nt.h@ 64638

Last change on this file since 64638 was 64638, checked in by vboxsync, 8 years ago
iprt/nt/nt.h: NtQueryFullAttributesFile and NtQueryAttributesFile.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 124.8 KB

Line
1	/* $Id: nt.h 64638 2016-11-10 15:24:35Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2016 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43	# define NtQuerySystemInformation ZwQuerySystemInformation
44	# define NtQuerySecurityObject ZwQuerySecurityObject
45	# define NtSetInformationFile ZwSetInformationFile
46	# define NtClose ZwClose
47	# define NtCreateFile ZwCreateFile
48	# define NtReadFile ZwReadFile
49	# define NtWriteFile ZwWriteFile
50	# define NtFlushBuffersFile ZwFlushBuffersFile
51	/** @todo this is very incomplete! */
52	#endif
53
54	#include <ntstatus.h>
55
56	/*
57	* Hacks common to both base header sets.
58	*/
59	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60	#define NtQueryObject Incomplete_NtQueryObject
61	#define ZwQueryObject Incomplete_ZwQueryObject
62	#define NtSetInformationObject Incomplete_NtSetInformationObject
63	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67	#define _PEB Incomplete__PEB
68	#define PEB Incomplete_PEB
69	#define PPEB Incomplete_PPEB
70	#define _TEB Incomplete__TEB
71	#define TEB Incomplete_TEB
72	#define PTEB Incomplete_PTEB
73	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82	#ifdef IPRT_NT_USE_WINTERNL
83	/*
84	* Use Winternl.h.
85	*/
86	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129	# pragma warning(push)
130	# pragma warning(disable: 4668)
131	# define WIN32_NO_STATUS
132	# include <windef.h>
133	# include <winnt.h>
134	# include <winternl.h>
135	# undef WIN32_NO_STATUS
136	# include <ntstatus.h>
137	# pragma warning(pop)
138
139
140	# undef _FILE_INFORMATION_CLASS
141	# undef FILE_INFORMATION_CLASS
142	# undef FileDirectoryInformation
143
144	# undef NtQueryInformationProcess
145	# undef NtSetInformationProcess
146	# undef PROCESSINFOCLASS
147	# undef _PROCESSINFOCLASS
148	# undef PROCESS_BASIC_INFORMATION
149	# undef PPROCESS_BASIC_INFORMATION
150	# undef _PROCESS_BASIC_INFORMATION
151	# undef ProcessBasicInformation
152	# undef ProcessDebugPort
153	# undef ProcessWow64Information
154	# undef ProcessImageFileName
155	# undef ProcessBreakOnTermination
156
157	# undef RTL_USER_PROCESS_PARAMETERS
158	# undef PRTL_USER_PROCESS_PARAMETERS
159	# undef _RTL_USER_PROCESS_PARAMETERS
160
161	# undef NtQueryInformationThread
162	# undef NtSetInformationThread
163	# undef THREADINFOCLASS
164	# undef _THREADINFOCLASS
165	# undef ThreadIsIoPending
166
167	# undef NtQuerySystemInformation
168	# undef NtSetSystemInformation
169	# undef SYSTEM_INFORMATION_CLASS
170	# undef _SYSTEM_INFORMATION_CLASS
171	# undef SystemBasicInformation
172	# undef SystemPerformanceInformation
173	# undef SystemTimeOfDayInformation
174	# undef SystemProcessInformation
175	# undef SystemProcessorPerformanceInformation
176	# undef SystemInterruptInformation
177	# undef SystemExceptionInformation
178	# undef SystemRegistryQuotaInformation
179	# undef SystemLookasideInformation
180	# undef SystemPolicyInformation
181
182	#else
183	/*
184	* Use ntifs.h and wdm.h.
185	*/
186	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
187	# define FORCEINLINE static __forceinline
188	# else
189	# define FORCEINLINE static __inline
190	# endif
191
192	# pragma warning(push)
193	# ifdef RT_ARCH_X86
194	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
195	# pragma warning(disable: 4163)
196	# endif
197	# pragma warning(disable: 4668)
198	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
199
200	# include <ntifs.h>
201	# include <wdm.h>
202
203	# ifdef RT_ARCH_X86
204	# undef _InterlockedAddLargeStatistic
205	# endif
206	# pragma warning(pop)
207
208	# define IPRT_NT_NEED_API_GROUP_NTIFS
209	#endif
210
211	#undef RtlFreeUnicodeString
212	#undef NtQueryObject
213	#undef ZwQueryObject
214	#undef NtSetInformationObject
215	#undef _OBJECT_INFORMATION_CLASS
216	#undef OBJECT_INFORMATION_CLASS
217	#undef ObjectBasicInformation
218	#undef ObjectTypeInformation
219	#undef _PEB
220	#undef PEB
221	#undef PPEB
222	#undef _TEB
223	#undef TEB
224	#undef PTEB
225	#undef _PEB_LDR_DATA
226	#undef PEB_LDR_DATA
227	#undef PPEB_LDR_DATA
228	#undef _KUSER_SHARED_DATA
229	#undef KUSER_SHARED_DATA
230	#undef PKUSER_SHARED_DATA
231
232
233	#include <iprt/types.h>
234	#include <iprt/assert.h>
235
236
237	/** @name Useful macros
238	* @{ */
239	/** Indicates that we're targeting native NT in the current source. */
240	#define RTNT_USE_NATIVE_NT 1
241	/** Initializes a IO_STATUS_BLOCK. */
242	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
243	/** Reinitializes a IO_STATUS_BLOCK. */
244	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
245	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
246	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
247	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
248	/** Constant UNICODE_STRING initializer. */
249	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
250	/** @} */
251
252
253	/** @name IPRT helper functions for NT
254	* @{ */
255	RT_C_DECLS_BEGIN
256
257	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
258	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
259	PHANDLE phHandle, PULONG_PTR puDisposition);
260	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
261	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
262	RTDECL(int) RTNtPathClose(HANDLE hHandle);
263
264	/**
265	* Converts a windows-style path to NT format and encoding.
266	*
267	* @returns IPRT status code.
268	* @param pNtName Where to return the NT name. Free using
269	* RTNtPathFree.
270	* @param phRootDir Where to return the root handle, if applicable.
271	* @param pszPath The UTF-8 path.
272	*/
273	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
274
275	/**
276	* Converts a UTF-16 windows-style path to NT format.
277	*
278	* @returns IPRT status code.
279	* @param pNtName Where to return the NT name. Free using
280	* RTNtPathFree.
281	* @param phRootDir Where to return the root handle, if applicable.
282	* @param pwszPath The UTF-16 windows-style path.
283	* @param cwcPath The max length of the windows-style path in
284	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
285	* pwszPath is correctly terminated.
286	*/
287	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
288
289	/**
290	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
291	* chars plus a terminator.
292	*
293	* The NT string must have been returned by RTNtPathFromWinUtf8 or
294	* RTNtPathFromWinUtf16Ex.
295	*
296	* @returns IPRT status code.
297	* @param pNtName The NT path string.
298	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
299	* @sa RTNtPathFree
300	*/
301	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
302
303	/**
304	* Frees the native path and root handle.
305	*
306	* @param pNtName The NT path from a successful call to
307	* RTNtPathFromWinUtf8 or RTNtPathFromWinUtf16Ex.
308	* @param phRootDir The root handle variable from the same call.
309	*/
310	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
311
312
313	/**
314	* Checks whether the path could be containing alternative 8.3 names generated
315	* by NTFS, FAT, or other similar file systems.
316	*
317	* @returns Pointer to the first component that might be an 8.3 name, NULL if
318	* not 8.3 path.
319	* @param pwszPath The path to check.
320	*
321	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
322	* however, non-tilde 8.3 aliases are probably rare enough to not be
323	* worth all the extra code necessary to open each path component and
324	* check if we've got the short name or not.
325	*/
326	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
327
328	/**
329	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
330	* components.
331	*
332	* The path is fixed up in place. Errors are ignored.
333	*
334	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
335	* indicating the nature of last problem we ran into.
336	*
337	* @param pUniStr The path to fix up. MaximumLength is the max buffer
338	* length.
339	* @param fPathOnly Whether to only process the path and leave the filename
340	* as passed in.
341	*/
342	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
343
344
345	RT_C_DECLS_END
346	/** @} */
347
348
349	/** @name NT API delcarations.
350	* @{ */
351	RT_C_DECLS_BEGIN
352
353	/** @name Process access rights missing in ntddk headers
354	* @{ */
355	#ifndef PROCESS_TERMINATE
356	# define PROCESS_TERMINATE UINT32_C(0x00000001)
357	#endif
358	#ifndef PROCESS_CREATE_THREAD
359	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
360	#endif
361	#ifndef PROCESS_SET_SESSIONID
362	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
363	#endif
364	#ifndef PROCESS_VM_OPERATION
365	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
366	#endif
367	#ifndef PROCESS_VM_READ
368	# define PROCESS_VM_READ UINT32_C(0x00000010)
369	#endif
370	#ifndef PROCESS_VM_WRITE
371	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
372	#endif
373	#ifndef PROCESS_DUP_HANDLE
374	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
375	#endif
376	#ifndef PROCESS_CREATE_PROCESS
377	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
378	#endif
379	#ifndef PROCESS_SET_QUOTA
380	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
381	#endif
382	#ifndef PROCESS_SET_INFORMATION
383	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
384	#endif
385	#ifndef PROCESS_QUERY_INFORMATION
386	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
387	#endif
388	#ifndef PROCESS_SUSPEND_RESUME
389	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
390	#endif
391	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
392	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
393	#endif
394	#ifndef PROCESS_SET_LIMITED_INFORMATION
395	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
396	#endif
397	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
398	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
399	#ifndef PROCESS_ALL_ACCESS
400	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
401	#endif
402	/** @} */
403
404	/** @name Thread access rights missing in ntddk headers
405	* @{ */
406	#ifndef THREAD_QUERY_INFORMATION
407	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
408	#endif
409	#ifndef THREAD_SET_THREAD_TOKEN
410	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
411	#endif
412	#ifndef THREAD_IMPERSONATE
413	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
414	#endif
415	#ifndef THREAD_DIRECT_IMPERSONATION
416	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
417	#endif
418	#ifndef THREAD_RESUME
419	# define THREAD_RESUME UINT32_C(0x00001000)
420	#endif
421	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
422	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
423	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
424	/** @} */
425
426	/** @name Special handle values.
427	* @{ */
428	#ifndef NtCurrentProcess
429	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
430	#endif
431	#ifndef NtCurrentThread
432	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
433	#endif
434	#ifndef ZwCurrentProcess
435	# define ZwCurrentProcess() NtCurrentProcess()
436	#endif
437	#ifndef ZwCurrentThread
438	# define ZwCurrentThread() NtCurrentThread()
439	#endif
440	/** @} */
441
442
443	/** @name Directory object access rights.
444	* @{ */
445	#ifndef DIRECTORY_QUERY
446	# define DIRECTORY_QUERY UINT32_C(0x00000001)
447	#endif
448	#ifndef DIRECTORY_TRAVERSE
449	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
450	#endif
451	#ifndef DIRECTORY_CREATE_OBJECT
452	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
453	#endif
454	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
455	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
456	#endif
457	#ifndef DIRECTORY_ALL_ACCESS
458	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
459	#endif
460	/** @} */
461
462
463
464	#ifdef IPRT_NT_USE_WINTERNL
465	typedef struct _CLIENT_ID
466	{
467	HANDLE UniqueProcess;
468	HANDLE UniqueThread;
469	} CLIENT_ID;
470	typedef CLIENT_ID *PCLIENT_ID;
471	#endif
472
473	/** Extended affinity type, introduced in Windows 7 (?). */
474	typedef struct _KAFFINITY_EX
475	{
476	/** Count of valid bitmap entries. */
477	uint16_t Count;
478	/** Count of allocated bitmap entries. */
479	uint16_t Size;
480	/** Reserved / aligmment padding. */
481	uint32_t Reserved;
482	/** Bitmap where one bit corresponds to a CPU. */
483	uintptr_t Bitmap[20];
484	} KAFFINITY_EX;
485	typedef KAFFINITY_EX *PKAFFINITY_EX;
486	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
487
488	/** @name User Shared Data
489	* @{ */
490
491	#ifdef IPRT_NT_USE_WINTERNL
492	typedef struct _KSYSTEM_TIME
493	{
494	ULONG LowPart;
495	LONG High1Time;
496	LONG High2Time;
497	} KSYSTEM_TIME;
498	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
499
500	typedef enum _NT_PRODUCT_TYPE
501	{
502	NtProductWinNt = 1,
503	NtProductLanManNt,
504	NtProductServer
505	} NT_PRODUCT_TYPE;
506
507	#define PROCESSOR_FEATURE_MAX 64
508
509	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
510	{
511	StandardDesign = 0,
512	NEC98x86,
513	EndAlternatives
514	} ALTERNATIVE_ARCHITECTURE_TYPE;
515
516	# if 0
517	typedef struct _XSTATE_FEATURE
518	{
519	ULONG Offset;
520	ULONG Size;
521	} XSTATE_FEATURE;
522	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
523
524	#define MAXIMUM_XSTATE_FEATURES 64
525
526	typedef struct _XSTATE_CONFIGURATION
527	{
528	ULONG64 EnabledFeatures;
529	ULONG Size;
530	ULONG OptimizedSave : 1;
531	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
532	} XSTATE_CONFIGURATION;
533	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
534	# endif
535	#endif /* IPRT_NT_USE_WINTERNL */
536
537	typedef struct _KUSER_SHARED_DATA
538	{
539	ULONG TickCountLowDeprecated; /*< 0x000 /
540	ULONG TickCountMultiplier; /*< 0x004 /
541	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
542	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
543	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
544	USHORT ImageNumberLow; /*< 0x02c /
545	USHORT ImageNumberHigh; /*< 0x02e /
546	WCHAR NtSystemRoot[260]; /*< 0x030 /
547	ULONG MaxStackTraceDepth; /*< 0x238 /
548	ULONG CryptoExponent; /*< 0x23c /
549	ULONG TimeZoneId; /*< 0x240 /
550	ULONG LargePageMinimum; /*< 0x244 /
551	ULONG AitSamplingValue; /*< 0x248 /
552	ULONG AppCompatFlag; /*< 0x24c /
553	ULONGLONG RNGSeedVersion; /*< 0x250 /
554	ULONG GlobalValidationRunlevel; /*< 0x258 /
555	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
556	ULONG Reserved2; /*< 0x260 /
557	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
558	BOOLEAN ProductTypeIsValid; /*< 0x268 /
559	BOOLEAN Reserved0[1]; /*< 0x269 /
560	USHORT NativeProcessorArchitecture; /*< 0x26a /
561	ULONG NtMajorVersion; /*< 0x26c /
562	ULONG NtMinorVersion; /*< 0x270 /
563	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
564	ULONG Reserved1; /*< 0x2b4 /
565	ULONG Reserved3; /*< 0x2b8 /
566	ULONG volatile TimeSlip; /*< 0x2bc /
567	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
568	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
569	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
570	ULONG SuiteMask; /*< 0x2d0 /
571	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
572	union /*< 0x2d5 /
573	{
574	UCHAR MitigationPolicies; /*< 0x2d5 /
575	struct
576	{
577	UCHAR NXSupportPolicy : 2;
578	UCHAR SEHValidationPolicy : 2;
579	UCHAR CurDirDevicesSkippedForDlls : 2;
580	UCHAR Reserved : 2;
581	};
582	};
583	UCHAR Reserved6[2]; /*< 0x2d6 /
584	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
585	ULONG volatile DismountCount; /*< 0x2dc /
586	ULONG ComPlusPackage; /*< 0x2e0 /
587	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
588	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
589	BOOLEAN SafeBootMode; /*< 0x2ec /
590	UCHAR Reserved12[3]; /*< 0x2ed /
591	union /*< 0x2f0 /
592	{
593	ULONG SharedDataFlags; /*< 0x2f0 /
594	struct
595	{
596	ULONG DbgErrorPortPresent : 1;
597	ULONG DbgElevationEnabled : 1;
598	ULONG DbgVirtEnabled : 1;
599	ULONG DbgInstallerDetectEnabled : 1;
600	ULONG DbgLkgEnabled : 1;
601	ULONG DbgDynProcessorEnabled : 1;
602	ULONG DbgConsoleBrokerEnabled : 1;
603	ULONG DbgSecureBootEnabled : 1;
604	ULONG SpareBits : 24;
605	};
606	};
607	ULONG DataFlagsPad[1]; /*< 0x2f4 /
608	ULONGLONG TestRetInstruction; /*< 0x2f8 /
609	LONGLONG QpcFrequency; /*< 0x300 /
610	ULONGLONG SystemCallPad[3]; /*< 0x308 /
611	union /*< 0x320 /
612	{
613	ULONG64 volatile TickCountQuad; /*< 0x320 /
614	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
615	struct /*< 0x320 /
616	{
617	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
618	ULONG TickCountPad[1]; /*< 0x32c /
619	};
620	};
621	ULONG Cookie; /*< 0x330 /
622	ULONG CookiePad[1]; /*< 0x334 /
623	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
624	ULONGLONG TimeUpdateLock; /*< 0x340 /
625	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
626	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
627	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
628	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
629	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
630	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
631	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
632	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
633	UCHAR Reserved8[14]; /*< 0x372 /
634	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
635	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
636	ULONG LangGenerationCount; /*< 0x3a4 /
637	ULONGLONG Reserved4; /*< 0x3a8 /
638	ULONGLONG volatile InterruptTimeBias; /*< 0x3b0 /
639	ULONGLONG volatile QpcBias; /*< 0x3b8 /
640	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
641	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
642	UCHAR Reserved9; /*< 0x3c5 /
643	union /*< 0x3c6 /
644	{
645	USHORT QpcData; /*< 0x3c6 /
646	struct /*< 0x3c6 /
647	{
648	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
649	UCHAR QpcShift; /*< 0x3c7 /
650	};
651	};
652	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
653	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
654	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
655	} KUSER_SHARED_DATA;
656	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
657	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
658	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
659	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
660	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
661	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
662	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
663	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
664	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
665	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
666	/** @def MM_SHARED_USER_DATA_VA
667	* Read only userland mapping of KUSER_SHARED_DATA. */
668	#ifndef MM_SHARED_USER_DATA_VA
669	# if ARCH_BITS == 32
670	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
671	# elif ARCH_BITS == 64
672	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
673	# else
674	# error "Unsupported/undefined ARCH_BITS value."
675	# endif
676	#endif
677	/** @def KI_USER_SHARED_DATA
678	* Read write kernel mapping of KUSER_SHARED_DATA. */
679	#ifndef KI_USER_SHARED_DATA
680	# ifdef RT_ARCH_X86
681	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
682	# elif defined(RT_ARCH_AMD64)
683	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
684	# else
685	# error "PORT ME - KI_USER_SHARED_DATA"
686	# endif
687	#endif
688	/** @} */
689
690
691	/** @name Process And Thread Environment Blocks
692	* @{ */
693
694	typedef struct _PEB_LDR_DATA
695	{
696	uint32_t Length;
697	BOOLEAN Initialized;
698	BOOLEAN Padding[3];
699	HANDLE SsHandle;
700	LIST_ENTRY InLoadOrderModuleList;
701	LIST_ENTRY InMemoryOrderModuleList;
702	LIST_ENTRY InInitializationOrderModuleList;
703	/* End NT4 */
704	LIST_ENTRY *EntryInProgress;
705	BOOLEAN ShutdownInProgress;
706	HANDLE ShutdownThreadId;
707	} PEB_LDR_DATA;
708	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
709
710	typedef struct _PEB_COMMON
711	{
712	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
713	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
714	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
715	union
716	{
717	uint8_t BitField; /*< 0x003 / 0x003 /
718	struct
719	{
720	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
721	} Common;
722	struct
723	{
724	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
725	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
726	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
727	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
728	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
729	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
730	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
731	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
732	} W81;
733	struct
734	{
735	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
736	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
737	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
738	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
739	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
740	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
741	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
742	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
743	} W80;
744	struct
745	{
746	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
747	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
748	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
749	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
750	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
751	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
752	} W7;
753	struct
754	{
755	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
756	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
757	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
758	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
759	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
760	} W6;
761	struct
762	{
763	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
764	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
765	} W52;
766	struct
767	{
768	BOOLEAN SpareBool;
769	} W51;
770	} Diff0;
771	#if ARCH_BITS == 64
772	uint32_t Padding0; /*< 0x004 / NA /
773	#endif
774	HANDLE Mutant; /*< 0x008 / 0x004 /
775	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
776	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
777	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
778	PVOID SubSystemData; /*< 0x028 / 0x014 /
779	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
780	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
781	union
782	{
783	struct
784	{
785	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
786	PVOID IFEOKey; /*< 0x048 / 0x024 /
787	union
788	{
789	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
790	struct
791	{
792	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
793	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
794	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
795	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
796	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
797	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
798	} W7, W8, W80, W81;
799	struct
800	{
801	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
802	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
803	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
804	} W6;
805	};
806	#if ARCH_BITS == 64
807	uint32_t Padding1; /*< 0x054 / /
808	#endif
809	} W6, W7, W8, W80, W81;
810	struct
811	{
812	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
813	PVOID SparePtr2; /*< 0x048 / 0x024 /
814	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
815	#if ARCH_BITS == 64
816	uint32_t Padding1; /*< 0x054 / /
817	#endif
818	} W52;
819	struct
820	{
821	PVOID FastPebLockRoutine; /*< NA / 0x020 /
822	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
823	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
824	} W51;
825	} Diff1;
826	union
827	{
828	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
829	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
830	};
831	uint32_t SystemReserved; /*< 0x060 / 0x030 /
832	union
833	{
834	struct
835	{
836	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
837	} W7, W8, W80, W81;
838	struct
839	{
840	uint32_t SpareUlong; /*< 0x064 / 0x034 /
841	} W52, W6;
842	struct
843	{
844	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
845	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
846	} W51;
847	} Diff2;
848	union
849	{
850	struct
851	{
852	PVOID ApiSetMap; /*< 0x068 / 0x038 /
853	} W7, W8, W80, W81;
854	struct
855	{
856	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
857	} W52, W6;
858	struct
859	{
860	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
861	} W51;
862	} Diff3;
863	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
864	#if ARCH_BITS == 64
865	uint32_t Padding2; /*< 0x074 / NA /
866	#endif
867	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
868	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
869	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
870	union
871	{
872	struct
873	{
874	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
875	} W81;
876	struct
877	{
878	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
879	} W6, W7, W80;
880	struct
881	{
882	PVOID ReadOnlySharedMemoryHeap;
883	} W52;
884	} Diff4;
885	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
886	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
887	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
888	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
889	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
890	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
891	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
892	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
893	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
894	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
895	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
896	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
897	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
898	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
899	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
900	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
901	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
902	#if ARCH_BITS == 64
903	uint32_t Padding3; /*< 0x10c / NA /
904	#endif
905	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
906	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
907	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
908	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
909	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
910	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
911	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
912	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
913	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
914	#if ARCH_BITS == 64
915	uint32_t Padding4; /*< 0x134 / NA /
916	#endif
917	union
918	{
919	struct
920	{
921	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
922	} W7, W8, W80, W81;
923	struct
924	{
925	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
926	} W52, W6;
927	} Diff5;
928	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
929	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
930	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
931	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
932	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
933	#if ARCH_BITS == 64
934	uint32_t Padding5; /*< 0x2c4 / NA /
935	#endif
936	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
937	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
938	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
939	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
940	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
941	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
942	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
943	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
944	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
945	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
946	/* End of PEB in W52 (Windows XP (RTM))! */
947	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
948	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
949	PVOID FlsBitmap; /*< 0x338 / 0x218 /
950	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
951	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
952	/* End of PEB in W52 (Windows Server 2003)! */
953	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
954	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
955	/* End of PEB in W6 (windows Vista)! */
956	union
957	{
958	struct
959	{
960	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
961	} W8, W80, W81;
962	struct
963	{
964	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
965	} W7;
966	} Diff6;
967	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
968	union
969	{
970	uint32_t TracingFlags; /*< 0x378 / 0x240 /
971	struct
972	{
973	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
974	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
975	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
976	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
977	} W8, W80, W81;
978	struct
979	{
980	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
981	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
982	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
983	} W7;
984	} Diff7;
985	#if ARCH_BITS == 64
986	uint32_t Padding6; /*< 0x37c / NA /
987	#endif
988	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
989	} PEB_COMMON;
990	typedef PEB_COMMON *PPEB_COMMON;
991
992	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
993	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
994	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
995	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
996	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
997	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
998	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
999	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1000	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x388 : 0x250);
1001
1002	/** The size of the windows 8.1 PEB structure. */
1003	#define PEB_SIZE_W81 sizeof(PEB_COMMON)
1004	/** The size of the windows 8.0 PEB structure. */
1005	#define PEB_SIZE_W80 sizeof(PEB_COMMON)
1006	/** The size of the windows 7 PEB structure. */
1007	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1008	/** The size of the windows vista PEB structure. */
1009	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1010	/** The size of the windows server 2003 PEB structure. */
1011	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1012	/** The size of the windows XP PEB structure. */
1013	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1014
1015	#if 0
1016	typedef struct _NT_TIB
1017	{
1018	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1019	PVOID StackBase;
1020	PVOID StackLimit;
1021	PVOID SubSystemTib;
1022	union
1023	{
1024	PVOID FiberData;
1025	ULONG Version;
1026	};
1027	PVOID ArbitraryUserPointer;
1028	struct _NT_TIB *Self;
1029	} NT_TIB;
1030	typedef NT_TIB *PNT_TIB;
1031	#endif
1032
1033	typedef struct _ACTIVATION_CONTEXT_STACK
1034	{
1035	uint32_t Flags;
1036	uint32_t NextCookieSequenceNumber;
1037	PVOID ActiveFrame;
1038	LIST_ENTRY FrameListCache;
1039	} ACTIVATION_CONTEXT_STACK;
1040
1041	/* Common TEB. */
1042	typedef struct _TEB_COMMON
1043	{
1044	NT_TIB NtTib; /*< 0x000 / 0x000 /
1045	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1046	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1047	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1048	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1049	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1050	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1051	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1052	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1053	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1054	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1055	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1056	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1057	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1058	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1059	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1060	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1061	#if ARCH_BITS == 64
1062	uint32_t Padding0; /*< 0x2c4 / NA /
1063	#endif
1064	union
1065	{
1066	struct
1067	{
1068	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1069	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1070	} W52, W6, W7, W8, W80, W81;
1071	#if ARCH_BITS == 32
1072	struct
1073	{
1074	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1075	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1076	} W51;
1077	#endif
1078	} Diff0;
1079	union
1080	{
1081	struct
1082	{
1083	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1084	} W6, W7, W8, W80, W81;
1085	struct
1086	{
1087	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1088	} W52;
1089	} Diff1;
1090	#if ARCH_BITS == 64
1091	uint32_t Padding1; /*< 0x2ec / NA /
1092	#endif
1093	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1094	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1095	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1096	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1097	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1098	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1099	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1100	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1101	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1102	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1103	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1104	PVOID glSection; /*< 0x1230 / 0xbe4 /
1105	PVOID glTable; /*< 0x1238 / 0xbe8 /
1106	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1107	PVOID glContext; /*< 0x1248 / 0xbf0 /
1108	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1109	#if ARCH_BITS == 64
1110	uint32_t Padding2; /*< 0x1254 / NA /
1111	#endif
1112	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1113	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1114	#if ARCH_BITS == 64
1115	WCHAR Padding3[3]; /*< 0x1472 / NA /
1116	#endif
1117	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1118	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1119	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1120	PVOID Vdm; /*< 0x1690 / 0xf18 /
1121	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1122	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1123	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1124	#if ARCH_BITS == 64
1125	uint32_t Padding4; /*< 0x16b4 / NA /
1126	#endif
1127	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1128	union
1129	{
1130	struct
1131	{
1132	GUID ActivityId; /*< 0x1710 / 0xf50 /
1133	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1134	} W6, W7, W8, W80, W81;
1135	struct
1136	{
1137	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1138	} W52;
1139	} Diff2;
1140	union /*< 0x1728 / 0xf64 /
1141	{
1142	struct
1143	{
1144	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1145	} W8, W80, W81;
1146	struct
1147	{
1148	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1149	} W7, W6;
1150	struct
1151	{
1152	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1153	} W52;
1154	struct
1155	{
1156	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1157	} W51;
1158	} Diff3;
1159	union
1160	{
1161	struct
1162	{
1163	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1164	} W52, W6, W7, W8, W80, W81;
1165	struct
1166	{
1167	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1168	} W51;
1169	} Diff4;
1170	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1171	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1172	union
1173	{
1174	union
1175	{
1176	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1177	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1178	struct
1179	{
1180	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1181	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1182	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1183	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1184	};
1185	} W6, W7, W8, W80, W81;
1186	struct
1187	{
1188	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1189	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1190	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1191	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1192	} W51, W52;
1193	} Diff5;
1194	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1195	#if ARCH_BITS == 64
1196	uint32_t Padding5; /*< 0x174c / NA /
1197	#endif
1198	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1199	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1200	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1201	#if ARCH_BITS == 64
1202	uint32_t Padding6; /*< 0x1764 / NA /
1203	#endif
1204	union /*< 0x1770 / 0xf8c /
1205	{
1206	struct
1207	{
1208	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1209	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1210	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1211	} W8, W80, W81;
1212	struct
1213	{
1214	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1215	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1216	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1217	} W6, W7;
1218	struct
1219	{
1220	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1221	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1222	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1223	} W52;
1224	#if ARCH_BITS == 32
1225	struct _Wx86ThreadState
1226	{
1227	PVOID CallBx86Eip; /*< NA / 0xf88 /
1228	PVOID DeallocationCpu; /*< NA / 0xf8c /
1229	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1230	int8_t OleStubInvoked; /*< NA / 0xf91 /
1231	} W51;
1232	#endif
1233	} Diff6;
1234	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1235	#if ARCH_BITS == 64
1236	PVOID DallocationBStore; /*< 0x1788 / NA /
1237	PVOID BStoreLimit; /*< 0x1790 / NA /
1238	#endif
1239	union
1240	{
1241	struct
1242	{
1243	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1244	} W7, W8, W80, W81;
1245	struct
1246	{
1247	uint32_t ImpersonationLocale;
1248	} W6;
1249	} Diff7;
1250	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1251	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1252	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1253	union /*< 0x17b0 / 0xfa8 /
1254	{
1255	struct
1256	{
1257	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1258	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1259	} W8, W80, W81;
1260	struct
1261	{
1262	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1263	} W7;
1264	} Diff8;
1265	#if ARCH_BITS == 64
1266	uint32_t Padding7; /*< 0x17b4 / NA /
1267	#endif
1268	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1269	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1270	/* End of TEB in W51 (Windows XP)! */
1271	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1272	union
1273	{
1274	struct
1275	{
1276	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1277	} W6, W7, W8, W80, W81;
1278	struct
1279	{
1280	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1281	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1282	/* End of TEB in W52 (Windows server 2003)! */
1283	} W52;
1284	} Diff9;
1285	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1286	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1287	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1288	union
1289	{
1290	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1291	struct
1292	{
1293	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1294	};
1295	};
1296	union
1297	{
1298	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1299	struct
1300	{
1301	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1302	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1303	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1304	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1305	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1306	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1307	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1308	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1309	} Common;
1310	struct
1311	{
1312	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1313	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1314	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1315	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1316	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1317	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1318	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1319	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1320	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1321	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1322	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1323	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1324	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1325	} W8, W80, W81;
1326	struct
1327	{
1328	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1329	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1330	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1331	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1332	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1333	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1334	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1335	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1336	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1337	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1338	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1339	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1340	} W7;
1341	struct
1342	{
1343	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1344	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1345	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1346	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1347	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1348	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1349	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1350	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1351	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1352	} W6;
1353	} Diff10;
1354	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1355	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1356	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1357	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1358	union
1359	{
1360	struct
1361	{
1362	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1363	} W7, W8, W80, W81;
1364	struct
1365	{
1366	uint32_t ProcessRundown;
1367	} W6;
1368	} Diff11;
1369	union
1370	{
1371	struct
1372	{
1373	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1374	/* End of TEB in W7 (windows 7)! */
1375	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1376	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1377	} W8, W80, W81;
1378	struct
1379	{
1380	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1381	} W7;
1382	struct
1383	{
1384	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1385	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1386	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1387	/* End of TEB in W6 (windows Vista)! */
1388	} W6;
1389	} Diff12;
1390	} TEB_COMMON;
1391	typedef TEB_COMMON *PTEB_COMMON;
1392	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1393	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1394	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1395	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1396	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1397	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1398	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1399	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1400	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1401	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1402	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1403	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1404	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1828 : 0xff8);
1405
1406
1407	/** The size of the windows 8.1 PEB structure. */
1408	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1409	/** The size of the windows 8.0 PEB structure. */
1410	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1411	/** The size of the windows 7 PEB structure. */
1412	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1413	/** The size of the windows vista PEB structure. */
1414	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1415	/** The size of the windows server 2003 PEB structure. */
1416	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1417	/** The size of the windows XP PEB structure. */
1418	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1419
1420
1421
1422	#define _PEB _PEB_COMMON
1423	typedef PEB_COMMON PEB;
1424	typedef PPEB_COMMON PPEB;
1425
1426	#define _TEB _TEB_COMMON
1427	typedef TEB_COMMON TEB;
1428	typedef PTEB_COMMON PTEB;
1429
1430	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1431	# ifdef RT_ARCH_X86
1432	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1433	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1434	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1435	# elif defined(RT_ARCH_AMD64)
1436	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1437	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1438	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1439	# else
1440	# error "Port me"
1441	# endif
1442	#else
1443	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1444	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1445	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1446	#endif
1447	#define NtCurrentPeb() RTNtCurrentPeb()
1448
1449
1450	/** @} */
1451
1452
1453	#ifdef IPRT_NT_USE_WINTERNL
1454	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1455	typedef enum _SECTION_INHERIT
1456	{
1457	ViewShare = 1,
1458	ViewUnmap
1459	} SECTION_INHERIT;
1460	#endif
1461	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1462	ULONG, ULONG);
1463	NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1464	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1465
1466	#ifdef IPRT_NT_USE_WINTERNL
1467	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1468	{
1469	ULONG FileSystemAttributes;
1470	LONG MaximumComponentNameLength;
1471	ULONG FileSystemNameLength;
1472	WCHAR FileSystemName[1];
1473	} FILE_FS_ATTRIBUTE_INFORMATION;
1474	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1475
1476	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1477	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1478	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1479	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1480
1481	typedef enum _FSINFOCLASS
1482	{
1483	FileFsVolumeInformation = 1,
1484	FileFsLabelInformation,
1485	FileFsSizeInformation,
1486	FileFsDeviceInformation,
1487	FileFsAttributeInformation,
1488	FileFsControlInformation,
1489	FileFsFullSizeInformation,
1490	FileFsObjectIdInformation,
1491	FileFsDriverPathInformation,
1492	FileFsVolumeFlagsInformation,
1493	FileFsSectorSizeInformation,
1494	FileFsDataCopyInformation,
1495	FileFsMaximumInformation
1496	} FS_INFORMATION_CLASS;
1497	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1498	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1499
1500	typedef struct _FILE_BOTH_DIR_INFORMATION
1501	{
1502	ULONG NextEntryOffset;
1503	ULONG FileIndex;
1504	LARGE_INTEGER CreationTime;
1505	LARGE_INTEGER LastAccessTime;
1506	LARGE_INTEGER LastWriteTime;
1507	LARGE_INTEGER ChangeTime;
1508	LARGE_INTEGER EndOfFile;
1509	LARGE_INTEGER AllocationSize;
1510	ULONG FileAttributes;
1511	ULONG FileNameLength;
1512	ULONG EaSize;
1513	CCHAR ShortNameLength;
1514	WCHAR ShortName[12];
1515	WCHAR FileName[1];
1516	} FILE_BOTH_DIR_INFORMATION;
1517	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1518	typedef struct _FILE_BASIC_INFORMATION
1519	{
1520	LARGE_INTEGER CreationTime;
1521	LARGE_INTEGER LastAccessTime;
1522	LARGE_INTEGER LastWriteTime;
1523	LARGE_INTEGER ChangeTime;
1524	ULONG FileAttributes;
1525	} FILE_BASIC_INFORMATION;
1526	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1527	typedef struct _FILE_STANDARD_INFORMATION
1528	{
1529	LARGE_INTEGER AllocationSize;
1530	LARGE_INTEGER EndOfFile;
1531	ULONG NumberOfLinks;
1532	BOOLEAN DeletePending;
1533	BOOLEAN Directory;
1534	} FILE_STANDARD_INFORMATION;
1535	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1536	typedef struct _FILE_NAME_INFORMATION
1537	{
1538	ULONG FileNameLength;
1539	WCHAR FileName[1];
1540	} FILE_NAME_INFORMATION;
1541	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1542	typedef struct _FILE_NETWORK_OPEN_INFORMATION
1543	{
1544	LARGE_INTEGER CreationTime;
1545	LARGE_INTEGER LastAccessTime;
1546	LARGE_INTEGER LastWriteTime;
1547	LARGE_INTEGER ChangeTime;
1548	LARGE_INTEGER AllocationSize;
1549	LARGE_INTEGER EndOfFile;
1550	ULONG FileAttributes;
1551	} FILE_NETWORK_OPEN_INFORMATION;
1552	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1553	typedef enum _FILE_INFORMATION_CLASS
1554	{
1555	FileDirectoryInformation = 1,
1556	FileFullDirectoryInformation,
1557	FileBothDirectoryInformation,
1558	FileBasicInformation,
1559	FileStandardInformation,
1560	FileInternalInformation,
1561	FileEaInformation,
1562	FileAccessInformation,
1563	FileNameInformation,
1564	FileRenameInformation,
1565	FileLinkInformation,
1566	FileNamesInformation,
1567	FileDispositionInformation,
1568	FilePositionInformation,
1569	FileFullEaInformation,
1570	FileModeInformation,
1571	FileAlignmentInformation,
1572	FileAllInformation,
1573	FileAllocationInformation,
1574	FileEndOfFileInformation,
1575	FileAlternateNameInformation,
1576	FileStreamInformation,
1577	FilePipeInformation,
1578	FilePipeLocalInformation,
1579	FilePipeRemoteInformation,
1580	FileMailslotQueryInformation,
1581	FileMailslotSetInformation,
1582	FileCompressionInformation,
1583	FileObjectIdInformation,
1584	FileCompletionInformation,
1585	FileMoveClusterInformation,
1586	FileQuotaInformation,
1587	FileReparsePointInformation,
1588	FileNetworkOpenInformation,
1589	FileAttributeTagInformation,
1590	FileTrackingInformation,
1591	FileIdBothDirectoryInformation,
1592	FileIdFullDirectoryInformation,
1593	FileValidDataLengthInformation,
1594	FileShortNameInformation,
1595	FileIoCompletionNotificationInformation,
1596	FileIoStatusBlockRangeInformation,
1597	FileIoPriorityHintInformation,
1598	FileSfioReserveInformation,
1599	FileSfioVolumeInformation,
1600	FileHardLinkInformation,
1601	FileProcessIdsUsingFileInformation,
1602	FileNormalizedNameInformation,
1603	FileNetworkPhysicalNameInformation,
1604	FileIdGlobalTxDirectoryInformation,
1605	FileIsRemoteDeviceInformation,
1606	FileUnusedInformation,
1607	FileNumaNodeInformation,
1608	FileStandardLinkInformation,
1609	FileRemoteProtocolInformation,
1610	FileRenameInformationBypassAccessCheck,
1611	FileLinkInformationBypassAccessCheck,
1612	FileVolumeNameInformation,
1613	FileIdInformation,
1614	FileIdExtdDirectoryInformation,
1615	FileReplaceCompletionInformation,
1616	FileHardLinkFullIdInformation,
1617	FileMaximumInformation
1618	} FILE_INFORMATION_CLASS;
1619	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1620	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1621	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1622	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1623	NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1624	#endif /* IPRT_NT_USE_WINTERNL */
1625	NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1626	NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1627
1628	#ifdef IPRT_NT_USE_WINTERNL
1629
1630	/** For use with KeyBasicInformation. */
1631	typedef struct _KEY_BASIC_INFORMATION
1632	{
1633	LARGE_INTEGER LastWriteTime;
1634	ULONG TitleIndex;
1635	ULONG NameLength;
1636	WCHAR Name[1];
1637	} KEY_BASIC_INFORMATION;
1638	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1639
1640	/** For use with KeyNodeInformation. */
1641	typedef struct _KEY_NODE_INFORMATION
1642	{
1643	LARGE_INTEGER LastWriteTime;
1644	ULONG TitleIndex;
1645	ULONG ClassOffset; /*< Offset from the start of the structure. /
1646	ULONG ClassLength;
1647	ULONG NameLength;
1648	WCHAR Name[1];
1649	} KEY_NODE_INFORMATION;
1650	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1651
1652	/** For use with KeyFullInformation. */
1653	typedef struct _KEY_FULL_INFORMATION
1654	{
1655	LARGE_INTEGER LastWriteTime;
1656	ULONG TitleIndex;
1657	ULONG ClassOffset; /*< Offset of the Class member. /
1658	ULONG ClassLength;
1659	ULONG SubKeys;
1660	ULONG MaxNameLen;
1661	ULONG MaxClassLen;
1662	ULONG Values;
1663	ULONG MaxValueNameLen;
1664	ULONG MaxValueDataLen;
1665	WCHAR Class[1];
1666	} KEY_FULL_INFORMATION;
1667	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1668
1669	/** For use with KeyNameInformation. */
1670	typedef struct _KEY_NAME_INFORMATION
1671	{
1672	ULONG NameLength;
1673	WCHAR Name[1];
1674	} KEY_NAME_INFORMATION;
1675	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1676
1677	/** For use with KeyCachedInformation. */
1678	typedef struct _KEY_CACHED_INFORMATION
1679	{
1680	LARGE_INTEGER LastWriteTime;
1681	ULONG TitleIndex;
1682	ULONG SubKeys;
1683	ULONG MaxNameLen;
1684	ULONG Values;
1685	ULONG MaxValueNameLen;
1686	ULONG MaxValueDataLen;
1687	ULONG NameLength;
1688	} KEY_CACHED_INFORMATION;
1689	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1690
1691	/** For use with KeyVirtualizationInformation. */
1692	typedef struct _KEY_VIRTUALIZATION_INFORMATION
1693	{
1694	ULONG VirtualizationCandidate : 1;
1695	ULONG VirtualizationEnabled : 1;
1696	ULONG VirtualTarget : 1;
1697	ULONG VirtualStore : 1;
1698	ULONG VirtualSource : 1;
1699	ULONG Reserved : 27;
1700	} KEY_VIRTUALIZATION_INFORMATION;
1701	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1702
1703	typedef enum _KEY_INFORMATION_CLASS
1704	{
1705	KeyBasicInformation = 0,
1706	KeyNodeInformation,
1707	KeyFullInformation,
1708	KeyNameInformation,
1709	KeyCachedInformation,
1710	KeyFlagsInformation,
1711	KeyVirtualizationInformation,
1712	KeyHandleTagsInformation,
1713	MaxKeyInfoClass
1714	} KEY_INFORMATION_CLASS;
1715	NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1716	NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1717
1718	typedef struct _MEMORY_SECTION_NAME
1719	{
1720	UNICODE_STRING SectionFileName;
1721	WCHAR NameBuffer[1];
1722	} MEMORY_SECTION_NAME;
1723
1724	#ifdef IPRT_NT_USE_WINTERNL
1725	typedef struct _PROCESS_BASIC_INFORMATION
1726	{
1727	NTSTATUS ExitStatus;
1728	PPEB PebBaseAddress;
1729	ULONG_PTR AffinityMask;
1730	int32_t BasePriority;
1731	ULONG_PTR UniqueProcessId;
1732	ULONG_PTR InheritedFromUniqueProcessId;
1733	} PROCESS_BASIC_INFORMATION;
1734	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1735	#endif
1736
1737	typedef enum _PROCESSINFOCLASS
1738	{
1739	ProcessBasicInformation = 0, /*< 0 / 0x00 /
1740	ProcessQuotaLimits, /*< 1 / 0x01 /
1741	ProcessIoCounters, /*< 2 / 0x02 /
1742	ProcessVmCounters, /*< 3 / 0x03 /
1743	ProcessTimes, /*< 4 / 0x04 /
1744	ProcessBasePriority, /*< 5 / 0x05 /
1745	ProcessRaisePriority, /*< 6 / 0x06 /
1746	ProcessDebugPort, /*< 7 / 0x07 /
1747	ProcessExceptionPort, /*< 8 / 0x08 /
1748	ProcessAccessToken, /*< 9 / 0x09 /
1749	ProcessLdtInformation, /*< 10 / 0x0a /
1750	ProcessLdtSize, /*< 11 / 0x0b /
1751	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
1752	ProcessIoPortHandlers, /*< 13 / 0x0d /
1753	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
1754	ProcessWorkingSetWatch, /*< 15 / 0x0f /
1755	ProcessUserModeIOPL, /*< 16 / 0x10 /
1756	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
1757	ProcessPriorityClass, /*< 18 / 0x12 /
1758	ProcessWx86Information, /*< 19 / 0x13 /
1759	ProcessHandleCount, /*< 20 / 0x14 /
1760	ProcessAffinityMask, /*< 21 / 0x15 /
1761	ProcessPriorityBoost, /*< 22 / 0x16 /
1762	ProcessDeviceMap, /*< 23 / 0x17 /
1763	ProcessSessionInformation, /*< 24 / 0x18 /
1764	ProcessForegroundInformation, /*< 25 / 0x19 /
1765	ProcessWow64Information, /*< 26 / 0x1a /
1766	ProcessImageFileName, /*< 27 / 0x1b /
1767	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
1768	ProcessBreakOnTermination, /*< 29 / 0x1d /
1769	ProcessDebugObjectHandle, /*< 30 / 0x1e /
1770	ProcessDebugFlags, /*< 31 / 0x1f /
1771	ProcessHandleTracing, /*< 32 / 0x20 /
1772	ProcessIoPriority, /*< 33 / 0x21 /
1773	ProcessExecuteFlags, /*< 34 / 0x22 /
1774	ProcessTlsInformation, /*< 35 / 0x23 /
1775	ProcessCookie, /*< 36 / 0x24 /
1776	ProcessImageInformation, /*< 37 / 0x25 /
1777	ProcessCycleTime, /*< 38 / 0x26 /
1778	ProcessPagePriority, /*< 39 / 0x27 /
1779	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
1780	ProcessThreadStackAllocation, /*< 41 / 0x29 /
1781	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
1782	ProcessImageFileNameWin32, /*< 43 / 0x2b /
1783	ProcessImageFileMapping, /*< 44 / 0x2c /
1784	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
1785	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
1786	ProcessGroupInformation, /*< 47 / 0x2f /
1787	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
1788	ProcessConsoleHostProcess, /*< 49 / 0x31 /
1789	ProcessWindowsInformation, /*< 50 / 0x32 /
1790	ProcessUnknown51,
1791	ProcessUnknown52,
1792	ProcessUnknown53,
1793	ProcessUnknown54,
1794	ProcessUnknown55,
1795	ProcessUnknown56,
1796	ProcessUnknown57,
1797	ProcessUnknown58,
1798	ProcessUnknown59,
1799	ProcessUnknown60,
1800	ProcessUnknown61,
1801	ProcessUnknown62,
1802	ProcessUnknown63,
1803	ProcessUnknown64,
1804	ProcessUnknown65,
1805	ProcessUnknown66,
1806	ProcessMaybe_KeSetCpuSetsProcess, /*< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. /
1807	MaxProcessInfoClass /*< 68 / 0x44 /
1808	} PROCESSINFOCLASS;
1809	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1810
1811	typedef enum _THREADINFOCLASS
1812	{
1813	ThreadBasicInformation = 0,
1814	ThreadTimes,
1815	ThreadPriority,
1816	ThreadBasePriority,
1817	ThreadAffinityMask,
1818	ThreadImpersonationToken,
1819	ThreadDescriptorTableEntry,
1820	ThreadEnableAlignmentFaultFixup,
1821	ThreadEventPair_Reusable,
1822	ThreadQuerySetWin32StartAddress,
1823	ThreadZeroTlsCell,
1824	ThreadPerformanceCount,
1825	ThreadAmILastThread,
1826	ThreadIdealProcessor,
1827	ThreadPriorityBoost,
1828	ThreadSetTlsArrayAddress,
1829	ThreadIsIoPending,
1830	ThreadHideFromDebugger,
1831	ThreadBreakOnTermination,
1832	ThreadSwitchLegacyState,
1833	ThreadIsTerminated,
1834	ThreadLastSystemCall,
1835	ThreadIoPriority,
1836	ThreadCycleTime,
1837	ThreadPagePriority,
1838	ThreadActualBasePriority,
1839	ThreadTebInformation,
1840	ThreadCSwitchMon,
1841	ThreadCSwitchPmu,
1842	ThreadWow64Context,
1843	ThreadGroupInformation,
1844	ThreadUmsInformation,
1845	ThreadCounterProfiling,
1846	ThreadIdealProcessorEx,
1847	ThreadCpuAccountingInformation,
1848	MaxThreadInfoClass
1849	} THREADINFOCLASS;
1850	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1851
1852	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1853
1854	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1855	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1856	NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1857
1858	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1859	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1860
1861	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1862	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1863	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1864	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1865	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1866	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1867	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1868	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1869	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1870
1871	#endif /* IPRT_NT_USE_WINTERNL */
1872
1873	typedef enum _OBJECT_INFORMATION_CLASS
1874	{
1875	ObjectBasicInformation = 0,
1876	ObjectNameInformation,
1877	ObjectTypeInformation,
1878	ObjectAllInformation,
1879	ObjectDataInformation
1880	} OBJECT_INFORMATION_CLASS;
1881	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1882	#ifdef IN_RING0
1883	# define NtQueryObject ZwQueryObject
1884	#endif
1885	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1886	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1887	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1888
1889	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1890
1891	typedef struct _OBJECT_DIRECTORY_INFORMATION
1892	{
1893	UNICODE_STRING Name;
1894	UNICODE_STRING TypeName;
1895	} OBJECT_DIRECTORY_INFORMATION;
1896	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1897	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1898
1899	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1900	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1901	/** @name ProcessDefaultHardErrorMode bit definitions.
1902	* @{ */
1903	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1904	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1905	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1906	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1907	/** @} */
1908	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1909	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1910
1911	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1912	typedef struct _SECTION_IMAGE_INFORMATION
1913	{
1914	PVOID TransferAddress;
1915	ULONG ZeroBits;
1916	SIZE_T MaximumStackSize;
1917	SIZE_T CommittedStackSize;
1918	ULONG SubSystemType;
1919	union
1920	{
1921	struct
1922	{
1923	USHORT SubSystemMinorVersion;
1924	USHORT SubSystemMajorVersion;
1925	};
1926	ULONG SubSystemVersion;
1927	};
1928	ULONG GpValue;
1929	USHORT ImageCharacteristics;
1930	USHORT DllCharacteristics;
1931	USHORT Machine;
1932	BOOLEAN ImageContainsCode;
1933	union /*< Since Vista, used to be a spare BOOLEAN. /
1934	{
1935	struct
1936	{
1937	UCHAR ComPlusNativeRead : 1;
1938	UCHAR ComPlusILOnly : 1;
1939	UCHAR ImageDynamicallyRelocated : 1;
1940	UCHAR ImageMAppedFlat : 1;
1941	UCHAR Reserved : 4;
1942	};
1943	UCHAR ImageFlags;
1944	};
1945	ULONG LoaderFlags;
1946	ULONG ImageFileSize; /*< Since XP? /
1947	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1948	} SECTION_IMAGE_INFORMATION;
1949	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1950
1951	typedef enum _SECTION_INFORMATION_CLASS
1952	{
1953	SectionBasicInformation = 0,
1954	SectionImageInformation,
1955	MaxSectionInfoClass
1956	} SECTION_INFORMATION_CLASS;
1957	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1958
1959	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1960	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1961	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1962	#ifndef SYMBOLIC_LINK_QUERY
1963	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1964	#endif
1965	#ifndef SYMBOLIC_LINK_ALL_ACCESS
1966	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
1967	#endif
1968
1969	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1970	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1971	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1972	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1973	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1974	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1975
1976
1977	#ifndef SEC_FILE
1978	# define SEC_FILE UINT32_C(0x00800000)
1979	#endif
1980	#ifndef SEC_IMAGE
1981	# define SEC_IMAGE UINT32_C(0x01000000)
1982	#endif
1983	#ifndef SEC_PROTECTED_IMAGE
1984	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1985	#endif
1986	#ifndef SEC_NOCACHE
1987	# define SEC_NOCACHE UINT32_C(0x10000000)
1988	#endif
1989	#ifndef MEM_ROTATE
1990	# define MEM_ROTATE UINT32_C(0x00800000)
1991	#endif
1992	typedef enum _MEMORY_INFORMATION_CLASS
1993	{
1994	MemoryBasicInformation = 0,
1995	MemoryWorkingSetList,
1996	MemorySectionName,
1997	MemoryBasicVlmInformation
1998	} MEMORY_INFORMATION_CLASS;
1999	#ifdef IN_RING0
2000	typedef struct _MEMORY_BASIC_INFORMATION
2001	{
2002	PVOID BaseAddress;
2003	PVOID AllocationBase;
2004	ULONG AllocationProtect;
2005	SIZE_T RegionSize;
2006	ULONG State;
2007	ULONG Protect;
2008	ULONG Type;
2009	} MEMORY_BASIC_INFORMATION;
2010	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2011	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2012	#endif
2013	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2014	#ifdef IPRT_NT_USE_WINTERNL
2015	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2016	#endif
2017	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2018	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2019
2020	typedef enum _SYSTEM_INFORMATION_CLASS
2021	{
2022	SystemBasicInformation = 0,
2023	SystemCpuInformation,
2024	SystemPerformanceInformation,
2025	SystemTimeOfDayInformation,
2026	SystemInformation_Unknown_4,
2027	SystemProcessInformation,
2028	SystemInformation_Unknown_6,
2029	SystemInformation_Unknown_7,
2030	SystemProcessorPerformanceInformation,
2031	SystemInformation_Unknown_9,
2032	SystemInformation_Unknown_10,
2033	SystemModuleInformation,
2034	SystemInformation_Unknown_12,
2035	SystemInformation_Unknown_13,
2036	SystemInformation_Unknown_14,
2037	SystemInformation_Unknown_15,
2038	SystemHandleInformation,
2039	SystemInformation_Unknown_17,
2040	SystemPageFileInformation,
2041	SystemInformation_Unknown_19,
2042	SystemInformation_Unknown_20,
2043	SystemCacheInformation,
2044	SystemInformation_Unknown_22,
2045	SystemInterruptInformation,
2046	SystemDpcBehaviourInformation,
2047	SystemFullMemoryInformation,
2048	SystemLoadGdiDriverInformation, /* 26 */
2049	SystemUnloadGdiDriverInformation, /* 27 */
2050	SystemTimeAdjustmentInformation,
2051	SystemSummaryMemoryInformation,
2052	SystemInformation_Unknown_30,
2053	SystemInformation_Unknown_31,
2054	SystemInformation_Unknown_32,
2055	SystemExceptionInformation,
2056	SystemCrashDumpStateInformation,
2057	SystemKernelDebuggerInformation,
2058	SystemContextSwitchInformation,
2059	SystemRegistryQuotaInformation,
2060	SystemInformation_Unknown_38,
2061	SystemInformation_Unknown_39,
2062	SystemInformation_Unknown_40,
2063	SystemInformation_Unknown_41,
2064	SystemInformation_Unknown_42,
2065	SystemInformation_Unknown_43,
2066	SystemCurrentTimeZoneInformation,
2067	SystemLookasideInformation,
2068	SystemSetTimeSlipEvent,
2069	SystemCreateSession,
2070	SystemDeleteSession,
2071	SystemInformation_Unknown_49,
2072	SystemRangeStartInformation,
2073	SystemVerifierInformation,
2074	SystemInformation_Unknown_52,
2075	SystemSessionProcessInformation,
2076	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2077	SystemInformation_Unknown_55,
2078	SystemInformation_Unknown_56,
2079	SystemExtendedProcessInformation,
2080	SystemInformation_Unknown_58,
2081	SystemInformation_Unknown_59,
2082	SystemInformation_Unknown_60,
2083	SystemInformation_Unknown_61,
2084	SystemInformation_Unknown_62,
2085	SystemInformation_Unknown_63,
2086	SystemExtendedHandleInformation, /* 64 */
2087	SystemInformation_Unknown_65,
2088	SystemInformation_Unknown_66,
2089	SystemInformation_Unknown_67,
2090	SystemInformation_Unknown_68,
2091	SystemInformation_HotPatchInfo, /* 69 */
2092	SystemInformation_Unknown_70,
2093	SystemInformation_Unknown_71,
2094	SystemInformation_Unknown_72,
2095	SystemInformation_Unknown_73,
2096	SystemInformation_Unknown_74,
2097	SystemInformation_Unknown_75,
2098	SystemInformation_Unknown_76,
2099	SystemInformation_Unknown_77,
2100	SystemInformation_Unknown_78,
2101	SystemInformation_Unknown_79,
2102	SystemInformation_Unknown_80,
2103	SystemInformation_Unknown_81,
2104	SystemInformation_Unknown_82,
2105	SystemInformation_Unknown_83,
2106	SystemInformation_Unknown_84,
2107	SystemInformation_Unknown_85,
2108	SystemInformation_Unknown_86,
2109	SystemInformation_Unknown_87,
2110	SystemInformation_Unknown_88,
2111	SystemInformation_Unknown_89,
2112	SystemInformation_Unknown_90,
2113	SystemInformation_Unknown_91,
2114	SystemInformation_Unknown_92,
2115	SystemInformation_Unknown_93,
2116	SystemInformation_Unknown_94,
2117	SystemInformation_Unknown_95,
2118	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2119	SystemInformation_Unknown_97,
2120	SystemInformation_Unknown_98,
2121	SystemInformation_Unknown_99,
2122	SystemInformation_Unknown_100,
2123	SystemInformation_Unknown_101,
2124	SystemInformation_Unknown_102,
2125	SystemInformation_Unknown_103,
2126	SystemInformation_Unknown_104,
2127	SystemInformation_Unknown_105,
2128	SystemInformation_Unknown_107,
2129	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2130
2131	/** @todo fill gap. they've added a whole bunch of things */
2132	SystemPolicyInformation = 134,
2133	SystemInformationClassMax
2134	} SYSTEM_INFORMATION_CLASS;
2135
2136	#ifdef IPRT_NT_USE_WINTERNL
2137	typedef struct _VM_COUNTERS
2138	{
2139	SIZE_T PeakVirtualSize;
2140	SIZE_T VirtualSize;
2141	ULONG PageFaultCount;
2142	SIZE_T PeakWorkingSetSize;
2143	SIZE_T WorkingSetSize;
2144	SIZE_T QuotaPeakPagedPoolUsage;
2145	SIZE_T QuotaPagedPoolUsage;
2146	SIZE_T QuotaPeakNonPagedPoolUsage;
2147	SIZE_T QuotaNonPagedPoolUsage;
2148	SIZE_T PagefileUsage;
2149	SIZE_T PeakPagefileUsage;
2150	} VM_COUNTERS;
2151	typedef VM_COUNTERS *PVM_COUNTERS;
2152	#endif
2153
2154	#if 0
2155	typedef struct _IO_COUNTERS
2156	{
2157	ULONGLONG ReadOperationCount;
2158	ULONGLONG WriteOperationCount;
2159	ULONGLONG OtherOperationCount;
2160	ULONGLONG ReadTransferCount;
2161	ULONGLONG WriteTransferCount;
2162	ULONGLONG OtherTransferCount;
2163	} IO_COUNTERS;
2164	typedef IO_COUNTERS *PIO_COUNTERS;
2165	#endif
2166
2167	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2168	{
2169	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
2170	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
2171	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
2172	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
2173	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
2174	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
2175	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
2176	int32_t BasePriority; /*< 0x40 / 0x48 /
2177	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
2178	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
2179	ULONG HandleCount; /*< 0x4c / 0x60 /
2180	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
2181	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
2182	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
2183	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
2184	/* After this follows the threads, then the ProcessName.Buffer. */
2185	} RTNT_SYSTEM_PROCESS_INFORMATION;
2186	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2187	#ifndef IPRT_NT_USE_WINTERNL
2188	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2189	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2190	#endif
2191
2192	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2193	{
2194	USHORT UniqueProcessId;
2195	USHORT CreatorBackTraceIndex;
2196	UCHAR ObjectTypeIndex;
2197	UCHAR HandleAttributes;
2198	USHORT HandleValue;
2199	PVOID Object;
2200	ULONG GrantedAccess;
2201	} SYSTEM_HANDLE_ENTRY_INFO;
2202	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2203
2204	/** Returned by SystemHandleInformation */
2205	typedef struct _SYSTEM_HANDLE_INFORMATION
2206	{
2207	ULONG NumberOfHandles;
2208	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2209	} SYSTEM_HANDLE_INFORMATION;
2210	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2211
2212	/** Extended handle information entry.
2213	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2214	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2215	{
2216	PVOID Object;
2217	HANDLE UniqueProcessId;
2218	HANDLE HandleValue;
2219	ACCESS_MASK GrantedAccess;
2220	USHORT CreatorBackTraceIndex;
2221	USHORT ObjectTypeIndex;
2222	ULONG HandleAttributes;
2223	ULONG Reserved;
2224	} SYSTEM_HANDLE_ENTRY_INFO_EX;
2225	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2226
2227	/** Returned by SystemExtendedHandleInformation. */
2228	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2229	{
2230	ULONG_PTR NumberOfHandles;
2231	ULONG_PTR Reserved;
2232	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2233	} SYSTEM_HANDLE_INFORMATION_EX;
2234	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2235
2236	/** Input to SystemSessionProcessInformation. */
2237	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2238	{
2239	ULONG SessionId;
2240	ULONG BufferLength;
2241	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2242	PVOID Buffer;
2243	} SYSTEM_SESSION_PROCESS_INFORMATION;
2244	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2245
2246	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2247
2248	NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2249	NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2250
2251	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2252	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2253	#ifndef IPRT_NT_USE_WINTERNL
2254	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2255	#endif
2256	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2257	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2258	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2259
2260	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2261
2262	#ifdef IPRT_NT_USE_WINTERNL
2263	typedef enum _EVENT_TYPE
2264	{
2265	/* Manual reset event. */
2266	NotificationEvent = 0,
2267	/* Automaitc reset event. */
2268	SynchronizationEvent
2269	} EVENT_TYPE;
2270	#endif
2271	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2272	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2273	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2274	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2275	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2276	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2277	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2278	typedef enum _EVENT_INFORMATION_CLASS
2279	{
2280	EventBasicInformation = 0
2281	} EVENT_INFORMATION_CLASS;
2282	/** Data returned by NtQueryEvent + EventBasicInformation. */
2283	typedef struct EVENT_BASIC_INFORMATION
2284	{
2285	EVENT_TYPE EventType;
2286	ULONG EventState;
2287	} EVENT_BASIC_INFORMATION;
2288	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2289	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2290
2291	#ifdef IPRT_NT_USE_WINTERNL
2292	/** For NtQueryValueKey. */
2293	typedef enum _KEY_VALUE_INFORMATION_CLASS
2294	{
2295	KeyValueBasicInformation = 0,
2296	KeyValueFullInformation,
2297	KeyValuePartialInformation,
2298	KeyValueFullInformationAlign64,
2299	KeyValuePartialInformationAlign64
2300	} KEY_VALUE_INFORMATION_CLASS;
2301
2302	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2303	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2304	{
2305	ULONG TitleIndex;
2306	ULONG Type;
2307	ULONG DataLength;
2308	UCHAR Data[1];
2309	} KEY_VALUE_PARTIAL_INFORMATION;
2310	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2311	#endif
2312	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2313	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2314
2315
2316	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2317
2318
2319	typedef struct _CURDIR
2320	{
2321	UNICODE_STRING DosPath;
2322	HANDLE Handle;
2323	} CURDIR;
2324	typedef CURDIR *PCURDIR;
2325
2326	typedef struct _RTL_DRIVE_LETTER_CURDIR
2327	{
2328	USHORT Flags;
2329	USHORT Length;
2330	ULONG TimeStamp;
2331	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
2332	} RTL_DRIVE_LETTER_CURDIR;
2333	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2334
2335	typedef struct _RTL_USER_PROCESS_PARAMETERS
2336	{
2337	ULONG MaximumLength;
2338	ULONG Length;
2339	ULONG Flags;
2340	ULONG DebugFlags;
2341	HANDLE ConsoleHandle;
2342	ULONG ConsoleFlags;
2343	HANDLE StandardInput;
2344	HANDLE StandardOutput;
2345	HANDLE StandardError;
2346	CURDIR CurrentDirectory;
2347	UNICODE_STRING DllPath;
2348	UNICODE_STRING ImagePathName;
2349	UNICODE_STRING CommandLine;
2350	PWSTR Environment;
2351	ULONG StartingX;
2352	ULONG StartingY;
2353	ULONG CountX;
2354	ULONG CountY;
2355	ULONG CountCharsX;
2356	ULONG CountCharsY;
2357	ULONG FillAttribute;
2358	ULONG WindowFlags;
2359	ULONG ShowWindowFlags;
2360	UNICODE_STRING WindowTitle;
2361	UNICODE_STRING DesktopInfo;
2362	UNICODE_STRING ShellInfo;
2363	UNICODE_STRING RuntimeInfo;
2364	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2365	SIZE_T EnvironmentSize; /*< Added in Vista /
2366	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
2367	PVOID PackageDependencyData; /*< Added Windows 8? /
2368	ULONG ProcessGroupId; /*< Added Windows 8? /
2369	} RTL_USER_PROCESS_PARAMETERS;
2370	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2371	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2372
2373	typedef struct _RTL_USER_PROCESS_INFORMATION
2374	{
2375	ULONG Size;
2376	HANDLE ProcessHandle;
2377	HANDLE ThreadHandle;
2378	CLIENT_ID ClientId;
2379	SECTION_IMAGE_INFORMATION ImageInformation;
2380	} RTL_USER_PROCESS_INFORMATION;
2381	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2382
2383
2384	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2385	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2386	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2387	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2388	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2389	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2390	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2391	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2392	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2393	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2394
2395	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2396	typedef struct _RTL_CRITICAL_SECTION
2397	{
2398	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2399	LONG LockCount;
2400	LONG Recursioncount;
2401	HANDLE OwningThread;
2402	HANDLE LockSemaphore;
2403	ULONG_PTR SpinCount;
2404	} RTL_CRITICAL_SECTION;
2405	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2406	#endif
2407
2408	/NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);/
2409
2410	/** @def RTL_QUERY_REGISTRY_TYPECHECK
2411	* WDK 8.1+, backported in updates, ignored in older. */
2412	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
2413	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2414	#endif
2415	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2416	* WDK 8.1+, backported in updates, ignored in older. */
2417	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
2418	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2419	#endif
2420
2421
2422	RT_C_DECLS_END
2423	/** @} */
2424
2425
2426	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
2427	/** @name NT Kernel APIs
2428	* @{ */
2429	RT_C_DECLS_BEGIN
2430
2431	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
2432
2433	NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2434	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2435	NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2436	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2437	NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2438	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2439	NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2440	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2441	NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2442	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2443	NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2444	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2445	NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2446	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2447	NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2448	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2449	NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2450	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2451	NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2452	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2453	/** Works like anding the complemented subtrahend with the minuend. */
2454	NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2455	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2456	NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2457	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2458	NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2459	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2460	NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2461	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2462	NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2463	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2464	NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2465	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2466	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2467	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
2468	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
2469	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
2470	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2471	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2472	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2473	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2474	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
2475	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2476	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
2477	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2478	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2479	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
2480	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2481	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
2482
2483	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2484	PVOID pvOptionalConditions, PHANDLE phFound);
2485	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2486	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2487	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2488	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2489	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2490	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2491	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2492	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
2493	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
2494
2495	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2496	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2497
2498	RT_C_DECLS_END
2499	/** @ */
2500	#endif /* IN_RING0 */
2501
2502
2503	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
2504	/** @name NT Userland APIs
2505	* @{ */
2506	RT_C_DECLS_BEGIN
2507
2508	#if 0 /** @todo figure this out some time... */
2509	typedef struct CSR_MSG_DATA_CREATED_PROCESS
2510	{
2511	HANDLE hProcess;
2512	HANDLE hThread;
2513	CLIENT_ID
2514	DWORD idProcess;
2515	DWORD idThread;
2516	DWORD fCreate;
2517
2518	} CSR_MSG_DATA_CREATED_PROCESS;
2519
2520	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2521	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2522	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2523	#endif
2524
2525	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2526
2527	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2528	{
2529	ULONG Flags;
2530	PCUNICODE_STRING FullDllName;
2531	PCUNICODE_STRING BaseDllName;
2532	PVOID DllBase;
2533	ULONG SizeOfImage;
2534	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2535	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2536	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2537
2538	typedef union _LDR_DLL_NOTIFICATION_DATA
2539	{
2540	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2541	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2542	} LDR_DLL_NOTIFICATION_DATA;
2543	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2544	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2545
2546	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2547
2548	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2549	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2550	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2551	PVOID *pvCookie);
2552	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
2553	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2554	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2555
2556	NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2557	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2558	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2559	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2560	NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2561	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2562	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2563	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2564	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2565	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2566	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2567	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2568	/** @since Windows XP. */
2569	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2570	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2571	/** @since Windows XP. */
2572	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2573	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2574	/** @since Windows 7. */
2575	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2576	/** @since Windows 7. */
2577	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2578	/** @since Windows 7. */
2579	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2580	OUT PHANDLE phDll);
2581	/** @since Windows 7. */
2582	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2583	OUT PHANDLE phDll);
2584	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2585	NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2586	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2587	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2588	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2589	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2590	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2591	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2592	/** @since Windows Vista. */
2593	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2594	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2595	/** @since Windows Vista. */
2596	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
2597	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2598	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2599	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2600	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2601	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2602	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2603	/** @since Windows XP. */
2604	NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2605	/** @since Windows XP. */
2606	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
2607	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2608	/** @since Windows XP. */
2609	NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2610	/** @since Windows XP. */
2611	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2612
2613	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2614	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
2615	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2616	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2617	IN PCUNICODE_STRING pOrgName,
2618	IN PUNICODE_STRING pDefaultSuffix,
2619	IN OUT PUNICODE_STRING pStaticString,
2620	IN OUT PUNICODE_STRING pDynamicString,
2621	IN OUT PUNICODE_STRING *ppResultString,
2622	IN PULONG pfNewFlags OPTIONAL,
2623	IN PSIZE_T pcbFilename OPTIONAL,
2624	IN PSIZE_T pcbNeeded OPTIONAL);
2625
2626	# ifdef IPRT_NT_USE_WINTERNL
2627	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2628	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2629	typedef struct _RTL_HEAP_PARAMETERS
2630	{
2631	ULONG Length;
2632	SIZE_T SegmentReserve;
2633	SIZE_T SegmentCommit;
2634	SIZE_T DeCommitFreeBlockThreshold;
2635	SIZE_T DeCommitTotalFreeThreshold;
2636	SIZE_T MaximumAllocationSize;
2637	SIZE_T VirtualMemoryThreshold;
2638	SIZE_T InitialCommit;
2639	SIZE_T InitialReserve;
2640	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2641	SIZE_T Reserved[2];
2642	} RTL_HEAP_PARAMETERS;
2643	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2644	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2645	PRTL_HEAP_PARAMETERS pParameters);
2646	/** @name Heap flags (for RtlCreateHeap).
2647	* @{ */
2648	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2649	# define HEAP_GROWABLE UINT32_C(0x00000002)
2650	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2651	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2652	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2653	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2654	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2655	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2656	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2657	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2658	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2659	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2660	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2661	# define HEAP_CLASS_0 UINT32_C(0x00000000)
2662	# define HEAP_CLASS_1 UINT32_C(0x00001000)
2663	# define HEAP_CLASS_2 UINT32_C(0x00002000)
2664	# define HEAP_CLASS_3 UINT32_C(0x00003000)
2665	# define HEAP_CLASS_4 UINT32_C(0x00004000)
2666	# define HEAP_CLASS_5 UINT32_C(0x00005000)
2667	# define HEAP_CLASS_6 UINT32_C(0x00006000)
2668	# define HEAP_CLASS_7 UINT32_C(0x00007000)
2669	# define HEAP_CLASS_8 UINT32_C(0x00008000)
2670	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2671	# endif
2672	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2673	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2674	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2675	# define HEAP_CLASS_GDI HEAP_CLASS_3
2676	# define HEAP_CLASS_USER HEAP_CLASS_4
2677	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2678	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2679	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2680	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2681	# ifdef IPRT_NT_USE_WINTERNL
2682	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2683	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2684	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2685	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2686	# endif /* IPRT_NT_USE_WINTERNL */
2687	/** @} */
2688	# ifdef IPRT_NT_USE_WINTERNL
2689	/** @name Heap tagging constants
2690	* @{ */
2691	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2692	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2693	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2694	# define HEAP_TAG_SHIFT 18 */
2695	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2696	/** @} */
2697	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2698	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2699	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2700	# endif /* IPRT_NT_USE_WINTERNL */
2701	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2702	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2703	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2704	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2705	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2706	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2707	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2708	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2709	NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2710	NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2711	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2712
2713	RT_C_DECLS_END
2714	/** @} */
2715	#endif /* IN_RING3 */
2716
2717	#endif
2718

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 64638

Download in other formats: