VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 59470

Last change on this file since 59470 was 59366, checked in by vboxsync, 9 years ago

iprt/nt/nt.h: Added NtQueryKey and NtEnumerateKey.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 118.8 KB
Line 
1/* $Id: nt.h 59366 2016-01-17 05:43:30Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2015 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQuerySystemInformation ZwQuerySystemInformation
43# define NtQuerySecurityObject ZwQuerySecurityObject
44# define NtClose ZwClose
45# define NtCreateFile ZwCreateFile
46# define NtReadFile ZwReadFile
47# define NtWriteFile ZwWriteFile
48# define NtFlushBuffersFile ZwFlushBuffersFile
49/** @todo this is very incomplete! */
50#endif
51
52#include <ntstatus.h>
53
54/*
55 * Hacks common to both base header sets.
56 */
57#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
58#define NtQueryObject Incomplete_NtQueryObject
59#define ZwQueryObject Incomplete_ZwQueryObject
60#define NtSetInformationObject Incomplete_NtSetInformationObject
61#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
63#define ObjectBasicInformation Incomplete_ObjectBasicInformation
64#define ObjectTypeInformation Incomplete_ObjectTypeInformation
65#define _PEB Incomplete__PEB
66#define PEB Incomplete_PEB
67#define PPEB Incomplete_PPEB
68#define _TEB Incomplete__TEB
69#define TEB Incomplete_TEB
70#define PTEB Incomplete_PTEB
71#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
72#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
73#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
74#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
75#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
76#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
77
78
79
80#ifdef IPRT_NT_USE_WINTERNL
81/*
82 * Use Winternl.h.
83 */
84# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
85# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
86# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
87
88# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
89# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
90# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
91# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
92# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
93# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
94# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
96# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
97# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
98# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
99# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
100
101# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
102# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
103# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
104
105# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
106# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
107# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
108# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
109# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
110
111# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
112# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
113# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
114# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
115# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
116# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
117# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
118# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
119# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
120# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
121# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
122# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
123# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
124# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
125
126
127# define WIN32_NO_STATUS
128# include <windef.h>
129# include <winnt.h>
130# include <winternl.h>
131# undef WIN32_NO_STATUS
132# include <ntstatus.h>
133
134
135# undef _FILE_INFORMATION_CLASS
136# undef FILE_INFORMATION_CLASS
137# undef FileDirectoryInformation
138
139# undef NtQueryInformationProcess
140# undef NtSetInformationProcess
141# undef PROCESSINFOCLASS
142# undef _PROCESSINFOCLASS
143# undef PROCESS_BASIC_INFORMATION
144# undef PPROCESS_BASIC_INFORMATION
145# undef _PROCESS_BASIC_INFORMATION
146# undef ProcessBasicInformation
147# undef ProcessDebugPort
148# undef ProcessWow64Information
149# undef ProcessImageFileName
150# undef ProcessBreakOnTermination
151
152# undef RTL_USER_PROCESS_PARAMETERS
153# undef PRTL_USER_PROCESS_PARAMETERS
154# undef _RTL_USER_PROCESS_PARAMETERS
155
156# undef NtQueryInformationThread
157# undef NtSetInformationThread
158# undef THREADINFOCLASS
159# undef _THREADINFOCLASS
160# undef ThreadIsIoPending
161
162# undef NtQuerySystemInformation
163# undef NtSetSystemInformation
164# undef SYSTEM_INFORMATION_CLASS
165# undef _SYSTEM_INFORMATION_CLASS
166# undef SystemBasicInformation
167# undef SystemPerformanceInformation
168# undef SystemTimeOfDayInformation
169# undef SystemProcessInformation
170# undef SystemProcessorPerformanceInformation
171# undef SystemInterruptInformation
172# undef SystemExceptionInformation
173# undef SystemRegistryQuotaInformation
174# undef SystemLookasideInformation
175# undef SystemPolicyInformation
176
177#else
178/*
179 * Use ntifs.h and wdm.h.
180 */
181# ifdef RT_ARCH_X86
182# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
183# pragma warning(disable : 4163)
184# endif
185
186# include <ntifs.h>
187# include <wdm.h>
188
189# ifdef RT_ARCH_X86
190# pragma warning(default : 4163)
191# undef _InterlockedAddLargeStatistic
192# endif
193
194# define IPRT_NT_NEED_API_GROUP_NTIFS
195#endif
196
197#undef RtlFreeUnicodeString
198#undef NtQueryObject
199#undef ZwQueryObject
200#undef NtSetInformationObject
201#undef _OBJECT_INFORMATION_CLASS
202#undef OBJECT_INFORMATION_CLASS
203#undef ObjectBasicInformation
204#undef ObjectTypeInformation
205#undef _PEB
206#undef PEB
207#undef PPEB
208#undef _TEB
209#undef TEB
210#undef PTEB
211#undef _PEB_LDR_DATA
212#undef PEB_LDR_DATA
213#undef PPEB_LDR_DATA
214#undef _KUSER_SHARED_DATA
215#undef KUSER_SHARED_DATA
216#undef PKUSER_SHARED_DATA
217
218
219#include <iprt/types.h>
220#include <iprt/assert.h>
221
222
223/** @name Useful macros
224 * @{ */
225/** Indicates that we're targeting native NT in the current source. */
226#define RTNT_USE_NATIVE_NT 1
227/** Initializes a IO_STATUS_BLOCK. */
228#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
229/** Reinitializes a IO_STATUS_BLOCK. */
230#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
231 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
232/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
233#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
234/** Constant UNICODE_STRING initializer. */
235#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
236/** @} */
237
238
239/** @name IPRT helper functions for NT
240 * @{ */
241RT_C_DECLS_BEGIN
242
243RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
244 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
245 PHANDLE phHandle, PULONG_PTR puDisposition);
246RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
247 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
248RTDECL(int) RTNtPathClose(HANDLE hHandle);
249
250/**
251 * Converts a UTF-16 windows-style path to NT format.
252 *
253 * @returns IPRT status code.
254 * @param pNtName Where to return the NT name. Free using
255 * RTNtPathFree.
256 * @param phRootDir Where to return the root handle, if applicable.
257 * @param pwszPath The UTF-16 windows-style path.
258 * @param cwcPath The max length of the windows-style path in
259 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
260 * pwszPath is correctly terminated.
261 */
262RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
263
264/**
265 * Frees the native path and root handle.
266 *
267 * @param pNtName The NT path after a successful
268 * RTNtPathFromWinUtf16Ex call.
269 * @param phRootDir The root handle variable after a successfull
270 * RTNtPathFromWinUtf16Ex call.
271 */
272RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
273
274
275RT_C_DECLS_END
276/** @} */
277
278
279/** @name NT API delcarations.
280 * @{ */
281RT_C_DECLS_BEGIN
282
283/** @name Process access rights missing in ntddk headers
284 * @{ */
285#ifndef PROCESS_TERMINATE
286# define PROCESS_TERMINATE UINT32_C(0x00000001)
287#endif
288#ifndef PROCESS_CREATE_THREAD
289# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
290#endif
291#ifndef PROCESS_SET_SESSIONID
292# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
293#endif
294#ifndef PROCESS_VM_OPERATION
295# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
296#endif
297#ifndef PROCESS_VM_READ
298# define PROCESS_VM_READ UINT32_C(0x00000010)
299#endif
300#ifndef PROCESS_VM_WRITE
301# define PROCESS_VM_WRITE UINT32_C(0x00000020)
302#endif
303#ifndef PROCESS_DUP_HANDLE
304# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
305#endif
306#ifndef PROCESS_CREATE_PROCESS
307# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
308#endif
309#ifndef PROCESS_SET_QUOTA
310# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
311#endif
312#ifndef PROCESS_SET_INFORMATION
313# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
314#endif
315#ifndef PROCESS_QUERY_INFORMATION
316# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
317#endif
318#ifndef PROCESS_SUSPEND_RESUME
319# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
320#endif
321#ifndef PROCESS_QUERY_LIMITED_INFORMATION
322# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
323#endif
324#ifndef PROCESS_SET_LIMITED_INFORMATION
325# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
326#endif
327#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
328#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
329#ifndef PROCESS_ALL_ACCESS
330# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
331#endif
332/** @} */
333
334/** @name Thread access rights missing in ntddk headers
335 * @{ */
336#ifndef THREAD_QUERY_INFORMATION
337# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
338#endif
339#ifndef THREAD_SET_THREAD_TOKEN
340# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
341#endif
342#ifndef THREAD_IMPERSONATE
343# define THREAD_IMPERSONATE UINT32_C(0x00000100)
344#endif
345#ifndef THREAD_DIRECT_IMPERSONATION
346# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
347#endif
348#ifndef THREAD_RESUME
349# define THREAD_RESUME UINT32_C(0x00001000)
350#endif
351#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
352#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
353#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
354/** @} */
355
356/** @name Special handle values.
357 * @{ */
358#ifndef NtCurrentProcess
359# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
360#endif
361#ifndef NtCurrentThread
362# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
363#endif
364#ifndef ZwCurrentProcess
365# define ZwCurrentProcess() NtCurrentProcess()
366#endif
367#ifndef ZwCurrentThread
368# define ZwCurrentThread() NtCurrentThread()
369#endif
370/** @} */
371
372
373/** @name Directory object access rights.
374 * @{ */
375#ifndef DIRECTORY_QUERY
376# define DIRECTORY_QUERY UINT32_C(0x00000001)
377#endif
378#ifndef DIRECTORY_TRAVERSE
379# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
380#endif
381#ifndef DIRECTORY_CREATE_OBJECT
382# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
383#endif
384#ifndef DIRECTORY_CREATE_SUBDIRECTORY
385# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
386#endif
387#ifndef DIRECTORY_ALL_ACCESS
388# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
389#endif
390/** @} */
391
392
393
394#ifdef IPRT_NT_USE_WINTERNL
395typedef struct _CLIENT_ID
396{
397 HANDLE UniqueProcess;
398 HANDLE UniqueThread;
399} CLIENT_ID;
400typedef CLIENT_ID *PCLIENT_ID;
401#endif
402
403/** Extended affinity type, introduced in Windows 7 (?). */
404typedef struct _KAFFINITY_EX
405{
406 /** Count of valid bitmap entries. */
407 uint16_t Count;
408 /** Count of allocated bitmap entries. */
409 uint16_t Size;
410 /** Reserved / aligmment padding. */
411 uint32_t Reserved;
412 /** Bitmap where one bit corresponds to a CPU. */
413 uintptr_t Bitmap[20];
414} KAFFINITY_EX;
415typedef KAFFINITY_EX *PKAFFINITY_EX;
416typedef KAFFINITY_EX const *PCKAFFINITY_EX;
417
418/** @name User Shared Data
419 * @{ */
420
421#ifdef IPRT_NT_USE_WINTERNL
422typedef struct _KSYSTEM_TIME
423{
424 ULONG LowPart;
425 LONG High1Time;
426 LONG High2Time;
427} KSYSTEM_TIME;
428typedef KSYSTEM_TIME *PKSYSTEM_TIME;
429
430typedef enum _NT_PRODUCT_TYPE
431{
432 NtProductWinNt = 1,
433 NtProductLanManNt,
434 NtProductServer
435} NT_PRODUCT_TYPE;
436
437#define PROCESSOR_FEATURE_MAX 64
438
439typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
440{
441 StandardDesign = 0,
442 NEC98x86,
443 EndAlternatives
444} ALTERNATIVE_ARCHITECTURE_TYPE;
445
446# if 0
447typedef struct _XSTATE_FEATURE
448{
449 ULONG Offset;
450 ULONG Size;
451} XSTATE_FEATURE;
452typedef XSTATE_FEATURE *PXSTATE_FEATURE;
453
454#define MAXIMUM_XSTATE_FEATURES 64
455
456typedef struct _XSTATE_CONFIGURATION
457{
458 ULONG64 EnabledFeatures;
459 ULONG Size;
460 ULONG OptimizedSave : 1;
461 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
462} XSTATE_CONFIGURATION;
463typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
464# endif
465#endif /* IPRT_NT_USE_WINTERNL */
466
467typedef struct _KUSER_SHARED_DATA
468{
469 ULONG TickCountLowDeprecated; /**< 0x000 */
470 ULONG TickCountMultiplier; /**< 0x004 */
471 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
472 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
473 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
474 USHORT ImageNumberLow; /**< 0x02c */
475 USHORT ImageNumberHigh; /**< 0x02e */
476 WCHAR NtSystemRoot[260]; /**< 0x030 */
477 ULONG MaxStackTraceDepth; /**< 0x238 */
478 ULONG CryptoExponent; /**< 0x23c */
479 ULONG TimeZoneId; /**< 0x240 */
480 ULONG LargePageMinimum; /**< 0x244 */
481 ULONG AitSamplingValue; /**< 0x248 */
482 ULONG AppCompatFlag; /**< 0x24c */
483 ULONGLONG RNGSeedVersion; /**< 0x250 */
484 ULONG GlobalValidationRunlevel; /**< 0x258 */
485 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
486 ULONG Reserved2; /**< 0x260 */
487 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
488 BOOLEAN ProductTypeIsValid; /**< 0x268 */
489 BOOLEAN Reserved0[1]; /**< 0x269 */
490 USHORT NativeProcessorArchitecture; /**< 0x26a */
491 ULONG NtMajorVersion; /**< 0x26c */
492 ULONG NtMinorVersion; /**< 0x270 */
493 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
494 ULONG Reserved1; /**< 0x2b4 */
495 ULONG Reserved3; /**< 0x2b8 */
496 ULONG volatile TimeSlip; /**< 0x2bc */
497 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
498 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
499 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
500 ULONG SuiteMask; /**< 0x2d0 */
501 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
502 union /**< 0x2d5 */
503 {
504 UCHAR MitigationPolicies; /**< 0x2d5 */
505 struct
506 {
507 UCHAR NXSupportPolicy : 2;
508 UCHAR SEHValidationPolicy : 2;
509 UCHAR CurDirDevicesSkippedForDlls : 2;
510 UCHAR Reserved : 2;
511 };
512 };
513 UCHAR Reserved6[2]; /**< 0x2d6 */
514 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
515 ULONG volatile DismountCount; /**< 0x2dc */
516 ULONG ComPlusPackage; /**< 0x2e0 */
517 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
518 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
519 BOOLEAN SafeBootMode; /**< 0x2ec */
520 UCHAR Reserved12[3]; /**< 0x2ed */
521 union /**< 0x2f0 */
522 {
523 ULONG SharedDataFlags; /**< 0x2f0 */
524 struct
525 {
526 ULONG DbgErrorPortPresent : 1;
527 ULONG DbgElevationEnabled : 1;
528 ULONG DbgVirtEnabled : 1;
529 ULONG DbgInstallerDetectEnabled : 1;
530 ULONG DbgLkgEnabled : 1;
531 ULONG DbgDynProcessorEnabled : 1;
532 ULONG DbgConsoleBrokerEnabled : 1;
533 ULONG DbgSecureBootEnabled : 1;
534 ULONG SpareBits : 24;
535 };
536 };
537 ULONG DataFlagsPad[1]; /**< 0x2f4 */
538 ULONGLONG TestRetInstruction; /**< 0x2f8 */
539 LONGLONG QpcFrequency; /**< 0x300 */
540 ULONGLONG SystemCallPad[3]; /**< 0x308 */
541 union /**< 0x320 */
542 {
543 ULONG64 volatile TickCountQuad; /**< 0x320 */
544 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
545 struct /**< 0x320 */
546 {
547 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
548 ULONG TickCountPad[1]; /**< 0x32c */
549 };
550 };
551 ULONG Cookie; /**< 0x330 */
552 ULONG CookiePad[1]; /**< 0x334 */
553 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
554 ULONGLONG TimeUpdateLock; /**< 0x340 */
555 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
556 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
557 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
558 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
559 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
560 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
561 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
562 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
563 UCHAR Reserved8[14]; /**< 0x372 */
564 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
565 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
566 ULONG LangGenerationCount; /**< 0x3a4 */
567 ULONGLONG Reserved4; /**< 0x3a8 */
568 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 */
569 ULONGLONG volatile QpcBias; /**< 0x3b8 */
570 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
571 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
572 UCHAR Reserved9; /**< 0x3c5 */
573 union /**< 0x3c6 */
574 {
575 USHORT QpcData; /**< 0x3c6 */
576 struct /**< 0x3c6 */
577 {
578 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
579 UCHAR QpcShift; /**< 0x3c7 */
580 };
581 };
582 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
583 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
584 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
585} KUSER_SHARED_DATA;
586typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
587AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
588AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
589AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
590AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
591AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
592AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
593AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
594AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
595AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
596/** @def MM_SHARED_USER_DATA_VA
597 * Read only userland mapping of KUSER_SHARED_DATA. */
598#ifndef MM_SHARED_USER_DATA_VA
599# if ARCH_BITS == 32
600# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
601# elif ARCH_BITS == 64
602# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
603# else
604# error "Unsupported/undefined ARCH_BITS value."
605# endif
606#endif
607/** @def KI_USER_SHARED_DATA
608 * Read write kernel mapping of KUSER_SHARED_DATA. */
609#ifndef KI_USER_SHARED_DATA
610# ifdef RT_ARCH_X86
611# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
612# elif defined(RT_ARCH_AMD64)
613# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
614# else
615# error "PORT ME - KI_USER_SHARED_DATA"
616# endif
617#endif
618/** @} */
619
620
621/** @name Process And Thread Environment Blocks
622 * @{ */
623
624typedef struct _PEB_LDR_DATA
625{
626 uint32_t Length;
627 BOOLEAN Initialized;
628 BOOLEAN Padding[3];
629 HANDLE SsHandle;
630 LIST_ENTRY InLoadOrderModuleList;
631 LIST_ENTRY InMemoryOrderModuleList;
632 LIST_ENTRY InInitializationOrderModuleList;
633 /* End NT4 */
634 LIST_ENTRY *EntryInProgress;
635 BOOLEAN ShutdownInProgress;
636 HANDLE ShutdownThreadId;
637} PEB_LDR_DATA;
638typedef PEB_LDR_DATA *PPEB_LDR_DATA;
639
640typedef struct _PEB_COMMON
641{
642 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
643 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
644 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
645 union
646 {
647 uint8_t BitField; /**< 0x003 / 0x003 */
648 struct
649 {
650 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
651 } Common;
652 struct
653 {
654 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
655 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
656 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
657 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
658 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
659 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
660 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
661 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
662 } W81;
663 struct
664 {
665 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
666 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
667 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
668 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
669 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
670 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
671 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
672 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
673 } W80;
674 struct
675 {
676 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
677 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
678 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
679 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
680 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
681 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
682 } W7;
683 struct
684 {
685 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
686 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
687 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
688 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
689 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
690 } W6;
691 struct
692 {
693 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
694 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
695 } W52;
696 struct
697 {
698 BOOLEAN SpareBool;
699 } W51;
700 } Diff0;
701#if ARCH_BITS == 64
702 uint32_t Padding0; /**< 0x004 / NA */
703#endif
704 HANDLE Mutant; /**< 0x008 / 0x004 */
705 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
706 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
707 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
708 PVOID SubSystemData; /**< 0x028 / 0x014 */
709 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
710 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
711 union
712 {
713 struct
714 {
715 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
716 PVOID IFEOKey; /**< 0x048 / 0x024 */
717 union
718 {
719 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
720 struct
721 {
722 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
723 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
724 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
725 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
726 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
727 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
728 } W7, W8, W80, W81;
729 struct
730 {
731 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
732 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
733 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
734 } W6;
735 };
736#if ARCH_BITS == 64
737 uint32_t Padding1; /**< 0x054 / */
738#endif
739 } W6, W7, W8, W80, W81;
740 struct
741 {
742 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
743 PVOID SparePtr2; /**< 0x048 / 0x024 */
744 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
745#if ARCH_BITS == 64
746 uint32_t Padding1; /**< 0x054 / */
747#endif
748 } W52;
749 struct
750 {
751 PVOID FastPebLockRoutine; /**< NA / 0x020 */
752 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
753 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
754 } W51;
755 } Diff1;
756 union
757 {
758 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
759 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
760 };
761 uint32_t SystemReserved; /**< 0x060 / 0x030 */
762 union
763 {
764 struct
765 {
766 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
767 } W7, W8, W80, W81;
768 struct
769 {
770 uint32_t SpareUlong; /**< 0x064 / 0x034 */
771 } W52, W6;
772 struct
773 {
774 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
775 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
776 } W51;
777 } Diff2;
778 union
779 {
780 struct
781 {
782 PVOID ApiSetMap; /**< 0x068 / 0x038 */
783 } W7, W8, W80, W81;
784 struct
785 {
786 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
787 } W52, W6;
788 struct
789 {
790 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
791 } W51;
792 } Diff3;
793 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
794#if ARCH_BITS == 64
795 uint32_t Padding2; /**< 0x074 / NA */
796#endif
797 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
798 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
799 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
800 union
801 {
802 struct
803 {
804 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
805 } W81;
806 struct
807 {
808 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
809 } W6, W7, W80;
810 struct
811 {
812 PVOID ReadOnlySharedMemoryHeap;
813 } W52;
814 } Diff4;
815 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
816 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
817 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
818 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
819 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
820 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
821 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
822 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
823 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
824 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
825 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
826 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
827 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
828 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
829 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
830 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
831 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
832#if ARCH_BITS == 64
833 uint32_t Padding3; /**< 0x10c / NA */
834#endif
835 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
836 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
837 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
838 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
839 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
840 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
841 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
842 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
843 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
844#if ARCH_BITS == 64
845 uint32_t Padding4; /**< 0x134 / NA */
846#endif
847 union
848 {
849 struct
850 {
851 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
852 } W7, W8, W80, W81;
853 struct
854 {
855 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
856 } W52, W6;
857 } Diff5;
858 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
859 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
860 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
861 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
862 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
863#if ARCH_BITS == 64
864 uint32_t Padding5; /**< 0x2c4 / NA */
865#endif
866 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
867 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
868 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
869 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
870 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
871 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
872 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
873 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
874 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
875 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
876 /* End of PEB in W52 (Windows XP (RTM))! */
877 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
878 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
879 PVOID FlsBitmap; /**< 0x338 / 0x218 */
880 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
881 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
882 /* End of PEB in W52 (Windows Server 2003)! */
883 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
884 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
885 /* End of PEB in W6 (windows Vista)! */
886 union
887 {
888 struct
889 {
890 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
891 } W8, W80, W81;
892 struct
893 {
894 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
895 } W7;
896 } Diff6;
897 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
898 union
899 {
900 uint32_t TracingFlags; /**< 0x378 / 0x240 */
901 struct
902 {
903 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
904 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
905 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
906 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
907 } W8, W80, W81;
908 struct
909 {
910 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
911 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
912 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
913 } W7;
914 } Diff7;
915#if ARCH_BITS == 64
916 uint32_t Padding6; /**< 0x37c / NA */
917#endif
918 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
919} PEB_COMMON;
920typedef PEB_COMMON *PPEB_COMMON;
921
922AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
923AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
924AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
925AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
926AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
927AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
928AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
929AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
930AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
931
932/** The size of the windows 8.1 PEB structure. */
933#define PEB_SIZE_W81 sizeof(PEB_COMMON)
934/** The size of the windows 8.0 PEB structure. */
935#define PEB_SIZE_W80 sizeof(PEB_COMMON)
936/** The size of the windows 7 PEB structure. */
937#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
938/** The size of the windows vista PEB structure. */
939#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
940/** The size of the windows server 2003 PEB structure. */
941#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
942/** The size of the windows XP PEB structure. */
943#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
944
945#if 0
946typedef struct _NT_TIB
947{
948 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
949 PVOID StackBase;
950 PVOID StackLimit;
951 PVOID SubSystemTib;
952 union
953 {
954 PVOID FiberData;
955 ULONG Version;
956 };
957 PVOID ArbitraryUserPointer;
958 struct _NT_TIB *Self;
959} NT_TIB;
960typedef NT_TIB *PNT_TIB;
961#endif
962
963typedef struct _ACTIVATION_CONTEXT_STACK
964{
965 uint32_t Flags;
966 uint32_t NextCookieSequenceNumber;
967 PVOID ActiveFrame;
968 LIST_ENTRY FrameListCache;
969} ACTIVATION_CONTEXT_STACK;
970
971/* Common TEB. */
972typedef struct _TEB_COMMON
973{
974 NT_TIB NtTib; /**< 0x000 / 0x000 */
975 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
976 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
977 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
978 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
979 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
980 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
981 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
982 PVOID CsrClientThread; /**< 0x070 / 0x03c */
983 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
984 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
985 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
986 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
987 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
988 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
989 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
990 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
991#if ARCH_BITS == 64
992 uint32_t Padding0; /**< 0x2c4 / NA */
993#endif
994 union
995 {
996 struct
997 {
998 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
999 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1000 } W52, W6, W7, W8, W80, W81;
1001#if ARCH_BITS == 32
1002 struct
1003 {
1004 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1005 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1006 } W51;
1007#endif
1008 } Diff0;
1009 union
1010 {
1011 struct
1012 {
1013 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1014 } W6, W7, W8, W80, W81;
1015 struct
1016 {
1017 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1018 } W52;
1019 } Diff1;
1020#if ARCH_BITS == 64
1021 uint32_t Padding1; /**< 0x2ec / NA */
1022#endif
1023 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1024 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1025 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1026 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1027 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1028 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1029 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1030 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1031 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1032 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1033 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1034 PVOID glSection; /**< 0x1230 / 0xbe4 */
1035 PVOID glTable; /**< 0x1238 / 0xbe8 */
1036 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1037 PVOID glContext; /**< 0x1248 / 0xbf0 */
1038 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1039#if ARCH_BITS == 64
1040 uint32_t Padding2; /**< 0x1254 / NA */
1041#endif
1042 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1043 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1044#if ARCH_BITS == 64
1045 WCHAR Padding3[3]; /**< 0x1472 / NA */
1046#endif
1047 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1048 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1049 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1050 PVOID Vdm; /**< 0x1690 / 0xf18 */
1051 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1052 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1053 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1054#if ARCH_BITS == 64
1055 uint32_t Padding4; /**< 0x16b4 / NA */
1056#endif
1057 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1058 union
1059 {
1060 struct
1061 {
1062 GUID ActivityId; /**< 0x1710 / 0xf50 */
1063 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1064 } W6, W7, W8, W80, W81;
1065 struct
1066 {
1067 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1068 } W52;
1069 } Diff2;
1070 union /**< 0x1728 / 0xf64 */
1071 {
1072 struct
1073 {
1074 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1075 } W8, W80, W81;
1076 struct
1077 {
1078 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1079 } W7, W6;
1080 struct
1081 {
1082 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1083 } W52;
1084 struct
1085 {
1086 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1087 } W51;
1088 } Diff3;
1089 union
1090 {
1091 struct
1092 {
1093 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1094 } W52, W6, W7, W8, W80, W81;
1095 struct
1096 {
1097 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1098 } W51;
1099 } Diff4;
1100 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1101 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1102 union
1103 {
1104 union
1105 {
1106 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1107 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1108 struct
1109 {
1110 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1111 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1112 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1113 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1114 };
1115 } W6, W7, W8, W80, W81;
1116 struct
1117 {
1118 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1119 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1120 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1121 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1122 } W51, W52;
1123 } Diff5;
1124 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1125#if ARCH_BITS == 64
1126 uint32_t Padding5; /**< 0x174c / NA */
1127#endif
1128 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1129 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1130 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1131#if ARCH_BITS == 64
1132 uint32_t Padding6; /**< 0x1764 / NA */
1133#endif
1134 union /**< 0x1770 / 0xf8c */
1135 {
1136 struct
1137 {
1138 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1139 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1140 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1141 } W8, W80, W81;
1142 struct
1143 {
1144 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1145 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1146 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1147 } W6, W7;
1148 struct
1149 {
1150 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1151 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1152 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1153 } W52;
1154#if ARCH_BITS == 32
1155 struct _Wx86ThreadState
1156 {
1157 PVOID CallBx86Eip; /**< NA / 0xf88 */
1158 PVOID DeallocationCpu; /**< NA / 0xf8c */
1159 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1160 int8_t OleStubInvoked; /**< NA / 0xf91 */
1161 } W51;
1162#endif
1163 } Diff6;
1164 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1165#if ARCH_BITS == 64
1166 PVOID DallocationBStore; /**< 0x1788 / NA */
1167 PVOID BStoreLimit; /**< 0x1790 / NA */
1168#endif
1169 union
1170 {
1171 struct
1172 {
1173 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1174 } W7, W8, W80, W81;
1175 struct
1176 {
1177 uint32_t ImpersonationLocale;
1178 } W6;
1179 } Diff7;
1180 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1181 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1182 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1183 union /**< 0x17b0 / 0xfa8 */
1184 {
1185 struct
1186 {
1187 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1188 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1189 } W8, W80, W81;
1190 struct
1191 {
1192 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1193 } W7;
1194 } Diff8;
1195#if ARCH_BITS == 64
1196 uint32_t Padding7; /**< 0x17b4 / NA */
1197#endif
1198 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1199 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1200 /* End of TEB in W51 (Windows XP)! */
1201 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1202 union
1203 {
1204 struct
1205 {
1206 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1207 } W6, W7, W8, W80, W81;
1208 struct
1209 {
1210 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1211 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1212 /* End of TEB in W52 (Windows server 2003)! */
1213 } W52;
1214 } Diff9;
1215 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1216 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1217 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1218 union
1219 {
1220 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1221 struct
1222 {
1223 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1224 };
1225 };
1226 union
1227 {
1228 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1229 struct
1230 {
1231 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1232 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1233 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1234 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1235 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1236 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1237 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1238 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1239 } Common;
1240 struct
1241 {
1242 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1243 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1244 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1245 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1246 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1247 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1248 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1249 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1250 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1251 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1252 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1253 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1254 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1255 } W8, W80, W81;
1256 struct
1257 {
1258 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1259 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1260 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1261 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1262 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1263 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1264 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1265 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1266 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1267 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1268 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1269 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1270 } W7;
1271 struct
1272 {
1273 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1274 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1275 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1276 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1277 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1278 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1279 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1280 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1281 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1282 } W6;
1283 } Diff10;
1284 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1285 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1286 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1287 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1288 union
1289 {
1290 struct
1291 {
1292 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1293 } W7, W8, W80, W81;
1294 struct
1295 {
1296 uint32_t ProcessRundown;
1297 } W6;
1298 } Diff11;
1299 union
1300 {
1301 struct
1302 {
1303 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1304 /* End of TEB in W7 (windows 7)! */
1305 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1306 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1307 } W8, W80, W81;
1308 struct
1309 {
1310 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1311 } W7;
1312 struct
1313 {
1314 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1315 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1316 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1317 /* End of TEB in W6 (windows Vista)! */
1318 } W6;
1319 } Diff12;
1320} TEB_COMMON;
1321typedef TEB_COMMON *PTEB_COMMON;
1322AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1323AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1324AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1325AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1326AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1327AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1328AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1329AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1330AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1331AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1332AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1333AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1334AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1335
1336
1337/** The size of the windows 8.1 PEB structure. */
1338#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1339/** The size of the windows 8.0 PEB structure. */
1340#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1341/** The size of the windows 7 PEB structure. */
1342#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1343/** The size of the windows vista PEB structure. */
1344#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1345/** The size of the windows server 2003 PEB structure. */
1346#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1347/** The size of the windows XP PEB structure. */
1348#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1349
1350
1351
1352#define _PEB _PEB_COMMON
1353typedef PEB_COMMON PEB;
1354typedef PPEB_COMMON PPEB;
1355
1356#define _TEB _TEB_COMMON
1357typedef TEB_COMMON TEB;
1358typedef PTEB_COMMON PTEB;
1359
1360#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1361# ifdef RT_ARCH_X86
1362DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1363DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1364DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1365# elif defined(RT_ARCH_AMD64)
1366DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1367DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1368DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1369# else
1370# error "Port me"
1371# endif
1372#else
1373# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1374# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1375# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1376#endif
1377#define NtCurrentPeb() RTNtCurrentPeb()
1378
1379
1380/** @} */
1381
1382
1383#ifdef IPRT_NT_USE_WINTERNL
1384NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1385NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1386typedef enum _SECTION_INHERIT
1387{
1388 ViewShare = 1,
1389 ViewUnmap
1390} SECTION_INHERIT;
1391NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1392 ULONG, ULONG);
1393
1394
1395typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1396{
1397 ULONG FileSystemAttributes;
1398 LONG MaximumComponentNameLength;
1399 ULONG FileSystemNameLength;
1400 WCHAR FileSystemName[1];
1401} FILE_FS_ATTRIBUTE_INFORMATION;
1402typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1403
1404NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1405NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1406NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1407NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1408
1409typedef enum _FSINFOCLASS
1410{
1411 FileFsVolumeInformation = 1,
1412 FileFsLabelInformation,
1413 FileFsSizeInformation,
1414 FileFsDeviceInformation,
1415 FileFsAttributeInformation,
1416 FileFsControlInformation,
1417 FileFsFullSizeInformation,
1418 FileFsObjectIdInformation,
1419 FileFsDriverPathInformation,
1420 FileFsVolumeFlagsInformation,
1421 FileFsSectorSizeInformation,
1422 FileFsDataCopyInformation,
1423 FileFsMaximumInformation
1424} FS_INFORMATION_CLASS;
1425typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1426NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1427
1428typedef struct _FILE_BOTH_DIR_INFORMATION
1429{
1430 ULONG NextEntryOffset;
1431 ULONG FileIndex;
1432 LARGE_INTEGER CreationTime;
1433 LARGE_INTEGER LastAccessTime;
1434 LARGE_INTEGER LastWriteTime;
1435 LARGE_INTEGER ChangeTime;
1436 LARGE_INTEGER EndOfFile;
1437 LARGE_INTEGER AllocationSize;
1438 ULONG FileAttributes;
1439 ULONG FileNameLength;
1440 ULONG EaSize;
1441 CCHAR ShortNameLength;
1442 WCHAR ShortName[12];
1443 WCHAR FileName[1];
1444} FILE_BOTH_DIR_INFORMATION;
1445typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1446typedef struct _FILE_BASIC_INFORMATION
1447{
1448 LARGE_INTEGER CreationTime;
1449 LARGE_INTEGER LastAccessTime;
1450 LARGE_INTEGER LastWriteTime;
1451 LARGE_INTEGER ChangeTime;
1452 ULONG FileAttributes;
1453} FILE_BASIC_INFORMATION;
1454typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1455typedef struct _FILE_STANDARD_INFORMATION
1456{
1457 LARGE_INTEGER AllocationSize;
1458 LARGE_INTEGER EndOfFile;
1459 ULONG NumberOfLinks;
1460 BOOLEAN DeletePending;
1461 BOOLEAN Directory;
1462} FILE_STANDARD_INFORMATION;
1463typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1464typedef struct _FILE_NAME_INFORMATION
1465{
1466 ULONG FileNameLength;
1467 WCHAR FileName[1];
1468} FILE_NAME_INFORMATION;
1469typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1470typedef enum _FILE_INFORMATION_CLASS
1471{
1472 FileDirectoryInformation = 1,
1473 FileFullDirectoryInformation,
1474 FileBothDirectoryInformation,
1475 FileBasicInformation,
1476 FileStandardInformation,
1477 FileInternalInformation,
1478 FileEaInformation,
1479 FileAccessInformation,
1480 FileNameInformation,
1481 FileRenameInformation,
1482 FileLinkInformation,
1483 FileNamesInformation,
1484 FileDispositionInformation,
1485 FilePositionInformation,
1486 FileFullEaInformation,
1487 FileModeInformation,
1488 FileAlignmentInformation,
1489 FileAllInformation,
1490 FileAllocationInformation,
1491 FileEndOfFileInformation,
1492 FileAlternateNameInformation,
1493 FileStreamInformation,
1494 FilePipeInformation,
1495 FilePipeLocalInformation,
1496 FilePipeRemoteInformation,
1497 FileMailslotQueryInformation,
1498 FileMailslotSetInformation,
1499 FileCompressionInformation,
1500 FileObjectIdInformation,
1501 FileCompletionInformation,
1502 FileMoveClusterInformation,
1503 FileQuotaInformation,
1504 FileReparsePointInformation,
1505 FileNetworkOpenInformation,
1506 FileAttributeTagInformation,
1507 FileTrackingInformation,
1508 FileIdBothDirectoryInformation,
1509 FileIdFullDirectoryInformation,
1510 FileValidDataLengthInformation,
1511 FileShortNameInformation,
1512 FileIoCompletionNotificationInformation,
1513 FileIoStatusBlockRangeInformation,
1514 FileIoPriorityHintInformation,
1515 FileSfioReserveInformation,
1516 FileSfioVolumeInformation,
1517 FileHardLinkInformation,
1518 FileProcessIdsUsingFileInformation,
1519 FileNormalizedNameInformation,
1520 FileNetworkPhysicalNameInformation,
1521 FileIdGlobalTxDirectoryInformation,
1522 FileIsRemoteDeviceInformation,
1523 FileUnusedInformation,
1524 FileNumaNodeInformation,
1525 FileStandardLinkInformation,
1526 FileRemoteProtocolInformation,
1527 FileRenameInformationBypassAccessCheck,
1528 FileLinkInformationBypassAccessCheck,
1529 FileVolumeNameInformation,
1530 FileIdInformation,
1531 FileIdExtdDirectoryInformation,
1532 FileReplaceCompletionInformation,
1533 FileHardLinkFullIdInformation,
1534 FileMaximumInformation
1535} FILE_INFORMATION_CLASS;
1536typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1537NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1538NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1539 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1540
1541/** For use with KeyBasicInformation. */
1542typedef struct _KEY_BASIC_INFORMATION
1543{
1544 LARGE_INTEGER LastWriteTime;
1545 ULONG TitleIndex;
1546 ULONG NameLength;
1547 WCHAR Name[1];
1548} KEY_BASIC_INFORMATION;
1549typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1550
1551/** For use with KeyNodeInformation. */
1552typedef struct _KEY_NODE_INFORMATION
1553{
1554 LARGE_INTEGER LastWriteTime;
1555 ULONG TitleIndex;
1556 ULONG ClassOffset; /**< Offset from the start of the structure. */
1557 ULONG ClassLength;
1558 ULONG NameLength;
1559 WCHAR Name[1];
1560} KEY_NODE_INFORMATION;
1561typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1562
1563/** For use with KeyFullInformation. */
1564typedef struct _KEY_FULL_INFORMATION
1565{
1566 LARGE_INTEGER LastWriteTime;
1567 ULONG TitleIndex;
1568 ULONG ClassOffset; /**< Offset of the Class member. */
1569 ULONG ClassLength;
1570 ULONG SubKeys;
1571 ULONG MaxNameLen;
1572 ULONG MaxClassLen;
1573 ULONG Values;
1574 ULONG MaxValueNameLen;
1575 ULONG MaxValueDataLen;
1576 WCHAR Class[1];
1577} KEY_FULL_INFORMATION;
1578typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1579
1580/** For use with KeyNameInformation. */
1581typedef struct _KEY_NAME_INFORMATION
1582{
1583 ULONG NameLength;
1584 WCHAR Name[1];
1585} KEY_NAME_INFORMATION;
1586typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1587
1588/** For use with KeyCachedInformation. */
1589typedef struct _KEY_CACHED_INFORMATION
1590{
1591 LARGE_INTEGER LastWriteTime;
1592 ULONG TitleIndex;
1593 ULONG SubKeys;
1594 ULONG MaxNameLen;
1595 ULONG Values;
1596 ULONG MaxValueNameLen;
1597 ULONG MaxValueDataLen;
1598 ULONG NameLength;
1599} KEY_CACHED_INFORMATION;
1600typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1601
1602/** For use with KeyVirtualizationInformation. */
1603typedef struct _KEY_VIRTUALIZATION_INFORMATION
1604{
1605 ULONG VirtualizationCandidate : 1;
1606 ULONG VirtualizationEnabled : 1;
1607 ULONG VirtualTarget : 1;
1608 ULONG VirtualStore : 1;
1609 ULONG VirtualSource : 1;
1610 ULONG Reserved : 27;
1611} KEY_VIRTUALIZATION_INFORMATION;
1612typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1613
1614typedef enum _KEY_INFORMATION_CLASS
1615{
1616 KeyBasicInformation = 0,
1617 KeyNodeInformation,
1618 KeyFullInformation,
1619 KeyNameInformation,
1620 KeyCachedInformation,
1621 KeyFlagsInformation,
1622 KeyVirtualizationInformation,
1623 KeyHandleTagsInformation,
1624 MaxKeyInfoClass
1625} KEY_INFORMATION_CLASS;
1626NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1627NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1628
1629typedef struct _MEMORY_SECTION_NAME
1630{
1631 UNICODE_STRING SectionFileName;
1632 WCHAR NameBuffer[1];
1633} MEMORY_SECTION_NAME;
1634
1635#ifdef IPRT_NT_USE_WINTERNL
1636typedef struct _PROCESS_BASIC_INFORMATION
1637{
1638 NTSTATUS ExitStatus;
1639 PPEB PebBaseAddress;
1640 ULONG_PTR AffinityMask;
1641 int32_t BasePriority;
1642 ULONG_PTR UniqueProcessId;
1643 ULONG_PTR InheritedFromUniqueProcessId;
1644} PROCESS_BASIC_INFORMATION;
1645typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1646#endif
1647
1648typedef enum _PROCESSINFOCLASS
1649{
1650 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1651 ProcessQuotaLimits, /**< 1 / 0x01 */
1652 ProcessIoCounters, /**< 2 / 0x02 */
1653 ProcessVmCounters, /**< 3 / 0x03 */
1654 ProcessTimes, /**< 4 / 0x04 */
1655 ProcessBasePriority, /**< 5 / 0x05 */
1656 ProcessRaisePriority, /**< 6 / 0x06 */
1657 ProcessDebugPort, /**< 7 / 0x07 */
1658 ProcessExceptionPort, /**< 8 / 0x08 */
1659 ProcessAccessToken, /**< 9 / 0x09 */
1660 ProcessLdtInformation, /**< 10 / 0x0a */
1661 ProcessLdtSize, /**< 11 / 0x0b */
1662 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1663 ProcessIoPortHandlers, /**< 13 / 0x0d */
1664 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1665 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1666 ProcessUserModeIOPL, /**< 16 / 0x10 */
1667 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1668 ProcessPriorityClass, /**< 18 / 0x12 */
1669 ProcessWx86Information, /**< 19 / 0x13 */
1670 ProcessHandleCount, /**< 20 / 0x14 */
1671 ProcessAffinityMask, /**< 21 / 0x15 */
1672 ProcessPriorityBoost, /**< 22 / 0x16 */
1673 ProcessDeviceMap, /**< 23 / 0x17 */
1674 ProcessSessionInformation, /**< 24 / 0x18 */
1675 ProcessForegroundInformation, /**< 25 / 0x19 */
1676 ProcessWow64Information, /**< 26 / 0x1a */
1677 ProcessImageFileName, /**< 27 / 0x1b */
1678 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1679 ProcessBreakOnTermination, /**< 29 / 0x1d */
1680 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1681 ProcessDebugFlags, /**< 31 / 0x1f */
1682 ProcessHandleTracing, /**< 32 / 0x20 */
1683 ProcessIoPriority, /**< 33 / 0x21 */
1684 ProcessExecuteFlags, /**< 34 / 0x22 */
1685 ProcessTlsInformation, /**< 35 / 0x23 */
1686 ProcessCookie, /**< 36 / 0x24 */
1687 ProcessImageInformation, /**< 37 / 0x25 */
1688 ProcessCycleTime, /**< 38 / 0x26 */
1689 ProcessPagePriority, /**< 39 / 0x27 */
1690 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1691 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1692 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1693 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1694 ProcessImageFileMapping, /**< 44 / 0x2c */
1695 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1696 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1697 ProcessGroupInformation, /**< 47 / 0x2f */
1698 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1699 ProcessConsoleHostProcess, /**< 49 / 0x31 */
1700 ProcessWindowsInformation, /**< 50 / 0x32 */
1701 ProcessUnknown51,
1702 ProcessUnknown52,
1703 ProcessUnknown53,
1704 ProcessUnknown54,
1705 ProcessUnknown55,
1706 ProcessUnknown56,
1707 ProcessUnknown57,
1708 ProcessUnknown58,
1709 ProcessUnknown59,
1710 ProcessUnknown60,
1711 ProcessUnknown61,
1712 ProcessUnknown62,
1713 ProcessUnknown63,
1714 ProcessUnknown64,
1715 ProcessUnknown65,
1716 ProcessUnknown66,
1717 ProcessMaybe_KeSetCpuSetsProcess, /**< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. */
1718 MaxProcessInfoClass /**< 68 / 0x44 */
1719} PROCESSINFOCLASS;
1720NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1721
1722typedef enum _THREADINFOCLASS
1723{
1724 ThreadBasicInformation = 0,
1725 ThreadTimes,
1726 ThreadPriority,
1727 ThreadBasePriority,
1728 ThreadAffinityMask,
1729 ThreadImpersonationToken,
1730 ThreadDescriptorTableEntry,
1731 ThreadEnableAlignmentFaultFixup,
1732 ThreadEventPair_Reusable,
1733 ThreadQuerySetWin32StartAddress,
1734 ThreadZeroTlsCell,
1735 ThreadPerformanceCount,
1736 ThreadAmILastThread,
1737 ThreadIdealProcessor,
1738 ThreadPriorityBoost,
1739 ThreadSetTlsArrayAddress,
1740 ThreadIsIoPending,
1741 ThreadHideFromDebugger,
1742 ThreadBreakOnTermination,
1743 ThreadSwitchLegacyState,
1744 ThreadIsTerminated,
1745 ThreadLastSystemCall,
1746 ThreadIoPriority,
1747 ThreadCycleTime,
1748 ThreadPagePriority,
1749 ThreadActualBasePriority,
1750 ThreadTebInformation,
1751 ThreadCSwitchMon,
1752 ThreadCSwitchPmu,
1753 ThreadWow64Context,
1754 ThreadGroupInformation,
1755 ThreadUmsInformation,
1756 ThreadCounterProfiling,
1757 ThreadIdealProcessorEx,
1758 ThreadCpuAccountingInformation,
1759 MaxThreadInfoClass
1760} THREADINFOCLASS;
1761NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1762
1763NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1764
1765NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1766NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1767NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1768
1769NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1770NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1771
1772NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1773NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1774NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1775NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1776NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1777NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1778NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1779NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1780NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1781
1782#endif /* IPRT_NT_USE_WINTERNL */
1783
1784typedef enum _OBJECT_INFORMATION_CLASS
1785{
1786 ObjectBasicInformation = 0,
1787 ObjectNameInformation,
1788 ObjectTypeInformation,
1789 ObjectAllInformation,
1790 ObjectDataInformation
1791} OBJECT_INFORMATION_CLASS;
1792typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1793#ifdef IN_RING0
1794# define NtQueryObject ZwQueryObject
1795#endif
1796NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1797NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1798NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1799
1800NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1801
1802typedef struct _OBJECT_DIRECTORY_INFORMATION
1803{
1804 UNICODE_STRING Name;
1805 UNICODE_STRING TypeName;
1806} OBJECT_DIRECTORY_INFORMATION;
1807typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1808NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1809
1810NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1811NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1812/** @name ProcessDefaultHardErrorMode bit definitions.
1813 * @{ */
1814#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1815#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1816#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1817#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1818/** @} */
1819NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1820NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1821
1822/** Retured by ProcessImageInformation as well as NtQuerySection. */
1823typedef struct _SECTION_IMAGE_INFORMATION
1824{
1825 PVOID TransferAddress;
1826 ULONG ZeroBits;
1827 SIZE_T MaximumStackSize;
1828 SIZE_T CommittedStackSize;
1829 ULONG SubSystemType;
1830 union
1831 {
1832 struct
1833 {
1834 USHORT SubSystemMinorVersion;
1835 USHORT SubSystemMajorVersion;
1836 };
1837 ULONG SubSystemVersion;
1838 };
1839 ULONG GpValue;
1840 USHORT ImageCharacteristics;
1841 USHORT DllCharacteristics;
1842 USHORT Machine;
1843 BOOLEAN ImageContainsCode;
1844 union /**< Since Vista, used to be a spare BOOLEAN. */
1845 {
1846 struct
1847 {
1848 UCHAR ComPlusNativeRead : 1;
1849 UCHAR ComPlusILOnly : 1;
1850 UCHAR ImageDynamicallyRelocated : 1;
1851 UCHAR ImageMAppedFlat : 1;
1852 UCHAR Reserved : 4;
1853 };
1854 UCHAR ImageFlags;
1855 };
1856 ULONG LoaderFlags;
1857 ULONG ImageFileSize; /**< Since XP? */
1858 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
1859} SECTION_IMAGE_INFORMATION;
1860typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1861
1862typedef enum _SECTION_INFORMATION_CLASS
1863{
1864 SectionBasicInformation = 0,
1865 SectionImageInformation,
1866 MaxSectionInfoClass
1867} SECTION_INFORMATION_CLASS;
1868NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1869
1870NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1871NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1872NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1873#ifndef SYMBOLIC_LINK_QUERY
1874# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1875#endif
1876#ifndef SYMBOLIC_LINK_ALL_ACCESS
1877# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
1878#endif
1879
1880NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1881NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1882NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1883NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1884NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1885NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1886
1887
1888#ifndef SEC_FILE
1889# define SEC_FILE UINT32_C(0x00800000)
1890#endif
1891#ifndef SEC_IMAGE
1892# define SEC_IMAGE UINT32_C(0x01000000)
1893#endif
1894#ifndef SEC_PROTECTED_IMAGE
1895# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1896#endif
1897#ifndef SEC_NOCACHE
1898# define SEC_NOCACHE UINT32_C(0x10000000)
1899#endif
1900#ifndef MEM_ROTATE
1901# define MEM_ROTATE UINT32_C(0x00800000)
1902#endif
1903typedef enum _MEMORY_INFORMATION_CLASS
1904{
1905 MemoryBasicInformation = 0,
1906 MemoryWorkingSetList,
1907 MemorySectionName,
1908 MemoryBasicVlmInformation
1909} MEMORY_INFORMATION_CLASS;
1910#ifdef IN_RING0
1911typedef struct _MEMORY_BASIC_INFORMATION
1912{
1913 PVOID BaseAddress;
1914 PVOID AllocationBase;
1915 ULONG AllocationProtect;
1916 SIZE_T RegionSize;
1917 ULONG State;
1918 ULONG Protect;
1919 ULONG Type;
1920} MEMORY_BASIC_INFORMATION;
1921typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1922# define NtQueryVirtualMemory ZwQueryVirtualMemory
1923#endif
1924NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1925#ifdef IPRT_NT_USE_WINTERNL
1926NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1927#endif
1928NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1929NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1930
1931typedef enum _SYSTEM_INFORMATION_CLASS
1932{
1933 SystemBasicInformation = 0,
1934 SystemCpuInformation,
1935 SystemPerformanceInformation,
1936 SystemTimeOfDayInformation,
1937 SystemInformation_Unknown_4,
1938 SystemProcessInformation,
1939 SystemInformation_Unknown_6,
1940 SystemInformation_Unknown_7,
1941 SystemProcessorPerformanceInformation,
1942 SystemInformation_Unknown_9,
1943 SystemInformation_Unknown_10,
1944 SystemModuleInformation,
1945 SystemInformation_Unknown_12,
1946 SystemInformation_Unknown_13,
1947 SystemInformation_Unknown_14,
1948 SystemInformation_Unknown_15,
1949 SystemHandleInformation,
1950 SystemInformation_Unknown_17,
1951 SystemPageFileInformation,
1952 SystemInformation_Unknown_19,
1953 SystemInformation_Unknown_20,
1954 SystemCacheInformation,
1955 SystemInformation_Unknown_22,
1956 SystemInterruptInformation,
1957 SystemDpcBehaviourInformation,
1958 SystemFullMemoryInformation,
1959 SystemLoadGdiDriverInformation, /* 26 */
1960 SystemUnloadGdiDriverInformation, /* 27 */
1961 SystemTimeAdjustmentInformation,
1962 SystemSummaryMemoryInformation,
1963 SystemInformation_Unknown_30,
1964 SystemInformation_Unknown_31,
1965 SystemInformation_Unknown_32,
1966 SystemExceptionInformation,
1967 SystemCrashDumpStateInformation,
1968 SystemKernelDebuggerInformation,
1969 SystemContextSwitchInformation,
1970 SystemRegistryQuotaInformation,
1971 SystemInformation_Unknown_38,
1972 SystemInformation_Unknown_39,
1973 SystemInformation_Unknown_40,
1974 SystemInformation_Unknown_41,
1975 SystemInformation_Unknown_42,
1976 SystemInformation_Unknown_43,
1977 SystemCurrentTimeZoneInformation,
1978 SystemLookasideInformation,
1979 SystemSetTimeSlipEvent,
1980 SystemCreateSession,
1981 SystemDeleteSession,
1982 SystemInformation_Unknown_49,
1983 SystemRangeStartInformation,
1984 SystemVerifierInformation,
1985 SystemInformation_Unknown_52,
1986 SystemSessionProcessInformation,
1987 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
1988 SystemInformation_Unknown_55,
1989 SystemInformation_Unknown_56,
1990 SystemExtendedProcessInformation,
1991 SystemInformation_Unknown_58,
1992 SystemInformation_Unknown_59,
1993 SystemInformation_Unknown_60,
1994 SystemInformation_Unknown_61,
1995 SystemInformation_Unknown_62,
1996 SystemInformation_Unknown_63,
1997 SystemExtendedHandleInformation, /* 64 */
1998 SystemInformation_Unknown_65,
1999 SystemInformation_Unknown_66,
2000 SystemInformation_Unknown_67,
2001 SystemInformation_Unknown_68,
2002 SystemInformation_HotPatchInfo, /* 69 */
2003 SystemInformation_Unknown_70,
2004 SystemInformation_Unknown_71,
2005 SystemInformation_Unknown_72,
2006 SystemInformation_Unknown_73,
2007 SystemInformation_Unknown_74,
2008 SystemInformation_Unknown_75,
2009 SystemInformation_Unknown_76,
2010 SystemInformation_Unknown_77,
2011 SystemInformation_Unknown_78,
2012 SystemInformation_Unknown_79,
2013 SystemInformation_Unknown_80,
2014 SystemInformation_Unknown_81,
2015 SystemInformation_Unknown_82,
2016 SystemInformation_Unknown_83,
2017 SystemInformation_Unknown_84,
2018 SystemInformation_Unknown_85,
2019 SystemInformation_Unknown_86,
2020 SystemInformation_Unknown_87,
2021 SystemInformation_Unknown_88,
2022 SystemInformation_Unknown_89,
2023 SystemInformation_Unknown_90,
2024 SystemInformation_Unknown_91,
2025 SystemInformation_Unknown_92,
2026 SystemInformation_Unknown_93,
2027 SystemInformation_Unknown_94,
2028 SystemInformation_Unknown_95,
2029 SystemInformation_KiOpPrefetchPatchCount,
2030
2031 /** @todo fill gap. they've added a whole bunch of things */
2032 SystemPolicyInformation = 134,
2033 SystemInformationClassMax
2034} SYSTEM_INFORMATION_CLASS;
2035
2036#ifdef IPRT_NT_USE_WINTERNL
2037typedef struct _VM_COUNTERS
2038{
2039 SIZE_T PeakVirtualSize;
2040 SIZE_T VirtualSize;
2041 ULONG PageFaultCount;
2042 SIZE_T PeakWorkingSetSize;
2043 SIZE_T WorkingSetSize;
2044 SIZE_T QuotaPeakPagedPoolUsage;
2045 SIZE_T QuotaPagedPoolUsage;
2046 SIZE_T QuotaPeakNonPagedPoolUsage;
2047 SIZE_T QuotaNonPagedPoolUsage;
2048 SIZE_T PagefileUsage;
2049 SIZE_T PeakPagefileUsage;
2050} VM_COUNTERS;
2051typedef VM_COUNTERS *PVM_COUNTERS;
2052#endif
2053
2054#if 0
2055typedef struct _IO_COUNTERS
2056{
2057 ULONGLONG ReadOperationCount;
2058 ULONGLONG WriteOperationCount;
2059 ULONGLONG OtherOperationCount;
2060 ULONGLONG ReadTransferCount;
2061 ULONGLONG WriteTransferCount;
2062 ULONGLONG OtherTransferCount;
2063} IO_COUNTERS;
2064typedef IO_COUNTERS *PIO_COUNTERS;
2065#endif
2066
2067typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2068{
2069 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2070 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2071 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2072 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2073 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2074 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2075 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2076 int32_t BasePriority; /**< 0x40 / 0x48 */
2077 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2078 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2079 ULONG HandleCount; /**< 0x4c / 0x60 */
2080 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2081 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2082 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2083 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2084 /* After this follows the threads, then the ProcessName.Buffer. */
2085} RTNT_SYSTEM_PROCESS_INFORMATION;
2086typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2087#ifndef IPRT_NT_USE_WINTERNL
2088typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2089typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2090#endif
2091
2092typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2093{
2094 USHORT UniqueProcessId;
2095 USHORT CreatorBackTraceIndex;
2096 UCHAR ObjectTypeIndex;
2097 UCHAR HandleAttributes;
2098 USHORT HandleValue;
2099 PVOID Object;
2100 ULONG GrantedAccess;
2101} SYSTEM_HANDLE_ENTRY_INFO;
2102typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2103
2104/** Returned by SystemHandleInformation */
2105typedef struct _SYSTEM_HANDLE_INFORMATION
2106{
2107 ULONG NumberOfHandles;
2108 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2109} SYSTEM_HANDLE_INFORMATION;
2110typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2111
2112/** Extended handle information entry.
2113 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2114typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2115{
2116 PVOID Object;
2117 HANDLE UniqueProcessId;
2118 HANDLE HandleValue;
2119 ACCESS_MASK GrantedAccess;
2120 USHORT CreatorBackTraceIndex;
2121 USHORT ObjectTypeIndex;
2122 ULONG HandleAttributes;
2123 ULONG Reserved;
2124} SYSTEM_HANDLE_ENTRY_INFO_EX;
2125typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2126
2127/** Returned by SystemExtendedHandleInformation. */
2128typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2129{
2130 ULONG_PTR NumberOfHandles;
2131 ULONG_PTR Reserved;
2132 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2133} SYSTEM_HANDLE_INFORMATION_EX;
2134typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2135
2136/** Input to SystemSessionProcessInformation. */
2137typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2138{
2139 ULONG SessionId;
2140 ULONG BufferLength;
2141 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2142 PVOID Buffer;
2143} SYSTEM_SESSION_PROCESS_INFORMATION;
2144typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2145
2146NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2147
2148NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2149NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2150#ifndef IPRT_NT_USE_WINTERNL
2151NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2152#endif
2153typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2154typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2155NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2156
2157NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2158
2159#ifdef IPRT_NT_USE_WINTERNL
2160typedef enum _EVENT_TYPE
2161{
2162 /* Manual reset event. */
2163 NotificationEvent = 0,
2164 /* Automaitc reset event. */
2165 SynchronizationEvent
2166} EVENT_TYPE;
2167#endif
2168NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2169NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2170typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2171NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2172NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2173NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2174typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2175typedef enum _EVENT_INFORMATION_CLASS
2176{
2177 EventBasicInformation = 0
2178} EVENT_INFORMATION_CLASS;
2179/** Data returned by NtQueryEvent + EventBasicInformation. */
2180typedef struct EVENT_BASIC_INFORMATION
2181{
2182 EVENT_TYPE EventType;
2183 ULONG EventState;
2184} EVENT_BASIC_INFORMATION;
2185typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2186NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2187
2188#ifdef IPRT_NT_USE_WINTERNL
2189/** For NtQueryValueKey. */
2190typedef enum _KEY_VALUE_INFORMATION_CLASS
2191{
2192 KeyValueBasicInformation = 0,
2193 KeyValueFullInformation,
2194 KeyValuePartialInformation,
2195 KeyValueFullInformationAlign64,
2196 KeyValuePartialInformationAlign64
2197} KEY_VALUE_INFORMATION_CLASS;
2198
2199/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2200typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2201{
2202 ULONG TitleIndex;
2203 ULONG Type;
2204 ULONG DataLength;
2205 UCHAR Data[1];
2206} KEY_VALUE_PARTIAL_INFORMATION;
2207typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2208#endif
2209NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2210NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2211
2212
2213NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2214
2215
2216typedef struct _CURDIR
2217{
2218 UNICODE_STRING DosPath;
2219 HANDLE Handle;
2220} CURDIR;
2221typedef CURDIR *PCURDIR;
2222
2223typedef struct _RTL_DRIVE_LETTER_CURDIR
2224{
2225 USHORT Flags;
2226 USHORT Length;
2227 ULONG TimeStamp;
2228 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2229} RTL_DRIVE_LETTER_CURDIR;
2230typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2231
2232typedef struct _RTL_USER_PROCESS_PARAMETERS
2233{
2234 ULONG MaximumLength;
2235 ULONG Length;
2236 ULONG Flags;
2237 ULONG DebugFlags;
2238 HANDLE ConsoleHandle;
2239 ULONG ConsoleFlags;
2240 HANDLE StandardInput;
2241 HANDLE StandardOutput;
2242 HANDLE StandardError;
2243 CURDIR CurrentDirectory;
2244 UNICODE_STRING DllPath;
2245 UNICODE_STRING ImagePathName;
2246 UNICODE_STRING CommandLine;
2247 PWSTR Environment;
2248 ULONG StartingX;
2249 ULONG StartingY;
2250 ULONG CountX;
2251 ULONG CountY;
2252 ULONG CountCharsX;
2253 ULONG CountCharsY;
2254 ULONG FillAttribute;
2255 ULONG WindowFlags;
2256 ULONG ShowWindowFlags;
2257 UNICODE_STRING WindowTitle;
2258 UNICODE_STRING DesktopInfo;
2259 UNICODE_STRING ShellInfo;
2260 UNICODE_STRING RuntimeInfo;
2261 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2262 SIZE_T EnvironmentSize; /**< Added in Vista */
2263 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2264 PVOID PackageDependencyData; /**< Added Windows 8? */
2265 ULONG ProcessGroupId; /**< Added Windows 8? */
2266} RTL_USER_PROCESS_PARAMETERS;
2267typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2268#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2269
2270typedef struct _RTL_USER_PROCESS_INFORMATION
2271{
2272 ULONG Size;
2273 HANDLE ProcessHandle;
2274 HANDLE ThreadHandle;
2275 CLIENT_ID ClientId;
2276 SECTION_IMAGE_INFORMATION ImageInformation;
2277} RTL_USER_PROCESS_INFORMATION;
2278typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2279
2280
2281NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2282 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2283NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2284 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2285 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2286 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2287 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2288NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2289NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2290 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2291
2292#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2293typedef struct _RTL_CRITICAL_SECTION
2294{
2295 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2296 LONG LockCount;
2297 LONG Recursioncount;
2298 HANDLE OwningThread;
2299 HANDLE LockSemaphore;
2300 ULONG_PTR SpinCount;
2301} RTL_CRITICAL_SECTION;
2302typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2303#endif
2304
2305RT_C_DECLS_END
2306/** @} */
2307
2308
2309#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2310/** @name NT Kernel APIs
2311 * @{ */
2312RT_C_DECLS_BEGIN
2313
2314typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2315
2316NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2317typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2318NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2319typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2320NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2321typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2322NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2323typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2324NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2325typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2326NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2327typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2328NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2329typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2330NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2331typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2332NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2333typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2334NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2335typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2336/** Works like anding the complemented subtrahend with the minuend. */
2337NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2338typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2339NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2340typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2341NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2342typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2343NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2344typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2345NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2346typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2347NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2348typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2349typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2350typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2351
2352NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2353 PVOID pvOptionalConditions, PHANDLE phFound);
2354NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2355 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2356 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2357NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2358NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2359NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2360NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2361extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2362extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2363
2364typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2365typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2366
2367RT_C_DECLS_END
2368/** @ */
2369#endif /* IN_RING0 */
2370
2371
2372#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2373/** @name NT Userland APIs
2374 * @{ */
2375RT_C_DECLS_BEGIN
2376
2377#if 0 /** @todo figure this out some time... */
2378typedef struct CSR_MSG_DATA_CREATED_PROCESS
2379{
2380 HANDLE hProcess;
2381 HANDLE hThread;
2382 CLIENT_ID
2383 DWORD idProcess;
2384 DWORD idThread;
2385 DWORD fCreate;
2386
2387} CSR_MSG_DATA_CREATED_PROCESS;
2388
2389#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2390#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2391NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2392#endif
2393
2394NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2395
2396typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2397{
2398 ULONG Flags;
2399 PCUNICODE_STRING FullDllName;
2400 PCUNICODE_STRING BaseDllName;
2401 PVOID DllBase;
2402 ULONG SizeOfImage;
2403} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2404typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2405typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2406
2407typedef union _LDR_DLL_NOTIFICATION_DATA
2408{
2409 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2410 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2411} LDR_DLL_NOTIFICATION_DATA;
2412typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2413typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2414
2415typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2416
2417#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2418#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2419NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2420 PVOID *pvCookie);
2421typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2422NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2423typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2424
2425NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2426 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2427typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2428 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2429NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2430typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2431NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2432 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2433typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2434 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2435#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2436#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2437/** @since Windows XP. */
2438NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2439 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2440/** @since Windows XP. */
2441typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2442 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2443/** @since Windows 7. */
2444NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2445/** @since Windows 7. */
2446typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2447/** @since Windows 7. */
2448NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2449 OUT PHANDLE phDll);
2450/** @since Windows 7. */
2451typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2452 OUT PHANDLE phDll);
2453#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2454NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2455typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2456NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2457 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2458typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2459 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2460#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2461/** @since Windows Vista. */
2462NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2463 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2464/** @since Windows Vista. */
2465typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2466 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2467#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2468#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2469#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2470#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2471#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2472/** @since Windows XP. */
2473NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2474/** @since Windows XP. */
2475typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2476#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2477/** @since Windows XP. */
2478NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2479/** @since Windows XP. */
2480typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2481
2482NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2483NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2484NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2485NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2486 IN PCUNICODE_STRING pOrgName,
2487 IN PUNICODE_STRING pDefaultSuffix,
2488 IN OUT PUNICODE_STRING pStaticString,
2489 IN OUT PUNICODE_STRING pDynamicString,
2490 IN OUT PUNICODE_STRING *ppResultString,
2491 IN PULONG pfNewFlags OPTIONAL,
2492 IN PSIZE_T pcbFilename OPTIONAL,
2493 IN PSIZE_T pcbNeeded OPTIONAL);
2494
2495# ifdef IPRT_NT_USE_WINTERNL
2496typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2497typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2498typedef struct _RTL_HEAP_PARAMETERS
2499{
2500 ULONG Length;
2501 SIZE_T SegmentReserve;
2502 SIZE_T SegmentCommit;
2503 SIZE_T DeCommitFreeBlockThreshold;
2504 SIZE_T DeCommitTotalFreeThreshold;
2505 SIZE_T MaximumAllocationSize;
2506 SIZE_T VirtualMemoryThreshold;
2507 SIZE_T InitialCommit;
2508 SIZE_T InitialReserve;
2509 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2510 SIZE_T Reserved[2];
2511} RTL_HEAP_PARAMETERS;
2512typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2513NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2514 PRTL_HEAP_PARAMETERS pParameters);
2515/** @name Heap flags (for RtlCreateHeap).
2516 * @{ */
2517/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2518# define HEAP_GROWABLE UINT32_C(0x00000002)
2519# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2520# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2521# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2522# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2523# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2524# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2525# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2526# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2527# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2528# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2529# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2530# define HEAP_CLASS_0 UINT32_C(0x00000000)
2531# define HEAP_CLASS_1 UINT32_C(0x00001000)
2532# define HEAP_CLASS_2 UINT32_C(0x00002000)
2533# define HEAP_CLASS_3 UINT32_C(0x00003000)
2534# define HEAP_CLASS_4 UINT32_C(0x00004000)
2535# define HEAP_CLASS_5 UINT32_C(0x00005000)
2536# define HEAP_CLASS_6 UINT32_C(0x00006000)
2537# define HEAP_CLASS_7 UINT32_C(0x00007000)
2538# define HEAP_CLASS_8 UINT32_C(0x00008000)
2539# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2540# endif
2541# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2542# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2543# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2544# define HEAP_CLASS_GDI HEAP_CLASS_3
2545# define HEAP_CLASS_USER HEAP_CLASS_4
2546# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2547# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2548# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2549# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2550# ifdef IPRT_NT_USE_WINTERNL
2551/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2552# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2553# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2554# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2555# endif /* IPRT_NT_USE_WINTERNL */
2556/** @} */
2557# ifdef IPRT_NT_USE_WINTERNL
2558/** @name Heap tagging constants
2559 * @{ */
2560# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2561/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2562# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2563# define HEAP_TAG_SHIFT 18 */
2564# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2565/** @} */
2566NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2567NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2568NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2569# endif /* IPRT_NT_USE_WINTERNL */
2570NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2571NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2572NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2573NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2574NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2575NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2576NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2577NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2578NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2579NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2580typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2581
2582RT_C_DECLS_END
2583/** @} */
2584#endif /* IN_RING3 */
2585
2586#endif
2587
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette