VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 52354

Last change on this file since 52354 was 52354, checked in by vboxsync, 10 years ago

nt.h: TEB fix.

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 80.5 KB
Line 
1/* $Id: nt.h 52354 2014-08-11 19:20:47Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2014 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQuerySystemInformation ZwQuerySystemInformation
43# define NtClose ZwClose
44# define NtCreateFile ZwCreateFile
45# define NtReadFile ZwReadFile
46# define NtWriteFile ZwWriteFile
47/** @todo this is very incomplete! */
48#endif
49
50#include <ntstatus.h>
51
52/*
53 * Hacks common to both base header sets.
54 */
55#define NtQueryObject Incomplete_NtQueryObject
56#define ZwQueryObject Incomplete_ZwQueryObject
57#define NtSetInformationObject Incomplete_NtSetInformationObject
58#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
59#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
60#define ObjectBasicInformation Incomplete_ObjectBasicInformation
61#define ObjectTypeInformation Incomplete_ObjectTypeInformation
62#define _PEB Incomplete__PEB
63#define PEB Incomplete_PEB
64#define PPEB Incomplete_PPEB
65#define _TEB Incomplete__TEB
66#define TEB Incomplete_TEB
67#define PTEB Incomplete_PTEB
68#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
69#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
70#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
71
72
73#ifdef IPRT_NT_USE_WINTERNL
74/*
75 * Use Winternl.h.
76 */
77# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
78# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
79# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
80
81# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
82# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
83# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
84# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
85# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
86# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
87# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
88# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
89# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
90# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
91# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
92# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
93
94# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
95# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
96# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
97
98# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
99# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
100# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
101# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
102# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
103
104# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
105# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
106# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
107# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
108# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
109# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
110# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
111# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
112# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
113# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
114# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
115# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
116# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
117# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
118
119
120# define WIN32_NO_STATUS
121# include <windef.h>
122# include <winnt.h>
123# include <winternl.h>
124# undef WIN32_NO_STATUS
125# include <ntstatus.h>
126
127
128# undef _FILE_INFORMATION_CLASS
129# undef FILE_INFORMATION_CLASS
130# undef FileDirectoryInformation
131
132# undef NtQueryInformationProcess
133# undef NtSetInformationProcess
134# undef PROCESSINFOCLASS
135# undef _PROCESSINFOCLASS
136# undef PROCESS_BASIC_INFORMATION
137# undef PPROCESS_BASIC_INFORMATION
138# undef _PROCESS_BASIC_INFORMATION
139# undef ProcessBasicInformation
140# undef ProcessDebugPort
141# undef ProcessWow64Information
142# undef ProcessImageFileName
143# undef ProcessBreakOnTermination
144
145# undef RTL_USER_PROCESS_PARAMETERS
146# undef PRTL_USER_PROCESS_PARAMETERS
147# undef _RTL_USER_PROCESS_PARAMETERS
148
149# undef NtQueryInformationThread
150# undef NtSetInformationThread
151# undef THREADINFOCLASS
152# undef _THREADINFOCLASS
153# undef ThreadIsIoPending
154
155# undef NtQuerySystemInformation
156# undef NtSetSystemInformation
157# undef SYSTEM_INFORMATION_CLASS
158# undef _SYSTEM_INFORMATION_CLASS
159# undef SystemBasicInformation
160# undef SystemPerformanceInformation
161# undef SystemTimeOfDayInformation
162# undef SystemProcessInformation
163# undef SystemProcessorPerformanceInformation
164# undef SystemInterruptInformation
165# undef SystemExceptionInformation
166# undef SystemRegistryQuotaInformation
167# undef SystemLookasideInformation
168# undef SystemPolicyInformation
169
170#else
171/*
172 * Use ntifs.h and wdm.h.
173 */
174# ifdef RT_ARCH_X86
175# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
176# pragma warning(disable : 4163)
177# endif
178
179# include <ntifs.h>
180# include <wdm.h>
181
182# ifdef RT_ARCH_X86
183# pragma warning(default : 4163)
184# undef _InterlockedAddLargeStatistic
185# endif
186
187# define IPRT_NT_NEED_API_GROUP_NTIFS
188#endif
189
190#undef NtQueryObject
191#undef ZwQueryObject
192#undef NtSetInformationObject
193#undef _OBJECT_INFORMATION_CLASS
194#undef OBJECT_INFORMATION_CLASS
195#undef ObjectBasicInformation
196#undef ObjectTypeInformation
197#undef _PEB
198#undef PEB
199#undef PPEB
200#undef _TEB
201#undef TEB
202#undef PTEB
203#undef _PEB_LDR_DATA
204#undef PEB_LDR_DATA
205#undef PPEB_LDR_DATA
206
207
208#include <iprt/types.h>
209#include <iprt/assert.h>
210
211
212/** @name Useful macros
213 * @{ */
214/** Indicates that we're targetting native NT in the current source. */
215#define RTNT_USE_NATIVE_NT 1
216/** Initializes a IO_STATUS_BLOCK. */
217#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
218/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
219#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
220/** @} */
221
222
223/** @name IPRT helper functions for NT
224 * @{ */
225RT_C_DECLS_BEGIN
226
227RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
228 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
229 PHANDLE phHandle, PULONG_PTR puDisposition);
230RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
231 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
232RTDECL(int) RTNtPathClose(HANDLE hHandle);
233
234RT_C_DECLS_END
235/** @} */
236
237
238/** @name NT API delcarations.
239 * @{ */
240RT_C_DECLS_BEGIN
241
242/** @name Process access rights missing in ntddk headers
243 * @{ */
244#ifndef PROCESS_TERMINATE
245# define PROCESS_TERMINATE UINT32_C(0x00000001)
246#endif
247#ifndef PROCESS_CREATE_THREAD
248# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
249#endif
250#ifndef PROCESS_SET_SESSIONID
251# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
252#endif
253#ifndef PROCESS_VM_OPERATION
254# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
255#endif
256#ifndef PROCESS_VM_READ
257# define PROCESS_VM_READ UINT32_C(0x00000010)
258#endif
259#ifndef PROCESS_VM_WRITE
260# define PROCESS_VM_WRITE UINT32_C(0x00000020)
261#endif
262#ifndef PROCESS_DUP_HANDLE
263# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
264#endif
265#ifndef PROCESS_CREATE_PROCESS
266# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
267#endif
268#ifndef PROCESS_SET_QUOTA
269# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
270#endif
271#ifndef PROCESS_SET_INFORMATION
272# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
273#endif
274#ifndef PROCESS_QUERY_INFORMATION
275# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
276#endif
277#ifndef PROCESS_SUSPEND_RESUME
278# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
279#endif
280#ifndef PROCESS_QUERY_LIMITED_INFORMATION
281# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
282#endif
283#ifndef PROCESS_SET_LIMITED_INFORMATION
284# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
285#endif
286#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
287#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
288#ifndef PROCESS_ALL_ACCESS
289# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
290#endif
291/** @} */
292
293/** @name Thread access rights missing in ntddk headers
294 * @{ */
295#ifndef THREAD_QUERY_INFORMATION
296# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
297#endif
298#ifndef THREAD_SET_THREAD_TOKEN
299# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
300#endif
301#ifndef THREAD_IMPERSONATE
302# define THREAD_IMPERSONATE UINT32_C(0x00000100)
303#endif
304#ifndef THREAD_DIRECT_IMPERSONATION
305# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
306#endif
307#ifndef THREAD_RESUME
308# define THREAD_RESUME UINT32_C(0x00001000)
309#endif
310#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
311#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
312#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
313/** @} */
314
315/** @name Special handle values.
316 * @{ */
317#ifndef NtCurrentProcess
318# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
319#endif
320#ifndef NtCurrentThread
321# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
322#endif
323#ifndef ZwCurrentProcess
324# define ZwCurrentProcess() NtCurrentProcess()
325#endif
326#ifndef ZwCurrentThread
327# define ZwCurrentThread() NtCurrentThread()
328#endif
329/** @} */
330
331
332/** @name Directory object access rights.
333 * @{ */
334#ifndef DIRECTORY_QUERY
335# define DIRECTORY_QUERY UINT32_C(0x00000001)
336#endif
337#ifndef DIRECTORY_TRAVERSE
338# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
339#endif
340#ifndef DIRECTORY_CREATE_OBJECT
341# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
342#endif
343#ifndef DIRECTORY_CREATE_SUBDIRECTORY
344# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
345#endif
346#ifndef DIRECTORY_ALL_ACCESS
347# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
348#endif
349/** @} */
350
351
352
353#ifdef IPRT_NT_USE_WINTERNL
354typedef struct _CLIENT_ID
355{
356 HANDLE UniqueProcess;
357 HANDLE UniqueThread;
358} CLIENT_ID;
359typedef CLIENT_ID *PCLIENT_ID;
360#endif
361
362/** @name Process And Thread Environment Blocks
363 * @{ */
364
365typedef struct _PEB_LDR_DATA
366{
367 uint32_t Length;
368 BOOLEAN Initialized;
369 BOOLEAN Padding[3];
370 HANDLE SsHandle;
371 LIST_ENTRY InLoadOrderModuleList;
372 LIST_ENTRY InMemoryOrderModuleList;
373 LIST_ENTRY InInitializationOrderModuleList;
374 /* End NT4 */
375 LIST_ENTRY *EntryInProgress;
376 BOOLEAN ShutdownInProgress;
377 HANDLE ShutdownThreadId;
378} PEB_LDR_DATA;
379typedef PEB_LDR_DATA *PPEB_LDR_DATA;
380
381typedef struct _PEB_COMMON
382{
383 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
384 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
385 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
386 union
387 {
388 uint8_t BitField; /**< 0x003 / 0x003 */
389 struct
390 {
391 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
392 } Common;
393 struct
394 {
395 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
396 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
397 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
398 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
399 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
400 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
401 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
402 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
403 } W81;
404 struct
405 {
406 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
407 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
408 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
409 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
410 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
411 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
412 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
413 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
414 } W80;
415 struct
416 {
417 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
418 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
419 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
420 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
421 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
422 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
423 } W7;
424 struct
425 {
426 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
427 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
428 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
429 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
430 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
431 } W6;
432 struct
433 {
434 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
435 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
436 } W52;
437 struct
438 {
439 BOOLEAN SpareBool;
440 } W51;
441 } Diff0;
442#if ARCH_BITS == 64
443 uint32_t Padding0; /**< 0x004 / NA */
444#endif
445 HANDLE Mutant; /**< 0x008 / 0x004 */
446 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
447 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
448 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
449 PVOID SubSystemData; /**< 0x028 / 0x014 */
450 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
451 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
452 union
453 {
454 struct
455 {
456 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
457 PVOID IFEOKey; /**< 0x048 / 0x024 */
458 union
459 {
460 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
461 struct
462 {
463 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
464 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
465 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
466 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
467 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
468 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
469 } W7, W8, W80, W81;
470 struct
471 {
472 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
473 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
474 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
475 } W6;
476 };
477#if ARCH_BITS == 64
478 uint32_t Padding1; /**< 0x054 / */
479#endif
480 } W6, W7, W8, W80, W81;
481 struct
482 {
483 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
484 PVOID SparePtr2; /**< 0x048 / 0x024 */
485 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
486#if ARCH_BITS == 64
487 uint32_t Padding1; /**< 0x054 / */
488#endif
489 } W52;
490 struct
491 {
492 PVOID FastPebLockRoutine; /**< NA / 0x020 */
493 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
494 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
495 } W51;
496 } Diff1;
497 union
498 {
499 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
500 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
501 };
502 uint32_t SystemReserved; /**< 0x060 / 0x030 */
503 union
504 {
505 struct
506 {
507 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
508 } W7, W8, W80, W81;
509 struct
510 {
511 uint32_t SpareUlong; /**< 0x064 / 0x034 */
512 } W52, W6;
513 struct
514 {
515 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
516 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
517 } W51;
518 } Diff2;
519 union
520 {
521 struct
522 {
523 PVOID ApiSetMap; /**< 0x068 / 0x038 */
524 } W7, W8, W80, W81;
525 struct
526 {
527 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
528 } W52, W6;
529 struct
530 {
531 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
532 } W51;
533 } Diff3;
534 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
535#if ARCH_BITS == 64
536 uint32_t Padding2; /**< 0x074 / NA */
537#endif
538 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
539 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
540 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
541 union
542 {
543 struct
544 {
545 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
546 } W81;
547 struct
548 {
549 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
550 } W6, W7, W80;
551 struct
552 {
553 PVOID ReadOnlySharedMemoryHeap;
554 } W52;
555 } Diff4;
556 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
557 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
558 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
559 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
560 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
561 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
562 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
563 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
564 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
565 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
566 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
567 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
568 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
569 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
570 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
571 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
572 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
573#if ARCH_BITS == 64
574 uint32_t Padding3; /**< 0x10c / NA */
575#endif
576 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
577 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
578 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
579 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
580 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
581 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
582 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
583 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
584 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
585#if ARCH_BITS == 64
586 uint32_t Padding4; /**< 0x134 / NA */
587#endif
588 union
589 {
590 struct
591 {
592 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
593 } W7, W8, W80, W81;
594 struct
595 {
596 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
597 } W52, W6;
598 } Diff5;
599 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
600 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
601 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
602 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
603 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
604#if ARCH_BITS == 64
605 uint32_t Padding5; /**< 0x2c4 / NA */
606#endif
607 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
608 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
609 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
610 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
611 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
612 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
613 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
614 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
615 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
616 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
617 /* End of PEB in W52 (Windows XP (RTM))! */
618 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
619 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
620 PVOID FlsBitmap; /**< 0x338 / 0x218 */
621 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
622 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
623 /* End of PEB in W52 (Windows Server 2003)! */
624 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
625 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
626 /* End of PEB in W6 (windows Vista)! */
627 union
628 {
629 struct
630 {
631 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
632 } W8, W80, W81;
633 struct
634 {
635 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
636 } W7;
637 } Diff6;
638 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
639 union
640 {
641 uint32_t TracingFlags; /**< 0x378 / 0x240 */
642 struct
643 {
644 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
645 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
646 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
647 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
648 } W8, W80, W81;
649 struct
650 {
651 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
652 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
653 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
654 } W7;
655 } Diff7;
656#if ARCH_BITS == 64
657 uint32_t Padding6; /**< 0x37c / NA */
658#endif
659 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
660} PEB_COMMON;
661typedef PEB_COMMON *PPEB_COMMON;
662
663AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
664AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
665AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
666AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
667AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
668AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
669AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
670AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
671AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
672
673/** The size of the windows 8.1 PEB structure. */
674#define PEB_SIZE_W81 sizeof(PEB_COMMON)
675/** The size of the windows 8.0 PEB structure. */
676#define PEB_SIZE_W80 sizeof(PEB_COMMON)
677/** The size of the windows 7 PEB structure. */
678#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
679/** The size of the windows vista PEB structure. */
680#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
681/** The size of the windows server 2003 PEB structure. */
682#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
683/** The size of the windows XP PEB structure. */
684#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
685
686#if 0
687typedef struct _NT_TIB
688{
689 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
690 PVOID StackBase;
691 PVOID StackLimit;
692 PVOID SubSystemTib;
693 union
694 {
695 PVOID FiberData;
696 ULONG Version;
697 };
698 PVOID ArbitraryUserPointer;
699 struct _NT_TIB *Self;
700} NT_TIB;
701typedef NT_TIB *PNT_TIB;
702#endif
703
704typedef struct _ACTIVATION_CONTEXT_STACK
705{
706 uint32_t Flags;
707 uint32_t NextCookieSequenceNumber;
708 PVOID ActiveFrame;
709 LIST_ENTRY FrameListCache;
710} ACTIVATION_CONTEXT_STACK;
711
712/* Common TEB. */
713typedef struct _TEB_COMMON
714{
715 NT_TIB NtTib; /**< 0x000 / 0x000 */
716 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
717 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
718 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
719 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
720 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
721 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
722 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
723 PVOID CsrClientThread; /**< 0x070 / 0x03c */
724 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
725 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
726 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
727 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
728 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
729 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
730 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
731 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
732#if ARCH_BITS == 64
733 uint32_t Padding0; /**< 0x2c4 / NA */
734#endif
735 union
736 {
737 struct
738 {
739 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
740 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
741 } W52, W6, W7, W8, W80, W81;
742#if ARCH_BITS == 32
743 struct
744 {
745 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
746 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
747 } W51;
748#endif
749 } Diff0;
750 union
751 {
752 struct
753 {
754 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
755 } W6, W7, W8, W80, W81;
756 struct
757 {
758 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
759 } W52;
760 } Diff1;
761#if ARCH_BITS == 64
762 uint32_t Padding1; /**< 0x2ec / NA */
763#endif
764 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
765 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
766 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
767 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
768 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
769 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
770 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
771 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
772 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
773 PVOID glReserved2; /**< 0x1220 / 0xbdc */
774 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
775 PVOID glSection; /**< 0x1230 / 0xbe4 */
776 PVOID glTable; /**< 0x1238 / 0xbe8 */
777 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
778 PVOID glContext; /**< 0x1248 / 0xbf0 */
779 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
780#if ARCH_BITS == 64
781 uint32_t Padding2; /**< 0x1254 / NA */
782#endif
783 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
784 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
785#if ARCH_BITS == 64
786 WCHAR Padding3[3]; /**< 0x1472 / NA */
787#endif
788 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
789 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
790 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
791 PVOID Vdm; /**< 0x1690 / 0xf18 */
792 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
793 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
794 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
795#if ARCH_BITS == 64
796 uint32_t Padding4; /**< 0x16b4 / NA */
797#endif
798 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
799 union
800 {
801 struct
802 {
803 GUID ActivityId; /**< 0x1710 / 0xf50 */
804 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
805 } W6, W7, W8, W80, W81;
806 struct
807 {
808 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
809 } W52;
810 } Diff2;
811 union /**< 0x1728 / 0xf64 */
812 {
813 struct
814 {
815 PVOID PerflibData; /**< 0x1728 / 0xf64 */
816 } W8, W80, W81;
817 struct
818 {
819 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
820 } W7, W6;
821 struct
822 {
823 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
824 } W52;
825 struct
826 {
827 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
828 } W51;
829 } Diff3;
830 union
831 {
832 struct
833 {
834 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
835 } W52, W6, W7, W8, W80, W81;
836 struct
837 {
838 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
839 } W51;
840 } Diff4;
841 PVOID WinSockData; /**< 0x1738 / 0xf6c */
842 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
843 union
844 {
845 union
846 {
847 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
848 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
849 struct
850 {
851 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
852 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
853 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
854 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
855 };
856 } W6, W7, W8, W80, W81;
857 struct
858 {
859 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
860 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
861 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
862 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
863 } W51, W52;
864 } Diff5;
865 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
866#if ARCH_BITS == 64
867 uint32_t Padding5; /**< 0x174c / NA */
868#endif
869 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
870 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
871 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
872#if ARCH_BITS == 64
873 uint32_t Padding6; /**< 0x1764 / NA */
874#endif
875 union /**< 0x1770 / 0xf8c */
876 {
877 struct
878 {
879 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
880 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
881 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
882 } W8, W80, W81;
883 struct
884 {
885 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
886 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
887 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
888 } W6, W7;
889 struct
890 {
891 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
892 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
893 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
894 } W52;
895#if ARCH_BITS == 32
896 struct _Wx86ThreadState
897 {
898 PVOID CallBx86Eip; /**< NA / 0xf88 */
899 PVOID DeallocationCpu; /**< NA / 0xf8c */
900 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
901 int8_t OleStubInvoked; /**< NA / 0xf91 */
902 } W51;
903#endif
904 } Diff6;
905 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
906#if ARCH_BITS == 64
907 PVOID DallocationBStore; /**< 0x1788 / NA */
908 PVOID BStoreLimit; /**< 0x1790 / NA */
909#endif
910 union
911 {
912 struct
913 {
914 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
915 } W7, W8, W80, W81;
916 struct
917 {
918 uint32_t ImpersonationLocale;
919 } W6;
920 } Diff7;
921 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
922 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
923 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
924 union /**< 0x17b0 / 0xfa8 */
925 {
926 struct
927 {
928 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
929 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
930 } W8, W80, W81;
931 struct
932 {
933 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
934 } W7;
935 } Diff8;
936#if ARCH_BITS == 64
937 uint32_t Padding7; /**< 0x17b4 / NA */
938#endif
939 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
940 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
941 /* End of TEB in W51 (Windows XP)! */
942 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
943 union
944 {
945 struct
946 {
947 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
948 } W6, W7, W8, W80, W81;
949 struct
950 {
951 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
952 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
953 /* End of TEB in W52 (Windows server 2003)! */
954 } W52;
955 } Diff9;
956 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
957 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
958 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
959 union
960 {
961 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
962 struct
963 {
964 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
965 };
966 };
967 union
968 {
969 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
970 struct
971 {
972 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
973 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
974 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
975 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
976 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
977 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
978 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
979 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
980 } Common;
981 struct
982 {
983 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
984 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
985 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
986 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
987 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
988 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
989 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
990 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
991 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
992 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
993 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
994 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
995 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
996 } W8, W80, W81;
997 struct
998 {
999 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1000 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1001 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1002 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1003 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1004 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1005 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1006 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1007 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1008 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1009 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1010 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1011 } W7;
1012 struct
1013 {
1014 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1015 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1016 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1017 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1018 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1019 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1020 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1021 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1022 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1023 } W6;
1024 } Diff10;
1025 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1026 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1027 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1028 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1029 union
1030 {
1031 struct
1032 {
1033 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1034 } W7, W8, W80, W81;
1035 struct
1036 {
1037 uint32_t ProcessRundown;
1038 } W6;
1039 } Diff11;
1040 union
1041 {
1042 struct
1043 {
1044 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1045 /* End of TEB in W7 (windows 7)! */
1046 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1047 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1048 } W8, W80, W81;
1049 struct
1050 {
1051 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1052 } W7;
1053 struct
1054 {
1055 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1056 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1057 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1058 /* End of TEB in W6 (windows Vista)! */
1059 } W6;
1060 } Diff12;
1061} TEB_COMMON;
1062typedef TEB_COMMON *PTEB_COMMON;
1063AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1064AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1065AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1066AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1067AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1068AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1069AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1070AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1071AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1072AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1073AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1074AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1075AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1076
1077
1078/** The size of the windows 8.1 PEB structure. */
1079#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1080/** The size of the windows 8.0 PEB structure. */
1081#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1082/** The size of the windows 7 PEB structure. */
1083#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1084/** The size of the windows vista PEB structure. */
1085#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1086/** The size of the windows server 2003 PEB structure. */
1087#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1088/** The size of the windows XP PEB structure. */
1089#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1090
1091
1092
1093#define _PEB _PEB_COMMON
1094typedef PEB_COMMON PEB;
1095typedef PPEB_COMMON PPEB;
1096
1097#define _TEB _TEB_COMMON
1098typedef TEB_COMMON TEB;
1099typedef PTEB_COMMON PTEB;
1100
1101#define NtCurrentPeb() (((PTEB)NtCurrentTeb())->ProcessEnvironmentBlock)
1102
1103/** @} */
1104
1105
1106#ifdef IPRT_NT_USE_WINTERNL
1107NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1108NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1109
1110typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1111{
1112 ULONG FileSystemAttributes;
1113 LONG MaximumComponentNameLength;
1114 ULONG FileSystemNameLength;
1115 WCHAR FileSystemName[1];
1116} FILE_FS_ATTRIBUTE_INFORMATION;
1117typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1118
1119NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1120NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1121NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1122NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1123
1124typedef enum _FSINFOCLASS
1125{
1126 FileFsVolumeInformation = 1,
1127 FileFsLabelInformation,
1128 FileFsSizeInformation,
1129 FileFsDeviceInformation,
1130 FileFsAttributeInformation,
1131 FileFsControlInformation,
1132 FileFsFullSizeInformation,
1133 FileFsObjectIdInformation,
1134 FileFsDriverPathInformation,
1135 FileFsVolumeFlagsInformation,
1136 FileFsSectorSizeInformation,
1137 FileFsDataCopyInformation,
1138 FileFsMaximumInformation
1139} FS_INFORMATION_CLASS;
1140typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1141NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1142
1143typedef struct _FILE_BOTH_DIR_INFORMATION
1144{
1145 ULONG NextEntryOffset;
1146 ULONG FileIndex;
1147 LARGE_INTEGER CreationTime;
1148 LARGE_INTEGER LastAccessTime;
1149 LARGE_INTEGER LastWriteTime;
1150 LARGE_INTEGER ChangeTime;
1151 LARGE_INTEGER EndOfFile;
1152 LARGE_INTEGER AllocationSize;
1153 ULONG FileAttributes;
1154 ULONG FileNameLength;
1155 ULONG EaSize;
1156 CCHAR ShortNameLength;
1157 WCHAR ShortName[12];
1158 WCHAR FileName[1];
1159} FILE_BOTH_DIR_INFORMATION;
1160typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1161typedef struct _FILE_STANDARD_INFORMATION
1162{
1163 LARGE_INTEGER AllocationSize;
1164 LARGE_INTEGER EndOfFile;
1165 ULONG NumberOfLinks;
1166 BOOLEAN DeletePending;
1167 BOOLEAN Directory;
1168} FILE_STANDARD_INFORMATION;
1169typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1170typedef struct _FILE_NAME_INFORMATION
1171{
1172 ULONG FileNameLength;
1173 WCHAR FileName[1];
1174} FILE_NAME_INFORMATION;
1175typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1176typedef enum _FILE_INFORMATION_CLASS
1177{
1178 FileDirectoryInformation = 1,
1179 FileFullDirectoryInformation,
1180 FileBothDirectoryInformation,
1181 FileBasicInformation,
1182 FileStandardInformation,
1183 FileInternalInformation,
1184 FileEaInformation,
1185 FileAccessInformation,
1186 FileNameInformation,
1187 FileRenameInformation,
1188 FileLinkInformation,
1189 FileNamesInformation,
1190 FileDispositionInformation,
1191 FilePositionInformation,
1192 FileFullEaInformation,
1193 FileModeInformation,
1194 FileAlignmentInformation,
1195 FileAllInformation,
1196 FileAllocationInformation,
1197 FileEndOfFileInformation,
1198 FileAlternateNameInformation,
1199 FileStreamInformation,
1200 FilePipeInformation,
1201 FilePipeLocalInformation,
1202 FilePipeRemoteInformation,
1203 FileMailslotQueryInformation,
1204 FileMailslotSetInformation,
1205 FileCompressionInformation,
1206 FileObjectIdInformation,
1207 FileCompletionInformation,
1208 FileMoveClusterInformation,
1209 FileQuotaInformation,
1210 FileReparsePointInformation,
1211 FileNetworkOpenInformation,
1212 FileAttributeTagInformation,
1213 FileTrackingInformation,
1214 FileIdBothDirectoryInformation,
1215 FileIdFullDirectoryInformation,
1216 FileValidDataLengthInformation,
1217 FileShortNameInformation,
1218 FileIoCompletionNotificationInformation,
1219 FileIoStatusBlockRangeInformation,
1220 FileIoPriorityHintInformation,
1221 FileSfioReserveInformation,
1222 FileSfioVolumeInformation,
1223 FileHardLinkInformation,
1224 FileProcessIdsUsingFileInformation,
1225 FileNormalizedNameInformation,
1226 FileNetworkPhysicalNameInformation,
1227 FileIdGlobalTxDirectoryInformation,
1228 FileIsRemoteDeviceInformation,
1229 FileUnusedInformation,
1230 FileNumaNodeInformation,
1231 FileStandardLinkInformation,
1232 FileRemoteProtocolInformation,
1233 FileRenameInformationBypassAccessCheck,
1234 FileLinkInformationBypassAccessCheck,
1235 FileVolumeNameInformation,
1236 FileIdInformation,
1237 FileIdExtdDirectoryInformation,
1238 FileReplaceCompletionInformation,
1239 FileHardLinkFullIdInformation,
1240 FileMaximumInformation
1241} FILE_INFORMATION_CLASS;
1242typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1243NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1244NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1245 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1246
1247typedef struct _MEMORY_SECTION_NAME
1248{
1249 UNICODE_STRING SectionFileName;
1250 WCHAR NameBuffer[1];
1251} MEMORY_SECTION_NAME;
1252
1253#ifdef IPRT_NT_USE_WINTERNL
1254typedef struct _PROCESS_BASIC_INFORMATION
1255{
1256 NTSTATUS ExitStatus;
1257 PPEB PebBaseAddress;
1258 ULONG_PTR AffinityMask;
1259 int32_t BasePriority;
1260 ULONG_PTR UniqueProcessId;
1261 ULONG_PTR InheritedFromUniqueProcessId;
1262} PROCESS_BASIC_INFORMATION;
1263typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1264#endif
1265
1266typedef enum _PROCESSINFOCLASS
1267{
1268 ProcessBasicInformation = 0,
1269 ProcessQuotaLimits,
1270 ProcessIoCounters,
1271 ProcessVmCounters,
1272 ProcessTimes,
1273 ProcessBasePriority,
1274 ProcessRaisePriority,
1275 ProcessDebugPort,
1276 ProcessExceptionPort,
1277 ProcessAccessToken,
1278 ProcessLdtInformation,
1279 ProcessLdtSize,
1280 ProcessDefaultHardErrorMode,
1281 ProcessIoPortHandlers,
1282 ProcessPooledUsageAndLimits,
1283 ProcessWorkingSetWatch,
1284 ProcessUserModeIOPL,
1285 ProcessEnableAlignmentFaultFixup,
1286 ProcessPriorityClass,
1287 ProcessWx86Information,
1288 ProcessHandleCount,
1289 ProcessAffinityMask,
1290 ProcessPriorityBoost,
1291 ProcessDeviceMap,
1292 ProcessSessionInformation,
1293 ProcessForegroundInformation,
1294 ProcessWow64Information,
1295 ProcessImageFileName,
1296 ProcessLUIDDeviceMapsEnabled,
1297 ProcessBreakOnTermination,
1298 ProcessDebugObjectHandle,
1299 ProcessDebugFlags,
1300 ProcessHandleTracing,
1301 ProcessIoPriority,
1302 ProcessExecuteFlags,
1303 ProcessTlsInformation,
1304 ProcessCookie,
1305 ProcessImageInformation,
1306 ProcessCycleTime,
1307 ProcessPagePriority,
1308 ProcessInstrumentationCallbak,
1309 ProcessThreadStackAllocation,
1310 ProcessWorkingSetWatchEx,
1311 ProcessImageFileNameWin32,
1312 ProcessImageFileMapping,
1313 ProcessAffinityUpdateMode,
1314 ProcessMemoryAllocationMode,
1315 ProcessGroupInformation,
1316 ProcessTokenVirtualizationEnabled,
1317 ProcessConsoleHostProcess,
1318 ProcessWindowsInformation,
1319 MaxProcessInfoClass
1320} PROCESSINFOCLASS;
1321NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1322
1323typedef enum _THREADINFOCLASS
1324{
1325 ThreadBasicInformation = 0,
1326 ThreadTimes,
1327 ThreadPriority,
1328 ThreadBasePriority,
1329 ThreadAffinityMask,
1330 ThreadImpersonationToken,
1331 ThreadDescriptorTableEntry,
1332 ThreadEnableAlignmentFaultFixup,
1333 ThreadEventPair_Reusable,
1334 ThreadQuerySetWin32StartAddress,
1335 ThreadZeroTlsCell,
1336 ThreadPerformanceCount,
1337 ThreadAmILastThread,
1338 ThreadIdealProcessor,
1339 ThreadPriorityBoost,
1340 ThreadSetTlsArrayAddress,
1341 ThreadIsIoPending,
1342 ThreadHideFromDebugger,
1343 ThreadBreakOnTermination,
1344 ThreadSwitchLegacyState,
1345 ThreadIsTerminated,
1346 ThreadLastSystemCall,
1347 ThreadIoPriority,
1348 ThreadCycleTime,
1349 ThreadPagePriority,
1350 ThreadActualBasePriority,
1351 ThreadTebInformation,
1352 ThreadCSwitchMon,
1353 ThreadCSwitchPmu,
1354 ThreadWow64Context,
1355 ThreadGroupInformation,
1356 ThreadUmsInformation,
1357 ThreadCounterProfiling,
1358 ThreadIdealProcessorEx,
1359 ThreadCpuAccountingInformation,
1360 MaxThreadInfoClass
1361} THREADINFOCLASS;
1362NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1363
1364NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1365
1366NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1367NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1368
1369NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1370NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1371
1372NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1373NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1374NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1375NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1376NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1377NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1378NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1379NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1380
1381#endif /* IPRT_NT_USE_WINTERNL */
1382
1383typedef enum _OBJECT_INFORMATION_CLASS
1384{
1385 ObjectBasicInformation = 0,
1386 ObjectNameInformation,
1387 ObjectTypeInformation,
1388 ObjectAllInformation,
1389 ObjectDataInformation
1390} OBJECT_INFORMATION_CLASS;
1391typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1392#ifdef IN_RING0
1393# define NtQueryObject ZwQueryObject
1394#endif
1395NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1396NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1397NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1398
1399NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1400
1401typedef struct _OBJECT_DIRECTORY_INFORMATION
1402{
1403 UNICODE_STRING Name;
1404 UNICODE_STRING TypeName;
1405} OBJECT_DIRECTORY_INFORMATION;
1406typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1407NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1408
1409NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1410NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1411/** @name ProcessDefaultHardErrorMode bit definitions.
1412 * @{ */
1413#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1414#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1415#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1416#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1417/** @} */
1418NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1419NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1420
1421/** Retured by ProcessImageInformation as well as NtQuerySection. */
1422typedef struct _SECTION_IMAGE_INFORMATION
1423{
1424 PVOID TransferAddress;
1425 ULONG ZeroBits;
1426 SIZE_T MaximumStackSize;
1427 SIZE_T CommittedStackSize;
1428 ULONG SubSystemType;
1429 union
1430 {
1431 struct
1432 {
1433 USHORT SubSystemMinorVersion;
1434 USHORT SubSystemMajorVersion;
1435 };
1436 ULONG SubSystemVersion;
1437 };
1438 ULONG GpValue;
1439 USHORT ImageCharacteristics;
1440 USHORT DllCharacteristics;
1441 USHORT Machine;
1442 BOOLEAN ImageContainsCode;
1443 union /**< Since Vista, used to be a spare BOOLEAN. */
1444 {
1445 struct
1446 {
1447 UCHAR ComPlusNativeRead : 1;
1448 UCHAR ComPlusILOnly : 1;
1449 UCHAR ImageDynamicallyRelocated : 1;
1450 UCHAR ImageMAppedFlat : 1;
1451 UCHAR Reserved : 4;
1452 };
1453 UCHAR ImageFlags;
1454 };
1455 ULONG LoaderFlags;
1456 ULONG ImageFileSize; /**< Since XP? */
1457 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
1458} SECTION_IMAGE_INFORMATION;
1459typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1460
1461typedef enum _SECTION_INFORMATION_CLASS
1462{
1463 SectionBasicInformation = 0,
1464 SectionImageInformation,
1465 MaxSectionInfoClass
1466} SECTION_INFORMATION_CLASS;
1467NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1468
1469NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1470NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1471NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1472NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1473NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1474NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1475
1476
1477#ifndef SEC_FILE
1478# define SEC_FILE UINT32_C(0x00800000)
1479#endif
1480#ifndef SEC_IMAGE
1481# define SEC_IMAGE UINT32_C(0x01000000)
1482#endif
1483#ifndef SEC_PROTECTED_IMAGE
1484# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1485#endif
1486#ifndef SEC_NOCACHE
1487# define SEC_NOCACHE UINT32_C(0x10000000)
1488#endif
1489#ifndef MEM_ROTATE
1490# define MEM_ROTATE UINT32_C(0x00800000)
1491#endif
1492typedef enum _MEMORY_INFORMATION_CLASS
1493{
1494 MemoryBasicInformation = 0,
1495 MemoryWorkingSetList,
1496 MemorySectionName,
1497 MemoryBasicVlmInformation
1498} MEMORY_INFORMATION_CLASS;
1499#ifdef IN_RING0
1500typedef struct _MEMORY_BASIC_INFORMATION
1501{
1502 PVOID BaseAddress;
1503 PVOID AllocationBase;
1504 ULONG AllocationProtect;
1505 SIZE_T RegionSize;
1506 ULONG State;
1507 ULONG Protect;
1508 ULONG Type;
1509} MEMORY_BASIC_INFORMATION;
1510typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1511# define NtQueryVirtualMemory ZwQueryVirtualMemory
1512#endif
1513NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1514#ifdef IPRT_NT_USE_WINTERNL
1515NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1516#endif
1517NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1518NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1519
1520typedef enum _SYSTEM_INFORMATION_CLASS
1521{
1522 SystemBasicInformation = 0,
1523 SystemCpuInformation,
1524 SystemPerformanceInformation,
1525 SystemTimeOfDayInformation,
1526 SystemInformation_Unknown_4,
1527 SystemProcessInformation,
1528 SystemInformation_Unknown_6,
1529 SystemInformation_Unknown_7,
1530 SystemProcessorPerformanceInformation,
1531 SystemInformation_Unknown_9,
1532 SystemInformation_Unknown_10,
1533 SystemModuleInformation,
1534 SystemInformation_Unknown_12,
1535 SystemInformation_Unknown_13,
1536 SystemInformation_Unknown_14,
1537 SystemInformation_Unknown_15,
1538 SystemHandleInformation,
1539 SystemInformation_Unknown_17,
1540 SystemPageFileInformation,
1541 SystemInformation_Unknown_19,
1542 SystemInformation_Unknown_20,
1543 SystemCacheInformation,
1544 SystemInformation_Unknown_22,
1545 SystemInterruptInformation,
1546 SystemDpcBehaviourInformation,
1547 SystemFullMemoryInformation,
1548 SystemLoadGdiDriverInformation, /* 26 */
1549 SystemUnloadGdiDriverInformation, /* 27 */
1550 SystemTimeAdjustmentInformation,
1551 SystemSummaryMemoryInformation,
1552 SystemInformation_Unknown_30,
1553 SystemInformation_Unknown_31,
1554 SystemInformation_Unknown_32,
1555 SystemExceptionInformation,
1556 SystemCrashDumpStateInformation,
1557 SystemKernelDebuggerInformation,
1558 SystemContextSwitchInformation,
1559 SystemRegistryQuotaInformation,
1560 SystemInformation_Unknown_38,
1561 SystemInformation_Unknown_39,
1562 SystemInformation_Unknown_40,
1563 SystemInformation_Unknown_41,
1564 SystemInformation_Unknown_42,
1565 SystemInformation_Unknown_43,
1566 SystemCurrentTimeZoneInformation,
1567 SystemLookasideInformation,
1568 SystemSetTimeSlipEvent,
1569 SystemCreateSession,
1570 SystemDeleteSession,
1571 SystemInformation_Unknown_49,
1572 SystemRangeStartInformation,
1573 SystemVerifierInformation,
1574 SystemInformation_Unknown_52,
1575 SystemSessionProcessInformation,
1576 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1577 SystemInformation_Unknown_55,
1578 SystemInformation_Unknown_56,
1579 SystemExtendedProcessInformation,
1580 SystemInformation_Unknown_58,
1581 SystemInformation_Unknown_59,
1582 SystemInformation_Unknown_60,
1583 SystemInformation_Unknown_61,
1584 SystemInformation_Unknown_62,
1585 SystemInformation_Unknown_63,
1586 SystemExtendedHandleInformation, /* 64 */
1587
1588 /** @todo fill gap. they've added a whole bunch of things */
1589 SystemPolicyInformation = 134,
1590 SystemInformationClassMax
1591} SYSTEM_INFORMATION_CLASS;
1592
1593#ifdef IPRT_NT_USE_WINTERNL
1594typedef struct _VM_COUNTERS
1595{
1596 SIZE_T PeakVirtualSize;
1597 SIZE_T VirtualSize;
1598 ULONG PageFaultCount;
1599 SIZE_T PeakWorkingSetSize;
1600 SIZE_T WorkingSetSize;
1601 SIZE_T QuotaPeakPagedPoolUsage;
1602 SIZE_T QuotaPagedPoolUsage;
1603 SIZE_T QuotaPeakNonPagedPoolUsage;
1604 SIZE_T QuotaNonPagedPoolUsage;
1605 SIZE_T PagefileUsage;
1606 SIZE_T PeakPagefileUsage;
1607} VM_COUNTERS;
1608typedef VM_COUNTERS *PVM_COUNTERS;
1609#endif
1610
1611#if 0
1612typedef struct _IO_COUNTERS
1613{
1614 ULONGLONG ReadOperationCount;
1615 ULONGLONG WriteOperationCount;
1616 ULONGLONG OtherOperationCount;
1617 ULONGLONG ReadTransferCount;
1618 ULONGLONG WriteTransferCount;
1619 ULONGLONG OtherTransferCount;
1620} IO_COUNTERS;
1621typedef IO_COUNTERS *PIO_COUNTERS;
1622#endif
1623
1624typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1625{
1626 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
1627 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
1628 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
1629 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
1630 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
1631 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
1632 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
1633 int32_t BasePriority; /**< 0x40 / 0x48 */
1634 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
1635 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
1636 ULONG HandleCount; /**< 0x4c / 0x60 */
1637 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
1638 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
1639 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
1640 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
1641 /* After this follows the threads, then the ProcessName.Buffer. */
1642} RTNT_SYSTEM_PROCESS_INFORMATION;
1643typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1644#ifndef IPRT_NT_USE_WINTERNL
1645typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1646typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1647#endif
1648
1649typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1650{
1651 USHORT UniqueProcessId;
1652 USHORT CreatorBackTraceIndex;
1653 UCHAR ObjectTypeIndex;
1654 UCHAR HandleAttributes;
1655 USHORT HandleValue;
1656 PVOID Object;
1657 ULONG GrantedAccess;
1658} SYSTEM_HANDLE_ENTRY_INFO;
1659typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1660
1661/** Returned by SystemHandleInformation */
1662typedef struct _SYSTEM_HANDLE_INFORMATION
1663{
1664 ULONG NumberOfHandles;
1665 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1666} SYSTEM_HANDLE_INFORMATION;
1667typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1668
1669/** Extended handle information entry.
1670 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1671typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1672{
1673 PVOID Object;
1674 HANDLE UniqueProcessId;
1675 HANDLE HandleValue;
1676 ACCESS_MASK GrantedAccess;
1677 USHORT CreatorBackTraceIndex;
1678 USHORT ObjectTypeIndex;
1679 ULONG HandleAttributes;
1680 ULONG Reserved;
1681} SYSTEM_HANDLE_ENTRY_INFO_EX;
1682typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
1683
1684/** Returned by SystemExtendedHandleInformation. */
1685typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1686{
1687 ULONG_PTR NumberOfHandles;
1688 ULONG_PTR Reserved;
1689 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
1690} SYSTEM_HANDLE_INFORMATION_EX;
1691typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
1692
1693/** Input to SystemSessionProcessInformation. */
1694typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1695{
1696 ULONG SessionId;
1697 ULONG BufferLength;
1698 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
1699 PVOID Buffer;
1700} SYSTEM_SESSION_PROCESS_INFORMATION;
1701typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
1702
1703NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1704
1705NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
1706NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
1707#ifndef IPRT_NT_USE_WINTERNL
1708NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
1709#endif
1710typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
1711NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
1712
1713
1714NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
1715
1716
1717typedef struct _CURDIR
1718{
1719 UNICODE_STRING DosPath;
1720 HANDLE Handle;
1721} CURDIR;
1722typedef CURDIR *PCURDIR;
1723
1724typedef struct _RTL_DRIVE_LETTER_CURDIR
1725{
1726 USHORT Flags;
1727 USHORT Length;
1728 ULONG TimeStamp;
1729 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
1730} RTL_DRIVE_LETTER_CURDIR;
1731typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
1732
1733typedef struct _RTL_USER_PROCESS_PARAMETERS
1734{
1735 ULONG MaximumLength;
1736 ULONG Length;
1737 ULONG Flags;
1738 ULONG DebugFlags;
1739 HANDLE ConsoleHandle;
1740 ULONG ConsoleFlags;
1741 HANDLE StandardInput;
1742 HANDLE StandardOutput;
1743 HANDLE StandardError;
1744 CURDIR CurrentDirectory;
1745 UNICODE_STRING DllPath;
1746 UNICODE_STRING ImagePathName;
1747 UNICODE_STRING CommandLine;
1748 PWSTR Environment;
1749 ULONG StartingX;
1750 ULONG StartingY;
1751 ULONG CountX;
1752 ULONG CountY;
1753 ULONG CountCharsX;
1754 ULONG CountCharsY;
1755 ULONG FillAttribute;
1756 ULONG WindowFlags;
1757 ULONG ShowWindowFlags;
1758 UNICODE_STRING WindowTitle;
1759 UNICODE_STRING DesktopInfo;
1760 UNICODE_STRING ShellInfo;
1761 UNICODE_STRING RuntimeInfo;
1762 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
1763 SIZE_T EnvironmentSize; /**< Added in Vista */
1764 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
1765 PVOID PackageDependencyData; /**< Added Windows 8? */
1766 ULONG ProcessGroupId; /**< Added Windows 8? */
1767} RTL_USER_PROCESS_PARAMETERS;
1768typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
1769#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
1770
1771typedef struct _RTL_USER_PROCESS_INFORMATION
1772{
1773 ULONG Size;
1774 HANDLE ProcessHandle;
1775 HANDLE ThreadHandle;
1776 CLIENT_ID ClientId;
1777 SECTION_IMAGE_INFORMATION ImageInformation;
1778} RTL_USER_PROCESS_INFORMATION;
1779typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
1780
1781
1782NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
1783 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
1784NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
1785 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
1786 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
1787 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
1788 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
1789NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
1790NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
1791 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
1792
1793
1794RT_C_DECLS_END
1795/** @} */
1796
1797
1798#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
1799/** @name NT Kernel APIs
1800 * @{ */
1801RT_C_DECLS_BEGIN
1802
1803NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
1804 PVOID pvOptionalConditions, PHANDLE phFound);
1805NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
1806 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
1807 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
1808NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
1809NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
1810NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
1811NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
1812extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
1813extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
1814
1815RT_C_DECLS_END
1816/** @ */
1817#endif /* IN_RING0 */
1818
1819
1820#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
1821/** @name NT Userland APIs
1822 * @{ */
1823RT_C_DECLS_BEGIN
1824
1825#if 0 /** @todo figure this out some time... */
1826typedef struct CSR_MSG_DATA_CREATED_PROCESS
1827{
1828 HANDLE hProcess;
1829 HANDLE hThread;
1830 CLIENT_ID
1831 DWORD idProcess;
1832 DWORD idThread;
1833 DWORD fCreate;
1834
1835} CSR_MSG_DATA_CREATED_PROCESS;
1836
1837#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
1838#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
1839NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
1840#endif
1841NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
1842
1843RT_C_DECLS_END
1844/** @} */
1845#endif /* IN_RING3 */
1846
1847#endif
1848
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette