nt.h@ 52941

Last change on this file since 52941 was 52941, checked in by vboxsync, 10 years ago
Use our own heap in the hope that we can use it before ntdll is really initialized. Fixed RtlExitProcess issue. More early import work.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 88.9 KB

Line
1	/* $Id: nt.h 52941 2014-10-03 19:58:01Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQuerySystemInformation ZwQuerySystemInformation
43	# define NtQuerySecurityObject ZwQuerySecurityObject
44	# define NtClose ZwClose
45	# define NtCreateFile ZwCreateFile
46	# define NtReadFile ZwReadFile
47	# define NtWriteFile ZwWriteFile
48	/** @todo this is very incomplete! */
49	#endif
50
51	#include <ntstatus.h>
52
53	/*
54	* Hacks common to both base header sets.
55	*/
56	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
57	#define NtQueryObject Incomplete_NtQueryObject
58	#define ZwQueryObject Incomplete_ZwQueryObject
59	#define NtSetInformationObject Incomplete_NtSetInformationObject
60	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
61	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
63	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
64	#define _PEB Incomplete__PEB
65	#define PEB Incomplete_PEB
66	#define PPEB Incomplete_PPEB
67	#define _TEB Incomplete__TEB
68	#define TEB Incomplete_TEB
69	#define PTEB Incomplete_PTEB
70	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
71	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
72	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
73
74
75
76	#ifdef IPRT_NT_USE_WINTERNL
77	/*
78	* Use Winternl.h.
79	*/
80	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
81	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
82	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
83
84	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
85	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
86	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
87	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
88	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
89	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
90	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
91	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
92	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
93	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
94	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
95	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
96
97	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
98	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
99	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
100
101	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
102	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
103	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
104	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
105	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
106
107	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
108	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
109	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
110	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
111	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
112	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
113	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
114	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
115	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
116	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
117	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
118	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
119	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
120	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
121
122
123	# define WIN32_NO_STATUS
124	# include <windef.h>
125	# include <winnt.h>
126	# include <winternl.h>
127	# undef WIN32_NO_STATUS
128	# include <ntstatus.h>
129
130
131	# undef _FILE_INFORMATION_CLASS
132	# undef FILE_INFORMATION_CLASS
133	# undef FileDirectoryInformation
134
135	# undef NtQueryInformationProcess
136	# undef NtSetInformationProcess
137	# undef PROCESSINFOCLASS
138	# undef _PROCESSINFOCLASS
139	# undef PROCESS_BASIC_INFORMATION
140	# undef PPROCESS_BASIC_INFORMATION
141	# undef _PROCESS_BASIC_INFORMATION
142	# undef ProcessBasicInformation
143	# undef ProcessDebugPort
144	# undef ProcessWow64Information
145	# undef ProcessImageFileName
146	# undef ProcessBreakOnTermination
147
148	# undef RTL_USER_PROCESS_PARAMETERS
149	# undef PRTL_USER_PROCESS_PARAMETERS
150	# undef _RTL_USER_PROCESS_PARAMETERS
151
152	# undef NtQueryInformationThread
153	# undef NtSetInformationThread
154	# undef THREADINFOCLASS
155	# undef _THREADINFOCLASS
156	# undef ThreadIsIoPending
157
158	# undef NtQuerySystemInformation
159	# undef NtSetSystemInformation
160	# undef SYSTEM_INFORMATION_CLASS
161	# undef _SYSTEM_INFORMATION_CLASS
162	# undef SystemBasicInformation
163	# undef SystemPerformanceInformation
164	# undef SystemTimeOfDayInformation
165	# undef SystemProcessInformation
166	# undef SystemProcessorPerformanceInformation
167	# undef SystemInterruptInformation
168	# undef SystemExceptionInformation
169	# undef SystemRegistryQuotaInformation
170	# undef SystemLookasideInformation
171	# undef SystemPolicyInformation
172
173	#else
174	/*
175	* Use ntifs.h and wdm.h.
176	*/
177	# ifdef RT_ARCH_X86
178	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
179	# pragma warning(disable : 4163)
180	# endif
181
182	# include <ntifs.h>
183	# include <wdm.h>
184
185	# ifdef RT_ARCH_X86
186	# pragma warning(default : 4163)
187	# undef _InterlockedAddLargeStatistic
188	# endif
189
190	# define IPRT_NT_NEED_API_GROUP_NTIFS
191	#endif
192
193	#undef RtlFreeUnicodeString
194	#undef NtQueryObject
195	#undef ZwQueryObject
196	#undef NtSetInformationObject
197	#undef _OBJECT_INFORMATION_CLASS
198	#undef OBJECT_INFORMATION_CLASS
199	#undef ObjectBasicInformation
200	#undef ObjectTypeInformation
201	#undef _PEB
202	#undef PEB
203	#undef PPEB
204	#undef _TEB
205	#undef TEB
206	#undef PTEB
207	#undef _PEB_LDR_DATA
208	#undef PEB_LDR_DATA
209	#undef PPEB_LDR_DATA
210
211
212	#include <iprt/types.h>
213	#include <iprt/assert.h>
214
215
216	/** @name Useful macros
217	* @{ */
218	/** Indicates that we're targetting native NT in the current source. */
219	#define RTNT_USE_NATIVE_NT 1
220	/** Initializes a IO_STATUS_BLOCK. */
221	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
222	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
223	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
224	/** Constant UNICODE_STRING initializer. */
225	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
226	/** @} */
227
228
229	/** @name IPRT helper functions for NT
230	* @{ */
231	RT_C_DECLS_BEGIN
232
233	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
234	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
235	PHANDLE phHandle, PULONG_PTR puDisposition);
236	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
237	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
238	RTDECL(int) RTNtPathClose(HANDLE hHandle);
239
240	RT_C_DECLS_END
241	/** @} */
242
243
244	/** @name NT API delcarations.
245	* @{ */
246	RT_C_DECLS_BEGIN
247
248	/** @name Process access rights missing in ntddk headers
249	* @{ */
250	#ifndef PROCESS_TERMINATE
251	# define PROCESS_TERMINATE UINT32_C(0x00000001)
252	#endif
253	#ifndef PROCESS_CREATE_THREAD
254	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
255	#endif
256	#ifndef PROCESS_SET_SESSIONID
257	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
258	#endif
259	#ifndef PROCESS_VM_OPERATION
260	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
261	#endif
262	#ifndef PROCESS_VM_READ
263	# define PROCESS_VM_READ UINT32_C(0x00000010)
264	#endif
265	#ifndef PROCESS_VM_WRITE
266	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
267	#endif
268	#ifndef PROCESS_DUP_HANDLE
269	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
270	#endif
271	#ifndef PROCESS_CREATE_PROCESS
272	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
273	#endif
274	#ifndef PROCESS_SET_QUOTA
275	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
276	#endif
277	#ifndef PROCESS_SET_INFORMATION
278	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
279	#endif
280	#ifndef PROCESS_QUERY_INFORMATION
281	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
282	#endif
283	#ifndef PROCESS_SUSPEND_RESUME
284	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
285	#endif
286	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
287	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
288	#endif
289	#ifndef PROCESS_SET_LIMITED_INFORMATION
290	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
291	#endif
292	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
293	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
294	#ifndef PROCESS_ALL_ACCESS
295	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
296	#endif
297	/** @} */
298
299	/** @name Thread access rights missing in ntddk headers
300	* @{ */
301	#ifndef THREAD_QUERY_INFORMATION
302	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
303	#endif
304	#ifndef THREAD_SET_THREAD_TOKEN
305	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
306	#endif
307	#ifndef THREAD_IMPERSONATE
308	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
309	#endif
310	#ifndef THREAD_DIRECT_IMPERSONATION
311	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
312	#endif
313	#ifndef THREAD_RESUME
314	# define THREAD_RESUME UINT32_C(0x00001000)
315	#endif
316	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
317	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
318	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
319	/** @} */
320
321	/** @name Special handle values.
322	* @{ */
323	#ifndef NtCurrentProcess
324	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
325	#endif
326	#ifndef NtCurrentThread
327	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
328	#endif
329	#ifndef ZwCurrentProcess
330	# define ZwCurrentProcess() NtCurrentProcess()
331	#endif
332	#ifndef ZwCurrentThread
333	# define ZwCurrentThread() NtCurrentThread()
334	#endif
335	/** @} */
336
337
338	/** @name Directory object access rights.
339	* @{ */
340	#ifndef DIRECTORY_QUERY
341	# define DIRECTORY_QUERY UINT32_C(0x00000001)
342	#endif
343	#ifndef DIRECTORY_TRAVERSE
344	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
345	#endif
346	#ifndef DIRECTORY_CREATE_OBJECT
347	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
348	#endif
349	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
350	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
351	#endif
352	#ifndef DIRECTORY_ALL_ACCESS
353	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
354	#endif
355	/** @} */
356
357
358
359	#ifdef IPRT_NT_USE_WINTERNL
360	typedef struct _CLIENT_ID
361	{
362	HANDLE UniqueProcess;
363	HANDLE UniqueThread;
364	} CLIENT_ID;
365	typedef CLIENT_ID *PCLIENT_ID;
366	#endif
367
368	/** @name Process And Thread Environment Blocks
369	* @{ */
370
371	typedef struct _PEB_LDR_DATA
372	{
373	uint32_t Length;
374	BOOLEAN Initialized;
375	BOOLEAN Padding[3];
376	HANDLE SsHandle;
377	LIST_ENTRY InLoadOrderModuleList;
378	LIST_ENTRY InMemoryOrderModuleList;
379	LIST_ENTRY InInitializationOrderModuleList;
380	/* End NT4 */
381	LIST_ENTRY *EntryInProgress;
382	BOOLEAN ShutdownInProgress;
383	HANDLE ShutdownThreadId;
384	} PEB_LDR_DATA;
385	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
386
387	typedef struct _PEB_COMMON
388	{
389	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
390	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
391	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
392	union
393	{
394	uint8_t BitField; /*< 0x003 / 0x003 /
395	struct
396	{
397	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
398	} Common;
399	struct
400	{
401	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
402	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
403	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
404	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
405	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
406	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
407	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
408	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
409	} W81;
410	struct
411	{
412	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
413	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
414	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
415	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
416	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
417	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
418	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
419	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
420	} W80;
421	struct
422	{
423	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
424	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
425	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
426	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
427	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
428	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
429	} W7;
430	struct
431	{
432	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
433	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
434	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
435	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
436	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
437	} W6;
438	struct
439	{
440	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
441	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
442	} W52;
443	struct
444	{
445	BOOLEAN SpareBool;
446	} W51;
447	} Diff0;
448	#if ARCH_BITS == 64
449	uint32_t Padding0; /*< 0x004 / NA /
450	#endif
451	HANDLE Mutant; /*< 0x008 / 0x004 /
452	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
453	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
454	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
455	PVOID SubSystemData; /*< 0x028 / 0x014 /
456	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
457	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
458	union
459	{
460	struct
461	{
462	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
463	PVOID IFEOKey; /*< 0x048 / 0x024 /
464	union
465	{
466	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
467	struct
468	{
469	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
470	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
471	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
472	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
473	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
474	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
475	} W7, W8, W80, W81;
476	struct
477	{
478	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
479	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
480	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
481	} W6;
482	};
483	#if ARCH_BITS == 64
484	uint32_t Padding1; /*< 0x054 / /
485	#endif
486	} W6, W7, W8, W80, W81;
487	struct
488	{
489	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
490	PVOID SparePtr2; /*< 0x048 / 0x024 /
491	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
492	#if ARCH_BITS == 64
493	uint32_t Padding1; /*< 0x054 / /
494	#endif
495	} W52;
496	struct
497	{
498	PVOID FastPebLockRoutine; /*< NA / 0x020 /
499	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
500	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
501	} W51;
502	} Diff1;
503	union
504	{
505	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
506	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
507	};
508	uint32_t SystemReserved; /*< 0x060 / 0x030 /
509	union
510	{
511	struct
512	{
513	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
514	} W7, W8, W80, W81;
515	struct
516	{
517	uint32_t SpareUlong; /*< 0x064 / 0x034 /
518	} W52, W6;
519	struct
520	{
521	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
522	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
523	} W51;
524	} Diff2;
525	union
526	{
527	struct
528	{
529	PVOID ApiSetMap; /*< 0x068 / 0x038 /
530	} W7, W8, W80, W81;
531	struct
532	{
533	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
534	} W52, W6;
535	struct
536	{
537	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
538	} W51;
539	} Diff3;
540	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
541	#if ARCH_BITS == 64
542	uint32_t Padding2; /*< 0x074 / NA /
543	#endif
544	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
545	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
546	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
547	union
548	{
549	struct
550	{
551	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
552	} W81;
553	struct
554	{
555	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
556	} W6, W7, W80;
557	struct
558	{
559	PVOID ReadOnlySharedMemoryHeap;
560	} W52;
561	} Diff4;
562	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
563	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
564	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
565	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
566	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
567	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
568	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
569	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
570	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
571	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
572	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
573	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
574	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
575	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
576	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
577	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
578	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
579	#if ARCH_BITS == 64
580	uint32_t Padding3; /*< 0x10c / NA /
581	#endif
582	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
583	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
584	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
585	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
586	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
587	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
588	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
589	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
590	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
591	#if ARCH_BITS == 64
592	uint32_t Padding4; /*< 0x134 / NA /
593	#endif
594	union
595	{
596	struct
597	{
598	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
599	} W7, W8, W80, W81;
600	struct
601	{
602	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
603	} W52, W6;
604	} Diff5;
605	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
606	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
607	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
608	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
609	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
610	#if ARCH_BITS == 64
611	uint32_t Padding5; /*< 0x2c4 / NA /
612	#endif
613	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
614	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
615	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
616	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
617	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
618	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
619	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
620	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
621	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
622	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
623	/* End of PEB in W52 (Windows XP (RTM))! */
624	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
625	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
626	PVOID FlsBitmap; /*< 0x338 / 0x218 /
627	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
628	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
629	/* End of PEB in W52 (Windows Server 2003)! */
630	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
631	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
632	/* End of PEB in W6 (windows Vista)! */
633	union
634	{
635	struct
636	{
637	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
638	} W8, W80, W81;
639	struct
640	{
641	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
642	} W7;
643	} Diff6;
644	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
645	union
646	{
647	uint32_t TracingFlags; /*< 0x378 / 0x240 /
648	struct
649	{
650	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
651	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
652	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
653	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
654	} W8, W80, W81;
655	struct
656	{
657	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
658	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
659	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
660	} W7;
661	} Diff7;
662	#if ARCH_BITS == 64
663	uint32_t Padding6; /*< 0x37c / NA /
664	#endif
665	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
666	} PEB_COMMON;
667	typedef PEB_COMMON *PPEB_COMMON;
668
669	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
670	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
671	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
672	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
673	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
674	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
675	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
676	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
677	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
678
679	/** The size of the windows 8.1 PEB structure. */
680	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
681	/** The size of the windows 8.0 PEB structure. */
682	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
683	/** The size of the windows 7 PEB structure. */
684	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
685	/** The size of the windows vista PEB structure. */
686	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
687	/** The size of the windows server 2003 PEB structure. */
688	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
689	/** The size of the windows XP PEB structure. */
690	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
691
692	#if 0
693	typedef struct _NT_TIB
694	{
695	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
696	PVOID StackBase;
697	PVOID StackLimit;
698	PVOID SubSystemTib;
699	union
700	{
701	PVOID FiberData;
702	ULONG Version;
703	};
704	PVOID ArbitraryUserPointer;
705	struct _NT_TIB *Self;
706	} NT_TIB;
707	typedef NT_TIB *PNT_TIB;
708	#endif
709
710	typedef struct _ACTIVATION_CONTEXT_STACK
711	{
712	uint32_t Flags;
713	uint32_t NextCookieSequenceNumber;
714	PVOID ActiveFrame;
715	LIST_ENTRY FrameListCache;
716	} ACTIVATION_CONTEXT_STACK;
717
718	/* Common TEB. */
719	typedef struct _TEB_COMMON
720	{
721	NT_TIB NtTib; /*< 0x000 / 0x000 /
722	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
723	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
724	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
725	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
726	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
727	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
728	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
729	PVOID CsrClientThread; /*< 0x070 / 0x03c /
730	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
731	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
732	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
733	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
734	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
735	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
736	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
737	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
738	#if ARCH_BITS == 64
739	uint32_t Padding0; /*< 0x2c4 / NA /
740	#endif
741	union
742	{
743	struct
744	{
745	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
746	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
747	} W52, W6, W7, W8, W80, W81;
748	#if ARCH_BITS == 32
749	struct
750	{
751	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
752	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
753	} W51;
754	#endif
755	} Diff0;
756	union
757	{
758	struct
759	{
760	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
761	} W6, W7, W8, W80, W81;
762	struct
763	{
764	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
765	} W52;
766	} Diff1;
767	#if ARCH_BITS == 64
768	uint32_t Padding1; /*< 0x2ec / NA /
769	#endif
770	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
771	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
772	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
773	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
774	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
775	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
776	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
777	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
778	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
779	PVOID glReserved2; /*< 0x1220 / 0xbdc /
780	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
781	PVOID glSection; /*< 0x1230 / 0xbe4 /
782	PVOID glTable; /*< 0x1238 / 0xbe8 /
783	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
784	PVOID glContext; /*< 0x1248 / 0xbf0 /
785	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
786	#if ARCH_BITS == 64
787	uint32_t Padding2; /*< 0x1254 / NA /
788	#endif
789	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
790	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
791	#if ARCH_BITS == 64
792	WCHAR Padding3[3]; /*< 0x1472 / NA /
793	#endif
794	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
795	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
796	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
797	PVOID Vdm; /*< 0x1690 / 0xf18 /
798	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
799	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
800	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
801	#if ARCH_BITS == 64
802	uint32_t Padding4; /*< 0x16b4 / NA /
803	#endif
804	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
805	union
806	{
807	struct
808	{
809	GUID ActivityId; /*< 0x1710 / 0xf50 /
810	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
811	} W6, W7, W8, W80, W81;
812	struct
813	{
814	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
815	} W52;
816	} Diff2;
817	union /*< 0x1728 / 0xf64 /
818	{
819	struct
820	{
821	PVOID PerflibData; /*< 0x1728 / 0xf64 /
822	} W8, W80, W81;
823	struct
824	{
825	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
826	} W7, W6;
827	struct
828	{
829	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
830	} W52;
831	struct
832	{
833	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
834	} W51;
835	} Diff3;
836	union
837	{
838	struct
839	{
840	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
841	} W52, W6, W7, W8, W80, W81;
842	struct
843	{
844	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
845	} W51;
846	} Diff4;
847	PVOID WinSockData; /*< 0x1738 / 0xf6c /
848	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
849	union
850	{
851	union
852	{
853	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
854	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
855	struct
856	{
857	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
858	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
859	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
860	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
861	};
862	} W6, W7, W8, W80, W81;
863	struct
864	{
865	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
866	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
867	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
868	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
869	} W51, W52;
870	} Diff5;
871	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
872	#if ARCH_BITS == 64
873	uint32_t Padding5; /*< 0x174c / NA /
874	#endif
875	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
876	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
877	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
878	#if ARCH_BITS == 64
879	uint32_t Padding6; /*< 0x1764 / NA /
880	#endif
881	union /*< 0x1770 / 0xf8c /
882	{
883	struct
884	{
885	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
886	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
887	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
888	} W8, W80, W81;
889	struct
890	{
891	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
892	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
893	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
894	} W6, W7;
895	struct
896	{
897	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
898	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
899	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
900	} W52;
901	#if ARCH_BITS == 32
902	struct _Wx86ThreadState
903	{
904	PVOID CallBx86Eip; /*< NA / 0xf88 /
905	PVOID DeallocationCpu; /*< NA / 0xf8c /
906	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
907	int8_t OleStubInvoked; /*< NA / 0xf91 /
908	} W51;
909	#endif
910	} Diff6;
911	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
912	#if ARCH_BITS == 64
913	PVOID DallocationBStore; /*< 0x1788 / NA /
914	PVOID BStoreLimit; /*< 0x1790 / NA /
915	#endif
916	union
917	{
918	struct
919	{
920	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
921	} W7, W8, W80, W81;
922	struct
923	{
924	uint32_t ImpersonationLocale;
925	} W6;
926	} Diff7;
927	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
928	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
929	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
930	union /*< 0x17b0 / 0xfa8 /
931	{
932	struct
933	{
934	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
935	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
936	} W8, W80, W81;
937	struct
938	{
939	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
940	} W7;
941	} Diff8;
942	#if ARCH_BITS == 64
943	uint32_t Padding7; /*< 0x17b4 / NA /
944	#endif
945	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
946	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
947	/* End of TEB in W51 (Windows XP)! */
948	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
949	union
950	{
951	struct
952	{
953	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
954	} W6, W7, W8, W80, W81;
955	struct
956	{
957	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
958	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
959	/* End of TEB in W52 (Windows server 2003)! */
960	} W52;
961	} Diff9;
962	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
963	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
964	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
965	union
966	{
967	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
968	struct
969	{
970	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
971	};
972	};
973	union
974	{
975	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
976	struct
977	{
978	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
979	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
980	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
981	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
982	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
983	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
984	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
985	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
986	} Common;
987	struct
988	{
989	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
990	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
991	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
992	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
993	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
994	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
995	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
996	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
997	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
998	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
999	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1000	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1001	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1002	} W8, W80, W81;
1003	struct
1004	{
1005	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1006	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1007	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1008	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1009	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1010	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1011	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1012	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1013	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1014	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1015	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1016	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1017	} W7;
1018	struct
1019	{
1020	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1021	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1022	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1023	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1024	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1025	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1026	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1027	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1028	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1029	} W6;
1030	} Diff10;
1031	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1032	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1033	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1034	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1035	union
1036	{
1037	struct
1038	{
1039	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1040	} W7, W8, W80, W81;
1041	struct
1042	{
1043	uint32_t ProcessRundown;
1044	} W6;
1045	} Diff11;
1046	union
1047	{
1048	struct
1049	{
1050	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1051	/* End of TEB in W7 (windows 7)! */
1052	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1053	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1054	} W8, W80, W81;
1055	struct
1056	{
1057	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1058	} W7;
1059	struct
1060	{
1061	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1062	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1063	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1064	/* End of TEB in W6 (windows Vista)! */
1065	} W6;
1066	} Diff12;
1067	} TEB_COMMON;
1068	typedef TEB_COMMON *PTEB_COMMON;
1069	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1070	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1071	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1072	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1073	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1074	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1075	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1076	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1077	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1078	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1079	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1080	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1081	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1082
1083
1084	/** The size of the windows 8.1 PEB structure. */
1085	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1086	/** The size of the windows 8.0 PEB structure. */
1087	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1088	/** The size of the windows 7 PEB structure. */
1089	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1090	/** The size of the windows vista PEB structure. */
1091	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1092	/** The size of the windows server 2003 PEB structure. */
1093	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1094	/** The size of the windows XP PEB structure. */
1095	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1096
1097
1098
1099	#define _PEB _PEB_COMMON
1100	typedef PEB_COMMON PEB;
1101	typedef PPEB_COMMON PPEB;
1102
1103	#define _TEB _TEB_COMMON
1104	typedef TEB_COMMON TEB;
1105	typedef PTEB_COMMON PTEB;
1106
1107	#define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1108	#define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1109	#define NtCurrentPeb() RTNtCurrentPeb()
1110	#define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1111
1112	/** @} */
1113
1114
1115	#ifdef IPRT_NT_USE_WINTERNL
1116	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1117	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1118	typedef enum _SECTION_INHERIT
1119	{
1120	ViewShare = 1,
1121	ViewUnmap
1122	} SECTION_INHERIT;
1123	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1124	ULONG, ULONG);
1125
1126
1127	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1128	{
1129	ULONG FileSystemAttributes;
1130	LONG MaximumComponentNameLength;
1131	ULONG FileSystemNameLength;
1132	WCHAR FileSystemName[1];
1133	} FILE_FS_ATTRIBUTE_INFORMATION;
1134	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1135
1136	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1137	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1138	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1139	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1140
1141	typedef enum _FSINFOCLASS
1142	{
1143	FileFsVolumeInformation = 1,
1144	FileFsLabelInformation,
1145	FileFsSizeInformation,
1146	FileFsDeviceInformation,
1147	FileFsAttributeInformation,
1148	FileFsControlInformation,
1149	FileFsFullSizeInformation,
1150	FileFsObjectIdInformation,
1151	FileFsDriverPathInformation,
1152	FileFsVolumeFlagsInformation,
1153	FileFsSectorSizeInformation,
1154	FileFsDataCopyInformation,
1155	FileFsMaximumInformation
1156	} FS_INFORMATION_CLASS;
1157	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1158	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1159
1160	typedef struct _FILE_BOTH_DIR_INFORMATION
1161	{
1162	ULONG NextEntryOffset;
1163	ULONG FileIndex;
1164	LARGE_INTEGER CreationTime;
1165	LARGE_INTEGER LastAccessTime;
1166	LARGE_INTEGER LastWriteTime;
1167	LARGE_INTEGER ChangeTime;
1168	LARGE_INTEGER EndOfFile;
1169	LARGE_INTEGER AllocationSize;
1170	ULONG FileAttributes;
1171	ULONG FileNameLength;
1172	ULONG EaSize;
1173	CCHAR ShortNameLength;
1174	WCHAR ShortName[12];
1175	WCHAR FileName[1];
1176	} FILE_BOTH_DIR_INFORMATION;
1177	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1178	typedef struct _FILE_BASIC_INFORMATION
1179	{
1180	LARGE_INTEGER CreationTime;
1181	LARGE_INTEGER LastAccessTime;
1182	LARGE_INTEGER LastWriteTime;
1183	LARGE_INTEGER ChangeTime;
1184	ULONG FileAttributes;
1185	} FILE_BASIC_INFORMATION;
1186	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1187	typedef struct _FILE_STANDARD_INFORMATION
1188	{
1189	LARGE_INTEGER AllocationSize;
1190	LARGE_INTEGER EndOfFile;
1191	ULONG NumberOfLinks;
1192	BOOLEAN DeletePending;
1193	BOOLEAN Directory;
1194	} FILE_STANDARD_INFORMATION;
1195	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1196	typedef struct _FILE_NAME_INFORMATION
1197	{
1198	ULONG FileNameLength;
1199	WCHAR FileName[1];
1200	} FILE_NAME_INFORMATION;
1201	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1202	typedef enum _FILE_INFORMATION_CLASS
1203	{
1204	FileDirectoryInformation = 1,
1205	FileFullDirectoryInformation,
1206	FileBothDirectoryInformation,
1207	FileBasicInformation,
1208	FileStandardInformation,
1209	FileInternalInformation,
1210	FileEaInformation,
1211	FileAccessInformation,
1212	FileNameInformation,
1213	FileRenameInformation,
1214	FileLinkInformation,
1215	FileNamesInformation,
1216	FileDispositionInformation,
1217	FilePositionInformation,
1218	FileFullEaInformation,
1219	FileModeInformation,
1220	FileAlignmentInformation,
1221	FileAllInformation,
1222	FileAllocationInformation,
1223	FileEndOfFileInformation,
1224	FileAlternateNameInformation,
1225	FileStreamInformation,
1226	FilePipeInformation,
1227	FilePipeLocalInformation,
1228	FilePipeRemoteInformation,
1229	FileMailslotQueryInformation,
1230	FileMailslotSetInformation,
1231	FileCompressionInformation,
1232	FileObjectIdInformation,
1233	FileCompletionInformation,
1234	FileMoveClusterInformation,
1235	FileQuotaInformation,
1236	FileReparsePointInformation,
1237	FileNetworkOpenInformation,
1238	FileAttributeTagInformation,
1239	FileTrackingInformation,
1240	FileIdBothDirectoryInformation,
1241	FileIdFullDirectoryInformation,
1242	FileValidDataLengthInformation,
1243	FileShortNameInformation,
1244	FileIoCompletionNotificationInformation,
1245	FileIoStatusBlockRangeInformation,
1246	FileIoPriorityHintInformation,
1247	FileSfioReserveInformation,
1248	FileSfioVolumeInformation,
1249	FileHardLinkInformation,
1250	FileProcessIdsUsingFileInformation,
1251	FileNormalizedNameInformation,
1252	FileNetworkPhysicalNameInformation,
1253	FileIdGlobalTxDirectoryInformation,
1254	FileIsRemoteDeviceInformation,
1255	FileUnusedInformation,
1256	FileNumaNodeInformation,
1257	FileStandardLinkInformation,
1258	FileRemoteProtocolInformation,
1259	FileRenameInformationBypassAccessCheck,
1260	FileLinkInformationBypassAccessCheck,
1261	FileVolumeNameInformation,
1262	FileIdInformation,
1263	FileIdExtdDirectoryInformation,
1264	FileReplaceCompletionInformation,
1265	FileHardLinkFullIdInformation,
1266	FileMaximumInformation
1267	} FILE_INFORMATION_CLASS;
1268	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1269	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1270	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1271	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1272
1273	typedef struct _MEMORY_SECTION_NAME
1274	{
1275	UNICODE_STRING SectionFileName;
1276	WCHAR NameBuffer[1];
1277	} MEMORY_SECTION_NAME;
1278
1279	#ifdef IPRT_NT_USE_WINTERNL
1280	typedef struct _PROCESS_BASIC_INFORMATION
1281	{
1282	NTSTATUS ExitStatus;
1283	PPEB PebBaseAddress;
1284	ULONG_PTR AffinityMask;
1285	int32_t BasePriority;
1286	ULONG_PTR UniqueProcessId;
1287	ULONG_PTR InheritedFromUniqueProcessId;
1288	} PROCESS_BASIC_INFORMATION;
1289	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1290	#endif
1291
1292	typedef enum _PROCESSINFOCLASS
1293	{
1294	ProcessBasicInformation = 0,
1295	ProcessQuotaLimits,
1296	ProcessIoCounters,
1297	ProcessVmCounters,
1298	ProcessTimes,
1299	ProcessBasePriority,
1300	ProcessRaisePriority,
1301	ProcessDebugPort,
1302	ProcessExceptionPort,
1303	ProcessAccessToken,
1304	ProcessLdtInformation,
1305	ProcessLdtSize,
1306	ProcessDefaultHardErrorMode,
1307	ProcessIoPortHandlers,
1308	ProcessPooledUsageAndLimits,
1309	ProcessWorkingSetWatch,
1310	ProcessUserModeIOPL,
1311	ProcessEnableAlignmentFaultFixup,
1312	ProcessPriorityClass,
1313	ProcessWx86Information,
1314	ProcessHandleCount,
1315	ProcessAffinityMask,
1316	ProcessPriorityBoost,
1317	ProcessDeviceMap,
1318	ProcessSessionInformation,
1319	ProcessForegroundInformation,
1320	ProcessWow64Information,
1321	ProcessImageFileName,
1322	ProcessLUIDDeviceMapsEnabled,
1323	ProcessBreakOnTermination,
1324	ProcessDebugObjectHandle,
1325	ProcessDebugFlags,
1326	ProcessHandleTracing,
1327	ProcessIoPriority,
1328	ProcessExecuteFlags,
1329	ProcessTlsInformation,
1330	ProcessCookie,
1331	ProcessImageInformation,
1332	ProcessCycleTime,
1333	ProcessPagePriority,
1334	ProcessInstrumentationCallbak,
1335	ProcessThreadStackAllocation,
1336	ProcessWorkingSetWatchEx,
1337	ProcessImageFileNameWin32,
1338	ProcessImageFileMapping,
1339	ProcessAffinityUpdateMode,
1340	ProcessMemoryAllocationMode,
1341	ProcessGroupInformation,
1342	ProcessTokenVirtualizationEnabled,
1343	ProcessConsoleHostProcess,
1344	ProcessWindowsInformation,
1345	MaxProcessInfoClass
1346	} PROCESSINFOCLASS;
1347	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1348
1349	typedef enum _THREADINFOCLASS
1350	{
1351	ThreadBasicInformation = 0,
1352	ThreadTimes,
1353	ThreadPriority,
1354	ThreadBasePriority,
1355	ThreadAffinityMask,
1356	ThreadImpersonationToken,
1357	ThreadDescriptorTableEntry,
1358	ThreadEnableAlignmentFaultFixup,
1359	ThreadEventPair_Reusable,
1360	ThreadQuerySetWin32StartAddress,
1361	ThreadZeroTlsCell,
1362	ThreadPerformanceCount,
1363	ThreadAmILastThread,
1364	ThreadIdealProcessor,
1365	ThreadPriorityBoost,
1366	ThreadSetTlsArrayAddress,
1367	ThreadIsIoPending,
1368	ThreadHideFromDebugger,
1369	ThreadBreakOnTermination,
1370	ThreadSwitchLegacyState,
1371	ThreadIsTerminated,
1372	ThreadLastSystemCall,
1373	ThreadIoPriority,
1374	ThreadCycleTime,
1375	ThreadPagePriority,
1376	ThreadActualBasePriority,
1377	ThreadTebInformation,
1378	ThreadCSwitchMon,
1379	ThreadCSwitchPmu,
1380	ThreadWow64Context,
1381	ThreadGroupInformation,
1382	ThreadUmsInformation,
1383	ThreadCounterProfiling,
1384	ThreadIdealProcessorEx,
1385	ThreadCpuAccountingInformation,
1386	MaxThreadInfoClass
1387	} THREADINFOCLASS;
1388	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1389
1390	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1391
1392	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1393	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1394
1395	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1396	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1397
1398	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1399	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1400	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1401	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1402	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1403	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1404	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1405	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1406	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1407
1408	#endif /* IPRT_NT_USE_WINTERNL */
1409
1410	typedef enum _OBJECT_INFORMATION_CLASS
1411	{
1412	ObjectBasicInformation = 0,
1413	ObjectNameInformation,
1414	ObjectTypeInformation,
1415	ObjectAllInformation,
1416	ObjectDataInformation
1417	} OBJECT_INFORMATION_CLASS;
1418	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1419	#ifdef IN_RING0
1420	# define NtQueryObject ZwQueryObject
1421	#endif
1422	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1423	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1424	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1425
1426	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1427
1428	typedef struct _OBJECT_DIRECTORY_INFORMATION
1429	{
1430	UNICODE_STRING Name;
1431	UNICODE_STRING TypeName;
1432	} OBJECT_DIRECTORY_INFORMATION;
1433	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1434	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1435
1436	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1437	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1438	/** @name ProcessDefaultHardErrorMode bit definitions.
1439	* @{ */
1440	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1441	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1442	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1443	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1444	/** @} */
1445	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1446	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1447
1448	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1449	typedef struct _SECTION_IMAGE_INFORMATION
1450	{
1451	PVOID TransferAddress;
1452	ULONG ZeroBits;
1453	SIZE_T MaximumStackSize;
1454	SIZE_T CommittedStackSize;
1455	ULONG SubSystemType;
1456	union
1457	{
1458	struct
1459	{
1460	USHORT SubSystemMinorVersion;
1461	USHORT SubSystemMajorVersion;
1462	};
1463	ULONG SubSystemVersion;
1464	};
1465	ULONG GpValue;
1466	USHORT ImageCharacteristics;
1467	USHORT DllCharacteristics;
1468	USHORT Machine;
1469	BOOLEAN ImageContainsCode;
1470	union /*< Since Vista, used to be a spare BOOLEAN. /
1471	{
1472	struct
1473	{
1474	UCHAR ComPlusNativeRead : 1;
1475	UCHAR ComPlusILOnly : 1;
1476	UCHAR ImageDynamicallyRelocated : 1;
1477	UCHAR ImageMAppedFlat : 1;
1478	UCHAR Reserved : 4;
1479	};
1480	UCHAR ImageFlags;
1481	};
1482	ULONG LoaderFlags;
1483	ULONG ImageFileSize; /*< Since XP? /
1484	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1485	} SECTION_IMAGE_INFORMATION;
1486	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1487
1488	typedef enum _SECTION_INFORMATION_CLASS
1489	{
1490	SectionBasicInformation = 0,
1491	SectionImageInformation,
1492	MaxSectionInfoClass
1493	} SECTION_INFORMATION_CLASS;
1494	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1495
1496	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1497	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1498	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1499	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1500	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1501	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1502
1503
1504	#ifndef SEC_FILE
1505	# define SEC_FILE UINT32_C(0x00800000)
1506	#endif
1507	#ifndef SEC_IMAGE
1508	# define SEC_IMAGE UINT32_C(0x01000000)
1509	#endif
1510	#ifndef SEC_PROTECTED_IMAGE
1511	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1512	#endif
1513	#ifndef SEC_NOCACHE
1514	# define SEC_NOCACHE UINT32_C(0x10000000)
1515	#endif
1516	#ifndef MEM_ROTATE
1517	# define MEM_ROTATE UINT32_C(0x00800000)
1518	#endif
1519	typedef enum _MEMORY_INFORMATION_CLASS
1520	{
1521	MemoryBasicInformation = 0,
1522	MemoryWorkingSetList,
1523	MemorySectionName,
1524	MemoryBasicVlmInformation
1525	} MEMORY_INFORMATION_CLASS;
1526	#ifdef IN_RING0
1527	typedef struct _MEMORY_BASIC_INFORMATION
1528	{
1529	PVOID BaseAddress;
1530	PVOID AllocationBase;
1531	ULONG AllocationProtect;
1532	SIZE_T RegionSize;
1533	ULONG State;
1534	ULONG Protect;
1535	ULONG Type;
1536	} MEMORY_BASIC_INFORMATION;
1537	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1538	# define NtQueryVirtualMemory ZwQueryVirtualMemory
1539	#endif
1540	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1541	#ifdef IPRT_NT_USE_WINTERNL
1542	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1543	#endif
1544	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1545	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1546
1547	typedef enum _SYSTEM_INFORMATION_CLASS
1548	{
1549	SystemBasicInformation = 0,
1550	SystemCpuInformation,
1551	SystemPerformanceInformation,
1552	SystemTimeOfDayInformation,
1553	SystemInformation_Unknown_4,
1554	SystemProcessInformation,
1555	SystemInformation_Unknown_6,
1556	SystemInformation_Unknown_7,
1557	SystemProcessorPerformanceInformation,
1558	SystemInformation_Unknown_9,
1559	SystemInformation_Unknown_10,
1560	SystemModuleInformation,
1561	SystemInformation_Unknown_12,
1562	SystemInformation_Unknown_13,
1563	SystemInformation_Unknown_14,
1564	SystemInformation_Unknown_15,
1565	SystemHandleInformation,
1566	SystemInformation_Unknown_17,
1567	SystemPageFileInformation,
1568	SystemInformation_Unknown_19,
1569	SystemInformation_Unknown_20,
1570	SystemCacheInformation,
1571	SystemInformation_Unknown_22,
1572	SystemInterruptInformation,
1573	SystemDpcBehaviourInformation,
1574	SystemFullMemoryInformation,
1575	SystemLoadGdiDriverInformation, /* 26 */
1576	SystemUnloadGdiDriverInformation, /* 27 */
1577	SystemTimeAdjustmentInformation,
1578	SystemSummaryMemoryInformation,
1579	SystemInformation_Unknown_30,
1580	SystemInformation_Unknown_31,
1581	SystemInformation_Unknown_32,
1582	SystemExceptionInformation,
1583	SystemCrashDumpStateInformation,
1584	SystemKernelDebuggerInformation,
1585	SystemContextSwitchInformation,
1586	SystemRegistryQuotaInformation,
1587	SystemInformation_Unknown_38,
1588	SystemInformation_Unknown_39,
1589	SystemInformation_Unknown_40,
1590	SystemInformation_Unknown_41,
1591	SystemInformation_Unknown_42,
1592	SystemInformation_Unknown_43,
1593	SystemCurrentTimeZoneInformation,
1594	SystemLookasideInformation,
1595	SystemSetTimeSlipEvent,
1596	SystemCreateSession,
1597	SystemDeleteSession,
1598	SystemInformation_Unknown_49,
1599	SystemRangeStartInformation,
1600	SystemVerifierInformation,
1601	SystemInformation_Unknown_52,
1602	SystemSessionProcessInformation,
1603	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1604	SystemInformation_Unknown_55,
1605	SystemInformation_Unknown_56,
1606	SystemExtendedProcessInformation,
1607	SystemInformation_Unknown_58,
1608	SystemInformation_Unknown_59,
1609	SystemInformation_Unknown_60,
1610	SystemInformation_Unknown_61,
1611	SystemInformation_Unknown_62,
1612	SystemInformation_Unknown_63,
1613	SystemExtendedHandleInformation, /* 64 */
1614	SystemInformation_Unknown_65,
1615	SystemInformation_Unknown_66,
1616	SystemInformation_Unknown_67,
1617	SystemInformation_Unknown_68,
1618	SystemInformation_HotPatchInfo, /* 69 */
1619	SystemInformation_Unknown_70,
1620	SystemInformation_Unknown_71,
1621	SystemInformation_Unknown_72,
1622	SystemInformation_Unknown_73,
1623	SystemInformation_Unknown_74,
1624	SystemInformation_Unknown_75,
1625	SystemInformation_Unknown_76,
1626	SystemInformation_Unknown_77,
1627	SystemInformation_Unknown_78,
1628	SystemInformation_Unknown_79,
1629	SystemInformation_Unknown_80,
1630	SystemInformation_Unknown_81,
1631	SystemInformation_Unknown_82,
1632	SystemInformation_Unknown_83,
1633	SystemInformation_Unknown_84,
1634	SystemInformation_Unknown_85,
1635	SystemInformation_Unknown_86,
1636	SystemInformation_Unknown_87,
1637	SystemInformation_Unknown_88,
1638	SystemInformation_Unknown_89,
1639	SystemInformation_Unknown_90,
1640	SystemInformation_Unknown_91,
1641	SystemInformation_Unknown_92,
1642	SystemInformation_Unknown_93,
1643	SystemInformation_Unknown_94,
1644	SystemInformation_Unknown_95,
1645	SystemInformation_KiOpPrefetchPatchCount,
1646
1647	/** @todo fill gap. they've added a whole bunch of things */
1648	SystemPolicyInformation = 134,
1649	SystemInformationClassMax
1650	} SYSTEM_INFORMATION_CLASS;
1651
1652	#ifdef IPRT_NT_USE_WINTERNL
1653	typedef struct _VM_COUNTERS
1654	{
1655	SIZE_T PeakVirtualSize;
1656	SIZE_T VirtualSize;
1657	ULONG PageFaultCount;
1658	SIZE_T PeakWorkingSetSize;
1659	SIZE_T WorkingSetSize;
1660	SIZE_T QuotaPeakPagedPoolUsage;
1661	SIZE_T QuotaPagedPoolUsage;
1662	SIZE_T QuotaPeakNonPagedPoolUsage;
1663	SIZE_T QuotaNonPagedPoolUsage;
1664	SIZE_T PagefileUsage;
1665	SIZE_T PeakPagefileUsage;
1666	} VM_COUNTERS;
1667	typedef VM_COUNTERS *PVM_COUNTERS;
1668	#endif
1669
1670	#if 0
1671	typedef struct _IO_COUNTERS
1672	{
1673	ULONGLONG ReadOperationCount;
1674	ULONGLONG WriteOperationCount;
1675	ULONGLONG OtherOperationCount;
1676	ULONGLONG ReadTransferCount;
1677	ULONGLONG WriteTransferCount;
1678	ULONGLONG OtherTransferCount;
1679	} IO_COUNTERS;
1680	typedef IO_COUNTERS *PIO_COUNTERS;
1681	#endif
1682
1683	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1684	{
1685	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
1686	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
1687	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
1688	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
1689	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
1690	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
1691	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
1692	int32_t BasePriority; /*< 0x40 / 0x48 /
1693	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
1694	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
1695	ULONG HandleCount; /*< 0x4c / 0x60 /
1696	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
1697	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
1698	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
1699	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
1700	/* After this follows the threads, then the ProcessName.Buffer. */
1701	} RTNT_SYSTEM_PROCESS_INFORMATION;
1702	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1703	#ifndef IPRT_NT_USE_WINTERNL
1704	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1705	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1706	#endif
1707
1708	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1709	{
1710	USHORT UniqueProcessId;
1711	USHORT CreatorBackTraceIndex;
1712	UCHAR ObjectTypeIndex;
1713	UCHAR HandleAttributes;
1714	USHORT HandleValue;
1715	PVOID Object;
1716	ULONG GrantedAccess;
1717	} SYSTEM_HANDLE_ENTRY_INFO;
1718	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1719
1720	/** Returned by SystemHandleInformation */
1721	typedef struct _SYSTEM_HANDLE_INFORMATION
1722	{
1723	ULONG NumberOfHandles;
1724	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1725	} SYSTEM_HANDLE_INFORMATION;
1726	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1727
1728	/** Extended handle information entry.
1729	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1730	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1731	{
1732	PVOID Object;
1733	HANDLE UniqueProcessId;
1734	HANDLE HandleValue;
1735	ACCESS_MASK GrantedAccess;
1736	USHORT CreatorBackTraceIndex;
1737	USHORT ObjectTypeIndex;
1738	ULONG HandleAttributes;
1739	ULONG Reserved;
1740	} SYSTEM_HANDLE_ENTRY_INFO_EX;
1741	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
1742
1743	/** Returned by SystemExtendedHandleInformation. */
1744	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1745	{
1746	ULONG_PTR NumberOfHandles;
1747	ULONG_PTR Reserved;
1748	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
1749	} SYSTEM_HANDLE_INFORMATION_EX;
1750	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
1751
1752	/** Input to SystemSessionProcessInformation. */
1753	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1754	{
1755	ULONG SessionId;
1756	ULONG BufferLength;
1757	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
1758	PVOID Buffer;
1759	} SYSTEM_SESSION_PROCESS_INFORMATION;
1760	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
1761
1762	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1763
1764	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
1765	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
1766	#ifndef IPRT_NT_USE_WINTERNL
1767	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
1768	#endif
1769	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
1770	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
1771
1772	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
1773
1774
1775	#ifdef IPRT_NT_USE_WINTERNL
1776	/** For NtQueryValueKey. */
1777	typedef enum _KEY_VALUE_INFORMATION_CLASS
1778	{
1779	KeyValueBasicInformation = 0,
1780	KeyValueFullInformation,
1781	KeyValuePartialInformation,
1782	KeyValueFullInformationAlign64,
1783	KeyValuePartialInformationAlign64
1784	} KEY_VALUE_INFORMATION_CLASS;
1785
1786	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
1787	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
1788	{
1789	ULONG TitleIndex;
1790	ULONG Type;
1791	ULONG DataLength;
1792	UCHAR Data[1];
1793	} KEY_VALUE_PARTIAL_INFORMATION;
1794	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
1795	#endif
1796	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1797	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1798
1799
1800	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
1801
1802
1803	typedef struct _CURDIR
1804	{
1805	UNICODE_STRING DosPath;
1806	HANDLE Handle;
1807	} CURDIR;
1808	typedef CURDIR *PCURDIR;
1809
1810	typedef struct _RTL_DRIVE_LETTER_CURDIR
1811	{
1812	USHORT Flags;
1813	USHORT Length;
1814	ULONG TimeStamp;
1815	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
1816	} RTL_DRIVE_LETTER_CURDIR;
1817	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
1818
1819	typedef struct _RTL_USER_PROCESS_PARAMETERS
1820	{
1821	ULONG MaximumLength;
1822	ULONG Length;
1823	ULONG Flags;
1824	ULONG DebugFlags;
1825	HANDLE ConsoleHandle;
1826	ULONG ConsoleFlags;
1827	HANDLE StandardInput;
1828	HANDLE StandardOutput;
1829	HANDLE StandardError;
1830	CURDIR CurrentDirectory;
1831	UNICODE_STRING DllPath;
1832	UNICODE_STRING ImagePathName;
1833	UNICODE_STRING CommandLine;
1834	PWSTR Environment;
1835	ULONG StartingX;
1836	ULONG StartingY;
1837	ULONG CountX;
1838	ULONG CountY;
1839	ULONG CountCharsX;
1840	ULONG CountCharsY;
1841	ULONG FillAttribute;
1842	ULONG WindowFlags;
1843	ULONG ShowWindowFlags;
1844	UNICODE_STRING WindowTitle;
1845	UNICODE_STRING DesktopInfo;
1846	UNICODE_STRING ShellInfo;
1847	UNICODE_STRING RuntimeInfo;
1848	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
1849	SIZE_T EnvironmentSize; /*< Added in Vista /
1850	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
1851	PVOID PackageDependencyData; /*< Added Windows 8? /
1852	ULONG ProcessGroupId; /*< Added Windows 8? /
1853	} RTL_USER_PROCESS_PARAMETERS;
1854	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
1855	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
1856
1857	typedef struct _RTL_USER_PROCESS_INFORMATION
1858	{
1859	ULONG Size;
1860	HANDLE ProcessHandle;
1861	HANDLE ThreadHandle;
1862	CLIENT_ID ClientId;
1863	SECTION_IMAGE_INFORMATION ImageInformation;
1864	} RTL_USER_PROCESS_INFORMATION;
1865	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
1866
1867
1868	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
1869	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
1870	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
1871	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
1872	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
1873	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
1874	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
1875	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
1876	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
1877	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
1878
1879	RT_C_DECLS_END
1880	/** @} */
1881
1882
1883	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
1884	/** @name NT Kernel APIs
1885	* @{ */
1886	RT_C_DECLS_BEGIN
1887
1888	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
1889	PVOID pvOptionalConditions, PHANDLE phFound);
1890	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
1891	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
1892	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
1893	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
1894	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
1895	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
1896	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
1897	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
1898	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
1899
1900	RT_C_DECLS_END
1901	/** @ */
1902	#endif /* IN_RING0 */
1903
1904
1905	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
1906	/** @name NT Userland APIs
1907	* @{ */
1908	RT_C_DECLS_BEGIN
1909
1910	#if 0 /** @todo figure this out some time... */
1911	typedef struct CSR_MSG_DATA_CREATED_PROCESS
1912	{
1913	HANDLE hProcess;
1914	HANDLE hThread;
1915	CLIENT_ID
1916	DWORD idProcess;
1917	DWORD idThread;
1918	DWORD fCreate;
1919
1920	} CSR_MSG_DATA_CREATED_PROCESS;
1921
1922	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
1923	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
1924	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
1925	#endif
1926	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
1927	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
1928	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
1929	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
1930	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
1931	IN PCUNICODE_STRING pOrgName,
1932	IN PUNICODE_STRING pDefaultSuffix,
1933	IN OUT PUNICODE_STRING pStaticString,
1934	IN OUT PUNICODE_STRING pDynamicString,
1935	IN OUT PUNICODE_STRING *ppResultString,
1936	IN PULONG pfNewFlags OPTIONAL,
1937	IN PSIZE_T pcbFilename OPTIONAL,
1938	IN PSIZE_T pcbNeeded OPTIONAL);
1939
1940	# ifdef IPRT_NT_USE_WINTERNL
1941	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
1942	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
1943	typedef struct _RTL_HEAP_PARAMETERS
1944	{
1945	ULONG Length;
1946	SIZE_T SegmentReserve;
1947	SIZE_T SegmentCommit;
1948	SIZE_T DeCommitFreeBlockThreshold;
1949	SIZE_T DeCommitTotalFreeThreshold;
1950	SIZE_T MaximumAllocationSize;
1951	SIZE_T VirtualMemoryThreshold;
1952	SIZE_T InitialCommit;
1953	SIZE_T InitialReserve;
1954	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
1955	SIZE_T Reserved[2];
1956	} RTL_HEAP_PARAMETERS;
1957	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
1958	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
1959	PRTL_HEAP_PARAMETERS pParameters);
1960	/** @name Heap flags (for RtlCreateHeap).
1961	* @{ */
1962	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
1963	# define HEAP_GROWABLE UINT32_C(0x00000002)
1964	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
1965	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
1966	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
1967	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
1968	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
1969	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
1970	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
1971	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
1972	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
1973	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
1974	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
1975	# define HEAP_CLASS_0 UINT32_C(0x00000000)
1976	# define HEAP_CLASS_1 UINT32_C(0x00001000)
1977	# define HEAP_CLASS_2 UINT32_C(0x00002000)
1978	# define HEAP_CLASS_3 UINT32_C(0x00003000)
1979	# define HEAP_CLASS_4 UINT32_C(0x00004000)
1980	# define HEAP_CLASS_5 UINT32_C(0x00005000)
1981	# define HEAP_CLASS_6 UINT32_C(0x00006000)
1982	# define HEAP_CLASS_7 UINT32_C(0x00007000)
1983	# define HEAP_CLASS_8 UINT32_C(0x00008000)
1984	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
1985	# endif
1986	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
1987	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
1988	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
1989	# define HEAP_CLASS_GDI HEAP_CLASS_3
1990	# define HEAP_CLASS_USER HEAP_CLASS_4
1991	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
1992	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
1993	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
1994	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
1995	# ifdef IPRT_NT_USE_WINTERNL
1996	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
1997	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
1998	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
1999	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2000	# endif /* IPRT_NT_USE_WINTERNL */
2001	/** @} */
2002	# ifdef IPRT_NT_USE_WINTERNL
2003	/** @name Heap tagging constants
2004	* @{ */
2005	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2006	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2007	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2008	# define HEAP_TAG_SHIFT 18 */
2009	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2010	/** @} */
2011	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2012	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2013	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2014	# endif /* IPRT_NT_USE_WINTERNL */
2015	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2016	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2017	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2018	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2019	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2020	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2021	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2022	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2023
2024	RT_C_DECLS_END
2025	/** @} */
2026	#endif /* IN_RING3 */
2027
2028	#endif
2029

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 52941

Download in other formats: