifdef RT_ARCH_X86
747# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
748# elif defined(RT_ARCH_AMD64)
749# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
750# else
751# error "PORT ME - KI_USER_SHARED_DATA"
752# endif
753#endif
754/** @} */
755
756
757/** @name Process And Thread Environment Blocks
758 * @{ */
759
760typedef struct _PEB_LDR_DATA
761{
762 uint32_t Length;
763 BOOLEAN Initialized;
764 BOOLEAN Padding[3];
765 HANDLE SsHandle;
766 LIST_ENTRY InLoadOrderModuleList;
767 LIST_ENTRY InMemoryOrderModuleList;
768 LIST_ENTRY InInitializationOrderModuleList;
769 /* End NT4 */
770 LIST_ENTRY *EntryInProgress;
771 BOOLEAN ShutdownInProgress;
772 HANDLE ShutdownThreadId;
773} PEB_LDR_DATA;
774typedef PEB_LDR_DATA *PPEB_LDR_DATA;
775
776typedef struct _PEB_COMMON
777{
778 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
779 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
780 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
781 union
782 {
783 uint8_t BitField; /**< 0x003 / 0x003 */
784 struct
785 {
786 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
787 } Common;
788 struct
789 {
790 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
791 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
792 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
793 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
794 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
795 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
796 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
797 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
798 } W81;
799 struct
800 {
801 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
802 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
803 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
804 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
805 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
806 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
807 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
808 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
809 } W80;
810 struct
811 {
812 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
813 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
814 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
815 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
816 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
817 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
818 } W7;
819 struct
820 {
821 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
822 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
823 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
824 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
825 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
826 } W6;
827 struct
828 {
829 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
830 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
831 } W52;
832 struct
833 {
834 BOOLEAN SpareBool;
835 } W51;
836 } Diff0;
837#if ARCH_BITS == 64
838 uint32_t Padding0; /**< 0x004 / NA */
839#endif
840 HANDLE Mutant; /**< 0x008 / 0x004 */
841 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
842 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
843 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
844 PVOID SubSystemData; /**< 0x028 / 0x014 */
845 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
846 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
847 union
848 {
849 struct
850 {
851 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
852 PVOID IFEOKey; /**< 0x048 / 0x024 */
853 union
854 {
855 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
856 struct
857 {
858 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
859 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
860 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
861 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
862 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
863 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
864 } W7, W8, W80, W81;
865 struct
866 {
867 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
868 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
869 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
870 } W6;
871 };
872#if ARCH_BITS == 64
873 uint32_t Padding1; /**< 0x054 / */
874#endif
875 } W6, W7, W8, W80, W81;
876 struct
877 {
878 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
879 PVOID SparePtr2; /**< 0x048 / 0x024 */
880 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
881#if ARCH_BITS == 64
882 uint32_t Padding1; /**< 0x054 / */
883#endif
884 } W52;
885 struct
886 {
887 PVOID FastPebLockRoutine; /**< NA / 0x020 */
888 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
889 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
890 } W51;
891 } Diff1;
892 union
893 {
894 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
895 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
896 };
897 uint32_t SystemReserved; /**< 0x060 / 0x030 */
898 union
899 {
900 struct
901 {
902 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
903 } W7, W8, W80, W81;
904 struct
905 {
906 uint32_t SpareUlong; /**< 0x064 / 0x034 */
907 } W52, W6;
908 struct
909 {
910 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
911 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
912 } W51;
913 } Diff2;
914 union
915 {
916 struct
917 {
918 PVOID ApiSetMap; /**< 0x068 / 0x038 */
919 } W7, W8, W80, W81;
920 struct
921 {
922 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
923 } W52, W6;
924 struct
925 {
926 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
927 } W51;
928 } Diff3;
929 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
930#if ARCH_BITS == 64
931 uint32_t Padding2; /**< 0x074 / NA */
932#endif
933 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
934 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
935 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
936 union
937 {
938 struct
939 {
940 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
941 } W81;
942 struct
943 {
944 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
945 } W6, W7, W80;
946 struct
947 {
948 PVOID ReadOnlySharedMemoryHeap;
949 } W52;
950 } Diff4;
951 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
952 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
953 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
954 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
955 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
956 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
957#if ARCH_BITS == 32
958 uint32_t Padding2b;
959#endif
960 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
961 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
962 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
963 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
964 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
965 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
966 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
967 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
968 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
969 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
970 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
971#if ARCH_BITS == 64
972 uint32_t Padding3; /**< 0x10c / NA */
973#endif
974 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
975 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
976 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
977 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
978 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
979 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
980 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
981 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
982 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
983#if ARCH_BITS == 64
984 uint32_t Padding4; /**< 0x134 / NA */
985#endif
986 union
987 {
988 struct
989 {
990 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
991 } W7, W8, W80, W81;
992 struct
993 {
994 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
995 } W52, W6;
996 } Diff5;
997 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
998 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
999 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
1000 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
1001 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
1002#if ARCH_BITS == 64
1003 uint32_t Padding5; /**< 0x2c4 / NA */
1004#endif
1005 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
1006 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
1007 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
1008 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
1009 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
1010 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
1011 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
1012 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
1013 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
1014 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
1015 /* End of PEB in W52 (Windows XP (RTM))! */
1016 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
1017 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
1018 PVOID FlsBitmap; /**< 0x338 / 0x218 */
1019 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
1020 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
1021 /* End of PEB in W52 (Windows Server 2003)! */
1022 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
1023 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
1024 /* End of PEB in W6 (windows Vista)! */
1025 union
1026 {
1027 struct
1028 {
1029 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1030 } W8, W80, W81;
1031 struct
1032 {
1033 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1034 } W7;
1035 } Diff6;
1036 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1037 union
1038 {
1039 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1040 struct
1041 {
1042 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1043 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1044 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1045 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1046 } W8, W80, W81;
1047 struct
1048 {
1049 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1050 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1051 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1052 } W7;
1053 } Diff7;
1054#if ARCH_BITS == 64
1055 uint32_t Padding6; /**< 0x37c / NA */
1056#endif
1057 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1058 /* End of PEB in W8, W81. */
1059 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1060 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1061 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1062#if ARCH_BITS == 32
1063 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1064#endif
1065} PEB_COMMON;
1066typedef PEB_COMMON *PPEB_COMMON;
1067
1068AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1069AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1070AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1071AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1072AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1073AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1074AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1075AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1076AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1077
1078/** The size of the windows 10 (build 14393) PEB structure. */
1079#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1080/** The size of the windows 8.1 PEB structure. */
1081#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1082/** The size of the windows 8.0 PEB structure. */
1083#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1084/** The size of the windows 7 PEB structure. */
1085#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1086/** The size of the windows vista PEB structure. */
1087#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1088/** The size of the windows server 2003 PEB structure. */
1089#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1090/** The size of the windows XP PEB structure. */
1091#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1092
1093#if 0
1094typedef struct _NT_TIB
1095{
1096 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1097 PVOID StackBase;
1098 PVOID StackLimit;
1099 PVOID SubSystemTib;
1100 union
1101 {
1102 PVOID FiberData;
1103 ULONG Version;
1104 };
1105 PVOID ArbitraryUserPointer;
1106 struct _NT_TIB *Self;
1107} NT_TIB;
1108typedef NT_TIB *PNT_TIB;
1109#endif
1110
1111typedef struct _ACTIVATION_CONTEXT_STACK
1112{
1113 uint32_t Flags;
1114 uint32_t NextCookieSequenceNumber;
1115 PVOID ActiveFrame;
1116 LIST_ENTRY FrameListCache;
1117} ACTIVATION_CONTEXT_STACK;
1118
1119/* Common TEB. */
1120typedef struct _TEB_COMMON
1121{
1122 NT_TIB NtTib; /**< 0x000 / 0x000 */
1123 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1124 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1125 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1126 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1127 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1128 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1129 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1130 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1131 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1132 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1133 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1134 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1135 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1136 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1137 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1138 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1139#if ARCH_BITS == 64
1140 uint32_t Padding0; /**< 0x2c4 / NA */
1141#endif
1142 union
1143 {
1144 struct
1145 {
1146 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1147 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1148 } W52, W6, W7, W8, W80, W81;
1149#if ARCH_BITS == 32
1150 struct
1151 {
1152 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1153 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1154 } W51;
1155#endif
1156 } Diff0;
1157 union
1158 {
1159 struct
1160 {
1161 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1162 } W6, W7, W8, W80, W81;
1163 struct
1164 {
1165 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1166 } W52;
1167 } Diff1;
1168#if ARCH_BITS == 64
1169 uint32_t Padding1; /**< 0x2ec / NA */
1170#endif
1171 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1172 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1173 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1174 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1175 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1176 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1177 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1178 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1179 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1180 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1181 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1182 PVOID glSection; /**< 0x1230 / 0xbe4 */
1183 PVOID glTable; /**< 0x1238 / 0xbe8 */
1184 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1185 PVOID glContext; /**< 0x1248 / 0xbf0 */
1186 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1187#if ARCH_BITS == 64
1188 uint32_t Padding2; /**< 0x1254 / NA */
1189#endif
1190 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1191 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1192#if ARCH_BITS == 64
1193 WCHAR Padding3[3]; /**< 0x1472 / NA */
1194#endif
1195 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1196 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1197 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1198 PVOID Vdm; /**< 0x1690 / 0xf18 */
1199 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1200 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1201 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1202#if ARCH_BITS == 64
1203 uint32_t Padding4; /**< 0x16b4 / NA */
1204#endif
1205 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1206 union
1207 {
1208 struct
1209 {
1210 GUID ActivityId; /**< 0x1710 / 0xf50 */
1211 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1212 } W6, W7, W8, W80, W81;
1213 struct
1214 {
1215 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1216 } W52;
1217 } Diff2;
1218 union /**< 0x1728 / 0xf64 */
1219 {
1220 struct
1221 {
1222 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1223 } W8, W80, W81;
1224 struct
1225 {
1226 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1227 } W7, W6;
1228 struct
1229 {
1230 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1231 } W52;
1232 struct
1233 {
1234 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1235 } W51;
1236 } Diff3;
1237 union
1238 {
1239 struct
1240 {
1241 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1242 } W52, W6, W7, W8, W80, W81;
1243 struct
1244 {
1245 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1246 } W51;
1247 } Diff4;
1248 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1249 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1250 union
1251 {
1252 union
1253 {
1254 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1255 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1256 struct
1257 {
1258 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1259 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1260 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1261 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1262 };
1263 } W6, W7, W8, W80, W81;
1264 struct
1265 {
1266 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1267 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1268 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1269 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1270 } W51, W52;
1271 } Diff5;
1272 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1273#if ARCH_BITS == 64
1274 uint32_t Padding5; /**< 0x174c / NA */
1275#endif
1276 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1277 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1278 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1279#if ARCH_BITS == 64
1280 uint32_t Padding6; /**< 0x1764 / NA */
1281#endif
1282 union /**< 0x1770 / 0xf8c */
1283 {
1284 struct
1285 {
1286 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1287 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1288 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1289 } W8, W80, W81;
1290 struct
1291 {
1292 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1293 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1294 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1295 } W6, W7;
1296 struct
1297 {
1298 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1299 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1300 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1301 } W52;
1302#if ARCH_BITS == 32
1303 struct _Wx86ThreadState
1304 {
1305 PVOID CallBx86Eip; /**< NA / 0xf88 */
1306 PVOID DeallocationCpu; /**< NA / 0xf8c */
1307 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1308 int8_t OleStubInvoked; /**< NA / 0xf91 */
1309 } W51;
1310#endif
1311 } Diff6;
1312 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1313#if ARCH_BITS == 64
1314 PVOID DallocationBStore; /**< 0x1788 / NA */
1315 PVOID BStoreLimit; /**< 0x1790 / NA */
1316#endif
1317 union
1318 {
1319 struct
1320 {
1321 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1322 } W7, W8, W80, W81;
1323 struct
1324 {
1325 uint32_t ImpersonationLocale;
1326 } W6;
1327 } Diff7;
1328 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1329 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1330 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1331 union /**< 0x17b0 / 0xfa8 */
1332 {
1333 struct
1334 {
1335 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1336 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1337 } W8, W80, W81;
1338 struct
1339 {
1340 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1341 } W7;
1342 } Diff8;
1343#if ARCH_BITS == 64
1344 uint32_t Padding7; /**< 0x17b4 / NA */
1345#endif
1346 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1347 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1348 /* End of TEB in W51 (Windows XP)! */
1349 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1350 union
1351 {
1352 struct
1353 {
1354 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1355 } W6, W7, W8, W80, W81;
1356 struct
1357 {
1358 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1359 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1360 /* End of TEB in W52 (Windows server 2003)! */
1361 } W52;
1362 } Diff9;
1363 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1364 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1365 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1366 union
1367 {
1368 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1369 struct
1370 {
1371 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1372 };
1373 };
1374 union
1375 {
1376 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1377 struct
1378 {
1379 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1380 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1381 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1382 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1383 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1384 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1385 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1386 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1387 } Common;
1388 struct
1389 {
1390 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1391 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1392 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1393 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1394 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1395 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1396 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1397 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1398 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1399 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1400 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1401 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1402 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1403 } W8, W80, W81;
1404 struct
1405 {
1406 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1407 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1408 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1409 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1410 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1411 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1412 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1413 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1414 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1415 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1416 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1417 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1418 } W7;
1419 struct
1420 {
1421 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1422 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1423 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1424 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1425 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1426 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1427 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1428 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1429 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1430 } W6;
1431 } Diff10;
1432 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1433 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1434 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1435 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1436 union
1437 {
1438 struct
1439 {
1440 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1441 } W7, W8, W80, W81;
1442 struct
1443 {
1444 uint32_t ProcessRundown;
1445 } W6;
1446 } Diff11;
1447 union
1448 {
1449 struct
1450 {
1451 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1452 /* End of TEB in W7 (windows 7)! */
1453 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1454 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1455 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1456 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1457 /* End of TEB in W10 14393! */
1458 } W8, W80, W81, W10;
1459 struct
1460 {
1461 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1462 } W7;
1463 struct
1464 {
1465 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1466 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1467 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1468 /* End of TEB in W6 (windows Vista)! */
1469 } W6;
1470 } Diff12;
1471} TEB_COMMON;
1472typedef TEB_COMMON *PTEB_COMMON;
1473AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1474AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1475AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1476AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1477AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1478AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1479AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1480AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1481AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1482AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1483AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1484AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1485AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1486
1487
1488/** The size of the windows 8.1 PEB structure. */
1489#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1490/** The size of the windows 8.1 PEB structure. */
1491#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1492/** The size of the windows 8.0 PEB structure. */
1493#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1494/** The size of the windows 7 PEB structure. */
1495#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1496/** The size of the windows vista PEB structure. */
1497#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1498/** The size of the windows server 2003 PEB structure. */
1499#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1500/** The size of the windows XP PEB structure. */
1501#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1502
1503
1504
1505#define _PEB _PEB_COMMON
1506typedef PEB_COMMON PEB;
1507typedef PPEB_COMMON PPEB;
1508
1509#define _TEB _TEB_COMMON
1510typedef TEB_COMMON TEB;
1511typedef PTEB_COMMON PTEB;
1512
1513#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1514# ifdef RT_ARCH_X86
1515DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1516DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1517DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1518DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1519DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1520# elif defined(RT_ARCH_AMD64)
1521DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1522DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1523DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1524DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1525DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1526# else
1527# error "Port me"
1528# endif
1529#else
1530# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1531# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1532# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1533# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1534# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1535#endif
1536#define NtCurrentPeb() RTNtCurrentPeb()
1537
1538
1539/** @} */
1540
1541
1542#ifdef IPRT_NT_USE_WINTERNL
1543NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1544typedef enum _SECTION_INHERIT
1545{
1546 ViewShare = 1,
1547 ViewUnmap
1548} SECTION_INHERIT;
1549#endif
1550NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1551 ULONG, ULONG);
1552NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1553NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1554
1555#ifdef IPRT_NT_USE_WINTERNL
1556typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1557{
1558 ULONG FileSystemAttributes;
1559 LONG MaximumComponentNameLength;
1560 ULONG FileSystemNameLength;
1561 WCHAR FileSystemName[1];
1562} FILE_FS_ATTRIBUTE_INFORMATION;
1563typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1564
1565#endif
1566NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1567NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1568NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1569NTSYSAPI NTSTATUS NTAPI ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1570NTSYSAPI NTSTATUS NTAPI NtAlertThread(HANDLE hThread);
1571#ifdef IPRT_NT_USE_WINTERNL
1572NTSYSAPI NTSTATUS NTAPI ZwAlertThread(HANDLE hThread);
1573#endif
1574
1575#ifdef IPRT_NT_USE_WINTERNL
1576NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1577NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1578#endif
1579NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1580NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1581
1582#ifdef IPRT_NT_USE_WINTERNL
1583typedef struct _FILE_FS_SIZE_INFORMATION
1584{
1585 LARGE_INTEGER TotalAllocationUnits;
1586 LARGE_INTEGER AvailableAllocationUnits;
1587 ULONG SectorsPerAllocationUnit;
1588 ULONG BytesPerSector;
1589} FILE_FS_SIZE_INFORMATION;
1590typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1591
1592typedef enum _FSINFOCLASS
1593{
1594 FileFsVolumeInformation = 1,
1595 FileFsLabelInformation,
1596 FileFsSizeInformation, /**< FILE_FS_SIZE_INFORMATION */
1597 FileFsDeviceInformation,
1598 FileFsAttributeInformation,
1599 FileFsControlInformation,
1600 FileFsFullSizeInformation,
1601 FileFsObjectIdInformation,
1602 FileFsDriverPathInformation,
1603 FileFsVolumeFlagsInformation,
1604 FileFsSectorSizeInformation,
1605 FileFsDataCopyInformation,
1606 FileFsMaximumInformation
1607} FS_INFORMATION_CLASS;
1608typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1609NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1610
1611typedef struct _FILE_BOTH_DIR_INFORMATION
1612{
1613 ULONG NextEntryOffset; /**< 0x00: */
1614 ULONG FileIndex; /**< 0x04: */
1615 LARGE_INTEGER CreationTime; /**< 0x08: */
1616 LARGE_INTEGER LastAccessTime; /**< 0x10: */
1617 LARGE_INTEGER LastWriteTime; /**< 0x18: */
1618 LARGE_INTEGER ChangeTime; /**< 0x20: */
1619 LARGE_INTEGER EndOfFile; /**< 0x28: */
1620 LARGE_INTEGER AllocationSize; /**< 0x30: */
1621 ULONG FileAttributes; /**< 0x38: */
1622 ULONG FileNameLength; /**< 0x3c: */
1623 ULONG EaSize; /**< 0x40: */
1624 CCHAR ShortNameLength; /**< 0x44: */
1625 WCHAR ShortName[12]; /**< 0x46: */
1626 WCHAR FileName[1]; /**< 0x5e: */
1627} FILE_BOTH_DIR_INFORMATION;
1628typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1629typedef struct _FILE_BASIC_INFORMATION
1630{
1631 LARGE_INTEGER CreationTime;
1632 LARGE_INTEGER LastAccessTime;
1633 LARGE_INTEGER LastWriteTime;
1634 LARGE_INTEGER ChangeTime;
1635 ULONG FileAttributes;
1636} FILE_BASIC_INFORMATION;
1637typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1638typedef struct _FILE_STANDARD_INFORMATION
1639{
1640 LARGE_INTEGER AllocationSize;
1641 LARGE_INTEGER EndOfFile;
1642 ULONG NumberOfLinks;
1643 BOOLEAN DeletePending;
1644 BOOLEAN Directory;
1645} FILE_STANDARD_INFORMATION;
1646typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1647typedef struct _FILE_NAME_INFORMATION
1648{
1649 ULONG FileNameLength;
1650 WCHAR FileName[1];
1651} FILE_NAME_INFORMATION;
1652typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1653typedef struct _FILE_NETWORK_OPEN_INFORMATION
1654{
1655 LARGE_INTEGER CreationTime;
1656 LARGE_INTEGER LastAccessTime;
1657 LARGE_INTEGER LastWriteTime;
1658 LARGE_INTEGER ChangeTime;
1659 LARGE_INTEGER AllocationSize;
1660 LARGE_INTEGER EndOfFile;
1661 ULONG FileAttributes;
1662} FILE_NETWORK_OPEN_INFORMATION;
1663typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1664typedef enum _FILE_INFORMATION_CLASS
1665{
1666 FileDirectoryInformation = 1,
1667 FileFullDirectoryInformation,
1668 FileBothDirectoryInformation,
1669 FileBasicInformation,
1670 FileStandardInformation,
1671 FileInternalInformation,
1672 FileEaInformation,
1673 FileAccessInformation,
1674 FileNameInformation,
1675 FileRenameInformation,
1676 FileLinkInformation,
1677 FileNamesInformation,
1678 FileDispositionInformation,
1679 FilePositionInformation,
1680 FileFullEaInformation,
1681 FileModeInformation,
1682 FileAlignmentInformation,
1683 FileAllInformation,
1684 FileAllocationInformation,
1685 FileEndOfFileInformation,
1686 FileAlternateNameInformation,
1687 FileStreamInformation,
1688 FilePipeInformation,
1689 FilePipeLocalInformation,
1690 FilePipeRemoteInformation,
1691 FileMailslotQueryInformation,
1692 FileMailslotSetInformation,
1693 FileCompressionInformation,
1694 FileObjectIdInformation,
1695 FileCompletionInformation,
1696 FileMoveClusterInformation,
1697 FileQuotaInformation,
1698 FileReparsePointInformation,
1699 FileNetworkOpenInformation,
1700 FileAttributeTagInformation,
1701 FileTrackingInformation,
1702 FileIdBothDirectoryInformation,
1703 FileIdFullDirectoryInformation,
1704 FileValidDataLengthInformation,
1705 FileShortNameInformation,
1706 FileIoCompletionNotificationInformation,
1707 FileIoStatusBlockRangeInformation,
1708 FileIoPriorityHintInformation,
1709 FileSfioReserveInformation,
1710 FileSfioVolumeInformation,
1711 FileHardLinkInformation,
1712 FileProcessIdsUsingFileInformation,
1713 FileNormalizedNameInformation,
1714 FileNetworkPhysicalNameInformation,
1715 FileIdGlobalTxDirectoryInformation,
1716 FileIsRemoteDeviceInformation,
1717 FileUnusedInformation,
1718 FileNumaNodeInformation,
1719 FileStandardLinkInformation,
1720 FileRemoteProtocolInformation,
1721 /* Defined with Windows 10: */
1722 FileRenameInformationBypassAccessCheck,
1723 FileLinkInformationBypassAccessCheck,
1724 FileVolumeNameInformation,
1725 FileIdInformation,
1726 FileIdExtdDirectoryInformation,
1727 FileReplaceCompletionInformation,
1728 FileHardLinkFullIdInformation,
1729 FileIdExtdBothDirectoryInformation,
1730 FileDispositionInformationEx,
1731 FileRenameInformationEx,
1732 FileRenameInformationExBypassAccessCheck,
1733 FileDesiredStorageClassInformation,
1734 FileStatInformation,
1735 FileMemoryPartitionInformation,
1736 FileStatLxInformation,
1737 FileCaseSensitiveInformation,
1738 FileLinkInformationEx,
1739 FileLinkInformationExBypassAccessCheck,
1740 FileStorageReserveIdInformation,
1741 FileCaseSensitiveInformationForceAccessCheck,
1742 FileMaximumInformation
1743} FILE_INFORMATION_CLASS;
1744typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1745NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1746NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1747 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1748NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1749#endif /* IPRT_NT_USE_WINTERNL */
1750NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1751NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1752
1753
1754/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
1755 * @{ */
1756#ifndef SE_GROUP_MANDATORY
1757# define SE_GROUP_MANDATORY UINT32_C(0x01)
1758#endif
1759#ifndef SE_GROUP_ENABLED_BY_DEFAULT
1760# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
1761#endif
1762#ifndef SE_GROUP_ENABLED
1763# define SE_GROUP_ENABLED UINT32_C(0x04)
1764#endif
1765#ifndef SE_GROUP_OWNER
1766# define SE_GROUP_OWNER UINT32_C(0x08)
1767#endif
1768#ifndef SE_GROUP_USE_FOR_DENY_ONLY
1769# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
1770#endif
1771#ifndef SE_GROUP_INTEGRITY
1772# define SE_GROUP_INTEGRITY UINT32_C(0x20)
1773#endif
1774#ifndef SE_GROUP_INTEGRITY_ENABLED
1775# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
1776#endif
1777#ifndef SE_GROUP_RESOURCE
1778# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
1779#endif
1780#ifndef SE_GROUP_LOGON_ID
1781# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
1782#endif
1783/** @} */
1784
1785
1786#ifdef IPRT_NT_USE_WINTERNL
1787
1788/** For use with KeyBasicInformation. */
1789typedef struct _KEY_BASIC_INFORMATION
1790{
1791 LARGE_INTEGER LastWriteTime;
1792 ULONG TitleIndex;
1793 ULONG NameLength;
1794 WCHAR Name[1];
1795} KEY_BASIC_INFORMATION;
1796typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1797
1798/** For use with KeyNodeInformation. */
1799typedef struct _KEY_NODE_INFORMATION
1800{
1801 LARGE_INTEGER LastWriteTime;
1802 ULONG TitleIndex;
1803 ULONG ClassOffset; /**< Offset from the start of the structure. */
1804 ULONG ClassLength;
1805 ULONG NameLength;
1806 WCHAR Name[1];
1807} KEY_NODE_INFORMATION;
1808typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1809
1810/** For use with KeyFullInformation. */
1811typedef struct _KEY_FULL_INFORMATION
1812{
1813 LARGE_INTEGER LastWriteTime;
1814 ULONG TitleIndex;
1815 ULONG ClassOffset; /**< Offset of the Class member. */
1816 ULONG ClassLength;
1817 ULONG SubKeys;
1818 ULONG MaxNameLen;
1819 ULONG MaxClassLen;
1820 ULONG Values;
1821 ULONG MaxValueNameLen;
1822 ULONG MaxValueDataLen;
1823 WCHAR Class[1];
1824} KEY_FULL_INFORMATION;
1825typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1826
1827/** For use with KeyNameInformation. */
1828typedef struct _KEY_NAME_INFORMATION
1829{
1830 ULONG NameLength;
1831 WCHAR Name[1];
1832} KEY_NAME_INFORMATION;
1833typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1834
1835/** For use with KeyCachedInformation. */
1836typedef struct _KEY_CACHED_INFORMATION
1837{
1838 LARGE_INTEGER LastWriteTime;
1839 ULONG TitleIndex;
1840 ULONG SubKeys;
1841 ULONG MaxNameLen;
1842 ULONG Values;
1843 ULONG MaxValueNameLen;
1844 ULONG MaxValueDataLen;
1845 ULONG NameLength;
1846} KEY_CACHED_INFORMATION;
1847typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1848
1849/** For use with KeyVirtualizationInformation. */
1850typedef struct _KEY_VIRTUALIZATION_INFORMATION
1851{
1852 ULONG VirtualizationCandidate : 1;
1853 ULONG VirtualizationEnabled : 1;
1854 ULONG VirtualTarget : 1;
1855 ULONG VirtualStore : 1;
1856 ULONG VirtualSource : 1;
1857 ULONG Reserved : 27;
1858} KEY_VIRTUALIZATION_INFORMATION;
1859typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1860
1861typedef enum _KEY_INFORMATION_CLASS
1862{
1863 KeyBasicInformation = 0,
1864 KeyNodeInformation,
1865 KeyFullInformation,
1866 KeyNameInformation,
1867 KeyCachedInformation,
1868 KeyFlagsInformation,
1869 KeyVirtualizationInformation,
1870 KeyHandleTagsInformation,
1871 MaxKeyInfoClass
1872} KEY_INFORMATION_CLASS;
1873NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1874NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1875
1876typedef struct _MEMORY_SECTION_NAME
1877{
1878 UNICODE_STRING SectionFileName;
1879 WCHAR NameBuffer[1];
1880} MEMORY_SECTION_NAME;
1881
1882#ifdef IPRT_NT_USE_WINTERNL
1883typedef struct _PROCESS_BASIC_INFORMATION
1884{
1885 NTSTATUS ExitStatus;
1886 PPEB PebBaseAddress;
1887 ULONG_PTR AffinityMask;
1888 int32_t BasePriority;
1889 ULONG_PTR UniqueProcessId;
1890 ULONG_PTR InheritedFromUniqueProcessId;
1891} PROCESS_BASIC_INFORMATION;
1892typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1893#endif
1894
1895typedef enum _PROCESSINFOCLASS
1896{
1897 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1898 ProcessQuotaLimits, /**< 1 / 0x01 */
1899 ProcessIoCounters, /**< 2 / 0x02 */
1900 ProcessVmCounters, /**< 3 / 0x03 */
1901 ProcessTimes, /**< 4 / 0x04 */
1902 ProcessBasePriority, /**< 5 / 0x05 */
1903 ProcessRaisePriority, /**< 6 / 0x06 */
1904 ProcessDebugPort, /**< 7 / 0x07 */
1905 ProcessExceptionPort, /**< 8 / 0x08 */
1906 ProcessAccessToken, /**< 9 / 0x09 */
1907 ProcessLdtInformation, /**< 10 / 0x0a */
1908 ProcessLdtSize, /**< 11 / 0x0b */
1909 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1910 ProcessIoPortHandlers, /**< 13 / 0x0d */
1911 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1912 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1913 ProcessUserModeIOPL, /**< 16 / 0x10 */
1914 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1915 ProcessPriorityClass, /**< 18 / 0x12 */
1916 ProcessWx86Information, /**< 19 / 0x13 */
1917 ProcessHandleCount, /**< 20 / 0x14 */
1918 ProcessAffinityMask, /**< 21 / 0x15 */
1919 ProcessPriorityBoost, /**< 22 / 0x16 */
1920 ProcessDeviceMap, /**< 23 / 0x17 */
1921 ProcessSessionInformation, /**< 24 / 0x18 */
1922 ProcessForegroundInformation, /**< 25 / 0x19 */
1923 ProcessWow64Information, /**< 26 / 0x1a */
1924 ProcessImageFileName, /**< 27 / 0x1b */
1925 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1926 ProcessBreakOnTermination, /**< 29 / 0x1d */
1927 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1928 ProcessDebugFlags, /**< 31 / 0x1f */
1929 ProcessHandleTracing, /**< 32 / 0x20 */
1930 ProcessIoPriority, /**< 33 / 0x21 */
1931 ProcessExecuteFlags, /**< 34 / 0x22 */
1932 ProcessTlsInformation, /**< 35 / 0x23 */
1933 ProcessCookie, /**< 36 / 0x24 */
1934 ProcessImageInformation, /**< 37 / 0x25 */
1935 ProcessCycleTime, /**< 38 / 0x26 */
1936 ProcessPagePriority, /**< 39 / 0x27 */
1937 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1938 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1939 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1940 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1941 ProcessImageFileMapping, /**< 44 / 0x2c */
1942 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1943 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1944 ProcessGroupInformation, /**< 47 / 0x2f */
1945 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1946 ProcessOwnerInformation, /**< 49 / 0x31 */
1947 ProcessWindowInformation, /**< 50 / 0x32 */
1948 ProcessHandleInformation, /**< 51 / 0x33 */
1949 ProcessMitigationPolicy, /**< 52 / 0x34 */
1950 ProcessDynamicFunctionTableInformation, /**< 53 / 0x35 */
1951 ProcessHandleCheckingMode, /**< 54 / 0x36 */
1952 ProcessKeepAliveCount, /**< 55 / 0x37 */
1953 ProcessRevokeFileHandles, /**< 56 / 0x38 */
1954 ProcessWorkingSetControl, /**< 57 / 0x39 */
1955 ProcessHandleTable, /**< 58 / 0x3a */
1956 ProcessCheckStackExtentsMode, /**< 59 / 0x3b */
1957 ProcessCommandLineInformation, /**< 60 / 0x3c */
1958 ProcessProtectionInformation, /**< 61 / 0x3d */
1959 ProcessMemoryExhaustion, /**< 62 / 0x3e */
1960 ProcessFaultInformation, /**< 63 / 0x3f */
1961 ProcessTelemetryIdInformation, /**< 64 / 0x40 */
1962 ProcessCommitReleaseInformation, /**< 65 / 0x41 */
1963 ProcessDefaultCpuSetsInformation, /**< 66 / 0x42 - aka ProcessReserved1Information */
1964 ProcessAllowedCpuSetsInformation, /**< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 */
1965 ProcessSubsystemProcess, /**< 68 / 0x44 */
1966 ProcessJobMemoryInformation, /**< 69 / 0x45 */
1967 ProcessInPrivate, /**< 70 / 0x46 */
1968 ProcessRaiseUMExceptionOnInvalidHandleClose,/**< 71 / 0x47 */
1969 ProcessIumChallengeResponse, /**< 72 / 0x48 */
1970 ProcessChildProcessInformation, /**< 73 / 0x49 */
1971 ProcessHighGraphicsPriorityInformation, /**< 74 / 0x4a */
1972 ProcessSubsystemInformation, /**< 75 / 0x4b */
1973 ProcessEnergyValues, /**< 76 / 0x4c */
1974 ProcessPowerThrottlingState, /**< 77 / 0x4d */
1975 ProcessReserved3Information, /**< 78 / 0x4e */
1976 ProcessWin32kSyscallFilterInformation, /**< 79 / 0x4f */
1977 ProcessDisableSystemAllowedCpuSets, /**< 80 / 0x50 */
1978 ProcessWakeInformation, /**< 81 / 0x51 */
1979 ProcessEnergyTrackingState, /**< 82 / 0x52 */
1980 ProcessManageWritesToExecutableMemory, /**< 83 / 0x53 */
1981 ProcessCaptureTrustletLiveDump, /**< 84 / 0x54 */
1982 ProcessTelemetryCoverage, /**< 85 / 0x55 */
1983 ProcessEnclaveInformation, /**< 86 / 0x56 */
1984 ProcessEnableReadWriteVmLogging, /**< 87 / 0x57 */
1985 ProcessUptimeInformation, /**< 88 / 0x58 */
1986 ProcessImageSection, /**< 89 / 0x59 */
1987 ProcessDebugAuthInformation, /**< 90 / 0x5a */
1988 ProcessSystemResourceManagement, /**< 92 / 0x5b */
1989 ProcessSequenceNumber, /**< 93 / 0x5c */
1990 MaxProcessInfoClass
1991} PROCESSINFOCLASS;
1992AssertCompile(ProcessSequenceNumber == 0x5c);
1993NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1994#if ARCH_BITS == 32
1995/** 64-bit API pass thru to WOW64 processes. */
1996NTSYSAPI NTSTATUS NTAPI NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1997#endif
1998
1999typedef enum _THREADINFOCLASS
2000{
2001 ThreadBasicInformation = 0,
2002 ThreadTimes,
2003 ThreadPriority,
2004 ThreadBasePriority,
2005 ThreadAffinityMask,
2006 ThreadImpersonationToken,
2007 ThreadDescriptorTableEntry,
2008 ThreadEnableAlignmentFaultFixup,
2009 ThreadEventPair_Reusable,
2010 ThreadQuerySetWin32StartAddress,
2011 ThreadZeroTlsCell,
2012 ThreadPerformanceCount,
2013 ThreadAmILastThread,
2014 ThreadIdealProcessor,
2015 ThreadPriorityBoost,
2016 ThreadSetTlsArrayAddress,
2017 ThreadIsIoPending,
2018 ThreadHideFromDebugger,
2019 ThreadBreakOnTermination,
2020 ThreadSwitchLegacyState,
2021 ThreadIsTerminated,
2022 ThreadLastSystemCall,
2023 ThreadIoPriority,
2024 ThreadCycleTime,
2025 ThreadPagePriority,
2026 ThreadActualBasePriority,
2027 ThreadTebInformation,
2028 ThreadCSwitchMon,
2029 ThreadCSwitchPmu,
2030 ThreadWow64Context,
2031 ThreadGroupInformation,
2032 ThreadUmsInformation,
2033 ThreadCounterProfiling,
2034 ThreadIdealProcessorEx,
2035 ThreadCpuAccountingInformation,
2036 MaxThreadInfoClass
2037} THREADINFOCLASS;
2038NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2039
2040NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2041NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2042
2043NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2044NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2045NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2046NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2047
2048NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2049NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2050
2051NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2052NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
2053NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
2054NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2055NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
2056NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
2057NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2058NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2059NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
2060
2061#endif /* IPRT_NT_USE_WINTERNL */
2062
2063/** For use with ObjectHandleFlagInformation. */
2064typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2065{
2066 BOOLEAN Inherit;
2067 BOOLEAN ProtectFromClose;
2068} OBJECT_HANDLE_FLAG_INFORMATION;
2069typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2070
2071typedef enum _OBJECT_INFORMATION_CLASS
2072{
2073 ObjectBasicInformation = 0,
2074 ObjectNameInformation,
2075 ObjectTypeInformation,
2076 ObjectAllInformation,
2077 ObjectHandleFlagInformation,
2078 ObjectSessionInformation,
2079 MaxObjectInfoClass
2080} OBJECT_INFORMATION_CLASS;
2081typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2082#ifdef IN_RING0
2083# define NtQueryObject ZwQueryObject
2084#endif
2085NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2086NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2087NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2088
2089NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2090
2091typedef struct _OBJECT_DIRECTORY_INFORMATION
2092{
2093 UNICODE_STRING Name;
2094 UNICODE_STRING TypeName;
2095} OBJECT_DIRECTORY_INFORMATION;
2096typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2097NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2098
2099NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
2100NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
2101/** @name ProcessDefaultHardErrorMode bit definitions.
2102 * @{ */
2103#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
2104#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2105#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2106#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2107/** @} */
2108NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2109NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
2110
2111/** Returned by NtQUerySection with SectionBasicInformation. */
2112typedef struct _SECTION_BASIC_INFORMATION
2113{
2114 PVOID BaseAddress;
2115 ULONG AllocationAttributes;
2116 LARGE_INTEGER MaximumSize;
2117} SECTION_BASIC_INFORMATION;
2118typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2119
2120/** Retured by ProcessImageInformation as well as NtQuerySection. */
2121typedef struct _SECTION_IMAGE_INFORMATION
2122{
2123 PVOID TransferAddress;
2124 ULONG ZeroBits;
2125 SIZE_T MaximumStackSize;
2126 SIZE_T CommittedStackSize;
2127 ULONG SubSystemType;
2128 union
2129 {
2130 struct
2131 {
2132 USHORT SubSystemMinorVersion;
2133 USHORT SubSystemMajorVersion;
2134 };
2135 ULONG SubSystemVersion;
2136 };
2137 ULONG GpValue;
2138 USHORT ImageCharacteristics;
2139 USHORT DllCharacteristics;
2140 USHORT Machine;
2141 BOOLEAN ImageContainsCode;
2142 union /**< Since Vista, used to be a spare BOOLEAN. */
2143 {
2144 struct
2145 {
2146 UCHAR ComPlusNativeRead : 1;
2147 UCHAR ComPlusILOnly : 1;
2148 UCHAR ImageDynamicallyRelocated : 1;
2149 UCHAR ImageMAppedFlat : 1;
2150 UCHAR Reserved : 4;
2151 };
2152 UCHAR ImageFlags;
2153 };
2154 ULONG LoaderFlags;
2155 ULONG ImageFileSize; /**< Since XP? */
2156 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2157} SECTION_IMAGE_INFORMATION;
2158typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2159
2160typedef enum _SECTION_INFORMATION_CLASS
2161{
2162 SectionBasicInformation = 0,
2163 SectionImageInformation,
2164 MaxSectionInfoClass
2165} SECTION_INFORMATION_CLASS;
2166NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2167
2168NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2169NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2170NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2171#ifndef SYMBOLIC_LINK_QUERY
2172# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2173#endif
2174#ifndef SYMBOLIC_LINK_ALL_ACCESS
2175# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2176#endif
2177
2178NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2179NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2180NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2181NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2182NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2183NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2184NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(void);
2185
2186
2187#ifndef SEC_FILE
2188# define SEC_FILE UINT32_C(0x00800000)
2189#endif
2190#ifndef SEC_IMAGE
2191# define SEC_IMAGE UINT32_C(0x01000000)
2192#endif
2193#ifndef SEC_PROTECTED_IMAGE
2194# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2195#endif
2196#ifndef SEC_NOCACHE
2197# define SEC_NOCACHE UINT32_C(0x10000000)
2198#endif
2199#ifndef MEM_ROTATE
2200# define MEM_ROTATE UINT32_C(0x00800000)
2201#endif
2202typedef enum _MEMORY_INFORMATION_CLASS
2203{
2204 MemoryBasicInformation = 0,
2205 MemoryWorkingSetList,
2206 MemorySectionName,
2207 MemoryBasicVlmInformation
2208} MEMORY_INFORMATION_CLASS;
2209#ifdef IN_RING0
2210typedef struct _MEMORY_BASIC_INFORMATION
2211{
2212 PVOID BaseAddress;
2213 PVOID AllocationBase;
2214 ULONG AllocationProtect;
2215 SIZE_T RegionSize;
2216 ULONG State;
2217 ULONG Protect;
2218 ULONG Type;
2219} MEMORY_BASIC_INFORMATION;
2220typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2221# define NtQueryVirtualMemory ZwQueryVirtualMemory
2222#endif
2223NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2224#ifdef IPRT_NT_USE_WINTERNL
2225NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2226#endif
2227NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2228NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2229
2230typedef enum _SYSTEM_INFORMATION_CLASS
2231{
2232 SystemBasicInformation = 0,
2233 SystemCpuInformation,
2234 SystemPerformanceInformation,
2235 SystemTimeOfDayInformation,
2236 SystemInformation_Unknown_4,
2237 SystemProcessInformation,
2238 SystemInformation_Unknown_6,
2239 SystemInformation_Unknown_7,
2240 SystemProcessorPerformanceInformation,
2241 SystemInformation_Unknown_9,
2242 SystemInformation_Unknown_10,
2243 SystemModuleInformation,
2244 SystemInformation_Unknown_12,
2245 SystemInformation_Unknown_13,
2246 SystemInformation_Unknown_14,
2247 SystemInformation_Unknown_15,
2248 SystemHandleInformation,
2249 SystemInformation_Unknown_17,
2250 SystemPageFileInformation,
2251 SystemInformation_Unknown_19,
2252 SystemInformation_Unknown_20,
2253 SystemCacheInformation,
2254 SystemInformation_Unknown_22,
2255 SystemInterruptInformation,
2256 SystemDpcBehaviourInformation,
2257 SystemFullMemoryInformation,
2258 SystemLoadGdiDriverInformation, /* 26 */
2259 SystemUnloadGdiDriverInformation, /* 27 */
2260 SystemTimeAdjustmentInformation,
2261 SystemSummaryMemoryInformation,
2262 SystemInformation_Unknown_30,
2263 SystemInformation_Unknown_31,
2264 SystemInformation_Unknown_32,
2265 SystemExceptionInformation,
2266 SystemCrashDumpStateInformation,
2267 SystemKernelDebuggerInformation,
2268 SystemContextSwitchInformation,
2269 SystemRegistryQuotaInformation,
2270 SystemInformation_Unknown_38,
2271 SystemInformation_Unknown_39,
2272 SystemInformation_Unknown_40,
2273 SystemInformation_Unknown_41,
2274 SystemInformation_Unknown_42,
2275 SystemInformation_Unknown_43,
2276 SystemCurrentTimeZoneInformation,
2277 SystemLookasideInformation,
2278 SystemSetTimeSlipEvent,
2279 SystemCreateSession,
2280 SystemDeleteSession,
2281 SystemInformation_Unknown_49,
2282 SystemRangeStartInformation,
2283 SystemVerifierInformation,
2284 SystemInformation_Unknown_52,
2285 SystemSessionProcessInformation,
2286 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2287 SystemInformation_Unknown_55,
2288 SystemInformation_Unknown_56,
2289 SystemExtendedProcessInformation,
2290 SystemInformation_Unknown_58,
2291 SystemInformation_Unknown_59,
2292 SystemInformation_Unknown_60,
2293 SystemInformation_Unknown_61,
2294 SystemInformation_Unknown_62,
2295 SystemInformation_Unknown_63,
2296 SystemExtendedHandleInformation, /* 64 */
2297 SystemInformation_Unknown_65,
2298 SystemInformation_Unknown_66,
2299 SystemInformation_Unknown_67,
2300 SystemInformation_Unknown_68,
2301 SystemInformation_HotPatchInfo, /* 69 */
2302 SystemInformation_Unknown_70,
2303 SystemInformation_Unknown_71,
2304 SystemInformation_Unknown_72,
2305 SystemInformation_Unknown_73,
2306 SystemInformation_Unknown_74,
2307 SystemInformation_Unknown_75,
2308 SystemInformation_Unknown_76,
2309 SystemInformation_Unknown_77,
2310 SystemInformation_Unknown_78,
2311 SystemInformation_Unknown_79,
2312 SystemInformation_Unknown_80,
2313 SystemInformation_Unknown_81,
2314 SystemInformation_Unknown_82,
2315 SystemInformation_Unknown_83,
2316 SystemInformation_Unknown_84,
2317 SystemInformation_Unknown_85,
2318 SystemInformation_Unknown_86,
2319 SystemInformation_Unknown_87,
2320 SystemInformation_Unknown_88,
2321 SystemInformation_Unknown_89,
2322 SystemInformation_Unknown_90,
2323 SystemInformation_Unknown_91,
2324 SystemInformation_Unknown_92,
2325 SystemInformation_Unknown_93,
2326 SystemInformation_Unknown_94,
2327 SystemInformation_Unknown_95,
2328 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2329 SystemInformation_Unknown_97,
2330 SystemInformation_Unknown_98,
2331 SystemInformation_Unknown_99,
2332 SystemInformation_Unknown_100,
2333 SystemInformation_Unknown_101,
2334 SystemInformation_Unknown_102,
2335 SystemInformation_Unknown_103,
2336 SystemInformation_Unknown_104,
2337 SystemInformation_Unknown_105,
2338 SystemInformation_Unknown_107,
2339 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2340
2341 /** @todo fill gap. they've added a whole bunch of things */
2342 SystemPolicyInformation = 134,
2343 SystemInformationClassMax
2344} SYSTEM_INFORMATION_CLASS;
2345
2346#ifdef IPRT_NT_USE_WINTERNL
2347typedef struct _VM_COUNTERS
2348{
2349 SIZE_T PeakVirtualSize;
2350 SIZE_T VirtualSize;
2351 ULONG PageFaultCount;
2352 SIZE_T PeakWorkingSetSize;
2353 SIZE_T WorkingSetSize;
2354 SIZE_T QuotaPeakPagedPoolUsage;
2355 SIZE_T QuotaPagedPoolUsage;
2356 SIZE_T QuotaPeakNonPagedPoolUsage;
2357 SIZE_T QuotaNonPagedPoolUsage;
2358 SIZE_T PagefileUsage;
2359 SIZE_T PeakPagefileUsage;
2360} VM_COUNTERS;
2361typedef VM_COUNTERS *PVM_COUNTERS;
2362#endif
2363
2364#if 0
2365typedef struct _IO_COUNTERS
2366{
2367 ULONGLONG ReadOperationCount;
2368 ULONGLONG WriteOperationCount;
2369 ULONGLONG OtherOperationCount;
2370 ULONGLONG ReadTransferCount;
2371 ULONGLONG WriteTransferCount;
2372 ULONGLONG OtherTransferCount;
2373} IO_COUNTERS;
2374typedef IO_COUNTERS *PIO_COUNTERS;
2375#endif
2376
2377typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2378{
2379 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2380 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2381 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2382 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2383 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2384 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2385 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2386 int32_t BasePriority; /**< 0x40 / 0x48 */
2387 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2388 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2389 ULONG HandleCount; /**< 0x4c / 0x60 */
2390 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2391 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2392 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2393 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2394 /* After this follows the threads, then the ProcessName.Buffer. */
2395} RTNT_SYSTEM_PROCESS_INFORMATION;
2396typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2397#ifndef IPRT_NT_USE_WINTERNL
2398typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2399typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2400#endif
2401
2402typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2403{
2404 USHORT UniqueProcessId;
2405 USHORT CreatorBackTraceIndex;
2406 UCHAR ObjectTypeIndex;
2407 UCHAR HandleAttributes;
2408 USHORT HandleValue;
2409 PVOID Object;
2410 ULONG GrantedAccess;
2411} SYSTEM_HANDLE_ENTRY_INFO;
2412typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2413
2414/** Returned by SystemHandleInformation */
2415typedef struct _SYSTEM_HANDLE_INFORMATION
2416{
2417 ULONG NumberOfHandles;
2418 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2419} SYSTEM_HANDLE_INFORMATION;
2420typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2421
2422/** Extended handle information entry.
2423 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2424typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2425{
2426 PVOID Object;
2427 HANDLE UniqueProcessId;
2428 HANDLE HandleValue;
2429 ACCESS_MASK GrantedAccess;
2430 USHORT CreatorBackTraceIndex;
2431 USHORT ObjectTypeIndex;
2432 ULONG HandleAttributes;
2433 ULONG Reserved;
2434} SYSTEM_HANDLE_ENTRY_INFO_EX;
2435typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2436
2437/** Returned by SystemExtendedHandleInformation. */
2438typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2439{
2440 ULONG_PTR NumberOfHandles;
2441 ULONG_PTR Reserved;
2442 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2443} SYSTEM_HANDLE_INFORMATION_EX;
2444typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2445
2446/** Returned by SystemSessionProcessInformation. */
2447typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2448{
2449 ULONG SessionId;
2450 ULONG BufferLength;
2451 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2452 PVOID Buffer;
2453} SYSTEM_SESSION_PROCESS_INFORMATION;
2454typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2455
2456typedef struct _RTL_PROCESS_MODULE_INFORMATION
2457{
2458 HANDLE Section; /**< 0x00 / 0x00 */
2459 PVOID MappedBase; /**< 0x04 / 0x08 */
2460 PVOID ImageBase; /**< 0x08 / 0x10 */
2461 ULONG ImageSize; /**< 0x0c / 0x18 */
2462 ULONG Flags; /**< 0x10 / 0x1c */
2463 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
2464 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
2465 USHORT LoadCount; /**< 0x18 / 0x24 */
2466 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
2467 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
2468} RTL_PROCESS_MODULE_INFORMATION;
2469typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
2470
2471/** Returned by SystemModuleInformation. */
2472typedef struct _RTL_PROCESS_MODULES
2473{
2474 ULONG NumberOfModules;
2475 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
2476} RTL_PROCESS_MODULES;
2477typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
2478
2479NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2480#ifndef IPRT_NT_MAP_TO_ZW
2481NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2482#endif
2483
2484NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2485NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2486
2487NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2488NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2489#ifndef IPRT_NT_USE_WINTERNL
2490NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2491#endif
2492typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2493typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2494NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2495
2496NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2497
2498#ifdef IPRT_NT_USE_WINTERNL
2499typedef enum _EVENT_TYPE
2500{
2501 /* Manual reset event. */
2502 NotificationEvent = 0,
2503 /* Automaitc reset event. */
2504 SynchronizationEvent
2505} EVENT_TYPE;
2506#endif
2507NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2508NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2509typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2510NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2511NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2512NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2513typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2514typedef enum _EVENT_INFORMATION_CLASS
2515{
2516 EventBasicInformation = 0
2517} EVENT_INFORMATION_CLASS;
2518/** Data returned by NtQueryEvent + EventBasicInformation. */
2519typedef struct EVENT_BASIC_INFORMATION
2520{
2521 EVENT_TYPE EventType;
2522 ULONG EventState;
2523} EVENT_BASIC_INFORMATION;
2524typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2525NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2526
2527#ifdef IPRT_NT_USE_WINTERNL
2528/** For NtQueryValueKey. */
2529typedef enum _KEY_VALUE_INFORMATION_CLASS
2530{
2531 KeyValueBasicInformation = 0,
2532 KeyValueFullInformation,
2533 KeyValuePartialInformation,
2534 KeyValueFullInformationAlign64,
2535 KeyValuePartialInformationAlign64
2536} KEY_VALUE_INFORMATION_CLASS;
2537
2538/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2539typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2540{
2541 ULONG TitleIndex;
2542 ULONG Type;
2543 ULONG DataLength;
2544 UCHAR Data[1];
2545} KEY_VALUE_PARTIAL_INFORMATION;
2546typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2547#endif
2548NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2549NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2550
2551
2552NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2553
2554
2555typedef struct _CURDIR
2556{
2557 UNICODE_STRING DosPath;
2558 HANDLE Handle; /**< 0x10 / 0x08 */
2559} CURDIR;
2560AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
2561typedef CURDIR *PCURDIR;
2562
2563typedef struct _RTL_DRIVE_LETTER_CURDIR
2564{
2565 USHORT Flags;
2566 USHORT Length;
2567 ULONG TimeStamp;
2568 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2569} RTL_DRIVE_LETTER_CURDIR;
2570typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2571
2572typedef struct _RTL_USER_PROCESS_PARAMETERS
2573{
2574 ULONG MaximumLength; /**< 0x000 / 0x000 */
2575 ULONG Length; /**< 0x004 / 0x004 */
2576 ULONG Flags; /**< 0x008 / 0x008 */
2577 ULONG DebugFlags; /**< 0x00c / 0x00c */
2578 HANDLE ConsoleHandle; /**< 0x010 / 0x010 */
2579 ULONG ConsoleFlags; /**< 0x018 / 0x014 */
2580 HANDLE StandardInput; /**< 0x020 / 0x018 */
2581 HANDLE StandardOutput; /**< 0x028 / 0x01c */
2582 HANDLE StandardError; /**< 0x030 / 0x020 */
2583 CURDIR CurrentDirectory; /**< 0x038 / 0x024 */
2584 UNICODE_STRING DllPath; /**< 0x050 / 0x030 */
2585 UNICODE_STRING ImagePathName; /**< 0x060 / 0x038 */
2586 UNICODE_STRING CommandLine; /**< 0x070 / 0x040 */
2587 PWSTR Environment; /**< 0x080 / 0x048 */
2588 ULONG StartingX; /**< 0x088 / 0x04c */
2589 ULONG StartingY; /**< 0x090 / 0x050 */
2590 ULONG CountX; /**< 0x094 / 0x054 */
2591 ULONG CountY; /**< 0x098 / 0x058 */
2592 ULONG CountCharsX; /**< 0x09c / 0x05c */
2593 ULONG CountCharsY; /**< 0x0a0 / 0x060 */
2594 ULONG FillAttribute; /**< 0x0a4 / 0x064 */
2595 ULONG WindowFlags; /**< 0x0a8 / 0x068 */
2596 ULONG ShowWindowFlags; /**< 0x0ac / 0x06c */
2597 UNICODE_STRING WindowTitle; /**< 0x0b0 / 0x070 */
2598 UNICODE_STRING DesktopInfo; /**< 0x0c0 / 0x078 */
2599 UNICODE_STRING ShellInfo; /**< 0x0d0 / 0x080 */
2600 UNICODE_STRING RuntimeInfo; /**< 0x0e0 / 0x088 */
2601 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /**< 0x0f0 / 0x090 */
2602 SIZE_T EnvironmentSize; /**< 0x3f0 / 0x - Added in Vista */
2603 SIZE_T EnvironmentVersion; /**< 0x3f8 / 0x - Added in Windows 7. */
2604 PVOID PackageDependencyData; /**< 0x400 / 0x - Added Windows 8? */
2605 ULONG ProcessGroupId; /**< 0x408 / 0x - Added Windows 8? */
2606 ULONG LoaderThreads; /**< 0x40c / 0x - Added Windows 10? */
2607} RTL_USER_PROCESS_PARAMETERS;
2608typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2609#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2610
2611typedef struct _RTL_USER_PROCESS_INFORMATION
2612{
2613 ULONG Size;
2614 HANDLE ProcessHandle;
2615 HANDLE ThreadHandle;
2616 CLIENT_ID ClientId;
2617 SECTION_IMAGE_INFORMATION ImageInformation;
2618} RTL_USER_PROCESS_INFORMATION;
2619typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2620
2621
2622NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2623 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2624NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2625 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2626 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2627 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2628 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2629NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2630NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2631 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2632
2633#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2634typedef struct _RTL_CRITICAL_SECTION
2635{
2636 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2637 LONG LockCount;
2638 LONG Recursioncount;
2639 HANDLE OwningThread;
2640 HANDLE LockSemaphore;
2641 ULONG_PTR SpinCount;
2642} RTL_CRITICAL_SECTION;
2643typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2644#endif
2645
2646/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2647
2648/** @def RTL_QUERY_REGISTRY_TYPECHECK
2649 * WDK 8.1+, backported in updates, ignored in older. */
2650#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2651# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2652#endif
2653/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2654 * WDK 8.1+, backported in updates, ignored in older. */
2655#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2656# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2657#endif
2658
2659
2660RT_C_DECLS_END
2661/** @} */
2662
2663
2664#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2665/** @name NT Kernel APIs
2666 * @{ */
2667RT_C_DECLS_BEGIN
2668
2669typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2670
2671NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2672typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2673NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2674typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2675NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2676typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2677NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2678typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2679NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2680typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2681NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2682typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2683NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2684typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2685NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2686typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2687NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2688typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2689NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2690typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2691/** Works like anding the complemented subtrahend with the minuend. */
2692NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2693typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2694NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2695typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2696NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2697typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2698NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2699typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2700NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2701typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2702NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2703typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2704typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2705typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2706typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2707typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2708typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2709typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2710typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2711typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2712typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2713typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2714typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2715 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2716 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2717typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2718typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2719typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2720typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
2721
2722NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2723 PVOID pvOptionalConditions, PHANDLE phFound);
2724NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2725 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2726 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2727NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2728NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2729NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2730NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2731extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2732extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2733
2734typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2735typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2736
2737RT_C_DECLS_END
2738/** @ */
2739#endif /* IN_RING0 */
2740
2741
2742#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2743/** @name NT Userland APIs
2744 * @{ */
2745RT_C_DECLS_BEGIN
2746
2747#if 0 /** @todo figure this out some time... */
2748typedef struct CSR_MSG_DATA_CREATED_PROCESS
2749{
2750 HANDLE hProcess;
2751 HANDLE hThread;
2752 CLIENT_ID
2753 DWORD idProcess;
2754 DWORD idThread;
2755 DWORD fCreate;
2756
2757} CSR_MSG_DATA_CREATED_PROCESS;
2758
2759#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2760#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2761NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2762#endif
2763
2764NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2765
2766typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2767{
2768 ULONG Flags;
2769 PCUNICODE_STRING FullDllName;
2770 PCUNICODE_STRING BaseDllName;
2771 PVOID DllBase;
2772 ULONG SizeOfImage;
2773} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2774typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2775typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2776
2777typedef union _LDR_DLL_NOTIFICATION_DATA
2778{
2779 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2780 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2781} LDR_DLL_NOTIFICATION_DATA;
2782typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2783typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2784
2785typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2786
2787#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2788#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2789NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2790 PVOID *pvCookie);
2791typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2792NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2793typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2794
2795NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2796 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2797typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2798 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2799NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2800typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2801NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2802 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2803typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2804 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2805#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2806#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2807/** @since Windows XP. */
2808NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2809 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2810/** @since Windows XP. */
2811typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2812 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2813/** @since Windows 7. */
2814NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2815/** @since Windows 7. */
2816typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2817/** @since Windows 7. */
2818NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2819 OUT PHANDLE phDll);
2820/** @since Windows 7. */
2821typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2822 OUT PHANDLE phDll);
2823#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2824NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2825typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2826NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2827 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2828typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2829 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2830#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2831/** @since Windows Vista. */
2832NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2833 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2834/** @since Windows Vista. */
2835typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2836 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2837#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2838#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2839#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2840#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2841#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2842/** @since Windows XP. */
2843NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2844/** @since Windows XP. */
2845typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2846#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2847/** @since Windows XP. */
2848NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2849/** @since Windows XP. */
2850typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2851
2852NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2853NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2854NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2855NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2856 IN PCUNICODE_STRING pOrgName,
2857 IN PUNICODE_STRING pDefaultSuffix,
2858 IN OUT PUNICODE_STRING pStaticString,
2859 IN OUT PUNICODE_STRING pDynamicString,
2860 IN OUT PUNICODE_STRING *ppResultString,
2861 IN PULONG pfNewFlags OPTIONAL,
2862 IN PSIZE_T pcbFilename OPTIONAL,
2863 IN PSIZE_T pcbNeeded OPTIONAL);
2864/** @since Windows 8.
2865 * @note Status code is always zero in windows 10 build 14393. */
2866NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2867/** @copydoc ApiSetQueryApiSetPresence */
2868typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2869
2870
2871# ifdef IPRT_NT_USE_WINTERNL
2872typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2873typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2874typedef struct _RTL_HEAP_PARAMETERS
2875{
2876 ULONG Length;
2877 SIZE_T SegmentReserve;
2878 SIZE_T SegmentCommit;
2879 SIZE_T DeCommitFreeBlockThreshold;
2880 SIZE_T DeCommitTotalFreeThreshold;
2881 SIZE_T MaximumAllocationSize;
2882 SIZE_T VirtualMemoryThreshold;
2883 SIZE_T InitialCommit;
2884 SIZE_T InitialReserve;
2885 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2886 SIZE_T Reserved[2];
2887} RTL_HEAP_PARAMETERS;
2888typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2889NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2890 PRTL_HEAP_PARAMETERS pParameters);
2891/** @name Heap flags (for RtlCreateHeap).
2892 * @{ */
2893/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2894# define HEAP_GROWABLE UINT32_C(0x00000002)
2895# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2896# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2897# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2898# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2899# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2900# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2901# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2902# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2903# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2904# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2905# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2906# define HEAP_CLASS_0 UINT32_C(0x00000000)
2907# define HEAP_CLASS_1 UINT32_C(0x00001000)
2908# define HEAP_CLASS_2 UINT32_C(0x00002000)
2909# define HEAP_CLASS_3 UINT32_C(0x00003000)
2910# define HEAP_CLASS_4 UINT32_C(0x00004000)
2911# define HEAP_CLASS_5 UINT32_C(0x00005000)
2912# define HEAP_CLASS_6 UINT32_C(0x00006000)
2913# define HEAP_CLASS_7 UINT32_C(0x00007000)
2914# define HEAP_CLASS_8 UINT32_C(0x00008000)
2915# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2916# endif
2917# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2918# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2919# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2920# define HEAP_CLASS_GDI HEAP_CLASS_3
2921# define HEAP_CLASS_USER HEAP_CLASS_4
2922# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2923# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2924# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2925# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2926# ifdef IPRT_NT_USE_WINTERNL
2927/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2928# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2929# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2930# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2931# endif /* IPRT_NT_USE_WINTERNL */
2932/** @} */
2933# ifdef IPRT_NT_USE_WINTERNL
2934/** @name Heap tagging constants
2935 * @{ */
2936# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2937/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2938# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2939# define HEAP_TAG_SHIFT 18 */
2940# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2941/** @} */
2942NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2943NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2944NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2945# endif /* IPRT_NT_USE_WINTERNL */
2946NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2947NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2948NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2949NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2950NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2951NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2952NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2953NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2954NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2955NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2956typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2957NTSYSAPI uint64_t NTAPI RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
2958typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
2959NTSYSAPI BOOLEAN NTAPI RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
2960typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
2961
2962RT_C_DECLS_END
2963/** @} */
2964#endif /* IN_RING3 */
2965
2966#endif /* !IPRT_INCLUDED_nt_nt_h */
2967
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette