nt.h@ 52627

Last change on this file since 52627 was 52627, checked in by vboxsync, 10 years ago
SUP: Fixed comctl32.dll resolving (generic winsxs) and fixed a crash log statement in LdrLoadDll when the search path is used for flags instead of an actual string pointer.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 83.0 KB

Line
1	/* $Id: nt.h 52627 2014-09-05 20:18:13Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQuerySystemInformation ZwQuerySystemInformation
43	# define NtQuerySecurityObject ZwQuerySecurityObject
44	# define NtClose ZwClose
45	# define NtCreateFile ZwCreateFile
46	# define NtReadFile ZwReadFile
47	# define NtWriteFile ZwWriteFile
48	/** @todo this is very incomplete! */
49	#endif
50
51	#include <ntstatus.h>
52
53	/*
54	* Hacks common to both base header sets.
55	*/
56	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
57	#define NtQueryObject Incomplete_NtQueryObject
58	#define ZwQueryObject Incomplete_ZwQueryObject
59	#define NtSetInformationObject Incomplete_NtSetInformationObject
60	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
61	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
63	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
64	#define _PEB Incomplete__PEB
65	#define PEB Incomplete_PEB
66	#define PPEB Incomplete_PPEB
67	#define _TEB Incomplete__TEB
68	#define TEB Incomplete_TEB
69	#define PTEB Incomplete_PTEB
70	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
71	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
72	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
73
74
75
76	#ifdef IPRT_NT_USE_WINTERNL
77	/*
78	* Use Winternl.h.
79	*/
80	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
81	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
82	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
83
84	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
85	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
86	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
87	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
88	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
89	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
90	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
91	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
92	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
93	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
94	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
95	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
96
97	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
98	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
99	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
100
101	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
102	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
103	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
104	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
105	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
106
107	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
108	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
109	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
110	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
111	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
112	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
113	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
114	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
115	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
116	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
117	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
118	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
119	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
120	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
121
122
123	# define WIN32_NO_STATUS
124	# include <windef.h>
125	# include <winnt.h>
126	# include <winternl.h>
127	# undef WIN32_NO_STATUS
128	# include <ntstatus.h>
129
130
131	# undef _FILE_INFORMATION_CLASS
132	# undef FILE_INFORMATION_CLASS
133	# undef FileDirectoryInformation
134
135	# undef NtQueryInformationProcess
136	# undef NtSetInformationProcess
137	# undef PROCESSINFOCLASS
138	# undef _PROCESSINFOCLASS
139	# undef PROCESS_BASIC_INFORMATION
140	# undef PPROCESS_BASIC_INFORMATION
141	# undef _PROCESS_BASIC_INFORMATION
142	# undef ProcessBasicInformation
143	# undef ProcessDebugPort
144	# undef ProcessWow64Information
145	# undef ProcessImageFileName
146	# undef ProcessBreakOnTermination
147
148	# undef RTL_USER_PROCESS_PARAMETERS
149	# undef PRTL_USER_PROCESS_PARAMETERS
150	# undef _RTL_USER_PROCESS_PARAMETERS
151
152	# undef NtQueryInformationThread
153	# undef NtSetInformationThread
154	# undef THREADINFOCLASS
155	# undef _THREADINFOCLASS
156	# undef ThreadIsIoPending
157
158	# undef NtQuerySystemInformation
159	# undef NtSetSystemInformation
160	# undef SYSTEM_INFORMATION_CLASS
161	# undef _SYSTEM_INFORMATION_CLASS
162	# undef SystemBasicInformation
163	# undef SystemPerformanceInformation
164	# undef SystemTimeOfDayInformation
165	# undef SystemProcessInformation
166	# undef SystemProcessorPerformanceInformation
167	# undef SystemInterruptInformation
168	# undef SystemExceptionInformation
169	# undef SystemRegistryQuotaInformation
170	# undef SystemLookasideInformation
171	# undef SystemPolicyInformation
172
173	#else
174	/*
175	* Use ntifs.h and wdm.h.
176	*/
177	# ifdef RT_ARCH_X86
178	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
179	# pragma warning(disable : 4163)
180	# endif
181
182	# include <ntifs.h>
183	# include <wdm.h>
184
185	# ifdef RT_ARCH_X86
186	# pragma warning(default : 4163)
187	# undef _InterlockedAddLargeStatistic
188	# endif
189
190	# define IPRT_NT_NEED_API_GROUP_NTIFS
191	#endif
192
193	#undef RtlFreeUnicodeString
194	#undef NtQueryObject
195	#undef ZwQueryObject
196	#undef NtSetInformationObject
197	#undef _OBJECT_INFORMATION_CLASS
198	#undef OBJECT_INFORMATION_CLASS
199	#undef ObjectBasicInformation
200	#undef ObjectTypeInformation
201	#undef _PEB
202	#undef PEB
203	#undef PPEB
204	#undef _TEB
205	#undef TEB
206	#undef PTEB
207	#undef _PEB_LDR_DATA
208	#undef PEB_LDR_DATA
209	#undef PPEB_LDR_DATA
210
211
212	#include <iprt/types.h>
213	#include <iprt/assert.h>
214
215
216	/** @name Useful macros
217	* @{ */
218	/** Indicates that we're targetting native NT in the current source. */
219	#define RTNT_USE_NATIVE_NT 1
220	/** Initializes a IO_STATUS_BLOCK. */
221	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
222	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
223	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
224	/** Constant UNICODE_STRING initializer. */
225	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
226	/** @} */
227
228
229	/** @name IPRT helper functions for NT
230	* @{ */
231	RT_C_DECLS_BEGIN
232
233	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
234	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
235	PHANDLE phHandle, PULONG_PTR puDisposition);
236	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
237	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
238	RTDECL(int) RTNtPathClose(HANDLE hHandle);
239
240	RT_C_DECLS_END
241	/** @} */
242
243
244	/** @name NT API delcarations.
245	* @{ */
246	RT_C_DECLS_BEGIN
247
248	/** @name Process access rights missing in ntddk headers
249	* @{ */
250	#ifndef PROCESS_TERMINATE
251	# define PROCESS_TERMINATE UINT32_C(0x00000001)
252	#endif
253	#ifndef PROCESS_CREATE_THREAD
254	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
255	#endif
256	#ifndef PROCESS_SET_SESSIONID
257	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
258	#endif
259	#ifndef PROCESS_VM_OPERATION
260	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
261	#endif
262	#ifndef PROCESS_VM_READ
263	# define PROCESS_VM_READ UINT32_C(0x00000010)
264	#endif
265	#ifndef PROCESS_VM_WRITE
266	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
267	#endif
268	#ifndef PROCESS_DUP_HANDLE
269	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
270	#endif
271	#ifndef PROCESS_CREATE_PROCESS
272	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
273	#endif
274	#ifndef PROCESS_SET_QUOTA
275	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
276	#endif
277	#ifndef PROCESS_SET_INFORMATION
278	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
279	#endif
280	#ifndef PROCESS_QUERY_INFORMATION
281	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
282	#endif
283	#ifndef PROCESS_SUSPEND_RESUME
284	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
285	#endif
286	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
287	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
288	#endif
289	#ifndef PROCESS_SET_LIMITED_INFORMATION
290	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
291	#endif
292	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
293	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
294	#ifndef PROCESS_ALL_ACCESS
295	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
296	#endif
297	/** @} */
298
299	/** @name Thread access rights missing in ntddk headers
300	* @{ */
301	#ifndef THREAD_QUERY_INFORMATION
302	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
303	#endif
304	#ifndef THREAD_SET_THREAD_TOKEN
305	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
306	#endif
307	#ifndef THREAD_IMPERSONATE
308	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
309	#endif
310	#ifndef THREAD_DIRECT_IMPERSONATION
311	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
312	#endif
313	#ifndef THREAD_RESUME
314	# define THREAD_RESUME UINT32_C(0x00001000)
315	#endif
316	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
317	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
318	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
319	/** @} */
320
321	/** @name Special handle values.
322	* @{ */
323	#ifndef NtCurrentProcess
324	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
325	#endif
326	#ifndef NtCurrentThread
327	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
328	#endif
329	#ifndef ZwCurrentProcess
330	# define ZwCurrentProcess() NtCurrentProcess()
331	#endif
332	#ifndef ZwCurrentThread
333	# define ZwCurrentThread() NtCurrentThread()
334	#endif
335	/** @} */
336
337
338	/** @name Directory object access rights.
339	* @{ */
340	#ifndef DIRECTORY_QUERY
341	# define DIRECTORY_QUERY UINT32_C(0x00000001)
342	#endif
343	#ifndef DIRECTORY_TRAVERSE
344	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
345	#endif
346	#ifndef DIRECTORY_CREATE_OBJECT
347	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
348	#endif
349	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
350	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
351	#endif
352	#ifndef DIRECTORY_ALL_ACCESS
353	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
354	#endif
355	/** @} */
356
357
358
359	#ifdef IPRT_NT_USE_WINTERNL
360	typedef struct _CLIENT_ID
361	{
362	HANDLE UniqueProcess;
363	HANDLE UniqueThread;
364	} CLIENT_ID;
365	typedef CLIENT_ID *PCLIENT_ID;
366	#endif
367
368	/** @name Process And Thread Environment Blocks
369	* @{ */
370
371	typedef struct _PEB_LDR_DATA
372	{
373	uint32_t Length;
374	BOOLEAN Initialized;
375	BOOLEAN Padding[3];
376	HANDLE SsHandle;
377	LIST_ENTRY InLoadOrderModuleList;
378	LIST_ENTRY InMemoryOrderModuleList;
379	LIST_ENTRY InInitializationOrderModuleList;
380	/* End NT4 */
381	LIST_ENTRY *EntryInProgress;
382	BOOLEAN ShutdownInProgress;
383	HANDLE ShutdownThreadId;
384	} PEB_LDR_DATA;
385	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
386
387	typedef struct _PEB_COMMON
388	{
389	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
390	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
391	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
392	union
393	{
394	uint8_t BitField; /*< 0x003 / 0x003 /
395	struct
396	{
397	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
398	} Common;
399	struct
400	{
401	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
402	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
403	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
404	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
405	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
406	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
407	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
408	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
409	} W81;
410	struct
411	{
412	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
413	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
414	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
415	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
416	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
417	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
418	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
419	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
420	} W80;
421	struct
422	{
423	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
424	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
425	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
426	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
427	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
428	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
429	} W7;
430	struct
431	{
432	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
433	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
434	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
435	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
436	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
437	} W6;
438	struct
439	{
440	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
441	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
442	} W52;
443	struct
444	{
445	BOOLEAN SpareBool;
446	} W51;
447	} Diff0;
448	#if ARCH_BITS == 64
449	uint32_t Padding0; /*< 0x004 / NA /
450	#endif
451	HANDLE Mutant; /*< 0x008 / 0x004 /
452	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
453	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
454	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
455	PVOID SubSystemData; /*< 0x028 / 0x014 /
456	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
457	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
458	union
459	{
460	struct
461	{
462	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
463	PVOID IFEOKey; /*< 0x048 / 0x024 /
464	union
465	{
466	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
467	struct
468	{
469	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
470	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
471	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
472	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
473	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
474	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
475	} W7, W8, W80, W81;
476	struct
477	{
478	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
479	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
480	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
481	} W6;
482	};
483	#if ARCH_BITS == 64
484	uint32_t Padding1; /*< 0x054 / /
485	#endif
486	} W6, W7, W8, W80, W81;
487	struct
488	{
489	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
490	PVOID SparePtr2; /*< 0x048 / 0x024 /
491	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
492	#if ARCH_BITS == 64
493	uint32_t Padding1; /*< 0x054 / /
494	#endif
495	} W52;
496	struct
497	{
498	PVOID FastPebLockRoutine; /*< NA / 0x020 /
499	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
500	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
501	} W51;
502	} Diff1;
503	union
504	{
505	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
506	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
507	};
508	uint32_t SystemReserved; /*< 0x060 / 0x030 /
509	union
510	{
511	struct
512	{
513	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
514	} W7, W8, W80, W81;
515	struct
516	{
517	uint32_t SpareUlong; /*< 0x064 / 0x034 /
518	} W52, W6;
519	struct
520	{
521	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
522	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
523	} W51;
524	} Diff2;
525	union
526	{
527	struct
528	{
529	PVOID ApiSetMap; /*< 0x068 / 0x038 /
530	} W7, W8, W80, W81;
531	struct
532	{
533	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
534	} W52, W6;
535	struct
536	{
537	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
538	} W51;
539	} Diff3;
540	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
541	#if ARCH_BITS == 64
542	uint32_t Padding2; /*< 0x074 / NA /
543	#endif
544	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
545	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
546	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
547	union
548	{
549	struct
550	{
551	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
552	} W81;
553	struct
554	{
555	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
556	} W6, W7, W80;
557	struct
558	{
559	PVOID ReadOnlySharedMemoryHeap;
560	} W52;
561	} Diff4;
562	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
563	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
564	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
565	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
566	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
567	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
568	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
569	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
570	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
571	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
572	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
573	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
574	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
575	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
576	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
577	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
578	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
579	#if ARCH_BITS == 64
580	uint32_t Padding3; /*< 0x10c / NA /
581	#endif
582	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
583	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
584	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
585	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
586	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
587	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
588	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
589	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
590	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
591	#if ARCH_BITS == 64
592	uint32_t Padding4; /*< 0x134 / NA /
593	#endif
594	union
595	{
596	struct
597	{
598	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
599	} W7, W8, W80, W81;
600	struct
601	{
602	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
603	} W52, W6;
604	} Diff5;
605	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
606	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
607	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
608	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
609	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
610	#if ARCH_BITS == 64
611	uint32_t Padding5; /*< 0x2c4 / NA /
612	#endif
613	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
614	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
615	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
616	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
617	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
618	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
619	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
620	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
621	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
622	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
623	/* End of PEB in W52 (Windows XP (RTM))! */
624	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
625	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
626	PVOID FlsBitmap; /*< 0x338 / 0x218 /
627	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
628	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
629	/* End of PEB in W52 (Windows Server 2003)! */
630	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
631	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
632	/* End of PEB in W6 (windows Vista)! */
633	union
634	{
635	struct
636	{
637	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
638	} W8, W80, W81;
639	struct
640	{
641	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
642	} W7;
643	} Diff6;
644	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
645	union
646	{
647	uint32_t TracingFlags; /*< 0x378 / 0x240 /
648	struct
649	{
650	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
651	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
652	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
653	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
654	} W8, W80, W81;
655	struct
656	{
657	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
658	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
659	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
660	} W7;
661	} Diff7;
662	#if ARCH_BITS == 64
663	uint32_t Padding6; /*< 0x37c / NA /
664	#endif
665	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
666	} PEB_COMMON;
667	typedef PEB_COMMON *PPEB_COMMON;
668
669	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
670	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
671	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
672	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
673	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
674	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
675	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
676	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
677	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
678
679	/** The size of the windows 8.1 PEB structure. */
680	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
681	/** The size of the windows 8.0 PEB structure. */
682	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
683	/** The size of the windows 7 PEB structure. */
684	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
685	/** The size of the windows vista PEB structure. */
686	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
687	/** The size of the windows server 2003 PEB structure. */
688	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
689	/** The size of the windows XP PEB structure. */
690	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
691
692	#if 0
693	typedef struct _NT_TIB
694	{
695	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
696	PVOID StackBase;
697	PVOID StackLimit;
698	PVOID SubSystemTib;
699	union
700	{
701	PVOID FiberData;
702	ULONG Version;
703	};
704	PVOID ArbitraryUserPointer;
705	struct _NT_TIB *Self;
706	} NT_TIB;
707	typedef NT_TIB *PNT_TIB;
708	#endif
709
710	typedef struct _ACTIVATION_CONTEXT_STACK
711	{
712	uint32_t Flags;
713	uint32_t NextCookieSequenceNumber;
714	PVOID ActiveFrame;
715	LIST_ENTRY FrameListCache;
716	} ACTIVATION_CONTEXT_STACK;
717
718	/* Common TEB. */
719	typedef struct _TEB_COMMON
720	{
721	NT_TIB NtTib; /*< 0x000 / 0x000 /
722	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
723	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
724	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
725	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
726	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
727	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
728	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
729	PVOID CsrClientThread; /*< 0x070 / 0x03c /
730	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
731	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
732	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
733	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
734	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
735	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
736	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
737	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
738	#if ARCH_BITS == 64
739	uint32_t Padding0; /*< 0x2c4 / NA /
740	#endif
741	union
742	{
743	struct
744	{
745	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
746	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
747	} W52, W6, W7, W8, W80, W81;
748	#if ARCH_BITS == 32
749	struct
750	{
751	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
752	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
753	} W51;
754	#endif
755	} Diff0;
756	union
757	{
758	struct
759	{
760	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
761	} W6, W7, W8, W80, W81;
762	struct
763	{
764	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
765	} W52;
766	} Diff1;
767	#if ARCH_BITS == 64
768	uint32_t Padding1; /*< 0x2ec / NA /
769	#endif
770	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
771	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
772	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
773	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
774	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
775	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
776	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
777	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
778	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
779	PVOID glReserved2; /*< 0x1220 / 0xbdc /
780	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
781	PVOID glSection; /*< 0x1230 / 0xbe4 /
782	PVOID glTable; /*< 0x1238 / 0xbe8 /
783	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
784	PVOID glContext; /*< 0x1248 / 0xbf0 /
785	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
786	#if ARCH_BITS == 64
787	uint32_t Padding2; /*< 0x1254 / NA /
788	#endif
789	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
790	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
791	#if ARCH_BITS == 64
792	WCHAR Padding3[3]; /*< 0x1472 / NA /
793	#endif
794	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
795	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
796	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
797	PVOID Vdm; /*< 0x1690 / 0xf18 /
798	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
799	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
800	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
801	#if ARCH_BITS == 64
802	uint32_t Padding4; /*< 0x16b4 / NA /
803	#endif
804	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
805	union
806	{
807	struct
808	{
809	GUID ActivityId; /*< 0x1710 / 0xf50 /
810	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
811	} W6, W7, W8, W80, W81;
812	struct
813	{
814	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
815	} W52;
816	} Diff2;
817	union /*< 0x1728 / 0xf64 /
818	{
819	struct
820	{
821	PVOID PerflibData; /*< 0x1728 / 0xf64 /
822	} W8, W80, W81;
823	struct
824	{
825	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
826	} W7, W6;
827	struct
828	{
829	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
830	} W52;
831	struct
832	{
833	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
834	} W51;
835	} Diff3;
836	union
837	{
838	struct
839	{
840	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
841	} W52, W6, W7, W8, W80, W81;
842	struct
843	{
844	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
845	} W51;
846	} Diff4;
847	PVOID WinSockData; /*< 0x1738 / 0xf6c /
848	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
849	union
850	{
851	union
852	{
853	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
854	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
855	struct
856	{
857	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
858	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
859	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
860	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
861	};
862	} W6, W7, W8, W80, W81;
863	struct
864	{
865	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
866	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
867	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
868	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
869	} W51, W52;
870	} Diff5;
871	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
872	#if ARCH_BITS == 64
873	uint32_t Padding5; /*< 0x174c / NA /
874	#endif
875	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
876	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
877	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
878	#if ARCH_BITS == 64
879	uint32_t Padding6; /*< 0x1764 / NA /
880	#endif
881	union /*< 0x1770 / 0xf8c /
882	{
883	struct
884	{
885	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
886	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
887	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
888	} W8, W80, W81;
889	struct
890	{
891	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
892	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
893	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
894	} W6, W7;
895	struct
896	{
897	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
898	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
899	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
900	} W52;
901	#if ARCH_BITS == 32
902	struct _Wx86ThreadState
903	{
904	PVOID CallBx86Eip; /*< NA / 0xf88 /
905	PVOID DeallocationCpu; /*< NA / 0xf8c /
906	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
907	int8_t OleStubInvoked; /*< NA / 0xf91 /
908	} W51;
909	#endif
910	} Diff6;
911	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
912	#if ARCH_BITS == 64
913	PVOID DallocationBStore; /*< 0x1788 / NA /
914	PVOID BStoreLimit; /*< 0x1790 / NA /
915	#endif
916	union
917	{
918	struct
919	{
920	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
921	} W7, W8, W80, W81;
922	struct
923	{
924	uint32_t ImpersonationLocale;
925	} W6;
926	} Diff7;
927	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
928	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
929	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
930	union /*< 0x17b0 / 0xfa8 /
931	{
932	struct
933	{
934	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
935	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
936	} W8, W80, W81;
937	struct
938	{
939	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
940	} W7;
941	} Diff8;
942	#if ARCH_BITS == 64
943	uint32_t Padding7; /*< 0x17b4 / NA /
944	#endif
945	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
946	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
947	/* End of TEB in W51 (Windows XP)! */
948	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
949	union
950	{
951	struct
952	{
953	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
954	} W6, W7, W8, W80, W81;
955	struct
956	{
957	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
958	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
959	/* End of TEB in W52 (Windows server 2003)! */
960	} W52;
961	} Diff9;
962	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
963	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
964	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
965	union
966	{
967	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
968	struct
969	{
970	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
971	};
972	};
973	union
974	{
975	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
976	struct
977	{
978	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
979	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
980	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
981	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
982	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
983	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
984	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
985	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
986	} Common;
987	struct
988	{
989	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
990	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
991	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
992	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
993	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
994	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
995	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
996	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
997	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
998	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
999	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1000	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1001	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1002	} W8, W80, W81;
1003	struct
1004	{
1005	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1006	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1007	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1008	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1009	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1010	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1011	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1012	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1013	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1014	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1015	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1016	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1017	} W7;
1018	struct
1019	{
1020	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1021	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1022	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1023	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1024	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1025	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1026	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1027	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1028	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1029	} W6;
1030	} Diff10;
1031	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1032	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1033	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1034	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1035	union
1036	{
1037	struct
1038	{
1039	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1040	} W7, W8, W80, W81;
1041	struct
1042	{
1043	uint32_t ProcessRundown;
1044	} W6;
1045	} Diff11;
1046	union
1047	{
1048	struct
1049	{
1050	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1051	/* End of TEB in W7 (windows 7)! */
1052	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1053	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1054	} W8, W80, W81;
1055	struct
1056	{
1057	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1058	} W7;
1059	struct
1060	{
1061	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1062	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1063	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1064	/* End of TEB in W6 (windows Vista)! */
1065	} W6;
1066	} Diff12;
1067	} TEB_COMMON;
1068	typedef TEB_COMMON *PTEB_COMMON;
1069	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1070	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1071	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1072	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1073	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1074	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1075	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1076	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1077	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1078	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1079	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1080	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1081	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1082
1083
1084	/** The size of the windows 8.1 PEB structure. */
1085	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1086	/** The size of the windows 8.0 PEB structure. */
1087	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1088	/** The size of the windows 7 PEB structure. */
1089	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1090	/** The size of the windows vista PEB structure. */
1091	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1092	/** The size of the windows server 2003 PEB structure. */
1093	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1094	/** The size of the windows XP PEB structure. */
1095	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1096
1097
1098
1099	#define _PEB _PEB_COMMON
1100	typedef PEB_COMMON PEB;
1101	typedef PPEB_COMMON PPEB;
1102
1103	#define _TEB _TEB_COMMON
1104	typedef TEB_COMMON TEB;
1105	typedef PTEB_COMMON PTEB;
1106
1107	#define NtCurrentPeb() (((PTEB)NtCurrentTeb())->ProcessEnvironmentBlock)
1108
1109	/** @} */
1110
1111
1112	#ifdef IPRT_NT_USE_WINTERNL
1113	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1114	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1115	typedef enum _SECTION_INHERIT
1116	{
1117	ViewShare = 1,
1118	ViewUnmap
1119	} SECTION_INHERIT;
1120	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1121	ULONG, ULONG);
1122
1123
1124	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1125	{
1126	ULONG FileSystemAttributes;
1127	LONG MaximumComponentNameLength;
1128	ULONG FileSystemNameLength;
1129	WCHAR FileSystemName[1];
1130	} FILE_FS_ATTRIBUTE_INFORMATION;
1131	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1132
1133	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1134	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1135	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1136	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1137
1138	typedef enum _FSINFOCLASS
1139	{
1140	FileFsVolumeInformation = 1,
1141	FileFsLabelInformation,
1142	FileFsSizeInformation,
1143	FileFsDeviceInformation,
1144	FileFsAttributeInformation,
1145	FileFsControlInformation,
1146	FileFsFullSizeInformation,
1147	FileFsObjectIdInformation,
1148	FileFsDriverPathInformation,
1149	FileFsVolumeFlagsInformation,
1150	FileFsSectorSizeInformation,
1151	FileFsDataCopyInformation,
1152	FileFsMaximumInformation
1153	} FS_INFORMATION_CLASS;
1154	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1155	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1156
1157	typedef struct _FILE_BOTH_DIR_INFORMATION
1158	{
1159	ULONG NextEntryOffset;
1160	ULONG FileIndex;
1161	LARGE_INTEGER CreationTime;
1162	LARGE_INTEGER LastAccessTime;
1163	LARGE_INTEGER LastWriteTime;
1164	LARGE_INTEGER ChangeTime;
1165	LARGE_INTEGER EndOfFile;
1166	LARGE_INTEGER AllocationSize;
1167	ULONG FileAttributes;
1168	ULONG FileNameLength;
1169	ULONG EaSize;
1170	CCHAR ShortNameLength;
1171	WCHAR ShortName[12];
1172	WCHAR FileName[1];
1173	} FILE_BOTH_DIR_INFORMATION;
1174	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1175	typedef struct _FILE_STANDARD_INFORMATION
1176	{
1177	LARGE_INTEGER AllocationSize;
1178	LARGE_INTEGER EndOfFile;
1179	ULONG NumberOfLinks;
1180	BOOLEAN DeletePending;
1181	BOOLEAN Directory;
1182	} FILE_STANDARD_INFORMATION;
1183	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1184	typedef struct _FILE_NAME_INFORMATION
1185	{
1186	ULONG FileNameLength;
1187	WCHAR FileName[1];
1188	} FILE_NAME_INFORMATION;
1189	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1190	typedef enum _FILE_INFORMATION_CLASS
1191	{
1192	FileDirectoryInformation = 1,
1193	FileFullDirectoryInformation,
1194	FileBothDirectoryInformation,
1195	FileBasicInformation,
1196	FileStandardInformation,
1197	FileInternalInformation,
1198	FileEaInformation,
1199	FileAccessInformation,
1200	FileNameInformation,
1201	FileRenameInformation,
1202	FileLinkInformation,
1203	FileNamesInformation,
1204	FileDispositionInformation,
1205	FilePositionInformation,
1206	FileFullEaInformation,
1207	FileModeInformation,
1208	FileAlignmentInformation,
1209	FileAllInformation,
1210	FileAllocationInformation,
1211	FileEndOfFileInformation,
1212	FileAlternateNameInformation,
1213	FileStreamInformation,
1214	FilePipeInformation,
1215	FilePipeLocalInformation,
1216	FilePipeRemoteInformation,
1217	FileMailslotQueryInformation,
1218	FileMailslotSetInformation,
1219	FileCompressionInformation,
1220	FileObjectIdInformation,
1221	FileCompletionInformation,
1222	FileMoveClusterInformation,
1223	FileQuotaInformation,
1224	FileReparsePointInformation,
1225	FileNetworkOpenInformation,
1226	FileAttributeTagInformation,
1227	FileTrackingInformation,
1228	FileIdBothDirectoryInformation,
1229	FileIdFullDirectoryInformation,
1230	FileValidDataLengthInformation,
1231	FileShortNameInformation,
1232	FileIoCompletionNotificationInformation,
1233	FileIoStatusBlockRangeInformation,
1234	FileIoPriorityHintInformation,
1235	FileSfioReserveInformation,
1236	FileSfioVolumeInformation,
1237	FileHardLinkInformation,
1238	FileProcessIdsUsingFileInformation,
1239	FileNormalizedNameInformation,
1240	FileNetworkPhysicalNameInformation,
1241	FileIdGlobalTxDirectoryInformation,
1242	FileIsRemoteDeviceInformation,
1243	FileUnusedInformation,
1244	FileNumaNodeInformation,
1245	FileStandardLinkInformation,
1246	FileRemoteProtocolInformation,
1247	FileRenameInformationBypassAccessCheck,
1248	FileLinkInformationBypassAccessCheck,
1249	FileVolumeNameInformation,
1250	FileIdInformation,
1251	FileIdExtdDirectoryInformation,
1252	FileReplaceCompletionInformation,
1253	FileHardLinkFullIdInformation,
1254	FileMaximumInformation
1255	} FILE_INFORMATION_CLASS;
1256	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1257	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1258	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1259	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1260
1261	typedef struct _MEMORY_SECTION_NAME
1262	{
1263	UNICODE_STRING SectionFileName;
1264	WCHAR NameBuffer[1];
1265	} MEMORY_SECTION_NAME;
1266
1267	#ifdef IPRT_NT_USE_WINTERNL
1268	typedef struct _PROCESS_BASIC_INFORMATION
1269	{
1270	NTSTATUS ExitStatus;
1271	PPEB PebBaseAddress;
1272	ULONG_PTR AffinityMask;
1273	int32_t BasePriority;
1274	ULONG_PTR UniqueProcessId;
1275	ULONG_PTR InheritedFromUniqueProcessId;
1276	} PROCESS_BASIC_INFORMATION;
1277	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1278	#endif
1279
1280	typedef enum _PROCESSINFOCLASS
1281	{
1282	ProcessBasicInformation = 0,
1283	ProcessQuotaLimits,
1284	ProcessIoCounters,
1285	ProcessVmCounters,
1286	ProcessTimes,
1287	ProcessBasePriority,
1288	ProcessRaisePriority,
1289	ProcessDebugPort,
1290	ProcessExceptionPort,
1291	ProcessAccessToken,
1292	ProcessLdtInformation,
1293	ProcessLdtSize,
1294	ProcessDefaultHardErrorMode,
1295	ProcessIoPortHandlers,
1296	ProcessPooledUsageAndLimits,
1297	ProcessWorkingSetWatch,
1298	ProcessUserModeIOPL,
1299	ProcessEnableAlignmentFaultFixup,
1300	ProcessPriorityClass,
1301	ProcessWx86Information,
1302	ProcessHandleCount,
1303	ProcessAffinityMask,
1304	ProcessPriorityBoost,
1305	ProcessDeviceMap,
1306	ProcessSessionInformation,
1307	ProcessForegroundInformation,
1308	ProcessWow64Information,
1309	ProcessImageFileName,
1310	ProcessLUIDDeviceMapsEnabled,
1311	ProcessBreakOnTermination,
1312	ProcessDebugObjectHandle,
1313	ProcessDebugFlags,
1314	ProcessHandleTracing,
1315	ProcessIoPriority,
1316	ProcessExecuteFlags,
1317	ProcessTlsInformation,
1318	ProcessCookie,
1319	ProcessImageInformation,
1320	ProcessCycleTime,
1321	ProcessPagePriority,
1322	ProcessInstrumentationCallbak,
1323	ProcessThreadStackAllocation,
1324	ProcessWorkingSetWatchEx,
1325	ProcessImageFileNameWin32,
1326	ProcessImageFileMapping,
1327	ProcessAffinityUpdateMode,
1328	ProcessMemoryAllocationMode,
1329	ProcessGroupInformation,
1330	ProcessTokenVirtualizationEnabled,
1331	ProcessConsoleHostProcess,
1332	ProcessWindowsInformation,
1333	MaxProcessInfoClass
1334	} PROCESSINFOCLASS;
1335	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1336
1337	typedef enum _THREADINFOCLASS
1338	{
1339	ThreadBasicInformation = 0,
1340	ThreadTimes,
1341	ThreadPriority,
1342	ThreadBasePriority,
1343	ThreadAffinityMask,
1344	ThreadImpersonationToken,
1345	ThreadDescriptorTableEntry,
1346	ThreadEnableAlignmentFaultFixup,
1347	ThreadEventPair_Reusable,
1348	ThreadQuerySetWin32StartAddress,
1349	ThreadZeroTlsCell,
1350	ThreadPerformanceCount,
1351	ThreadAmILastThread,
1352	ThreadIdealProcessor,
1353	ThreadPriorityBoost,
1354	ThreadSetTlsArrayAddress,
1355	ThreadIsIoPending,
1356	ThreadHideFromDebugger,
1357	ThreadBreakOnTermination,
1358	ThreadSwitchLegacyState,
1359	ThreadIsTerminated,
1360	ThreadLastSystemCall,
1361	ThreadIoPriority,
1362	ThreadCycleTime,
1363	ThreadPagePriority,
1364	ThreadActualBasePriority,
1365	ThreadTebInformation,
1366	ThreadCSwitchMon,
1367	ThreadCSwitchPmu,
1368	ThreadWow64Context,
1369	ThreadGroupInformation,
1370	ThreadUmsInformation,
1371	ThreadCounterProfiling,
1372	ThreadIdealProcessorEx,
1373	ThreadCpuAccountingInformation,
1374	MaxThreadInfoClass
1375	} THREADINFOCLASS;
1376	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1377
1378	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1379
1380	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1381	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1382
1383	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1384	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1385
1386	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1387	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1388	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1389	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1390	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1391	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1392	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1393	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1394	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1395
1396	#endif /* IPRT_NT_USE_WINTERNL */
1397
1398	typedef enum _OBJECT_INFORMATION_CLASS
1399	{
1400	ObjectBasicInformation = 0,
1401	ObjectNameInformation,
1402	ObjectTypeInformation,
1403	ObjectAllInformation,
1404	ObjectDataInformation
1405	} OBJECT_INFORMATION_CLASS;
1406	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1407	#ifdef IN_RING0
1408	# define NtQueryObject ZwQueryObject
1409	#endif
1410	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1411	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1412	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1413
1414	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1415
1416	typedef struct _OBJECT_DIRECTORY_INFORMATION
1417	{
1418	UNICODE_STRING Name;
1419	UNICODE_STRING TypeName;
1420	} OBJECT_DIRECTORY_INFORMATION;
1421	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1422	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1423
1424	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1425	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1426	/** @name ProcessDefaultHardErrorMode bit definitions.
1427	* @{ */
1428	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1429	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1430	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1431	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1432	/** @} */
1433	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1434	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1435
1436	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1437	typedef struct _SECTION_IMAGE_INFORMATION
1438	{
1439	PVOID TransferAddress;
1440	ULONG ZeroBits;
1441	SIZE_T MaximumStackSize;
1442	SIZE_T CommittedStackSize;
1443	ULONG SubSystemType;
1444	union
1445	{
1446	struct
1447	{
1448	USHORT SubSystemMinorVersion;
1449	USHORT SubSystemMajorVersion;
1450	};
1451	ULONG SubSystemVersion;
1452	};
1453	ULONG GpValue;
1454	USHORT ImageCharacteristics;
1455	USHORT DllCharacteristics;
1456	USHORT Machine;
1457	BOOLEAN ImageContainsCode;
1458	union /*< Since Vista, used to be a spare BOOLEAN. /
1459	{
1460	struct
1461	{
1462	UCHAR ComPlusNativeRead : 1;
1463	UCHAR ComPlusILOnly : 1;
1464	UCHAR ImageDynamicallyRelocated : 1;
1465	UCHAR ImageMAppedFlat : 1;
1466	UCHAR Reserved : 4;
1467	};
1468	UCHAR ImageFlags;
1469	};
1470	ULONG LoaderFlags;
1471	ULONG ImageFileSize; /*< Since XP? /
1472	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1473	} SECTION_IMAGE_INFORMATION;
1474	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1475
1476	typedef enum _SECTION_INFORMATION_CLASS
1477	{
1478	SectionBasicInformation = 0,
1479	SectionImageInformation,
1480	MaxSectionInfoClass
1481	} SECTION_INFORMATION_CLASS;
1482	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1483
1484	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1485	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1486	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1487	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1488	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1489	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1490
1491
1492	#ifndef SEC_FILE
1493	# define SEC_FILE UINT32_C(0x00800000)
1494	#endif
1495	#ifndef SEC_IMAGE
1496	# define SEC_IMAGE UINT32_C(0x01000000)
1497	#endif
1498	#ifndef SEC_PROTECTED_IMAGE
1499	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1500	#endif
1501	#ifndef SEC_NOCACHE
1502	# define SEC_NOCACHE UINT32_C(0x10000000)
1503	#endif
1504	#ifndef MEM_ROTATE
1505	# define MEM_ROTATE UINT32_C(0x00800000)
1506	#endif
1507	typedef enum _MEMORY_INFORMATION_CLASS
1508	{
1509	MemoryBasicInformation = 0,
1510	MemoryWorkingSetList,
1511	MemorySectionName,
1512	MemoryBasicVlmInformation
1513	} MEMORY_INFORMATION_CLASS;
1514	#ifdef IN_RING0
1515	typedef struct _MEMORY_BASIC_INFORMATION
1516	{
1517	PVOID BaseAddress;
1518	PVOID AllocationBase;
1519	ULONG AllocationProtect;
1520	SIZE_T RegionSize;
1521	ULONG State;
1522	ULONG Protect;
1523	ULONG Type;
1524	} MEMORY_BASIC_INFORMATION;
1525	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1526	# define NtQueryVirtualMemory ZwQueryVirtualMemory
1527	#endif
1528	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1529	#ifdef IPRT_NT_USE_WINTERNL
1530	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1531	#endif
1532	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1533	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1534
1535	typedef enum _SYSTEM_INFORMATION_CLASS
1536	{
1537	SystemBasicInformation = 0,
1538	SystemCpuInformation,
1539	SystemPerformanceInformation,
1540	SystemTimeOfDayInformation,
1541	SystemInformation_Unknown_4,
1542	SystemProcessInformation,
1543	SystemInformation_Unknown_6,
1544	SystemInformation_Unknown_7,
1545	SystemProcessorPerformanceInformation,
1546	SystemInformation_Unknown_9,
1547	SystemInformation_Unknown_10,
1548	SystemModuleInformation,
1549	SystemInformation_Unknown_12,
1550	SystemInformation_Unknown_13,
1551	SystemInformation_Unknown_14,
1552	SystemInformation_Unknown_15,
1553	SystemHandleInformation,
1554	SystemInformation_Unknown_17,
1555	SystemPageFileInformation,
1556	SystemInformation_Unknown_19,
1557	SystemInformation_Unknown_20,
1558	SystemCacheInformation,
1559	SystemInformation_Unknown_22,
1560	SystemInterruptInformation,
1561	SystemDpcBehaviourInformation,
1562	SystemFullMemoryInformation,
1563	SystemLoadGdiDriverInformation, /* 26 */
1564	SystemUnloadGdiDriverInformation, /* 27 */
1565	SystemTimeAdjustmentInformation,
1566	SystemSummaryMemoryInformation,
1567	SystemInformation_Unknown_30,
1568	SystemInformation_Unknown_31,
1569	SystemInformation_Unknown_32,
1570	SystemExceptionInformation,
1571	SystemCrashDumpStateInformation,
1572	SystemKernelDebuggerInformation,
1573	SystemContextSwitchInformation,
1574	SystemRegistryQuotaInformation,
1575	SystemInformation_Unknown_38,
1576	SystemInformation_Unknown_39,
1577	SystemInformation_Unknown_40,
1578	SystemInformation_Unknown_41,
1579	SystemInformation_Unknown_42,
1580	SystemInformation_Unknown_43,
1581	SystemCurrentTimeZoneInformation,
1582	SystemLookasideInformation,
1583	SystemSetTimeSlipEvent,
1584	SystemCreateSession,
1585	SystemDeleteSession,
1586	SystemInformation_Unknown_49,
1587	SystemRangeStartInformation,
1588	SystemVerifierInformation,
1589	SystemInformation_Unknown_52,
1590	SystemSessionProcessInformation,
1591	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1592	SystemInformation_Unknown_55,
1593	SystemInformation_Unknown_56,
1594	SystemExtendedProcessInformation,
1595	SystemInformation_Unknown_58,
1596	SystemInformation_Unknown_59,
1597	SystemInformation_Unknown_60,
1598	SystemInformation_Unknown_61,
1599	SystemInformation_Unknown_62,
1600	SystemInformation_Unknown_63,
1601	SystemExtendedHandleInformation, /* 64 */
1602
1603	/** @todo fill gap. they've added a whole bunch of things */
1604	SystemPolicyInformation = 134,
1605	SystemInformationClassMax
1606	} SYSTEM_INFORMATION_CLASS;
1607
1608	#ifdef IPRT_NT_USE_WINTERNL
1609	typedef struct _VM_COUNTERS
1610	{
1611	SIZE_T PeakVirtualSize;
1612	SIZE_T VirtualSize;
1613	ULONG PageFaultCount;
1614	SIZE_T PeakWorkingSetSize;
1615	SIZE_T WorkingSetSize;
1616	SIZE_T QuotaPeakPagedPoolUsage;
1617	SIZE_T QuotaPagedPoolUsage;
1618	SIZE_T QuotaPeakNonPagedPoolUsage;
1619	SIZE_T QuotaNonPagedPoolUsage;
1620	SIZE_T PagefileUsage;
1621	SIZE_T PeakPagefileUsage;
1622	} VM_COUNTERS;
1623	typedef VM_COUNTERS *PVM_COUNTERS;
1624	#endif
1625
1626	#if 0
1627	typedef struct _IO_COUNTERS
1628	{
1629	ULONGLONG ReadOperationCount;
1630	ULONGLONG WriteOperationCount;
1631	ULONGLONG OtherOperationCount;
1632	ULONGLONG ReadTransferCount;
1633	ULONGLONG WriteTransferCount;
1634	ULONGLONG OtherTransferCount;
1635	} IO_COUNTERS;
1636	typedef IO_COUNTERS *PIO_COUNTERS;
1637	#endif
1638
1639	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1640	{
1641	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
1642	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
1643	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
1644	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
1645	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
1646	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
1647	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
1648	int32_t BasePriority; /*< 0x40 / 0x48 /
1649	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
1650	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
1651	ULONG HandleCount; /*< 0x4c / 0x60 /
1652	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
1653	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
1654	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
1655	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
1656	/* After this follows the threads, then the ProcessName.Buffer. */
1657	} RTNT_SYSTEM_PROCESS_INFORMATION;
1658	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1659	#ifndef IPRT_NT_USE_WINTERNL
1660	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1661	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1662	#endif
1663
1664	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1665	{
1666	USHORT UniqueProcessId;
1667	USHORT CreatorBackTraceIndex;
1668	UCHAR ObjectTypeIndex;
1669	UCHAR HandleAttributes;
1670	USHORT HandleValue;
1671	PVOID Object;
1672	ULONG GrantedAccess;
1673	} SYSTEM_HANDLE_ENTRY_INFO;
1674	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1675
1676	/** Returned by SystemHandleInformation */
1677	typedef struct _SYSTEM_HANDLE_INFORMATION
1678	{
1679	ULONG NumberOfHandles;
1680	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1681	} SYSTEM_HANDLE_INFORMATION;
1682	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1683
1684	/** Extended handle information entry.
1685	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1686	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1687	{
1688	PVOID Object;
1689	HANDLE UniqueProcessId;
1690	HANDLE HandleValue;
1691	ACCESS_MASK GrantedAccess;
1692	USHORT CreatorBackTraceIndex;
1693	USHORT ObjectTypeIndex;
1694	ULONG HandleAttributes;
1695	ULONG Reserved;
1696	} SYSTEM_HANDLE_ENTRY_INFO_EX;
1697	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
1698
1699	/** Returned by SystemExtendedHandleInformation. */
1700	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1701	{
1702	ULONG_PTR NumberOfHandles;
1703	ULONG_PTR Reserved;
1704	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
1705	} SYSTEM_HANDLE_INFORMATION_EX;
1706	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
1707
1708	/** Input to SystemSessionProcessInformation. */
1709	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1710	{
1711	ULONG SessionId;
1712	ULONG BufferLength;
1713	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
1714	PVOID Buffer;
1715	} SYSTEM_SESSION_PROCESS_INFORMATION;
1716	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
1717
1718	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1719
1720	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
1721	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
1722	#ifndef IPRT_NT_USE_WINTERNL
1723	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
1724	#endif
1725	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
1726	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
1727
1728	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
1729
1730
1731	#ifdef IPRT_NT_USE_WINTERNL
1732	/** For NtQueryValueKey. */
1733	typedef enum _KEY_VALUE_INFORMATION_CLASS
1734	{
1735	KeyValueBasicInformation = 0,
1736	KeyValueFullInformation,
1737	KeyValuePartialInformation,
1738	KeyValueFullInformationAlign64,
1739	KeyValuePartialInformationAlign64
1740	} KEY_VALUE_INFORMATION_CLASS;
1741
1742	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
1743	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
1744	{
1745	ULONG TitleIndex;
1746	ULONG Type;
1747	ULONG DataLength;
1748	UCHAR Data[1];
1749	} KEY_VALUE_PARTIAL_INFORMATION;
1750	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
1751	#endif
1752	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1753	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1754
1755
1756	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
1757
1758
1759	typedef struct _CURDIR
1760	{
1761	UNICODE_STRING DosPath;
1762	HANDLE Handle;
1763	} CURDIR;
1764	typedef CURDIR *PCURDIR;
1765
1766	typedef struct _RTL_DRIVE_LETTER_CURDIR
1767	{
1768	USHORT Flags;
1769	USHORT Length;
1770	ULONG TimeStamp;
1771	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
1772	} RTL_DRIVE_LETTER_CURDIR;
1773	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
1774
1775	typedef struct _RTL_USER_PROCESS_PARAMETERS
1776	{
1777	ULONG MaximumLength;
1778	ULONG Length;
1779	ULONG Flags;
1780	ULONG DebugFlags;
1781	HANDLE ConsoleHandle;
1782	ULONG ConsoleFlags;
1783	HANDLE StandardInput;
1784	HANDLE StandardOutput;
1785	HANDLE StandardError;
1786	CURDIR CurrentDirectory;
1787	UNICODE_STRING DllPath;
1788	UNICODE_STRING ImagePathName;
1789	UNICODE_STRING CommandLine;
1790	PWSTR Environment;
1791	ULONG StartingX;
1792	ULONG StartingY;
1793	ULONG CountX;
1794	ULONG CountY;
1795	ULONG CountCharsX;
1796	ULONG CountCharsY;
1797	ULONG FillAttribute;
1798	ULONG WindowFlags;
1799	ULONG ShowWindowFlags;
1800	UNICODE_STRING WindowTitle;
1801	UNICODE_STRING DesktopInfo;
1802	UNICODE_STRING ShellInfo;
1803	UNICODE_STRING RuntimeInfo;
1804	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
1805	SIZE_T EnvironmentSize; /*< Added in Vista /
1806	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
1807	PVOID PackageDependencyData; /*< Added Windows 8? /
1808	ULONG ProcessGroupId; /*< Added Windows 8? /
1809	} RTL_USER_PROCESS_PARAMETERS;
1810	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
1811	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
1812
1813	typedef struct _RTL_USER_PROCESS_INFORMATION
1814	{
1815	ULONG Size;
1816	HANDLE ProcessHandle;
1817	HANDLE ThreadHandle;
1818	CLIENT_ID ClientId;
1819	SECTION_IMAGE_INFORMATION ImageInformation;
1820	} RTL_USER_PROCESS_INFORMATION;
1821	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
1822
1823
1824	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
1825	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
1826	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
1827	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
1828	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
1829	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
1830	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
1831	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
1832	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
1833	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
1834
1835	RT_C_DECLS_END
1836	/** @} */
1837
1838
1839	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
1840	/** @name NT Kernel APIs
1841	* @{ */
1842	RT_C_DECLS_BEGIN
1843
1844	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
1845	PVOID pvOptionalConditions, PHANDLE phFound);
1846	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
1847	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
1848	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
1849	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
1850	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
1851	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
1852	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
1853	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
1854	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
1855
1856	RT_C_DECLS_END
1857	/** @ */
1858	#endif /* IN_RING0 */
1859
1860
1861	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
1862	/** @name NT Userland APIs
1863	* @{ */
1864	RT_C_DECLS_BEGIN
1865
1866	#if 0 /** @todo figure this out some time... */
1867	typedef struct CSR_MSG_DATA_CREATED_PROCESS
1868	{
1869	HANDLE hProcess;
1870	HANDLE hThread;
1871	CLIENT_ID
1872	DWORD idProcess;
1873	DWORD idThread;
1874	DWORD fCreate;
1875
1876	} CSR_MSG_DATA_CREATED_PROCESS;
1877
1878	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
1879	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
1880	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
1881	#endif
1882	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
1883	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
1884	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
1885	IN PCUNICODE_STRING pOrgName,
1886	IN PUNICODE_STRING pDefaultSuffix,
1887	IN OUT PUNICODE_STRING pStaticString,
1888	IN OUT PUNICODE_STRING pDynamicString,
1889	IN OUT PUNICODE_STRING *ppResultString,
1890	IN PULONG pfNewFlags OPTIONAL,
1891	IN PSIZE_T pcbFilename OPTIONAL,
1892	IN PSIZE_T pcbNeeded OPTIONAL);
1893	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
1894
1895	RT_C_DECLS_END
1896	/** @} */
1897	#endif /* IN_RING3 */
1898
1899	#endif
1900

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 52627

Download in other formats: