VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 52949

Last change on this file since 52949 was 52949, checked in by vboxsync, 10 years ago

SUP: Do the early init thing on the stub process too.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 97.1 KB
Line 
1/* $Id: nt.h 52949 2014-10-05 21:43:10Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2014 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQuerySystemInformation ZwQuerySystemInformation
43# define NtQuerySecurityObject ZwQuerySecurityObject
44# define NtClose ZwClose
45# define NtCreateFile ZwCreateFile
46# define NtReadFile ZwReadFile
47# define NtWriteFile ZwWriteFile
48/** @todo this is very incomplete! */
49#endif
50
51#include <ntstatus.h>
52
53/*
54 * Hacks common to both base header sets.
55 */
56#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
57#define NtQueryObject Incomplete_NtQueryObject
58#define ZwQueryObject Incomplete_ZwQueryObject
59#define NtSetInformationObject Incomplete_NtSetInformationObject
60#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
61#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62#define ObjectBasicInformation Incomplete_ObjectBasicInformation
63#define ObjectTypeInformation Incomplete_ObjectTypeInformation
64#define _PEB Incomplete__PEB
65#define PEB Incomplete_PEB
66#define PPEB Incomplete_PPEB
67#define _TEB Incomplete__TEB
68#define TEB Incomplete_TEB
69#define PTEB Incomplete_PTEB
70#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
71#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
72#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
73
74
75
76#ifdef IPRT_NT_USE_WINTERNL
77/*
78 * Use Winternl.h.
79 */
80# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
81# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
82# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
83
84# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
85# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
86# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
87# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
88# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
89# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
90# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
91# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
92# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
93# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
94# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
95# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
96
97# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
98# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
99# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
100
101# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
102# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
103# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
104# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
105# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
106
107# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
108# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
109# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
110# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
111# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
112# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
113# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
114# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
115# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
116# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
117# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
118# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
119# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
120# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
121
122
123# define WIN32_NO_STATUS
124# include <windef.h>
125# include <winnt.h>
126# include <winternl.h>
127# undef WIN32_NO_STATUS
128# include <ntstatus.h>
129
130
131# undef _FILE_INFORMATION_CLASS
132# undef FILE_INFORMATION_CLASS
133# undef FileDirectoryInformation
134
135# undef NtQueryInformationProcess
136# undef NtSetInformationProcess
137# undef PROCESSINFOCLASS
138# undef _PROCESSINFOCLASS
139# undef PROCESS_BASIC_INFORMATION
140# undef PPROCESS_BASIC_INFORMATION
141# undef _PROCESS_BASIC_INFORMATION
142# undef ProcessBasicInformation
143# undef ProcessDebugPort
144# undef ProcessWow64Information
145# undef ProcessImageFileName
146# undef ProcessBreakOnTermination
147
148# undef RTL_USER_PROCESS_PARAMETERS
149# undef PRTL_USER_PROCESS_PARAMETERS
150# undef _RTL_USER_PROCESS_PARAMETERS
151
152# undef NtQueryInformationThread
153# undef NtSetInformationThread
154# undef THREADINFOCLASS
155# undef _THREADINFOCLASS
156# undef ThreadIsIoPending
157
158# undef NtQuerySystemInformation
159# undef NtSetSystemInformation
160# undef SYSTEM_INFORMATION_CLASS
161# undef _SYSTEM_INFORMATION_CLASS
162# undef SystemBasicInformation
163# undef SystemPerformanceInformation
164# undef SystemTimeOfDayInformation
165# undef SystemProcessInformation
166# undef SystemProcessorPerformanceInformation
167# undef SystemInterruptInformation
168# undef SystemExceptionInformation
169# undef SystemRegistryQuotaInformation
170# undef SystemLookasideInformation
171# undef SystemPolicyInformation
172
173#else
174/*
175 * Use ntifs.h and wdm.h.
176 */
177# ifdef RT_ARCH_X86
178# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
179# pragma warning(disable : 4163)
180# endif
181
182# include <ntifs.h>
183# include <wdm.h>
184
185# ifdef RT_ARCH_X86
186# pragma warning(default : 4163)
187# undef _InterlockedAddLargeStatistic
188# endif
189
190# define IPRT_NT_NEED_API_GROUP_NTIFS
191#endif
192
193#undef RtlFreeUnicodeString
194#undef NtQueryObject
195#undef ZwQueryObject
196#undef NtSetInformationObject
197#undef _OBJECT_INFORMATION_CLASS
198#undef OBJECT_INFORMATION_CLASS
199#undef ObjectBasicInformation
200#undef ObjectTypeInformation
201#undef _PEB
202#undef PEB
203#undef PPEB
204#undef _TEB
205#undef TEB
206#undef PTEB
207#undef _PEB_LDR_DATA
208#undef PEB_LDR_DATA
209#undef PPEB_LDR_DATA
210
211
212#include <iprt/types.h>
213#include <iprt/assert.h>
214
215
216/** @name Useful macros
217 * @{ */
218/** Indicates that we're targetting native NT in the current source. */
219#define RTNT_USE_NATIVE_NT 1
220/** Initializes a IO_STATUS_BLOCK. */
221#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
222/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
223#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
224/** Constant UNICODE_STRING initializer. */
225#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
226/** @} */
227
228
229/** @name IPRT helper functions for NT
230 * @{ */
231RT_C_DECLS_BEGIN
232
233RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
234 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
235 PHANDLE phHandle, PULONG_PTR puDisposition);
236RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
237 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
238RTDECL(int) RTNtPathClose(HANDLE hHandle);
239
240/**
241 * Converts a UTF-16 windows-style path to NT format.
242 *
243 * @returns IPRT status code.
244 * @param pNtName Where to return the NT name. Free using
245 * RTNtPathFree.
246 * @param phRootDir Where to return the root handle, if applicable.
247 * @param pwszPath The UTF-16 windows-style path.
248 * @param cwcPath The max length of the windows-style path in
249 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
250 * pwszPath is correctly terminated.
251 */
252RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
253
254/**
255 * Frees the native path and root handle.
256 *
257 * @param pNtName The NT path after a successful
258 * RTNtPathFromWinUtf16Ex call.
259 * @param phRootDir The root handle variable after a successfull
260 * RTNtPathFromWinUtf16Ex call.
261 */
262RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
263
264
265RT_C_DECLS_END
266/** @} */
267
268
269/** @name NT API delcarations.
270 * @{ */
271RT_C_DECLS_BEGIN
272
273/** @name Process access rights missing in ntddk headers
274 * @{ */
275#ifndef PROCESS_TERMINATE
276# define PROCESS_TERMINATE UINT32_C(0x00000001)
277#endif
278#ifndef PROCESS_CREATE_THREAD
279# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
280#endif
281#ifndef PROCESS_SET_SESSIONID
282# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
283#endif
284#ifndef PROCESS_VM_OPERATION
285# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
286#endif
287#ifndef PROCESS_VM_READ
288# define PROCESS_VM_READ UINT32_C(0x00000010)
289#endif
290#ifndef PROCESS_VM_WRITE
291# define PROCESS_VM_WRITE UINT32_C(0x00000020)
292#endif
293#ifndef PROCESS_DUP_HANDLE
294# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
295#endif
296#ifndef PROCESS_CREATE_PROCESS
297# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
298#endif
299#ifndef PROCESS_SET_QUOTA
300# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
301#endif
302#ifndef PROCESS_SET_INFORMATION
303# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
304#endif
305#ifndef PROCESS_QUERY_INFORMATION
306# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
307#endif
308#ifndef PROCESS_SUSPEND_RESUME
309# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
310#endif
311#ifndef PROCESS_QUERY_LIMITED_INFORMATION
312# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
313#endif
314#ifndef PROCESS_SET_LIMITED_INFORMATION
315# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
316#endif
317#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
318#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
319#ifndef PROCESS_ALL_ACCESS
320# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
321#endif
322/** @} */
323
324/** @name Thread access rights missing in ntddk headers
325 * @{ */
326#ifndef THREAD_QUERY_INFORMATION
327# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
328#endif
329#ifndef THREAD_SET_THREAD_TOKEN
330# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
331#endif
332#ifndef THREAD_IMPERSONATE
333# define THREAD_IMPERSONATE UINT32_C(0x00000100)
334#endif
335#ifndef THREAD_DIRECT_IMPERSONATION
336# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
337#endif
338#ifndef THREAD_RESUME
339# define THREAD_RESUME UINT32_C(0x00001000)
340#endif
341#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
342#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
343#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
344/** @} */
345
346/** @name Special handle values.
347 * @{ */
348#ifndef NtCurrentProcess
349# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
350#endif
351#ifndef NtCurrentThread
352# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
353#endif
354#ifndef ZwCurrentProcess
355# define ZwCurrentProcess() NtCurrentProcess()
356#endif
357#ifndef ZwCurrentThread
358# define ZwCurrentThread() NtCurrentThread()
359#endif
360/** @} */
361
362
363/** @name Directory object access rights.
364 * @{ */
365#ifndef DIRECTORY_QUERY
366# define DIRECTORY_QUERY UINT32_C(0x00000001)
367#endif
368#ifndef DIRECTORY_TRAVERSE
369# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
370#endif
371#ifndef DIRECTORY_CREATE_OBJECT
372# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
373#endif
374#ifndef DIRECTORY_CREATE_SUBDIRECTORY
375# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
376#endif
377#ifndef DIRECTORY_ALL_ACCESS
378# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
379#endif
380/** @} */
381
382
383
384#ifdef IPRT_NT_USE_WINTERNL
385typedef struct _CLIENT_ID
386{
387 HANDLE UniqueProcess;
388 HANDLE UniqueThread;
389} CLIENT_ID;
390typedef CLIENT_ID *PCLIENT_ID;
391#endif
392
393/** @name User Shared Data
394 * @{ */
395
396#ifdef IPRT_NT_USE_WINTERNL
397typedef struct _KSYSTEM_TIME
398{
399 ULONG LowPart;
400 LONG High1Time;
401 LONG High2Time;
402} KSYSTEM_TIME;
403typedef KSYSTEM_TIME *PKSYSTEM_TIME;
404
405typedef enum _NT_PRODUCT_TYPE
406{
407 NtProductWinNt = 1,
408 NtProductLanManNt,
409 NtProductServer
410} NT_PRODUCT_TYPE;
411
412#define PROCESSOR_FEATURE_MAX 64
413
414typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
415{
416 StandardDesign = 0,
417 NEC98x86,
418 EndAlternatives
419} ALTERNATIVE_ARCHITECTURE_TYPE;
420
421# if 0
422typedef struct _XSTATE_FEATURE
423{
424 ULONG Offset;
425 ULONG Size;
426} XSTATE_FEATURE;
427typedef XSTATE_FEATURE *PXSTATE_FEATURE;
428
429#define MAXIMUM_XSTATE_FEATURES 64
430
431typedef struct _XSTATE_CONFIGURATION
432{
433 ULONG64 EnabledFeatures;
434 ULONG Size;
435 ULONG OptimizedSave : 1;
436 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
437} XSTATE_CONFIGURATION;
438typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
439# endif
440
441typedef struct _KUSER_SHARED_DATA
442{
443 ULONG TickCountLowDeprecated;
444 ULONG TickCountMultiplier;
445 KSYSTEM_TIME volatile InterruptTime;
446 KSYSTEM_TIME volatile SystemTime;
447 KSYSTEM_TIME volatile TimeZoneBias;
448 USHORT ImageNumberLow;
449 USHORT ImageNumberHigh;
450 WCHAR NtSystemRoot[260];
451 ULONG MaxStackTraceDepth;
452 ULONG CryptoExponent;
453 ULONG TimeZoneId;
454 ULONG LargePageMinimum;
455 ULONG AitSamplingValue;
456 ULONG AppCompatFlag;
457 ULONGLONG RNGSeedVersion;
458 ULONG GlobalValidationRunlevel;
459 LONG volatile TimeZoneBiasStamp;
460 ULONG Reserved2;
461 NT_PRODUCT_TYPE NtProductType;
462 BOOLEAN ProductTypeIsValid;
463 BOOLEAN Reserved0[1];
464 USHORT NativeProcessorArchitecture;
465 ULONG NtMajorVersion;
466 ULONG NtMinorVersion;
467 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX];
468 ULONG Reserved1;
469 ULONG Reserved3;
470 ULONG volatile TimeSlip;
471 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
472 ULONG AltArchitecturePad[1];
473 LARGE_INTEGER SystemExpirationDate;
474 ULONG SuiteMask;
475 BOOLEAN KdDebuggerEnabled;
476 union
477 {
478 UCHAR MitigationPolicies;
479 struct
480 {
481 UCHAR NXSupportPolicy : 2;
482 UCHAR SEHValidationPolicy : 2;
483 UCHAR CurDirDevicesSkippedForDlls : 2;
484 UCHAR Reserved : 2;
485 };
486 };
487 UCHAR Reserved6[2];
488 ULONG volatile ActiveConsoleId;
489 ULONG volatile DismountCount;
490 ULONG ComPlusPackage;
491 ULONG LastSystemRITEventTickCount;
492 ULONG NumberOfPhysicalPages;
493 BOOLEAN SafeBootMode;
494 UCHAR Reserved12[3];
495 union
496 {
497 ULONG SharedDataFlags;
498 struct
499 {
500 ULONG DbgErrorPortPresent : 1;
501 ULONG DbgElevationEnabled : 1;
502 ULONG DbgVirtEnabled : 1;
503 ULONG DbgInstallerDetectEnabled : 1;
504 ULONG DbgLkgEnabled : 1;
505 ULONG DbgDynProcessorEnabled : 1;
506 ULONG DbgConsoleBrokerEnabled : 1;
507 ULONG DbgSecureBootEnabled : 1;
508 ULONG SpareBits : 24;
509 };
510 };
511 ULONG DataFlagsPad[1];
512 ULONGLONG TestRetInstruction;
513 LONGLONG QpcFrequency;
514 ULONGLONG SystemCallPad[3];
515 union
516 {
517 ULONG64 volatile TickCountQuad;
518 KSYSTEM_TIME volatile TickCount;
519 struct
520 {
521 ULONG ReservedTickCountOverlay[3];
522 ULONG TickCountPad[1];
523 };
524 };
525 ULONG Cookie;
526 ULONG CookiePad[1];
527 LONGLONG ConsoleSessionForegroundProcessId;
528 ULONGLONG TimeUpdateLock;
529 ULONGLONG BaselineSystemTimeQpc;
530 ULONGLONG BaselineInterruptTimeQpc;
531 ULONGLONG QpcSystemTimeIncrement;
532 ULONGLONG QpcInterruptTimeIncrement;
533 ULONG QpcSystemTimeIncrement32;
534 ULONG QpcInterruptTimeIncrement32;
535 UCHAR QpcSystemTimeIncrementShift;
536 UCHAR QpcInterruptTimeIncrementShift;
537 UCHAR Reserved8[14];
538 USHORT UserModeGlobalLogger[16];
539 ULONG ImageFileExecutionOptions;
540 ULONG LangGenerationCount;
541 ULONGLONG Reserved4;
542 ULONGLONG volatile InterruptTimeBias;
543 ULONGLONG volatile QpcBias;
544 ULONG volatile ActiveProcessorCount;
545 UCHAR volatile ActiveGroupCount;
546 UCHAR Reserved9;
547 union
548 {
549 USHORT QpcData;
550 struct
551 {
552 BOOLEAN volatile QpcBypassEnabled;
553 UCHAR QpcShift;
554 };
555 };
556 LARGE_INTEGER TimeZoneBiasEffectiveStart;
557 LARGE_INTEGER TimeZoneBiasEffectiveEnd;
558 XSTATE_CONFIGURATION XState;
559} KUSER_SHARED_DATA;
560typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
561#endif /* IPRT_NT_USE_WINTERNL */
562/** @} */
563
564
565/** @name Process And Thread Environment Blocks
566 * @{ */
567
568typedef struct _PEB_LDR_DATA
569{
570 uint32_t Length;
571 BOOLEAN Initialized;
572 BOOLEAN Padding[3];
573 HANDLE SsHandle;
574 LIST_ENTRY InLoadOrderModuleList;
575 LIST_ENTRY InMemoryOrderModuleList;
576 LIST_ENTRY InInitializationOrderModuleList;
577 /* End NT4 */
578 LIST_ENTRY *EntryInProgress;
579 BOOLEAN ShutdownInProgress;
580 HANDLE ShutdownThreadId;
581} PEB_LDR_DATA;
582typedef PEB_LDR_DATA *PPEB_LDR_DATA;
583
584typedef struct _PEB_COMMON
585{
586 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
587 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
588 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
589 union
590 {
591 uint8_t BitField; /**< 0x003 / 0x003 */
592 struct
593 {
594 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
595 } Common;
596 struct
597 {
598 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
599 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
600 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
601 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
602 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
603 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
604 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
605 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
606 } W81;
607 struct
608 {
609 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
610 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
611 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
612 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
613 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
614 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
615 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
616 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
617 } W80;
618 struct
619 {
620 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
621 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
622 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
623 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
624 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
625 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
626 } W7;
627 struct
628 {
629 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
630 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
631 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
632 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
633 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
634 } W6;
635 struct
636 {
637 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
638 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
639 } W52;
640 struct
641 {
642 BOOLEAN SpareBool;
643 } W51;
644 } Diff0;
645#if ARCH_BITS == 64
646 uint32_t Padding0; /**< 0x004 / NA */
647#endif
648 HANDLE Mutant; /**< 0x008 / 0x004 */
649 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
650 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
651 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
652 PVOID SubSystemData; /**< 0x028 / 0x014 */
653 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
654 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
655 union
656 {
657 struct
658 {
659 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
660 PVOID IFEOKey; /**< 0x048 / 0x024 */
661 union
662 {
663 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
664 struct
665 {
666 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
667 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
668 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
669 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
670 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
671 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
672 } W7, W8, W80, W81;
673 struct
674 {
675 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
676 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
677 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
678 } W6;
679 };
680#if ARCH_BITS == 64
681 uint32_t Padding1; /**< 0x054 / */
682#endif
683 } W6, W7, W8, W80, W81;
684 struct
685 {
686 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
687 PVOID SparePtr2; /**< 0x048 / 0x024 */
688 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
689#if ARCH_BITS == 64
690 uint32_t Padding1; /**< 0x054 / */
691#endif
692 } W52;
693 struct
694 {
695 PVOID FastPebLockRoutine; /**< NA / 0x020 */
696 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
697 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
698 } W51;
699 } Diff1;
700 union
701 {
702 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
703 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
704 };
705 uint32_t SystemReserved; /**< 0x060 / 0x030 */
706 union
707 {
708 struct
709 {
710 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
711 } W7, W8, W80, W81;
712 struct
713 {
714 uint32_t SpareUlong; /**< 0x064 / 0x034 */
715 } W52, W6;
716 struct
717 {
718 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
719 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
720 } W51;
721 } Diff2;
722 union
723 {
724 struct
725 {
726 PVOID ApiSetMap; /**< 0x068 / 0x038 */
727 } W7, W8, W80, W81;
728 struct
729 {
730 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
731 } W52, W6;
732 struct
733 {
734 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
735 } W51;
736 } Diff3;
737 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
738#if ARCH_BITS == 64
739 uint32_t Padding2; /**< 0x074 / NA */
740#endif
741 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
742 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
743 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
744 union
745 {
746 struct
747 {
748 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
749 } W81;
750 struct
751 {
752 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
753 } W6, W7, W80;
754 struct
755 {
756 PVOID ReadOnlySharedMemoryHeap;
757 } W52;
758 } Diff4;
759 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
760 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
761 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
762 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
763 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
764 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
765 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
766 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
767 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
768 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
769 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
770 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
771 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
772 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
773 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
774 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
775 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
776#if ARCH_BITS == 64
777 uint32_t Padding3; /**< 0x10c / NA */
778#endif
779 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
780 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
781 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
782 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
783 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
784 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
785 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
786 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
787 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
788#if ARCH_BITS == 64
789 uint32_t Padding4; /**< 0x134 / NA */
790#endif
791 union
792 {
793 struct
794 {
795 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
796 } W7, W8, W80, W81;
797 struct
798 {
799 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
800 } W52, W6;
801 } Diff5;
802 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
803 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
804 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
805 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
806 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
807#if ARCH_BITS == 64
808 uint32_t Padding5; /**< 0x2c4 / NA */
809#endif
810 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
811 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
812 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
813 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
814 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
815 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
816 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
817 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
818 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
819 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
820 /* End of PEB in W52 (Windows XP (RTM))! */
821 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
822 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
823 PVOID FlsBitmap; /**< 0x338 / 0x218 */
824 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
825 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
826 /* End of PEB in W52 (Windows Server 2003)! */
827 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
828 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
829 /* End of PEB in W6 (windows Vista)! */
830 union
831 {
832 struct
833 {
834 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
835 } W8, W80, W81;
836 struct
837 {
838 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
839 } W7;
840 } Diff6;
841 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
842 union
843 {
844 uint32_t TracingFlags; /**< 0x378 / 0x240 */
845 struct
846 {
847 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
848 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
849 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
850 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
851 } W8, W80, W81;
852 struct
853 {
854 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
855 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
856 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
857 } W7;
858 } Diff7;
859#if ARCH_BITS == 64
860 uint32_t Padding6; /**< 0x37c / NA */
861#endif
862 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
863} PEB_COMMON;
864typedef PEB_COMMON *PPEB_COMMON;
865
866AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
867AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
868AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
869AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
870AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
871AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
872AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
873AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
874AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
875
876/** The size of the windows 8.1 PEB structure. */
877#define PEB_SIZE_W81 sizeof(PEB_COMMON)
878/** The size of the windows 8.0 PEB structure. */
879#define PEB_SIZE_W80 sizeof(PEB_COMMON)
880/** The size of the windows 7 PEB structure. */
881#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
882/** The size of the windows vista PEB structure. */
883#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
884/** The size of the windows server 2003 PEB structure. */
885#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
886/** The size of the windows XP PEB structure. */
887#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
888
889#if 0
890typedef struct _NT_TIB
891{
892 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
893 PVOID StackBase;
894 PVOID StackLimit;
895 PVOID SubSystemTib;
896 union
897 {
898 PVOID FiberData;
899 ULONG Version;
900 };
901 PVOID ArbitraryUserPointer;
902 struct _NT_TIB *Self;
903} NT_TIB;
904typedef NT_TIB *PNT_TIB;
905#endif
906
907typedef struct _ACTIVATION_CONTEXT_STACK
908{
909 uint32_t Flags;
910 uint32_t NextCookieSequenceNumber;
911 PVOID ActiveFrame;
912 LIST_ENTRY FrameListCache;
913} ACTIVATION_CONTEXT_STACK;
914
915/* Common TEB. */
916typedef struct _TEB_COMMON
917{
918 NT_TIB NtTib; /**< 0x000 / 0x000 */
919 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
920 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
921 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
922 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
923 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
924 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
925 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
926 PVOID CsrClientThread; /**< 0x070 / 0x03c */
927 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
928 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
929 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
930 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
931 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
932 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
933 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
934 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
935#if ARCH_BITS == 64
936 uint32_t Padding0; /**< 0x2c4 / NA */
937#endif
938 union
939 {
940 struct
941 {
942 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
943 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
944 } W52, W6, W7, W8, W80, W81;
945#if ARCH_BITS == 32
946 struct
947 {
948 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
949 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
950 } W51;
951#endif
952 } Diff0;
953 union
954 {
955 struct
956 {
957 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
958 } W6, W7, W8, W80, W81;
959 struct
960 {
961 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
962 } W52;
963 } Diff1;
964#if ARCH_BITS == 64
965 uint32_t Padding1; /**< 0x2ec / NA */
966#endif
967 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
968 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
969 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
970 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
971 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
972 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
973 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
974 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
975 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
976 PVOID glReserved2; /**< 0x1220 / 0xbdc */
977 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
978 PVOID glSection; /**< 0x1230 / 0xbe4 */
979 PVOID glTable; /**< 0x1238 / 0xbe8 */
980 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
981 PVOID glContext; /**< 0x1248 / 0xbf0 */
982 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
983#if ARCH_BITS == 64
984 uint32_t Padding2; /**< 0x1254 / NA */
985#endif
986 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
987 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
988#if ARCH_BITS == 64
989 WCHAR Padding3[3]; /**< 0x1472 / NA */
990#endif
991 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
992 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
993 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
994 PVOID Vdm; /**< 0x1690 / 0xf18 */
995 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
996 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
997 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
998#if ARCH_BITS == 64
999 uint32_t Padding4; /**< 0x16b4 / NA */
1000#endif
1001 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1002 union
1003 {
1004 struct
1005 {
1006 GUID ActivityId; /**< 0x1710 / 0xf50 */
1007 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1008 } W6, W7, W8, W80, W81;
1009 struct
1010 {
1011 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1012 } W52;
1013 } Diff2;
1014 union /**< 0x1728 / 0xf64 */
1015 {
1016 struct
1017 {
1018 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1019 } W8, W80, W81;
1020 struct
1021 {
1022 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1023 } W7, W6;
1024 struct
1025 {
1026 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1027 } W52;
1028 struct
1029 {
1030 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1031 } W51;
1032 } Diff3;
1033 union
1034 {
1035 struct
1036 {
1037 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1038 } W52, W6, W7, W8, W80, W81;
1039 struct
1040 {
1041 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1042 } W51;
1043 } Diff4;
1044 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1045 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1046 union
1047 {
1048 union
1049 {
1050 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1051 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1052 struct
1053 {
1054 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1055 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1056 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1057 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1058 };
1059 } W6, W7, W8, W80, W81;
1060 struct
1061 {
1062 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1063 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1064 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1065 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1066 } W51, W52;
1067 } Diff5;
1068 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1069#if ARCH_BITS == 64
1070 uint32_t Padding5; /**< 0x174c / NA */
1071#endif
1072 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1073 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1074 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1075#if ARCH_BITS == 64
1076 uint32_t Padding6; /**< 0x1764 / NA */
1077#endif
1078 union /**< 0x1770 / 0xf8c */
1079 {
1080 struct
1081 {
1082 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1083 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1084 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1085 } W8, W80, W81;
1086 struct
1087 {
1088 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1089 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1090 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1091 } W6, W7;
1092 struct
1093 {
1094 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1095 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1096 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1097 } W52;
1098#if ARCH_BITS == 32
1099 struct _Wx86ThreadState
1100 {
1101 PVOID CallBx86Eip; /**< NA / 0xf88 */
1102 PVOID DeallocationCpu; /**< NA / 0xf8c */
1103 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1104 int8_t OleStubInvoked; /**< NA / 0xf91 */
1105 } W51;
1106#endif
1107 } Diff6;
1108 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1109#if ARCH_BITS == 64
1110 PVOID DallocationBStore; /**< 0x1788 / NA */
1111 PVOID BStoreLimit; /**< 0x1790 / NA */
1112#endif
1113 union
1114 {
1115 struct
1116 {
1117 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1118 } W7, W8, W80, W81;
1119 struct
1120 {
1121 uint32_t ImpersonationLocale;
1122 } W6;
1123 } Diff7;
1124 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1125 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1126 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1127 union /**< 0x17b0 / 0xfa8 */
1128 {
1129 struct
1130 {
1131 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1132 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1133 } W8, W80, W81;
1134 struct
1135 {
1136 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1137 } W7;
1138 } Diff8;
1139#if ARCH_BITS == 64
1140 uint32_t Padding7; /**< 0x17b4 / NA */
1141#endif
1142 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1143 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1144 /* End of TEB in W51 (Windows XP)! */
1145 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1146 union
1147 {
1148 struct
1149 {
1150 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1151 } W6, W7, W8, W80, W81;
1152 struct
1153 {
1154 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1155 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1156 /* End of TEB in W52 (Windows server 2003)! */
1157 } W52;
1158 } Diff9;
1159 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1160 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1161 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1162 union
1163 {
1164 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1165 struct
1166 {
1167 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1168 };
1169 };
1170 union
1171 {
1172 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1173 struct
1174 {
1175 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1176 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1177 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1178 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1179 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1180 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1181 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1182 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1183 } Common;
1184 struct
1185 {
1186 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1187 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1188 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1189 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1190 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1191 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1192 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1193 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1194 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1195 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1196 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1197 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1198 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1199 } W8, W80, W81;
1200 struct
1201 {
1202 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1203 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1204 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1205 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1206 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1207 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1208 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1209 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1210 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1211 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1212 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1213 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1214 } W7;
1215 struct
1216 {
1217 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1218 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1219 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1220 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1221 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1222 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1223 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1224 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1225 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1226 } W6;
1227 } Diff10;
1228 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1229 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1230 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1231 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1232 union
1233 {
1234 struct
1235 {
1236 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1237 } W7, W8, W80, W81;
1238 struct
1239 {
1240 uint32_t ProcessRundown;
1241 } W6;
1242 } Diff11;
1243 union
1244 {
1245 struct
1246 {
1247 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1248 /* End of TEB in W7 (windows 7)! */
1249 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1250 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1251 } W8, W80, W81;
1252 struct
1253 {
1254 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1255 } W7;
1256 struct
1257 {
1258 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1259 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1260 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1261 /* End of TEB in W6 (windows Vista)! */
1262 } W6;
1263 } Diff12;
1264} TEB_COMMON;
1265typedef TEB_COMMON *PTEB_COMMON;
1266AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1267AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1268AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1269AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1270AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1271AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1272AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1273AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1274AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1275AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1276AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1277AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1278AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1279
1280
1281/** The size of the windows 8.1 PEB structure. */
1282#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1283/** The size of the windows 8.0 PEB structure. */
1284#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1285/** The size of the windows 7 PEB structure. */
1286#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1287/** The size of the windows vista PEB structure. */
1288#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1289/** The size of the windows server 2003 PEB structure. */
1290#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1291/** The size of the windows XP PEB structure. */
1292#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1293
1294
1295
1296#define _PEB _PEB_COMMON
1297typedef PEB_COMMON PEB;
1298typedef PPEB_COMMON PPEB;
1299
1300#define _TEB _TEB_COMMON
1301typedef TEB_COMMON TEB;
1302typedef PTEB_COMMON PTEB;
1303
1304#define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1305#define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1306#define NtCurrentPeb() RTNtCurrentPeb()
1307#define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1308
1309/** @} */
1310
1311
1312#ifdef IPRT_NT_USE_WINTERNL
1313NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1314NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1315typedef enum _SECTION_INHERIT
1316{
1317 ViewShare = 1,
1318 ViewUnmap
1319} SECTION_INHERIT;
1320NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1321 ULONG, ULONG);
1322
1323
1324typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1325{
1326 ULONG FileSystemAttributes;
1327 LONG MaximumComponentNameLength;
1328 ULONG FileSystemNameLength;
1329 WCHAR FileSystemName[1];
1330} FILE_FS_ATTRIBUTE_INFORMATION;
1331typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1332
1333NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1334NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1335NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1336NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1337
1338typedef enum _FSINFOCLASS
1339{
1340 FileFsVolumeInformation = 1,
1341 FileFsLabelInformation,
1342 FileFsSizeInformation,
1343 FileFsDeviceInformation,
1344 FileFsAttributeInformation,
1345 FileFsControlInformation,
1346 FileFsFullSizeInformation,
1347 FileFsObjectIdInformation,
1348 FileFsDriverPathInformation,
1349 FileFsVolumeFlagsInformation,
1350 FileFsSectorSizeInformation,
1351 FileFsDataCopyInformation,
1352 FileFsMaximumInformation
1353} FS_INFORMATION_CLASS;
1354typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1355NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1356
1357typedef struct _FILE_BOTH_DIR_INFORMATION
1358{
1359 ULONG NextEntryOffset;
1360 ULONG FileIndex;
1361 LARGE_INTEGER CreationTime;
1362 LARGE_INTEGER LastAccessTime;
1363 LARGE_INTEGER LastWriteTime;
1364 LARGE_INTEGER ChangeTime;
1365 LARGE_INTEGER EndOfFile;
1366 LARGE_INTEGER AllocationSize;
1367 ULONG FileAttributes;
1368 ULONG FileNameLength;
1369 ULONG EaSize;
1370 CCHAR ShortNameLength;
1371 WCHAR ShortName[12];
1372 WCHAR FileName[1];
1373} FILE_BOTH_DIR_INFORMATION;
1374typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1375typedef struct _FILE_BASIC_INFORMATION
1376{
1377 LARGE_INTEGER CreationTime;
1378 LARGE_INTEGER LastAccessTime;
1379 LARGE_INTEGER LastWriteTime;
1380 LARGE_INTEGER ChangeTime;
1381 ULONG FileAttributes;
1382} FILE_BASIC_INFORMATION;
1383typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1384typedef struct _FILE_STANDARD_INFORMATION
1385{
1386 LARGE_INTEGER AllocationSize;
1387 LARGE_INTEGER EndOfFile;
1388 ULONG NumberOfLinks;
1389 BOOLEAN DeletePending;
1390 BOOLEAN Directory;
1391} FILE_STANDARD_INFORMATION;
1392typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1393typedef struct _FILE_NAME_INFORMATION
1394{
1395 ULONG FileNameLength;
1396 WCHAR FileName[1];
1397} FILE_NAME_INFORMATION;
1398typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1399typedef enum _FILE_INFORMATION_CLASS
1400{
1401 FileDirectoryInformation = 1,
1402 FileFullDirectoryInformation,
1403 FileBothDirectoryInformation,
1404 FileBasicInformation,
1405 FileStandardInformation,
1406 FileInternalInformation,
1407 FileEaInformation,
1408 FileAccessInformation,
1409 FileNameInformation,
1410 FileRenameInformation,
1411 FileLinkInformation,
1412 FileNamesInformation,
1413 FileDispositionInformation,
1414 FilePositionInformation,
1415 FileFullEaInformation,
1416 FileModeInformation,
1417 FileAlignmentInformation,
1418 FileAllInformation,
1419 FileAllocationInformation,
1420 FileEndOfFileInformation,
1421 FileAlternateNameInformation,
1422 FileStreamInformation,
1423 FilePipeInformation,
1424 FilePipeLocalInformation,
1425 FilePipeRemoteInformation,
1426 FileMailslotQueryInformation,
1427 FileMailslotSetInformation,
1428 FileCompressionInformation,
1429 FileObjectIdInformation,
1430 FileCompletionInformation,
1431 FileMoveClusterInformation,
1432 FileQuotaInformation,
1433 FileReparsePointInformation,
1434 FileNetworkOpenInformation,
1435 FileAttributeTagInformation,
1436 FileTrackingInformation,
1437 FileIdBothDirectoryInformation,
1438 FileIdFullDirectoryInformation,
1439 FileValidDataLengthInformation,
1440 FileShortNameInformation,
1441 FileIoCompletionNotificationInformation,
1442 FileIoStatusBlockRangeInformation,
1443 FileIoPriorityHintInformation,
1444 FileSfioReserveInformation,
1445 FileSfioVolumeInformation,
1446 FileHardLinkInformation,
1447 FileProcessIdsUsingFileInformation,
1448 FileNormalizedNameInformation,
1449 FileNetworkPhysicalNameInformation,
1450 FileIdGlobalTxDirectoryInformation,
1451 FileIsRemoteDeviceInformation,
1452 FileUnusedInformation,
1453 FileNumaNodeInformation,
1454 FileStandardLinkInformation,
1455 FileRemoteProtocolInformation,
1456 FileRenameInformationBypassAccessCheck,
1457 FileLinkInformationBypassAccessCheck,
1458 FileVolumeNameInformation,
1459 FileIdInformation,
1460 FileIdExtdDirectoryInformation,
1461 FileReplaceCompletionInformation,
1462 FileHardLinkFullIdInformation,
1463 FileMaximumInformation
1464} FILE_INFORMATION_CLASS;
1465typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1466NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1467NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1468 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1469
1470typedef struct _MEMORY_SECTION_NAME
1471{
1472 UNICODE_STRING SectionFileName;
1473 WCHAR NameBuffer[1];
1474} MEMORY_SECTION_NAME;
1475
1476#ifdef IPRT_NT_USE_WINTERNL
1477typedef struct _PROCESS_BASIC_INFORMATION
1478{
1479 NTSTATUS ExitStatus;
1480 PPEB PebBaseAddress;
1481 ULONG_PTR AffinityMask;
1482 int32_t BasePriority;
1483 ULONG_PTR UniqueProcessId;
1484 ULONG_PTR InheritedFromUniqueProcessId;
1485} PROCESS_BASIC_INFORMATION;
1486typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1487#endif
1488
1489typedef enum _PROCESSINFOCLASS
1490{
1491 ProcessBasicInformation = 0,
1492 ProcessQuotaLimits,
1493 ProcessIoCounters,
1494 ProcessVmCounters,
1495 ProcessTimes,
1496 ProcessBasePriority,
1497 ProcessRaisePriority,
1498 ProcessDebugPort,
1499 ProcessExceptionPort,
1500 ProcessAccessToken,
1501 ProcessLdtInformation,
1502 ProcessLdtSize,
1503 ProcessDefaultHardErrorMode,
1504 ProcessIoPortHandlers,
1505 ProcessPooledUsageAndLimits,
1506 ProcessWorkingSetWatch,
1507 ProcessUserModeIOPL,
1508 ProcessEnableAlignmentFaultFixup,
1509 ProcessPriorityClass,
1510 ProcessWx86Information,
1511 ProcessHandleCount,
1512 ProcessAffinityMask,
1513 ProcessPriorityBoost,
1514 ProcessDeviceMap,
1515 ProcessSessionInformation,
1516 ProcessForegroundInformation,
1517 ProcessWow64Information,
1518 ProcessImageFileName,
1519 ProcessLUIDDeviceMapsEnabled,
1520 ProcessBreakOnTermination,
1521 ProcessDebugObjectHandle,
1522 ProcessDebugFlags,
1523 ProcessHandleTracing,
1524 ProcessIoPriority,
1525 ProcessExecuteFlags,
1526 ProcessTlsInformation,
1527 ProcessCookie,
1528 ProcessImageInformation,
1529 ProcessCycleTime,
1530 ProcessPagePriority,
1531 ProcessInstrumentationCallbak,
1532 ProcessThreadStackAllocation,
1533 ProcessWorkingSetWatchEx,
1534 ProcessImageFileNameWin32,
1535 ProcessImageFileMapping,
1536 ProcessAffinityUpdateMode,
1537 ProcessMemoryAllocationMode,
1538 ProcessGroupInformation,
1539 ProcessTokenVirtualizationEnabled,
1540 ProcessConsoleHostProcess,
1541 ProcessWindowsInformation,
1542 MaxProcessInfoClass
1543} PROCESSINFOCLASS;
1544NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1545
1546typedef enum _THREADINFOCLASS
1547{
1548 ThreadBasicInformation = 0,
1549 ThreadTimes,
1550 ThreadPriority,
1551 ThreadBasePriority,
1552 ThreadAffinityMask,
1553 ThreadImpersonationToken,
1554 ThreadDescriptorTableEntry,
1555 ThreadEnableAlignmentFaultFixup,
1556 ThreadEventPair_Reusable,
1557 ThreadQuerySetWin32StartAddress,
1558 ThreadZeroTlsCell,
1559 ThreadPerformanceCount,
1560 ThreadAmILastThread,
1561 ThreadIdealProcessor,
1562 ThreadPriorityBoost,
1563 ThreadSetTlsArrayAddress,
1564 ThreadIsIoPending,
1565 ThreadHideFromDebugger,
1566 ThreadBreakOnTermination,
1567 ThreadSwitchLegacyState,
1568 ThreadIsTerminated,
1569 ThreadLastSystemCall,
1570 ThreadIoPriority,
1571 ThreadCycleTime,
1572 ThreadPagePriority,
1573 ThreadActualBasePriority,
1574 ThreadTebInformation,
1575 ThreadCSwitchMon,
1576 ThreadCSwitchPmu,
1577 ThreadWow64Context,
1578 ThreadGroupInformation,
1579 ThreadUmsInformation,
1580 ThreadCounterProfiling,
1581 ThreadIdealProcessorEx,
1582 ThreadCpuAccountingInformation,
1583 MaxThreadInfoClass
1584} THREADINFOCLASS;
1585NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1586
1587NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1588
1589NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1590NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1591
1592NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1593NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1594
1595NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1596NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1597NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1598NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1599NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1600NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1601NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1602NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1603NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1604
1605#endif /* IPRT_NT_USE_WINTERNL */
1606
1607typedef enum _OBJECT_INFORMATION_CLASS
1608{
1609 ObjectBasicInformation = 0,
1610 ObjectNameInformation,
1611 ObjectTypeInformation,
1612 ObjectAllInformation,
1613 ObjectDataInformation
1614} OBJECT_INFORMATION_CLASS;
1615typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1616#ifdef IN_RING0
1617# define NtQueryObject ZwQueryObject
1618#endif
1619NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1620NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1621NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1622
1623NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1624
1625typedef struct _OBJECT_DIRECTORY_INFORMATION
1626{
1627 UNICODE_STRING Name;
1628 UNICODE_STRING TypeName;
1629} OBJECT_DIRECTORY_INFORMATION;
1630typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1631NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1632
1633NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1634NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1635/** @name ProcessDefaultHardErrorMode bit definitions.
1636 * @{ */
1637#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1638#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1639#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1640#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1641/** @} */
1642NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1643NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1644
1645/** Retured by ProcessImageInformation as well as NtQuerySection. */
1646typedef struct _SECTION_IMAGE_INFORMATION
1647{
1648 PVOID TransferAddress;
1649 ULONG ZeroBits;
1650 SIZE_T MaximumStackSize;
1651 SIZE_T CommittedStackSize;
1652 ULONG SubSystemType;
1653 union
1654 {
1655 struct
1656 {
1657 USHORT SubSystemMinorVersion;
1658 USHORT SubSystemMajorVersion;
1659 };
1660 ULONG SubSystemVersion;
1661 };
1662 ULONG GpValue;
1663 USHORT ImageCharacteristics;
1664 USHORT DllCharacteristics;
1665 USHORT Machine;
1666 BOOLEAN ImageContainsCode;
1667 union /**< Since Vista, used to be a spare BOOLEAN. */
1668 {
1669 struct
1670 {
1671 UCHAR ComPlusNativeRead : 1;
1672 UCHAR ComPlusILOnly : 1;
1673 UCHAR ImageDynamicallyRelocated : 1;
1674 UCHAR ImageMAppedFlat : 1;
1675 UCHAR Reserved : 4;
1676 };
1677 UCHAR ImageFlags;
1678 };
1679 ULONG LoaderFlags;
1680 ULONG ImageFileSize; /**< Since XP? */
1681 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
1682} SECTION_IMAGE_INFORMATION;
1683typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1684
1685typedef enum _SECTION_INFORMATION_CLASS
1686{
1687 SectionBasicInformation = 0,
1688 SectionImageInformation,
1689 MaxSectionInfoClass
1690} SECTION_INFORMATION_CLASS;
1691NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1692
1693NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1694NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1695NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1696#ifndef SYMBOLIC_LINK_QUERY
1697# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1698#endif
1699#ifndef SYMBOLIC_LINK_ALL_ACCESS
1700# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
1701#endif
1702
1703NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1704NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1705NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1706NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1707NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1708NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1709
1710
1711#ifndef SEC_FILE
1712# define SEC_FILE UINT32_C(0x00800000)
1713#endif
1714#ifndef SEC_IMAGE
1715# define SEC_IMAGE UINT32_C(0x01000000)
1716#endif
1717#ifndef SEC_PROTECTED_IMAGE
1718# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1719#endif
1720#ifndef SEC_NOCACHE
1721# define SEC_NOCACHE UINT32_C(0x10000000)
1722#endif
1723#ifndef MEM_ROTATE
1724# define MEM_ROTATE UINT32_C(0x00800000)
1725#endif
1726typedef enum _MEMORY_INFORMATION_CLASS
1727{
1728 MemoryBasicInformation = 0,
1729 MemoryWorkingSetList,
1730 MemorySectionName,
1731 MemoryBasicVlmInformation
1732} MEMORY_INFORMATION_CLASS;
1733#ifdef IN_RING0
1734typedef struct _MEMORY_BASIC_INFORMATION
1735{
1736 PVOID BaseAddress;
1737 PVOID AllocationBase;
1738 ULONG AllocationProtect;
1739 SIZE_T RegionSize;
1740 ULONG State;
1741 ULONG Protect;
1742 ULONG Type;
1743} MEMORY_BASIC_INFORMATION;
1744typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1745# define NtQueryVirtualMemory ZwQueryVirtualMemory
1746#endif
1747NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1748#ifdef IPRT_NT_USE_WINTERNL
1749NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1750#endif
1751NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1752NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1753
1754typedef enum _SYSTEM_INFORMATION_CLASS
1755{
1756 SystemBasicInformation = 0,
1757 SystemCpuInformation,
1758 SystemPerformanceInformation,
1759 SystemTimeOfDayInformation,
1760 SystemInformation_Unknown_4,
1761 SystemProcessInformation,
1762 SystemInformation_Unknown_6,
1763 SystemInformation_Unknown_7,
1764 SystemProcessorPerformanceInformation,
1765 SystemInformation_Unknown_9,
1766 SystemInformation_Unknown_10,
1767 SystemModuleInformation,
1768 SystemInformation_Unknown_12,
1769 SystemInformation_Unknown_13,
1770 SystemInformation_Unknown_14,
1771 SystemInformation_Unknown_15,
1772 SystemHandleInformation,
1773 SystemInformation_Unknown_17,
1774 SystemPageFileInformation,
1775 SystemInformation_Unknown_19,
1776 SystemInformation_Unknown_20,
1777 SystemCacheInformation,
1778 SystemInformation_Unknown_22,
1779 SystemInterruptInformation,
1780 SystemDpcBehaviourInformation,
1781 SystemFullMemoryInformation,
1782 SystemLoadGdiDriverInformation, /* 26 */
1783 SystemUnloadGdiDriverInformation, /* 27 */
1784 SystemTimeAdjustmentInformation,
1785 SystemSummaryMemoryInformation,
1786 SystemInformation_Unknown_30,
1787 SystemInformation_Unknown_31,
1788 SystemInformation_Unknown_32,
1789 SystemExceptionInformation,
1790 SystemCrashDumpStateInformation,
1791 SystemKernelDebuggerInformation,
1792 SystemContextSwitchInformation,
1793 SystemRegistryQuotaInformation,
1794 SystemInformation_Unknown_38,
1795 SystemInformation_Unknown_39,
1796 SystemInformation_Unknown_40,
1797 SystemInformation_Unknown_41,
1798 SystemInformation_Unknown_42,
1799 SystemInformation_Unknown_43,
1800 SystemCurrentTimeZoneInformation,
1801 SystemLookasideInformation,
1802 SystemSetTimeSlipEvent,
1803 SystemCreateSession,
1804 SystemDeleteSession,
1805 SystemInformation_Unknown_49,
1806 SystemRangeStartInformation,
1807 SystemVerifierInformation,
1808 SystemInformation_Unknown_52,
1809 SystemSessionProcessInformation,
1810 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1811 SystemInformation_Unknown_55,
1812 SystemInformation_Unknown_56,
1813 SystemExtendedProcessInformation,
1814 SystemInformation_Unknown_58,
1815 SystemInformation_Unknown_59,
1816 SystemInformation_Unknown_60,
1817 SystemInformation_Unknown_61,
1818 SystemInformation_Unknown_62,
1819 SystemInformation_Unknown_63,
1820 SystemExtendedHandleInformation, /* 64 */
1821 SystemInformation_Unknown_65,
1822 SystemInformation_Unknown_66,
1823 SystemInformation_Unknown_67,
1824 SystemInformation_Unknown_68,
1825 SystemInformation_HotPatchInfo, /* 69 */
1826 SystemInformation_Unknown_70,
1827 SystemInformation_Unknown_71,
1828 SystemInformation_Unknown_72,
1829 SystemInformation_Unknown_73,
1830 SystemInformation_Unknown_74,
1831 SystemInformation_Unknown_75,
1832 SystemInformation_Unknown_76,
1833 SystemInformation_Unknown_77,
1834 SystemInformation_Unknown_78,
1835 SystemInformation_Unknown_79,
1836 SystemInformation_Unknown_80,
1837 SystemInformation_Unknown_81,
1838 SystemInformation_Unknown_82,
1839 SystemInformation_Unknown_83,
1840 SystemInformation_Unknown_84,
1841 SystemInformation_Unknown_85,
1842 SystemInformation_Unknown_86,
1843 SystemInformation_Unknown_87,
1844 SystemInformation_Unknown_88,
1845 SystemInformation_Unknown_89,
1846 SystemInformation_Unknown_90,
1847 SystemInformation_Unknown_91,
1848 SystemInformation_Unknown_92,
1849 SystemInformation_Unknown_93,
1850 SystemInformation_Unknown_94,
1851 SystemInformation_Unknown_95,
1852 SystemInformation_KiOpPrefetchPatchCount,
1853
1854 /** @todo fill gap. they've added a whole bunch of things */
1855 SystemPolicyInformation = 134,
1856 SystemInformationClassMax
1857} SYSTEM_INFORMATION_CLASS;
1858
1859#ifdef IPRT_NT_USE_WINTERNL
1860typedef struct _VM_COUNTERS
1861{
1862 SIZE_T PeakVirtualSize;
1863 SIZE_T VirtualSize;
1864 ULONG PageFaultCount;
1865 SIZE_T PeakWorkingSetSize;
1866 SIZE_T WorkingSetSize;
1867 SIZE_T QuotaPeakPagedPoolUsage;
1868 SIZE_T QuotaPagedPoolUsage;
1869 SIZE_T QuotaPeakNonPagedPoolUsage;
1870 SIZE_T QuotaNonPagedPoolUsage;
1871 SIZE_T PagefileUsage;
1872 SIZE_T PeakPagefileUsage;
1873} VM_COUNTERS;
1874typedef VM_COUNTERS *PVM_COUNTERS;
1875#endif
1876
1877#if 0
1878typedef struct _IO_COUNTERS
1879{
1880 ULONGLONG ReadOperationCount;
1881 ULONGLONG WriteOperationCount;
1882 ULONGLONG OtherOperationCount;
1883 ULONGLONG ReadTransferCount;
1884 ULONGLONG WriteTransferCount;
1885 ULONGLONG OtherTransferCount;
1886} IO_COUNTERS;
1887typedef IO_COUNTERS *PIO_COUNTERS;
1888#endif
1889
1890typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1891{
1892 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
1893 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
1894 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
1895 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
1896 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
1897 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
1898 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
1899 int32_t BasePriority; /**< 0x40 / 0x48 */
1900 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
1901 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
1902 ULONG HandleCount; /**< 0x4c / 0x60 */
1903 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
1904 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
1905 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
1906 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
1907 /* After this follows the threads, then the ProcessName.Buffer. */
1908} RTNT_SYSTEM_PROCESS_INFORMATION;
1909typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1910#ifndef IPRT_NT_USE_WINTERNL
1911typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1912typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1913#endif
1914
1915typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1916{
1917 USHORT UniqueProcessId;
1918 USHORT CreatorBackTraceIndex;
1919 UCHAR ObjectTypeIndex;
1920 UCHAR HandleAttributes;
1921 USHORT HandleValue;
1922 PVOID Object;
1923 ULONG GrantedAccess;
1924} SYSTEM_HANDLE_ENTRY_INFO;
1925typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1926
1927/** Returned by SystemHandleInformation */
1928typedef struct _SYSTEM_HANDLE_INFORMATION
1929{
1930 ULONG NumberOfHandles;
1931 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1932} SYSTEM_HANDLE_INFORMATION;
1933typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1934
1935/** Extended handle information entry.
1936 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1937typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1938{
1939 PVOID Object;
1940 HANDLE UniqueProcessId;
1941 HANDLE HandleValue;
1942 ACCESS_MASK GrantedAccess;
1943 USHORT CreatorBackTraceIndex;
1944 USHORT ObjectTypeIndex;
1945 ULONG HandleAttributes;
1946 ULONG Reserved;
1947} SYSTEM_HANDLE_ENTRY_INFO_EX;
1948typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
1949
1950/** Returned by SystemExtendedHandleInformation. */
1951typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1952{
1953 ULONG_PTR NumberOfHandles;
1954 ULONG_PTR Reserved;
1955 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
1956} SYSTEM_HANDLE_INFORMATION_EX;
1957typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
1958
1959/** Input to SystemSessionProcessInformation. */
1960typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1961{
1962 ULONG SessionId;
1963 ULONG BufferLength;
1964 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
1965 PVOID Buffer;
1966} SYSTEM_SESSION_PROCESS_INFORMATION;
1967typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
1968
1969NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1970
1971NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
1972NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
1973#ifndef IPRT_NT_USE_WINTERNL
1974NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
1975#endif
1976typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
1977NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
1978
1979NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
1980
1981#ifdef IPRT_NT_USE_WINTERNL
1982typedef enum _EVENT_TYPE
1983{
1984 /* Manual reset event. */
1985 NotificationEvent = 0,
1986 /* Automaitc reset event. */
1987 SynchronizationEvent
1988} EVENT_TYPE;
1989#endif
1990NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
1991NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1992NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
1993NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
1994NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
1995typedef enum _EVENT_INFORMATION_CLASS
1996{
1997 EventBasicInformation = 0
1998} EVENT_INFORMATION_CLASS;
1999/** Data returned by NtQueryEvent + EventBasicInformation. */
2000typedef struct EVENT_BASIC_INFORMATION
2001{
2002 EVENT_TYPE EventType;
2003 ULONG EventState;
2004} EVENT_BASIC_INFORMATION;
2005typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2006NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2007
2008#ifdef IPRT_NT_USE_WINTERNL
2009/** For NtQueryValueKey. */
2010typedef enum _KEY_VALUE_INFORMATION_CLASS
2011{
2012 KeyValueBasicInformation = 0,
2013 KeyValueFullInformation,
2014 KeyValuePartialInformation,
2015 KeyValueFullInformationAlign64,
2016 KeyValuePartialInformationAlign64
2017} KEY_VALUE_INFORMATION_CLASS;
2018
2019/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2020typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2021{
2022 ULONG TitleIndex;
2023 ULONG Type;
2024 ULONG DataLength;
2025 UCHAR Data[1];
2026} KEY_VALUE_PARTIAL_INFORMATION;
2027typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2028#endif
2029NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2030NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2031
2032
2033NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2034
2035
2036typedef struct _CURDIR
2037{
2038 UNICODE_STRING DosPath;
2039 HANDLE Handle;
2040} CURDIR;
2041typedef CURDIR *PCURDIR;
2042
2043typedef struct _RTL_DRIVE_LETTER_CURDIR
2044{
2045 USHORT Flags;
2046 USHORT Length;
2047 ULONG TimeStamp;
2048 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2049} RTL_DRIVE_LETTER_CURDIR;
2050typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2051
2052typedef struct _RTL_USER_PROCESS_PARAMETERS
2053{
2054 ULONG MaximumLength;
2055 ULONG Length;
2056 ULONG Flags;
2057 ULONG DebugFlags;
2058 HANDLE ConsoleHandle;
2059 ULONG ConsoleFlags;
2060 HANDLE StandardInput;
2061 HANDLE StandardOutput;
2062 HANDLE StandardError;
2063 CURDIR CurrentDirectory;
2064 UNICODE_STRING DllPath;
2065 UNICODE_STRING ImagePathName;
2066 UNICODE_STRING CommandLine;
2067 PWSTR Environment;
2068 ULONG StartingX;
2069 ULONG StartingY;
2070 ULONG CountX;
2071 ULONG CountY;
2072 ULONG CountCharsX;
2073 ULONG CountCharsY;
2074 ULONG FillAttribute;
2075 ULONG WindowFlags;
2076 ULONG ShowWindowFlags;
2077 UNICODE_STRING WindowTitle;
2078 UNICODE_STRING DesktopInfo;
2079 UNICODE_STRING ShellInfo;
2080 UNICODE_STRING RuntimeInfo;
2081 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2082 SIZE_T EnvironmentSize; /**< Added in Vista */
2083 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2084 PVOID PackageDependencyData; /**< Added Windows 8? */
2085 ULONG ProcessGroupId; /**< Added Windows 8? */
2086} RTL_USER_PROCESS_PARAMETERS;
2087typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2088#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2089
2090typedef struct _RTL_USER_PROCESS_INFORMATION
2091{
2092 ULONG Size;
2093 HANDLE ProcessHandle;
2094 HANDLE ThreadHandle;
2095 CLIENT_ID ClientId;
2096 SECTION_IMAGE_INFORMATION ImageInformation;
2097} RTL_USER_PROCESS_INFORMATION;
2098typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2099
2100
2101NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2102 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2103NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2104 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2105 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2106 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2107 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2108NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2109NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2110 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2111
2112RT_C_DECLS_END
2113/** @} */
2114
2115
2116#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2117/** @name NT Kernel APIs
2118 * @{ */
2119RT_C_DECLS_BEGIN
2120
2121NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2122 PVOID pvOptionalConditions, PHANDLE phFound);
2123NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2124 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2125 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2126NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2127NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2128NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2129NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2130extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2131extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2132
2133RT_C_DECLS_END
2134/** @ */
2135#endif /* IN_RING0 */
2136
2137
2138#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2139/** @name NT Userland APIs
2140 * @{ */
2141RT_C_DECLS_BEGIN
2142
2143#if 0 /** @todo figure this out some time... */
2144typedef struct CSR_MSG_DATA_CREATED_PROCESS
2145{
2146 HANDLE hProcess;
2147 HANDLE hThread;
2148 CLIENT_ID
2149 DWORD idProcess;
2150 DWORD idThread;
2151 DWORD fCreate;
2152
2153} CSR_MSG_DATA_CREATED_PROCESS;
2154
2155#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2156#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2157NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2158#endif
2159NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2160NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2161NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2162NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2163NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2164 IN PCUNICODE_STRING pOrgName,
2165 IN PUNICODE_STRING pDefaultSuffix,
2166 IN OUT PUNICODE_STRING pStaticString,
2167 IN OUT PUNICODE_STRING pDynamicString,
2168 IN OUT PUNICODE_STRING *ppResultString,
2169 IN PULONG pfNewFlags OPTIONAL,
2170 IN PSIZE_T pcbFilename OPTIONAL,
2171 IN PSIZE_T pcbNeeded OPTIONAL);
2172
2173# ifdef IPRT_NT_USE_WINTERNL
2174typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2175typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2176typedef struct _RTL_HEAP_PARAMETERS
2177{
2178 ULONG Length;
2179 SIZE_T SegmentReserve;
2180 SIZE_T SegmentCommit;
2181 SIZE_T DeCommitFreeBlockThreshold;
2182 SIZE_T DeCommitTotalFreeThreshold;
2183 SIZE_T MaximumAllocationSize;
2184 SIZE_T VirtualMemoryThreshold;
2185 SIZE_T InitialCommit;
2186 SIZE_T InitialReserve;
2187 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2188 SIZE_T Reserved[2];
2189} RTL_HEAP_PARAMETERS;
2190typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2191NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2192 PRTL_HEAP_PARAMETERS pParameters);
2193/** @name Heap flags (for RtlCreateHeap).
2194 * @{ */
2195/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2196# define HEAP_GROWABLE UINT32_C(0x00000002)
2197# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2198# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2199# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2200# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2201# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2202# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2203# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2204# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2205# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2206# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2207# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2208# define HEAP_CLASS_0 UINT32_C(0x00000000)
2209# define HEAP_CLASS_1 UINT32_C(0x00001000)
2210# define HEAP_CLASS_2 UINT32_C(0x00002000)
2211# define HEAP_CLASS_3 UINT32_C(0x00003000)
2212# define HEAP_CLASS_4 UINT32_C(0x00004000)
2213# define HEAP_CLASS_5 UINT32_C(0x00005000)
2214# define HEAP_CLASS_6 UINT32_C(0x00006000)
2215# define HEAP_CLASS_7 UINT32_C(0x00007000)
2216# define HEAP_CLASS_8 UINT32_C(0x00008000)
2217# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2218# endif
2219# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2220# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2221# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2222# define HEAP_CLASS_GDI HEAP_CLASS_3
2223# define HEAP_CLASS_USER HEAP_CLASS_4
2224# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2225# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2226# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2227# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2228# ifdef IPRT_NT_USE_WINTERNL
2229/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2230# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2231# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2232# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2233# endif /* IPRT_NT_USE_WINTERNL */
2234/** @} */
2235# ifdef IPRT_NT_USE_WINTERNL
2236/** @name Heap tagging constants
2237 * @{ */
2238# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2239/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2240# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2241# define HEAP_TAG_SHIFT 18 */
2242# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2243/** @} */
2244NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2245NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2246NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2247# endif /* IPRT_NT_USE_WINTERNL */
2248NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2249NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2250NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2251NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2252NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2253NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2254NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2255NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2256
2257RT_C_DECLS_END
2258/** @} */
2259#endif /* IN_RING3 */
2260
2261#endif
2262
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette