nt.h@ 54874

Last change on this file since 54874 was 53819, checked in by vboxsync, 10 years ago
iprt/nt/nt.h: Added a bunch of Ldr APIs.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 112.4 KB

Line
1	/* $Id: nt.h 53819 2015-01-15 13:50:29Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2014 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQuerySystemInformation ZwQuerySystemInformation
43	# define NtQuerySecurityObject ZwQuerySecurityObject
44	# define NtClose ZwClose
45	# define NtCreateFile ZwCreateFile
46	# define NtReadFile ZwReadFile
47	# define NtWriteFile ZwWriteFile
48	/** @todo this is very incomplete! */
49	#endif
50
51	#include <ntstatus.h>
52
53	/*
54	* Hacks common to both base header sets.
55	*/
56	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
57	#define NtQueryObject Incomplete_NtQueryObject
58	#define ZwQueryObject Incomplete_ZwQueryObject
59	#define NtSetInformationObject Incomplete_NtSetInformationObject
60	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
61	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
63	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
64	#define _PEB Incomplete__PEB
65	#define PEB Incomplete_PEB
66	#define PPEB Incomplete_PPEB
67	#define _TEB Incomplete__TEB
68	#define TEB Incomplete_TEB
69	#define PTEB Incomplete_PTEB
70	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
71	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
72	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
73	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
74	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
75	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
76
77
78
79	#ifdef IPRT_NT_USE_WINTERNL
80	/*
81	* Use Winternl.h.
82	*/
83	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
84	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
85	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
86
87	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
88	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
89	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
90	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
91	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
92	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
93	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
94	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
95	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
96	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
97	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
98	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
99
100	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
101	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
102	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
103
104	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
105	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
106	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
107	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
108	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
109
110	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
111	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
112	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
113	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
114	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
115	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
116	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
117	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
118	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
119	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
120	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
121	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
122	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
123	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
124
125
126	# define WIN32_NO_STATUS
127	# include <windef.h>
128	# include <winnt.h>
129	# include <winternl.h>
130	# undef WIN32_NO_STATUS
131	# include <ntstatus.h>
132
133
134	# undef _FILE_INFORMATION_CLASS
135	# undef FILE_INFORMATION_CLASS
136	# undef FileDirectoryInformation
137
138	# undef NtQueryInformationProcess
139	# undef NtSetInformationProcess
140	# undef PROCESSINFOCLASS
141	# undef _PROCESSINFOCLASS
142	# undef PROCESS_BASIC_INFORMATION
143	# undef PPROCESS_BASIC_INFORMATION
144	# undef _PROCESS_BASIC_INFORMATION
145	# undef ProcessBasicInformation
146	# undef ProcessDebugPort
147	# undef ProcessWow64Information
148	# undef ProcessImageFileName
149	# undef ProcessBreakOnTermination
150
151	# undef RTL_USER_PROCESS_PARAMETERS
152	# undef PRTL_USER_PROCESS_PARAMETERS
153	# undef _RTL_USER_PROCESS_PARAMETERS
154
155	# undef NtQueryInformationThread
156	# undef NtSetInformationThread
157	# undef THREADINFOCLASS
158	# undef _THREADINFOCLASS
159	# undef ThreadIsIoPending
160
161	# undef NtQuerySystemInformation
162	# undef NtSetSystemInformation
163	# undef SYSTEM_INFORMATION_CLASS
164	# undef _SYSTEM_INFORMATION_CLASS
165	# undef SystemBasicInformation
166	# undef SystemPerformanceInformation
167	# undef SystemTimeOfDayInformation
168	# undef SystemProcessInformation
169	# undef SystemProcessorPerformanceInformation
170	# undef SystemInterruptInformation
171	# undef SystemExceptionInformation
172	# undef SystemRegistryQuotaInformation
173	# undef SystemLookasideInformation
174	# undef SystemPolicyInformation
175
176	#else
177	/*
178	* Use ntifs.h and wdm.h.
179	*/
180	# ifdef RT_ARCH_X86
181	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
182	# pragma warning(disable : 4163)
183	# endif
184
185	# include <ntifs.h>
186	# include <wdm.h>
187
188	# ifdef RT_ARCH_X86
189	# pragma warning(default : 4163)
190	# undef _InterlockedAddLargeStatistic
191	# endif
192
193	# define IPRT_NT_NEED_API_GROUP_NTIFS
194	#endif
195
196	#undef RtlFreeUnicodeString
197	#undef NtQueryObject
198	#undef ZwQueryObject
199	#undef NtSetInformationObject
200	#undef _OBJECT_INFORMATION_CLASS
201	#undef OBJECT_INFORMATION_CLASS
202	#undef ObjectBasicInformation
203	#undef ObjectTypeInformation
204	#undef _PEB
205	#undef PEB
206	#undef PPEB
207	#undef _TEB
208	#undef TEB
209	#undef PTEB
210	#undef _PEB_LDR_DATA
211	#undef PEB_LDR_DATA
212	#undef PPEB_LDR_DATA
213	#undef _KUSER_SHARED_DATA
214	#undef KUSER_SHARED_DATA
215	#undef PKUSER_SHARED_DATA
216
217
218	#include <iprt/types.h>
219	#include <iprt/assert.h>
220
221
222	/** @name Useful macros
223	* @{ */
224	/** Indicates that we're targetting native NT in the current source. */
225	#define RTNT_USE_NATIVE_NT 1
226	/** Initializes a IO_STATUS_BLOCK. */
227	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
228	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
229	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
230	/** Constant UNICODE_STRING initializer. */
231	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
232	/** @} */
233
234
235	/** @name IPRT helper functions for NT
236	* @{ */
237	RT_C_DECLS_BEGIN
238
239	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
240	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
241	PHANDLE phHandle, PULONG_PTR puDisposition);
242	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
243	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
244	RTDECL(int) RTNtPathClose(HANDLE hHandle);
245
246	/**
247	* Converts a UTF-16 windows-style path to NT format.
248	*
249	* @returns IPRT status code.
250	* @param pNtName Where to return the NT name. Free using
251	* RTNtPathFree.
252	* @param phRootDir Where to return the root handle, if applicable.
253	* @param pwszPath The UTF-16 windows-style path.
254	* @param cwcPath The max length of the windows-style path in
255	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
256	* pwszPath is correctly terminated.
257	*/
258	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
259
260	/**
261	* Frees the native path and root handle.
262	*
263	* @param pNtName The NT path after a successful
264	* RTNtPathFromWinUtf16Ex call.
265	* @param phRootDir The root handle variable after a successfull
266	* RTNtPathFromWinUtf16Ex call.
267	*/
268	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
269
270
271	RT_C_DECLS_END
272	/** @} */
273
274
275	/** @name NT API delcarations.
276	* @{ */
277	RT_C_DECLS_BEGIN
278
279	/** @name Process access rights missing in ntddk headers
280	* @{ */
281	#ifndef PROCESS_TERMINATE
282	# define PROCESS_TERMINATE UINT32_C(0x00000001)
283	#endif
284	#ifndef PROCESS_CREATE_THREAD
285	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
286	#endif
287	#ifndef PROCESS_SET_SESSIONID
288	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
289	#endif
290	#ifndef PROCESS_VM_OPERATION
291	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
292	#endif
293	#ifndef PROCESS_VM_READ
294	# define PROCESS_VM_READ UINT32_C(0x00000010)
295	#endif
296	#ifndef PROCESS_VM_WRITE
297	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
298	#endif
299	#ifndef PROCESS_DUP_HANDLE
300	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
301	#endif
302	#ifndef PROCESS_CREATE_PROCESS
303	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
304	#endif
305	#ifndef PROCESS_SET_QUOTA
306	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
307	#endif
308	#ifndef PROCESS_SET_INFORMATION
309	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
310	#endif
311	#ifndef PROCESS_QUERY_INFORMATION
312	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
313	#endif
314	#ifndef PROCESS_SUSPEND_RESUME
315	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
316	#endif
317	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
318	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
319	#endif
320	#ifndef PROCESS_SET_LIMITED_INFORMATION
321	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
322	#endif
323	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
324	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
325	#ifndef PROCESS_ALL_ACCESS
326	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
327	#endif
328	/** @} */
329
330	/** @name Thread access rights missing in ntddk headers
331	* @{ */
332	#ifndef THREAD_QUERY_INFORMATION
333	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
334	#endif
335	#ifndef THREAD_SET_THREAD_TOKEN
336	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
337	#endif
338	#ifndef THREAD_IMPERSONATE
339	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
340	#endif
341	#ifndef THREAD_DIRECT_IMPERSONATION
342	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
343	#endif
344	#ifndef THREAD_RESUME
345	# define THREAD_RESUME UINT32_C(0x00001000)
346	#endif
347	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
348	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
349	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
350	/** @} */
351
352	/** @name Special handle values.
353	* @{ */
354	#ifndef NtCurrentProcess
355	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
356	#endif
357	#ifndef NtCurrentThread
358	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
359	#endif
360	#ifndef ZwCurrentProcess
361	# define ZwCurrentProcess() NtCurrentProcess()
362	#endif
363	#ifndef ZwCurrentThread
364	# define ZwCurrentThread() NtCurrentThread()
365	#endif
366	/** @} */
367
368
369	/** @name Directory object access rights.
370	* @{ */
371	#ifndef DIRECTORY_QUERY
372	# define DIRECTORY_QUERY UINT32_C(0x00000001)
373	#endif
374	#ifndef DIRECTORY_TRAVERSE
375	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
376	#endif
377	#ifndef DIRECTORY_CREATE_OBJECT
378	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
379	#endif
380	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
381	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
382	#endif
383	#ifndef DIRECTORY_ALL_ACCESS
384	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
385	#endif
386	/** @} */
387
388
389
390	#ifdef IPRT_NT_USE_WINTERNL
391	typedef struct _CLIENT_ID
392	{
393	HANDLE UniqueProcess;
394	HANDLE UniqueThread;
395	} CLIENT_ID;
396	typedef CLIENT_ID *PCLIENT_ID;
397	#endif
398
399	/** Extended affinity type, introduced in Windows 7 (?). */
400	typedef struct _KAFFINITY_EX
401	{
402	/** Count of valid bitmap entries. */
403	uint16_t Count;
404	/** Count of allocated bitmap entries. */
405	uint16_t Size;
406	/** Reserved / aligmment padding. */
407	uint32_t Reserved;
408	/** Bitmap where one bit corresponds to a CPU. */
409	uintptr_t Bitmap[20];
410	} KAFFINITY_EX;
411	typedef KAFFINITY_EX *PKAFFINITY_EX;
412	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
413
414	/** @name User Shared Data
415	* @{ */
416
417	#ifdef IPRT_NT_USE_WINTERNL
418	typedef struct _KSYSTEM_TIME
419	{
420	ULONG LowPart;
421	LONG High1Time;
422	LONG High2Time;
423	} KSYSTEM_TIME;
424	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
425
426	typedef enum _NT_PRODUCT_TYPE
427	{
428	NtProductWinNt = 1,
429	NtProductLanManNt,
430	NtProductServer
431	} NT_PRODUCT_TYPE;
432
433	#define PROCESSOR_FEATURE_MAX 64
434
435	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
436	{
437	StandardDesign = 0,
438	NEC98x86,
439	EndAlternatives
440	} ALTERNATIVE_ARCHITECTURE_TYPE;
441
442	# if 0
443	typedef struct _XSTATE_FEATURE
444	{
445	ULONG Offset;
446	ULONG Size;
447	} XSTATE_FEATURE;
448	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
449
450	#define MAXIMUM_XSTATE_FEATURES 64
451
452	typedef struct _XSTATE_CONFIGURATION
453	{
454	ULONG64 EnabledFeatures;
455	ULONG Size;
456	ULONG OptimizedSave : 1;
457	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
458	} XSTATE_CONFIGURATION;
459	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
460	# endif
461	#endif /* IPRT_NT_USE_WINTERNL */
462
463	typedef struct _KUSER_SHARED_DATA
464	{
465	ULONG TickCountLowDeprecated; /*< 0x000 /
466	ULONG TickCountMultiplier; /*< 0x004 /
467	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
468	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
469	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
470	USHORT ImageNumberLow; /*< 0x02c /
471	USHORT ImageNumberHigh; /*< 0x02e /
472	WCHAR NtSystemRoot[260]; /*< 0x030 /
473	ULONG MaxStackTraceDepth; /*< 0x238 /
474	ULONG CryptoExponent; /*< 0x23c /
475	ULONG TimeZoneId; /*< 0x240 /
476	ULONG LargePageMinimum; /*< 0x244 /
477	ULONG AitSamplingValue; /*< 0x248 /
478	ULONG AppCompatFlag; /*< 0x24c /
479	ULONGLONG RNGSeedVersion; /*< 0x250 /
480	ULONG GlobalValidationRunlevel; /*< 0x258 /
481	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
482	ULONG Reserved2; /*< 0x260 /
483	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
484	BOOLEAN ProductTypeIsValid; /*< 0x268 /
485	BOOLEAN Reserved0[1]; /*< 0x269 /
486	USHORT NativeProcessorArchitecture; /*< 0x26a /
487	ULONG NtMajorVersion; /*< 0x26c /
488	ULONG NtMinorVersion; /*< 0x270 /
489	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
490	ULONG Reserved1; /*< 0x2b4 /
491	ULONG Reserved3; /*< 0x2b8 /
492	ULONG volatile TimeSlip; /*< 0x2bc /
493	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
494	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
495	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
496	ULONG SuiteMask; /*< 0x2d0 /
497	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
498	union /*< 0x2d5 /
499	{
500	UCHAR MitigationPolicies; /*< 0x2d5 /
501	struct
502	{
503	UCHAR NXSupportPolicy : 2;
504	UCHAR SEHValidationPolicy : 2;
505	UCHAR CurDirDevicesSkippedForDlls : 2;
506	UCHAR Reserved : 2;
507	};
508	};
509	UCHAR Reserved6[2]; /*< 0x2d6 /
510	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
511	ULONG volatile DismountCount; /*< 0x2dc /
512	ULONG ComPlusPackage; /*< 0x2e0 /
513	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
514	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
515	BOOLEAN SafeBootMode; /*< 0x2ec /
516	UCHAR Reserved12[3]; /*< 0x2ed /
517	union /*< 0x2f0 /
518	{
519	ULONG SharedDataFlags; /*< 0x2f0 /
520	struct
521	{
522	ULONG DbgErrorPortPresent : 1;
523	ULONG DbgElevationEnabled : 1;
524	ULONG DbgVirtEnabled : 1;
525	ULONG DbgInstallerDetectEnabled : 1;
526	ULONG DbgLkgEnabled : 1;
527	ULONG DbgDynProcessorEnabled : 1;
528	ULONG DbgConsoleBrokerEnabled : 1;
529	ULONG DbgSecureBootEnabled : 1;
530	ULONG SpareBits : 24;
531	};
532	};
533	ULONG DataFlagsPad[1]; /*< 0x2f4 /
534	ULONGLONG TestRetInstruction; /*< 0x2f8 /
535	LONGLONG QpcFrequency; /*< 0x300 /
536	ULONGLONG SystemCallPad[3]; /*< 0x308 /
537	union /*< 0x320 /
538	{
539	ULONG64 volatile TickCountQuad; /*< 0x320 /
540	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
541	struct /*< 0x320 /
542	{
543	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
544	ULONG TickCountPad[1]; /*< 0x32c /
545	};
546	};
547	ULONG Cookie; /*< 0x330 /
548	ULONG CookiePad[1]; /*< 0x334 /
549	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
550	ULONGLONG TimeUpdateLock; /*< 0x340 /
551	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
552	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
553	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
554	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
555	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
556	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
557	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
558	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
559	UCHAR Reserved8[14]; /*< 0x372 /
560	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
561	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
562	ULONG LangGenerationCount; /*< 0x3a4 /
563	ULONGLONG Reserved4; /*< 0x3a8 /
564	ULONGLONG volatile InterruptTimeBias; /*< 0x3b0 /
565	ULONGLONG volatile QpcBias; /*< 0x3b8 /
566	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
567	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
568	UCHAR Reserved9; /*< 0x3c5 /
569	union /*< 0x3c6 /
570	{
571	USHORT QpcData; /*< 0x3c6 /
572	struct /*< 0x3c6 /
573	{
574	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
575	UCHAR QpcShift; /*< 0x3c7 /
576	};
577	};
578	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
579	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
580	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
581	} KUSER_SHARED_DATA;
582	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
583	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
584	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
585	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
586	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
587	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
588	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
589	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
590	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
591	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
592	/** @def MM_SHARED_USER_DATA_VA
593	* Read only userland mapping of KUSER_SHARED_DATA. */
594	#ifndef MM_SHARED_USER_DATA_VA
595	# if ARCH_BITS == 32
596	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
597	# elif ARCH_BITS == 64
598	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
599	# else
600	# error "Unsupported/undefined ARCH_BITS value."
601	# endif
602	#endif
603	/** @def KI_USER_SHARED_DATA
604	* Read write kernel mapping of KUSER_SHARED_DATA. */
605	#ifndef KI_USER_SHARED_DATA
606	# ifdef RT_ARCH_X86
607	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
608	# elif defined(RT_ARCH_AMD64)
609	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
610	# else
611	# error "PORT ME - KI_USER_SHARED_DATA"
612	# endif
613	#endif
614	/** @} */
615
616
617	/** @name Process And Thread Environment Blocks
618	* @{ */
619
620	typedef struct _PEB_LDR_DATA
621	{
622	uint32_t Length;
623	BOOLEAN Initialized;
624	BOOLEAN Padding[3];
625	HANDLE SsHandle;
626	LIST_ENTRY InLoadOrderModuleList;
627	LIST_ENTRY InMemoryOrderModuleList;
628	LIST_ENTRY InInitializationOrderModuleList;
629	/* End NT4 */
630	LIST_ENTRY *EntryInProgress;
631	BOOLEAN ShutdownInProgress;
632	HANDLE ShutdownThreadId;
633	} PEB_LDR_DATA;
634	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
635
636	typedef struct _PEB_COMMON
637	{
638	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
639	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
640	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
641	union
642	{
643	uint8_t BitField; /*< 0x003 / 0x003 /
644	struct
645	{
646	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
647	} Common;
648	struct
649	{
650	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
651	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
652	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
653	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
654	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
655	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
656	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
657	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
658	} W81;
659	struct
660	{
661	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
662	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
663	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
664	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
665	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
666	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
667	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
668	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
669	} W80;
670	struct
671	{
672	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
673	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
674	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
675	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
676	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
677	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
678	} W7;
679	struct
680	{
681	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
682	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
683	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
684	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
685	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
686	} W6;
687	struct
688	{
689	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
690	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
691	} W52;
692	struct
693	{
694	BOOLEAN SpareBool;
695	} W51;
696	} Diff0;
697	#if ARCH_BITS == 64
698	uint32_t Padding0; /*< 0x004 / NA /
699	#endif
700	HANDLE Mutant; /*< 0x008 / 0x004 /
701	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
702	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
703	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
704	PVOID SubSystemData; /*< 0x028 / 0x014 /
705	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
706	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
707	union
708	{
709	struct
710	{
711	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
712	PVOID IFEOKey; /*< 0x048 / 0x024 /
713	union
714	{
715	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
716	struct
717	{
718	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
719	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
720	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
721	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
722	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
723	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
724	} W7, W8, W80, W81;
725	struct
726	{
727	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
728	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
729	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
730	} W6;
731	};
732	#if ARCH_BITS == 64
733	uint32_t Padding1; /*< 0x054 / /
734	#endif
735	} W6, W7, W8, W80, W81;
736	struct
737	{
738	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
739	PVOID SparePtr2; /*< 0x048 / 0x024 /
740	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
741	#if ARCH_BITS == 64
742	uint32_t Padding1; /*< 0x054 / /
743	#endif
744	} W52;
745	struct
746	{
747	PVOID FastPebLockRoutine; /*< NA / 0x020 /
748	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
749	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
750	} W51;
751	} Diff1;
752	union
753	{
754	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
755	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
756	};
757	uint32_t SystemReserved; /*< 0x060 / 0x030 /
758	union
759	{
760	struct
761	{
762	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
763	} W7, W8, W80, W81;
764	struct
765	{
766	uint32_t SpareUlong; /*< 0x064 / 0x034 /
767	} W52, W6;
768	struct
769	{
770	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
771	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
772	} W51;
773	} Diff2;
774	union
775	{
776	struct
777	{
778	PVOID ApiSetMap; /*< 0x068 / 0x038 /
779	} W7, W8, W80, W81;
780	struct
781	{
782	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
783	} W52, W6;
784	struct
785	{
786	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
787	} W51;
788	} Diff3;
789	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
790	#if ARCH_BITS == 64
791	uint32_t Padding2; /*< 0x074 / NA /
792	#endif
793	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
794	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
795	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
796	union
797	{
798	struct
799	{
800	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
801	} W81;
802	struct
803	{
804	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
805	} W6, W7, W80;
806	struct
807	{
808	PVOID ReadOnlySharedMemoryHeap;
809	} W52;
810	} Diff4;
811	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
812	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
813	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
814	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
815	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
816	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
817	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
818	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
819	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
820	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
821	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
822	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
823	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
824	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
825	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
826	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
827	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
828	#if ARCH_BITS == 64
829	uint32_t Padding3; /*< 0x10c / NA /
830	#endif
831	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
832	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
833	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
834	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
835	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
836	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
837	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
838	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
839	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
840	#if ARCH_BITS == 64
841	uint32_t Padding4; /*< 0x134 / NA /
842	#endif
843	union
844	{
845	struct
846	{
847	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
848	} W7, W8, W80, W81;
849	struct
850	{
851	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
852	} W52, W6;
853	} Diff5;
854	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
855	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
856	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
857	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
858	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
859	#if ARCH_BITS == 64
860	uint32_t Padding5; /*< 0x2c4 / NA /
861	#endif
862	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
863	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
864	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
865	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
866	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
867	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
868	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
869	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
870	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
871	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
872	/* End of PEB in W52 (Windows XP (RTM))! */
873	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
874	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
875	PVOID FlsBitmap; /*< 0x338 / 0x218 /
876	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
877	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
878	/* End of PEB in W52 (Windows Server 2003)! */
879	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
880	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
881	/* End of PEB in W6 (windows Vista)! */
882	union
883	{
884	struct
885	{
886	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
887	} W8, W80, W81;
888	struct
889	{
890	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
891	} W7;
892	} Diff6;
893	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
894	union
895	{
896	uint32_t TracingFlags; /*< 0x378 / 0x240 /
897	struct
898	{
899	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
900	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
901	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
902	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
903	} W8, W80, W81;
904	struct
905	{
906	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
907	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
908	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
909	} W7;
910	} Diff7;
911	#if ARCH_BITS == 64
912	uint32_t Padding6; /*< 0x37c / NA /
913	#endif
914	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
915	} PEB_COMMON;
916	typedef PEB_COMMON *PPEB_COMMON;
917
918	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
919	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
920	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
921	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
922	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
923	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
924	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
925	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
926	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
927
928	/** The size of the windows 8.1 PEB structure. */
929	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
930	/** The size of the windows 8.0 PEB structure. */
931	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
932	/** The size of the windows 7 PEB structure. */
933	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
934	/** The size of the windows vista PEB structure. */
935	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
936	/** The size of the windows server 2003 PEB structure. */
937	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
938	/** The size of the windows XP PEB structure. */
939	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
940
941	#if 0
942	typedef struct _NT_TIB
943	{
944	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
945	PVOID StackBase;
946	PVOID StackLimit;
947	PVOID SubSystemTib;
948	union
949	{
950	PVOID FiberData;
951	ULONG Version;
952	};
953	PVOID ArbitraryUserPointer;
954	struct _NT_TIB *Self;
955	} NT_TIB;
956	typedef NT_TIB *PNT_TIB;
957	#endif
958
959	typedef struct _ACTIVATION_CONTEXT_STACK
960	{
961	uint32_t Flags;
962	uint32_t NextCookieSequenceNumber;
963	PVOID ActiveFrame;
964	LIST_ENTRY FrameListCache;
965	} ACTIVATION_CONTEXT_STACK;
966
967	/* Common TEB. */
968	typedef struct _TEB_COMMON
969	{
970	NT_TIB NtTib; /*< 0x000 / 0x000 /
971	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
972	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
973	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
974	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
975	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
976	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
977	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
978	PVOID CsrClientThread; /*< 0x070 / 0x03c /
979	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
980	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
981	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
982	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
983	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
984	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
985	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
986	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
987	#if ARCH_BITS == 64
988	uint32_t Padding0; /*< 0x2c4 / NA /
989	#endif
990	union
991	{
992	struct
993	{
994	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
995	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
996	} W52, W6, W7, W8, W80, W81;
997	#if ARCH_BITS == 32
998	struct
999	{
1000	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1001	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1002	} W51;
1003	#endif
1004	} Diff0;
1005	union
1006	{
1007	struct
1008	{
1009	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1010	} W6, W7, W8, W80, W81;
1011	struct
1012	{
1013	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1014	} W52;
1015	} Diff1;
1016	#if ARCH_BITS == 64
1017	uint32_t Padding1; /*< 0x2ec / NA /
1018	#endif
1019	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1020	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1021	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1022	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1023	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1024	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1025	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1026	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1027	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1028	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1029	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1030	PVOID glSection; /*< 0x1230 / 0xbe4 /
1031	PVOID glTable; /*< 0x1238 / 0xbe8 /
1032	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1033	PVOID glContext; /*< 0x1248 / 0xbf0 /
1034	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1035	#if ARCH_BITS == 64
1036	uint32_t Padding2; /*< 0x1254 / NA /
1037	#endif
1038	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1039	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1040	#if ARCH_BITS == 64
1041	WCHAR Padding3[3]; /*< 0x1472 / NA /
1042	#endif
1043	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1044	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1045	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1046	PVOID Vdm; /*< 0x1690 / 0xf18 /
1047	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1048	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1049	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1050	#if ARCH_BITS == 64
1051	uint32_t Padding4; /*< 0x16b4 / NA /
1052	#endif
1053	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1054	union
1055	{
1056	struct
1057	{
1058	GUID ActivityId; /*< 0x1710 / 0xf50 /
1059	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1060	} W6, W7, W8, W80, W81;
1061	struct
1062	{
1063	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1064	} W52;
1065	} Diff2;
1066	union /*< 0x1728 / 0xf64 /
1067	{
1068	struct
1069	{
1070	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1071	} W8, W80, W81;
1072	struct
1073	{
1074	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1075	} W7, W6;
1076	struct
1077	{
1078	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1079	} W52;
1080	struct
1081	{
1082	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1083	} W51;
1084	} Diff3;
1085	union
1086	{
1087	struct
1088	{
1089	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1090	} W52, W6, W7, W8, W80, W81;
1091	struct
1092	{
1093	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1094	} W51;
1095	} Diff4;
1096	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1097	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1098	union
1099	{
1100	union
1101	{
1102	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1103	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1104	struct
1105	{
1106	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1107	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1108	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1109	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1110	};
1111	} W6, W7, W8, W80, W81;
1112	struct
1113	{
1114	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1115	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1116	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1117	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1118	} W51, W52;
1119	} Diff5;
1120	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1121	#if ARCH_BITS == 64
1122	uint32_t Padding5; /*< 0x174c / NA /
1123	#endif
1124	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1125	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1126	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1127	#if ARCH_BITS == 64
1128	uint32_t Padding6; /*< 0x1764 / NA /
1129	#endif
1130	union /*< 0x1770 / 0xf8c /
1131	{
1132	struct
1133	{
1134	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1135	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1136	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1137	} W8, W80, W81;
1138	struct
1139	{
1140	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1141	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1142	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1143	} W6, W7;
1144	struct
1145	{
1146	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1147	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1148	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1149	} W52;
1150	#if ARCH_BITS == 32
1151	struct _Wx86ThreadState
1152	{
1153	PVOID CallBx86Eip; /*< NA / 0xf88 /
1154	PVOID DeallocationCpu; /*< NA / 0xf8c /
1155	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1156	int8_t OleStubInvoked; /*< NA / 0xf91 /
1157	} W51;
1158	#endif
1159	} Diff6;
1160	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1161	#if ARCH_BITS == 64
1162	PVOID DallocationBStore; /*< 0x1788 / NA /
1163	PVOID BStoreLimit; /*< 0x1790 / NA /
1164	#endif
1165	union
1166	{
1167	struct
1168	{
1169	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1170	} W7, W8, W80, W81;
1171	struct
1172	{
1173	uint32_t ImpersonationLocale;
1174	} W6;
1175	} Diff7;
1176	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1177	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1178	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1179	union /*< 0x17b0 / 0xfa8 /
1180	{
1181	struct
1182	{
1183	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1184	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1185	} W8, W80, W81;
1186	struct
1187	{
1188	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1189	} W7;
1190	} Diff8;
1191	#if ARCH_BITS == 64
1192	uint32_t Padding7; /*< 0x17b4 / NA /
1193	#endif
1194	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1195	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1196	/* End of TEB in W51 (Windows XP)! */
1197	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1198	union
1199	{
1200	struct
1201	{
1202	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1203	} W6, W7, W8, W80, W81;
1204	struct
1205	{
1206	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1207	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1208	/* End of TEB in W52 (Windows server 2003)! */
1209	} W52;
1210	} Diff9;
1211	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1212	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1213	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1214	union
1215	{
1216	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1217	struct
1218	{
1219	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1220	};
1221	};
1222	union
1223	{
1224	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1225	struct
1226	{
1227	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1228	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1229	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1230	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1231	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1232	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1233	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1234	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1235	} Common;
1236	struct
1237	{
1238	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1239	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1240	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1241	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1242	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1243	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1244	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1245	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1246	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1247	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1248	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1249	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1250	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1251	} W8, W80, W81;
1252	struct
1253	{
1254	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1255	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1256	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1257	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1258	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1259	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1260	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1261	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1262	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1263	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1264	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1265	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1266	} W7;
1267	struct
1268	{
1269	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1270	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1271	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1272	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1273	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1274	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1275	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1276	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1277	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1278	} W6;
1279	} Diff10;
1280	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1281	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1282	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1283	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1284	union
1285	{
1286	struct
1287	{
1288	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1289	} W7, W8, W80, W81;
1290	struct
1291	{
1292	uint32_t ProcessRundown;
1293	} W6;
1294	} Diff11;
1295	union
1296	{
1297	struct
1298	{
1299	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1300	/* End of TEB in W7 (windows 7)! */
1301	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1302	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1303	} W8, W80, W81;
1304	struct
1305	{
1306	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1307	} W7;
1308	struct
1309	{
1310	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1311	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1312	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1313	/* End of TEB in W6 (windows Vista)! */
1314	} W6;
1315	} Diff12;
1316	} TEB_COMMON;
1317	typedef TEB_COMMON *PTEB_COMMON;
1318	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1319	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1320	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1321	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1322	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1323	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1324	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1325	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1326	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1327	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1328	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1329	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1330	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1331
1332
1333	/** The size of the windows 8.1 PEB structure. */
1334	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1335	/** The size of the windows 8.0 PEB structure. */
1336	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1337	/** The size of the windows 7 PEB structure. */
1338	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1339	/** The size of the windows vista PEB structure. */
1340	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1341	/** The size of the windows server 2003 PEB structure. */
1342	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1343	/** The size of the windows XP PEB structure. */
1344	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1345
1346
1347
1348	#define _PEB _PEB_COMMON
1349	typedef PEB_COMMON PEB;
1350	typedef PPEB_COMMON PPEB;
1351
1352	#define _TEB _TEB_COMMON
1353	typedef TEB_COMMON TEB;
1354	typedef PTEB_COMMON PTEB;
1355
1356	#define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1357	#define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1358	#define NtCurrentPeb() RTNtCurrentPeb()
1359	#define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1360
1361	/** @} */
1362
1363
1364	#ifdef IPRT_NT_USE_WINTERNL
1365	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1366	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1367	typedef enum _SECTION_INHERIT
1368	{
1369	ViewShare = 1,
1370	ViewUnmap
1371	} SECTION_INHERIT;
1372	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1373	ULONG, ULONG);
1374
1375
1376	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1377	{
1378	ULONG FileSystemAttributes;
1379	LONG MaximumComponentNameLength;
1380	ULONG FileSystemNameLength;
1381	WCHAR FileSystemName[1];
1382	} FILE_FS_ATTRIBUTE_INFORMATION;
1383	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1384
1385	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1386	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1387	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1388	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1389
1390	typedef enum _FSINFOCLASS
1391	{
1392	FileFsVolumeInformation = 1,
1393	FileFsLabelInformation,
1394	FileFsSizeInformation,
1395	FileFsDeviceInformation,
1396	FileFsAttributeInformation,
1397	FileFsControlInformation,
1398	FileFsFullSizeInformation,
1399	FileFsObjectIdInformation,
1400	FileFsDriverPathInformation,
1401	FileFsVolumeFlagsInformation,
1402	FileFsSectorSizeInformation,
1403	FileFsDataCopyInformation,
1404	FileFsMaximumInformation
1405	} FS_INFORMATION_CLASS;
1406	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1407	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1408
1409	typedef struct _FILE_BOTH_DIR_INFORMATION
1410	{
1411	ULONG NextEntryOffset;
1412	ULONG FileIndex;
1413	LARGE_INTEGER CreationTime;
1414	LARGE_INTEGER LastAccessTime;
1415	LARGE_INTEGER LastWriteTime;
1416	LARGE_INTEGER ChangeTime;
1417	LARGE_INTEGER EndOfFile;
1418	LARGE_INTEGER AllocationSize;
1419	ULONG FileAttributes;
1420	ULONG FileNameLength;
1421	ULONG EaSize;
1422	CCHAR ShortNameLength;
1423	WCHAR ShortName[12];
1424	WCHAR FileName[1];
1425	} FILE_BOTH_DIR_INFORMATION;
1426	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1427	typedef struct _FILE_BASIC_INFORMATION
1428	{
1429	LARGE_INTEGER CreationTime;
1430	LARGE_INTEGER LastAccessTime;
1431	LARGE_INTEGER LastWriteTime;
1432	LARGE_INTEGER ChangeTime;
1433	ULONG FileAttributes;
1434	} FILE_BASIC_INFORMATION;
1435	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1436	typedef struct _FILE_STANDARD_INFORMATION
1437	{
1438	LARGE_INTEGER AllocationSize;
1439	LARGE_INTEGER EndOfFile;
1440	ULONG NumberOfLinks;
1441	BOOLEAN DeletePending;
1442	BOOLEAN Directory;
1443	} FILE_STANDARD_INFORMATION;
1444	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1445	typedef struct _FILE_NAME_INFORMATION
1446	{
1447	ULONG FileNameLength;
1448	WCHAR FileName[1];
1449	} FILE_NAME_INFORMATION;
1450	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1451	typedef enum _FILE_INFORMATION_CLASS
1452	{
1453	FileDirectoryInformation = 1,
1454	FileFullDirectoryInformation,
1455	FileBothDirectoryInformation,
1456	FileBasicInformation,
1457	FileStandardInformation,
1458	FileInternalInformation,
1459	FileEaInformation,
1460	FileAccessInformation,
1461	FileNameInformation,
1462	FileRenameInformation,
1463	FileLinkInformation,
1464	FileNamesInformation,
1465	FileDispositionInformation,
1466	FilePositionInformation,
1467	FileFullEaInformation,
1468	FileModeInformation,
1469	FileAlignmentInformation,
1470	FileAllInformation,
1471	FileAllocationInformation,
1472	FileEndOfFileInformation,
1473	FileAlternateNameInformation,
1474	FileStreamInformation,
1475	FilePipeInformation,
1476	FilePipeLocalInformation,
1477	FilePipeRemoteInformation,
1478	FileMailslotQueryInformation,
1479	FileMailslotSetInformation,
1480	FileCompressionInformation,
1481	FileObjectIdInformation,
1482	FileCompletionInformation,
1483	FileMoveClusterInformation,
1484	FileQuotaInformation,
1485	FileReparsePointInformation,
1486	FileNetworkOpenInformation,
1487	FileAttributeTagInformation,
1488	FileTrackingInformation,
1489	FileIdBothDirectoryInformation,
1490	FileIdFullDirectoryInformation,
1491	FileValidDataLengthInformation,
1492	FileShortNameInformation,
1493	FileIoCompletionNotificationInformation,
1494	FileIoStatusBlockRangeInformation,
1495	FileIoPriorityHintInformation,
1496	FileSfioReserveInformation,
1497	FileSfioVolumeInformation,
1498	FileHardLinkInformation,
1499	FileProcessIdsUsingFileInformation,
1500	FileNormalizedNameInformation,
1501	FileNetworkPhysicalNameInformation,
1502	FileIdGlobalTxDirectoryInformation,
1503	FileIsRemoteDeviceInformation,
1504	FileUnusedInformation,
1505	FileNumaNodeInformation,
1506	FileStandardLinkInformation,
1507	FileRemoteProtocolInformation,
1508	FileRenameInformationBypassAccessCheck,
1509	FileLinkInformationBypassAccessCheck,
1510	FileVolumeNameInformation,
1511	FileIdInformation,
1512	FileIdExtdDirectoryInformation,
1513	FileReplaceCompletionInformation,
1514	FileHardLinkFullIdInformation,
1515	FileMaximumInformation
1516	} FILE_INFORMATION_CLASS;
1517	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1518	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1519	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1520	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1521
1522	typedef struct _MEMORY_SECTION_NAME
1523	{
1524	UNICODE_STRING SectionFileName;
1525	WCHAR NameBuffer[1];
1526	} MEMORY_SECTION_NAME;
1527
1528	#ifdef IPRT_NT_USE_WINTERNL
1529	typedef struct _PROCESS_BASIC_INFORMATION
1530	{
1531	NTSTATUS ExitStatus;
1532	PPEB PebBaseAddress;
1533	ULONG_PTR AffinityMask;
1534	int32_t BasePriority;
1535	ULONG_PTR UniqueProcessId;
1536	ULONG_PTR InheritedFromUniqueProcessId;
1537	} PROCESS_BASIC_INFORMATION;
1538	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1539	#endif
1540
1541	typedef enum _PROCESSINFOCLASS
1542	{
1543	ProcessBasicInformation = 0,
1544	ProcessQuotaLimits,
1545	ProcessIoCounters,
1546	ProcessVmCounters,
1547	ProcessTimes,
1548	ProcessBasePriority,
1549	ProcessRaisePriority,
1550	ProcessDebugPort,
1551	ProcessExceptionPort,
1552	ProcessAccessToken,
1553	ProcessLdtInformation,
1554	ProcessLdtSize,
1555	ProcessDefaultHardErrorMode,
1556	ProcessIoPortHandlers,
1557	ProcessPooledUsageAndLimits,
1558	ProcessWorkingSetWatch,
1559	ProcessUserModeIOPL,
1560	ProcessEnableAlignmentFaultFixup,
1561	ProcessPriorityClass,
1562	ProcessWx86Information,
1563	ProcessHandleCount,
1564	ProcessAffinityMask,
1565	ProcessPriorityBoost,
1566	ProcessDeviceMap,
1567	ProcessSessionInformation,
1568	ProcessForegroundInformation,
1569	ProcessWow64Information,
1570	ProcessImageFileName,
1571	ProcessLUIDDeviceMapsEnabled,
1572	ProcessBreakOnTermination,
1573	ProcessDebugObjectHandle,
1574	ProcessDebugFlags,
1575	ProcessHandleTracing,
1576	ProcessIoPriority,
1577	ProcessExecuteFlags,
1578	ProcessTlsInformation,
1579	ProcessCookie,
1580	ProcessImageInformation,
1581	ProcessCycleTime,
1582	ProcessPagePriority,
1583	ProcessInstrumentationCallbak,
1584	ProcessThreadStackAllocation,
1585	ProcessWorkingSetWatchEx,
1586	ProcessImageFileNameWin32,
1587	ProcessImageFileMapping,
1588	ProcessAffinityUpdateMode,
1589	ProcessMemoryAllocationMode,
1590	ProcessGroupInformation,
1591	ProcessTokenVirtualizationEnabled,
1592	ProcessConsoleHostProcess,
1593	ProcessWindowsInformation,
1594	MaxProcessInfoClass
1595	} PROCESSINFOCLASS;
1596	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1597
1598	typedef enum _THREADINFOCLASS
1599	{
1600	ThreadBasicInformation = 0,
1601	ThreadTimes,
1602	ThreadPriority,
1603	ThreadBasePriority,
1604	ThreadAffinityMask,
1605	ThreadImpersonationToken,
1606	ThreadDescriptorTableEntry,
1607	ThreadEnableAlignmentFaultFixup,
1608	ThreadEventPair_Reusable,
1609	ThreadQuerySetWin32StartAddress,
1610	ThreadZeroTlsCell,
1611	ThreadPerformanceCount,
1612	ThreadAmILastThread,
1613	ThreadIdealProcessor,
1614	ThreadPriorityBoost,
1615	ThreadSetTlsArrayAddress,
1616	ThreadIsIoPending,
1617	ThreadHideFromDebugger,
1618	ThreadBreakOnTermination,
1619	ThreadSwitchLegacyState,
1620	ThreadIsTerminated,
1621	ThreadLastSystemCall,
1622	ThreadIoPriority,
1623	ThreadCycleTime,
1624	ThreadPagePriority,
1625	ThreadActualBasePriority,
1626	ThreadTebInformation,
1627	ThreadCSwitchMon,
1628	ThreadCSwitchPmu,
1629	ThreadWow64Context,
1630	ThreadGroupInformation,
1631	ThreadUmsInformation,
1632	ThreadCounterProfiling,
1633	ThreadIdealProcessorEx,
1634	ThreadCpuAccountingInformation,
1635	MaxThreadInfoClass
1636	} THREADINFOCLASS;
1637	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1638
1639	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1640
1641	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1642	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1643
1644	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1645	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1646
1647	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1648	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1649	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1650	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1651	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1652	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1653	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1654	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1655	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1656
1657	#endif /* IPRT_NT_USE_WINTERNL */
1658
1659	typedef enum _OBJECT_INFORMATION_CLASS
1660	{
1661	ObjectBasicInformation = 0,
1662	ObjectNameInformation,
1663	ObjectTypeInformation,
1664	ObjectAllInformation,
1665	ObjectDataInformation
1666	} OBJECT_INFORMATION_CLASS;
1667	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1668	#ifdef IN_RING0
1669	# define NtQueryObject ZwQueryObject
1670	#endif
1671	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1672	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1673	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1674
1675	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1676
1677	typedef struct _OBJECT_DIRECTORY_INFORMATION
1678	{
1679	UNICODE_STRING Name;
1680	UNICODE_STRING TypeName;
1681	} OBJECT_DIRECTORY_INFORMATION;
1682	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1683	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1684
1685	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1686	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1687	/** @name ProcessDefaultHardErrorMode bit definitions.
1688	* @{ */
1689	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1690	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1691	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1692	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1693	/** @} */
1694	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1695	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1696
1697	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1698	typedef struct _SECTION_IMAGE_INFORMATION
1699	{
1700	PVOID TransferAddress;
1701	ULONG ZeroBits;
1702	SIZE_T MaximumStackSize;
1703	SIZE_T CommittedStackSize;
1704	ULONG SubSystemType;
1705	union
1706	{
1707	struct
1708	{
1709	USHORT SubSystemMinorVersion;
1710	USHORT SubSystemMajorVersion;
1711	};
1712	ULONG SubSystemVersion;
1713	};
1714	ULONG GpValue;
1715	USHORT ImageCharacteristics;
1716	USHORT DllCharacteristics;
1717	USHORT Machine;
1718	BOOLEAN ImageContainsCode;
1719	union /*< Since Vista, used to be a spare BOOLEAN. /
1720	{
1721	struct
1722	{
1723	UCHAR ComPlusNativeRead : 1;
1724	UCHAR ComPlusILOnly : 1;
1725	UCHAR ImageDynamicallyRelocated : 1;
1726	UCHAR ImageMAppedFlat : 1;
1727	UCHAR Reserved : 4;
1728	};
1729	UCHAR ImageFlags;
1730	};
1731	ULONG LoaderFlags;
1732	ULONG ImageFileSize; /*< Since XP? /
1733	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1734	} SECTION_IMAGE_INFORMATION;
1735	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1736
1737	typedef enum _SECTION_INFORMATION_CLASS
1738	{
1739	SectionBasicInformation = 0,
1740	SectionImageInformation,
1741	MaxSectionInfoClass
1742	} SECTION_INFORMATION_CLASS;
1743	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1744
1745	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1746	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1747	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1748	#ifndef SYMBOLIC_LINK_QUERY
1749	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1750	#endif
1751	#ifndef SYMBOLIC_LINK_ALL_ACCESS
1752	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
1753	#endif
1754
1755	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1756	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1757	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1758	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1759	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1760	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1761
1762
1763	#ifndef SEC_FILE
1764	# define SEC_FILE UINT32_C(0x00800000)
1765	#endif
1766	#ifndef SEC_IMAGE
1767	# define SEC_IMAGE UINT32_C(0x01000000)
1768	#endif
1769	#ifndef SEC_PROTECTED_IMAGE
1770	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1771	#endif
1772	#ifndef SEC_NOCACHE
1773	# define SEC_NOCACHE UINT32_C(0x10000000)
1774	#endif
1775	#ifndef MEM_ROTATE
1776	# define MEM_ROTATE UINT32_C(0x00800000)
1777	#endif
1778	typedef enum _MEMORY_INFORMATION_CLASS
1779	{
1780	MemoryBasicInformation = 0,
1781	MemoryWorkingSetList,
1782	MemorySectionName,
1783	MemoryBasicVlmInformation
1784	} MEMORY_INFORMATION_CLASS;
1785	#ifdef IN_RING0
1786	typedef struct _MEMORY_BASIC_INFORMATION
1787	{
1788	PVOID BaseAddress;
1789	PVOID AllocationBase;
1790	ULONG AllocationProtect;
1791	SIZE_T RegionSize;
1792	ULONG State;
1793	ULONG Protect;
1794	ULONG Type;
1795	} MEMORY_BASIC_INFORMATION;
1796	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1797	# define NtQueryVirtualMemory ZwQueryVirtualMemory
1798	#endif
1799	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1800	#ifdef IPRT_NT_USE_WINTERNL
1801	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1802	#endif
1803	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1804	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1805
1806	typedef enum _SYSTEM_INFORMATION_CLASS
1807	{
1808	SystemBasicInformation = 0,
1809	SystemCpuInformation,
1810	SystemPerformanceInformation,
1811	SystemTimeOfDayInformation,
1812	SystemInformation_Unknown_4,
1813	SystemProcessInformation,
1814	SystemInformation_Unknown_6,
1815	SystemInformation_Unknown_7,
1816	SystemProcessorPerformanceInformation,
1817	SystemInformation_Unknown_9,
1818	SystemInformation_Unknown_10,
1819	SystemModuleInformation,
1820	SystemInformation_Unknown_12,
1821	SystemInformation_Unknown_13,
1822	SystemInformation_Unknown_14,
1823	SystemInformation_Unknown_15,
1824	SystemHandleInformation,
1825	SystemInformation_Unknown_17,
1826	SystemPageFileInformation,
1827	SystemInformation_Unknown_19,
1828	SystemInformation_Unknown_20,
1829	SystemCacheInformation,
1830	SystemInformation_Unknown_22,
1831	SystemInterruptInformation,
1832	SystemDpcBehaviourInformation,
1833	SystemFullMemoryInformation,
1834	SystemLoadGdiDriverInformation, /* 26 */
1835	SystemUnloadGdiDriverInformation, /* 27 */
1836	SystemTimeAdjustmentInformation,
1837	SystemSummaryMemoryInformation,
1838	SystemInformation_Unknown_30,
1839	SystemInformation_Unknown_31,
1840	SystemInformation_Unknown_32,
1841	SystemExceptionInformation,
1842	SystemCrashDumpStateInformation,
1843	SystemKernelDebuggerInformation,
1844	SystemContextSwitchInformation,
1845	SystemRegistryQuotaInformation,
1846	SystemInformation_Unknown_38,
1847	SystemInformation_Unknown_39,
1848	SystemInformation_Unknown_40,
1849	SystemInformation_Unknown_41,
1850	SystemInformation_Unknown_42,
1851	SystemInformation_Unknown_43,
1852	SystemCurrentTimeZoneInformation,
1853	SystemLookasideInformation,
1854	SystemSetTimeSlipEvent,
1855	SystemCreateSession,
1856	SystemDeleteSession,
1857	SystemInformation_Unknown_49,
1858	SystemRangeStartInformation,
1859	SystemVerifierInformation,
1860	SystemInformation_Unknown_52,
1861	SystemSessionProcessInformation,
1862	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1863	SystemInformation_Unknown_55,
1864	SystemInformation_Unknown_56,
1865	SystemExtendedProcessInformation,
1866	SystemInformation_Unknown_58,
1867	SystemInformation_Unknown_59,
1868	SystemInformation_Unknown_60,
1869	SystemInformation_Unknown_61,
1870	SystemInformation_Unknown_62,
1871	SystemInformation_Unknown_63,
1872	SystemExtendedHandleInformation, /* 64 */
1873	SystemInformation_Unknown_65,
1874	SystemInformation_Unknown_66,
1875	SystemInformation_Unknown_67,
1876	SystemInformation_Unknown_68,
1877	SystemInformation_HotPatchInfo, /* 69 */
1878	SystemInformation_Unknown_70,
1879	SystemInformation_Unknown_71,
1880	SystemInformation_Unknown_72,
1881	SystemInformation_Unknown_73,
1882	SystemInformation_Unknown_74,
1883	SystemInformation_Unknown_75,
1884	SystemInformation_Unknown_76,
1885	SystemInformation_Unknown_77,
1886	SystemInformation_Unknown_78,
1887	SystemInformation_Unknown_79,
1888	SystemInformation_Unknown_80,
1889	SystemInformation_Unknown_81,
1890	SystemInformation_Unknown_82,
1891	SystemInformation_Unknown_83,
1892	SystemInformation_Unknown_84,
1893	SystemInformation_Unknown_85,
1894	SystemInformation_Unknown_86,
1895	SystemInformation_Unknown_87,
1896	SystemInformation_Unknown_88,
1897	SystemInformation_Unknown_89,
1898	SystemInformation_Unknown_90,
1899	SystemInformation_Unknown_91,
1900	SystemInformation_Unknown_92,
1901	SystemInformation_Unknown_93,
1902	SystemInformation_Unknown_94,
1903	SystemInformation_Unknown_95,
1904	SystemInformation_KiOpPrefetchPatchCount,
1905
1906	/** @todo fill gap. they've added a whole bunch of things */
1907	SystemPolicyInformation = 134,
1908	SystemInformationClassMax
1909	} SYSTEM_INFORMATION_CLASS;
1910
1911	#ifdef IPRT_NT_USE_WINTERNL
1912	typedef struct _VM_COUNTERS
1913	{
1914	SIZE_T PeakVirtualSize;
1915	SIZE_T VirtualSize;
1916	ULONG PageFaultCount;
1917	SIZE_T PeakWorkingSetSize;
1918	SIZE_T WorkingSetSize;
1919	SIZE_T QuotaPeakPagedPoolUsage;
1920	SIZE_T QuotaPagedPoolUsage;
1921	SIZE_T QuotaPeakNonPagedPoolUsage;
1922	SIZE_T QuotaNonPagedPoolUsage;
1923	SIZE_T PagefileUsage;
1924	SIZE_T PeakPagefileUsage;
1925	} VM_COUNTERS;
1926	typedef VM_COUNTERS *PVM_COUNTERS;
1927	#endif
1928
1929	#if 0
1930	typedef struct _IO_COUNTERS
1931	{
1932	ULONGLONG ReadOperationCount;
1933	ULONGLONG WriteOperationCount;
1934	ULONGLONG OtherOperationCount;
1935	ULONGLONG ReadTransferCount;
1936	ULONGLONG WriteTransferCount;
1937	ULONGLONG OtherTransferCount;
1938	} IO_COUNTERS;
1939	typedef IO_COUNTERS *PIO_COUNTERS;
1940	#endif
1941
1942	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1943	{
1944	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
1945	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
1946	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
1947	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
1948	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
1949	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
1950	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
1951	int32_t BasePriority; /*< 0x40 / 0x48 /
1952	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
1953	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
1954	ULONG HandleCount; /*< 0x4c / 0x60 /
1955	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
1956	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
1957	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
1958	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
1959	/* After this follows the threads, then the ProcessName.Buffer. */
1960	} RTNT_SYSTEM_PROCESS_INFORMATION;
1961	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1962	#ifndef IPRT_NT_USE_WINTERNL
1963	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1964	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1965	#endif
1966
1967	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1968	{
1969	USHORT UniqueProcessId;
1970	USHORT CreatorBackTraceIndex;
1971	UCHAR ObjectTypeIndex;
1972	UCHAR HandleAttributes;
1973	USHORT HandleValue;
1974	PVOID Object;
1975	ULONG GrantedAccess;
1976	} SYSTEM_HANDLE_ENTRY_INFO;
1977	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
1978
1979	/** Returned by SystemHandleInformation */
1980	typedef struct _SYSTEM_HANDLE_INFORMATION
1981	{
1982	ULONG NumberOfHandles;
1983	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
1984	} SYSTEM_HANDLE_INFORMATION;
1985	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
1986
1987	/** Extended handle information entry.
1988	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
1989	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
1990	{
1991	PVOID Object;
1992	HANDLE UniqueProcessId;
1993	HANDLE HandleValue;
1994	ACCESS_MASK GrantedAccess;
1995	USHORT CreatorBackTraceIndex;
1996	USHORT ObjectTypeIndex;
1997	ULONG HandleAttributes;
1998	ULONG Reserved;
1999	} SYSTEM_HANDLE_ENTRY_INFO_EX;
2000	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2001
2002	/** Returned by SystemExtendedHandleInformation. */
2003	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2004	{
2005	ULONG_PTR NumberOfHandles;
2006	ULONG_PTR Reserved;
2007	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2008	} SYSTEM_HANDLE_INFORMATION_EX;
2009	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2010
2011	/** Input to SystemSessionProcessInformation. */
2012	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2013	{
2014	ULONG SessionId;
2015	ULONG BufferLength;
2016	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2017	PVOID Buffer;
2018	} SYSTEM_SESSION_PROCESS_INFORMATION;
2019	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2020
2021	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2022
2023	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2024	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2025	#ifndef IPRT_NT_USE_WINTERNL
2026	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2027	#endif
2028	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2029	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2030	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2031
2032	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2033
2034	#ifdef IPRT_NT_USE_WINTERNL
2035	typedef enum _EVENT_TYPE
2036	{
2037	/* Manual reset event. */
2038	NotificationEvent = 0,
2039	/* Automaitc reset event. */
2040	SynchronizationEvent
2041	} EVENT_TYPE;
2042	#endif
2043	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2044	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2045	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2046	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2047	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2048	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2049	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2050	typedef enum _EVENT_INFORMATION_CLASS
2051	{
2052	EventBasicInformation = 0
2053	} EVENT_INFORMATION_CLASS;
2054	/** Data returned by NtQueryEvent + EventBasicInformation. */
2055	typedef struct EVENT_BASIC_INFORMATION
2056	{
2057	EVENT_TYPE EventType;
2058	ULONG EventState;
2059	} EVENT_BASIC_INFORMATION;
2060	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2061	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2062
2063	#ifdef IPRT_NT_USE_WINTERNL
2064	/** For NtQueryValueKey. */
2065	typedef enum _KEY_VALUE_INFORMATION_CLASS
2066	{
2067	KeyValueBasicInformation = 0,
2068	KeyValueFullInformation,
2069	KeyValuePartialInformation,
2070	KeyValueFullInformationAlign64,
2071	KeyValuePartialInformationAlign64
2072	} KEY_VALUE_INFORMATION_CLASS;
2073
2074	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2075	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2076	{
2077	ULONG TitleIndex;
2078	ULONG Type;
2079	ULONG DataLength;
2080	UCHAR Data[1];
2081	} KEY_VALUE_PARTIAL_INFORMATION;
2082	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2083	#endif
2084	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2085	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2086
2087
2088	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2089
2090
2091	typedef struct _CURDIR
2092	{
2093	UNICODE_STRING DosPath;
2094	HANDLE Handle;
2095	} CURDIR;
2096	typedef CURDIR *PCURDIR;
2097
2098	typedef struct _RTL_DRIVE_LETTER_CURDIR
2099	{
2100	USHORT Flags;
2101	USHORT Length;
2102	ULONG TimeStamp;
2103	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
2104	} RTL_DRIVE_LETTER_CURDIR;
2105	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2106
2107	typedef struct _RTL_USER_PROCESS_PARAMETERS
2108	{
2109	ULONG MaximumLength;
2110	ULONG Length;
2111	ULONG Flags;
2112	ULONG DebugFlags;
2113	HANDLE ConsoleHandle;
2114	ULONG ConsoleFlags;
2115	HANDLE StandardInput;
2116	HANDLE StandardOutput;
2117	HANDLE StandardError;
2118	CURDIR CurrentDirectory;
2119	UNICODE_STRING DllPath;
2120	UNICODE_STRING ImagePathName;
2121	UNICODE_STRING CommandLine;
2122	PWSTR Environment;
2123	ULONG StartingX;
2124	ULONG StartingY;
2125	ULONG CountX;
2126	ULONG CountY;
2127	ULONG CountCharsX;
2128	ULONG CountCharsY;
2129	ULONG FillAttribute;
2130	ULONG WindowFlags;
2131	ULONG ShowWindowFlags;
2132	UNICODE_STRING WindowTitle;
2133	UNICODE_STRING DesktopInfo;
2134	UNICODE_STRING ShellInfo;
2135	UNICODE_STRING RuntimeInfo;
2136	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2137	SIZE_T EnvironmentSize; /*< Added in Vista /
2138	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
2139	PVOID PackageDependencyData; /*< Added Windows 8? /
2140	ULONG ProcessGroupId; /*< Added Windows 8? /
2141	} RTL_USER_PROCESS_PARAMETERS;
2142	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2143	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2144
2145	typedef struct _RTL_USER_PROCESS_INFORMATION
2146	{
2147	ULONG Size;
2148	HANDLE ProcessHandle;
2149	HANDLE ThreadHandle;
2150	CLIENT_ID ClientId;
2151	SECTION_IMAGE_INFORMATION ImageInformation;
2152	} RTL_USER_PROCESS_INFORMATION;
2153	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2154
2155
2156	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2157	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2158	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2159	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2160	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2161	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2162	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2163	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2164	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2165	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2166
2167	RT_C_DECLS_END
2168	/** @} */
2169
2170
2171	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
2172	/** @name NT Kernel APIs
2173	* @{ */
2174	RT_C_DECLS_BEGIN
2175
2176	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
2177
2178	NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2179	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2180	NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2181	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2182	NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2183	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2184	NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2185	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2186	NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2187	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2188	NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2189	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2190	NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2191	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2192	NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2193	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2194	NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2195	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2196	NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2197	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2198	/** Works like anding the complemented subtrahend with the minuend. */
2199	NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2200	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2201	NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2202	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2203	NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2204	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2205	NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2206	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2207	NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2208	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2209	NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2210	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2211	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2212	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
2213
2214	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2215	PVOID pvOptionalConditions, PHANDLE phFound);
2216	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2217	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2218	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2219	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2220	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2221	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2222	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2223	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
2224	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
2225
2226	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2227	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2228
2229	RT_C_DECLS_END
2230	/** @ */
2231	#endif /* IN_RING0 */
2232
2233
2234	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
2235	/** @name NT Userland APIs
2236	* @{ */
2237	RT_C_DECLS_BEGIN
2238
2239	#if 0 /** @todo figure this out some time... */
2240	typedef struct CSR_MSG_DATA_CREATED_PROCESS
2241	{
2242	HANDLE hProcess;
2243	HANDLE hThread;
2244	CLIENT_ID
2245	DWORD idProcess;
2246	DWORD idThread;
2247	DWORD fCreate;
2248
2249	} CSR_MSG_DATA_CREATED_PROCESS;
2250
2251	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2252	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2253	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2254	#endif
2255
2256	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2257
2258	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2259	{
2260	ULONG Flags;
2261	PCUNICODE_STRING FullDllName;
2262	PCUNICODE_STRING BaseDllName;
2263	PVOID DllBase;
2264	ULONG SizeOfImage;
2265	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2266	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2267	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2268
2269	typedef union _LDR_DLL_NOTIFICATION_DATA
2270	{
2271	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2272	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2273	} LDR_DLL_NOTIFICATION_DATA;
2274	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2275	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2276
2277	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2278
2279	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2280	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2281	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2282	PVOID *pvCookie);
2283	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
2284	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2285	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2286
2287	NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2288	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2289	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2290	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2291	NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2292	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2293	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2294	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2295	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2296	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2297	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2298	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2299	/** @since Windows XP. */
2300	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2301	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2302	/** @since Windows XP. */
2303	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2304	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2305	/** @since Windows 7. */
2306	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2307	/** @since Windows 7. */
2308	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2309	/** @since Windows 7. */
2310	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2311	OUT PHANDLE phDll);
2312	/** @since Windows 7. */
2313	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2314	OUT PHANDLE phDll);
2315	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2316	NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2317	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2318	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2319	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2320	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2321	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2322	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2323	/** @since Windows Vista. */
2324	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2325	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2326	/** @since Windows Vista. */
2327	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
2328	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2329	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2330	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2331	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2332	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2333	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2334	/** @since Windows XP. */
2335	NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2336	/** @since Windows XP. */
2337	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
2338	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2339	/** @since Windows XP. */
2340	NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2341	/** @since Windows XP. */
2342	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2343
2344	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2345	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
2346	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2347	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2348	IN PCUNICODE_STRING pOrgName,
2349	IN PUNICODE_STRING pDefaultSuffix,
2350	IN OUT PUNICODE_STRING pStaticString,
2351	IN OUT PUNICODE_STRING pDynamicString,
2352	IN OUT PUNICODE_STRING *ppResultString,
2353	IN PULONG pfNewFlags OPTIONAL,
2354	IN PSIZE_T pcbFilename OPTIONAL,
2355	IN PSIZE_T pcbNeeded OPTIONAL);
2356
2357	# ifdef IPRT_NT_USE_WINTERNL
2358	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2359	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2360	typedef struct _RTL_HEAP_PARAMETERS
2361	{
2362	ULONG Length;
2363	SIZE_T SegmentReserve;
2364	SIZE_T SegmentCommit;
2365	SIZE_T DeCommitFreeBlockThreshold;
2366	SIZE_T DeCommitTotalFreeThreshold;
2367	SIZE_T MaximumAllocationSize;
2368	SIZE_T VirtualMemoryThreshold;
2369	SIZE_T InitialCommit;
2370	SIZE_T InitialReserve;
2371	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2372	SIZE_T Reserved[2];
2373	} RTL_HEAP_PARAMETERS;
2374	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2375	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2376	PRTL_HEAP_PARAMETERS pParameters);
2377	/** @name Heap flags (for RtlCreateHeap).
2378	* @{ */
2379	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2380	# define HEAP_GROWABLE UINT32_C(0x00000002)
2381	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2382	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2383	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2384	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2385	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2386	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2387	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2388	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2389	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2390	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2391	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2392	# define HEAP_CLASS_0 UINT32_C(0x00000000)
2393	# define HEAP_CLASS_1 UINT32_C(0x00001000)
2394	# define HEAP_CLASS_2 UINT32_C(0x00002000)
2395	# define HEAP_CLASS_3 UINT32_C(0x00003000)
2396	# define HEAP_CLASS_4 UINT32_C(0x00004000)
2397	# define HEAP_CLASS_5 UINT32_C(0x00005000)
2398	# define HEAP_CLASS_6 UINT32_C(0x00006000)
2399	# define HEAP_CLASS_7 UINT32_C(0x00007000)
2400	# define HEAP_CLASS_8 UINT32_C(0x00008000)
2401	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2402	# endif
2403	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2404	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2405	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2406	# define HEAP_CLASS_GDI HEAP_CLASS_3
2407	# define HEAP_CLASS_USER HEAP_CLASS_4
2408	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2409	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2410	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2411	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2412	# ifdef IPRT_NT_USE_WINTERNL
2413	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2414	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2415	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2416	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2417	# endif /* IPRT_NT_USE_WINTERNL */
2418	/** @} */
2419	# ifdef IPRT_NT_USE_WINTERNL
2420	/** @name Heap tagging constants
2421	* @{ */
2422	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2423	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2424	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2425	# define HEAP_TAG_SHIFT 18 */
2426	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2427	/** @} */
2428	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2429	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2430	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2431	# endif /* IPRT_NT_USE_WINTERNL */
2432	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2433	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2434	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2435	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2436	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2437	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2438	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2439	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2440	NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2441	NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2442	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2443
2444	RT_C_DECLS_END
2445	/** @} */
2446	#endif /* IN_RING3 */
2447
2448	#endif
2449

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 54874

Download in other formats: