nt.h@ 79804

Last change on this file since 79804 was 78535, checked in by vboxsync, 6 years ago
FsPerf,iprt/nt/nt.h: Buffer size testcase for NtQueryVolumeInformationFile. bugref:9172
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 164.4 KB

Line
1	/* $Id: nt.h 78535 2019-05-15 23:48:14Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2019 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef IPRT_INCLUDED_nt_nt_h
28	#define IPRT_INCLUDED_nt_nt_h
29	#ifndef RT_WITHOUT_PRAGMA_ONCE
30	# pragma once
31	#endif
32
33	/** @def IPRT_NT_MAP_TO_ZW
34	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35	* to the APIs (takes care of the previous context checks).
36	*/
37	#ifdef DOXYGEN_RUNNING
38	# define IPRT_NT_MAP_TO_ZW
39	#endif
40
41	#ifdef IPRT_NT_MAP_TO_ZW
42	# define NtQueryDirectoryFile ZwQueryDirectoryFile
43	# define NtQueryInformationFile ZwQueryInformationFile
44	# define NtQueryInformationProcess ZwQueryInformationProcess
45	# define NtQueryInformationThread ZwQueryInformationThread
46	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47	# define NtQuerySystemInformation ZwQuerySystemInformation
48	# define NtQuerySecurityObject ZwQuerySecurityObject
49	# define NtSetInformationFile ZwSetInformationFile
50	# define NtClose ZwClose
51	# define NtCreateFile ZwCreateFile
52	# define NtReadFile ZwReadFile
53	# define NtWriteFile ZwWriteFile
54	# define NtFlushBuffersFile ZwFlushBuffersFile
55	/** @todo this is very incomplete! */
56	#endif
57
58	#include <ntstatus.h>
59
60	/*
61	* Hacks common to both base header sets.
62	*/
63	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64	#define NtQueryObject Incomplete_NtQueryObject
65	#define ZwQueryObject Incomplete_ZwQueryObject
66	#define NtSetInformationObject Incomplete_NtSetInformationObject
67	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71	#define _PEB Incomplete__PEB
72	#define PEB Incomplete_PEB
73	#define PPEB Incomplete_PPEB
74	#define _TEB Incomplete__TEB
75	#define TEB Incomplete_TEB
76	#define PTEB Incomplete_PTEB
77	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86	#ifdef IPRT_NT_USE_WINTERNL
87	/*
88	* Use Winternl.h.
89	*/
90	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
122	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
123	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
124	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
125	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
126	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
127	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
128	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
129	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
130	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
131
132
133	# pragma warning(push)
134	# pragma warning(disable: 4668)
135	# define WIN32_NO_STATUS
136	# include <windef.h>
137	# include <winnt.h>
138	# include <winternl.h>
139	# undef WIN32_NO_STATUS
140	# include <ntstatus.h>
141	# pragma warning(pop)
142
143	# ifndef OBJ_DONT_REPARSE
144	# define RTNT_NEED_CLIENT_ID
145	# endif
146
147	# undef _FILE_INFORMATION_CLASS
148	# undef FILE_INFORMATION_CLASS
149	# undef FileDirectoryInformation
150
151	# undef NtQueryInformationProcess
152	# undef NtSetInformationProcess
153	# undef PROCESSINFOCLASS
154	# undef _PROCESSINFOCLASS
155	# undef PROCESS_BASIC_INFORMATION
156	# undef PPROCESS_BASIC_INFORMATION
157	# undef _PROCESS_BASIC_INFORMATION
158	# undef ProcessBasicInformation
159	# undef ProcessDebugPort
160	# undef ProcessWow64Information
161	# undef ProcessImageFileName
162	# undef ProcessBreakOnTermination
163
164	# undef RTL_USER_PROCESS_PARAMETERS
165	# undef PRTL_USER_PROCESS_PARAMETERS
166	# undef _RTL_USER_PROCESS_PARAMETERS
167
168	# undef NtQueryInformationThread
169	# undef NtSetInformationThread
170	# undef THREADINFOCLASS
171	# undef _THREADINFOCLASS
172	# undef ThreadIsIoPending
173
174	# undef NtQuerySystemInformation
175	# undef NtSetSystemInformation
176	# undef SYSTEM_INFORMATION_CLASS
177	# undef _SYSTEM_INFORMATION_CLASS
178	# undef SystemBasicInformation
179	# undef SystemPerformanceInformation
180	# undef SystemTimeOfDayInformation
181	# undef SystemProcessInformation
182	# undef SystemProcessorPerformanceInformation
183	# undef SystemInterruptInformation
184	# undef SystemExceptionInformation
185	# undef SystemRegistryQuotaInformation
186	# undef SystemLookasideInformation
187	# undef SystemPolicyInformation
188
189	#else
190	/*
191	* Use ntifs.h and wdm.h.
192	*/
193	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
194	# define FORCEINLINE static __forceinline
195	# else
196	# define FORCEINLINE static __inline
197	# endif
198
199	# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
200	# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
201	# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
202	# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
203	# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
204	# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
205	# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
206	# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
207	# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
208	# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
209	# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
210	# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
211	# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
212	# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
213	# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
214	# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
215	# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
216	# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
217	# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
218	# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
219
220	# pragma warning(push)
221	# ifdef RT_ARCH_X86
222	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
223	# pragma warning(disable: 4163)
224	# endif
225	# pragma warning(disable: 4668)
226	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
227	# if _MSC_VER >= 1800 /RT_MSC_VER_VC120/
228	# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
229	# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
230	# endif
231
232	# include <ntifs.h>
233	# include <wdm.h>
234
235	# ifdef RT_ARCH_X86
236	# undef _InterlockedAddLargeStatistic
237	# endif
238	# pragma warning(pop)
239
240	# undef _FSINFOCLASS
241	# undef FS_INFORMATION_CLASS
242	# undef PFS_INFORMATION_CLASS
243	# undef FileFsVolumeInformation
244	# undef FileFsLabelInformation
245	# undef FileFsSizeInformation
246	# undef FileFsDeviceInformation
247	# undef FileFsAttributeInformation
248	# undef FileFsControlInformation
249	# undef FileFsFullSizeInformation
250	# undef FileFsObjectIdInformation
251	# undef FileFsDriverPathInformation
252	# undef FileFsVolumeFlagsInformation
253	# undef FileFsSectorSizeInformation
254	# undef FileFsDataCopyInformation
255	# undef FileFsMetadataSizeInformation
256	# undef FileFsFullSizeInformationEx
257	# undef FileFsMaximumInformation
258	# undef NtQueryVolumeInformationFile
259	# undef NtSetVolumeInformationFile
260
261	# define IPRT_NT_NEED_API_GROUP_NTIFS
262	#endif
263
264	#undef RtlFreeUnicodeString
265	#undef NtQueryObject
266	#undef ZwQueryObject
267	#undef NtSetInformationObject
268	#undef _OBJECT_INFORMATION_CLASS
269	#undef OBJECT_INFORMATION_CLASS
270	#undef ObjectBasicInformation
271	#undef ObjectTypeInformation
272	#undef _PEB
273	#undef PEB
274	#undef PPEB
275	#undef _TEB
276	#undef TEB
277	#undef PTEB
278	#undef _PEB_LDR_DATA
279	#undef PEB_LDR_DATA
280	#undef PPEB_LDR_DATA
281	#undef _KUSER_SHARED_DATA
282	#undef KUSER_SHARED_DATA
283	#undef PKUSER_SHARED_DATA
284
285
286	#include <iprt/types.h>
287	#include <iprt/assert.h>
288
289
290	/** @name Useful macros
291	* @{ */
292	/** Indicates that we're targeting native NT in the current source. */
293	#define RTNT_USE_NATIVE_NT 1
294	/** Initializes a IO_STATUS_BLOCK. */
295	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
296	/** Reinitializes a IO_STATUS_BLOCK. */
297	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
298	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
299	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
300	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
301	/** Constant UNICODE_STRING initializer. */
302	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
303	/** @} */
304
305
306	/** @name IPRT helper functions for NT
307	* @{ */
308	RT_C_DECLS_BEGIN
309
310	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
311	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
312	PHANDLE phHandle, PULONG_PTR puDisposition);
313	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
314	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
315	RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
316	ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
317	RTDECL(int) RTNtPathClose(HANDLE hHandle);
318
319	/**
320	* Converts a windows-style path to NT format and encoding.
321	*
322	* @returns IPRT status code.
323	* @param pNtName Where to return the NT name. Free using
324	* RTNtPathFree.
325	* @param phRootDir Where to return the root handle, if applicable.
326	* @param pszPath The UTF-8 path.
327	*/
328	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
329
330	/**
331	* Converts a UTF-16 windows-style path to NT format.
332	*
333	* @returns IPRT status code.
334	* @param pNtName Where to return the NT name. Free using
335	* RTNtPathFree.
336	* @param phRootDir Where to return the root handle, if applicable.
337	* @param pwszPath The UTF-16 windows-style path.
338	* @param cwcPath The max length of the windows-style path in
339	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
340	* pwszPath is correctly terminated.
341	*/
342	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
343
344	/**
345	* How to handle ascent ('..' relative to a root handle).
346	*/
347	typedef enum RTNTPATHRELATIVEASCENT
348	{
349	kRTNtPathRelativeAscent_Invalid = 0,
350	kRTNtPathRelativeAscent_Allow,
351	kRTNtPathRelativeAscent_Fail,
352	kRTNtPathRelativeAscent_Ignore,
353	kRTNtPathRelativeAscent_End,
354	kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
355	} RTNTPATHRELATIVEASCENT;
356
357	/**
358	* Converts a relative windows-style path to relative NT format and encoding.
359	*
360	* @returns IPRT status code.
361	* @param pNtName Where to return the NT name. Free using
362	* rtTNtPathToNative with phRootDir set to NULL.
363	* @param phRootDir On input, the handle to the directory the path
364	* is relative to. On output, the handle to
365	* specify as root directory in the object
366	* attributes when accessing the path. If
367	* enmAscent is kRTNtPathRelativeAscent_Allow, it
368	* may have been set to NULL.
369	* @param pszPath The relative UTF-8 path.
370	* @param enmAscent How to handle ascent.
371	* @param fMustReturnAbsolute Must convert to an absolute path. This
372	* is necessary if the root dir is a NT directory
373	* object (e.g. /Devices) since they cannot parse
374	* relative paths it seems.
375	*/
376	RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath,
377	RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
378
379	/**
380	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
381	* chars plus a terminator.
382	*
383	* The NT string must have been returned by RTNtPathFromWinUtf8 or
384	* RTNtPathFromWinUtf16Ex.
385	*
386	* @returns IPRT status code.
387	* @param pNtName The NT path string.
388	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
389	* @sa RTNtPathFree
390	*/
391	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
392
393	/**
394	* Frees the native path and root handle.
395	*
396	* @param pNtName The NT path after a successful rtNtPathToNative
397	* call or RTNtPathRelativeFromUtf8.
398	* @param phRootDir The root handle variable from rtNtPathToNative,
399	*/
400	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
401
402
403	/**
404	* Checks whether the path could be containing alternative 8.3 names generated
405	* by NTFS, FAT, or other similar file systems.
406	*
407	* @returns Pointer to the first component that might be an 8.3 name, NULL if
408	* not 8.3 path.
409	* @param pwszPath The path to check.
410	*
411	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
412	* however, non-tilde 8.3 aliases are probably rare enough to not be
413	* worth all the extra code necessary to open each path component and
414	* check if we've got the short name or not.
415	*/
416	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
417
418	/**
419	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
420	* components.
421	*
422	* The path is fixed up in place. Errors are ignored.
423	*
424	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
425	* indicating the nature of last problem we ran into.
426	*
427	* @param pUniStr The path to fix up. MaximumLength is the max buffer
428	* length.
429	* @param fPathOnly Whether to only process the path and leave the filename
430	* as passed in.
431	*/
432	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
433
434	/**
435	* Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
436	* working on the input buffer.
437	*
438	* @returns IPRT status code, see RTNtPathExpand8dot3Path().
439	* @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
440	* length.
441	* @param fPathOnly Whether to only process the path and leave the filename
442	* as passed in.
443	* @param pUniStrDst Output string. On success, the caller must use
444	* RTUtf16Free to free what the Buffer member points to.
445	* This is all zeros and NULL on failure.
446	*/
447	RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING pUniStrDst);
448
449
450	RT_C_DECLS_END
451	/** @} */
452
453
454	/** @name NT API delcarations.
455	* @{ */
456	RT_C_DECLS_BEGIN
457
458	/** @name Process access rights missing in ntddk headers
459	* @{ */
460	#ifndef PROCESS_TERMINATE
461	# define PROCESS_TERMINATE UINT32_C(0x00000001)
462	#endif
463	#ifndef PROCESS_CREATE_THREAD
464	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
465	#endif
466	#ifndef PROCESS_SET_SESSIONID
467	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
468	#endif
469	#ifndef PROCESS_VM_OPERATION
470	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
471	#endif
472	#ifndef PROCESS_VM_READ
473	# define PROCESS_VM_READ UINT32_C(0x00000010)
474	#endif
475	#ifndef PROCESS_VM_WRITE
476	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
477	#endif
478	#ifndef PROCESS_DUP_HANDLE
479	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
480	#endif
481	#ifndef PROCESS_CREATE_PROCESS
482	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
483	#endif
484	#ifndef PROCESS_SET_QUOTA
485	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
486	#endif
487	#ifndef PROCESS_SET_INFORMATION
488	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
489	#endif
490	#ifndef PROCESS_QUERY_INFORMATION
491	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
492	#endif
493	#ifndef PROCESS_SUSPEND_RESUME
494	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
495	#endif
496	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
497	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
498	#endif
499	#ifndef PROCESS_SET_LIMITED_INFORMATION
500	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
501	#endif
502	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
503	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
504	#ifndef PROCESS_ALL_ACCESS
505	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
506	#endif
507	/** @} */
508
509	/** @name Thread access rights missing in ntddk headers
510	* @{ */
511	#ifndef THREAD_QUERY_INFORMATION
512	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
513	#endif
514	#ifndef THREAD_SET_THREAD_TOKEN
515	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
516	#endif
517	#ifndef THREAD_IMPERSONATE
518	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
519	#endif
520	#ifndef THREAD_DIRECT_IMPERSONATION
521	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
522	#endif
523	#ifndef THREAD_RESUME
524	# define THREAD_RESUME UINT32_C(0x00001000)
525	#endif
526	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
527	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
528	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
529	/** @} */
530
531	/** @name Special handle values.
532	* @{ */
533	#ifndef NtCurrentProcess
534	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
535	#endif
536	#ifndef NtCurrentThread
537	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
538	#endif
539	#ifndef ZwCurrentProcess
540	# define ZwCurrentProcess() NtCurrentProcess()
541	#endif
542	#ifndef ZwCurrentThread
543	# define ZwCurrentThread() NtCurrentThread()
544	#endif
545	/** @} */
546
547
548	/** @name Directory object access rights.
549	* @{ */
550	#ifndef DIRECTORY_QUERY
551	# define DIRECTORY_QUERY UINT32_C(0x00000001)
552	#endif
553	#ifndef DIRECTORY_TRAVERSE
554	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
555	#endif
556	#ifndef DIRECTORY_CREATE_OBJECT
557	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
558	#endif
559	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
560	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
561	#endif
562	#ifndef DIRECTORY_ALL_ACCESS
563	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
564	#endif
565	/** @} */
566
567
568
569	#ifdef RTNT_NEED_CLIENT_ID
570	typedef struct _CLIENT_ID
571	{
572	HANDLE UniqueProcess;
573	HANDLE UniqueThread;
574	} CLIENT_ID;
575	#endif
576	#ifdef IPRT_NT_USE_WINTERNL
577	typedef CLIENT_ID *PCLIENT_ID;
578	#endif
579
580	/** Extended affinity type, introduced in Windows 7 (?). */
581	typedef struct _KAFFINITY_EX
582	{
583	/** Count of valid bitmap entries. */
584	uint16_t Count;
585	/** Count of allocated bitmap entries. */
586	uint16_t Size;
587	/** Reserved / aligmment padding. */
588	uint32_t Reserved;
589	/** Bitmap where one bit corresponds to a CPU. */
590	uintptr_t Bitmap[20];
591	} KAFFINITY_EX;
592	typedef KAFFINITY_EX *PKAFFINITY_EX;
593	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
594
595	/** @name User Shared Data
596	* @{ */
597
598	#ifdef IPRT_NT_USE_WINTERNL
599	typedef struct _KSYSTEM_TIME
600	{
601	ULONG LowPart;
602	LONG High1Time;
603	LONG High2Time;
604	} KSYSTEM_TIME;
605	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
606
607	typedef enum _NT_PRODUCT_TYPE
608	{
609	NtProductWinNt = 1,
610	NtProductLanManNt,
611	NtProductServer
612	} NT_PRODUCT_TYPE;
613
614	#define PROCESSOR_FEATURE_MAX 64
615
616	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
617	{
618	StandardDesign = 0,
619	NEC98x86,
620	EndAlternatives
621	} ALTERNATIVE_ARCHITECTURE_TYPE;
622
623	# if 0
624	typedef struct _XSTATE_FEATURE
625	{
626	ULONG Offset;
627	ULONG Size;
628	} XSTATE_FEATURE;
629	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
630
631	#define MAXIMUM_XSTATE_FEATURES 64
632
633	typedef struct _XSTATE_CONFIGURATION
634	{
635	ULONG64 EnabledFeatures;
636	ULONG Size;
637	ULONG OptimizedSave : 1;
638	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
639	} XSTATE_CONFIGURATION;
640	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
641	# endif
642	#endif /* IPRT_NT_USE_WINTERNL */
643
644	typedef struct _KUSER_SHARED_DATA
645	{
646	ULONG TickCountLowDeprecated; /*< 0x000 /
647	ULONG TickCountMultiplier; /*< 0x004 /
648	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
649	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
650	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
651	USHORT ImageNumberLow; /*< 0x02c /
652	USHORT ImageNumberHigh; /*< 0x02e /
653	WCHAR NtSystemRoot[260]; /*< 0x030 - Seems to be last member in NT 3.51. /
654	ULONG MaxStackTraceDepth; /*< 0x238 /
655	ULONG CryptoExponent; /*< 0x23c /
656	ULONG TimeZoneId; /*< 0x240 /
657	ULONG LargePageMinimum; /*< 0x244 /
658	ULONG AitSamplingValue; /*< 0x248 /
659	ULONG AppCompatFlag; /*< 0x24c /
660	ULONGLONG RNGSeedVersion; /*< 0x250 /
661	ULONG GlobalValidationRunlevel; /*< 0x258 /
662	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
663	ULONG Reserved2; /*< 0x260 /
664	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
665	BOOLEAN ProductTypeIsValid; /*< 0x268 /
666	BOOLEAN Reserved0[1]; /*< 0x269 /
667	USHORT NativeProcessorArchitecture; /*< 0x26a /
668	ULONG NtMajorVersion; /*< 0x26c /
669	ULONG NtMinorVersion; /*< 0x270 /
670	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
671	ULONG Reserved1; /*< 0x2b4 /
672	ULONG Reserved3; /*< 0x2b8 /
673	ULONG volatile TimeSlip; /*< 0x2bc /
674	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
675	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
676	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
677	ULONG SuiteMask; /*< 0x2d0 /
678	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
679	union /*< 0x2d5 /
680	{
681	UCHAR MitigationPolicies; /*< 0x2d5 /
682	struct
683	{
684	UCHAR NXSupportPolicy : 2;
685	UCHAR SEHValidationPolicy : 2;
686	UCHAR CurDirDevicesSkippedForDlls : 2;
687	UCHAR Reserved : 2;
688	};
689	};
690	UCHAR Reserved6[2]; /*< 0x2d6 /
691	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
692	ULONG volatile DismountCount; /*< 0x2dc /
693	ULONG ComPlusPackage; /*< 0x2e0 /
694	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
695	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
696	BOOLEAN SafeBootMode; /*< 0x2ec /
697	UCHAR Reserved12[3]; /*< 0x2ed /
698	union /*< 0x2f0 /
699	{
700	ULONG SharedDataFlags; /*< 0x2f0 /
701	struct
702	{
703	ULONG DbgErrorPortPresent : 1;
704	ULONG DbgElevationEnabled : 1;
705	ULONG DbgVirtEnabled : 1;
706	ULONG DbgInstallerDetectEnabled : 1;
707	ULONG DbgLkgEnabled : 1;
708	ULONG DbgDynProcessorEnabled : 1;
709	ULONG DbgConsoleBrokerEnabled : 1;
710	ULONG DbgSecureBootEnabled : 1;
711	ULONG SpareBits : 24;
712	};
713	};
714	ULONG DataFlagsPad[1]; /*< 0x2f4 /
715	ULONGLONG TestRetInstruction; /*< 0x2f8 /
716	LONGLONG QpcFrequency; /*< 0x300 /
717	ULONGLONG SystemCallPad[3]; /*< 0x308 /
718	union /*< 0x320 /
719	{
720	ULONG64 volatile TickCountQuad; /*< 0x320 /
721	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
722	struct /*< 0x320 /
723	{
724	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
725	ULONG TickCountPad[1]; /*< 0x32c /
726	};
727	};
728	ULONG Cookie; /*< 0x330 /
729	ULONG CookiePad[1]; /*< 0x334 /
730	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
731	ULONGLONG TimeUpdateLock; /*< 0x340 /
732	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
733	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
734	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
735	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
736	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
737	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
738	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
739	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
740	UCHAR Reserved8[14]; /*< 0x372 /
741	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
742	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
743	ULONG LangGenerationCount; /*< 0x3a4 /
744	ULONGLONG Reserved4; /*< 0x3a8 /
745	ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
746	* subtracts from interrupt time. */
747	ULONGLONG volatile QpcBias; /*< 0x3b8 /
748	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
749	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
750	UCHAR Reserved9; /*< 0x3c5 /
751	union /*< 0x3c6 /
752	{
753	USHORT QpcData; /*< 0x3c6 /
754	struct /*< 0x3c6 /
755	{
756	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
757	UCHAR QpcShift; /*< 0x3c7 /
758	};
759	};
760	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
761	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
762	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
763	} KUSER_SHARED_DATA;
764	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
765	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
766	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
767	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
768	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
769	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
770	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
771	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
772	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
773	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
774	/** @def MM_SHARED_USER_DATA_VA
775	* Read only userland mapping of KUSER_SHARED_DATA. */
776	#ifndef MM_SHARED_USER_DATA_VA
777	# if ARCH_BITS == 32
778	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
779	# elif ARCH_BITS == 64
780	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
781	# else
782	# error "Unsupported/undefined ARCH_BITS value."
783	# endif
784	#endif
785	/** @def KI_USER_SHARED_DATA
786	* Read write kernel mapping of KUSER_SHARED_DATA. */
787	#ifndef KI_USER_SHARED_DATA
788	# ifdef RT_ARCH_X86
789	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
790	# elif defined(RT_ARCH_AMD64)
791	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
792	# else
793	# error "PORT ME - KI_USER_SHARED_DATA"
794	# endif
795	#endif
796	/** @} */
797
798
799	/** @name Process And Thread Environment Blocks
800	* @{ */
801
802	typedef struct _PEB_LDR_DATA
803	{
804	uint32_t Length;
805	BOOLEAN Initialized;
806	BOOLEAN Padding[3];
807	HANDLE SsHandle;
808	LIST_ENTRY InLoadOrderModuleList;
809	LIST_ENTRY InMemoryOrderModuleList;
810	LIST_ENTRY InInitializationOrderModuleList;
811	/* End NT4 */
812	LIST_ENTRY *EntryInProgress;
813	BOOLEAN ShutdownInProgress;
814	HANDLE ShutdownThreadId;
815	} PEB_LDR_DATA;
816	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
817
818	typedef struct _PEB_COMMON
819	{
820	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
821	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
822	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
823	union
824	{
825	uint8_t BitField; /*< 0x003 / 0x003 /
826	struct
827	{
828	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
829	} Common;
830	struct
831	{
832	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
833	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
834	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
835	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
836	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
837	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
838	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
839	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
840	} W81;
841	struct
842	{
843	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
844	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
845	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
846	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
847	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
848	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
849	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
850	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
851	} W80;
852	struct
853	{
854	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
855	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
856	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
857	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
858	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
859	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
860	} W7;
861	struct
862	{
863	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
864	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
865	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
866	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
867	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
868	} W6;
869	struct
870	{
871	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
872	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
873	} W52;
874	struct
875	{
876	BOOLEAN SpareBool;
877	} W51;
878	} Diff0;
879	#if ARCH_BITS == 64
880	uint32_t Padding0; /*< 0x004 / NA /
881	#endif
882	HANDLE Mutant; /*< 0x008 / 0x004 /
883	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
884	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
885	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
886	PVOID SubSystemData; /*< 0x028 / 0x014 /
887	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
888	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
889	union
890	{
891	struct
892	{
893	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
894	PVOID IFEOKey; /*< 0x048 / 0x024 /
895	union
896	{
897	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
898	struct
899	{
900	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
901	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
902	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
903	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
904	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
905	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
906	} W7, W8, W80, W81;
907	struct
908	{
909	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
910	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
911	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
912	} W6;
913	};
914	#if ARCH_BITS == 64
915	uint32_t Padding1; /*< 0x054 / /
916	#endif
917	} W6, W7, W8, W80, W81;
918	struct
919	{
920	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
921	PVOID SparePtr2; /*< 0x048 / 0x024 /
922	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
923	#if ARCH_BITS == 64
924	uint32_t Padding1; /*< 0x054 / /
925	#endif
926	} W52;
927	struct
928	{
929	PVOID FastPebLockRoutine; /*< NA / 0x020 /
930	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
931	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
932	} W51;
933	} Diff1;
934	union
935	{
936	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
937	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
938	};
939	uint32_t SystemReserved; /*< 0x060 / 0x030 /
940	union
941	{
942	struct
943	{
944	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
945	} W7, W8, W80, W81;
946	struct
947	{
948	uint32_t SpareUlong; /*< 0x064 / 0x034 /
949	} W52, W6;
950	struct
951	{
952	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
953	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
954	} W51;
955	} Diff2;
956	union
957	{
958	struct
959	{
960	PVOID ApiSetMap; /*< 0x068 / 0x038 /
961	} W7, W8, W80, W81;
962	struct
963	{
964	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
965	} W52, W6;
966	struct
967	{
968	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
969	} W51;
970	} Diff3;
971	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
972	#if ARCH_BITS == 64
973	uint32_t Padding2; /*< 0x074 / NA /
974	#endif
975	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
976	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
977	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
978	union
979	{
980	struct
981	{
982	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
983	} W81;
984	struct
985	{
986	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
987	} W6, W7, W80;
988	struct
989	{
990	PVOID ReadOnlySharedMemoryHeap;
991	} W52;
992	} Diff4;
993	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
994	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
995	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
996	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
997	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
998	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
999	#if ARCH_BITS == 32
1000	uint32_t Padding2b;
1001	#endif
1002	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
1003	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
1004	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
1005	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
1006	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
1007	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
1008	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
1009	PVOID ProcessHeaps; /< 0x0f0 / 0x090 - Last NT 3.51 member. /
1010	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
1011	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
1012	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
1013	#if ARCH_BITS == 64
1014	uint32_t Padding3; /*< 0x10c / NA /
1015	#endif
1016	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
1017	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
1018	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
1019	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
1020	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
1021	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
1022	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
1023	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
1024	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
1025	#if ARCH_BITS == 64
1026	uint32_t Padding4; /*< 0x134 / NA /
1027	#endif
1028	union
1029	{
1030	struct
1031	{
1032	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
1033	} W7, W8, W80, W81;
1034	struct
1035	{
1036	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
1037	} W52, W6;
1038	} Diff5;
1039	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
1040	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
1041	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
1042	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
1043	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
1044	#if ARCH_BITS == 64
1045	uint32_t Padding5; /*< 0x2c4 / NA /
1046	#endif
1047	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
1048	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
1049	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
1050	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
1051	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
1052	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
1053	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
1054	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
1055	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
1056	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
1057	/* End of PEB in W52 (Windows XP (RTM))! */
1058	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
1059	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
1060	PVOID FlsBitmap; /*< 0x338 / 0x218 /
1061	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
1062	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
1063	/* End of PEB in W52 (Windows Server 2003)! */
1064	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
1065	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
1066	/* End of PEB in W6 (windows Vista)! */
1067	union
1068	{
1069	struct
1070	{
1071	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
1072	} W8, W80, W81;
1073	struct
1074	{
1075	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
1076	} W7;
1077	} Diff6;
1078	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
1079	union
1080	{
1081	uint32_t TracingFlags; /*< 0x378 / 0x240 /
1082	struct
1083	{
1084	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1085	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1086	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
1087	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
1088	} W8, W80, W81;
1089	struct
1090	{
1091	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1092	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1093	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
1094	} W7;
1095	} Diff7;
1096	#if ARCH_BITS == 64
1097	uint32_t Padding6; /*< 0x37c / NA /
1098	#endif
1099	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
1100	/* End of PEB in W8, W81. */
1101	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
1102	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
1103	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
1104	#if ARCH_BITS == 32
1105	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
1106	#endif
1107	} PEB_COMMON;
1108	typedef PEB_COMMON *PPEB_COMMON;
1109
1110	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1111	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1112	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1113	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1114	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1115	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1116	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1117	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1118	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1119
1120	/** The size of the windows 10 (build 14393) PEB structure. */
1121	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1122	/** The size of the windows 8.1 PEB structure. */
1123	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1124	/** The size of the windows 8.0 PEB structure. */
1125	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1126	/** The size of the windows 7 PEB structure. */
1127	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1128	/** The size of the windows vista PEB structure. */
1129	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1130	/** The size of the windows server 2003 PEB structure. */
1131	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1132	/** The size of the windows XP PEB structure. */
1133	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1134
1135	#if 0
1136	typedef struct _NT_TIB
1137	{
1138	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1139	PVOID StackBase;
1140	PVOID StackLimit;
1141	PVOID SubSystemTib;
1142	union
1143	{
1144	PVOID FiberData;
1145	ULONG Version;
1146	};
1147	PVOID ArbitraryUserPointer;
1148	struct _NT_TIB *Self;
1149	} NT_TIB;
1150	typedef NT_TIB *PNT_TIB;
1151	#endif
1152
1153	typedef struct _ACTIVATION_CONTEXT_STACK
1154	{
1155	uint32_t Flags;
1156	uint32_t NextCookieSequenceNumber;
1157	PVOID ActiveFrame;
1158	LIST_ENTRY FrameListCache;
1159	} ACTIVATION_CONTEXT_STACK;
1160
1161	/* Common TEB. */
1162	typedef struct _TEB_COMMON
1163	{
1164	NT_TIB NtTib; /*< 0x000 / 0x000 /
1165	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1166	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1167	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1168	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1169	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1170	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1171	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1172	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1173	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1174	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1175	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1176	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1177	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1178	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1179	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1180	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1181	#if ARCH_BITS == 64
1182	uint32_t Padding0; /*< 0x2c4 / NA /
1183	#endif
1184	union
1185	{
1186	struct
1187	{
1188	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1189	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1190	} W52, W6, W7, W8, W80, W81;
1191	#if ARCH_BITS == 32
1192	struct
1193	{
1194	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1195	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1196	} W51;
1197	#endif
1198	} Diff0;
1199	union
1200	{
1201	struct
1202	{
1203	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1204	} W6, W7, W8, W80, W81;
1205	struct
1206	{
1207	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1208	} W52;
1209	} Diff1;
1210	#if ARCH_BITS == 64
1211	uint32_t Padding1; /*< 0x2ec / NA /
1212	#endif
1213	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1214	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1215	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1216	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1217	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1218	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1219	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1220	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1221	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1222	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1223	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1224	PVOID glSection; /*< 0x1230 / 0xbe4 /
1225	PVOID glTable; /*< 0x1238 / 0xbe8 /
1226	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1227	PVOID glContext; /*< 0x1248 / 0xbf0 /
1228	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1229	#if ARCH_BITS == 64
1230	uint32_t Padding2; /*< 0x1254 / NA /
1231	#endif
1232	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1233	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1234	#if ARCH_BITS == 64
1235	WCHAR Padding3[3]; /*< 0x1472 / NA /
1236	#endif
1237	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1238	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1239	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1240	PVOID Vdm; /*< 0x1690 / 0xf18 /
1241	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1242	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1243	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1244	#if ARCH_BITS == 64
1245	uint32_t Padding4; /*< 0x16b4 / NA /
1246	#endif
1247	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1248	union
1249	{
1250	struct
1251	{
1252	GUID ActivityId; /*< 0x1710 / 0xf50 /
1253	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1254	} W6, W7, W8, W80, W81;
1255	struct
1256	{
1257	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1258	} W52;
1259	} Diff2;
1260	union /*< 0x1728 / 0xf64 /
1261	{
1262	struct
1263	{
1264	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1265	} W8, W80, W81;
1266	struct
1267	{
1268	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1269	} W7, W6;
1270	struct
1271	{
1272	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1273	} W52;
1274	struct
1275	{
1276	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1277	} W51;
1278	} Diff3;
1279	union
1280	{
1281	struct
1282	{
1283	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1284	} W52, W6, W7, W8, W80, W81;
1285	struct
1286	{
1287	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1288	} W51;
1289	} Diff4;
1290	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1291	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1292	union
1293	{
1294	union
1295	{
1296	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1297	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1298	struct
1299	{
1300	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1301	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1302	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1303	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1304	};
1305	} W6, W7, W8, W80, W81;
1306	struct
1307	{
1308	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1309	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1310	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1311	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1312	} W51, W52;
1313	} Diff5;
1314	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1315	#if ARCH_BITS == 64
1316	uint32_t Padding5; /*< 0x174c / NA /
1317	#endif
1318	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1319	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1320	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1321	#if ARCH_BITS == 64
1322	uint32_t Padding6; /*< 0x1764 / NA /
1323	#endif
1324	union /*< 0x1770 / 0xf8c /
1325	{
1326	struct
1327	{
1328	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1329	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1330	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1331	} W8, W80, W81;
1332	struct
1333	{
1334	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1335	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1336	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1337	} W6, W7;
1338	struct
1339	{
1340	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1341	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1342	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1343	} W52;
1344	#if ARCH_BITS == 32
1345	struct _Wx86ThreadState
1346	{
1347	PVOID CallBx86Eip; /*< NA / 0xf88 /
1348	PVOID DeallocationCpu; /*< NA / 0xf8c /
1349	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1350	int8_t OleStubInvoked; /*< NA / 0xf91 /
1351	} W51;
1352	#endif
1353	} Diff6;
1354	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1355	#if ARCH_BITS == 64
1356	PVOID DallocationBStore; /*< 0x1788 / NA /
1357	PVOID BStoreLimit; /*< 0x1790 / NA /
1358	#endif
1359	union
1360	{
1361	struct
1362	{
1363	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1364	} W7, W8, W80, W81;
1365	struct
1366	{
1367	uint32_t ImpersonationLocale;
1368	} W6;
1369	} Diff7;
1370	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1371	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1372	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1373	union /*< 0x17b0 / 0xfa8 /
1374	{
1375	struct
1376	{
1377	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1378	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1379	} W8, W80, W81;
1380	struct
1381	{
1382	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1383	} W7;
1384	} Diff8;
1385	#if ARCH_BITS == 64
1386	uint32_t Padding7; /*< 0x17b4 / NA /
1387	#endif
1388	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1389	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1390	/* End of TEB in W51 (Windows XP)! */
1391	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1392	union
1393	{
1394	struct
1395	{
1396	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1397	} W6, W7, W8, W80, W81;
1398	struct
1399	{
1400	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1401	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1402	/* End of TEB in W52 (Windows server 2003)! */
1403	} W52;
1404	} Diff9;
1405	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1406	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1407	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1408	union
1409	{
1410	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1411	struct
1412	{
1413	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1414	};
1415	};
1416	union
1417	{
1418	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1419	struct
1420	{
1421	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1422	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1423	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1424	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1425	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1426	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1427	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1428	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1429	} Common;
1430	struct
1431	{
1432	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1433	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1434	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1435	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1436	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1437	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1438	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1439	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1440	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1441	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1442	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1443	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1444	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1445	} W8, W80, W81;
1446	struct
1447	{
1448	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1449	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1450	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1451	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1452	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1453	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1454	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1455	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1456	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1457	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1458	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1459	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1460	} W7;
1461	struct
1462	{
1463	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1464	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1465	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1466	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1467	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1468	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1469	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1470	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1471	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1472	} W6;
1473	} Diff10;
1474	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1475	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1476	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1477	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1478	union
1479	{
1480	struct
1481	{
1482	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1483	} W7, W8, W80, W81;
1484	struct
1485	{
1486	uint32_t ProcessRundown;
1487	} W6;
1488	} Diff11;
1489	union
1490	{
1491	struct
1492	{
1493	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1494	/* End of TEB in W7 (windows 7)! */
1495	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1496	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1497	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1498	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1499	/* End of TEB in W10 14393! */
1500	} W8, W80, W81, W10;
1501	struct
1502	{
1503	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1504	} W7;
1505	struct
1506	{
1507	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1508	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1509	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1510	/* End of TEB in W6 (windows Vista)! */
1511	} W6;
1512	} Diff12;
1513	} TEB_COMMON;
1514	typedef TEB_COMMON *PTEB_COMMON;
1515	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1516	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1517	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1518	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1519	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1520	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1521	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1522	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1523	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1524	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1525	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1526	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1527	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1528
1529
1530	/** The size of the windows 8.1 PEB structure. */
1531	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1532	/** The size of the windows 8.1 PEB structure. */
1533	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1534	/** The size of the windows 8.0 PEB structure. */
1535	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1536	/** The size of the windows 7 PEB structure. */
1537	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1538	/** The size of the windows vista PEB structure. */
1539	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1540	/** The size of the windows server 2003 PEB structure. */
1541	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1542	/** The size of the windows XP PEB structure. */
1543	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1544
1545
1546
1547	#define _PEB _PEB_COMMON
1548	typedef PEB_COMMON PEB;
1549	typedef PPEB_COMMON PPEB;
1550
1551	#define _TEB _TEB_COMMON
1552	typedef TEB_COMMON TEB;
1553	typedef PTEB_COMMON PTEB;
1554
1555	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1556	# ifdef RT_ARCH_X86
1557	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1558	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1559	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1560	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1561	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1562	# elif defined(RT_ARCH_AMD64)
1563	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1564	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1565	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1566	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1567	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1568	# else
1569	# error "Port me"
1570	# endif
1571	#else
1572	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1573	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1574	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1575	# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1576	# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1577	#endif
1578	#define NtCurrentPeb() RTNtCurrentPeb()
1579
1580
1581	/** @} */
1582
1583
1584	#ifdef IPRT_NT_USE_WINTERNL
1585	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1586	typedef enum _SECTION_INHERIT
1587	{
1588	ViewShare = 1,
1589	ViewUnmap
1590	} SECTION_INHERIT;
1591	#endif
1592	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1593	ULONG, ULONG);
1594	NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1595	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1596
1597	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1598	NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1599	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1600	NTSYSAPI NTSTATUS NTAPI ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1601	NTSYSAPI NTSTATUS NTAPI NtAlertThread(HANDLE hThread);
1602	#ifdef IPRT_NT_USE_WINTERNL
1603	NTSYSAPI NTSTATUS NTAPI ZwAlertThread(HANDLE hThread);
1604	#endif
1605
1606	#ifdef IPRT_NT_USE_WINTERNL
1607	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1608	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1609	#endif
1610	NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1611	NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1612
1613	#ifdef IPRT_NT_USE_WINTERNL
1614	typedef struct _FILE_FS_VOLUME_INFORMATION
1615	{
1616	LARGE_INTEGER VolumeCreationTime;
1617	ULONG VolumeSerialNumber;
1618	ULONG VolumeLabelLength;
1619	BOOLEAN SupportsObjects;
1620	WCHAR VolumeLabel[1];
1621	} FILE_FS_VOLUME_INFORMATION;
1622	typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1623	typedef struct _FILE_FS_LABEL_INFORMATION
1624	{
1625	ULONG VolumeLabelLength;
1626	WCHAR VolumeLabel[1];
1627	} FILE_FS_LABEL_INFORMATION;
1628	typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1629	typedef struct _FILE_FS_SIZE_INFORMATION
1630	{
1631	LARGE_INTEGER TotalAllocationUnits;
1632	LARGE_INTEGER AvailableAllocationUnits;
1633	ULONG SectorsPerAllocationUnit;
1634	ULONG BytesPerSector;
1635	} FILE_FS_SIZE_INFORMATION;
1636	typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1637	typedef struct _FILE_FS_DEVICE_INFORMATION
1638	{
1639	DEVICE_TYPE DeviceType;
1640	ULONG Characteristics;
1641	} FILE_FS_DEVICE_INFORMATION;
1642	typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1643	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1644	{
1645	ULONG FileSystemAttributes;
1646	LONG MaximumComponentNameLength;
1647	ULONG FileSystemNameLength;
1648	WCHAR FileSystemName[1];
1649	} FILE_FS_ATTRIBUTE_INFORMATION;
1650	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1651	typedef struct _FILE_FS_CONTROL_INFORMATION
1652	{
1653	LARGE_INTEGER FreeSpaceStartFiltering;
1654	LARGE_INTEGER FreeSpaceThreshold;
1655	LARGE_INTEGER FreeSpaceStopFiltering;
1656	LARGE_INTEGER DefaultQuotaThreshold;
1657	LARGE_INTEGER DefaultQuotaLimit;
1658	ULONG FileSystemControlFlags;
1659	} FILE_FS_CONTROL_INFORMATION;
1660	typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1661	typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1662	{
1663	LARGE_INTEGER TotalAllocationUnits;
1664	LARGE_INTEGER CallerAvailableAllocationUnits;
1665	LARGE_INTEGER ActualAvailableAllocationUnits;
1666	ULONG SectorsPerAllocationUnit;
1667	ULONG BytesPerSector;
1668	} FILE_FS_FULL_SIZE_INFORMATION;
1669	typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1670	typedef struct _FILE_FS_OBJECTID_INFORMATION
1671	{
1672	UCHAR ObjectId[16];
1673	UCHAR ExtendedInfo[48];
1674	} FILE_FS_OBJECTID_INFORMATION;
1675	typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1676	typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1677	{
1678	BOOLEAN DriverInPath;
1679	ULONG DriverNameLength;
1680	WCHAR DriverName[1];
1681	} FILE_FS_DRIVER_PATH_INFORMATION;
1682	typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1683	typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1684	{
1685	ULONG Flags;
1686	} FILE_FS_VOLUME_FLAGS_INFORMATION;
1687	typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1688	#endif
1689	#if !defined(SSINFO_OFFSET_UNKNOWN) \|\| defined(IPRT_NT_USE_WINTERNL)
1690	typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1691	{
1692	ULONG LogicalBytesPerSector;
1693	ULONG PhysicalBytesPerSectorForAtomicity;
1694	ULONG PhysicalBytesPerSectorForPerformance;
1695	ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1696	ULONG Flags;
1697	ULONG ByteOffsetForSectorAlignment;
1698	ULONG ByteOffsetForPartitionAlignment;
1699	} FILE_FS_SECTOR_SIZE_INFORMATION;
1700	typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1701	# ifndef SSINFO_OFFSET_UNKNOWN
1702	# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1703	# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1704	# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1705	# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1706	# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1707	# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1708	# endif
1709	#endif
1710	#ifdef IPRT_NT_USE_WINTERNL
1711	typedef struct _FILE_FS_DATA_COPY_INFORMATION
1712	{
1713	ULONG NumberOfCopies;
1714	} FILE_FS_DATA_COPY_INFORMATION;
1715	typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1716	typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1717	{
1718	LARGE_INTEGER TotalMetadataAllocationUnits;
1719	ULONG SectorsPerAllocationUnit;
1720	ULONG BytesPerSector;
1721	} FILE_FS_METADATA_SIZE_INFORMATION;
1722	typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1723	typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1724	{
1725	ULONGLONG ActualTotalAllocationUnits;
1726	ULONGLONG ActualAvailableAllocationUnits;
1727	ULONGLONG ActualPoolUnavailableAllocationUnits;
1728	ULONGLONG CallerTotalAllocationUnits;
1729	ULONGLONG CallerAvailableAllocationUnits;
1730	ULONGLONG CallerPoolUnavailableAllocationUnits;
1731	ULONGLONG UsedAllocationUnits;
1732	ULONGLONG TotalReservedAllocationUnits;
1733	ULONGLONG VolumeStorageReserveAllocationUnits;
1734	ULONGLONG AvailableCommittedAllocationUnits;
1735	ULONGLONG PoolAvailableAllocationUnits;
1736	ULONG SectorsPerAllocationUnit;
1737	ULONG BytesPerSector;
1738	} FILE_FS_FULL_SIZE_INFORMATION_EX;
1739	typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1740	#endif /* IPRT_NT_USE_WINTERNL */
1741
1742	typedef enum _FSINFOCLASS
1743	{
1744	FileFsVolumeInformation = 1,
1745	FileFsLabelInformation,
1746	FileFsSizeInformation, /*< FILE_FS_SIZE_INFORMATION /
1747	FileFsDeviceInformation,
1748	FileFsAttributeInformation,
1749	FileFsControlInformation,
1750	FileFsFullSizeInformation,
1751	FileFsObjectIdInformation,
1752	FileFsDriverPathInformation,
1753	FileFsVolumeFlagsInformation,
1754	FileFsSectorSizeInformation,
1755	FileFsDataCopyInformation,
1756	FileFsMetadataSizeInformation,
1757	FileFsFullSizeInformationEx,
1758	FileFsMaximumInformation
1759	} FS_INFORMATION_CLASS;
1760	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1761	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1762	NTSYSAPI NTSTATUS NTAPI NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1763
1764	#ifdef IPRT_NT_USE_WINTERNL
1765	typedef struct _FILE_DIRECTORY_INFORMATION
1766	{
1767	ULONG NextEntryOffset;
1768	ULONG FileIndex;
1769	LARGE_INTEGER CreationTime;
1770	LARGE_INTEGER LastAccessTime;
1771	LARGE_INTEGER LastWriteTime;
1772	LARGE_INTEGER ChangeTime;
1773	LARGE_INTEGER EndOfFile;
1774	LARGE_INTEGER AllocationSize;
1775	ULONG FileAttributes;
1776	ULONG FileNameLength;
1777	WCHAR FileName[1];
1778	} FILE_DIRECTORY_INFORMATION;
1779	typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1780	typedef struct _FILE_FULL_DIR_INFORMATION
1781	{
1782	ULONG NextEntryOffset;
1783	ULONG FileIndex;
1784	LARGE_INTEGER CreationTime;
1785	LARGE_INTEGER LastAccessTime;
1786	LARGE_INTEGER LastWriteTime;
1787	LARGE_INTEGER ChangeTime;
1788	LARGE_INTEGER EndOfFile;
1789	LARGE_INTEGER AllocationSize;
1790	ULONG FileAttributes;
1791	ULONG FileNameLength;
1792	ULONG EaSize;
1793	WCHAR FileName[1];
1794	} FILE_FULL_DIR_INFORMATION;
1795	typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1796	typedef struct _FILE_BOTH_DIR_INFORMATION
1797	{
1798	ULONG NextEntryOffset; /*< 0x00: /
1799	ULONG FileIndex; /*< 0x04: /
1800	LARGE_INTEGER CreationTime; /*< 0x08: /
1801	LARGE_INTEGER LastAccessTime; /*< 0x10: /
1802	LARGE_INTEGER LastWriteTime; /*< 0x18: /
1803	LARGE_INTEGER ChangeTime; /*< 0x20: /
1804	LARGE_INTEGER EndOfFile; /*< 0x28: /
1805	LARGE_INTEGER AllocationSize; /*< 0x30: /
1806	ULONG FileAttributes; /*< 0x38: /
1807	ULONG FileNameLength; /*< 0x3c: /
1808	ULONG EaSize; /*< 0x40: /
1809	CCHAR ShortNameLength; /*< 0x44: /
1810	WCHAR ShortName[12]; /*< 0x46: /
1811	WCHAR FileName[1]; /*< 0x5e: /
1812	} FILE_BOTH_DIR_INFORMATION;
1813	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1814	typedef struct _FILE_BASIC_INFORMATION
1815	{
1816	LARGE_INTEGER CreationTime;
1817	LARGE_INTEGER LastAccessTime;
1818	LARGE_INTEGER LastWriteTime;
1819	LARGE_INTEGER ChangeTime;
1820	ULONG FileAttributes;
1821	} FILE_BASIC_INFORMATION;
1822	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1823	typedef struct _FILE_STANDARD_INFORMATION
1824	{
1825	LARGE_INTEGER AllocationSize;
1826	LARGE_INTEGER EndOfFile;
1827	ULONG NumberOfLinks;
1828	BOOLEAN DeletePending;
1829	BOOLEAN Directory;
1830	} FILE_STANDARD_INFORMATION;
1831	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1832	typedef struct _FILE_NAME_INFORMATION
1833	{
1834	ULONG FileNameLength;
1835	WCHAR FileName[1];
1836	} FILE_NAME_INFORMATION;
1837	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1838	typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1839	typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1840	typedef struct _FILE_INTERNAL_INFORMATION
1841	{
1842	LARGE_INTEGER IndexNumber;
1843	} FILE_INTERNAL_INFORMATION;
1844	typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1845	typedef struct _FILE_EA_INFORMATION
1846	{
1847	ULONG EaSize;
1848	} FILE_EA_INFORMATION;
1849	typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1850	typedef struct _FILE_ACCESS_INFORMATION
1851	{
1852	ACCESS_MASK AccessFlags;
1853	} FILE_ACCESS_INFORMATION;
1854	typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1855	typedef struct _FILE_RENAME_INFORMATION
1856	{
1857	union
1858	{
1859	BOOLEAN ReplaceIfExists;
1860	ULONG Flags;
1861	};
1862	HANDLE RootDirectory;
1863	ULONG FileNameLength;
1864	WCHAR FileName[1];
1865	} FILE_RENAME_INFORMATION;
1866	typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1867	typedef struct _FILE_LINK_INFORMATION
1868	{
1869	union
1870	{
1871	BOOLEAN ReplaceIfExists;
1872	ULONG Flags;
1873	};
1874	HANDLE RootDirectory;
1875	ULONG FileNameLength;
1876	WCHAR FileName[1];
1877	} FILE_LINK_INFORMATION;
1878	typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1879	typedef struct _FILE_NAMES_INFORMATION
1880	{
1881	ULONG NextEntryOffset;
1882	ULONG FileIndex;
1883	ULONG FileNameLength;
1884	WCHAR FileName[1];
1885	} FILE_NAMES_INFORMATION;
1886	typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1887	typedef struct _FILE_DISPOSITION_INFORMATION
1888	{
1889	BOOLEAN DeleteFile;
1890	} FILE_DISPOSITION_INFORMATION;
1891	typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1892	typedef struct _FILE_POSITION_INFORMATION
1893	{
1894	LARGE_INTEGER CurrentByteOffset;
1895	} FILE_POSITION_INFORMATION;
1896	typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1897	typedef struct _FILE_FULL_EA_INFORMATION
1898	{
1899	ULONG NextEntryOffset;
1900	UCHAR Flags;
1901	UCHAR EaNameLength;
1902	USHORT EaValueLength;
1903	CHAR EaName[1];
1904	} FILE_FULL_EA_INFORMATION;
1905	typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1906	typedef struct _FILE_MODE_INFORMATION
1907	{
1908	ULONG Mode;
1909	} FILE_MODE_INFORMATION;
1910	typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1911	typedef struct _FILE_ALIGNMENT_INFORMATION
1912	{
1913	ULONG AlignmentRequirement;
1914	} FILE_ALIGNMENT_INFORMATION;
1915	typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1916	typedef struct _FILE_ALL_INFORMATION
1917	{
1918	FILE_BASIC_INFORMATION BasicInformation;
1919	FILE_STANDARD_INFORMATION StandardInformation;
1920	FILE_INTERNAL_INFORMATION InternalInformation;
1921	FILE_EA_INFORMATION EaInformation;
1922	FILE_ACCESS_INFORMATION AccessInformation;
1923	FILE_POSITION_INFORMATION PositionInformation;
1924	FILE_MODE_INFORMATION ModeInformation;
1925	FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1926	FILE_NAME_INFORMATION NameInformation;
1927	} FILE_ALL_INFORMATION;
1928	typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1929	typedef struct _FILE_ALLOCATION_INFORMATION
1930	{
1931	LARGE_INTEGER AllocationSize;
1932	} FILE_ALLOCATION_INFORMATION;
1933	typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1934	typedef struct _FILE_END_OF_FILE_INFORMATION
1935	{
1936	LARGE_INTEGER EndOfFile;
1937	} FILE_END_OF_FILE_INFORMATION;
1938	typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1939	typedef struct _FILE_STREAM_INFORMATION
1940	{
1941	ULONG NextEntryOffset;
1942	ULONG StreamNameLength;
1943	LARGE_INTEGER StreamSize;
1944	LARGE_INTEGER StreamAllocationSize;
1945	WCHAR StreamName[1];
1946	} FILE_STREAM_INFORMATION;
1947	typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
1948	typedef struct _FILE_PIPE_INFORMATION
1949	{
1950	ULONG ReadMode;
1951	ULONG CompletionMode;
1952	} FILE_PIPE_INFORMATION;
1953	typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
1954
1955	typedef struct _FILE_PIPE_LOCAL_INFORMATION
1956	{
1957	ULONG NamedPipeType;
1958	ULONG NamedPipeConfiguration;
1959	ULONG MaximumInstances;
1960	ULONG CurrentInstances;
1961	ULONG InboundQuota;
1962	ULONG ReadDataAvailable;
1963	ULONG OutboundQuota;
1964	ULONG WriteQuotaAvailable;
1965	ULONG NamedPipeState;
1966	ULONG NamedPipeEnd;
1967	} FILE_PIPE_LOCAL_INFORMATION;
1968	typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
1969
1970	typedef struct _FILE_PIPE_REMOTE_INFORMATION
1971	{
1972	LARGE_INTEGER CollectDataTime;
1973	ULONG MaximumCollectionCount;
1974	} FILE_PIPE_REMOTE_INFORMATION;
1975	typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
1976	typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
1977	{
1978	ULONG MaximumMessageSize;
1979	ULONG MailslotQuota;
1980	ULONG NextMessageSize;
1981	ULONG MessagesAvailable;
1982	LARGE_INTEGER ReadTimeout;
1983	} FILE_MAILSLOT_QUERY_INFORMATION;
1984	typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
1985	typedef struct _FILE_MAILSLOT_SET_INFORMATION
1986	{
1987	PLARGE_INTEGER ReadTimeout;
1988	} FILE_MAILSLOT_SET_INFORMATION;
1989	typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
1990	typedef struct _FILE_COMPRESSION_INFORMATION
1991	{
1992	LARGE_INTEGER CompressedFileSize;
1993	USHORT CompressionFormat;
1994	UCHAR CompressionUnitShift;
1995	UCHAR ChunkShift;
1996	UCHAR ClusterShift;
1997	UCHAR Reserved[3];
1998	} FILE_COMPRESSION_INFORMATION;
1999	typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2000	typedef struct _FILE_OBJECTID_INFORMATION
2001	{
2002	LONGLONG FileReference;
2003	UCHAR ObjectId[16];
2004	union
2005	{
2006	struct
2007	{
2008	UCHAR BirthVolumeId[16];
2009	UCHAR BirthObjectId[16];
2010	UCHAR DomainId[16];
2011	};
2012	UCHAR ExtendedInfo[48];
2013	};
2014	} FILE_OBJECTID_INFORMATION;
2015	typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2016	typedef struct _FILE_COMPLETION_INFORMATION
2017	{
2018	HANDLE Port;
2019	PVOID Key;
2020	} FILE_COMPLETION_INFORMATION;
2021	typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2022	typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2023	{
2024	ULONG ClusterCount;
2025	HANDLE RootDirectory;
2026	ULONG FileNameLength;
2027	WCHAR FileName[1];
2028	} FILE_MOVE_CLUSTER_INFORMATION;
2029	typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2030	typedef struct _FILE_QUOTA_INFORMATION
2031	{
2032	ULONG NextEntryOffset;
2033	ULONG SidLength;
2034	LARGE_INTEGER ChangeTime;
2035	LARGE_INTEGER QuotaUsed;
2036	LARGE_INTEGER QuotaThreshold;
2037	LARGE_INTEGER QuotaLimit;
2038	SID Sid;
2039	} FILE_QUOTA_INFORMATION;
2040	typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2041	typedef struct _FILE_REPARSE_POINT_INFORMATION
2042	{
2043	LONGLONG FileReference;
2044	ULONG Tag;
2045	} FILE_REPARSE_POINT_INFORMATION;
2046	typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2047	typedef struct _FILE_NETWORK_OPEN_INFORMATION
2048	{
2049	LARGE_INTEGER CreationTime;
2050	LARGE_INTEGER LastAccessTime;
2051	LARGE_INTEGER LastWriteTime;
2052	LARGE_INTEGER ChangeTime;
2053	LARGE_INTEGER AllocationSize;
2054	LARGE_INTEGER EndOfFile;
2055	ULONG FileAttributes;
2056	} FILE_NETWORK_OPEN_INFORMATION;
2057	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2058	typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2059	{
2060	ULONG FileAttributes;
2061	ULONG ReparseTag;
2062	} FILE_ATTRIBUTE_TAG_INFORMATION;
2063	typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2064	typedef struct _FILE_TRACKING_INFORMATION
2065	{
2066	HANDLE DestinationFile;
2067	ULONG ObjectInformationLength;
2068	CHAR ObjectInformation[1];
2069	} FILE_TRACKING_INFORMATION;
2070	typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2071	typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2072	{
2073	ULONG NextEntryOffset;
2074	ULONG FileIndex;
2075	LARGE_INTEGER CreationTime;
2076	LARGE_INTEGER LastAccessTime;
2077	LARGE_INTEGER LastWriteTime;
2078	LARGE_INTEGER ChangeTime;
2079	LARGE_INTEGER EndOfFile;
2080	LARGE_INTEGER AllocationSize;
2081	ULONG FileAttributes;
2082	ULONG FileNameLength;
2083	ULONG EaSize;
2084	CCHAR ShortNameLength;
2085	WCHAR ShortName[12];
2086	LARGE_INTEGER FileId;
2087	WCHAR FileName[1];
2088	} FILE_ID_BOTH_DIR_INFORMATION;
2089	typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2090	typedef struct _FILE_ID_FULL_DIR_INFORMATION
2091	{
2092	ULONG NextEntryOffset;
2093	ULONG FileIndex;
2094	LARGE_INTEGER CreationTime;
2095	LARGE_INTEGER LastAccessTime;
2096	LARGE_INTEGER LastWriteTime;
2097	LARGE_INTEGER ChangeTime;
2098	LARGE_INTEGER EndOfFile;
2099	LARGE_INTEGER AllocationSize;
2100	ULONG FileAttributes;
2101	ULONG FileNameLength;
2102	ULONG EaSize;
2103	LARGE_INTEGER FileId;
2104	WCHAR FileName[1];
2105	} FILE_ID_FULL_DIR_INFORMATION;
2106	typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2107	typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2108	{
2109	LARGE_INTEGER ValidDataLength;
2110	} FILE_VALID_DATA_LENGTH_INFORMATION;
2111	typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2112	typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2113	{
2114	ULONG Flags;
2115	} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2116	typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2117	typedef enum _IO_PRIORITY_HINT
2118	{
2119	IoPriorityVeryLow = 0,
2120	IoPriorityLow,
2121	IoPriorityNormal,
2122	IoPriorityHigh,
2123	IoPriorityCritical,
2124	MaxIoPriorityTypes
2125	} IO_PRIORITY_HINT;
2126	AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2127	typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2128	{
2129	IO_PRIORITY_HINT PriorityHint;
2130	} FILE_IO_PRIORITY_HINT_INFORMATION;
2131	typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2132	typedef struct _FILE_SFIO_RESERVE_INFORMATION
2133	{
2134	ULONG RequestsPerPeriod;
2135	ULONG Period;
2136	BOOLEAN RetryFailures;
2137	BOOLEAN Discardable;
2138	ULONG RequestSize;
2139	ULONG NumOutstandingRequests;
2140	} FILE_SFIO_RESERVE_INFORMATION;
2141	typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2142	typedef struct _FILE_SFIO_VOLUME_INFORMATION
2143	{
2144	ULONG MaximumRequestsPerPeriod;
2145	ULONG MinimumPeriod;
2146	ULONG MinimumTransferSize;
2147	} FILE_SFIO_VOLUME_INFORMATION;
2148	typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2149	typedef struct _FILE_LINK_ENTRY_INFORMATION
2150	{
2151	ULONG NextEntryOffset;
2152	LONGLONG ParentFileId;
2153	ULONG FileNameLength;
2154	WCHAR FileName[1];
2155	} FILE_LINK_ENTRY_INFORMATION;
2156	typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2157	typedef struct _FILE_LINKS_INFORMATION
2158	{
2159	ULONG BytesNeeded;
2160	ULONG EntriesReturned;
2161	FILE_LINK_ENTRY_INFORMATION Entry;
2162	} FILE_LINKS_INFORMATION;
2163	typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2164	typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2165	{
2166	ULONG NumberOfProcessIdsInList;
2167	ULONG_PTR ProcessIdList[1];
2168	} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2169	typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2170	typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2171	{
2172	ULONG NextEntryOffset;
2173	ULONG FileIndex;
2174	LARGE_INTEGER CreationTime;
2175	LARGE_INTEGER LastAccessTime;
2176	LARGE_INTEGER LastWriteTime;
2177	LARGE_INTEGER ChangeTime;
2178	LARGE_INTEGER EndOfFile;
2179	LARGE_INTEGER AllocationSize;
2180	ULONG FileAttributes;
2181	ULONG FileNameLength;
2182	LARGE_INTEGER FileId;
2183	GUID LockingTransactionId;
2184	ULONG TxInfoFlags;
2185	WCHAR FileName[1];
2186	} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2187	typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2188	typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2189	{
2190	BOOLEAN IsRemote;
2191	} FILE_IS_REMOTE_DEVICE_INFORMATION;
2192	typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2193	typedef struct _FILE_NUMA_NODE_INFORMATION
2194	{
2195	USHORT NodeNumber;
2196	} FILE_NUMA_NODE_INFORMATION;
2197	typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2198	typedef struct _FILE_STANDARD_LINK_INFORMATION
2199	{
2200	ULONG NumberOfAccessibleLinks;
2201	ULONG TotalNumberOfLinks;
2202	BOOLEAN DeletePending;
2203	BOOLEAN Directory;
2204	} FILE_STANDARD_LINK_INFORMATION;
2205	typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2206	typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2207	{
2208	USHORT StructureVersion;
2209	USHORT StructureSize;
2210	ULONG Protocol;
2211	USHORT ProtocolMajorVersion;
2212	USHORT ProtocolMinorVersion;
2213	USHORT ProtocolRevision;
2214	USHORT Reserved;
2215	ULONG Flags;
2216	struct
2217	{
2218	ULONG Reserved[8];
2219	} GenericReserved;
2220	struct
2221	{
2222	ULONG Reserved[16];
2223	} ProtocolSpecificReserved;
2224	} FILE_REMOTE_PROTOCOL_INFORMATION;
2225	typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2226	typedef struct _FILE_VOLUME_NAME_INFORMATION
2227	{
2228	ULONG DeviceNameLength;
2229	WCHAR DeviceName[1];
2230	} FILE_VOLUME_NAME_INFORMATION;
2231	typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2232	# ifndef FILE_INVALID_FILE_ID
2233	typedef struct _FILE_ID_128
2234	{
2235	BYTE Identifier[16];
2236	} FILE_ID_128;
2237	typedef FILE_ID_128 *PFILE_ID_128;
2238	# endif
2239	typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2240	{
2241	ULONG NextEntryOffset;
2242	ULONG FileIndex;
2243	LARGE_INTEGER CreationTime;
2244	LARGE_INTEGER LastAccessTime;
2245	LARGE_INTEGER LastWriteTime;
2246	LARGE_INTEGER ChangeTime;
2247	LARGE_INTEGER EndOfFile;
2248	LARGE_INTEGER AllocationSize;
2249	ULONG FileAttributes;
2250	ULONG FileNameLength;
2251	ULONG EaSize;
2252	ULONG ReparsePointTag;
2253	FILE_ID_128 FileId;
2254	WCHAR FileName[1];
2255	} FILE_ID_EXTD_DIR_INFORMATION;
2256	typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2257	typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2258	{
2259	ULONG NextEntryOffset;
2260	ULONG FileIndex;
2261	LARGE_INTEGER CreationTime;
2262	LARGE_INTEGER LastAccessTime;
2263	LARGE_INTEGER LastWriteTime;
2264	LARGE_INTEGER ChangeTime;
2265	LARGE_INTEGER EndOfFile;
2266	LARGE_INTEGER AllocationSize;
2267	ULONG FileAttributes;
2268	ULONG FileNameLength;
2269	ULONG EaSize;
2270	ULONG ReparsePointTag;
2271	FILE_ID_128 FileId;
2272	CCHAR ShortNameLength;
2273	WCHAR ShortName[12];
2274	WCHAR FileName[1];
2275	} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2276	typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2277	typedef struct _FILE_ID_INFORMATION
2278	{
2279	ULONGLONG VolumeSerialNumber;
2280	FILE_ID_128 FileId;
2281	} FILE_ID_INFORMATION;
2282	typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2283	typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2284	{
2285	ULONG NextEntryOffset;
2286	FILE_ID_128 ParentFileId;
2287	ULONG FileNameLength;
2288	WCHAR FileName[1];
2289	} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2290	typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2291	typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2292	ULONG BytesNeeded;
2293	ULONG EntriesReturned;
2294	FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2295	} FILE_LINKS_FULL_ID_INFORMATION;
2296	typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2297	typedef struct _FILE_DISPOSITION_INFORMATION_EX
2298	{
2299	ULONG Flags;
2300	} FILE_DISPOSITION_INFORMATION_EX;
2301	typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2302	# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2303	typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2304	{
2305	/FILE_STORAGE_TIER_CLASS/ ULONG Class;
2306	ULONG Flags;
2307	} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2308	typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2309	# endif
2310	typedef struct _FILE_STAT_INFORMATION
2311	{
2312	LARGE_INTEGER FileId;
2313	LARGE_INTEGER CreationTime;
2314	LARGE_INTEGER LastAccessTime;
2315	LARGE_INTEGER LastWriteTime;
2316	LARGE_INTEGER ChangeTime;
2317	LARGE_INTEGER AllocationSize;
2318	LARGE_INTEGER EndOfFile;
2319	ULONG FileAttributes;
2320	ULONG ReparseTag;
2321	ULONG NumberOfLinks;
2322	ACCESS_MASK EffectiveAccess;
2323	} FILE_STAT_INFORMATION;
2324	typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2325	typedef struct _FILE_STAT_LX_INFORMATION
2326	{
2327	LARGE_INTEGER FileId;
2328	LARGE_INTEGER CreationTime;
2329	LARGE_INTEGER LastAccessTime;
2330	LARGE_INTEGER LastWriteTime;
2331	LARGE_INTEGER ChangeTime;
2332	LARGE_INTEGER AllocationSize;
2333	LARGE_INTEGER EndOfFile;
2334	ULONG FileAttributes;
2335	ULONG ReparseTag;
2336	ULONG NumberOfLinks;
2337	ACCESS_MASK EffectiveAccess;
2338	ULONG LxFlags;
2339	ULONG LxUid;
2340	ULONG LxGid;
2341	ULONG LxMode;
2342	ULONG LxDeviceIdMajor;
2343	ULONG LxDeviceIdMinor;
2344	} FILE_STAT_LX_INFORMATION;
2345	typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2346	typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2347	{
2348	ULONG Flags;
2349	} FILE_CASE_SENSITIVE_INFORMATION;
2350	typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2351
2352	typedef enum _FILE_INFORMATION_CLASS
2353	{
2354	FileDirectoryInformation = 1,
2355	FileFullDirectoryInformation,
2356	FileBothDirectoryInformation,
2357	FileBasicInformation,
2358	FileStandardInformation,
2359	FileInternalInformation,
2360	FileEaInformation,
2361	FileAccessInformation,
2362	FileNameInformation,
2363	FileRenameInformation,
2364	FileLinkInformation,
2365	FileNamesInformation,
2366	FileDispositionInformation,
2367	FilePositionInformation,
2368	FileFullEaInformation,
2369	FileModeInformation,
2370	FileAlignmentInformation,
2371	FileAllInformation,
2372	FileAllocationInformation,
2373	FileEndOfFileInformation,
2374	FileAlternateNameInformation,
2375	FileStreamInformation,
2376	FilePipeInformation,
2377	FilePipeLocalInformation,
2378	FilePipeRemoteInformation,
2379	FileMailslotQueryInformation,
2380	FileMailslotSetInformation,
2381	FileCompressionInformation,
2382	FileObjectIdInformation,
2383	FileCompletionInformation,
2384	FileMoveClusterInformation,
2385	FileQuotaInformation,
2386	FileReparsePointInformation,
2387	FileNetworkOpenInformation,
2388	FileAttributeTagInformation,
2389	FileTrackingInformation,
2390	FileIdBothDirectoryInformation,
2391	FileIdFullDirectoryInformation,
2392	FileValidDataLengthInformation,
2393	FileShortNameInformation,
2394	FileIoCompletionNotificationInformation,
2395	FileIoStatusBlockRangeInformation,
2396	FileIoPriorityHintInformation,
2397	FileSfioReserveInformation,
2398	FileSfioVolumeInformation,
2399	FileHardLinkInformation,
2400	FileProcessIdsUsingFileInformation,
2401	FileNormalizedNameInformation,
2402	FileNetworkPhysicalNameInformation,
2403	FileIdGlobalTxDirectoryInformation,
2404	FileIsRemoteDeviceInformation,
2405	FileUnusedInformation,
2406	FileNumaNodeInformation,
2407	FileStandardLinkInformation,
2408	FileRemoteProtocolInformation,
2409	/* Defined with Windows 10: */
2410	FileRenameInformationBypassAccessCheck,
2411	FileLinkInformationBypassAccessCheck,
2412	FileVolumeNameInformation,
2413	FileIdInformation,
2414	FileIdExtdDirectoryInformation,
2415	FileReplaceCompletionInformation,
2416	FileHardLinkFullIdInformation,
2417	FileIdExtdBothDirectoryInformation,
2418	FileDispositionInformationEx,
2419	FileRenameInformationEx,
2420	FileRenameInformationExBypassAccessCheck,
2421	FileDesiredStorageClassInformation,
2422	FileStatInformation,
2423	FileMemoryPartitionInformation,
2424	FileStatLxInformation,
2425	FileCaseSensitiveInformation,
2426	FileLinkInformationEx,
2427	FileLinkInformationExBypassAccessCheck,
2428	FileStorageReserveIdInformation,
2429	FileCaseSensitiveInformationForceAccessCheck,
2430	FileMaximumInformation
2431	} FILE_INFORMATION_CLASS;
2432	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2433	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2434	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2435	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2436	NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2437	#endif /* IPRT_NT_USE_WINTERNL */
2438	NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2439	NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2440
2441
2442	/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2443	* @{ */
2444	#ifndef SE_GROUP_MANDATORY
2445	# define SE_GROUP_MANDATORY UINT32_C(0x01)
2446	#endif
2447	#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2448	# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2449	#endif
2450	#ifndef SE_GROUP_ENABLED
2451	# define SE_GROUP_ENABLED UINT32_C(0x04)
2452	#endif
2453	#ifndef SE_GROUP_OWNER
2454	# define SE_GROUP_OWNER UINT32_C(0x08)
2455	#endif
2456	#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2457	# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2458	#endif
2459	#ifndef SE_GROUP_INTEGRITY
2460	# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2461	#endif
2462	#ifndef SE_GROUP_INTEGRITY_ENABLED
2463	# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2464	#endif
2465	#ifndef SE_GROUP_RESOURCE
2466	# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2467	#endif
2468	#ifndef SE_GROUP_LOGON_ID
2469	# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2470	#endif
2471	/** @} */
2472
2473
2474	#ifdef IPRT_NT_USE_WINTERNL
2475
2476	/** For use with KeyBasicInformation. */
2477	typedef struct _KEY_BASIC_INFORMATION
2478	{
2479	LARGE_INTEGER LastWriteTime;
2480	ULONG TitleIndex;
2481	ULONG NameLength;
2482	WCHAR Name[1];
2483	} KEY_BASIC_INFORMATION;
2484	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2485
2486	/** For use with KeyNodeInformation. */
2487	typedef struct _KEY_NODE_INFORMATION
2488	{
2489	LARGE_INTEGER LastWriteTime;
2490	ULONG TitleIndex;
2491	ULONG ClassOffset; /*< Offset from the start of the structure. /
2492	ULONG ClassLength;
2493	ULONG NameLength;
2494	WCHAR Name[1];
2495	} KEY_NODE_INFORMATION;
2496	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2497
2498	/** For use with KeyFullInformation. */
2499	typedef struct _KEY_FULL_INFORMATION
2500	{
2501	LARGE_INTEGER LastWriteTime;
2502	ULONG TitleIndex;
2503	ULONG ClassOffset; /*< Offset of the Class member. /
2504	ULONG ClassLength;
2505	ULONG SubKeys;
2506	ULONG MaxNameLen;
2507	ULONG MaxClassLen;
2508	ULONG Values;
2509	ULONG MaxValueNameLen;
2510	ULONG MaxValueDataLen;
2511	WCHAR Class[1];
2512	} KEY_FULL_INFORMATION;
2513	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2514
2515	/** For use with KeyNameInformation. */
2516	typedef struct _KEY_NAME_INFORMATION
2517	{
2518	ULONG NameLength;
2519	WCHAR Name[1];
2520	} KEY_NAME_INFORMATION;
2521	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2522
2523	/** For use with KeyCachedInformation. */
2524	typedef struct _KEY_CACHED_INFORMATION
2525	{
2526	LARGE_INTEGER LastWriteTime;
2527	ULONG TitleIndex;
2528	ULONG SubKeys;
2529	ULONG MaxNameLen;
2530	ULONG Values;
2531	ULONG MaxValueNameLen;
2532	ULONG MaxValueDataLen;
2533	ULONG NameLength;
2534	} KEY_CACHED_INFORMATION;
2535	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2536
2537	/** For use with KeyVirtualizationInformation. */
2538	typedef struct _KEY_VIRTUALIZATION_INFORMATION
2539	{
2540	ULONG VirtualizationCandidate : 1;
2541	ULONG VirtualizationEnabled : 1;
2542	ULONG VirtualTarget : 1;
2543	ULONG VirtualStore : 1;
2544	ULONG VirtualSource : 1;
2545	ULONG Reserved : 27;
2546	} KEY_VIRTUALIZATION_INFORMATION;
2547	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2548
2549	typedef enum _KEY_INFORMATION_CLASS
2550	{
2551	KeyBasicInformation = 0,
2552	KeyNodeInformation,
2553	KeyFullInformation,
2554	KeyNameInformation,
2555	KeyCachedInformation,
2556	KeyFlagsInformation,
2557	KeyVirtualizationInformation,
2558	KeyHandleTagsInformation,
2559	MaxKeyInfoClass
2560	} KEY_INFORMATION_CLASS;
2561	NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2562	NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2563
2564	typedef struct _MEMORY_SECTION_NAME
2565	{
2566	UNICODE_STRING SectionFileName;
2567	WCHAR NameBuffer[1];
2568	} MEMORY_SECTION_NAME;
2569
2570	#ifdef IPRT_NT_USE_WINTERNL
2571	typedef struct _PROCESS_BASIC_INFORMATION
2572	{
2573	NTSTATUS ExitStatus;
2574	PPEB PebBaseAddress;
2575	ULONG_PTR AffinityMask;
2576	int32_t BasePriority;
2577	ULONG_PTR UniqueProcessId;
2578	ULONG_PTR InheritedFromUniqueProcessId;
2579	} PROCESS_BASIC_INFORMATION;
2580	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2581	#endif
2582
2583	typedef enum _PROCESSINFOCLASS
2584	{
2585	ProcessBasicInformation = 0, /*< 0 / 0x00 /
2586	ProcessQuotaLimits, /*< 1 / 0x01 /
2587	ProcessIoCounters, /*< 2 / 0x02 /
2588	ProcessVmCounters, /*< 3 / 0x03 /
2589	ProcessTimes, /*< 4 / 0x04 /
2590	ProcessBasePriority, /*< 5 / 0x05 /
2591	ProcessRaisePriority, /*< 6 / 0x06 /
2592	ProcessDebugPort, /*< 7 / 0x07 /
2593	ProcessExceptionPort, /*< 8 / 0x08 /
2594	ProcessAccessToken, /*< 9 / 0x09 /
2595	ProcessLdtInformation, /*< 10 / 0x0a /
2596	ProcessLdtSize, /*< 11 / 0x0b /
2597	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
2598	ProcessIoPortHandlers, /*< 13 / 0x0d /
2599	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
2600	ProcessWorkingSetWatch, /*< 15 / 0x0f /
2601	ProcessUserModeIOPL, /*< 16 / 0x10 /
2602	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
2603	ProcessPriorityClass, /*< 18 / 0x12 /
2604	ProcessWx86Information, /*< 19 / 0x13 /
2605	ProcessHandleCount, /*< 20 / 0x14 /
2606	ProcessAffinityMask, /*< 21 / 0x15 /
2607	ProcessPriorityBoost, /*< 22 / 0x16 /
2608	ProcessDeviceMap, /*< 23 / 0x17 /
2609	ProcessSessionInformation, /*< 24 / 0x18 /
2610	ProcessForegroundInformation, /*< 25 / 0x19 /
2611	ProcessWow64Information, /*< 26 / 0x1a /
2612	ProcessImageFileName, /*< 27 / 0x1b /
2613	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
2614	ProcessBreakOnTermination, /*< 29 / 0x1d /
2615	ProcessDebugObjectHandle, /*< 30 / 0x1e /
2616	ProcessDebugFlags, /*< 31 / 0x1f /
2617	ProcessHandleTracing, /*< 32 / 0x20 /
2618	ProcessIoPriority, /*< 33 / 0x21 /
2619	ProcessExecuteFlags, /*< 34 / 0x22 /
2620	ProcessTlsInformation, /*< 35 / 0x23 /
2621	ProcessCookie, /*< 36 / 0x24 /
2622	ProcessImageInformation, /*< 37 / 0x25 /
2623	ProcessCycleTime, /*< 38 / 0x26 /
2624	ProcessPagePriority, /*< 39 / 0x27 /
2625	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
2626	ProcessThreadStackAllocation, /*< 41 / 0x29 /
2627	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
2628	ProcessImageFileNameWin32, /*< 43 / 0x2b /
2629	ProcessImageFileMapping, /*< 44 / 0x2c /
2630	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
2631	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
2632	ProcessGroupInformation, /*< 47 / 0x2f /
2633	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
2634	ProcessOwnerInformation, /*< 49 / 0x31 /
2635	ProcessWindowInformation, /*< 50 / 0x32 /
2636	ProcessHandleInformation, /*< 51 / 0x33 /
2637	ProcessMitigationPolicy, /*< 52 / 0x34 /
2638	ProcessDynamicFunctionTableInformation, /*< 53 / 0x35 /
2639	ProcessHandleCheckingMode, /*< 54 / 0x36 /
2640	ProcessKeepAliveCount, /*< 55 / 0x37 /
2641	ProcessRevokeFileHandles, /*< 56 / 0x38 /
2642	ProcessWorkingSetControl, /*< 57 / 0x39 /
2643	ProcessHandleTable, /*< 58 / 0x3a /
2644	ProcessCheckStackExtentsMode, /*< 59 / 0x3b /
2645	ProcessCommandLineInformation, /*< 60 / 0x3c /
2646	ProcessProtectionInformation, /*< 61 / 0x3d /
2647	ProcessMemoryExhaustion, /*< 62 / 0x3e /
2648	ProcessFaultInformation, /*< 63 / 0x3f /
2649	ProcessTelemetryIdInformation, /*< 64 / 0x40 /
2650	ProcessCommitReleaseInformation, /*< 65 / 0x41 /
2651	ProcessDefaultCpuSetsInformation, /*< 66 / 0x42 - aka ProcessReserved1Information /
2652	ProcessAllowedCpuSetsInformation, /*< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 /
2653	ProcessSubsystemProcess, /*< 68 / 0x44 /
2654	ProcessJobMemoryInformation, /*< 69 / 0x45 /
2655	ProcessInPrivate, /*< 70 / 0x46 /
2656	ProcessRaiseUMExceptionOnInvalidHandleClose,/*< 71 / 0x47 /
2657	ProcessIumChallengeResponse, /*< 72 / 0x48 /
2658	ProcessChildProcessInformation, /*< 73 / 0x49 /
2659	ProcessHighGraphicsPriorityInformation, /*< 74 / 0x4a /
2660	ProcessSubsystemInformation, /*< 75 / 0x4b /
2661	ProcessEnergyValues, /*< 76 / 0x4c /
2662	ProcessPowerThrottlingState, /*< 77 / 0x4d /
2663	ProcessReserved3Information, /*< 78 / 0x4e /
2664	ProcessWin32kSyscallFilterInformation, /*< 79 / 0x4f /
2665	ProcessDisableSystemAllowedCpuSets, /*< 80 / 0x50 /
2666	ProcessWakeInformation, /*< 81 / 0x51 /
2667	ProcessEnergyTrackingState, /*< 82 / 0x52 /
2668	ProcessManageWritesToExecutableMemory, /*< 83 / 0x53 /
2669	ProcessCaptureTrustletLiveDump, /*< 84 / 0x54 /
2670	ProcessTelemetryCoverage, /*< 85 / 0x55 /
2671	ProcessEnclaveInformation, /*< 86 / 0x56 /
2672	ProcessEnableReadWriteVmLogging, /*< 87 / 0x57 /
2673	ProcessUptimeInformation, /*< 88 / 0x58 /
2674	ProcessImageSection, /*< 89 / 0x59 /
2675	ProcessDebugAuthInformation, /*< 90 / 0x5a /
2676	ProcessSystemResourceManagement, /*< 92 / 0x5b /
2677	ProcessSequenceNumber, /*< 93 / 0x5c /
2678	MaxProcessInfoClass
2679	} PROCESSINFOCLASS;
2680	AssertCompile(ProcessSequenceNumber == 0x5c);
2681	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2682	#if ARCH_BITS == 32
2683	/** 64-bit API pass thru to WOW64 processes. */
2684	NTSYSAPI NTSTATUS NTAPI NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2685	#endif
2686
2687	typedef enum _THREADINFOCLASS
2688	{
2689	ThreadBasicInformation = 0,
2690	ThreadTimes,
2691	ThreadPriority,
2692	ThreadBasePriority,
2693	ThreadAffinityMask,
2694	ThreadImpersonationToken,
2695	ThreadDescriptorTableEntry,
2696	ThreadEnableAlignmentFaultFixup,
2697	ThreadEventPair_Reusable,
2698	ThreadQuerySetWin32StartAddress,
2699	ThreadZeroTlsCell,
2700	ThreadPerformanceCount,
2701	ThreadAmILastThread,
2702	ThreadIdealProcessor,
2703	ThreadPriorityBoost,
2704	ThreadSetTlsArrayAddress,
2705	ThreadIsIoPending,
2706	ThreadHideFromDebugger,
2707	ThreadBreakOnTermination,
2708	ThreadSwitchLegacyState,
2709	ThreadIsTerminated,
2710	ThreadLastSystemCall,
2711	ThreadIoPriority,
2712	ThreadCycleTime,
2713	ThreadPagePriority,
2714	ThreadActualBasePriority,
2715	ThreadTebInformation,
2716	ThreadCSwitchMon,
2717	ThreadCSwitchPmu,
2718	ThreadWow64Context,
2719	ThreadGroupInformation,
2720	ThreadUmsInformation,
2721	ThreadCounterProfiling,
2722	ThreadIdealProcessorEx,
2723	ThreadCpuAccountingInformation,
2724	MaxThreadInfoClass
2725	} THREADINFOCLASS;
2726	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2727
2728	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2729	NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2730
2731	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2732	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2733	NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2734	NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2735
2736	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2737	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2738
2739	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2740	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
2741	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
2742	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2743	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
2744	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
2745	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2746	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2747	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
2748
2749	#endif /* IPRT_NT_USE_WINTERNL */
2750
2751	/** For use with ObjectHandleFlagInformation. */
2752	typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2753	{
2754	BOOLEAN Inherit;
2755	BOOLEAN ProtectFromClose;
2756	} OBJECT_HANDLE_FLAG_INFORMATION;
2757	typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2758
2759	typedef enum _OBJECT_INFORMATION_CLASS
2760	{
2761	ObjectBasicInformation = 0,
2762	ObjectNameInformation,
2763	ObjectTypeInformation,
2764	ObjectAllInformation,
2765	ObjectHandleFlagInformation,
2766	ObjectSessionInformation,
2767	MaxObjectInfoClass
2768	} OBJECT_INFORMATION_CLASS;
2769	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2770	#ifdef IN_RING0
2771	# define NtQueryObject ZwQueryObject
2772	#endif
2773	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2774	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2775	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2776
2777	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2778
2779	typedef struct _OBJECT_DIRECTORY_INFORMATION
2780	{
2781	UNICODE_STRING Name;
2782	UNICODE_STRING TypeName;
2783	} OBJECT_DIRECTORY_INFORMATION;
2784	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2785	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2786
2787	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
2788	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
2789	/** @name ProcessDefaultHardErrorMode bit definitions.
2790	* @{ */
2791	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
2792	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2793	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2794	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2795	/** @} */
2796	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2797	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
2798
2799	/** Returned by NtQUerySection with SectionBasicInformation. */
2800	typedef struct _SECTION_BASIC_INFORMATION
2801	{
2802	PVOID BaseAddress;
2803	ULONG AllocationAttributes;
2804	LARGE_INTEGER MaximumSize;
2805	} SECTION_BASIC_INFORMATION;
2806	typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2807
2808	/** Retured by ProcessImageInformation as well as NtQuerySection. */
2809	typedef struct _SECTION_IMAGE_INFORMATION
2810	{
2811	PVOID TransferAddress;
2812	ULONG ZeroBits;
2813	SIZE_T MaximumStackSize;
2814	SIZE_T CommittedStackSize;
2815	ULONG SubSystemType;
2816	union
2817	{
2818	struct
2819	{
2820	USHORT SubSystemMinorVersion;
2821	USHORT SubSystemMajorVersion;
2822	};
2823	ULONG SubSystemVersion;
2824	};
2825	ULONG GpValue;
2826	USHORT ImageCharacteristics;
2827	USHORT DllCharacteristics;
2828	USHORT Machine;
2829	BOOLEAN ImageContainsCode;
2830	union /*< Since Vista, used to be a spare BOOLEAN. /
2831	{
2832	struct
2833	{
2834	UCHAR ComPlusNativeRead : 1;
2835	UCHAR ComPlusILOnly : 1;
2836	UCHAR ImageDynamicallyRelocated : 1;
2837	UCHAR ImageMAppedFlat : 1;
2838	UCHAR Reserved : 4;
2839	};
2840	UCHAR ImageFlags;
2841	};
2842	ULONG LoaderFlags;
2843	ULONG ImageFileSize; /*< Since XP? /
2844	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
2845	} SECTION_IMAGE_INFORMATION;
2846	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2847
2848	typedef enum _SECTION_INFORMATION_CLASS
2849	{
2850	SectionBasicInformation = 0,
2851	SectionImageInformation,
2852	MaxSectionInfoClass
2853	} SECTION_INFORMATION_CLASS;
2854	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2855
2856	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2857	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2858	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2859	#ifndef SYMBOLIC_LINK_QUERY
2860	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2861	#endif
2862	#ifndef SYMBOLIC_LINK_ALL_ACCESS
2863	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
2864	#endif
2865
2866	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2867	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2868	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2869	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2870	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2871	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2872	NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(void);
2873
2874
2875	#ifndef SEC_FILE
2876	# define SEC_FILE UINT32_C(0x00800000)
2877	#endif
2878	#ifndef SEC_IMAGE
2879	# define SEC_IMAGE UINT32_C(0x01000000)
2880	#endif
2881	#ifndef SEC_PROTECTED_IMAGE
2882	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2883	#endif
2884	#ifndef SEC_NOCACHE
2885	# define SEC_NOCACHE UINT32_C(0x10000000)
2886	#endif
2887	#ifndef MEM_ROTATE
2888	# define MEM_ROTATE UINT32_C(0x00800000)
2889	#endif
2890	typedef enum _MEMORY_INFORMATION_CLASS
2891	{
2892	MemoryBasicInformation = 0,
2893	MemoryWorkingSetList,
2894	MemorySectionName,
2895	MemoryBasicVlmInformation
2896	} MEMORY_INFORMATION_CLASS;
2897	#ifdef IN_RING0
2898	typedef struct _MEMORY_BASIC_INFORMATION
2899	{
2900	PVOID BaseAddress;
2901	PVOID AllocationBase;
2902	ULONG AllocationProtect;
2903	SIZE_T RegionSize;
2904	ULONG State;
2905	ULONG Protect;
2906	ULONG Type;
2907	} MEMORY_BASIC_INFORMATION;
2908	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2909	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2910	#endif
2911	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2912	#ifdef IPRT_NT_USE_WINTERNL
2913	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2914	#endif
2915	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2916	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2917
2918	typedef enum _SYSTEM_INFORMATION_CLASS
2919	{
2920	SystemBasicInformation = 0,
2921	SystemCpuInformation,
2922	SystemPerformanceInformation,
2923	SystemTimeOfDayInformation,
2924	SystemInformation_Unknown_4,
2925	SystemProcessInformation,
2926	SystemInformation_Unknown_6,
2927	SystemInformation_Unknown_7,
2928	SystemProcessorPerformanceInformation,
2929	SystemInformation_Unknown_9,
2930	SystemInformation_Unknown_10,
2931	SystemModuleInformation,
2932	SystemInformation_Unknown_12,
2933	SystemInformation_Unknown_13,
2934	SystemInformation_Unknown_14,
2935	SystemInformation_Unknown_15,
2936	SystemHandleInformation,
2937	SystemInformation_Unknown_17,
2938	SystemPageFileInformation,
2939	SystemInformation_Unknown_19,
2940	SystemInformation_Unknown_20,
2941	SystemCacheInformation,
2942	SystemInformation_Unknown_22,
2943	SystemInterruptInformation,
2944	SystemDpcBehaviourInformation,
2945	SystemFullMemoryInformation,
2946	SystemLoadGdiDriverInformation, /* 26 */
2947	SystemUnloadGdiDriverInformation, /* 27 */
2948	SystemTimeAdjustmentInformation,
2949	SystemSummaryMemoryInformation,
2950	SystemInformation_Unknown_30,
2951	SystemInformation_Unknown_31,
2952	SystemInformation_Unknown_32,
2953	SystemExceptionInformation,
2954	SystemCrashDumpStateInformation,
2955	SystemKernelDebuggerInformation,
2956	SystemContextSwitchInformation,
2957	SystemRegistryQuotaInformation,
2958	SystemInformation_Unknown_38,
2959	SystemInformation_Unknown_39,
2960	SystemInformation_Unknown_40,
2961	SystemInformation_Unknown_41,
2962	SystemInformation_Unknown_42,
2963	SystemInformation_Unknown_43,
2964	SystemCurrentTimeZoneInformation,
2965	SystemLookasideInformation,
2966	SystemSetTimeSlipEvent,
2967	SystemCreateSession,
2968	SystemDeleteSession,
2969	SystemInformation_Unknown_49,
2970	SystemRangeStartInformation,
2971	SystemVerifierInformation,
2972	SystemInformation_Unknown_52,
2973	SystemSessionProcessInformation,
2974	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2975	SystemInformation_Unknown_55,
2976	SystemInformation_Unknown_56,
2977	SystemExtendedProcessInformation,
2978	SystemInformation_Unknown_58,
2979	SystemInformation_Unknown_59,
2980	SystemInformation_Unknown_60,
2981	SystemInformation_Unknown_61,
2982	SystemInformation_Unknown_62,
2983	SystemInformation_Unknown_63,
2984	SystemExtendedHandleInformation, /* 64 */
2985	SystemInformation_Unknown_65,
2986	SystemInformation_Unknown_66,
2987	SystemInformation_Unknown_67,
2988	SystemInformation_Unknown_68,
2989	SystemInformation_HotPatchInfo, /* 69 */
2990	SystemInformation_Unknown_70,
2991	SystemInformation_Unknown_71,
2992	SystemInformation_Unknown_72,
2993	SystemInformation_Unknown_73,
2994	SystemInformation_Unknown_74,
2995	SystemInformation_Unknown_75,
2996	SystemInformation_Unknown_76,
2997	SystemInformation_Unknown_77,
2998	SystemInformation_Unknown_78,
2999	SystemInformation_Unknown_79,
3000	SystemInformation_Unknown_80,
3001	SystemInformation_Unknown_81,
3002	SystemInformation_Unknown_82,
3003	SystemInformation_Unknown_83,
3004	SystemInformation_Unknown_84,
3005	SystemInformation_Unknown_85,
3006	SystemInformation_Unknown_86,
3007	SystemInformation_Unknown_87,
3008	SystemInformation_Unknown_88,
3009	SystemInformation_Unknown_89,
3010	SystemInformation_Unknown_90,
3011	SystemInformation_Unknown_91,
3012	SystemInformation_Unknown_92,
3013	SystemInformation_Unknown_93,
3014	SystemInformation_Unknown_94,
3015	SystemInformation_Unknown_95,
3016	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3017	SystemInformation_Unknown_97,
3018	SystemInformation_Unknown_98,
3019	SystemInformation_Unknown_99,
3020	SystemInformation_Unknown_100,
3021	SystemInformation_Unknown_101,
3022	SystemInformation_Unknown_102,
3023	SystemInformation_Unknown_103,
3024	SystemInformation_Unknown_104,
3025	SystemInformation_Unknown_105,
3026	SystemInformation_Unknown_107,
3027	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3028
3029	/** @todo fill gap. they've added a whole bunch of things */
3030	SystemPolicyInformation = 134,
3031	SystemInformationClassMax
3032	} SYSTEM_INFORMATION_CLASS;
3033
3034	#ifdef IPRT_NT_USE_WINTERNL
3035	typedef struct _VM_COUNTERS
3036	{
3037	SIZE_T PeakVirtualSize;
3038	SIZE_T VirtualSize;
3039	ULONG PageFaultCount;
3040	SIZE_T PeakWorkingSetSize;
3041	SIZE_T WorkingSetSize;
3042	SIZE_T QuotaPeakPagedPoolUsage;
3043	SIZE_T QuotaPagedPoolUsage;
3044	SIZE_T QuotaPeakNonPagedPoolUsage;
3045	SIZE_T QuotaNonPagedPoolUsage;
3046	SIZE_T PagefileUsage;
3047	SIZE_T PeakPagefileUsage;
3048	} VM_COUNTERS;
3049	typedef VM_COUNTERS *PVM_COUNTERS;
3050	#endif
3051
3052	#if 0
3053	typedef struct _IO_COUNTERS
3054	{
3055	ULONGLONG ReadOperationCount;
3056	ULONGLONG WriteOperationCount;
3057	ULONGLONG OtherOperationCount;
3058	ULONGLONG ReadTransferCount;
3059	ULONGLONG WriteTransferCount;
3060	ULONGLONG OtherTransferCount;
3061	} IO_COUNTERS;
3062	typedef IO_COUNTERS *PIO_COUNTERS;
3063	#endif
3064
3065	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3066	{
3067	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
3068	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
3069	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
3070	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
3071	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
3072	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
3073	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
3074	int32_t BasePriority; /*< 0x40 / 0x48 /
3075	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
3076	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
3077	ULONG HandleCount; /*< 0x4c / 0x60 /
3078	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
3079	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
3080	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
3081	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
3082	/* After this follows the threads, then the ProcessName.Buffer. */
3083	} RTNT_SYSTEM_PROCESS_INFORMATION;
3084	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3085	#ifndef IPRT_NT_USE_WINTERNL
3086	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3087	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3088	#endif
3089
3090	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3091	{
3092	USHORT UniqueProcessId;
3093	USHORT CreatorBackTraceIndex;
3094	UCHAR ObjectTypeIndex;
3095	UCHAR HandleAttributes;
3096	USHORT HandleValue;
3097	PVOID Object;
3098	ULONG GrantedAccess;
3099	} SYSTEM_HANDLE_ENTRY_INFO;
3100	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3101
3102	/** Returned by SystemHandleInformation */
3103	typedef struct _SYSTEM_HANDLE_INFORMATION
3104	{
3105	ULONG NumberOfHandles;
3106	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3107	} SYSTEM_HANDLE_INFORMATION;
3108	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3109
3110	/** Extended handle information entry.
3111	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3112	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3113	{
3114	PVOID Object;
3115	HANDLE UniqueProcessId;
3116	HANDLE HandleValue;
3117	ACCESS_MASK GrantedAccess;
3118	USHORT CreatorBackTraceIndex;
3119	USHORT ObjectTypeIndex;
3120	ULONG HandleAttributes;
3121	ULONG Reserved;
3122	} SYSTEM_HANDLE_ENTRY_INFO_EX;
3123	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3124
3125	/** Returned by SystemExtendedHandleInformation. */
3126	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3127	{
3128	ULONG_PTR NumberOfHandles;
3129	ULONG_PTR Reserved;
3130	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3131	} SYSTEM_HANDLE_INFORMATION_EX;
3132	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3133
3134	/** Returned by SystemSessionProcessInformation. */
3135	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3136	{
3137	ULONG SessionId;
3138	ULONG BufferLength;
3139	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3140	PVOID Buffer;
3141	} SYSTEM_SESSION_PROCESS_INFORMATION;
3142	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3143
3144	typedef struct _RTL_PROCESS_MODULE_INFORMATION
3145	{
3146	HANDLE Section; /*< 0x00 / 0x00 /
3147	PVOID MappedBase; /*< 0x04 / 0x08 /
3148	PVOID ImageBase; /*< 0x08 / 0x10 /
3149	ULONG ImageSize; /*< 0x0c / 0x18 /
3150	ULONG Flags; /*< 0x10 / 0x1c /
3151	USHORT LoadOrderIndex; /*< 0x14 / 0x20 /
3152	USHORT InitOrderIndex; /*< 0x16 / 0x22 /
3153	USHORT LoadCount; /*< 0x18 / 0x24 /
3154	USHORT OffsetToFileName; /*< 0x1a / 0x26 /
3155	UCHAR FullPathName[256]; /*< 0x1c / 0x28 /
3156	} RTL_PROCESS_MODULE_INFORMATION;
3157	typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3158
3159	/** Returned by SystemModuleInformation. */
3160	typedef struct _RTL_PROCESS_MODULES
3161	{
3162	ULONG NumberOfModules;
3163	RTL_PROCESS_MODULE_INFORMATION Modules[1]; /*< 0x04 / 0x08 /
3164	} RTL_PROCESS_MODULES;
3165	typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3166
3167	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3168	#ifndef IPRT_NT_MAP_TO_ZW
3169	NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3170	#endif
3171
3172	NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3173	NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3174
3175	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3176	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
3177	#ifndef IPRT_NT_USE_WINTERNL
3178	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
3179	#endif
3180	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3181	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3182	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3183
3184	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3185
3186	#ifdef IPRT_NT_USE_WINTERNL
3187	typedef enum _EVENT_TYPE
3188	{
3189	/* Manual reset event. */
3190	NotificationEvent = 0,
3191	/* Automaitc reset event. */
3192	SynchronizationEvent
3193	} EVENT_TYPE;
3194	#endif
3195	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3196	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3197	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3198	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
3199	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
3200	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
3201	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3202	typedef enum _EVENT_INFORMATION_CLASS
3203	{
3204	EventBasicInformation = 0
3205	} EVENT_INFORMATION_CLASS;
3206	/** Data returned by NtQueryEvent + EventBasicInformation. */
3207	typedef struct EVENT_BASIC_INFORMATION
3208	{
3209	EVENT_TYPE EventType;
3210	ULONG EventState;
3211	} EVENT_BASIC_INFORMATION;
3212	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3213	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3214
3215	#ifdef IPRT_NT_USE_WINTERNL
3216	/** For NtQueryValueKey. */
3217	typedef enum _KEY_VALUE_INFORMATION_CLASS
3218	{
3219	KeyValueBasicInformation = 0,
3220	KeyValueFullInformation,
3221	KeyValuePartialInformation,
3222	KeyValueFullInformationAlign64,
3223	KeyValuePartialInformationAlign64
3224	} KEY_VALUE_INFORMATION_CLASS;
3225
3226	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3227	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3228	{
3229	ULONG TitleIndex;
3230	ULONG Type;
3231	ULONG DataLength;
3232	UCHAR Data[1];
3233	} KEY_VALUE_PARTIAL_INFORMATION;
3234	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3235	#endif
3236	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3237	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3238
3239
3240	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3241
3242
3243	typedef struct _CURDIR
3244	{
3245	UNICODE_STRING DosPath;
3246	HANDLE Handle; /*< 0x10 / 0x08 /
3247	} CURDIR;
3248	AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3249	typedef CURDIR *PCURDIR;
3250
3251	typedef struct _RTL_DRIVE_LETTER_CURDIR
3252	{
3253	USHORT Flags;
3254	USHORT Length;
3255	ULONG TimeStamp;
3256	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
3257	} RTL_DRIVE_LETTER_CURDIR;
3258	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3259
3260	typedef struct _RTL_USER_PROCESS_PARAMETERS
3261	{
3262	ULONG MaximumLength; /*< 0x000 / 0x000 /
3263	ULONG Length; /*< 0x004 / 0x004 /
3264	ULONG Flags; /*< 0x008 / 0x008 /
3265	ULONG DebugFlags; /*< 0x00c / 0x00c /
3266	HANDLE ConsoleHandle; /*< 0x010 / 0x010 /
3267	ULONG ConsoleFlags; /*< 0x018 / 0x014 /
3268	HANDLE StandardInput; /*< 0x020 / 0x018 /
3269	HANDLE StandardOutput; /*< 0x028 / 0x01c /
3270	HANDLE StandardError; /*< 0x030 / 0x020 /
3271	CURDIR CurrentDirectory; /*< 0x038 / 0x024 /
3272	UNICODE_STRING DllPath; /*< 0x050 / 0x030 /
3273	UNICODE_STRING ImagePathName; /*< 0x060 / 0x038 /
3274	UNICODE_STRING CommandLine; /*< 0x070 / 0x040 /
3275	PWSTR Environment; /*< 0x080 / 0x048 /
3276	ULONG StartingX; /*< 0x088 / 0x04c /
3277	ULONG StartingY; /*< 0x090 / 0x050 /
3278	ULONG CountX; /*< 0x094 / 0x054 /
3279	ULONG CountY; /*< 0x098 / 0x058 /
3280	ULONG CountCharsX; /*< 0x09c / 0x05c /
3281	ULONG CountCharsY; /*< 0x0a0 / 0x060 /
3282	ULONG FillAttribute; /*< 0x0a4 / 0x064 /
3283	ULONG WindowFlags; /*< 0x0a8 / 0x068 /
3284	ULONG ShowWindowFlags; /*< 0x0ac / 0x06c /
3285	UNICODE_STRING WindowTitle; /*< 0x0b0 / 0x070 /
3286	UNICODE_STRING DesktopInfo; /*< 0x0c0 / 0x078 /
3287	UNICODE_STRING ShellInfo; /*< 0x0d0 / 0x080 /
3288	UNICODE_STRING RuntimeInfo; /*< 0x0e0 / 0x088 /
3289	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /*< 0x0f0 / 0x090 /
3290	SIZE_T EnvironmentSize; /*< 0x3f0 / 0x - Added in Vista /
3291	SIZE_T EnvironmentVersion; /*< 0x3f8 / 0x - Added in Windows 7. /
3292	PVOID PackageDependencyData; /*< 0x400 / 0x - Added Windows 8? /
3293	ULONG ProcessGroupId; /*< 0x408 / 0x - Added Windows 8? /
3294	ULONG LoaderThreads; /*< 0x40c / 0x - Added Windows 10? /
3295	} RTL_USER_PROCESS_PARAMETERS;
3296	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3297	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3298
3299	typedef struct _RTL_USER_PROCESS_INFORMATION
3300	{
3301	ULONG Size;
3302	HANDLE ProcessHandle;
3303	HANDLE ThreadHandle;
3304	CLIENT_ID ClientId;
3305	SECTION_IMAGE_INFORMATION ImageInformation;
3306	} RTL_USER_PROCESS_INFORMATION;
3307	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3308
3309
3310	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3311	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3312	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3313	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3314	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3315	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3316	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3317	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3318	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3319	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3320
3321	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3322	typedef struct _RTL_CRITICAL_SECTION
3323	{
3324	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3325	LONG LockCount;
3326	LONG Recursioncount;
3327	HANDLE OwningThread;
3328	HANDLE LockSemaphore;
3329	ULONG_PTR SpinCount;
3330	} RTL_CRITICAL_SECTION;
3331	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3332	#endif
3333
3334	/NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);/
3335
3336	/** @def RTL_QUERY_REGISTRY_TYPECHECK
3337	* WDK 8.1+, backported in updates, ignored in older. */
3338	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
3339	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3340	#endif
3341	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3342	* WDK 8.1+, backported in updates, ignored in older. */
3343	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
3344	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3345	#endif
3346
3347
3348	RT_C_DECLS_END
3349	/** @} */
3350
3351
3352	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
3353	/** @name NT Kernel APIs
3354	* @{ */
3355	RT_C_DECLS_BEGIN
3356
3357	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
3358
3359	NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3360	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3361	NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3362	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3363	NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3364	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3365	NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3366	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3367	NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3368	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3369	NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3370	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3371	NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3372	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3373	NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3374	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3375	NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3376	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3377	NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3378	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3379	/** Works like anding the complemented subtrahend with the minuend. */
3380	NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3381	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3382	NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3383	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3384	NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3385	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3386	NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3387	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3388	NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3389	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3390	NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3391	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3392	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3393	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
3394	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
3395	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
3396	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3397	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3398	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3399	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3400	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
3401	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3402	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
3403	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3404	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3405	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
3406	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3407	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
3408	typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3409
3410	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3411	PVOID pvOptionalConditions, PHANDLE phFound);
3412	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3413	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3414	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3415	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3416	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
3417	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
3418	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
3419	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
3420	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
3421
3422	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3423	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3424
3425	RT_C_DECLS_END
3426	/** @ */
3427	#endif /* IN_RING0 */
3428
3429
3430	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
3431	/** @name NT Userland APIs
3432	* @{ */
3433	RT_C_DECLS_BEGIN
3434
3435	#if 0 /** @todo figure this out some time... */
3436	typedef struct CSR_MSG_DATA_CREATED_PROCESS
3437	{
3438	HANDLE hProcess;
3439	HANDLE hThread;
3440	CLIENT_ID
3441	DWORD idProcess;
3442	DWORD idThread;
3443	DWORD fCreate;
3444
3445	} CSR_MSG_DATA_CREATED_PROCESS;
3446
3447	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3448	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3449	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3450	#endif
3451
3452	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
3453
3454	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3455	{
3456	ULONG Flags;
3457	PCUNICODE_STRING FullDllName;
3458	PCUNICODE_STRING BaseDllName;
3459	PVOID DllBase;
3460	ULONG SizeOfImage;
3461	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3462	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3463	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3464
3465	typedef union _LDR_DLL_NOTIFICATION_DATA
3466	{
3467	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3468	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3469	} LDR_DLL_NOTIFICATION_DATA;
3470	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3471	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3472
3473	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3474
3475	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3476	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3477	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3478	PVOID *pvCookie);
3479	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
3480	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
3481	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3482
3483	NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3484	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3485	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3486	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3487	NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
3488	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3489	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3490	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3491	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3492	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3493	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3494	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3495	/** @since Windows XP. */
3496	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3497	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3498	/** @since Windows XP. */
3499	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3500	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3501	/** @since Windows 7. */
3502	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3503	/** @since Windows 7. */
3504	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3505	/** @since Windows 7. */
3506	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3507	OUT PHANDLE phDll);
3508	/** @since Windows 7. */
3509	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3510	OUT PHANDLE phDll);
3511	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3512	NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3513	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3514	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3515	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3516	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3517	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3518	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3519	/** @since Windows Vista. */
3520	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3521	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3522	/** @since Windows Vista. */
3523	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
3524	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3525	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3526	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3527	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3528	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3529	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3530	/** @since Windows XP. */
3531	NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3532	/** @since Windows XP. */
3533	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
3534	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3535	/** @since Windows XP. */
3536	NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3537	/** @since Windows XP. */
3538	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3539
3540	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3541	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
3542	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
3543	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3544	IN PCUNICODE_STRING pOrgName,
3545	IN PUNICODE_STRING pDefaultSuffix,
3546	IN OUT PUNICODE_STRING pStaticString,
3547	IN OUT PUNICODE_STRING pDynamicString,
3548	IN OUT PUNICODE_STRING *ppResultString,
3549	IN PULONG pfNewFlags OPTIONAL,
3550	IN PSIZE_T pcbFilename OPTIONAL,
3551	IN PSIZE_T pcbNeeded OPTIONAL);
3552	/** @since Windows 8.
3553	* @note Status code is always zero in windows 10 build 14393. */
3554	NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3555	/** @copydoc ApiSetQueryApiSetPresence */
3556	typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3557
3558
3559	# ifdef IPRT_NT_USE_WINTERNL
3560	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3561	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3562	typedef struct _RTL_HEAP_PARAMETERS
3563	{
3564	ULONG Length;
3565	SIZE_T SegmentReserve;
3566	SIZE_T SegmentCommit;
3567	SIZE_T DeCommitFreeBlockThreshold;
3568	SIZE_T DeCommitTotalFreeThreshold;
3569	SIZE_T MaximumAllocationSize;
3570	SIZE_T VirtualMemoryThreshold;
3571	SIZE_T InitialCommit;
3572	SIZE_T InitialReserve;
3573	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3574	SIZE_T Reserved[2];
3575	} RTL_HEAP_PARAMETERS;
3576	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3577	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3578	PRTL_HEAP_PARAMETERS pParameters);
3579	/** @name Heap flags (for RtlCreateHeap).
3580	* @{ */
3581	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3582	# define HEAP_GROWABLE UINT32_C(0x00000002)
3583	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3584	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3585	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3586	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3587	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3588	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3589	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3590	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3591	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3592	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3593	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3594	# define HEAP_CLASS_0 UINT32_C(0x00000000)
3595	# define HEAP_CLASS_1 UINT32_C(0x00001000)
3596	# define HEAP_CLASS_2 UINT32_C(0x00002000)
3597	# define HEAP_CLASS_3 UINT32_C(0x00003000)
3598	# define HEAP_CLASS_4 UINT32_C(0x00004000)
3599	# define HEAP_CLASS_5 UINT32_C(0x00005000)
3600	# define HEAP_CLASS_6 UINT32_C(0x00006000)
3601	# define HEAP_CLASS_7 UINT32_C(0x00007000)
3602	# define HEAP_CLASS_8 UINT32_C(0x00008000)
3603	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3604	# endif
3605	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3606	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3607	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3608	# define HEAP_CLASS_GDI HEAP_CLASS_3
3609	# define HEAP_CLASS_USER HEAP_CLASS_4
3610	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3611	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3612	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3613	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3614	# ifdef IPRT_NT_USE_WINTERNL
3615	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3616	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3617	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3618	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3619	# endif /* IPRT_NT_USE_WINTERNL */
3620	/** @} */
3621	# ifdef IPRT_NT_USE_WINTERNL
3622	/** @name Heap tagging constants
3623	* @{ */
3624	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3625	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3626	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3627	# define HEAP_TAG_SHIFT 18 */
3628	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3629	/** @} */
3630	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3631	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3632	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3633	# endif /* IPRT_NT_USE_WINTERNL */
3634	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3635	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
3636	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3637	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
3638	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
3639	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
3640	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3641	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
3642	NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
3643	NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
3644	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3645	NTSYSAPI uint64_t NTAPI RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3646	typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3647	NTSYSAPI BOOLEAN NTAPI RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3648	typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3649
3650	RT_C_DECLS_END
3651	/** @} */
3652	#endif /* IN_RING3 */
3653
3654	#endif /* !IPRT_INCLUDED_nt_nt_h */
3655

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 79804

Download in other formats: