nt.h@ 53445

Last change on this file since 53445 was 53445, checked in by vboxsync, 10 years ago
nt.h: KUSER_SHARED_DATA offsets.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 103.0 KB

Line
1	/* $Id: nt.h 53445 2014-12-04 16:22:33Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQuerySystemInformation ZwQuerySystemInformation
43	# define NtQuerySecurityObject ZwQuerySecurityObject
44	# define NtClose ZwClose
45	# define NtCreateFile ZwCreateFile
46	# define NtReadFile ZwReadFile
47	# define NtWriteFile ZwWriteFile
48	/** @todo this is very incomplete! */
49	#endif
50
51	#include <ntstatus.h>
52
53	/*
54	* Hacks common to both base header sets.
55	*/
56	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
57	#define NtQueryObject Incomplete_NtQueryObject
58	#define ZwQueryObject Incomplete_ZwQueryObject
59	#define NtSetInformationObject Incomplete_NtSetInformationObject
60	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
61	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
63	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
64	#define _PEB Incomplete__PEB
65	#define PEB Incomplete_PEB
66	#define PPEB Incomplete_PPEB
67	#define _TEB Incomplete__TEB
68	#define TEB Incomplete_TEB
69	#define PTEB Incomplete_PTEB
70	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
71	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
72	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
73
74
75
76	#ifdef IPRT_NT_USE_WINTERNL
77	/*
78	* Use Winternl.h.
79	*/
80	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
81	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
82	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
83
84	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
85	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
86	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
87	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
88	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
89	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
90	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
91	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
92	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
93	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
94	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
95	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
96
97	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
98	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
99	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
100
101	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
102	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
103	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
104	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
105	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
106
107	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
108	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
109	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
110	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
111	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
112	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
113	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
114	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
115	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
116	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
117	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
118	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
119	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
120	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
121
122
123	# define WIN32_NO_STATUS
124	# include <windef.h>
125	# include <winnt.h>
126	# include <winternl.h>
127	# undef WIN32_NO_STATUS
128	# include <ntstatus.h>
129
130
131	# undef _FILE_INFORMATION_CLASS
132	# undef FILE_INFORMATION_CLASS
133	# undef FileDirectoryInformation
134
135	# undef NtQueryInformationProcess
136	# undef NtSetInformationProcess
137	# undef PROCESSINFOCLASS
138	# undef _PROCESSINFOCLASS
139	# undef PROCESS_BASIC_INFORMATION
140	# undef PPROCESS_BASIC_INFORMATION
141	# undef _PROCESS_BASIC_INFORMATION
142	# undef ProcessBasicInformation
143	# undef ProcessDebugPort
144	# undef ProcessWow64Information
145	# undef ProcessImageFileName
146	# undef ProcessBreakOnTermination
147
148	# undef RTL_USER_PROCESS_PARAMETERS
149	# undef PRTL_USER_PROCESS_PARAMETERS
150	# undef _RTL_USER_PROCESS_PARAMETERS
151
152	# undef NtQueryInformationThread
153	# undef NtSetInformationThread
154	# undef THREADINFOCLASS
155	# undef _THREADINFOCLASS
156	# undef ThreadIsIoPending
157
158	# undef NtQuerySystemInformation
159	# undef NtSetSystemInformation
160	# undef SYSTEM_INFORMATION_CLASS
161	# undef _SYSTEM_INFORMATION_CLASS
162	# undef SystemBasicInformation
163	# undef SystemPerformanceInformation
164	# undef SystemTimeOfDayInformation
165	# undef SystemProcessInformation
166	# undef SystemProcessorPerformanceInformation
167	# undef SystemInterruptInformation
168	# undef SystemExceptionInformation
169	# undef SystemRegistryQuotaInformation
170	# undef SystemLookasideInformation
171	# undef SystemPolicyInformation
172
173	#else
174	/*
175	* Use ntifs.h and wdm.h.
176	*/
177	# ifdef RT_ARCH_X86
178	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
179	# pragma warning(disable : 4163)
180	# endif
181
182	# include <ntifs.h>
183	# include <wdm.h>
184
185	# ifdef RT_ARCH_X86
186	# pragma warning(default : 4163)
187	# undef _InterlockedAddLargeStatistic
188	# endif
189
190	# define IPRT_NT_NEED_API_GROUP_NTIFS
191	#endif
192
193	#undef RtlFreeUnicodeString
194	#undef NtQueryObject
195	#undef ZwQueryObject
196	#undef NtSetInformationObject
197	#undef _OBJECT_INFORMATION_CLASS
198	#undef OBJECT_INFORMATION_CLASS
199	#undef ObjectBasicInformation
200	#undef ObjectTypeInformation
201	#undef _PEB
202	#undef PEB
203	#undef PPEB
204	#undef _TEB
205	#undef TEB
206	#undef PTEB
207	#undef _PEB_LDR_DATA
208	#undef PEB_LDR_DATA
209	#undef PPEB_LDR_DATA
210
211
212	#include <iprt/types.h>
213	#include <iprt/assert.h>
214
215
216	/** @name Useful macros
217	* @{ */
218	/** Indicates that we're targetting native NT in the current source. */
219	#define RTNT_USE_NATIVE_NT 1
220	/** Initializes a IO_STATUS_BLOCK. */
221	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
222	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
223	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
224	/** Constant UNICODE_STRING initializer. */
225	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
226	/** @} */
227
228
229	/** @name IPRT helper functions for NT
230	* @{ */
231	RT_C_DECLS_BEGIN
232
233	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
234	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
235	PHANDLE phHandle, PULONG_PTR puDisposition);
236	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
237	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
238	RTDECL(int) RTNtPathClose(HANDLE hHandle);
239
240	/**
241	* Converts a UTF-16 windows-style path to NT format.
242	*
243	* @returns IPRT status code.
244	* @param pNtName Where to return the NT name. Free using
245	* RTNtPathFree.
246	* @param phRootDir Where to return the root handle, if applicable.
247	* @param pwszPath The UTF-16 windows-style path.
248	* @param cwcPath The max length of the windows-style path in
249	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
250	* pwszPath is correctly terminated.
251	*/
252	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
253
254	/**
255	* Frees the native path and root handle.
256	*
257	* @param pNtName The NT path after a successful
258	* RTNtPathFromWinUtf16Ex call.
259	* @param phRootDir The root handle variable after a successfull
260	* RTNtPathFromWinUtf16Ex call.
261	*/
262	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
263
264
265	RT_C_DECLS_END
266	/** @} */
267
268
269	/** @name NT API delcarations.
270	* @{ */
271	RT_C_DECLS_BEGIN
272
273	/** @name Process access rights missing in ntddk headers
274	* @{ */
275	#ifndef PROCESS_TERMINATE
276	# define PROCESS_TERMINATE UINT32_C(0x00000001)
277	#endif
278	#ifndef PROCESS_CREATE_THREAD
279	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
280	#endif
281	#ifndef PROCESS_SET_SESSIONID
282	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
283	#endif
284	#ifndef PROCESS_VM_OPERATION
285	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
286	#endif
287	#ifndef PROCESS_VM_READ
288	# define PROCESS_VM_READ UINT32_C(0x00000010)
289	#endif
290	#ifndef PROCESS_VM_WRITE
291	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
292	#endif
293	#ifndef PROCESS_DUP_HANDLE
294	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
295	#endif
296	#ifndef PROCESS_CREATE_PROCESS
297	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
298	#endif
299	#ifndef PROCESS_SET_QUOTA
300	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
301	#endif
302	#ifndef PROCESS_SET_INFORMATION
303	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
304	#endif
305	#ifndef PROCESS_QUERY_INFORMATION
306	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
307	#endif
308	#ifndef PROCESS_SUSPEND_RESUME
309	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
310	#endif
311	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
312	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
313	#endif
314	#ifndef PROCESS_SET_LIMITED_INFORMATION
315	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
316	#endif
317	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
318	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
319	#ifndef PROCESS_ALL_ACCESS
320	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
321	#endif
322	/** @} */
323
324	/** @name Thread access rights missing in ntddk headers
325	* @{ */
326	#ifndef THREAD_QUERY_INFORMATION
327	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
328	#endif
329	#ifndef THREAD_SET_THREAD_TOKEN
330	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
331	#endif
332	#ifndef THREAD_IMPERSONATE
333	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
334	#endif
335	#ifndef THREAD_DIRECT_IMPERSONATION
336	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
337	#endif
338	#ifndef THREAD_RESUME
339	# define THREAD_RESUME UINT32_C(0x00001000)
340	#endif
341	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
342	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
343	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
344	/** @} */
345
346	/** @name Special handle values.
347	* @{ */
348	#ifndef NtCurrentProcess
349	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
350	#endif
351	#ifndef NtCurrentThread
352	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
353	#endif
354	#ifndef ZwCurrentProcess
355	# define ZwCurrentProcess() NtCurrentProcess()
356	#endif
357	#ifndef ZwCurrentThread
358	# define ZwCurrentThread() NtCurrentThread()
359	#endif
360	/** @} */
361
362
363	/** @name Directory object access rights.
364	* @{ */
365	#ifndef DIRECTORY_QUERY
366	# define DIRECTORY_QUERY UINT32_C(0x00000001)
367	#endif
368	#ifndef DIRECTORY_TRAVERSE
369	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
370	#endif
371	#ifndef DIRECTORY_CREATE_OBJECT
372	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
373	#endif
374	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
375	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
376	#endif
377	#ifndef DIRECTORY_ALL_ACCESS
378	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
379	#endif
380	/** @} */
381
382
383
384	#ifdef IPRT_NT_USE_WINTERNL
385	typedef struct _CLIENT_ID
386	{
387	HANDLE UniqueProcess;
388	HANDLE UniqueThread;
389	} CLIENT_ID;
390	typedef CLIENT_ID *PCLIENT_ID;
391	#endif
392
393	/** @name User Shared Data
394	* @{ */
395
396	#ifdef IPRT_NT_USE_WINTERNL
397	typedef struct _KSYSTEM_TIME
398	{
399	ULONG LowPart;
400	LONG High1Time;
401	LONG High2Time;
402	} KSYSTEM_TIME;
403	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
404
405	typedef enum _NT_PRODUCT_TYPE
406	{
407	NtProductWinNt = 1,
408	NtProductLanManNt,
409	NtProductServer
410	} NT_PRODUCT_TYPE;
411
412	#define PROCESSOR_FEATURE_MAX 64
413
414	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
415	{
416	StandardDesign = 0,
417	NEC98x86,
418	EndAlternatives
419	} ALTERNATIVE_ARCHITECTURE_TYPE;
420
421	# if 0
422	typedef struct _XSTATE_FEATURE
423	{
424	ULONG Offset;
425	ULONG Size;
426	} XSTATE_FEATURE;
427	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
428
429	#define MAXIMUM_XSTATE_FEATURES 64
430
431	typedef struct _XSTATE_CONFIGURATION
432	{
433	ULONG64 EnabledFeatures;
434	ULONG Size;
435	ULONG OptimizedSave : 1;
436	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
437	} XSTATE_CONFIGURATION;
438	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
439	# endif
440
441	typedef struct _KUSER_SHARED_DATA
442	{
443	ULONG TickCountLowDeprecated; /*< 0x000 /
444	ULONG TickCountMultiplier; /*< 0x004 /
445	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
446	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
447	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
448	USHORT ImageNumberLow; /*< 0x02c /
449	USHORT ImageNumberHigh; /*< 0x02e /
450	WCHAR NtSystemRoot[260]; /*< 0x030 /
451	ULONG MaxStackTraceDepth; /*< 0x238 /
452	ULONG CryptoExponent; /*< 0x23c /
453	ULONG TimeZoneId; /*< 0x240 /
454	ULONG LargePageMinimum; /*< 0x244 /
455	ULONG AitSamplingValue; /*< 0x248 /
456	ULONG AppCompatFlag; /*< 0x24c /
457	ULONGLONG RNGSeedVersion; /*< 0x250 /
458	ULONG GlobalValidationRunlevel; /*< 0x258 /
459	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
460	ULONG Reserved2; /*< 0x260 /
461	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
462	BOOLEAN ProductTypeIsValid; /*< 0x268 /
463	BOOLEAN Reserved0[1]; /*< 0x269 /
464	USHORT NativeProcessorArchitecture; /*< 0x26a /
465	ULONG NtMajorVersion; /*< 0x26c /
466	ULONG NtMinorVersion; /*< 0x270 /
467	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
468	ULONG Reserved1; /*< 0x2b4 /
469	ULONG Reserved3; /*< 0x2b8 /
470	ULONG volatile TimeSlip; /*< 0x2bc /
471	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
472	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
473	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
474	ULONG SuiteMask; /*< 0x2d0 /
475	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
476	union /*< 0x2d5 /
477	{
478	UCHAR MitigationPolicies; /*< 0x2d5 /
479	struct
480	{
481	UCHAR NXSupportPolicy : 2;
482	UCHAR SEHValidationPolicy : 2;
483	UCHAR CurDirDevicesSkippedForDlls : 2;
484	UCHAR Reserved : 2;
485	};
486	};
487	UCHAR Reserved6[2]; /*< 0x2d6 /
488	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
489	ULONG volatile DismountCount; /*< 0x2dc /
490	ULONG ComPlusPackage; /*< 0x2e0 /
491	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
492	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
493	BOOLEAN SafeBootMode; /*< 0x2ec /
494	UCHAR Reserved12[3]; /*< 0x2ed /
495	union /*< 0x2f0 /
496	{
497	ULONG SharedDataFlags; /*< 0x2f0 /
498	struct
499	{
500	ULONG DbgErrorPortPresent : 1;
501	ULONG DbgElevationEnabled : 1;
502	ULONG DbgVirtEnabled : 1;
503	ULONG DbgInstallerDetectEnabled : 1;
504	ULONG DbgLkgEnabled : 1;
505	ULONG DbgDynProcessorEnabled : 1;
506	ULONG DbgConsoleBrokerEnabled : 1;
507	ULONG DbgSecureBootEnabled : 1;
508	ULONG SpareBits : 24;
509	};
510	};
511	ULONG DataFlagsPad[1]; /*< 0x2f4 /
512	ULONGLONG TestRetInstruction; /*< 0x2f8 /
513	LONGLONG QpcFrequency; /*< 0x300 /
514	ULONGLONG SystemCallPad[3]; /*< 0x308 /
515	union /*< 0x320 /
516	{
517	ULONG64 volatile TickCountQuad; /*< 0x320 /
518	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
519	struct /*< 0x320 /
520	{
521	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
522	ULONG TickCountPad[1]; /*< 0x32c /
523	};
524	};
525	ULONG Cookie; /*< 0x330 /
526	ULONG CookiePad[1]; /*< 0x334 /
527	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
528	ULONGLONG TimeUpdateLock; /*< 0x340 /
529	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
530	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
531	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
532	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
533	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
534	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
535	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
536	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
537	UCHAR Reserved8[14]; /*< 0x372 /
538	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
539	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
540	ULONG LangGenerationCount; /*< 0x3a4 /
541	ULONGLONG Reserved4; /*< 0x3a8 /
542	ULONGLONG volatile InterruptTimeBias; /*< 0x3b0 /
543	ULONGLONG volatile QpcBias; /*< 0x3b8 /
544	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
545	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
546	UCHAR Reserved9; /*< 0x3c5 /
547	union /*< 0x3c6 /
548	{
549	USHORT QpcData; /*< 0x3c6 /
550	struct /*< 0x3c6 /
551	{
552	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
553	UCHAR QpcShift; /*< 0x3c7 /
554	};
555	};
556	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
557	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
558	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
559	} KUSER_SHARED_DATA;
560	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
561	#endif /* IPRT_NT_USE_WINTERNL */
562	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
563	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
564	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
565	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
566	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
567	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
568	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
569	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
570	#ifdef IPRT_NT_USE_WINTERNL
571	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
572	#endif /* IPRT_NT_USE_WINTERNL */
573	/** @} */
574
575
576	/** @name Process And Thread Environment Blocks
577	* @{ */
578
579	typedef struct _PEB_LDR_DATA
580	{
581	uint32_t Length;
582	BOOLEAN Initialized;
583	BOOLEAN Padding[3];
584	HANDLE SsHandle;
585	LIST_ENTRY InLoadOrderModuleList;
586	LIST_ENTRY InMemoryOrderModuleList;
587	LIST_ENTRY InInitializationOrderModuleList;
588	/* End NT4 */
589	LIST_ENTRY *EntryInProgress;
590	BOOLEAN ShutdownInProgress;
591	HANDLE ShutdownThreadId;
592	} PEB_LDR_DATA;
593	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
594
595	typedef struct _PEB_COMMON
596	{
597	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
598	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
599	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
600	union
601	{
602	uint8_t BitField; /*< 0x003 / 0x003 /
603	struct
604	{
605	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
606	} Common;
607	struct
608	{
609	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
610	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
611	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
612	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
613	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
614	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
615	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
616	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
617	} W81;
618	struct
619	{
620	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
621	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
622	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
623	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
624	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
625	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
626	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
627	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
628	} W80;
629	struct
630	{
631	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
632	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
633	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
634	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
635	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
636	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
637	} W7;
638	struct
639	{
640	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
641	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
642	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
643	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
644	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
645	} W6;
646	struct
647	{
648	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
649	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
650	} W52;
651	struct
652	{
653	BOOLEAN SpareBool;
654	} W51;
655	} Diff0;
656	#if ARCH_BITS == 64
657	uint32_t Padding0; /*< 0x004 / NA /
658	#endif
659	HANDLE Mutant; /*< 0x008 / 0x004 /
660	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
661	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
662	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
663	PVOID SubSystemData; /*< 0x028 / 0x014 /
664	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
665	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
666	union
667	{
668	struct
669	{
670	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
671	PVOID IFEOKey; /*< 0x048 / 0x024 /
672	union
673	{
674	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
675	struct
676	{
677	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
678	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
679	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
680	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
681	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
682	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
683	} W7, W8, W80, W81;
684	struct
685	{
686	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
687	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
688	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
689	} W6;
690	};
691	#if ARCH_BITS == 64
692	uint32_t Padding1; /*< 0x054 / /
693	#endif
694	} W6, W7, W8, W80, W81;
695	struct
696	{
697	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
698	PVOID SparePtr2; /*< 0x048 / 0x024 /
699	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
700	#if ARCH_BITS == 64
701	uint32_t Padding1; /*< 0x054 / /
702	#endif
703	} W52;
704	struct
705	{
706	PVOID FastPebLockRoutine; /*< NA / 0x020 /
707	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
708	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
709	} W51;
710	} Diff1;
711	union
712	{
713	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
714	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
715	};
716	uint32_t SystemReserved; /*< 0x060 / 0x030 /
717	union
718	{
719	struct
720	{
721	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
722	} W7, W8, W80, W81;
723	struct
724	{
725	uint32_t SpareUlong; /*< 0x064 / 0x034 /
726	} W52, W6;
727	struct
728	{
729	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
730	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
731	} W51;
732	} Diff2;
733	union
734	{
735	struct
736	{
737	PVOID ApiSetMap; /*< 0x068 / 0x038 /
738	} W7, W8, W80, W81;
739	struct
740	{
741	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
742	} W52, W6;
743	struct
744	{
745	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
746	} W51;
747	} Diff3;
748	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
749	#if ARCH_BITS == 64
750	uint32_t Padding2; /*< 0x074 / NA /
751	#endif
752	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
753	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
754	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
755	union
756	{
757	struct
758	{
759	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
760	} W81;
761	struct
762	{
763	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
764	} W6, W7, W80;
765	struct
766	{
767	PVOID ReadOnlySharedMemoryHeap;
768	} W52;
769	} Diff4;
770	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
771	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
772	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
773	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
774	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
775	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
776	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
777	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
778	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
779	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
780	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
781	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
782	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
783	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
784	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
785	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
786	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
787	#if ARCH_BITS == 64
788	uint32_t Padding3; /*< 0x10c / NA /
789	#endif
790	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
791	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
792	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
793	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
794	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
795	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
796	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
797	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
798	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
799	#if ARCH_BITS == 64
800	uint32_t Padding4; /*< 0x134 / NA /
801	#endif
802	union
803	{
804	struct
805	{
806	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
807	} W7, W8, W80, W81;
808	struct
809	{
810	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
811	} W52, W6;
812	} Diff5;
813	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
814	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
815	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
816	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
817	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
818	#if ARCH_BITS == 64
819	uint32_t Padding5; /*< 0x2c4 / NA /
820	#endif
821	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
822	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
823	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
824	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
825	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
826	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
827	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
828	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
829	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
830	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
831	/* End of PEB in W52 (Windows XP (RTM))! */
832	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
833	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
834	PVOID FlsBitmap; /*< 0x338 / 0x218 /
835	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
836	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
837	/* End of PEB in W52 (Windows Server 2003)! */
838	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
839	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
840	/* End of PEB in W6 (windows Vista)! */
841	union
842	{
843	struct
844	{
845	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
846	} W8, W80, W81;
847	struct
848	{
849	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
850	} W7;
851	} Diff6;
852	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
853	union
854	{
855	uint32_t TracingFlags; /*< 0x378 / 0x240 /
856	struct
857	{
858	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
859	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
860	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
861	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
862	} W8, W80, W81;
863	struct
864	{
865	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
866	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
867	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
868	} W7;
869	} Diff7;
870	#if ARCH_BITS == 64
871	uint32_t Padding6; /*< 0x37c / NA /
872	#endif
873	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
874	} PEB_COMMON;
875	typedef PEB_COMMON *PPEB_COMMON;
876
877	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
878	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
879	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
880	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
881	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
882	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
883	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
884	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
885	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
886
887	/** The size of the windows 8.1 PEB structure. */
888	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
889	/** The size of the windows 8.0 PEB structure. */
890	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
891	/** The size of the windows 7 PEB structure. */
892	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
893	/** The size of the windows vista PEB structure. */
894	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
895	/** The size of the windows server 2003 PEB structure. */
896	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
897	/** The size of the windows XP PEB structure. */
898	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
899
900	#if 0
901	typedef struct _NT_TIB
902	{
903	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
904	PVOID StackBase;
905	PVOID StackLimit;
906	PVOID SubSystemTib;
907	union
908	{
909	PVOID FiberData;
910	ULONG Version;
911	};
912	PVOID ArbitraryUserPointer;
913	struct _NT_TIB *Self;
914	} NT_TIB;
915	typedef NT_TIB *PNT_TIB;
916	#endif
917
918	typedef struct _ACTIVATION_CONTEXT_STACK
919	{
920	uint32_t Flags;
921	uint32_t NextCookieSequenceNumber;
922	PVOID ActiveFrame;
923	LIST_ENTRY FrameListCache;
924	} ACTIVATION_CONTEXT_STACK;
925
926	/* Common TEB. */
927	typedef struct _TEB_COMMON
928	{
929	NT_TIB NtTib; /*< 0x000 / 0x000 /
930	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
931	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
932	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
933	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
934	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
935	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
936	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
937	PVOID CsrClientThread; /*< 0x070 / 0x03c /
938	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
939	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
940	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
941	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
942	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
943	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
944	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
945	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
946	#if ARCH_BITS == 64
947	uint32_t Padding0; /*< 0x2c4 / NA /
948	#endif
949	union
950	{
951	struct
952	{
953	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
954	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
955	} W52, W6, W7, W8, W80, W81;
956	#if ARCH_BITS == 32
957	struct
958	{
959	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
960	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
961	} W51;
962	#endif
963	} Diff0;
964	union
965	{
966	struct
967	{
968	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
969	} W6, W7, W8, W80, W81;
970	struct
971	{
972	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
973	} W52;
974	} Diff1;
975	#if ARCH_BITS == 64
976	uint32_t Padding1; /*< 0x2ec / NA /
977	#endif
978	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
979	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
980	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
981	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
982	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
983	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
984	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
985	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
986	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
987	PVOID glReserved2; /*< 0x1220 / 0xbdc /
988	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
989	PVOID glSection; /*< 0x1230 / 0xbe4 /
990	PVOID glTable; /*< 0x1238 / 0xbe8 /
991	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
992	PVOID glContext; /*< 0x1248 / 0xbf0 /
993	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
994	#if ARCH_BITS == 64
995	uint32_t Padding2; /*< 0x1254 / NA /
996	#endif
997	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
998	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
999	#if ARCH_BITS == 64
1000	WCHAR Padding3[3]; /*< 0x1472 / NA /
1001	#endif
1002	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1003	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1004	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1005	PVOID Vdm; /*< 0x1690 / 0xf18 /
1006	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1007	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1008	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1009	#if ARCH_BITS == 64
1010	uint32_t Padding4; /*< 0x16b4 / NA /
1011	#endif
1012	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1013	union
1014	{
1015	struct
1016	{
1017	GUID ActivityId; /*< 0x1710 / 0xf50 /
1018	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1019	} W6, W7, W8, W80, W81;
1020	struct
1021	{
1022	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1023	} W52;
1024	} Diff2;
1025	union /*< 0x1728 / 0xf64 /
1026	{
1027	struct
1028	{
1029	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1030	} W8, W80, W81;
1031	struct
1032	{
1033	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1034	} W7, W6;
1035	struct
1036	{
1037	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1038	} W52;
1039	struct
1040	{
1041	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1042	} W51;
1043	} Diff3;
1044	union
1045	{
1046	struct
1047	{
1048	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1049	} W52, W6, W7, W8, W80, W81;
1050	struct
1051	{
1052	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1053	} W51;
1054	} Diff4;
1055	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1056	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1057	union
1058	{
1059	union
1060	{
1061	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1062	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1063	struct
1064	{
1065	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1066	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1067	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1068	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1069	};
1070	} W6, W7, W8, W80, W81;
1071	struct
1072	{
1073	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1074	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1075	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1076	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1077	} W51, W52;
1078	} Diff5;
1079	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1080	#if ARCH_BITS == 64
1081	uint32_t Padding5; /*< 0x174c / NA /
1082	#endif
1083	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1084	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1085	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1086	#if ARCH_BITS == 64
1087	uint32_t Padding6; /*< 0x1764 / NA /
1088	#endif
1089	union /*< 0x1770 / 0xf8c /
1090	{
1091	struct
1092	{
1093	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1094	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1095	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1096	} W8, W80, W81;
1097	struct
1098	{
1099	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1100	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1101	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1102	} W6, W7;
1103	struct
1104	{
1105	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1106	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1107	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1108	} W52;
1109	#if ARCH_BITS == 32
1110	struct _Wx86ThreadState
1111	{
1112	PVOID CallBx86Eip; /*< NA / 0xf88 /
1113	PVOID DeallocationCpu; /*< NA / 0xf8c /
1114	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1115	int8_t OleStubInvoked; /*< NA / 0xf91 /
1116	} W51;
1117	#endif
1118	} Diff6;
1119	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1120	#if ARCH_BITS == 64
1121	PVOID DallocationBStore; /*< 0x1788 / NA /
1122	PVOID BStoreLimit; /*< 0x1790 / NA /
1123	#endif
1124	union
1125	{
1126	struct
1127	{
1128	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1129	} W7, W8, W80, W81;
1130	struct
1131	{
1132	uint32_t ImpersonationLocale;
1133	} W6;
1134	} Diff7;
1135	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1136	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1137	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1138	union /*< 0x17b0 / 0xfa8 /
1139	{
1140	struct
1141	{
1142	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1143	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1144	} W8, W80, W81;
1145	struct
1146	{
1147	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1148	} W7;
1149	} Diff8;
1150	#if ARCH_BITS == 64
1151	uint32_t Padding7; /*< 0x17b4 / NA /
1152	#endif
1153	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1154	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1155	/* End of TEB in W51 (Windows XP)! */
1156	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1157	union
1158	{
1159	struct
1160	{
1161	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1162	} W6, W7, W8, W80, W81;
1163	struct
1164	{
1165	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1166	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1167	/* End of TEB in W52 (Windows server 2003)! */
1168	} W52;
1169	} Diff9;
1170	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1171	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1172	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1173	union
1174	{
1175	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1176	struct
1177	{
1178	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1179	};
1180	};
1181	union
1182	{
1183	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1184	struct
1185	{
1186	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1187	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1188	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1189	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1190	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1191	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1192	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1193	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1194	} Common;
1195	struct
1196	{
1197	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1198	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1199	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1200	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1201	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1202	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1203	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1204	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1205	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1206	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1207	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1208	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1209	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1210	} W8, W80, W81;
1211	struct
1212	{
1213	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1214	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1215	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1216	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1217	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1218	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1219	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1220	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1221	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1222	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1223	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1224	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1225	} W7;
1226	struct
1227	{
1228	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1229	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1230	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1231	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1232	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1233	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1234	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1235	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1236	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1237	} W6;
1238	} Diff10;
1239	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1240	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1241	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1242	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1243	union
1244	{
1245	struct
1246	{
1247	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1248	} W7, W8, W80, W81;
1249	struct
1250	{
1251	uint32_t ProcessRundown;
1252	} W6;
1253	} Diff11;
1254	union
1255	{
1256	struct
1257	{
1258	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1259	/* End of TEB in W7 (windows 7)! */
1260	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1261	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1262	} W8, W80, W81;
1263	struct
1264	{
1265	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1266	} W7;
1267	struct
1268	{
1269	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1270	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1271	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1272	/* End of TEB in W6 (windows Vista)! */
1273	} W6;
1274	} Diff12;
1275	} TEB_COMMON;
1276	typedef TEB_COMMON *PTEB_COMMON;
1277	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1278	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1279	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1280	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1281	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1282	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1283	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1284	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1285	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1286	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1287	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1288	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1289	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1290
1291
1292	/** The size of the windows 8.1 PEB structure. */
1293	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1294	/** The size of the windows 8.0 PEB structure. */
1295	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1296	/** The size of the windows 7 PEB structure. */
1297	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1298	/** The size of the windows vista PEB structure. */
1299	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1300	/** The size of the windows server 2003 PEB structure. */
1301	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1302	/** The size of the windows XP PEB structure. */
1303	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1304
1305
1306
1307	#define _PEB _PEB_COMMON
1308	typedef PEB_COMMON PEB;
1309	typedef PPEB_COMMON PPEB;
1310
1311	#define _TEB _TEB_COMMON
1312	typedef TEB_COMMON TEB;
1313	typedef PTEB_COMMON PTEB;
1314
1315	#define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1316	#define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1317	#define NtCurrentPeb() RTNtCurrentPeb()
1318	#define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1319
1320	/** @} */
1321
1322
1323	#ifdef IPRT_NT_USE_WINTERNL
1324	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1325	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1326	typedef enum _SECTION_INHERIT
1327	{
1328	ViewShare = 1,
1329	ViewUnmap
1330	} SECTION_INHERIT;
1331	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1332	ULONG, ULONG);
1333
1334
1335	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1336	{
1337	ULONG FileSystemAttributes;
1338	LONG MaximumComponentNameLength;
1339	ULONG FileSystemNameLength;
1340	WCHAR FileSystemName[1];
1341	} FILE_FS_ATTRIBUTE_INFORMATION;
1342	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1343
1344	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1345	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1346	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1347	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1348
1349	typedef enum _FSINFOCLASS
1350	{
1351	FileFsVolumeInformation = 1,
1352	FileFsLabelInformation,
1353	FileFsSizeInformation,
1354	FileFsDeviceInformation,
1355	FileFsAttributeInformation,
1356	FileFsControlInformation,
1357	FileFsFullSizeInformation,
1358	FileFsObjectIdInformation,
1359	FileFsDriverPathInformation,
1360	FileFsVolumeFlagsInformation,
1361	FileFsSectorSizeInformation,
1362	FileFsDataCopyInformation,
1363	FileFsMaximumInformation
1364	} FS_INFORMATION_CLASS;
1365	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1366	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1367
1368	typedef struct _FILE_BOTH_DIR_INFORMATION
1369	{
1370	ULONG NextEntryOffset;
1371	ULONG FileIndex;
1372	LARGE_INTEGER CreationTime;
1373	LARGE_INTEGER LastAccessTime;
1374	LARGE_INTEGER LastWriteTime;
1375	LARGE_INTEGER ChangeTime;
1376	LARGE_INTEGER EndOfFile;
1377	LARGE_INTEGER AllocationSize;
1378	ULONG FileAttributes;
1379	ULONG FileNameLength;
1380	ULONG EaSize;
1381	CCHAR ShortNameLength;
1382	WCHAR ShortName[12];
1383	WCHAR FileName[1];
1384	} FILE_BOTH_DIR_INFORMATION;
1385	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1386	typedef struct _FILE_BASIC_INFORMATION
1387	{
1388	LARGE_INTEGER CreationTime;
1389	LARGE_INTEGER LastAccessTime;
1390	LARGE_INTEGER LastWriteTime;
1391	LARGE_INTEGER ChangeTime;
1392	ULONG FileAttributes;
1393	} FILE_BASIC_INFORMATION;
1394	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1395	typedef struct _FILE_STANDARD_INFORMATION
1396	{
1397	LARGE_INTEGER AllocationSize;
1398	LARGE_INTEGER EndOfFile;
1399	ULONG NumberOfLinks;
1400	BOOLEAN DeletePending;
1401	BOOLEAN Directory;
1402	} FILE_STANDARD_INFORMATION;
1403	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1404	typedef struct _FILE_NAME_INFORMATION
1405	{
1406	ULONG FileNameLength;
1407	WCHAR FileName[1];
1408	} FILE_NAME_INFORMATION;
1409	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1410	typedef enum _FILE_INFORMATION_CLASS
1411	{
1412	FileDirectoryInformation = 1,
1413	FileFullDirectoryInformation,
1414	FileBothDirectoryInformation,
1415	FileBasicInformation,
1416	FileStandardInformation,
1417	FileInternalInformation,
1418	FileEaInformation,
1419	FileAccessInformation,
1420	FileNameInformation,
1421	FileRenameInformation,
1422	FileLinkInformation,
1423	FileNamesInformation,
1424	FileDispositionInformation,
1425	FilePositionInformation,
1426	FileFullEaInformation,
1427	FileModeInformation,
1428	FileAlignmentInformation,
1429	FileAllInformation,
1430	FileAllocationInformation,
1431	FileEndOfFileInformation,
1432	FileAlternateNameInformation,
1433	FileStreamInformation,
1434	FilePipeInformation,
1435	FilePipeLocalInformation,
1436	FilePipeRemoteInformation,
1437	FileMailslotQueryInformation,
1438	FileMailslotSetInformation,
1439	FileCompressionInformation,
1440	FileObjectIdInformation,
1441	FileCompletionInformation,
1442	FileMoveClusterInformation,
1443	FileQuotaInformation,
1444	FileReparsePointInformation,
1445	FileNetworkOpenInformation,
1446	FileAttributeTagInformation,
1447	FileTrackingInformation,
1448	FileIdBothDirectoryInformation,
1449	FileIdFullDirectoryInformation,
1450	FileValidDataLengthInformation,
1451	FileShortNameInformation,
1452	FileIoCompletionNotificationInformation,
1453	FileIoStatusBlockRangeInformation,
1454	FileIoPriorityHintInformation,
1455	FileSfioReserveInformation,
1456	FileSfioVolumeInformation,
1457	FileHardLinkInformation,
1458	FileProcessIdsUsingFileInformation,
1459	FileNormalizedNameInformation,
1460	FileNetworkPhysicalNameInformation,
1461	FileIdGlobalTxDirectoryInformation,
1462	FileIsRemoteDeviceInformation,
1463	FileUnusedInformation,
1464	FileNumaNodeInformation,
1465	FileStandardLinkInformation,
1466	FileRemoteProtocolInformation,
1467	FileRenameInformationBypassAccessCheck,
1468	FileLinkInformationBypassAccessCheck,
1469	FileVolumeNameInformation,
1470	FileIdInformation,
1471	FileIdExtdDirectoryInformation,
1472	FileReplaceCompletionInformation,
1473	FileHardLinkFullIdInformation,
1474	FileMaximumInformation
1475	} FILE_INFORMATION_CLASS;
1476	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1477	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1478	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1479	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1480
1481	typedef struct _MEMORY_SECTION_NAME
1482	{
1483	UNICODE_STRING SectionFileName;
1484	WCHAR NameBuffer[1];
1485	} MEMORY_SECTION_NAME;
1486
1487	#ifdef IPRT_NT_USE_WINTERNL
1488	typedef struct _PROCESS_BASIC_INFORMATION
1489	{
1490	NTSTATUS ExitStatus;
1491	PPEB PebBaseAddress;
1492	ULONG_PTR AffinityMask;
1493	int32_t BasePriority;
1494	ULONG_PTR UniqueProcessId;
1495	ULONG_PTR InheritedFromUniqueProcessId;
1496	} PROCESS_BASIC_INFORMATION;
1497	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1498	#endif
1499
1500	typedef enum _PROCESSINFOCLASS
1501	{
1502	ProcessBasicInformation = 0,
1503	ProcessQuotaLimits,
1504	ProcessIoCounters,
1505	ProcessVmCounters,
1506	ProcessTimes,
1507	ProcessBasePriority,
1508	ProcessRaisePriority,
1509	ProcessDebugPort,
1510	ProcessExceptionPort,
1511	ProcessAccessToken,
1512	ProcessLdtInformation,
1513	ProcessLdtSize,
1514	ProcessDefaultHardErrorMode,
1515	ProcessIoPortHandlers,
1516	ProcessPooledUsageAndLimits,
1517	ProcessWorkingSetWatch,
1518	ProcessUserModeIOPL,
1519	ProcessEnableAlignmentFaultFixup,
1520	ProcessPriorityClass,
1521	ProcessWx86Information,
1522	ProcessHandleCount,
1523	ProcessAffinityMask,
1524	ProcessPriorityBoost,
1525	ProcessDeviceMap,
1526	ProcessSessionInformation,
1527	ProcessForegroundInformation,
1528	ProcessWow64Information,
1529	ProcessImageFileName,
1530	ProcessLUIDDeviceMapsEnabled,
1531	ProcessBreakOnTermination,
1532	ProcessDebugObjectHandle,
1533	ProcessDebugFlags,
1534	ProcessHandleTracing,
1535	ProcessIoPriority,
1536	ProcessExecuteFlags,
1537	ProcessTlsInformation,
1538	ProcessCookie,
1539	ProcessImageInformation,
1540	ProcessCycleTime,
1541	ProcessPagePriority,
1542	ProcessInstrumentationCallbak,
1543	ProcessThreadStackAllocation,
1544	ProcessWorkingSetWatchEx,
1545	ProcessImageFileNameWin32,
1546	ProcessImageFileMapping,
1547	ProcessAffinityUpdateMode,
1548	ProcessMemoryAllocationMode,
1549	ProcessGroupInformation,
1550	ProcessTokenVirtualizationEnabled,
1551	ProcessConsoleHostProcess,
1552	ProcessWindowsInformation,
1553	MaxProcessInfoClass
1554	} PROCESSINFOCLASS;
1555	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1556
1557	typedef enum _THREADINFOCLASS
1558	{
1559	ThreadBasicInformation = 0,
1560	ThreadTimes,
1561	ThreadPriority,
1562	ThreadBasePriority,
1563	ThreadAffinityMask,
1564	ThreadImpersonationToken,
1565	ThreadDescriptorTableEntry,
1566	ThreadEnableAlignmentFaultFixup,
1567	ThreadEventPair_Reusable,
1568	ThreadQuerySetWin32StartAddress,
1569	ThreadZeroTlsCell,
1570	ThreadPerformanceCount,
1571	ThreadAmILastThread,
1572	ThreadIdealProcessor,
1573	ThreadPriorityBoost,
1574	ThreadSetTlsArrayAddress,
1575	ThreadIsIoPending,
1576	ThreadHideFromDebugger,
1577	ThreadBreakOnTermination,
1578	ThreadSwitchLegacyState,
1579	ThreadIsTerminated,
1580	ThreadLastSystemCall,
1581	ThreadIoPriority,
1582	ThreadCycleTime,
1583	ThreadPagePriority,
1584	ThreadActualBasePriority,
1585	ThreadTebInformation,
1586	ThreadCSwitchMon,
1587	ThreadCSwitchPmu,
1588	ThreadWow64Context,
1589	ThreadGroupInformation,
1590	ThreadUmsInformation,
1591	ThreadCounterProfiling,
1592	ThreadIdealProcessorEx,
1593	ThreadCpuAccountingInformation,
1594	MaxThreadInfoClass
1595	} THREADINFOCLASS;
1596	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1597
1598	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1599
1600	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1601	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1602
1603	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1604	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1605
1606	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1607	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1608	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1609	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1610	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1611	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1612	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1613	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1614	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1615
1616	#endif /* IPRT_NT_USE_WINTERNL */
1617
1618	typedef enum _OBJECT_INFORMATION_CLASS
1619	{
1620	ObjectBasicInformation = 0,
1621	ObjectNameInformation,
1622	ObjectTypeInformation,
1623	ObjectAllInformation,
1624	ObjectDataInformation
1625	} OBJECT_INFORMATION_CLASS;
1626	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1627	#ifdef IN_RING0
1628	# define NtQueryObject ZwQueryObject
1629	#endif
1630	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1631	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1632	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1633
1634	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1635
1636	typedef struct _OBJECT_DIRECTORY_INFORMATION
1637	{
1638	UNICODE_STRING Name;
1639	UNICODE_STRING TypeName;
1640	} OBJECT_DIRECTORY_INFORMATION;
1641	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1642	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1643
1644	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1645	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1646	/** @name ProcessDefaultHardErrorMode bit definitions.
1647	* @{ */
1648	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1649	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1650	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1651	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1652	/** @} */
1653	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1654	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1655
1656	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1657	typedef struct _SECTION_IMAGE_INFORMATION
1658	{
1659	PVOID TransferAddress;
1660	ULONG ZeroBits;
1661	SIZE_T MaximumStackSize;
1662	SIZE_T CommittedStackSize;
1663	ULONG SubSystemType;
1664	union
1665	{
1666	struct
1667	{
1668	USHORT SubSystemMinorVersion;
1669	USHORT SubSystemMajorVersion;
1670	};
1671	ULONG SubSystemVersion;
1672	};
1673	ULONG GpValue;
1674	USHORT ImageCharacteristics;
1675	USHORT DllCharacteristics;
1676	USHORT Machine;
1677	BOOLEAN ImageContainsCode;
1678	union /*< Since Vista, used to be a spare BOOLEAN. /
1679	{
1680	struct
1681	{
1682	UCHAR ComPlusNativeRead : 1;
1683	UCHAR ComPlusILOnly : 1;
1684	UCHAR ImageDynamicallyRelocated : 1;
1685	UCHAR ImageMAppedFlat : 1;
1686	UCHAR Reserved : 4;
1687	};
1688	UCHAR ImageFlags;
1689	};
1690	ULONG LoaderFlags;
1691	ULONG ImageFileSize; /*< Since XP? /
1692	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1693	} SECTION_IMAGE_INFORMATION;
1694	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1695
1696	typedef enum _SECTION_INFORMATION_CLASS
1697	{
1698	SectionBasicInformation = 0,
1699	SectionImageInformation,
1700	MaxSectionInfoClass
1701	} SECTION_INFORMATION_CLASS;
1702	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1703
1704	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1705	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1706	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1707	#ifndef SYMBOLIC_LINK_QUERY
1708	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1709	#endif
1710	#ifndef SYMBOLIC_LINK_ALL_ACCESS
1711	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
1712	#endif
1713
1714	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1715	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1716	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1717	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1718	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1719	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1720
1721
1722	#ifndef SEC_FILE
1723	# define SEC_FILE UINT32_C(0x00800000)
1724	#endif
1725	#ifndef SEC_IMAGE
1726	# define SEC_IMAGE UINT32_C(0x01000000)
1727	#endif
1728	#ifndef SEC_PROTECTED_IMAGE
1729	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1730	#endif
1731	#ifndef SEC_NOCACHE
1732	# define SEC_NOCACHE UINT32_C(0x10000000)
1733	#endif
1734	#ifndef MEM_ROTATE
1735	# define MEM_ROTATE UINT32_C(0x00800000)
1736	#endif
1737	typedef enum _MEMORY_INFORMATION_CLASS
1738	{
1739	MemoryBasicInformation = 0,
1740	MemoryWorkingSetList,
1741	MemorySectionName,
1742	MemoryBasicVlmInformation
1743	} MEMORY_INFORMATION_CLASS;
1744	#ifdef IN_RING0
1745	typedef struct _MEMORY_BASIC_INFORMATION
1746	{
1747	PVOID BaseAddress;
1748	PVOID AllocationBase;
1749	ULONG AllocationProtect;
1750	SIZE_T RegionSize;
1751	ULONG State;
1752	ULONG Protect;
1753	ULONG Type;
1754	} MEMORY_BASIC_INFORMATION;
1755	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1756	# define NtQueryVirtualMemory ZwQueryVirtualMemory
1757	#endif
1758	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1759	#ifdef IPRT_NT_USE_WINTERNL
1760	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1761	#endif
1762	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1763	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1764
1765	typedef enum _SYSTEM_INFORMATION_CLASS
1766	{
1767	SystemBasicInformation = 0,
1768	SystemCpuInformation,
1769	SystemPerformanceInformation,
1770	SystemTimeOfDayInformation,
1771	SystemInformation_Unknown_4,
1772	SystemProcessInformation,
1773	SystemInformation_Unknown_6,
1774	SystemInformation_Unknown_7,
1775	SystemProcessorPerformanceInformation,
1776	SystemInformation_Unknown_9,
1777	SystemInformation_Unknown_10,
1778	SystemModuleInformation,
1779	SystemInformation_Unknown_12,
1780	SystemInformation_Unknown_13,
1781	SystemInformation_Unknown_14,
1782	SystemInformation_Unknown_15,
1783	SystemHandleInformation,
1784	SystemInformation_Unknown_17,
1785	SystemPageFileInformation,
1786	SystemInformation_Unknown_19,
1787	SystemInformation_Unknown_20,
1788	SystemCacheInformation,
1789	SystemInformation_Unknown_22,
1790	SystemInterruptInformation,
1791	SystemDpcBehaviourInformation,
1792	SystemFullMemoryInformation,
1793	SystemLoadGdiDriverInformation, /* 26 */
1794	SystemUnloadGdiDriverInformation, /* 27 */
1795	SystemTimeAdjustmentInformation,
1796	SystemSummaryMemoryInformation,
1797	SystemInformation_Unknown_30,
1798	SystemInformation_Unknown_31,
1799	SystemInformation_Unknown_32,
1800	SystemExceptionInformation,
1801	SystemCrashDumpStateInformation,
1802	SystemKernelDebuggerInformation,
1803	SystemContextSwitchInformation,
1804	SystemRegistryQuotaInformation,
1805	SystemInformation_Unknown_38,
1806	SystemInformation_Unknown_39,
1807	SystemInformation_Unknown_40,
1808	SystemInformation_Unknown_41,
1809	SystemInformation_Unknown_42,
1810	SystemInformation_Unknown_43,
1811	SystemCurrentTimeZoneInformation,
1812	SystemLookasideInformation,
1813	SystemSetTimeSlipEvent,
1814	SystemCreateSession,
1815	SystemDeleteSession,
1816	SystemInformation_Unknown_49,
1817	SystemRangeStartInformation,
1818	SystemVerifierInformation,
1819	SystemInformation_Unknown_52,
1820	SystemSessionProcessInformation,
1821	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1822	SystemInformation_Unknown_55,
1823	SystemInformation_Unknown_56,
1824	SystemExtendedProcessInformation,
1825	SystemInformation_Unknown_58,
1826	SystemInformation_Unknown_59,
1827	SystemInformation_Unknown_60,
1828	SystemInformation_Unknown_61,
1829	SystemInformation_Unknown_62,
1830	SystemInformation_Unknown_63,
1831	SystemExtendedHandleInformation, /* 64 */
1832	SystemInformation_Unknown_65,
1833	SystemInformation_Unknown_66,
1834	SystemInformation_Unknown_67,
1835	SystemInformation_Unknown_68,
1836	SystemInformation_HotPatchInfo, /* 69 */
1837	SystemInformation_Unknown_70,
1838	SystemInformation_Unknown_71,
1839	SystemInformation_Unknown_72,
1840	SystemInformation_Unknown_73,
1841	SystemInformation_Unknown_74,
1842	SystemInformation_Unknown_75,
1843	SystemInformation_Unknown_76,
1844	SystemInformation_Unknown_77,
1845	SystemInformation_Unknown_78,
1846	SystemInformation_Unknown_79,
1847	SystemInformation_Unknown_80,
1848	SystemInformation_Unknown_81,
1849	SystemInformation_Unknown_82,
1850	SystemInformation_Unknown_83,
1851	SystemInformation_Unknown_84,
1852	SystemInformation_Unknown_85,
1853	SystemInformation_Unknown_86,
1854	SystemInformation_Unknown_87,
1855	SystemInformation_Unknown_88,
1856	SystemInformation_Unknown_89,
1857	SystemInformation_Unknown_90,
1858	SystemInformation_Unknown_91,
1859	SystemInformation_Unknown_92,
1860	SystemInformation_Unknown_93,
1861	SystemInformation_Unknown_94,
1862	SystemInformation_Unknown_95,
1863	SystemInformation_KiOpPrefetchPatchCount,
1864
1865	/** @todo fill gap. they've added a whole bunch of things */
1866	SystemPolicyInformation = 134,
1867	SystemInformationClassMax
1868	} SYSTEM_INFORMATION_CLASS;
1869
1870	#ifdef IPRT_NT_USE_WINTERNL
1871	typedef struct _VM_COUNTERS
1872	{
1873	SIZE_T PeakVirtualSize;
1874	SIZE_T VirtualSize;
1875	ULONG PageFaultCount;
1876	SIZE_T PeakWorkingSetSize;
1877	SIZE_T WorkingSetSize;
1878	SIZE_T QuotaPeakPagedPoolUsage;
1879	SIZE_T QuotaPagedPoolUsage;
1880	SIZE_T QuotaPeakNonPagedPoolUsage;
1881	SIZE_T QuotaNonPagedPoolUsage;
1882	SIZE_T PagefileUsage;
1883	SIZE_T PeakPagefileUsage;
1884	} VM_COUNTERS;
1885	typedef VM_COUNTERS *PVM_COUNTERS;
1886	#endif
1887
1888	#if 0
1889	typedef struct _IO_COUNTERS
1890	{
1891	ULONGLONG ReadOperationCount;
1892	ULONGLONG WriteOperationCount;
1893	ULONGLONG OtherOperationCount;
1894	ULONGLONG ReadTransferCount;
1895	ULONGLONG WriteTransferCount;
1896	ULONGLONG OtherTransferCount;
1897	} IO_COUNTERS;
1898	typedef IO_COUNTERS *PIO_COUNTERS;
1899	#endif
1900
1901	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1902	{
1903	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
1904	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
1905	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
1906	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
1907	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
1908	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
1909	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
1910	int32_t BasePriority; /*< 0x40 / 0x48 /
1911	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
1912	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
1913	ULONG HandleCount; /*< 0x4c / 0x60 /
1914	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
1915	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
1916	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
1917	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
1918	/* After this follows the threads, then the ProcessName.Buffer. */
1919	} RTNT_SYSTEM_PROCESS_INFORMATION;
1920	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1921	#ifndef IPRT_NT_USE_WINTERNL
1922	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1923	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1924	#endif
1925
1926	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1927	{
1928	USHORT UniqueProcessId;
1929	USHORT CreatorBackTraceIndex;
1930	UCHAR ObjectTypeIndex;
1931	UCHAR HandleAttributes;
1932	USHORT HandleValue;
1933	PVOID Object;
1934	ULONG GrantedAccess;
1935	} SYSTEM_HANDLE_ENTRY_INFO;
1936	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1937
1938	/** Returned by SystemHandleInformation */
1939	typedef struct _SYSTEM_HANDLE_INFORMATION
1940	{
1941	ULONG NumberOfHandles;
1942	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1943	} SYSTEM_HANDLE_INFORMATION;
1944	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1945
1946	/** Extended handle information entry.
1947	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1948	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1949	{
1950	PVOID Object;
1951	HANDLE UniqueProcessId;
1952	HANDLE HandleValue;
1953	ACCESS_MASK GrantedAccess;
1954	USHORT CreatorBackTraceIndex;
1955	USHORT ObjectTypeIndex;
1956	ULONG HandleAttributes;
1957	ULONG Reserved;
1958	} SYSTEM_HANDLE_ENTRY_INFO_EX;
1959	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
1960
1961	/** Returned by SystemExtendedHandleInformation. */
1962	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
1963	{
1964	ULONG_PTR NumberOfHandles;
1965	ULONG_PTR Reserved;
1966	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
1967	} SYSTEM_HANDLE_INFORMATION_EX;
1968	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
1969
1970	/** Input to SystemSessionProcessInformation. */
1971	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
1972	{
1973	ULONG SessionId;
1974	ULONG BufferLength;
1975	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
1976	PVOID Buffer;
1977	} SYSTEM_SESSION_PROCESS_INFORMATION;
1978	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
1979
1980	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1981
1982	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
1983	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
1984	#ifndef IPRT_NT_USE_WINTERNL
1985	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
1986	#endif
1987	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
1988	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
1989	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
1990
1991	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
1992
1993	#ifdef IPRT_NT_USE_WINTERNL
1994	typedef enum _EVENT_TYPE
1995	{
1996	/* Manual reset event. */
1997	NotificationEvent = 0,
1998	/* Automaitc reset event. */
1999	SynchronizationEvent
2000	} EVENT_TYPE;
2001	#endif
2002	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2003	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2004	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2005	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2006	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2007	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2008	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2009	typedef enum _EVENT_INFORMATION_CLASS
2010	{
2011	EventBasicInformation = 0
2012	} EVENT_INFORMATION_CLASS;
2013	/** Data returned by NtQueryEvent + EventBasicInformation. */
2014	typedef struct EVENT_BASIC_INFORMATION
2015	{
2016	EVENT_TYPE EventType;
2017	ULONG EventState;
2018	} EVENT_BASIC_INFORMATION;
2019	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2020	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2021
2022	#ifdef IPRT_NT_USE_WINTERNL
2023	/** For NtQueryValueKey. */
2024	typedef enum _KEY_VALUE_INFORMATION_CLASS
2025	{
2026	KeyValueBasicInformation = 0,
2027	KeyValueFullInformation,
2028	KeyValuePartialInformation,
2029	KeyValueFullInformationAlign64,
2030	KeyValuePartialInformationAlign64
2031	} KEY_VALUE_INFORMATION_CLASS;
2032
2033	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2034	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2035	{
2036	ULONG TitleIndex;
2037	ULONG Type;
2038	ULONG DataLength;
2039	UCHAR Data[1];
2040	} KEY_VALUE_PARTIAL_INFORMATION;
2041	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2042	#endif
2043	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2044	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2045
2046
2047	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2048
2049
2050	typedef struct _CURDIR
2051	{
2052	UNICODE_STRING DosPath;
2053	HANDLE Handle;
2054	} CURDIR;
2055	typedef CURDIR *PCURDIR;
2056
2057	typedef struct _RTL_DRIVE_LETTER_CURDIR
2058	{
2059	USHORT Flags;
2060	USHORT Length;
2061	ULONG TimeStamp;
2062	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
2063	} RTL_DRIVE_LETTER_CURDIR;
2064	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2065
2066	typedef struct _RTL_USER_PROCESS_PARAMETERS
2067	{
2068	ULONG MaximumLength;
2069	ULONG Length;
2070	ULONG Flags;
2071	ULONG DebugFlags;
2072	HANDLE ConsoleHandle;
2073	ULONG ConsoleFlags;
2074	HANDLE StandardInput;
2075	HANDLE StandardOutput;
2076	HANDLE StandardError;
2077	CURDIR CurrentDirectory;
2078	UNICODE_STRING DllPath;
2079	UNICODE_STRING ImagePathName;
2080	UNICODE_STRING CommandLine;
2081	PWSTR Environment;
2082	ULONG StartingX;
2083	ULONG StartingY;
2084	ULONG CountX;
2085	ULONG CountY;
2086	ULONG CountCharsX;
2087	ULONG CountCharsY;
2088	ULONG FillAttribute;
2089	ULONG WindowFlags;
2090	ULONG ShowWindowFlags;
2091	UNICODE_STRING WindowTitle;
2092	UNICODE_STRING DesktopInfo;
2093	UNICODE_STRING ShellInfo;
2094	UNICODE_STRING RuntimeInfo;
2095	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2096	SIZE_T EnvironmentSize; /*< Added in Vista /
2097	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
2098	PVOID PackageDependencyData; /*< Added Windows 8? /
2099	ULONG ProcessGroupId; /*< Added Windows 8? /
2100	} RTL_USER_PROCESS_PARAMETERS;
2101	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2102	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2103
2104	typedef struct _RTL_USER_PROCESS_INFORMATION
2105	{
2106	ULONG Size;
2107	HANDLE ProcessHandle;
2108	HANDLE ThreadHandle;
2109	CLIENT_ID ClientId;
2110	SECTION_IMAGE_INFORMATION ImageInformation;
2111	} RTL_USER_PROCESS_INFORMATION;
2112	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2113
2114
2115	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2116	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2117	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2118	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2119	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2120	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2121	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2122	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2123	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2124	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2125
2126	RT_C_DECLS_END
2127	/** @} */
2128
2129
2130	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
2131	/** @name NT Kernel APIs
2132	* @{ */
2133	RT_C_DECLS_BEGIN
2134
2135	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2136	PVOID pvOptionalConditions, PHANDLE phFound);
2137	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2138	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2139	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2140	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2141	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2142	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2143	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2144	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
2145	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
2146
2147	RT_C_DECLS_END
2148	/** @ */
2149	#endif /* IN_RING0 */
2150
2151
2152	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
2153	/** @name NT Userland APIs
2154	* @{ */
2155	RT_C_DECLS_BEGIN
2156
2157	#if 0 /** @todo figure this out some time... */
2158	typedef struct CSR_MSG_DATA_CREATED_PROCESS
2159	{
2160	HANDLE hProcess;
2161	HANDLE hThread;
2162	CLIENT_ID
2163	DWORD idProcess;
2164	DWORD idThread;
2165	DWORD fCreate;
2166
2167	} CSR_MSG_DATA_CREATED_PROCESS;
2168
2169	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2170	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2171	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2172	#endif
2173
2174	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2175
2176	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2177	{
2178	ULONG Flags;
2179	PCUNICODE_STRING FullDllName;
2180	PCUNICODE_STRING BaseDllName;
2181	PVOID DllBase;
2182	ULONG SizeOfImage;
2183	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2184	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2185	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2186
2187	typedef union _LDR_DLL_NOTIFICATION_DATA
2188	{
2189	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2190	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2191	} LDR_DLL_NOTIFICATION_DATA;
2192	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2193	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2194
2195	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2196
2197	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2198	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2199	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2200	PVOID *pvCookie);
2201	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
2202	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2203	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2204
2205	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2206	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
2207	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2208	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2209	IN PCUNICODE_STRING pOrgName,
2210	IN PUNICODE_STRING pDefaultSuffix,
2211	IN OUT PUNICODE_STRING pStaticString,
2212	IN OUT PUNICODE_STRING pDynamicString,
2213	IN OUT PUNICODE_STRING *ppResultString,
2214	IN PULONG pfNewFlags OPTIONAL,
2215	IN PSIZE_T pcbFilename OPTIONAL,
2216	IN PSIZE_T pcbNeeded OPTIONAL);
2217
2218	# ifdef IPRT_NT_USE_WINTERNL
2219	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2220	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2221	typedef struct _RTL_HEAP_PARAMETERS
2222	{
2223	ULONG Length;
2224	SIZE_T SegmentReserve;
2225	SIZE_T SegmentCommit;
2226	SIZE_T DeCommitFreeBlockThreshold;
2227	SIZE_T DeCommitTotalFreeThreshold;
2228	SIZE_T MaximumAllocationSize;
2229	SIZE_T VirtualMemoryThreshold;
2230	SIZE_T InitialCommit;
2231	SIZE_T InitialReserve;
2232	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2233	SIZE_T Reserved[2];
2234	} RTL_HEAP_PARAMETERS;
2235	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2236	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2237	PRTL_HEAP_PARAMETERS pParameters);
2238	/** @name Heap flags (for RtlCreateHeap).
2239	* @{ */
2240	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2241	# define HEAP_GROWABLE UINT32_C(0x00000002)
2242	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2243	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2244	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2245	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2246	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2247	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2248	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2249	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2250	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2251	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2252	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2253	# define HEAP_CLASS_0 UINT32_C(0x00000000)
2254	# define HEAP_CLASS_1 UINT32_C(0x00001000)
2255	# define HEAP_CLASS_2 UINT32_C(0x00002000)
2256	# define HEAP_CLASS_3 UINT32_C(0x00003000)
2257	# define HEAP_CLASS_4 UINT32_C(0x00004000)
2258	# define HEAP_CLASS_5 UINT32_C(0x00005000)
2259	# define HEAP_CLASS_6 UINT32_C(0x00006000)
2260	# define HEAP_CLASS_7 UINT32_C(0x00007000)
2261	# define HEAP_CLASS_8 UINT32_C(0x00008000)
2262	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2263	# endif
2264	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2265	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2266	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2267	# define HEAP_CLASS_GDI HEAP_CLASS_3
2268	# define HEAP_CLASS_USER HEAP_CLASS_4
2269	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2270	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2271	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2272	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2273	# ifdef IPRT_NT_USE_WINTERNL
2274	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2275	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2276	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2277	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2278	# endif /* IPRT_NT_USE_WINTERNL */
2279	/** @} */
2280	# ifdef IPRT_NT_USE_WINTERNL
2281	/** @name Heap tagging constants
2282	* @{ */
2283	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2284	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2285	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2286	# define HEAP_TAG_SHIFT 18 */
2287	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2288	/** @} */
2289	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2290	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2291	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2292	# endif /* IPRT_NT_USE_WINTERNL */
2293	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2294	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2295	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2296	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2297	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2298	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2299	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2300	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2301
2302	RT_C_DECLS_END
2303	/** @} */
2304	#endif /* IN_RING3 */
2305
2306	#endif
2307

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 53445

Download in other formats: