nt.h@ 57302

Last change on this file since 57302 was 57302, checked in by vboxsync, 9 years ago
iprt/nt/nt.h: PROCESSINFOCLASS updates.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 115.1 KB

Line
1	/* $Id: nt.h 57302 2015-08-13 00:28:25Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2015 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQuerySystemInformation ZwQuerySystemInformation
43	# define NtQuerySecurityObject ZwQuerySecurityObject
44	# define NtClose ZwClose
45	# define NtCreateFile ZwCreateFile
46	# define NtReadFile ZwReadFile
47	# define NtWriteFile ZwWriteFile
48	# define NtFlushBuffersFile ZwFlushBuffersFile
49	/** @todo this is very incomplete! */
50	#endif
51
52	#include <ntstatus.h>
53
54	/*
55	* Hacks common to both base header sets.
56	*/
57	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
58	#define NtQueryObject Incomplete_NtQueryObject
59	#define ZwQueryObject Incomplete_ZwQueryObject
60	#define NtSetInformationObject Incomplete_NtSetInformationObject
61	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
63	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
64	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
65	#define _PEB Incomplete__PEB
66	#define PEB Incomplete_PEB
67	#define PPEB Incomplete_PPEB
68	#define _TEB Incomplete__TEB
69	#define TEB Incomplete_TEB
70	#define PTEB Incomplete_PTEB
71	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
72	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
73	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
74	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
75	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
76	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
77
78
79
80	#ifdef IPRT_NT_USE_WINTERNL
81	/*
82	* Use Winternl.h.
83	*/
84	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
85	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
86	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
87
88	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
89	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
90	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
91	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
92	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
93	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
94	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
96	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
97	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
98	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
99	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
100
101	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
102	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
103	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
104
105	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
106	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
107	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
108	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
109	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
110
111	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
112	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
113	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
114	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
115	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
116	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
117	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
118	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
119	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
120	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
121	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
122	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
123	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
124	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
125
126
127	# define WIN32_NO_STATUS
128	# include <windef.h>
129	# include <winnt.h>
130	# include <winternl.h>
131	# undef WIN32_NO_STATUS
132	# include <ntstatus.h>
133
134
135	# undef _FILE_INFORMATION_CLASS
136	# undef FILE_INFORMATION_CLASS
137	# undef FileDirectoryInformation
138
139	# undef NtQueryInformationProcess
140	# undef NtSetInformationProcess
141	# undef PROCESSINFOCLASS
142	# undef _PROCESSINFOCLASS
143	# undef PROCESS_BASIC_INFORMATION
144	# undef PPROCESS_BASIC_INFORMATION
145	# undef _PROCESS_BASIC_INFORMATION
146	# undef ProcessBasicInformation
147	# undef ProcessDebugPort
148	# undef ProcessWow64Information
149	# undef ProcessImageFileName
150	# undef ProcessBreakOnTermination
151
152	# undef RTL_USER_PROCESS_PARAMETERS
153	# undef PRTL_USER_PROCESS_PARAMETERS
154	# undef _RTL_USER_PROCESS_PARAMETERS
155
156	# undef NtQueryInformationThread
157	# undef NtSetInformationThread
158	# undef THREADINFOCLASS
159	# undef _THREADINFOCLASS
160	# undef ThreadIsIoPending
161
162	# undef NtQuerySystemInformation
163	# undef NtSetSystemInformation
164	# undef SYSTEM_INFORMATION_CLASS
165	# undef _SYSTEM_INFORMATION_CLASS
166	# undef SystemBasicInformation
167	# undef SystemPerformanceInformation
168	# undef SystemTimeOfDayInformation
169	# undef SystemProcessInformation
170	# undef SystemProcessorPerformanceInformation
171	# undef SystemInterruptInformation
172	# undef SystemExceptionInformation
173	# undef SystemRegistryQuotaInformation
174	# undef SystemLookasideInformation
175	# undef SystemPolicyInformation
176
177	#else
178	/*
179	* Use ntifs.h and wdm.h.
180	*/
181	# ifdef RT_ARCH_X86
182	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
183	# pragma warning(disable : 4163)
184	# endif
185
186	# include <ntifs.h>
187	# include <wdm.h>
188
189	# ifdef RT_ARCH_X86
190	# pragma warning(default : 4163)
191	# undef _InterlockedAddLargeStatistic
192	# endif
193
194	# define IPRT_NT_NEED_API_GROUP_NTIFS
195	#endif
196
197	#undef RtlFreeUnicodeString
198	#undef NtQueryObject
199	#undef ZwQueryObject
200	#undef NtSetInformationObject
201	#undef _OBJECT_INFORMATION_CLASS
202	#undef OBJECT_INFORMATION_CLASS
203	#undef ObjectBasicInformation
204	#undef ObjectTypeInformation
205	#undef _PEB
206	#undef PEB
207	#undef PPEB
208	#undef _TEB
209	#undef TEB
210	#undef PTEB
211	#undef _PEB_LDR_DATA
212	#undef PEB_LDR_DATA
213	#undef PPEB_LDR_DATA
214	#undef _KUSER_SHARED_DATA
215	#undef KUSER_SHARED_DATA
216	#undef PKUSER_SHARED_DATA
217
218
219	#include <iprt/types.h>
220	#include <iprt/assert.h>
221
222
223	/** @name Useful macros
224	* @{ */
225	/** Indicates that we're targeting native NT in the current source. */
226	#define RTNT_USE_NATIVE_NT 1
227	/** Initializes a IO_STATUS_BLOCK. */
228	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
229	/** Reinitializes a IO_STATUS_BLOCK. */
230	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
231	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
232	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
233	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
234	/** Constant UNICODE_STRING initializer. */
235	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
236	/** @} */
237
238
239	/** @name IPRT helper functions for NT
240	* @{ */
241	RT_C_DECLS_BEGIN
242
243	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
244	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
245	PHANDLE phHandle, PULONG_PTR puDisposition);
246	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
247	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
248	RTDECL(int) RTNtPathClose(HANDLE hHandle);
249
250	/**
251	* Converts a UTF-16 windows-style path to NT format.
252	*
253	* @returns IPRT status code.
254	* @param pNtName Where to return the NT name. Free using
255	* RTNtPathFree.
256	* @param phRootDir Where to return the root handle, if applicable.
257	* @param pwszPath The UTF-16 windows-style path.
258	* @param cwcPath The max length of the windows-style path in
259	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
260	* pwszPath is correctly terminated.
261	*/
262	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
263
264	/**
265	* Frees the native path and root handle.
266	*
267	* @param pNtName The NT path after a successful
268	* RTNtPathFromWinUtf16Ex call.
269	* @param phRootDir The root handle variable after a successfull
270	* RTNtPathFromWinUtf16Ex call.
271	*/
272	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
273
274
275	RT_C_DECLS_END
276	/** @} */
277
278
279	/** @name NT API delcarations.
280	* @{ */
281	RT_C_DECLS_BEGIN
282
283	/** @name Process access rights missing in ntddk headers
284	* @{ */
285	#ifndef PROCESS_TERMINATE
286	# define PROCESS_TERMINATE UINT32_C(0x00000001)
287	#endif
288	#ifndef PROCESS_CREATE_THREAD
289	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
290	#endif
291	#ifndef PROCESS_SET_SESSIONID
292	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
293	#endif
294	#ifndef PROCESS_VM_OPERATION
295	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
296	#endif
297	#ifndef PROCESS_VM_READ
298	# define PROCESS_VM_READ UINT32_C(0x00000010)
299	#endif
300	#ifndef PROCESS_VM_WRITE
301	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
302	#endif
303	#ifndef PROCESS_DUP_HANDLE
304	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
305	#endif
306	#ifndef PROCESS_CREATE_PROCESS
307	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
308	#endif
309	#ifndef PROCESS_SET_QUOTA
310	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
311	#endif
312	#ifndef PROCESS_SET_INFORMATION
313	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
314	#endif
315	#ifndef PROCESS_QUERY_INFORMATION
316	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
317	#endif
318	#ifndef PROCESS_SUSPEND_RESUME
319	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
320	#endif
321	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
322	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
323	#endif
324	#ifndef PROCESS_SET_LIMITED_INFORMATION
325	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
326	#endif
327	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
328	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
329	#ifndef PROCESS_ALL_ACCESS
330	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
331	#endif
332	/** @} */
333
334	/** @name Thread access rights missing in ntddk headers
335	* @{ */
336	#ifndef THREAD_QUERY_INFORMATION
337	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
338	#endif
339	#ifndef THREAD_SET_THREAD_TOKEN
340	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
341	#endif
342	#ifndef THREAD_IMPERSONATE
343	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
344	#endif
345	#ifndef THREAD_DIRECT_IMPERSONATION
346	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
347	#endif
348	#ifndef THREAD_RESUME
349	# define THREAD_RESUME UINT32_C(0x00001000)
350	#endif
351	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
352	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
353	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
354	/** @} */
355
356	/** @name Special handle values.
357	* @{ */
358	#ifndef NtCurrentProcess
359	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
360	#endif
361	#ifndef NtCurrentThread
362	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
363	#endif
364	#ifndef ZwCurrentProcess
365	# define ZwCurrentProcess() NtCurrentProcess()
366	#endif
367	#ifndef ZwCurrentThread
368	# define ZwCurrentThread() NtCurrentThread()
369	#endif
370	/** @} */
371
372
373	/** @name Directory object access rights.
374	* @{ */
375	#ifndef DIRECTORY_QUERY
376	# define DIRECTORY_QUERY UINT32_C(0x00000001)
377	#endif
378	#ifndef DIRECTORY_TRAVERSE
379	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
380	#endif
381	#ifndef DIRECTORY_CREATE_OBJECT
382	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
383	#endif
384	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
385	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
386	#endif
387	#ifndef DIRECTORY_ALL_ACCESS
388	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
389	#endif
390	/** @} */
391
392
393
394	#ifdef IPRT_NT_USE_WINTERNL
395	typedef struct _CLIENT_ID
396	{
397	HANDLE UniqueProcess;
398	HANDLE UniqueThread;
399	} CLIENT_ID;
400	typedef CLIENT_ID *PCLIENT_ID;
401	#endif
402
403	/** Extended affinity type, introduced in Windows 7 (?). */
404	typedef struct _KAFFINITY_EX
405	{
406	/** Count of valid bitmap entries. */
407	uint16_t Count;
408	/** Count of allocated bitmap entries. */
409	uint16_t Size;
410	/** Reserved / aligmment padding. */
411	uint32_t Reserved;
412	/** Bitmap where one bit corresponds to a CPU. */
413	uintptr_t Bitmap[20];
414	} KAFFINITY_EX;
415	typedef KAFFINITY_EX *PKAFFINITY_EX;
416	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
417
418	/** @name User Shared Data
419	* @{ */
420
421	#ifdef IPRT_NT_USE_WINTERNL
422	typedef struct _KSYSTEM_TIME
423	{
424	ULONG LowPart;
425	LONG High1Time;
426	LONG High2Time;
427	} KSYSTEM_TIME;
428	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
429
430	typedef enum _NT_PRODUCT_TYPE
431	{
432	NtProductWinNt = 1,
433	NtProductLanManNt,
434	NtProductServer
435	} NT_PRODUCT_TYPE;
436
437	#define PROCESSOR_FEATURE_MAX 64
438
439	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
440	{
441	StandardDesign = 0,
442	NEC98x86,
443	EndAlternatives
444	} ALTERNATIVE_ARCHITECTURE_TYPE;
445
446	# if 0
447	typedef struct _XSTATE_FEATURE
448	{
449	ULONG Offset;
450	ULONG Size;
451	} XSTATE_FEATURE;
452	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
453
454	#define MAXIMUM_XSTATE_FEATURES 64
455
456	typedef struct _XSTATE_CONFIGURATION
457	{
458	ULONG64 EnabledFeatures;
459	ULONG Size;
460	ULONG OptimizedSave : 1;
461	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
462	} XSTATE_CONFIGURATION;
463	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
464	# endif
465	#endif /* IPRT_NT_USE_WINTERNL */
466
467	typedef struct _KUSER_SHARED_DATA
468	{
469	ULONG TickCountLowDeprecated; /*< 0x000 /
470	ULONG TickCountMultiplier; /*< 0x004 /
471	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
472	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
473	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
474	USHORT ImageNumberLow; /*< 0x02c /
475	USHORT ImageNumberHigh; /*< 0x02e /
476	WCHAR NtSystemRoot[260]; /*< 0x030 /
477	ULONG MaxStackTraceDepth; /*< 0x238 /
478	ULONG CryptoExponent; /*< 0x23c /
479	ULONG TimeZoneId; /*< 0x240 /
480	ULONG LargePageMinimum; /*< 0x244 /
481	ULONG AitSamplingValue; /*< 0x248 /
482	ULONG AppCompatFlag; /*< 0x24c /
483	ULONGLONG RNGSeedVersion; /*< 0x250 /
484	ULONG GlobalValidationRunlevel; /*< 0x258 /
485	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
486	ULONG Reserved2; /*< 0x260 /
487	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
488	BOOLEAN ProductTypeIsValid; /*< 0x268 /
489	BOOLEAN Reserved0[1]; /*< 0x269 /
490	USHORT NativeProcessorArchitecture; /*< 0x26a /
491	ULONG NtMajorVersion; /*< 0x26c /
492	ULONG NtMinorVersion; /*< 0x270 /
493	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
494	ULONG Reserved1; /*< 0x2b4 /
495	ULONG Reserved3; /*< 0x2b8 /
496	ULONG volatile TimeSlip; /*< 0x2bc /
497	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
498	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
499	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
500	ULONG SuiteMask; /*< 0x2d0 /
501	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
502	union /*< 0x2d5 /
503	{
504	UCHAR MitigationPolicies; /*< 0x2d5 /
505	struct
506	{
507	UCHAR NXSupportPolicy : 2;
508	UCHAR SEHValidationPolicy : 2;
509	UCHAR CurDirDevicesSkippedForDlls : 2;
510	UCHAR Reserved : 2;
511	};
512	};
513	UCHAR Reserved6[2]; /*< 0x2d6 /
514	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
515	ULONG volatile DismountCount; /*< 0x2dc /
516	ULONG ComPlusPackage; /*< 0x2e0 /
517	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
518	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
519	BOOLEAN SafeBootMode; /*< 0x2ec /
520	UCHAR Reserved12[3]; /*< 0x2ed /
521	union /*< 0x2f0 /
522	{
523	ULONG SharedDataFlags; /*< 0x2f0 /
524	struct
525	{
526	ULONG DbgErrorPortPresent : 1;
527	ULONG DbgElevationEnabled : 1;
528	ULONG DbgVirtEnabled : 1;
529	ULONG DbgInstallerDetectEnabled : 1;
530	ULONG DbgLkgEnabled : 1;
531	ULONG DbgDynProcessorEnabled : 1;
532	ULONG DbgConsoleBrokerEnabled : 1;
533	ULONG DbgSecureBootEnabled : 1;
534	ULONG SpareBits : 24;
535	};
536	};
537	ULONG DataFlagsPad[1]; /*< 0x2f4 /
538	ULONGLONG TestRetInstruction; /*< 0x2f8 /
539	LONGLONG QpcFrequency; /*< 0x300 /
540	ULONGLONG SystemCallPad[3]; /*< 0x308 /
541	union /*< 0x320 /
542	{
543	ULONG64 volatile TickCountQuad; /*< 0x320 /
544	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
545	struct /*< 0x320 /
546	{
547	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
548	ULONG TickCountPad[1]; /*< 0x32c /
549	};
550	};
551	ULONG Cookie; /*< 0x330 /
552	ULONG CookiePad[1]; /*< 0x334 /
553	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
554	ULONGLONG TimeUpdateLock; /*< 0x340 /
555	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
556	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
557	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
558	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
559	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
560	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
561	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
562	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
563	UCHAR Reserved8[14]; /*< 0x372 /
564	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
565	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
566	ULONG LangGenerationCount; /*< 0x3a4 /
567	ULONGLONG Reserved4; /*< 0x3a8 /
568	ULONGLONG volatile InterruptTimeBias; /*< 0x3b0 /
569	ULONGLONG volatile QpcBias; /*< 0x3b8 /
570	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
571	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
572	UCHAR Reserved9; /*< 0x3c5 /
573	union /*< 0x3c6 /
574	{
575	USHORT QpcData; /*< 0x3c6 /
576	struct /*< 0x3c6 /
577	{
578	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
579	UCHAR QpcShift; /*< 0x3c7 /
580	};
581	};
582	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
583	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
584	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
585	} KUSER_SHARED_DATA;
586	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
587	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
588	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
589	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
590	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
591	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
592	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
593	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
594	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
595	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
596	/** @def MM_SHARED_USER_DATA_VA
597	* Read only userland mapping of KUSER_SHARED_DATA. */
598	#ifndef MM_SHARED_USER_DATA_VA
599	# if ARCH_BITS == 32
600	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
601	# elif ARCH_BITS == 64
602	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
603	# else
604	# error "Unsupported/undefined ARCH_BITS value."
605	# endif
606	#endif
607	/** @def KI_USER_SHARED_DATA
608	* Read write kernel mapping of KUSER_SHARED_DATA. */
609	#ifndef KI_USER_SHARED_DATA
610	# ifdef RT_ARCH_X86
611	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
612	# elif defined(RT_ARCH_AMD64)
613	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
614	# else
615	# error "PORT ME - KI_USER_SHARED_DATA"
616	# endif
617	#endif
618	/** @} */
619
620
621	/** @name Process And Thread Environment Blocks
622	* @{ */
623
624	typedef struct _PEB_LDR_DATA
625	{
626	uint32_t Length;
627	BOOLEAN Initialized;
628	BOOLEAN Padding[3];
629	HANDLE SsHandle;
630	LIST_ENTRY InLoadOrderModuleList;
631	LIST_ENTRY InMemoryOrderModuleList;
632	LIST_ENTRY InInitializationOrderModuleList;
633	/* End NT4 */
634	LIST_ENTRY *EntryInProgress;
635	BOOLEAN ShutdownInProgress;
636	HANDLE ShutdownThreadId;
637	} PEB_LDR_DATA;
638	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
639
640	typedef struct _PEB_COMMON
641	{
642	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
643	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
644	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
645	union
646	{
647	uint8_t BitField; /*< 0x003 / 0x003 /
648	struct
649	{
650	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
651	} Common;
652	struct
653	{
654	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
655	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
656	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
657	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
658	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
659	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
660	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
661	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
662	} W81;
663	struct
664	{
665	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
666	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
667	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
668	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
669	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
670	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
671	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
672	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
673	} W80;
674	struct
675	{
676	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
677	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
678	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
679	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
680	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
681	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
682	} W7;
683	struct
684	{
685	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
686	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
687	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
688	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
689	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
690	} W6;
691	struct
692	{
693	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
694	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
695	} W52;
696	struct
697	{
698	BOOLEAN SpareBool;
699	} W51;
700	} Diff0;
701	#if ARCH_BITS == 64
702	uint32_t Padding0; /*< 0x004 / NA /
703	#endif
704	HANDLE Mutant; /*< 0x008 / 0x004 /
705	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
706	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
707	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
708	PVOID SubSystemData; /*< 0x028 / 0x014 /
709	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
710	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
711	union
712	{
713	struct
714	{
715	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
716	PVOID IFEOKey; /*< 0x048 / 0x024 /
717	union
718	{
719	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
720	struct
721	{
722	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
723	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
724	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
725	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
726	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
727	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
728	} W7, W8, W80, W81;
729	struct
730	{
731	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
732	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
733	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
734	} W6;
735	};
736	#if ARCH_BITS == 64
737	uint32_t Padding1; /*< 0x054 / /
738	#endif
739	} W6, W7, W8, W80, W81;
740	struct
741	{
742	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
743	PVOID SparePtr2; /*< 0x048 / 0x024 /
744	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
745	#if ARCH_BITS == 64
746	uint32_t Padding1; /*< 0x054 / /
747	#endif
748	} W52;
749	struct
750	{
751	PVOID FastPebLockRoutine; /*< NA / 0x020 /
752	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
753	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
754	} W51;
755	} Diff1;
756	union
757	{
758	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
759	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
760	};
761	uint32_t SystemReserved; /*< 0x060 / 0x030 /
762	union
763	{
764	struct
765	{
766	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
767	} W7, W8, W80, W81;
768	struct
769	{
770	uint32_t SpareUlong; /*< 0x064 / 0x034 /
771	} W52, W6;
772	struct
773	{
774	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
775	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
776	} W51;
777	} Diff2;
778	union
779	{
780	struct
781	{
782	PVOID ApiSetMap; /*< 0x068 / 0x038 /
783	} W7, W8, W80, W81;
784	struct
785	{
786	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
787	} W52, W6;
788	struct
789	{
790	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
791	} W51;
792	} Diff3;
793	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
794	#if ARCH_BITS == 64
795	uint32_t Padding2; /*< 0x074 / NA /
796	#endif
797	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
798	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
799	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
800	union
801	{
802	struct
803	{
804	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
805	} W81;
806	struct
807	{
808	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
809	} W6, W7, W80;
810	struct
811	{
812	PVOID ReadOnlySharedMemoryHeap;
813	} W52;
814	} Diff4;
815	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
816	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
817	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
818	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
819	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
820	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
821	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
822	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
823	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
824	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
825	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
826	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
827	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
828	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
829	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
830	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
831	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
832	#if ARCH_BITS == 64
833	uint32_t Padding3; /*< 0x10c / NA /
834	#endif
835	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
836	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
837	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
838	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
839	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
840	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
841	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
842	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
843	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
844	#if ARCH_BITS == 64
845	uint32_t Padding4; /*< 0x134 / NA /
846	#endif
847	union
848	{
849	struct
850	{
851	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
852	} W7, W8, W80, W81;
853	struct
854	{
855	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
856	} W52, W6;
857	} Diff5;
858	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
859	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
860	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
861	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
862	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
863	#if ARCH_BITS == 64
864	uint32_t Padding5; /*< 0x2c4 / NA /
865	#endif
866	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
867	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
868	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
869	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
870	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
871	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
872	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
873	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
874	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
875	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
876	/* End of PEB in W52 (Windows XP (RTM))! */
877	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
878	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
879	PVOID FlsBitmap; /*< 0x338 / 0x218 /
880	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
881	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
882	/* End of PEB in W52 (Windows Server 2003)! */
883	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
884	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
885	/* End of PEB in W6 (windows Vista)! */
886	union
887	{
888	struct
889	{
890	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
891	} W8, W80, W81;
892	struct
893	{
894	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
895	} W7;
896	} Diff6;
897	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
898	union
899	{
900	uint32_t TracingFlags; /*< 0x378 / 0x240 /
901	struct
902	{
903	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
904	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
905	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
906	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
907	} W8, W80, W81;
908	struct
909	{
910	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
911	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
912	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
913	} W7;
914	} Diff7;
915	#if ARCH_BITS == 64
916	uint32_t Padding6; /*< 0x37c / NA /
917	#endif
918	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
919	} PEB_COMMON;
920	typedef PEB_COMMON *PPEB_COMMON;
921
922	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
923	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
924	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
925	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
926	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
927	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
928	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
929	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
930	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
931
932	/** The size of the windows 8.1 PEB structure. */
933	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
934	/** The size of the windows 8.0 PEB structure. */
935	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
936	/** The size of the windows 7 PEB structure. */
937	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
938	/** The size of the windows vista PEB structure. */
939	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
940	/** The size of the windows server 2003 PEB structure. */
941	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
942	/** The size of the windows XP PEB structure. */
943	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
944
945	#if 0
946	typedef struct _NT_TIB
947	{
948	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
949	PVOID StackBase;
950	PVOID StackLimit;
951	PVOID SubSystemTib;
952	union
953	{
954	PVOID FiberData;
955	ULONG Version;
956	};
957	PVOID ArbitraryUserPointer;
958	struct _NT_TIB *Self;
959	} NT_TIB;
960	typedef NT_TIB *PNT_TIB;
961	#endif
962
963	typedef struct _ACTIVATION_CONTEXT_STACK
964	{
965	uint32_t Flags;
966	uint32_t NextCookieSequenceNumber;
967	PVOID ActiveFrame;
968	LIST_ENTRY FrameListCache;
969	} ACTIVATION_CONTEXT_STACK;
970
971	/* Common TEB. */
972	typedef struct _TEB_COMMON
973	{
974	NT_TIB NtTib; /*< 0x000 / 0x000 /
975	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
976	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
977	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
978	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
979	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
980	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
981	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
982	PVOID CsrClientThread; /*< 0x070 / 0x03c /
983	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
984	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
985	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
986	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
987	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
988	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
989	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
990	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
991	#if ARCH_BITS == 64
992	uint32_t Padding0; /*< 0x2c4 / NA /
993	#endif
994	union
995	{
996	struct
997	{
998	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
999	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1000	} W52, W6, W7, W8, W80, W81;
1001	#if ARCH_BITS == 32
1002	struct
1003	{
1004	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1005	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1006	} W51;
1007	#endif
1008	} Diff0;
1009	union
1010	{
1011	struct
1012	{
1013	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1014	} W6, W7, W8, W80, W81;
1015	struct
1016	{
1017	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1018	} W52;
1019	} Diff1;
1020	#if ARCH_BITS == 64
1021	uint32_t Padding1; /*< 0x2ec / NA /
1022	#endif
1023	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1024	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1025	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1026	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1027	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1028	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1029	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1030	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1031	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1032	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1033	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1034	PVOID glSection; /*< 0x1230 / 0xbe4 /
1035	PVOID glTable; /*< 0x1238 / 0xbe8 /
1036	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1037	PVOID glContext; /*< 0x1248 / 0xbf0 /
1038	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1039	#if ARCH_BITS == 64
1040	uint32_t Padding2; /*< 0x1254 / NA /
1041	#endif
1042	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1043	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1044	#if ARCH_BITS == 64
1045	WCHAR Padding3[3]; /*< 0x1472 / NA /
1046	#endif
1047	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1048	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1049	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1050	PVOID Vdm; /*< 0x1690 / 0xf18 /
1051	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1052	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1053	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1054	#if ARCH_BITS == 64
1055	uint32_t Padding4; /*< 0x16b4 / NA /
1056	#endif
1057	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1058	union
1059	{
1060	struct
1061	{
1062	GUID ActivityId; /*< 0x1710 / 0xf50 /
1063	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1064	} W6, W7, W8, W80, W81;
1065	struct
1066	{
1067	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1068	} W52;
1069	} Diff2;
1070	union /*< 0x1728 / 0xf64 /
1071	{
1072	struct
1073	{
1074	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1075	} W8, W80, W81;
1076	struct
1077	{
1078	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1079	} W7, W6;
1080	struct
1081	{
1082	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1083	} W52;
1084	struct
1085	{
1086	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1087	} W51;
1088	} Diff3;
1089	union
1090	{
1091	struct
1092	{
1093	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1094	} W52, W6, W7, W8, W80, W81;
1095	struct
1096	{
1097	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1098	} W51;
1099	} Diff4;
1100	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1101	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1102	union
1103	{
1104	union
1105	{
1106	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1107	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1108	struct
1109	{
1110	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1111	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1112	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1113	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1114	};
1115	} W6, W7, W8, W80, W81;
1116	struct
1117	{
1118	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1119	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1120	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1121	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1122	} W51, W52;
1123	} Diff5;
1124	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1125	#if ARCH_BITS == 64
1126	uint32_t Padding5; /*< 0x174c / NA /
1127	#endif
1128	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1129	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1130	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1131	#if ARCH_BITS == 64
1132	uint32_t Padding6; /*< 0x1764 / NA /
1133	#endif
1134	union /*< 0x1770 / 0xf8c /
1135	{
1136	struct
1137	{
1138	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1139	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1140	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1141	} W8, W80, W81;
1142	struct
1143	{
1144	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1145	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1146	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1147	} W6, W7;
1148	struct
1149	{
1150	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1151	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1152	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1153	} W52;
1154	#if ARCH_BITS == 32
1155	struct _Wx86ThreadState
1156	{
1157	PVOID CallBx86Eip; /*< NA / 0xf88 /
1158	PVOID DeallocationCpu; /*< NA / 0xf8c /
1159	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1160	int8_t OleStubInvoked; /*< NA / 0xf91 /
1161	} W51;
1162	#endif
1163	} Diff6;
1164	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1165	#if ARCH_BITS == 64
1166	PVOID DallocationBStore; /*< 0x1788 / NA /
1167	PVOID BStoreLimit; /*< 0x1790 / NA /
1168	#endif
1169	union
1170	{
1171	struct
1172	{
1173	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1174	} W7, W8, W80, W81;
1175	struct
1176	{
1177	uint32_t ImpersonationLocale;
1178	} W6;
1179	} Diff7;
1180	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1181	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1182	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1183	union /*< 0x17b0 / 0xfa8 /
1184	{
1185	struct
1186	{
1187	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1188	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1189	} W8, W80, W81;
1190	struct
1191	{
1192	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1193	} W7;
1194	} Diff8;
1195	#if ARCH_BITS == 64
1196	uint32_t Padding7; /*< 0x17b4 / NA /
1197	#endif
1198	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1199	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1200	/* End of TEB in W51 (Windows XP)! */
1201	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1202	union
1203	{
1204	struct
1205	{
1206	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1207	} W6, W7, W8, W80, W81;
1208	struct
1209	{
1210	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1211	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1212	/* End of TEB in W52 (Windows server 2003)! */
1213	} W52;
1214	} Diff9;
1215	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1216	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1217	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1218	union
1219	{
1220	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1221	struct
1222	{
1223	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1224	};
1225	};
1226	union
1227	{
1228	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1229	struct
1230	{
1231	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1232	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1233	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1234	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1235	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1236	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1237	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1238	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1239	} Common;
1240	struct
1241	{
1242	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1243	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1244	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1245	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1246	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1247	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1248	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1249	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1250	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1251	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1252	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1253	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1254	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1255	} W8, W80, W81;
1256	struct
1257	{
1258	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1259	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1260	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1261	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1262	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1263	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1264	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1265	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1266	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1267	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1268	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1269	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1270	} W7;
1271	struct
1272	{
1273	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1274	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1275	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1276	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1277	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1278	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1279	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1280	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1281	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1282	} W6;
1283	} Diff10;
1284	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1285	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1286	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1287	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1288	union
1289	{
1290	struct
1291	{
1292	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1293	} W7, W8, W80, W81;
1294	struct
1295	{
1296	uint32_t ProcessRundown;
1297	} W6;
1298	} Diff11;
1299	union
1300	{
1301	struct
1302	{
1303	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1304	/* End of TEB in W7 (windows 7)! */
1305	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1306	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1307	} W8, W80, W81;
1308	struct
1309	{
1310	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1311	} W7;
1312	struct
1313	{
1314	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1315	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1316	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1317	/* End of TEB in W6 (windows Vista)! */
1318	} W6;
1319	} Diff12;
1320	} TEB_COMMON;
1321	typedef TEB_COMMON *PTEB_COMMON;
1322	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1323	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1324	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1325	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1326	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1327	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1328	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1329	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1330	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1331	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1332	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1333	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1334	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1335
1336
1337	/** The size of the windows 8.1 PEB structure. */
1338	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1339	/** The size of the windows 8.0 PEB structure. */
1340	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1341	/** The size of the windows 7 PEB structure. */
1342	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1343	/** The size of the windows vista PEB structure. */
1344	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1345	/** The size of the windows server 2003 PEB structure. */
1346	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1347	/** The size of the windows XP PEB structure. */
1348	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1349
1350
1351
1352	#define _PEB _PEB_COMMON
1353	typedef PEB_COMMON PEB;
1354	typedef PPEB_COMMON PPEB;
1355
1356	#define _TEB _TEB_COMMON
1357	typedef TEB_COMMON TEB;
1358	typedef PTEB_COMMON PTEB;
1359
1360	#define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1361	#define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1362	#define NtCurrentPeb() RTNtCurrentPeb()
1363	#define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1364
1365	/** @} */
1366
1367
1368	#ifdef IPRT_NT_USE_WINTERNL
1369	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1370	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1371	typedef enum _SECTION_INHERIT
1372	{
1373	ViewShare = 1,
1374	ViewUnmap
1375	} SECTION_INHERIT;
1376	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1377	ULONG, ULONG);
1378
1379
1380	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1381	{
1382	ULONG FileSystemAttributes;
1383	LONG MaximumComponentNameLength;
1384	ULONG FileSystemNameLength;
1385	WCHAR FileSystemName[1];
1386	} FILE_FS_ATTRIBUTE_INFORMATION;
1387	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1388
1389	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1390	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1391	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1392	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1393
1394	typedef enum _FSINFOCLASS
1395	{
1396	FileFsVolumeInformation = 1,
1397	FileFsLabelInformation,
1398	FileFsSizeInformation,
1399	FileFsDeviceInformation,
1400	FileFsAttributeInformation,
1401	FileFsControlInformation,
1402	FileFsFullSizeInformation,
1403	FileFsObjectIdInformation,
1404	FileFsDriverPathInformation,
1405	FileFsVolumeFlagsInformation,
1406	FileFsSectorSizeInformation,
1407	FileFsDataCopyInformation,
1408	FileFsMaximumInformation
1409	} FS_INFORMATION_CLASS;
1410	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1411	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1412
1413	typedef struct _FILE_BOTH_DIR_INFORMATION
1414	{
1415	ULONG NextEntryOffset;
1416	ULONG FileIndex;
1417	LARGE_INTEGER CreationTime;
1418	LARGE_INTEGER LastAccessTime;
1419	LARGE_INTEGER LastWriteTime;
1420	LARGE_INTEGER ChangeTime;
1421	LARGE_INTEGER EndOfFile;
1422	LARGE_INTEGER AllocationSize;
1423	ULONG FileAttributes;
1424	ULONG FileNameLength;
1425	ULONG EaSize;
1426	CCHAR ShortNameLength;
1427	WCHAR ShortName[12];
1428	WCHAR FileName[1];
1429	} FILE_BOTH_DIR_INFORMATION;
1430	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1431	typedef struct _FILE_BASIC_INFORMATION
1432	{
1433	LARGE_INTEGER CreationTime;
1434	LARGE_INTEGER LastAccessTime;
1435	LARGE_INTEGER LastWriteTime;
1436	LARGE_INTEGER ChangeTime;
1437	ULONG FileAttributes;
1438	} FILE_BASIC_INFORMATION;
1439	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1440	typedef struct _FILE_STANDARD_INFORMATION
1441	{
1442	LARGE_INTEGER AllocationSize;
1443	LARGE_INTEGER EndOfFile;
1444	ULONG NumberOfLinks;
1445	BOOLEAN DeletePending;
1446	BOOLEAN Directory;
1447	} FILE_STANDARD_INFORMATION;
1448	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1449	typedef struct _FILE_NAME_INFORMATION
1450	{
1451	ULONG FileNameLength;
1452	WCHAR FileName[1];
1453	} FILE_NAME_INFORMATION;
1454	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1455	typedef enum _FILE_INFORMATION_CLASS
1456	{
1457	FileDirectoryInformation = 1,
1458	FileFullDirectoryInformation,
1459	FileBothDirectoryInformation,
1460	FileBasicInformation,
1461	FileStandardInformation,
1462	FileInternalInformation,
1463	FileEaInformation,
1464	FileAccessInformation,
1465	FileNameInformation,
1466	FileRenameInformation,
1467	FileLinkInformation,
1468	FileNamesInformation,
1469	FileDispositionInformation,
1470	FilePositionInformation,
1471	FileFullEaInformation,
1472	FileModeInformation,
1473	FileAlignmentInformation,
1474	FileAllInformation,
1475	FileAllocationInformation,
1476	FileEndOfFileInformation,
1477	FileAlternateNameInformation,
1478	FileStreamInformation,
1479	FilePipeInformation,
1480	FilePipeLocalInformation,
1481	FilePipeRemoteInformation,
1482	FileMailslotQueryInformation,
1483	FileMailslotSetInformation,
1484	FileCompressionInformation,
1485	FileObjectIdInformation,
1486	FileCompletionInformation,
1487	FileMoveClusterInformation,
1488	FileQuotaInformation,
1489	FileReparsePointInformation,
1490	FileNetworkOpenInformation,
1491	FileAttributeTagInformation,
1492	FileTrackingInformation,
1493	FileIdBothDirectoryInformation,
1494	FileIdFullDirectoryInformation,
1495	FileValidDataLengthInformation,
1496	FileShortNameInformation,
1497	FileIoCompletionNotificationInformation,
1498	FileIoStatusBlockRangeInformation,
1499	FileIoPriorityHintInformation,
1500	FileSfioReserveInformation,
1501	FileSfioVolumeInformation,
1502	FileHardLinkInformation,
1503	FileProcessIdsUsingFileInformation,
1504	FileNormalizedNameInformation,
1505	FileNetworkPhysicalNameInformation,
1506	FileIdGlobalTxDirectoryInformation,
1507	FileIsRemoteDeviceInformation,
1508	FileUnusedInformation,
1509	FileNumaNodeInformation,
1510	FileStandardLinkInformation,
1511	FileRemoteProtocolInformation,
1512	FileRenameInformationBypassAccessCheck,
1513	FileLinkInformationBypassAccessCheck,
1514	FileVolumeNameInformation,
1515	FileIdInformation,
1516	FileIdExtdDirectoryInformation,
1517	FileReplaceCompletionInformation,
1518	FileHardLinkFullIdInformation,
1519	FileMaximumInformation
1520	} FILE_INFORMATION_CLASS;
1521	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1522	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1523	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1524	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1525
1526	typedef struct _MEMORY_SECTION_NAME
1527	{
1528	UNICODE_STRING SectionFileName;
1529	WCHAR NameBuffer[1];
1530	} MEMORY_SECTION_NAME;
1531
1532	#ifdef IPRT_NT_USE_WINTERNL
1533	typedef struct _PROCESS_BASIC_INFORMATION
1534	{
1535	NTSTATUS ExitStatus;
1536	PPEB PebBaseAddress;
1537	ULONG_PTR AffinityMask;
1538	int32_t BasePriority;
1539	ULONG_PTR UniqueProcessId;
1540	ULONG_PTR InheritedFromUniqueProcessId;
1541	} PROCESS_BASIC_INFORMATION;
1542	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1543	#endif
1544
1545	typedef enum _PROCESSINFOCLASS
1546	{
1547	ProcessBasicInformation = 0, /*< 0 / 0x00 /
1548	ProcessQuotaLimits, /*< 1 / 0x01 /
1549	ProcessIoCounters, /*< 2 / 0x02 /
1550	ProcessVmCounters, /*< 3 / 0x03 /
1551	ProcessTimes, /*< 4 / 0x04 /
1552	ProcessBasePriority, /*< 5 / 0x05 /
1553	ProcessRaisePriority, /*< 6 / 0x06 /
1554	ProcessDebugPort, /*< 7 / 0x07 /
1555	ProcessExceptionPort, /*< 8 / 0x08 /
1556	ProcessAccessToken, /*< 9 / 0x09 /
1557	ProcessLdtInformation, /*< 10 / 0x0a /
1558	ProcessLdtSize, /*< 11 / 0x0b /
1559	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
1560	ProcessIoPortHandlers, /*< 13 / 0x0d /
1561	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
1562	ProcessWorkingSetWatch, /*< 15 / 0x0f /
1563	ProcessUserModeIOPL, /*< 16 / 0x10 /
1564	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
1565	ProcessPriorityClass, /*< 18 / 0x12 /
1566	ProcessWx86Information, /*< 19 / 0x13 /
1567	ProcessHandleCount, /*< 20 / 0x14 /
1568	ProcessAffinityMask, /*< 21 / 0x15 /
1569	ProcessPriorityBoost, /*< 22 / 0x16 /
1570	ProcessDeviceMap, /*< 23 / 0x17 /
1571	ProcessSessionInformation, /*< 24 / 0x18 /
1572	ProcessForegroundInformation, /*< 25 / 0x19 /
1573	ProcessWow64Information, /*< 26 / 0x1a /
1574	ProcessImageFileName, /*< 27 / 0x1b /
1575	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
1576	ProcessBreakOnTermination, /*< 29 / 0x1d /
1577	ProcessDebugObjectHandle, /*< 30 / 0x1e /
1578	ProcessDebugFlags, /*< 31 / 0x1f /
1579	ProcessHandleTracing, /*< 32 / 0x20 /
1580	ProcessIoPriority, /*< 33 / 0x21 /
1581	ProcessExecuteFlags, /*< 34 / 0x22 /
1582	ProcessTlsInformation, /*< 35 / 0x23 /
1583	ProcessCookie, /*< 36 / 0x24 /
1584	ProcessImageInformation, /*< 37 / 0x25 /
1585	ProcessCycleTime, /*< 38 / 0x26 /
1586	ProcessPagePriority, /*< 39 / 0x27 /
1587	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
1588	ProcessThreadStackAllocation, /*< 41 / 0x29 /
1589	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
1590	ProcessImageFileNameWin32, /*< 43 / 0x2b /
1591	ProcessImageFileMapping, /*< 44 / 0x2c /
1592	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
1593	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
1594	ProcessGroupInformation, /*< 47 / 0x2f /
1595	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
1596	ProcessConsoleHostProcess, /*< 49 / 0x31 /
1597	ProcessWindowsInformation, /*< 50 / 0x32 /
1598	ProcessUnknown51,
1599	ProcessUnknown52,
1600	ProcessUnknown53,
1601	ProcessUnknown54,
1602	ProcessUnknown55,
1603	ProcessUnknown56,
1604	ProcessUnknown57,
1605	ProcessUnknown58,
1606	ProcessUnknown59,
1607	ProcessUnknown60,
1608	ProcessUnknown61,
1609	ProcessUnknown62,
1610	ProcessUnknown63,
1611	ProcessUnknown64,
1612	ProcessUnknown65,
1613	ProcessUnknown66,
1614	ProcessMaybe_KeSetCpuSetsProcess, /*< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. /
1615	MaxProcessInfoClass /*< 68 / 0x44 /
1616	} PROCESSINFOCLASS;
1617	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1618
1619	typedef enum _THREADINFOCLASS
1620	{
1621	ThreadBasicInformation = 0,
1622	ThreadTimes,
1623	ThreadPriority,
1624	ThreadBasePriority,
1625	ThreadAffinityMask,
1626	ThreadImpersonationToken,
1627	ThreadDescriptorTableEntry,
1628	ThreadEnableAlignmentFaultFixup,
1629	ThreadEventPair_Reusable,
1630	ThreadQuerySetWin32StartAddress,
1631	ThreadZeroTlsCell,
1632	ThreadPerformanceCount,
1633	ThreadAmILastThread,
1634	ThreadIdealProcessor,
1635	ThreadPriorityBoost,
1636	ThreadSetTlsArrayAddress,
1637	ThreadIsIoPending,
1638	ThreadHideFromDebugger,
1639	ThreadBreakOnTermination,
1640	ThreadSwitchLegacyState,
1641	ThreadIsTerminated,
1642	ThreadLastSystemCall,
1643	ThreadIoPriority,
1644	ThreadCycleTime,
1645	ThreadPagePriority,
1646	ThreadActualBasePriority,
1647	ThreadTebInformation,
1648	ThreadCSwitchMon,
1649	ThreadCSwitchPmu,
1650	ThreadWow64Context,
1651	ThreadGroupInformation,
1652	ThreadUmsInformation,
1653	ThreadCounterProfiling,
1654	ThreadIdealProcessorEx,
1655	ThreadCpuAccountingInformation,
1656	MaxThreadInfoClass
1657	} THREADINFOCLASS;
1658	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1659
1660	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1661
1662	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1663	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1664	NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1665
1666	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1667	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1668
1669	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1670	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1671	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1672	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1673	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1674	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1675	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1676	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1677	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1678
1679	#endif /* IPRT_NT_USE_WINTERNL */
1680
1681	typedef enum _OBJECT_INFORMATION_CLASS
1682	{
1683	ObjectBasicInformation = 0,
1684	ObjectNameInformation,
1685	ObjectTypeInformation,
1686	ObjectAllInformation,
1687	ObjectDataInformation
1688	} OBJECT_INFORMATION_CLASS;
1689	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1690	#ifdef IN_RING0
1691	# define NtQueryObject ZwQueryObject
1692	#endif
1693	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1694	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1695	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1696
1697	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1698
1699	typedef struct _OBJECT_DIRECTORY_INFORMATION
1700	{
1701	UNICODE_STRING Name;
1702	UNICODE_STRING TypeName;
1703	} OBJECT_DIRECTORY_INFORMATION;
1704	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1705	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1706
1707	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1708	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1709	/** @name ProcessDefaultHardErrorMode bit definitions.
1710	* @{ */
1711	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1712	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1713	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1714	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1715	/** @} */
1716	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1717	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1718
1719	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1720	typedef struct _SECTION_IMAGE_INFORMATION
1721	{
1722	PVOID TransferAddress;
1723	ULONG ZeroBits;
1724	SIZE_T MaximumStackSize;
1725	SIZE_T CommittedStackSize;
1726	ULONG SubSystemType;
1727	union
1728	{
1729	struct
1730	{
1731	USHORT SubSystemMinorVersion;
1732	USHORT SubSystemMajorVersion;
1733	};
1734	ULONG SubSystemVersion;
1735	};
1736	ULONG GpValue;
1737	USHORT ImageCharacteristics;
1738	USHORT DllCharacteristics;
1739	USHORT Machine;
1740	BOOLEAN ImageContainsCode;
1741	union /*< Since Vista, used to be a spare BOOLEAN. /
1742	{
1743	struct
1744	{
1745	UCHAR ComPlusNativeRead : 1;
1746	UCHAR ComPlusILOnly : 1;
1747	UCHAR ImageDynamicallyRelocated : 1;
1748	UCHAR ImageMAppedFlat : 1;
1749	UCHAR Reserved : 4;
1750	};
1751	UCHAR ImageFlags;
1752	};
1753	ULONG LoaderFlags;
1754	ULONG ImageFileSize; /*< Since XP? /
1755	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1756	} SECTION_IMAGE_INFORMATION;
1757	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1758
1759	typedef enum _SECTION_INFORMATION_CLASS
1760	{
1761	SectionBasicInformation = 0,
1762	SectionImageInformation,
1763	MaxSectionInfoClass
1764	} SECTION_INFORMATION_CLASS;
1765	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1766
1767	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1768	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1769	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1770	#ifndef SYMBOLIC_LINK_QUERY
1771	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1772	#endif
1773	#ifndef SYMBOLIC_LINK_ALL_ACCESS
1774	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
1775	#endif
1776
1777	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1778	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1779	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1780	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1781	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1782	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1783
1784
1785	#ifndef SEC_FILE
1786	# define SEC_FILE UINT32_C(0x00800000)
1787	#endif
1788	#ifndef SEC_IMAGE
1789	# define SEC_IMAGE UINT32_C(0x01000000)
1790	#endif
1791	#ifndef SEC_PROTECTED_IMAGE
1792	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1793	#endif
1794	#ifndef SEC_NOCACHE
1795	# define SEC_NOCACHE UINT32_C(0x10000000)
1796	#endif
1797	#ifndef MEM_ROTATE
1798	# define MEM_ROTATE UINT32_C(0x00800000)
1799	#endif
1800	typedef enum _MEMORY_INFORMATION_CLASS
1801	{
1802	MemoryBasicInformation = 0,
1803	MemoryWorkingSetList,
1804	MemorySectionName,
1805	MemoryBasicVlmInformation
1806	} MEMORY_INFORMATION_CLASS;
1807	#ifdef IN_RING0
1808	typedef struct _MEMORY_BASIC_INFORMATION
1809	{
1810	PVOID BaseAddress;
1811	PVOID AllocationBase;
1812	ULONG AllocationProtect;
1813	SIZE_T RegionSize;
1814	ULONG State;
1815	ULONG Protect;
1816	ULONG Type;
1817	} MEMORY_BASIC_INFORMATION;
1818	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1819	# define NtQueryVirtualMemory ZwQueryVirtualMemory
1820	#endif
1821	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1822	#ifdef IPRT_NT_USE_WINTERNL
1823	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1824	#endif
1825	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1826	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1827
1828	typedef enum _SYSTEM_INFORMATION_CLASS
1829	{
1830	SystemBasicInformation = 0,
1831	SystemCpuInformation,
1832	SystemPerformanceInformation,
1833	SystemTimeOfDayInformation,
1834	SystemInformation_Unknown_4,
1835	SystemProcessInformation,
1836	SystemInformation_Unknown_6,
1837	SystemInformation_Unknown_7,
1838	SystemProcessorPerformanceInformation,
1839	SystemInformation_Unknown_9,
1840	SystemInformation_Unknown_10,
1841	SystemModuleInformation,
1842	SystemInformation_Unknown_12,
1843	SystemInformation_Unknown_13,
1844	SystemInformation_Unknown_14,
1845	SystemInformation_Unknown_15,
1846	SystemHandleInformation,
1847	SystemInformation_Unknown_17,
1848	SystemPageFileInformation,
1849	SystemInformation_Unknown_19,
1850	SystemInformation_Unknown_20,
1851	SystemCacheInformation,
1852	SystemInformation_Unknown_22,
1853	SystemInterruptInformation,
1854	SystemDpcBehaviourInformation,
1855	SystemFullMemoryInformation,
1856	SystemLoadGdiDriverInformation, /* 26 */
1857	SystemUnloadGdiDriverInformation, /* 27 */
1858	SystemTimeAdjustmentInformation,
1859	SystemSummaryMemoryInformation,
1860	SystemInformation_Unknown_30,
1861	SystemInformation_Unknown_31,
1862	SystemInformation_Unknown_32,
1863	SystemExceptionInformation,
1864	SystemCrashDumpStateInformation,
1865	SystemKernelDebuggerInformation,
1866	SystemContextSwitchInformation,
1867	SystemRegistryQuotaInformation,
1868	SystemInformation_Unknown_38,
1869	SystemInformation_Unknown_39,
1870	SystemInformation_Unknown_40,
1871	SystemInformation_Unknown_41,
1872	SystemInformation_Unknown_42,
1873	SystemInformation_Unknown_43,
1874	SystemCurrentTimeZoneInformation,
1875	SystemLookasideInformation,
1876	SystemSetTimeSlipEvent,
1877	SystemCreateSession,
1878	SystemDeleteSession,
1879	SystemInformation_Unknown_49,
1880	SystemRangeStartInformation,
1881	SystemVerifierInformation,
1882	SystemInformation_Unknown_52,
1883	SystemSessionProcessInformation,
1884	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1885	SystemInformation_Unknown_55,
1886	SystemInformation_Unknown_56,
1887	SystemExtendedProcessInformation,
1888	SystemInformation_Unknown_58,
1889	SystemInformation_Unknown_59,
1890	SystemInformation_Unknown_60,
1891	SystemInformation_Unknown_61,
1892	SystemInformation_Unknown_62,
1893	SystemInformation_Unknown_63,
1894	SystemExtendedHandleInformation, /* 64 */
1895	SystemInformation_Unknown_65,
1896	SystemInformation_Unknown_66,
1897	SystemInformation_Unknown_67,
1898	SystemInformation_Unknown_68,
1899	SystemInformation_HotPatchInfo, /* 69 */
1900	SystemInformation_Unknown_70,
1901	SystemInformation_Unknown_71,
1902	SystemInformation_Unknown_72,
1903	SystemInformation_Unknown_73,
1904	SystemInformation_Unknown_74,
1905	SystemInformation_Unknown_75,
1906	SystemInformation_Unknown_76,
1907	SystemInformation_Unknown_77,
1908	SystemInformation_Unknown_78,
1909	SystemInformation_Unknown_79,
1910	SystemInformation_Unknown_80,
1911	SystemInformation_Unknown_81,
1912	SystemInformation_Unknown_82,
1913	SystemInformation_Unknown_83,
1914	SystemInformation_Unknown_84,
1915	SystemInformation_Unknown_85,
1916	SystemInformation_Unknown_86,
1917	SystemInformation_Unknown_87,
1918	SystemInformation_Unknown_88,
1919	SystemInformation_Unknown_89,
1920	SystemInformation_Unknown_90,
1921	SystemInformation_Unknown_91,
1922	SystemInformation_Unknown_92,
1923	SystemInformation_Unknown_93,
1924	SystemInformation_Unknown_94,
1925	SystemInformation_Unknown_95,
1926	SystemInformation_KiOpPrefetchPatchCount,
1927
1928	/** @todo fill gap. they've added a whole bunch of things */
1929	SystemPolicyInformation = 134,
1930	SystemInformationClassMax
1931	} SYSTEM_INFORMATION_CLASS;
1932
1933	#ifdef IPRT_NT_USE_WINTERNL
1934	typedef struct _VM_COUNTERS
1935	{
1936	SIZE_T PeakVirtualSize;
1937	SIZE_T VirtualSize;
1938	ULONG PageFaultCount;
1939	SIZE_T PeakWorkingSetSize;
1940	SIZE_T WorkingSetSize;
1941	SIZE_T QuotaPeakPagedPoolUsage;
1942	SIZE_T QuotaPagedPoolUsage;
1943	SIZE_T QuotaPeakNonPagedPoolUsage;
1944	SIZE_T QuotaNonPagedPoolUsage;
1945	SIZE_T PagefileUsage;
1946	SIZE_T PeakPagefileUsage;
1947	} VM_COUNTERS;
1948	typedef VM_COUNTERS *PVM_COUNTERS;
1949	#endif
1950
1951	#if 0
1952	typedef struct _IO_COUNTERS
1953	{
1954	ULONGLONG ReadOperationCount;
1955	ULONGLONG WriteOperationCount;
1956	ULONGLONG OtherOperationCount;
1957	ULONGLONG ReadTransferCount;
1958	ULONGLONG WriteTransferCount;
1959	ULONGLONG OtherTransferCount;
1960	} IO_COUNTERS;
1961	typedef IO_COUNTERS *PIO_COUNTERS;
1962	#endif
1963
1964	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
1965	{
1966	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
1967	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
1968	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
1969	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
1970	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
1971	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
1972	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
1973	int32_t BasePriority; /*< 0x40 / 0x48 /
1974	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
1975	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
1976	ULONG HandleCount; /*< 0x4c / 0x60 /
1977	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
1978	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
1979	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
1980	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
1981	/* After this follows the threads, then the ProcessName.Buffer. */
1982	} RTNT_SYSTEM_PROCESS_INFORMATION;
1983	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
1984	#ifndef IPRT_NT_USE_WINTERNL
1985	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
1986	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
1987	#endif
1988
1989	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
1990	{
1991	USHORT UniqueProcessId;
1992	USHORT CreatorBackTraceIndex;
1993	UCHAR ObjectTypeIndex;
1994	UCHAR HandleAttributes;
1995	USHORT HandleValue;
1996	PVOID Object;
1997	ULONG GrantedAccess;
1998	} SYSTEM_HANDLE_ENTRY_INFO;
1999	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2000
2001	/** Returned by SystemHandleInformation */
2002	typedef struct _SYSTEM_HANDLE_INFORMATION
2003	{
2004	ULONG NumberOfHandles;
2005	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2006	} SYSTEM_HANDLE_INFORMATION;
2007	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2008
2009	/** Extended handle information entry.
2010	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2011	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2012	{
2013	PVOID Object;
2014	HANDLE UniqueProcessId;
2015	HANDLE HandleValue;
2016	ACCESS_MASK GrantedAccess;
2017	USHORT CreatorBackTraceIndex;
2018	USHORT ObjectTypeIndex;
2019	ULONG HandleAttributes;
2020	ULONG Reserved;
2021	} SYSTEM_HANDLE_ENTRY_INFO_EX;
2022	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2023
2024	/** Returned by SystemExtendedHandleInformation. */
2025	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2026	{
2027	ULONG_PTR NumberOfHandles;
2028	ULONG_PTR Reserved;
2029	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2030	} SYSTEM_HANDLE_INFORMATION_EX;
2031	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2032
2033	/** Input to SystemSessionProcessInformation. */
2034	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2035	{
2036	ULONG SessionId;
2037	ULONG BufferLength;
2038	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2039	PVOID Buffer;
2040	} SYSTEM_SESSION_PROCESS_INFORMATION;
2041	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2042
2043	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2044
2045	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2046	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2047	#ifndef IPRT_NT_USE_WINTERNL
2048	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2049	#endif
2050	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2051	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2052	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2053
2054	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2055
2056	#ifdef IPRT_NT_USE_WINTERNL
2057	typedef enum _EVENT_TYPE
2058	{
2059	/* Manual reset event. */
2060	NotificationEvent = 0,
2061	/* Automaitc reset event. */
2062	SynchronizationEvent
2063	} EVENT_TYPE;
2064	#endif
2065	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2066	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2067	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2068	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2069	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2070	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2071	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2072	typedef enum _EVENT_INFORMATION_CLASS
2073	{
2074	EventBasicInformation = 0
2075	} EVENT_INFORMATION_CLASS;
2076	/** Data returned by NtQueryEvent + EventBasicInformation. */
2077	typedef struct EVENT_BASIC_INFORMATION
2078	{
2079	EVENT_TYPE EventType;
2080	ULONG EventState;
2081	} EVENT_BASIC_INFORMATION;
2082	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2083	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2084
2085	#ifdef IPRT_NT_USE_WINTERNL
2086	/** For NtQueryValueKey. */
2087	typedef enum _KEY_VALUE_INFORMATION_CLASS
2088	{
2089	KeyValueBasicInformation = 0,
2090	KeyValueFullInformation,
2091	KeyValuePartialInformation,
2092	KeyValueFullInformationAlign64,
2093	KeyValuePartialInformationAlign64
2094	} KEY_VALUE_INFORMATION_CLASS;
2095
2096	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2097	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2098	{
2099	ULONG TitleIndex;
2100	ULONG Type;
2101	ULONG DataLength;
2102	UCHAR Data[1];
2103	} KEY_VALUE_PARTIAL_INFORMATION;
2104	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2105	#endif
2106	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2107	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2108
2109
2110	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2111
2112
2113	typedef struct _CURDIR
2114	{
2115	UNICODE_STRING DosPath;
2116	HANDLE Handle;
2117	} CURDIR;
2118	typedef CURDIR *PCURDIR;
2119
2120	typedef struct _RTL_DRIVE_LETTER_CURDIR
2121	{
2122	USHORT Flags;
2123	USHORT Length;
2124	ULONG TimeStamp;
2125	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
2126	} RTL_DRIVE_LETTER_CURDIR;
2127	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2128
2129	typedef struct _RTL_USER_PROCESS_PARAMETERS
2130	{
2131	ULONG MaximumLength;
2132	ULONG Length;
2133	ULONG Flags;
2134	ULONG DebugFlags;
2135	HANDLE ConsoleHandle;
2136	ULONG ConsoleFlags;
2137	HANDLE StandardInput;
2138	HANDLE StandardOutput;
2139	HANDLE StandardError;
2140	CURDIR CurrentDirectory;
2141	UNICODE_STRING DllPath;
2142	UNICODE_STRING ImagePathName;
2143	UNICODE_STRING CommandLine;
2144	PWSTR Environment;
2145	ULONG StartingX;
2146	ULONG StartingY;
2147	ULONG CountX;
2148	ULONG CountY;
2149	ULONG CountCharsX;
2150	ULONG CountCharsY;
2151	ULONG FillAttribute;
2152	ULONG WindowFlags;
2153	ULONG ShowWindowFlags;
2154	UNICODE_STRING WindowTitle;
2155	UNICODE_STRING DesktopInfo;
2156	UNICODE_STRING ShellInfo;
2157	UNICODE_STRING RuntimeInfo;
2158	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2159	SIZE_T EnvironmentSize; /*< Added in Vista /
2160	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
2161	PVOID PackageDependencyData; /*< Added Windows 8? /
2162	ULONG ProcessGroupId; /*< Added Windows 8? /
2163	} RTL_USER_PROCESS_PARAMETERS;
2164	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2165	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2166
2167	typedef struct _RTL_USER_PROCESS_INFORMATION
2168	{
2169	ULONG Size;
2170	HANDLE ProcessHandle;
2171	HANDLE ThreadHandle;
2172	CLIENT_ID ClientId;
2173	SECTION_IMAGE_INFORMATION ImageInformation;
2174	} RTL_USER_PROCESS_INFORMATION;
2175	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2176
2177
2178	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2179	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2180	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2181	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2182	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2183	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2184	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2185	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2186	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2187	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2188
2189	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2190	typedef struct _RTL_CRITICAL_SECTION
2191	{
2192	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2193	LONG LockCount;
2194	LONG Recursioncount;
2195	HANDLE OwningThread;
2196	HANDLE LockSemaphore;
2197	ULONG_PTR SpinCount;
2198	} RTL_CRITICAL_SECTION;
2199	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2200	#endif
2201
2202	RT_C_DECLS_END
2203	/** @} */
2204
2205
2206	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
2207	/** @name NT Kernel APIs
2208	* @{ */
2209	RT_C_DECLS_BEGIN
2210
2211	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
2212
2213	NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2214	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2215	NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2216	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2217	NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2218	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2219	NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2220	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2221	NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2222	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2223	NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2224	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2225	NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2226	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2227	NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2228	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2229	NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2230	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2231	NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2232	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2233	/** Works like anding the complemented subtrahend with the minuend. */
2234	NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2235	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2236	NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2237	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2238	NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2239	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2240	NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2241	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2242	NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2243	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2244	NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2245	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2246	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2247	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
2248
2249	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2250	PVOID pvOptionalConditions, PHANDLE phFound);
2251	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2252	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2253	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2254	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2255	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2256	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2257	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2258	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
2259	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
2260
2261	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2262	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2263
2264	RT_C_DECLS_END
2265	/** @ */
2266	#endif /* IN_RING0 */
2267
2268
2269	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
2270	/** @name NT Userland APIs
2271	* @{ */
2272	RT_C_DECLS_BEGIN
2273
2274	#if 0 /** @todo figure this out some time... */
2275	typedef struct CSR_MSG_DATA_CREATED_PROCESS
2276	{
2277	HANDLE hProcess;
2278	HANDLE hThread;
2279	CLIENT_ID
2280	DWORD idProcess;
2281	DWORD idThread;
2282	DWORD fCreate;
2283
2284	} CSR_MSG_DATA_CREATED_PROCESS;
2285
2286	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2287	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2288	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2289	#endif
2290
2291	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2292
2293	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2294	{
2295	ULONG Flags;
2296	PCUNICODE_STRING FullDllName;
2297	PCUNICODE_STRING BaseDllName;
2298	PVOID DllBase;
2299	ULONG SizeOfImage;
2300	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2301	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2302	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2303
2304	typedef union _LDR_DLL_NOTIFICATION_DATA
2305	{
2306	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2307	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2308	} LDR_DLL_NOTIFICATION_DATA;
2309	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2310	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2311
2312	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2313
2314	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2315	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2316	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2317	PVOID *pvCookie);
2318	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
2319	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2320	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2321
2322	NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2323	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2324	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2325	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2326	NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2327	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2328	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2329	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2330	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2331	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2332	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2333	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2334	/** @since Windows XP. */
2335	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2336	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2337	/** @since Windows XP. */
2338	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2339	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2340	/** @since Windows 7. */
2341	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2342	/** @since Windows 7. */
2343	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2344	/** @since Windows 7. */
2345	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2346	OUT PHANDLE phDll);
2347	/** @since Windows 7. */
2348	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2349	OUT PHANDLE phDll);
2350	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2351	NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2352	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2353	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2354	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2355	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2356	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2357	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2358	/** @since Windows Vista. */
2359	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2360	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2361	/** @since Windows Vista. */
2362	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
2363	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2364	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2365	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2366	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2367	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2368	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2369	/** @since Windows XP. */
2370	NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2371	/** @since Windows XP. */
2372	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
2373	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2374	/** @since Windows XP. */
2375	NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2376	/** @since Windows XP. */
2377	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2378
2379	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2380	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
2381	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2382	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2383	IN PCUNICODE_STRING pOrgName,
2384	IN PUNICODE_STRING pDefaultSuffix,
2385	IN OUT PUNICODE_STRING pStaticString,
2386	IN OUT PUNICODE_STRING pDynamicString,
2387	IN OUT PUNICODE_STRING *ppResultString,
2388	IN PULONG pfNewFlags OPTIONAL,
2389	IN PSIZE_T pcbFilename OPTIONAL,
2390	IN PSIZE_T pcbNeeded OPTIONAL);
2391
2392	# ifdef IPRT_NT_USE_WINTERNL
2393	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2394	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2395	typedef struct _RTL_HEAP_PARAMETERS
2396	{
2397	ULONG Length;
2398	SIZE_T SegmentReserve;
2399	SIZE_T SegmentCommit;
2400	SIZE_T DeCommitFreeBlockThreshold;
2401	SIZE_T DeCommitTotalFreeThreshold;
2402	SIZE_T MaximumAllocationSize;
2403	SIZE_T VirtualMemoryThreshold;
2404	SIZE_T InitialCommit;
2405	SIZE_T InitialReserve;
2406	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2407	SIZE_T Reserved[2];
2408	} RTL_HEAP_PARAMETERS;
2409	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2410	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2411	PRTL_HEAP_PARAMETERS pParameters);
2412	/** @name Heap flags (for RtlCreateHeap).
2413	* @{ */
2414	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2415	# define HEAP_GROWABLE UINT32_C(0x00000002)
2416	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2417	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2418	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2419	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2420	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2421	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2422	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2423	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2424	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2425	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2426	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2427	# define HEAP_CLASS_0 UINT32_C(0x00000000)
2428	# define HEAP_CLASS_1 UINT32_C(0x00001000)
2429	# define HEAP_CLASS_2 UINT32_C(0x00002000)
2430	# define HEAP_CLASS_3 UINT32_C(0x00003000)
2431	# define HEAP_CLASS_4 UINT32_C(0x00004000)
2432	# define HEAP_CLASS_5 UINT32_C(0x00005000)
2433	# define HEAP_CLASS_6 UINT32_C(0x00006000)
2434	# define HEAP_CLASS_7 UINT32_C(0x00007000)
2435	# define HEAP_CLASS_8 UINT32_C(0x00008000)
2436	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2437	# endif
2438	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2439	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2440	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2441	# define HEAP_CLASS_GDI HEAP_CLASS_3
2442	# define HEAP_CLASS_USER HEAP_CLASS_4
2443	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2444	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2445	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2446	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2447	# ifdef IPRT_NT_USE_WINTERNL
2448	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2449	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2450	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2451	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2452	# endif /* IPRT_NT_USE_WINTERNL */
2453	/** @} */
2454	# ifdef IPRT_NT_USE_WINTERNL
2455	/** @name Heap tagging constants
2456	* @{ */
2457	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2458	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2459	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2460	# define HEAP_TAG_SHIFT 18 */
2461	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2462	/** @} */
2463	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2464	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2465	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2466	# endif /* IPRT_NT_USE_WINTERNL */
2467	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2468	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2469	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2470	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2471	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2472	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2473	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2474	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2475	NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2476	NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2477	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2478
2479	RT_C_DECLS_END
2480	/** @} */
2481	#endif /* IN_RING3 */
2482
2483	#endif
2484

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 57302

Download in other formats: