VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 62662

Last change on this file since 62662 was 62662, checked in by vboxsync, 8 years ago

iprt/nt/nt.h: wdw.h warning supression
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 121.2 KB
Line 
1/* $Id: nt.h 62662 2016-07-28 22:51:46Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2016 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQuerySystemInformation ZwQuerySystemInformation
43# define NtQuerySecurityObject ZwQuerySecurityObject
44# define NtClose ZwClose
45# define NtCreateFile ZwCreateFile
46# define NtReadFile ZwReadFile
47# define NtWriteFile ZwWriteFile
48# define NtFlushBuffersFile ZwFlushBuffersFile
49/** @todo this is very incomplete! */
50#endif
51
52#include <ntstatus.h>
53
54/*
55 * Hacks common to both base header sets.
56 */
57#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
58#define NtQueryObject Incomplete_NtQueryObject
59#define ZwQueryObject Incomplete_ZwQueryObject
60#define NtSetInformationObject Incomplete_NtSetInformationObject
61#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
62#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
63#define ObjectBasicInformation Incomplete_ObjectBasicInformation
64#define ObjectTypeInformation Incomplete_ObjectTypeInformation
65#define _PEB Incomplete__PEB
66#define PEB Incomplete_PEB
67#define PPEB Incomplete_PPEB
68#define _TEB Incomplete__TEB
69#define TEB Incomplete_TEB
70#define PTEB Incomplete_PTEB
71#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
72#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
73#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
74#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
75#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
76#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
77
78
79
80#ifdef IPRT_NT_USE_WINTERNL
81/*
82 * Use Winternl.h.
83 */
84# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
85# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
86# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
87
88# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
89# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
90# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
91# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
92# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
93# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
94# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
96# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
97# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
98# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
99# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
100
101# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
102# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
103# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
104
105# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
106# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
107# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
108# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
109# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
110
111# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
112# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
113# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
114# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
115# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
116# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
117# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
118# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
119# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
120# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
121# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
122# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
123# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
124# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
125
126
127# pragma warning(push)
128# pragma warning(disable: 4668)
129# define WIN32_NO_STATUS
130# include <windef.h>
131# include <winnt.h>
132# include <winternl.h>
133# undef WIN32_NO_STATUS
134# include <ntstatus.h>
135# pragma warning(pop)
136
137
138# undef _FILE_INFORMATION_CLASS
139# undef FILE_INFORMATION_CLASS
140# undef FileDirectoryInformation
141
142# undef NtQueryInformationProcess
143# undef NtSetInformationProcess
144# undef PROCESSINFOCLASS
145# undef _PROCESSINFOCLASS
146# undef PROCESS_BASIC_INFORMATION
147# undef PPROCESS_BASIC_INFORMATION
148# undef _PROCESS_BASIC_INFORMATION
149# undef ProcessBasicInformation
150# undef ProcessDebugPort
151# undef ProcessWow64Information
152# undef ProcessImageFileName
153# undef ProcessBreakOnTermination
154
155# undef RTL_USER_PROCESS_PARAMETERS
156# undef PRTL_USER_PROCESS_PARAMETERS
157# undef _RTL_USER_PROCESS_PARAMETERS
158
159# undef NtQueryInformationThread
160# undef NtSetInformationThread
161# undef THREADINFOCLASS
162# undef _THREADINFOCLASS
163# undef ThreadIsIoPending
164
165# undef NtQuerySystemInformation
166# undef NtSetSystemInformation
167# undef SYSTEM_INFORMATION_CLASS
168# undef _SYSTEM_INFORMATION_CLASS
169# undef SystemBasicInformation
170# undef SystemPerformanceInformation
171# undef SystemTimeOfDayInformation
172# undef SystemProcessInformation
173# undef SystemProcessorPerformanceInformation
174# undef SystemInterruptInformation
175# undef SystemExceptionInformation
176# undef SystemRegistryQuotaInformation
177# undef SystemLookasideInformation
178# undef SystemPolicyInformation
179
180#else
181/*
182 * Use ntifs.h and wdm.h.
183 */
184# pragma warning(push)
185# ifdef RT_ARCH_X86
186# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
187# pragma warning(disable: 4163)
188# endif
189# pragma warning(disable: 4668)
190# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
191
192# include <ntifs.h>
193# include <wdm.h>
194
195# ifdef RT_ARCH_X86
196# undef _InterlockedAddLargeStatistic
197# endif
198# pragma warning(pop)
199
200# define IPRT_NT_NEED_API_GROUP_NTIFS
201#endif
202
203#undef RtlFreeUnicodeString
204#undef NtQueryObject
205#undef ZwQueryObject
206#undef NtSetInformationObject
207#undef _OBJECT_INFORMATION_CLASS
208#undef OBJECT_INFORMATION_CLASS
209#undef ObjectBasicInformation
210#undef ObjectTypeInformation
211#undef _PEB
212#undef PEB
213#undef PPEB
214#undef _TEB
215#undef TEB
216#undef PTEB
217#undef _PEB_LDR_DATA
218#undef PEB_LDR_DATA
219#undef PPEB_LDR_DATA
220#undef _KUSER_SHARED_DATA
221#undef KUSER_SHARED_DATA
222#undef PKUSER_SHARED_DATA
223
224
225#include <iprt/types.h>
226#include <iprt/assert.h>
227
228
229/** @name Useful macros
230 * @{ */
231/** Indicates that we're targeting native NT in the current source. */
232#define RTNT_USE_NATIVE_NT 1
233/** Initializes a IO_STATUS_BLOCK. */
234#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
235/** Reinitializes a IO_STATUS_BLOCK. */
236#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
237 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
238/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
239#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
240/** Constant UNICODE_STRING initializer. */
241#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
242/** @} */
243
244
245/** @name IPRT helper functions for NT
246 * @{ */
247RT_C_DECLS_BEGIN
248
249RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
250 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
251 PHANDLE phHandle, PULONG_PTR puDisposition);
252RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
253 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
254RTDECL(int) RTNtPathClose(HANDLE hHandle);
255
256/**
257 * Converts a windows-style path to NT format and encoding.
258 *
259 * @returns IPRT status code.
260 * @param pNtName Where to return the NT name. Free using
261 * RTNtPathFree.
262 * @param phRootDir Where to return the root handle, if applicable.
263 * @param pszPath The UTF-8 path.
264 */
265RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
266
267/**
268 * Converts a UTF-16 windows-style path to NT format.
269 *
270 * @returns IPRT status code.
271 * @param pNtName Where to return the NT name. Free using
272 * RTNtPathFree.
273 * @param phRootDir Where to return the root handle, if applicable.
274 * @param pwszPath The UTF-16 windows-style path.
275 * @param cwcPath The max length of the windows-style path in
276 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
277 * pwszPath is correctly terminated.
278 */
279RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
280
281/**
282 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
283 * chars plus a terminator.
284 *
285 * The NT string must have been returned by RTNtPathFromWinUtf8 or
286 * RTNtPathFromWinUtf16Ex.
287 *
288 * @returns IPRT status code.
289 * @param pNtName The NT path string.
290 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
291 * @sa RTNtPathFree
292 */
293RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
294
295/**
296 * Frees the native path and root handle.
297 *
298 * @param pNtName The NT path from a successful call to
299 * RTNtPathFromWinUtf8 or RTNtPathFromWinUtf16Ex.
300 * @param phRootDir The root handle variable from the same call.
301 */
302RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
303
304
305/**
306 * Checks whether the path could be containing alternative 8.3 names generated
307 * by NTFS, FAT, or other similar file systems.
308 *
309 * @returns Pointer to the first component that might be an 8.3 name, NULL if
310 * not 8.3 path.
311 * @param pwszPath The path to check.
312 *
313 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
314 * however, non-tilde 8.3 aliases are probably rare enough to not be
315 * worth all the extra code necessary to open each path component and
316 * check if we've got the short name or not.
317 */
318RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
319
320/**
321 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
322 * components.
323 *
324 * The path is fixed up in place. Errors are ignored.
325 *
326 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
327 * indicating the nature of last problem we ran into.
328 *
329 * @param pUniStr The path to fix up. MaximumLength is the max buffer
330 * length.
331 * @param fPathOnly Whether to only process the path and leave the filename
332 * as passed in.
333 */
334RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
335
336
337RT_C_DECLS_END
338/** @} */
339
340
341/** @name NT API delcarations.
342 * @{ */
343RT_C_DECLS_BEGIN
344
345/** @name Process access rights missing in ntddk headers
346 * @{ */
347#ifndef PROCESS_TERMINATE
348# define PROCESS_TERMINATE UINT32_C(0x00000001)
349#endif
350#ifndef PROCESS_CREATE_THREAD
351# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
352#endif
353#ifndef PROCESS_SET_SESSIONID
354# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
355#endif
356#ifndef PROCESS_VM_OPERATION
357# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
358#endif
359#ifndef PROCESS_VM_READ
360# define PROCESS_VM_READ UINT32_C(0x00000010)
361#endif
362#ifndef PROCESS_VM_WRITE
363# define PROCESS_VM_WRITE UINT32_C(0x00000020)
364#endif
365#ifndef PROCESS_DUP_HANDLE
366# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
367#endif
368#ifndef PROCESS_CREATE_PROCESS
369# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
370#endif
371#ifndef PROCESS_SET_QUOTA
372# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
373#endif
374#ifndef PROCESS_SET_INFORMATION
375# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
376#endif
377#ifndef PROCESS_QUERY_INFORMATION
378# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
379#endif
380#ifndef PROCESS_SUSPEND_RESUME
381# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
382#endif
383#ifndef PROCESS_QUERY_LIMITED_INFORMATION
384# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
385#endif
386#ifndef PROCESS_SET_LIMITED_INFORMATION
387# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
388#endif
389#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
390#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
391#ifndef PROCESS_ALL_ACCESS
392# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
393#endif
394/** @} */
395
396/** @name Thread access rights missing in ntddk headers
397 * @{ */
398#ifndef THREAD_QUERY_INFORMATION
399# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
400#endif
401#ifndef THREAD_SET_THREAD_TOKEN
402# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
403#endif
404#ifndef THREAD_IMPERSONATE
405# define THREAD_IMPERSONATE UINT32_C(0x00000100)
406#endif
407#ifndef THREAD_DIRECT_IMPERSONATION
408# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
409#endif
410#ifndef THREAD_RESUME
411# define THREAD_RESUME UINT32_C(0x00001000)
412#endif
413#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
414#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
415#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
416/** @} */
417
418/** @name Special handle values.
419 * @{ */
420#ifndef NtCurrentProcess
421# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
422#endif
423#ifndef NtCurrentThread
424# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
425#endif
426#ifndef ZwCurrentProcess
427# define ZwCurrentProcess() NtCurrentProcess()
428#endif
429#ifndef ZwCurrentThread
430# define ZwCurrentThread() NtCurrentThread()
431#endif
432/** @} */
433
434
435/** @name Directory object access rights.
436 * @{ */
437#ifndef DIRECTORY_QUERY
438# define DIRECTORY_QUERY UINT32_C(0x00000001)
439#endif
440#ifndef DIRECTORY_TRAVERSE
441# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
442#endif
443#ifndef DIRECTORY_CREATE_OBJECT
444# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
445#endif
446#ifndef DIRECTORY_CREATE_SUBDIRECTORY
447# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
448#endif
449#ifndef DIRECTORY_ALL_ACCESS
450# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
451#endif
452/** @} */
453
454
455
456#ifdef IPRT_NT_USE_WINTERNL
457typedef struct _CLIENT_ID
458{
459 HANDLE UniqueProcess;
460 HANDLE UniqueThread;
461} CLIENT_ID;
462typedef CLIENT_ID *PCLIENT_ID;
463#endif
464
465/** Extended affinity type, introduced in Windows 7 (?). */
466typedef struct _KAFFINITY_EX
467{
468 /** Count of valid bitmap entries. */
469 uint16_t Count;
470 /** Count of allocated bitmap entries. */
471 uint16_t Size;
472 /** Reserved / aligmment padding. */
473 uint32_t Reserved;
474 /** Bitmap where one bit corresponds to a CPU. */
475 uintptr_t Bitmap[20];
476} KAFFINITY_EX;
477typedef KAFFINITY_EX *PKAFFINITY_EX;
478typedef KAFFINITY_EX const *PCKAFFINITY_EX;
479
480/** @name User Shared Data
481 * @{ */
482
483#ifdef IPRT_NT_USE_WINTERNL
484typedef struct _KSYSTEM_TIME
485{
486 ULONG LowPart;
487 LONG High1Time;
488 LONG High2Time;
489} KSYSTEM_TIME;
490typedef KSYSTEM_TIME *PKSYSTEM_TIME;
491
492typedef enum _NT_PRODUCT_TYPE
493{
494 NtProductWinNt = 1,
495 NtProductLanManNt,
496 NtProductServer
497} NT_PRODUCT_TYPE;
498
499#define PROCESSOR_FEATURE_MAX 64
500
501typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
502{
503 StandardDesign = 0,
504 NEC98x86,
505 EndAlternatives
506} ALTERNATIVE_ARCHITECTURE_TYPE;
507
508# if 0
509typedef struct _XSTATE_FEATURE
510{
511 ULONG Offset;
512 ULONG Size;
513} XSTATE_FEATURE;
514typedef XSTATE_FEATURE *PXSTATE_FEATURE;
515
516#define MAXIMUM_XSTATE_FEATURES 64
517
518typedef struct _XSTATE_CONFIGURATION
519{
520 ULONG64 EnabledFeatures;
521 ULONG Size;
522 ULONG OptimizedSave : 1;
523 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
524} XSTATE_CONFIGURATION;
525typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
526# endif
527#endif /* IPRT_NT_USE_WINTERNL */
528
529typedef struct _KUSER_SHARED_DATA
530{
531 ULONG TickCountLowDeprecated; /**< 0x000 */
532 ULONG TickCountMultiplier; /**< 0x004 */
533 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
534 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
535 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
536 USHORT ImageNumberLow; /**< 0x02c */
537 USHORT ImageNumberHigh; /**< 0x02e */
538 WCHAR NtSystemRoot[260]; /**< 0x030 */
539 ULONG MaxStackTraceDepth; /**< 0x238 */
540 ULONG CryptoExponent; /**< 0x23c */
541 ULONG TimeZoneId; /**< 0x240 */
542 ULONG LargePageMinimum; /**< 0x244 */
543 ULONG AitSamplingValue; /**< 0x248 */
544 ULONG AppCompatFlag; /**< 0x24c */
545 ULONGLONG RNGSeedVersion; /**< 0x250 */
546 ULONG GlobalValidationRunlevel; /**< 0x258 */
547 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
548 ULONG Reserved2; /**< 0x260 */
549 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
550 BOOLEAN ProductTypeIsValid; /**< 0x268 */
551 BOOLEAN Reserved0[1]; /**< 0x269 */
552 USHORT NativeProcessorArchitecture; /**< 0x26a */
553 ULONG NtMajorVersion; /**< 0x26c */
554 ULONG NtMinorVersion; /**< 0x270 */
555 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
556 ULONG Reserved1; /**< 0x2b4 */
557 ULONG Reserved3; /**< 0x2b8 */
558 ULONG volatile TimeSlip; /**< 0x2bc */
559 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
560 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
561 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
562 ULONG SuiteMask; /**< 0x2d0 */
563 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
564 union /**< 0x2d5 */
565 {
566 UCHAR MitigationPolicies; /**< 0x2d5 */
567 struct
568 {
569 UCHAR NXSupportPolicy : 2;
570 UCHAR SEHValidationPolicy : 2;
571 UCHAR CurDirDevicesSkippedForDlls : 2;
572 UCHAR Reserved : 2;
573 };
574 };
575 UCHAR Reserved6[2]; /**< 0x2d6 */
576 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
577 ULONG volatile DismountCount; /**< 0x2dc */
578 ULONG ComPlusPackage; /**< 0x2e0 */
579 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
580 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
581 BOOLEAN SafeBootMode; /**< 0x2ec */
582 UCHAR Reserved12[3]; /**< 0x2ed */
583 union /**< 0x2f0 */
584 {
585 ULONG SharedDataFlags; /**< 0x2f0 */
586 struct
587 {
588 ULONG DbgErrorPortPresent : 1;
589 ULONG DbgElevationEnabled : 1;
590 ULONG DbgVirtEnabled : 1;
591 ULONG DbgInstallerDetectEnabled : 1;
592 ULONG DbgLkgEnabled : 1;
593 ULONG DbgDynProcessorEnabled : 1;
594 ULONG DbgConsoleBrokerEnabled : 1;
595 ULONG DbgSecureBootEnabled : 1;
596 ULONG SpareBits : 24;
597 };
598 };
599 ULONG DataFlagsPad[1]; /**< 0x2f4 */
600 ULONGLONG TestRetInstruction; /**< 0x2f8 */
601 LONGLONG QpcFrequency; /**< 0x300 */
602 ULONGLONG SystemCallPad[3]; /**< 0x308 */
603 union /**< 0x320 */
604 {
605 ULONG64 volatile TickCountQuad; /**< 0x320 */
606 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
607 struct /**< 0x320 */
608 {
609 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
610 ULONG TickCountPad[1]; /**< 0x32c */
611 };
612 };
613 ULONG Cookie; /**< 0x330 */
614 ULONG CookiePad[1]; /**< 0x334 */
615 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
616 ULONGLONG TimeUpdateLock; /**< 0x340 */
617 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
618 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
619 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
620 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
621 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
622 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
623 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
624 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
625 UCHAR Reserved8[14]; /**< 0x372 */
626 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
627 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
628 ULONG LangGenerationCount; /**< 0x3a4 */
629 ULONGLONG Reserved4; /**< 0x3a8 */
630 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 */
631 ULONGLONG volatile QpcBias; /**< 0x3b8 */
632 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
633 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
634 UCHAR Reserved9; /**< 0x3c5 */
635 union /**< 0x3c6 */
636 {
637 USHORT QpcData; /**< 0x3c6 */
638 struct /**< 0x3c6 */
639 {
640 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
641 UCHAR QpcShift; /**< 0x3c7 */
642 };
643 };
644 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
645 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
646 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
647} KUSER_SHARED_DATA;
648typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
649AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
650AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
651AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
652AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
653AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
654AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
655AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
656AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
657AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
658/** @def MM_SHARED_USER_DATA_VA
659 * Read only userland mapping of KUSER_SHARED_DATA. */
660#ifndef MM_SHARED_USER_DATA_VA
661# if ARCH_BITS == 32
662# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
663# elif ARCH_BITS == 64
664# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
665# else
666# error "Unsupported/undefined ARCH_BITS value."
667# endif
668#endif
669/** @def KI_USER_SHARED_DATA
670 * Read write kernel mapping of KUSER_SHARED_DATA. */
671#ifndef KI_USER_SHARED_DATA
672# ifdef RT_ARCH_X86
673# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
674# elif defined(RT_ARCH_AMD64)
675# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
676# else
677# error "PORT ME - KI_USER_SHARED_DATA"
678# endif
679#endif
680/** @} */
681
682
683/** @name Process And Thread Environment Blocks
684 * @{ */
685
686typedef struct _PEB_LDR_DATA
687{
688 uint32_t Length;
689 BOOLEAN Initialized;
690 BOOLEAN Padding[3];
691 HANDLE SsHandle;
692 LIST_ENTRY InLoadOrderModuleList;
693 LIST_ENTRY InMemoryOrderModuleList;
694 LIST_ENTRY InInitializationOrderModuleList;
695 /* End NT4 */
696 LIST_ENTRY *EntryInProgress;
697 BOOLEAN ShutdownInProgress;
698 HANDLE ShutdownThreadId;
699} PEB_LDR_DATA;
700typedef PEB_LDR_DATA *PPEB_LDR_DATA;
701
702typedef struct _PEB_COMMON
703{
704 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
705 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
706 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
707 union
708 {
709 uint8_t BitField; /**< 0x003 / 0x003 */
710 struct
711 {
712 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
713 } Common;
714 struct
715 {
716 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
717 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
718 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
719 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
720 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
721 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
722 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
723 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
724 } W81;
725 struct
726 {
727 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
728 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
729 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
730 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
731 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
732 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
733 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
734 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
735 } W80;
736 struct
737 {
738 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
739 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
740 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
741 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
742 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
743 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
744 } W7;
745 struct
746 {
747 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
748 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
749 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
750 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
751 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
752 } W6;
753 struct
754 {
755 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
756 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
757 } W52;
758 struct
759 {
760 BOOLEAN SpareBool;
761 } W51;
762 } Diff0;
763#if ARCH_BITS == 64
764 uint32_t Padding0; /**< 0x004 / NA */
765#endif
766 HANDLE Mutant; /**< 0x008 / 0x004 */
767 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
768 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
769 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
770 PVOID SubSystemData; /**< 0x028 / 0x014 */
771 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
772 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
773 union
774 {
775 struct
776 {
777 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
778 PVOID IFEOKey; /**< 0x048 / 0x024 */
779 union
780 {
781 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
782 struct
783 {
784 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
785 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
786 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
787 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
788 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
789 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
790 } W7, W8, W80, W81;
791 struct
792 {
793 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
794 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
795 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
796 } W6;
797 };
798#if ARCH_BITS == 64
799 uint32_t Padding1; /**< 0x054 / */
800#endif
801 } W6, W7, W8, W80, W81;
802 struct
803 {
804 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
805 PVOID SparePtr2; /**< 0x048 / 0x024 */
806 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
807#if ARCH_BITS == 64
808 uint32_t Padding1; /**< 0x054 / */
809#endif
810 } W52;
811 struct
812 {
813 PVOID FastPebLockRoutine; /**< NA / 0x020 */
814 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
815 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
816 } W51;
817 } Diff1;
818 union
819 {
820 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
821 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
822 };
823 uint32_t SystemReserved; /**< 0x060 / 0x030 */
824 union
825 {
826 struct
827 {
828 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
829 } W7, W8, W80, W81;
830 struct
831 {
832 uint32_t SpareUlong; /**< 0x064 / 0x034 */
833 } W52, W6;
834 struct
835 {
836 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
837 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
838 } W51;
839 } Diff2;
840 union
841 {
842 struct
843 {
844 PVOID ApiSetMap; /**< 0x068 / 0x038 */
845 } W7, W8, W80, W81;
846 struct
847 {
848 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
849 } W52, W6;
850 struct
851 {
852 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
853 } W51;
854 } Diff3;
855 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
856#if ARCH_BITS == 64
857 uint32_t Padding2; /**< 0x074 / NA */
858#endif
859 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
860 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
861 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
862 union
863 {
864 struct
865 {
866 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
867 } W81;
868 struct
869 {
870 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
871 } W6, W7, W80;
872 struct
873 {
874 PVOID ReadOnlySharedMemoryHeap;
875 } W52;
876 } Diff4;
877 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
878 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
879 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
880 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
881 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
882 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
883 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
884 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
885 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
886 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
887 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
888 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
889 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
890 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
891 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
892 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
893 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
894#if ARCH_BITS == 64
895 uint32_t Padding3; /**< 0x10c / NA */
896#endif
897 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
898 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
899 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
900 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
901 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
902 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
903 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
904 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
905 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
906#if ARCH_BITS == 64
907 uint32_t Padding4; /**< 0x134 / NA */
908#endif
909 union
910 {
911 struct
912 {
913 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
914 } W7, W8, W80, W81;
915 struct
916 {
917 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
918 } W52, W6;
919 } Diff5;
920 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
921 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
922 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
923 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
924 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
925#if ARCH_BITS == 64
926 uint32_t Padding5; /**< 0x2c4 / NA */
927#endif
928 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
929 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
930 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
931 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
932 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
933 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
934 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
935 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
936 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
937 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
938 /* End of PEB in W52 (Windows XP (RTM))! */
939 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
940 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
941 PVOID FlsBitmap; /**< 0x338 / 0x218 */
942 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
943 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
944 /* End of PEB in W52 (Windows Server 2003)! */
945 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
946 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
947 /* End of PEB in W6 (windows Vista)! */
948 union
949 {
950 struct
951 {
952 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
953 } W8, W80, W81;
954 struct
955 {
956 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
957 } W7;
958 } Diff6;
959 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
960 union
961 {
962 uint32_t TracingFlags; /**< 0x378 / 0x240 */
963 struct
964 {
965 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
966 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
967 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
968 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
969 } W8, W80, W81;
970 struct
971 {
972 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
973 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
974 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
975 } W7;
976 } Diff7;
977#if ARCH_BITS == 64
978 uint32_t Padding6; /**< 0x37c / NA */
979#endif
980 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
981} PEB_COMMON;
982typedef PEB_COMMON *PPEB_COMMON;
983
984AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
985AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
986AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
987AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
988AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
989AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
990AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
991AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
992AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
993
994/** The size of the windows 8.1 PEB structure. */
995#define PEB_SIZE_W81 sizeof(PEB_COMMON)
996/** The size of the windows 8.0 PEB structure. */
997#define PEB_SIZE_W80 sizeof(PEB_COMMON)
998/** The size of the windows 7 PEB structure. */
999#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1000/** The size of the windows vista PEB structure. */
1001#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1002/** The size of the windows server 2003 PEB structure. */
1003#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1004/** The size of the windows XP PEB structure. */
1005#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1006
1007#if 0
1008typedef struct _NT_TIB
1009{
1010 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1011 PVOID StackBase;
1012 PVOID StackLimit;
1013 PVOID SubSystemTib;
1014 union
1015 {
1016 PVOID FiberData;
1017 ULONG Version;
1018 };
1019 PVOID ArbitraryUserPointer;
1020 struct _NT_TIB *Self;
1021} NT_TIB;
1022typedef NT_TIB *PNT_TIB;
1023#endif
1024
1025typedef struct _ACTIVATION_CONTEXT_STACK
1026{
1027 uint32_t Flags;
1028 uint32_t NextCookieSequenceNumber;
1029 PVOID ActiveFrame;
1030 LIST_ENTRY FrameListCache;
1031} ACTIVATION_CONTEXT_STACK;
1032
1033/* Common TEB. */
1034typedef struct _TEB_COMMON
1035{
1036 NT_TIB NtTib; /**< 0x000 / 0x000 */
1037 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1038 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1039 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1040 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1041 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1042 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1043 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1044 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1045 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1046 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1047 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1048 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1049 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1050 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1051 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1052 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1053#if ARCH_BITS == 64
1054 uint32_t Padding0; /**< 0x2c4 / NA */
1055#endif
1056 union
1057 {
1058 struct
1059 {
1060 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1061 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1062 } W52, W6, W7, W8, W80, W81;
1063#if ARCH_BITS == 32
1064 struct
1065 {
1066 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1067 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1068 } W51;
1069#endif
1070 } Diff0;
1071 union
1072 {
1073 struct
1074 {
1075 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1076 } W6, W7, W8, W80, W81;
1077 struct
1078 {
1079 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1080 } W52;
1081 } Diff1;
1082#if ARCH_BITS == 64
1083 uint32_t Padding1; /**< 0x2ec / NA */
1084#endif
1085 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1086 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1087 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1088 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1089 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1090 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1091 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1092 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1093 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1094 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1095 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1096 PVOID glSection; /**< 0x1230 / 0xbe4 */
1097 PVOID glTable; /**< 0x1238 / 0xbe8 */
1098 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1099 PVOID glContext; /**< 0x1248 / 0xbf0 */
1100 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1101#if ARCH_BITS == 64
1102 uint32_t Padding2; /**< 0x1254 / NA */
1103#endif
1104 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1105 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1106#if ARCH_BITS == 64
1107 WCHAR Padding3[3]; /**< 0x1472 / NA */
1108#endif
1109 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1110 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1111 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1112 PVOID Vdm; /**< 0x1690 / 0xf18 */
1113 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1114 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1115 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1116#if ARCH_BITS == 64
1117 uint32_t Padding4; /**< 0x16b4 / NA */
1118#endif
1119 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1120 union
1121 {
1122 struct
1123 {
1124 GUID ActivityId; /**< 0x1710 / 0xf50 */
1125 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1126 } W6, W7, W8, W80, W81;
1127 struct
1128 {
1129 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1130 } W52;
1131 } Diff2;
1132 union /**< 0x1728 / 0xf64 */
1133 {
1134 struct
1135 {
1136 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1137 } W8, W80, W81;
1138 struct
1139 {
1140 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1141 } W7, W6;
1142 struct
1143 {
1144 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1145 } W52;
1146 struct
1147 {
1148 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1149 } W51;
1150 } Diff3;
1151 union
1152 {
1153 struct
1154 {
1155 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1156 } W52, W6, W7, W8, W80, W81;
1157 struct
1158 {
1159 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1160 } W51;
1161 } Diff4;
1162 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1163 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1164 union
1165 {
1166 union
1167 {
1168 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1169 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1170 struct
1171 {
1172 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1173 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1174 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1175 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1176 };
1177 } W6, W7, W8, W80, W81;
1178 struct
1179 {
1180 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1181 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1182 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1183 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1184 } W51, W52;
1185 } Diff5;
1186 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1187#if ARCH_BITS == 64
1188 uint32_t Padding5; /**< 0x174c / NA */
1189#endif
1190 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1191 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1192 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1193#if ARCH_BITS == 64
1194 uint32_t Padding6; /**< 0x1764 / NA */
1195#endif
1196 union /**< 0x1770 / 0xf8c */
1197 {
1198 struct
1199 {
1200 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1201 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1202 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1203 } W8, W80, W81;
1204 struct
1205 {
1206 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1207 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1208 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1209 } W6, W7;
1210 struct
1211 {
1212 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1213 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1214 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1215 } W52;
1216#if ARCH_BITS == 32
1217 struct _Wx86ThreadState
1218 {
1219 PVOID CallBx86Eip; /**< NA / 0xf88 */
1220 PVOID DeallocationCpu; /**< NA / 0xf8c */
1221 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1222 int8_t OleStubInvoked; /**< NA / 0xf91 */
1223 } W51;
1224#endif
1225 } Diff6;
1226 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1227#if ARCH_BITS == 64
1228 PVOID DallocationBStore; /**< 0x1788 / NA */
1229 PVOID BStoreLimit; /**< 0x1790 / NA */
1230#endif
1231 union
1232 {
1233 struct
1234 {
1235 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1236 } W7, W8, W80, W81;
1237 struct
1238 {
1239 uint32_t ImpersonationLocale;
1240 } W6;
1241 } Diff7;
1242 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1243 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1244 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1245 union /**< 0x17b0 / 0xfa8 */
1246 {
1247 struct
1248 {
1249 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1250 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1251 } W8, W80, W81;
1252 struct
1253 {
1254 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1255 } W7;
1256 } Diff8;
1257#if ARCH_BITS == 64
1258 uint32_t Padding7; /**< 0x17b4 / NA */
1259#endif
1260 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1261 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1262 /* End of TEB in W51 (Windows XP)! */
1263 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1264 union
1265 {
1266 struct
1267 {
1268 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1269 } W6, W7, W8, W80, W81;
1270 struct
1271 {
1272 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1273 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1274 /* End of TEB in W52 (Windows server 2003)! */
1275 } W52;
1276 } Diff9;
1277 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1278 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1279 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1280 union
1281 {
1282 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1283 struct
1284 {
1285 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1286 };
1287 };
1288 union
1289 {
1290 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1291 struct
1292 {
1293 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1294 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1295 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1296 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1297 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1298 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1299 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1300 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1301 } Common;
1302 struct
1303 {
1304 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1305 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1306 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1307 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1308 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1309 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1310 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1311 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1312 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1313 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1314 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1315 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1316 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1317 } W8, W80, W81;
1318 struct
1319 {
1320 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1321 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1322 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1323 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1324 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1325 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1326 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1327 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1328 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1329 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1330 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1331 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1332 } W7;
1333 struct
1334 {
1335 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1336 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1337 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1338 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1339 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1340 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1341 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1342 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1343 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1344 } W6;
1345 } Diff10;
1346 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1347 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1348 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1349 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1350 union
1351 {
1352 struct
1353 {
1354 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1355 } W7, W8, W80, W81;
1356 struct
1357 {
1358 uint32_t ProcessRundown;
1359 } W6;
1360 } Diff11;
1361 union
1362 {
1363 struct
1364 {
1365 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1366 /* End of TEB in W7 (windows 7)! */
1367 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1368 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1369 } W8, W80, W81;
1370 struct
1371 {
1372 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1373 } W7;
1374 struct
1375 {
1376 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1377 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1378 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1379 /* End of TEB in W6 (windows Vista)! */
1380 } W6;
1381 } Diff12;
1382} TEB_COMMON;
1383typedef TEB_COMMON *PTEB_COMMON;
1384AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1385AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1386AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1387AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1388AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1389AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1390AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1391AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1392AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1393AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1394AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1395AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1396AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1397
1398
1399/** The size of the windows 8.1 PEB structure. */
1400#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1401/** The size of the windows 8.0 PEB structure. */
1402#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1403/** The size of the windows 7 PEB structure. */
1404#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1405/** The size of the windows vista PEB structure. */
1406#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1407/** The size of the windows server 2003 PEB structure. */
1408#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1409/** The size of the windows XP PEB structure. */
1410#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1411
1412
1413
1414#define _PEB _PEB_COMMON
1415typedef PEB_COMMON PEB;
1416typedef PPEB_COMMON PPEB;
1417
1418#define _TEB _TEB_COMMON
1419typedef TEB_COMMON TEB;
1420typedef PTEB_COMMON PTEB;
1421
1422#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1423# ifdef RT_ARCH_X86
1424DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1425DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1426DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1427# elif defined(RT_ARCH_AMD64)
1428DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1429DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1430DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1431# else
1432# error "Port me"
1433# endif
1434#else
1435# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1436# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1437# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1438#endif
1439#define NtCurrentPeb() RTNtCurrentPeb()
1440
1441
1442/** @} */
1443
1444
1445#ifdef IPRT_NT_USE_WINTERNL
1446NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1447NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1448typedef enum _SECTION_INHERIT
1449{
1450 ViewShare = 1,
1451 ViewUnmap
1452} SECTION_INHERIT;
1453NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1454 ULONG, ULONG);
1455
1456
1457typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1458{
1459 ULONG FileSystemAttributes;
1460 LONG MaximumComponentNameLength;
1461 ULONG FileSystemNameLength;
1462 WCHAR FileSystemName[1];
1463} FILE_FS_ATTRIBUTE_INFORMATION;
1464typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1465
1466NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1467NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1468NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1469NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1470
1471typedef enum _FSINFOCLASS
1472{
1473 FileFsVolumeInformation = 1,
1474 FileFsLabelInformation,
1475 FileFsSizeInformation,
1476 FileFsDeviceInformation,
1477 FileFsAttributeInformation,
1478 FileFsControlInformation,
1479 FileFsFullSizeInformation,
1480 FileFsObjectIdInformation,
1481 FileFsDriverPathInformation,
1482 FileFsVolumeFlagsInformation,
1483 FileFsSectorSizeInformation,
1484 FileFsDataCopyInformation,
1485 FileFsMaximumInformation
1486} FS_INFORMATION_CLASS;
1487typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1488NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1489
1490typedef struct _FILE_BOTH_DIR_INFORMATION
1491{
1492 ULONG NextEntryOffset;
1493 ULONG FileIndex;
1494 LARGE_INTEGER CreationTime;
1495 LARGE_INTEGER LastAccessTime;
1496 LARGE_INTEGER LastWriteTime;
1497 LARGE_INTEGER ChangeTime;
1498 LARGE_INTEGER EndOfFile;
1499 LARGE_INTEGER AllocationSize;
1500 ULONG FileAttributes;
1501 ULONG FileNameLength;
1502 ULONG EaSize;
1503 CCHAR ShortNameLength;
1504 WCHAR ShortName[12];
1505 WCHAR FileName[1];
1506} FILE_BOTH_DIR_INFORMATION;
1507typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1508typedef struct _FILE_BASIC_INFORMATION
1509{
1510 LARGE_INTEGER CreationTime;
1511 LARGE_INTEGER LastAccessTime;
1512 LARGE_INTEGER LastWriteTime;
1513 LARGE_INTEGER ChangeTime;
1514 ULONG FileAttributes;
1515} FILE_BASIC_INFORMATION;
1516typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1517typedef struct _FILE_STANDARD_INFORMATION
1518{
1519 LARGE_INTEGER AllocationSize;
1520 LARGE_INTEGER EndOfFile;
1521 ULONG NumberOfLinks;
1522 BOOLEAN DeletePending;
1523 BOOLEAN Directory;
1524} FILE_STANDARD_INFORMATION;
1525typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1526typedef struct _FILE_NAME_INFORMATION
1527{
1528 ULONG FileNameLength;
1529 WCHAR FileName[1];
1530} FILE_NAME_INFORMATION;
1531typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1532typedef enum _FILE_INFORMATION_CLASS
1533{
1534 FileDirectoryInformation = 1,
1535 FileFullDirectoryInformation,
1536 FileBothDirectoryInformation,
1537 FileBasicInformation,
1538 FileStandardInformation,
1539 FileInternalInformation,
1540 FileEaInformation,
1541 FileAccessInformation,
1542 FileNameInformation,
1543 FileRenameInformation,
1544 FileLinkInformation,
1545 FileNamesInformation,
1546 FileDispositionInformation,
1547 FilePositionInformation,
1548 FileFullEaInformation,
1549 FileModeInformation,
1550 FileAlignmentInformation,
1551 FileAllInformation,
1552 FileAllocationInformation,
1553 FileEndOfFileInformation,
1554 FileAlternateNameInformation,
1555 FileStreamInformation,
1556 FilePipeInformation,
1557 FilePipeLocalInformation,
1558 FilePipeRemoteInformation,
1559 FileMailslotQueryInformation,
1560 FileMailslotSetInformation,
1561 FileCompressionInformation,
1562 FileObjectIdInformation,
1563 FileCompletionInformation,
1564 FileMoveClusterInformation,
1565 FileQuotaInformation,
1566 FileReparsePointInformation,
1567 FileNetworkOpenInformation,
1568 FileAttributeTagInformation,
1569 FileTrackingInformation,
1570 FileIdBothDirectoryInformation,
1571 FileIdFullDirectoryInformation,
1572 FileValidDataLengthInformation,
1573 FileShortNameInformation,
1574 FileIoCompletionNotificationInformation,
1575 FileIoStatusBlockRangeInformation,
1576 FileIoPriorityHintInformation,
1577 FileSfioReserveInformation,
1578 FileSfioVolumeInformation,
1579 FileHardLinkInformation,
1580 FileProcessIdsUsingFileInformation,
1581 FileNormalizedNameInformation,
1582 FileNetworkPhysicalNameInformation,
1583 FileIdGlobalTxDirectoryInformation,
1584 FileIsRemoteDeviceInformation,
1585 FileUnusedInformation,
1586 FileNumaNodeInformation,
1587 FileStandardLinkInformation,
1588 FileRemoteProtocolInformation,
1589 FileRenameInformationBypassAccessCheck,
1590 FileLinkInformationBypassAccessCheck,
1591 FileVolumeNameInformation,
1592 FileIdInformation,
1593 FileIdExtdDirectoryInformation,
1594 FileReplaceCompletionInformation,
1595 FileHardLinkFullIdInformation,
1596 FileMaximumInformation
1597} FILE_INFORMATION_CLASS;
1598typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1599NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1600NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1601 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1602
1603/** For use with KeyBasicInformation. */
1604typedef struct _KEY_BASIC_INFORMATION
1605{
1606 LARGE_INTEGER LastWriteTime;
1607 ULONG TitleIndex;
1608 ULONG NameLength;
1609 WCHAR Name[1];
1610} KEY_BASIC_INFORMATION;
1611typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1612
1613/** For use with KeyNodeInformation. */
1614typedef struct _KEY_NODE_INFORMATION
1615{
1616 LARGE_INTEGER LastWriteTime;
1617 ULONG TitleIndex;
1618 ULONG ClassOffset; /**< Offset from the start of the structure. */
1619 ULONG ClassLength;
1620 ULONG NameLength;
1621 WCHAR Name[1];
1622} KEY_NODE_INFORMATION;
1623typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1624
1625/** For use with KeyFullInformation. */
1626typedef struct _KEY_FULL_INFORMATION
1627{
1628 LARGE_INTEGER LastWriteTime;
1629 ULONG TitleIndex;
1630 ULONG ClassOffset; /**< Offset of the Class member. */
1631 ULONG ClassLength;
1632 ULONG SubKeys;
1633 ULONG MaxNameLen;
1634 ULONG MaxClassLen;
1635 ULONG Values;
1636 ULONG MaxValueNameLen;
1637 ULONG MaxValueDataLen;
1638 WCHAR Class[1];
1639} KEY_FULL_INFORMATION;
1640typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1641
1642/** For use with KeyNameInformation. */
1643typedef struct _KEY_NAME_INFORMATION
1644{
1645 ULONG NameLength;
1646 WCHAR Name[1];
1647} KEY_NAME_INFORMATION;
1648typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1649
1650/** For use with KeyCachedInformation. */
1651typedef struct _KEY_CACHED_INFORMATION
1652{
1653 LARGE_INTEGER LastWriteTime;
1654 ULONG TitleIndex;
1655 ULONG SubKeys;
1656 ULONG MaxNameLen;
1657 ULONG Values;
1658 ULONG MaxValueNameLen;
1659 ULONG MaxValueDataLen;
1660 ULONG NameLength;
1661} KEY_CACHED_INFORMATION;
1662typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1663
1664/** For use with KeyVirtualizationInformation. */
1665typedef struct _KEY_VIRTUALIZATION_INFORMATION
1666{
1667 ULONG VirtualizationCandidate : 1;
1668 ULONG VirtualizationEnabled : 1;
1669 ULONG VirtualTarget : 1;
1670 ULONG VirtualStore : 1;
1671 ULONG VirtualSource : 1;
1672 ULONG Reserved : 27;
1673} KEY_VIRTUALIZATION_INFORMATION;
1674typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1675
1676typedef enum _KEY_INFORMATION_CLASS
1677{
1678 KeyBasicInformation = 0,
1679 KeyNodeInformation,
1680 KeyFullInformation,
1681 KeyNameInformation,
1682 KeyCachedInformation,
1683 KeyFlagsInformation,
1684 KeyVirtualizationInformation,
1685 KeyHandleTagsInformation,
1686 MaxKeyInfoClass
1687} KEY_INFORMATION_CLASS;
1688NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1689NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1690
1691typedef struct _MEMORY_SECTION_NAME
1692{
1693 UNICODE_STRING SectionFileName;
1694 WCHAR NameBuffer[1];
1695} MEMORY_SECTION_NAME;
1696
1697#ifdef IPRT_NT_USE_WINTERNL
1698typedef struct _PROCESS_BASIC_INFORMATION
1699{
1700 NTSTATUS ExitStatus;
1701 PPEB PebBaseAddress;
1702 ULONG_PTR AffinityMask;
1703 int32_t BasePriority;
1704 ULONG_PTR UniqueProcessId;
1705 ULONG_PTR InheritedFromUniqueProcessId;
1706} PROCESS_BASIC_INFORMATION;
1707typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1708#endif
1709
1710typedef enum _PROCESSINFOCLASS
1711{
1712 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1713 ProcessQuotaLimits, /**< 1 / 0x01 */
1714 ProcessIoCounters, /**< 2 / 0x02 */
1715 ProcessVmCounters, /**< 3 / 0x03 */
1716 ProcessTimes, /**< 4 / 0x04 */
1717 ProcessBasePriority, /**< 5 / 0x05 */
1718 ProcessRaisePriority, /**< 6 / 0x06 */
1719 ProcessDebugPort, /**< 7 / 0x07 */
1720 ProcessExceptionPort, /**< 8 / 0x08 */
1721 ProcessAccessToken, /**< 9 / 0x09 */
1722 ProcessLdtInformation, /**< 10 / 0x0a */
1723 ProcessLdtSize, /**< 11 / 0x0b */
1724 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1725 ProcessIoPortHandlers, /**< 13 / 0x0d */
1726 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1727 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1728 ProcessUserModeIOPL, /**< 16 / 0x10 */
1729 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1730 ProcessPriorityClass, /**< 18 / 0x12 */
1731 ProcessWx86Information, /**< 19 / 0x13 */
1732 ProcessHandleCount, /**< 20 / 0x14 */
1733 ProcessAffinityMask, /**< 21 / 0x15 */
1734 ProcessPriorityBoost, /**< 22 / 0x16 */
1735 ProcessDeviceMap, /**< 23 / 0x17 */
1736 ProcessSessionInformation, /**< 24 / 0x18 */
1737 ProcessForegroundInformation, /**< 25 / 0x19 */
1738 ProcessWow64Information, /**< 26 / 0x1a */
1739 ProcessImageFileName, /**< 27 / 0x1b */
1740 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1741 ProcessBreakOnTermination, /**< 29 / 0x1d */
1742 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1743 ProcessDebugFlags, /**< 31 / 0x1f */
1744 ProcessHandleTracing, /**< 32 / 0x20 */
1745 ProcessIoPriority, /**< 33 / 0x21 */
1746 ProcessExecuteFlags, /**< 34 / 0x22 */
1747 ProcessTlsInformation, /**< 35 / 0x23 */
1748 ProcessCookie, /**< 36 / 0x24 */
1749 ProcessImageInformation, /**< 37 / 0x25 */
1750 ProcessCycleTime, /**< 38 / 0x26 */
1751 ProcessPagePriority, /**< 39 / 0x27 */
1752 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1753 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1754 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1755 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1756 ProcessImageFileMapping, /**< 44 / 0x2c */
1757 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1758 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1759 ProcessGroupInformation, /**< 47 / 0x2f */
1760 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1761 ProcessConsoleHostProcess, /**< 49 / 0x31 */
1762 ProcessWindowsInformation, /**< 50 / 0x32 */
1763 ProcessUnknown51,
1764 ProcessUnknown52,
1765 ProcessUnknown53,
1766 ProcessUnknown54,
1767 ProcessUnknown55,
1768 ProcessUnknown56,
1769 ProcessUnknown57,
1770 ProcessUnknown58,
1771 ProcessUnknown59,
1772 ProcessUnknown60,
1773 ProcessUnknown61,
1774 ProcessUnknown62,
1775 ProcessUnknown63,
1776 ProcessUnknown64,
1777 ProcessUnknown65,
1778 ProcessUnknown66,
1779 ProcessMaybe_KeSetCpuSetsProcess, /**< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. */
1780 MaxProcessInfoClass /**< 68 / 0x44 */
1781} PROCESSINFOCLASS;
1782NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1783
1784typedef enum _THREADINFOCLASS
1785{
1786 ThreadBasicInformation = 0,
1787 ThreadTimes,
1788 ThreadPriority,
1789 ThreadBasePriority,
1790 ThreadAffinityMask,
1791 ThreadImpersonationToken,
1792 ThreadDescriptorTableEntry,
1793 ThreadEnableAlignmentFaultFixup,
1794 ThreadEventPair_Reusable,
1795 ThreadQuerySetWin32StartAddress,
1796 ThreadZeroTlsCell,
1797 ThreadPerformanceCount,
1798 ThreadAmILastThread,
1799 ThreadIdealProcessor,
1800 ThreadPriorityBoost,
1801 ThreadSetTlsArrayAddress,
1802 ThreadIsIoPending,
1803 ThreadHideFromDebugger,
1804 ThreadBreakOnTermination,
1805 ThreadSwitchLegacyState,
1806 ThreadIsTerminated,
1807 ThreadLastSystemCall,
1808 ThreadIoPriority,
1809 ThreadCycleTime,
1810 ThreadPagePriority,
1811 ThreadActualBasePriority,
1812 ThreadTebInformation,
1813 ThreadCSwitchMon,
1814 ThreadCSwitchPmu,
1815 ThreadWow64Context,
1816 ThreadGroupInformation,
1817 ThreadUmsInformation,
1818 ThreadCounterProfiling,
1819 ThreadIdealProcessorEx,
1820 ThreadCpuAccountingInformation,
1821 MaxThreadInfoClass
1822} THREADINFOCLASS;
1823NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1824
1825NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1826
1827NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1828NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1829NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1830
1831NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1832NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1833
1834NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1835NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1836NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1837NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1838NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1839NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1840NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1841NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1842NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1843
1844#endif /* IPRT_NT_USE_WINTERNL */
1845
1846typedef enum _OBJECT_INFORMATION_CLASS
1847{
1848 ObjectBasicInformation = 0,
1849 ObjectNameInformation,
1850 ObjectTypeInformation,
1851 ObjectAllInformation,
1852 ObjectDataInformation
1853} OBJECT_INFORMATION_CLASS;
1854typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1855#ifdef IN_RING0
1856# define NtQueryObject ZwQueryObject
1857#endif
1858NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1859NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1860NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1861
1862NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1863
1864typedef struct _OBJECT_DIRECTORY_INFORMATION
1865{
1866 UNICODE_STRING Name;
1867 UNICODE_STRING TypeName;
1868} OBJECT_DIRECTORY_INFORMATION;
1869typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1870NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1871
1872NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1873NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1874/** @name ProcessDefaultHardErrorMode bit definitions.
1875 * @{ */
1876#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1877#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1878#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1879#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1880/** @} */
1881NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1882NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1883
1884/** Retured by ProcessImageInformation as well as NtQuerySection. */
1885typedef struct _SECTION_IMAGE_INFORMATION
1886{
1887 PVOID TransferAddress;
1888 ULONG ZeroBits;
1889 SIZE_T MaximumStackSize;
1890 SIZE_T CommittedStackSize;
1891 ULONG SubSystemType;
1892 union
1893 {
1894 struct
1895 {
1896 USHORT SubSystemMinorVersion;
1897 USHORT SubSystemMajorVersion;
1898 };
1899 ULONG SubSystemVersion;
1900 };
1901 ULONG GpValue;
1902 USHORT ImageCharacteristics;
1903 USHORT DllCharacteristics;
1904 USHORT Machine;
1905 BOOLEAN ImageContainsCode;
1906 union /**< Since Vista, used to be a spare BOOLEAN. */
1907 {
1908 struct
1909 {
1910 UCHAR ComPlusNativeRead : 1;
1911 UCHAR ComPlusILOnly : 1;
1912 UCHAR ImageDynamicallyRelocated : 1;
1913 UCHAR ImageMAppedFlat : 1;
1914 UCHAR Reserved : 4;
1915 };
1916 UCHAR ImageFlags;
1917 };
1918 ULONG LoaderFlags;
1919 ULONG ImageFileSize; /**< Since XP? */
1920 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
1921} SECTION_IMAGE_INFORMATION;
1922typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1923
1924typedef enum _SECTION_INFORMATION_CLASS
1925{
1926 SectionBasicInformation = 0,
1927 SectionImageInformation,
1928 MaxSectionInfoClass
1929} SECTION_INFORMATION_CLASS;
1930NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1931
1932NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1933NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1934NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1935#ifndef SYMBOLIC_LINK_QUERY
1936# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1937#endif
1938#ifndef SYMBOLIC_LINK_ALL_ACCESS
1939# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
1940#endif
1941
1942NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1943NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1944NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1945NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1946NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1947NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1948
1949
1950#ifndef SEC_FILE
1951# define SEC_FILE UINT32_C(0x00800000)
1952#endif
1953#ifndef SEC_IMAGE
1954# define SEC_IMAGE UINT32_C(0x01000000)
1955#endif
1956#ifndef SEC_PROTECTED_IMAGE
1957# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1958#endif
1959#ifndef SEC_NOCACHE
1960# define SEC_NOCACHE UINT32_C(0x10000000)
1961#endif
1962#ifndef MEM_ROTATE
1963# define MEM_ROTATE UINT32_C(0x00800000)
1964#endif
1965typedef enum _MEMORY_INFORMATION_CLASS
1966{
1967 MemoryBasicInformation = 0,
1968 MemoryWorkingSetList,
1969 MemorySectionName,
1970 MemoryBasicVlmInformation
1971} MEMORY_INFORMATION_CLASS;
1972#ifdef IN_RING0
1973typedef struct _MEMORY_BASIC_INFORMATION
1974{
1975 PVOID BaseAddress;
1976 PVOID AllocationBase;
1977 ULONG AllocationProtect;
1978 SIZE_T RegionSize;
1979 ULONG State;
1980 ULONG Protect;
1981 ULONG Type;
1982} MEMORY_BASIC_INFORMATION;
1983typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
1984# define NtQueryVirtualMemory ZwQueryVirtualMemory
1985#endif
1986NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1987#ifdef IPRT_NT_USE_WINTERNL
1988NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
1989#endif
1990NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
1991NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
1992
1993typedef enum _SYSTEM_INFORMATION_CLASS
1994{
1995 SystemBasicInformation = 0,
1996 SystemCpuInformation,
1997 SystemPerformanceInformation,
1998 SystemTimeOfDayInformation,
1999 SystemInformation_Unknown_4,
2000 SystemProcessInformation,
2001 SystemInformation_Unknown_6,
2002 SystemInformation_Unknown_7,
2003 SystemProcessorPerformanceInformation,
2004 SystemInformation_Unknown_9,
2005 SystemInformation_Unknown_10,
2006 SystemModuleInformation,
2007 SystemInformation_Unknown_12,
2008 SystemInformation_Unknown_13,
2009 SystemInformation_Unknown_14,
2010 SystemInformation_Unknown_15,
2011 SystemHandleInformation,
2012 SystemInformation_Unknown_17,
2013 SystemPageFileInformation,
2014 SystemInformation_Unknown_19,
2015 SystemInformation_Unknown_20,
2016 SystemCacheInformation,
2017 SystemInformation_Unknown_22,
2018 SystemInterruptInformation,
2019 SystemDpcBehaviourInformation,
2020 SystemFullMemoryInformation,
2021 SystemLoadGdiDriverInformation, /* 26 */
2022 SystemUnloadGdiDriverInformation, /* 27 */
2023 SystemTimeAdjustmentInformation,
2024 SystemSummaryMemoryInformation,
2025 SystemInformation_Unknown_30,
2026 SystemInformation_Unknown_31,
2027 SystemInformation_Unknown_32,
2028 SystemExceptionInformation,
2029 SystemCrashDumpStateInformation,
2030 SystemKernelDebuggerInformation,
2031 SystemContextSwitchInformation,
2032 SystemRegistryQuotaInformation,
2033 SystemInformation_Unknown_38,
2034 SystemInformation_Unknown_39,
2035 SystemInformation_Unknown_40,
2036 SystemInformation_Unknown_41,
2037 SystemInformation_Unknown_42,
2038 SystemInformation_Unknown_43,
2039 SystemCurrentTimeZoneInformation,
2040 SystemLookasideInformation,
2041 SystemSetTimeSlipEvent,
2042 SystemCreateSession,
2043 SystemDeleteSession,
2044 SystemInformation_Unknown_49,
2045 SystemRangeStartInformation,
2046 SystemVerifierInformation,
2047 SystemInformation_Unknown_52,
2048 SystemSessionProcessInformation,
2049 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2050 SystemInformation_Unknown_55,
2051 SystemInformation_Unknown_56,
2052 SystemExtendedProcessInformation,
2053 SystemInformation_Unknown_58,
2054 SystemInformation_Unknown_59,
2055 SystemInformation_Unknown_60,
2056 SystemInformation_Unknown_61,
2057 SystemInformation_Unknown_62,
2058 SystemInformation_Unknown_63,
2059 SystemExtendedHandleInformation, /* 64 */
2060 SystemInformation_Unknown_65,
2061 SystemInformation_Unknown_66,
2062 SystemInformation_Unknown_67,
2063 SystemInformation_Unknown_68,
2064 SystemInformation_HotPatchInfo, /* 69 */
2065 SystemInformation_Unknown_70,
2066 SystemInformation_Unknown_71,
2067 SystemInformation_Unknown_72,
2068 SystemInformation_Unknown_73,
2069 SystemInformation_Unknown_74,
2070 SystemInformation_Unknown_75,
2071 SystemInformation_Unknown_76,
2072 SystemInformation_Unknown_77,
2073 SystemInformation_Unknown_78,
2074 SystemInformation_Unknown_79,
2075 SystemInformation_Unknown_80,
2076 SystemInformation_Unknown_81,
2077 SystemInformation_Unknown_82,
2078 SystemInformation_Unknown_83,
2079 SystemInformation_Unknown_84,
2080 SystemInformation_Unknown_85,
2081 SystemInformation_Unknown_86,
2082 SystemInformation_Unknown_87,
2083 SystemInformation_Unknown_88,
2084 SystemInformation_Unknown_89,
2085 SystemInformation_Unknown_90,
2086 SystemInformation_Unknown_91,
2087 SystemInformation_Unknown_92,
2088 SystemInformation_Unknown_93,
2089 SystemInformation_Unknown_94,
2090 SystemInformation_Unknown_95,
2091 SystemInformation_KiOpPrefetchPatchCount,
2092
2093 /** @todo fill gap. they've added a whole bunch of things */
2094 SystemPolicyInformation = 134,
2095 SystemInformationClassMax
2096} SYSTEM_INFORMATION_CLASS;
2097
2098#ifdef IPRT_NT_USE_WINTERNL
2099typedef struct _VM_COUNTERS
2100{
2101 SIZE_T PeakVirtualSize;
2102 SIZE_T VirtualSize;
2103 ULONG PageFaultCount;
2104 SIZE_T PeakWorkingSetSize;
2105 SIZE_T WorkingSetSize;
2106 SIZE_T QuotaPeakPagedPoolUsage;
2107 SIZE_T QuotaPagedPoolUsage;
2108 SIZE_T QuotaPeakNonPagedPoolUsage;
2109 SIZE_T QuotaNonPagedPoolUsage;
2110 SIZE_T PagefileUsage;
2111 SIZE_T PeakPagefileUsage;
2112} VM_COUNTERS;
2113typedef VM_COUNTERS *PVM_COUNTERS;
2114#endif
2115
2116#if 0
2117typedef struct _IO_COUNTERS
2118{
2119 ULONGLONG ReadOperationCount;
2120 ULONGLONG WriteOperationCount;
2121 ULONGLONG OtherOperationCount;
2122 ULONGLONG ReadTransferCount;
2123 ULONGLONG WriteTransferCount;
2124 ULONGLONG OtherTransferCount;
2125} IO_COUNTERS;
2126typedef IO_COUNTERS *PIO_COUNTERS;
2127#endif
2128
2129typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2130{
2131 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2132 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2133 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2134 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2135 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2136 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2137 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2138 int32_t BasePriority; /**< 0x40 / 0x48 */
2139 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2140 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2141 ULONG HandleCount; /**< 0x4c / 0x60 */
2142 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2143 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2144 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2145 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2146 /* After this follows the threads, then the ProcessName.Buffer. */
2147} RTNT_SYSTEM_PROCESS_INFORMATION;
2148typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2149#ifndef IPRT_NT_USE_WINTERNL
2150typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2151typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2152#endif
2153
2154typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2155{
2156 USHORT UniqueProcessId;
2157 USHORT CreatorBackTraceIndex;
2158 UCHAR ObjectTypeIndex;
2159 UCHAR HandleAttributes;
2160 USHORT HandleValue;
2161 PVOID Object;
2162 ULONG GrantedAccess;
2163} SYSTEM_HANDLE_ENTRY_INFO;
2164typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2165
2166/** Returned by SystemHandleInformation */
2167typedef struct _SYSTEM_HANDLE_INFORMATION
2168{
2169 ULONG NumberOfHandles;
2170 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2171} SYSTEM_HANDLE_INFORMATION;
2172typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2173
2174/** Extended handle information entry.
2175 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2176typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2177{
2178 PVOID Object;
2179 HANDLE UniqueProcessId;
2180 HANDLE HandleValue;
2181 ACCESS_MASK GrantedAccess;
2182 USHORT CreatorBackTraceIndex;
2183 USHORT ObjectTypeIndex;
2184 ULONG HandleAttributes;
2185 ULONG Reserved;
2186} SYSTEM_HANDLE_ENTRY_INFO_EX;
2187typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2188
2189/** Returned by SystemExtendedHandleInformation. */
2190typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2191{
2192 ULONG_PTR NumberOfHandles;
2193 ULONG_PTR Reserved;
2194 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2195} SYSTEM_HANDLE_INFORMATION_EX;
2196typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2197
2198/** Input to SystemSessionProcessInformation. */
2199typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2200{
2201 ULONG SessionId;
2202 ULONG BufferLength;
2203 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2204 PVOID Buffer;
2205} SYSTEM_SESSION_PROCESS_INFORMATION;
2206typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2207
2208NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2209
2210NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2211NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2212#ifndef IPRT_NT_USE_WINTERNL
2213NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2214#endif
2215typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2216typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2217NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2218
2219NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2220
2221#ifdef IPRT_NT_USE_WINTERNL
2222typedef enum _EVENT_TYPE
2223{
2224 /* Manual reset event. */
2225 NotificationEvent = 0,
2226 /* Automaitc reset event. */
2227 SynchronizationEvent
2228} EVENT_TYPE;
2229#endif
2230NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2231NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2232typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2233NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2234NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2235NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2236typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2237typedef enum _EVENT_INFORMATION_CLASS
2238{
2239 EventBasicInformation = 0
2240} EVENT_INFORMATION_CLASS;
2241/** Data returned by NtQueryEvent + EventBasicInformation. */
2242typedef struct EVENT_BASIC_INFORMATION
2243{
2244 EVENT_TYPE EventType;
2245 ULONG EventState;
2246} EVENT_BASIC_INFORMATION;
2247typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2248NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2249
2250#ifdef IPRT_NT_USE_WINTERNL
2251/** For NtQueryValueKey. */
2252typedef enum _KEY_VALUE_INFORMATION_CLASS
2253{
2254 KeyValueBasicInformation = 0,
2255 KeyValueFullInformation,
2256 KeyValuePartialInformation,
2257 KeyValueFullInformationAlign64,
2258 KeyValuePartialInformationAlign64
2259} KEY_VALUE_INFORMATION_CLASS;
2260
2261/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2262typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2263{
2264 ULONG TitleIndex;
2265 ULONG Type;
2266 ULONG DataLength;
2267 UCHAR Data[1];
2268} KEY_VALUE_PARTIAL_INFORMATION;
2269typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2270#endif
2271NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2272NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2273
2274
2275NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2276
2277
2278typedef struct _CURDIR
2279{
2280 UNICODE_STRING DosPath;
2281 HANDLE Handle;
2282} CURDIR;
2283typedef CURDIR *PCURDIR;
2284
2285typedef struct _RTL_DRIVE_LETTER_CURDIR
2286{
2287 USHORT Flags;
2288 USHORT Length;
2289 ULONG TimeStamp;
2290 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2291} RTL_DRIVE_LETTER_CURDIR;
2292typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2293
2294typedef struct _RTL_USER_PROCESS_PARAMETERS
2295{
2296 ULONG MaximumLength;
2297 ULONG Length;
2298 ULONG Flags;
2299 ULONG DebugFlags;
2300 HANDLE ConsoleHandle;
2301 ULONG ConsoleFlags;
2302 HANDLE StandardInput;
2303 HANDLE StandardOutput;
2304 HANDLE StandardError;
2305 CURDIR CurrentDirectory;
2306 UNICODE_STRING DllPath;
2307 UNICODE_STRING ImagePathName;
2308 UNICODE_STRING CommandLine;
2309 PWSTR Environment;
2310 ULONG StartingX;
2311 ULONG StartingY;
2312 ULONG CountX;
2313 ULONG CountY;
2314 ULONG CountCharsX;
2315 ULONG CountCharsY;
2316 ULONG FillAttribute;
2317 ULONG WindowFlags;
2318 ULONG ShowWindowFlags;
2319 UNICODE_STRING WindowTitle;
2320 UNICODE_STRING DesktopInfo;
2321 UNICODE_STRING ShellInfo;
2322 UNICODE_STRING RuntimeInfo;
2323 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2324 SIZE_T EnvironmentSize; /**< Added in Vista */
2325 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2326 PVOID PackageDependencyData; /**< Added Windows 8? */
2327 ULONG ProcessGroupId; /**< Added Windows 8? */
2328} RTL_USER_PROCESS_PARAMETERS;
2329typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2330#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2331
2332typedef struct _RTL_USER_PROCESS_INFORMATION
2333{
2334 ULONG Size;
2335 HANDLE ProcessHandle;
2336 HANDLE ThreadHandle;
2337 CLIENT_ID ClientId;
2338 SECTION_IMAGE_INFORMATION ImageInformation;
2339} RTL_USER_PROCESS_INFORMATION;
2340typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2341
2342
2343NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2344 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2345NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2346 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2347 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2348 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2349 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2350NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2351NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2352 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2353
2354#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2355typedef struct _RTL_CRITICAL_SECTION
2356{
2357 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2358 LONG LockCount;
2359 LONG Recursioncount;
2360 HANDLE OwningThread;
2361 HANDLE LockSemaphore;
2362 ULONG_PTR SpinCount;
2363} RTL_CRITICAL_SECTION;
2364typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2365#endif
2366
2367RT_C_DECLS_END
2368/** @} */
2369
2370
2371#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2372/** @name NT Kernel APIs
2373 * @{ */
2374RT_C_DECLS_BEGIN
2375
2376typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2377
2378NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2379typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2380NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2381typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2382NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2383typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2384NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2385typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2386NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2387typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2388NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2389typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2390NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2391typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2392NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2393typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2394NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2395typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2396NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2397typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2398/** Works like anding the complemented subtrahend with the minuend. */
2399NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2400typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2401NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2402typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2403NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2404typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2405NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2406typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2407NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2408typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2409NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2410typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2411typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2412typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2413
2414NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2415 PVOID pvOptionalConditions, PHANDLE phFound);
2416NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2417 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2418 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2419NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2420NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2421NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2422NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2423extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2424extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2425
2426typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2427typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2428
2429RT_C_DECLS_END
2430/** @ */
2431#endif /* IN_RING0 */
2432
2433
2434#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2435/** @name NT Userland APIs
2436 * @{ */
2437RT_C_DECLS_BEGIN
2438
2439#if 0 /** @todo figure this out some time... */
2440typedef struct CSR_MSG_DATA_CREATED_PROCESS
2441{
2442 HANDLE hProcess;
2443 HANDLE hThread;
2444 CLIENT_ID
2445 DWORD idProcess;
2446 DWORD idThread;
2447 DWORD fCreate;
2448
2449} CSR_MSG_DATA_CREATED_PROCESS;
2450
2451#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2452#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2453NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2454#endif
2455
2456NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2457
2458typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2459{
2460 ULONG Flags;
2461 PCUNICODE_STRING FullDllName;
2462 PCUNICODE_STRING BaseDllName;
2463 PVOID DllBase;
2464 ULONG SizeOfImage;
2465} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2466typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2467typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2468
2469typedef union _LDR_DLL_NOTIFICATION_DATA
2470{
2471 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2472 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2473} LDR_DLL_NOTIFICATION_DATA;
2474typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2475typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2476
2477typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2478
2479#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2480#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2481NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2482 PVOID *pvCookie);
2483typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2484NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2485typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2486
2487NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2488 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2489typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2490 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2491NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2492typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2493NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2494 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2495typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2496 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2497#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2498#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2499/** @since Windows XP. */
2500NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2501 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2502/** @since Windows XP. */
2503typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2504 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2505/** @since Windows 7. */
2506NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2507/** @since Windows 7. */
2508typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2509/** @since Windows 7. */
2510NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2511 OUT PHANDLE phDll);
2512/** @since Windows 7. */
2513typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2514 OUT PHANDLE phDll);
2515#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2516NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2517typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2518NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2519 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2520typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2521 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2522#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2523/** @since Windows Vista. */
2524NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2525 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2526/** @since Windows Vista. */
2527typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2528 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2529#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2530#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2531#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2532#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2533#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2534/** @since Windows XP. */
2535NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2536/** @since Windows XP. */
2537typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2538#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2539/** @since Windows XP. */
2540NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2541/** @since Windows XP. */
2542typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2543
2544NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2545NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2546NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2547NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2548 IN PCUNICODE_STRING pOrgName,
2549 IN PUNICODE_STRING pDefaultSuffix,
2550 IN OUT PUNICODE_STRING pStaticString,
2551 IN OUT PUNICODE_STRING pDynamicString,
2552 IN OUT PUNICODE_STRING *ppResultString,
2553 IN PULONG pfNewFlags OPTIONAL,
2554 IN PSIZE_T pcbFilename OPTIONAL,
2555 IN PSIZE_T pcbNeeded OPTIONAL);
2556
2557# ifdef IPRT_NT_USE_WINTERNL
2558typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2559typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2560typedef struct _RTL_HEAP_PARAMETERS
2561{
2562 ULONG Length;
2563 SIZE_T SegmentReserve;
2564 SIZE_T SegmentCommit;
2565 SIZE_T DeCommitFreeBlockThreshold;
2566 SIZE_T DeCommitTotalFreeThreshold;
2567 SIZE_T MaximumAllocationSize;
2568 SIZE_T VirtualMemoryThreshold;
2569 SIZE_T InitialCommit;
2570 SIZE_T InitialReserve;
2571 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2572 SIZE_T Reserved[2];
2573} RTL_HEAP_PARAMETERS;
2574typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2575NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2576 PRTL_HEAP_PARAMETERS pParameters);
2577/** @name Heap flags (for RtlCreateHeap).
2578 * @{ */
2579/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2580# define HEAP_GROWABLE UINT32_C(0x00000002)
2581# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2582# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2583# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2584# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2585# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2586# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2587# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2588# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2589# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2590# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2591# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2592# define HEAP_CLASS_0 UINT32_C(0x00000000)
2593# define HEAP_CLASS_1 UINT32_C(0x00001000)
2594# define HEAP_CLASS_2 UINT32_C(0x00002000)
2595# define HEAP_CLASS_3 UINT32_C(0x00003000)
2596# define HEAP_CLASS_4 UINT32_C(0x00004000)
2597# define HEAP_CLASS_5 UINT32_C(0x00005000)
2598# define HEAP_CLASS_6 UINT32_C(0x00006000)
2599# define HEAP_CLASS_7 UINT32_C(0x00007000)
2600# define HEAP_CLASS_8 UINT32_C(0x00008000)
2601# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2602# endif
2603# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2604# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2605# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2606# define HEAP_CLASS_GDI HEAP_CLASS_3
2607# define HEAP_CLASS_USER HEAP_CLASS_4
2608# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2609# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2610# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2611# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2612# ifdef IPRT_NT_USE_WINTERNL
2613/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2614# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2615# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2616# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2617# endif /* IPRT_NT_USE_WINTERNL */
2618/** @} */
2619# ifdef IPRT_NT_USE_WINTERNL
2620/** @name Heap tagging constants
2621 * @{ */
2622# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2623/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2624# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2625# define HEAP_TAG_SHIFT 18 */
2626# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2627/** @} */
2628NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2629NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2630NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2631# endif /* IPRT_NT_USE_WINTERNL */
2632NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2633NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2634NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2635NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2636NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2637NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2638NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2639NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2640NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2641NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2642typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2643
2644RT_C_DECLS_END
2645/** @} */
2646#endif /* IN_RING3 */
2647
2648#endif
2649
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette