nt.h@ 65238

Last change on this file since 65238 was 65238, checked in by vboxsync, 8 years ago
nt/nt.h: W10 TEB and PEB updates.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 125.8 KB

Line
1	/* $Id: nt.h 65238 2017-01-11 10:37:22Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2016 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef ___iprt_nt_nt_h___
28	#define ___iprt_nt_nt_h___
29
30	/** @def IPRT_NT_MAP_TO_ZW
31	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32	* to the APIs (takes care of the previous context checks).
33	*/
34	#ifdef DOXYGEN_RUNNING
35	# define IPRT_NT_MAP_TO_ZW
36	#endif
37
38	#ifdef IPRT_NT_MAP_TO_ZW
39	# define NtQueryInformationFile ZwQueryInformationFile
40	# define NtQueryInformationProcess ZwQueryInformationProcess
41	# define NtQueryInformationThread ZwQueryInformationThread
42	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43	# define NtQuerySystemInformation ZwQuerySystemInformation
44	# define NtQuerySecurityObject ZwQuerySecurityObject
45	# define NtSetInformationFile ZwSetInformationFile
46	# define NtClose ZwClose
47	# define NtCreateFile ZwCreateFile
48	# define NtReadFile ZwReadFile
49	# define NtWriteFile ZwWriteFile
50	# define NtFlushBuffersFile ZwFlushBuffersFile
51	/** @todo this is very incomplete! */
52	#endif
53
54	#include <ntstatus.h>
55
56	/*
57	* Hacks common to both base header sets.
58	*/
59	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60	#define NtQueryObject Incomplete_NtQueryObject
61	#define ZwQueryObject Incomplete_ZwQueryObject
62	#define NtSetInformationObject Incomplete_NtSetInformationObject
63	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67	#define _PEB Incomplete__PEB
68	#define PEB Incomplete_PEB
69	#define PPEB Incomplete_PPEB
70	#define _TEB Incomplete__TEB
71	#define TEB Incomplete_TEB
72	#define PTEB Incomplete_PTEB
73	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82	#ifdef IPRT_NT_USE_WINTERNL
83	/*
84	* Use Winternl.h.
85	*/
86	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129	# pragma warning(push)
130	# pragma warning(disable: 4668)
131	# define WIN32_NO_STATUS
132	# include <windef.h>
133	# include <winnt.h>
134	# include <winternl.h>
135	# undef WIN32_NO_STATUS
136	# include <ntstatus.h>
137	# pragma warning(pop)
138
139
140	# undef _FILE_INFORMATION_CLASS
141	# undef FILE_INFORMATION_CLASS
142	# undef FileDirectoryInformation
143
144	# undef NtQueryInformationProcess
145	# undef NtSetInformationProcess
146	# undef PROCESSINFOCLASS
147	# undef _PROCESSINFOCLASS
148	# undef PROCESS_BASIC_INFORMATION
149	# undef PPROCESS_BASIC_INFORMATION
150	# undef _PROCESS_BASIC_INFORMATION
151	# undef ProcessBasicInformation
152	# undef ProcessDebugPort
153	# undef ProcessWow64Information
154	# undef ProcessImageFileName
155	# undef ProcessBreakOnTermination
156
157	# undef RTL_USER_PROCESS_PARAMETERS
158	# undef PRTL_USER_PROCESS_PARAMETERS
159	# undef _RTL_USER_PROCESS_PARAMETERS
160
161	# undef NtQueryInformationThread
162	# undef NtSetInformationThread
163	# undef THREADINFOCLASS
164	# undef _THREADINFOCLASS
165	# undef ThreadIsIoPending
166
167	# undef NtQuerySystemInformation
168	# undef NtSetSystemInformation
169	# undef SYSTEM_INFORMATION_CLASS
170	# undef _SYSTEM_INFORMATION_CLASS
171	# undef SystemBasicInformation
172	# undef SystemPerformanceInformation
173	# undef SystemTimeOfDayInformation
174	# undef SystemProcessInformation
175	# undef SystemProcessorPerformanceInformation
176	# undef SystemInterruptInformation
177	# undef SystemExceptionInformation
178	# undef SystemRegistryQuotaInformation
179	# undef SystemLookasideInformation
180	# undef SystemPolicyInformation
181
182	#else
183	/*
184	* Use ntifs.h and wdm.h.
185	*/
186	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
187	# define FORCEINLINE static __forceinline
188	# else
189	# define FORCEINLINE static __inline
190	# endif
191
192	# pragma warning(push)
193	# ifdef RT_ARCH_X86
194	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
195	# pragma warning(disable: 4163)
196	# endif
197	# pragma warning(disable: 4668)
198	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
199
200	# include <ntifs.h>
201	# include <wdm.h>
202
203	# ifdef RT_ARCH_X86
204	# undef _InterlockedAddLargeStatistic
205	# endif
206	# pragma warning(pop)
207
208	# define IPRT_NT_NEED_API_GROUP_NTIFS
209	#endif
210
211	#undef RtlFreeUnicodeString
212	#undef NtQueryObject
213	#undef ZwQueryObject
214	#undef NtSetInformationObject
215	#undef _OBJECT_INFORMATION_CLASS
216	#undef OBJECT_INFORMATION_CLASS
217	#undef ObjectBasicInformation
218	#undef ObjectTypeInformation
219	#undef _PEB
220	#undef PEB
221	#undef PPEB
222	#undef _TEB
223	#undef TEB
224	#undef PTEB
225	#undef _PEB_LDR_DATA
226	#undef PEB_LDR_DATA
227	#undef PPEB_LDR_DATA
228	#undef _KUSER_SHARED_DATA
229	#undef KUSER_SHARED_DATA
230	#undef PKUSER_SHARED_DATA
231
232
233	#include <iprt/types.h>
234	#include <iprt/assert.h>
235
236
237	/** @name Useful macros
238	* @{ */
239	/** Indicates that we're targeting native NT in the current source. */
240	#define RTNT_USE_NATIVE_NT 1
241	/** Initializes a IO_STATUS_BLOCK. */
242	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
243	/** Reinitializes a IO_STATUS_BLOCK. */
244	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
245	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
246	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
247	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
248	/** Constant UNICODE_STRING initializer. */
249	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
250	/** @} */
251
252
253	/** @name IPRT helper functions for NT
254	* @{ */
255	RT_C_DECLS_BEGIN
256
257	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
258	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
259	PHANDLE phHandle, PULONG_PTR puDisposition);
260	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
261	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
262	RTDECL(int) RTNtPathClose(HANDLE hHandle);
263
264	/**
265	* Converts a windows-style path to NT format and encoding.
266	*
267	* @returns IPRT status code.
268	* @param pNtName Where to return the NT name. Free using
269	* RTNtPathFree.
270	* @param phRootDir Where to return the root handle, if applicable.
271	* @param pszPath The UTF-8 path.
272	*/
273	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
274
275	/**
276	* Converts a UTF-16 windows-style path to NT format.
277	*
278	* @returns IPRT status code.
279	* @param pNtName Where to return the NT name. Free using
280	* RTNtPathFree.
281	* @param phRootDir Where to return the root handle, if applicable.
282	* @param pwszPath The UTF-16 windows-style path.
283	* @param cwcPath The max length of the windows-style path in
284	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
285	* pwszPath is correctly terminated.
286	*/
287	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
288
289	/**
290	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
291	* chars plus a terminator.
292	*
293	* The NT string must have been returned by RTNtPathFromWinUtf8 or
294	* RTNtPathFromWinUtf16Ex.
295	*
296	* @returns IPRT status code.
297	* @param pNtName The NT path string.
298	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
299	* @sa RTNtPathFree
300	*/
301	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
302
303	/**
304	* Frees the native path and root handle.
305	*
306	* @param pNtName The NT path from a successful call to
307	* RTNtPathFromWinUtf8 or RTNtPathFromWinUtf16Ex.
308	* @param phRootDir The root handle variable from the same call.
309	*/
310	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
311
312
313	/**
314	* Checks whether the path could be containing alternative 8.3 names generated
315	* by NTFS, FAT, or other similar file systems.
316	*
317	* @returns Pointer to the first component that might be an 8.3 name, NULL if
318	* not 8.3 path.
319	* @param pwszPath The path to check.
320	*
321	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
322	* however, non-tilde 8.3 aliases are probably rare enough to not be
323	* worth all the extra code necessary to open each path component and
324	* check if we've got the short name or not.
325	*/
326	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
327
328	/**
329	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
330	* components.
331	*
332	* The path is fixed up in place. Errors are ignored.
333	*
334	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
335	* indicating the nature of last problem we ran into.
336	*
337	* @param pUniStr The path to fix up. MaximumLength is the max buffer
338	* length.
339	* @param fPathOnly Whether to only process the path and leave the filename
340	* as passed in.
341	*/
342	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
343
344
345	RT_C_DECLS_END
346	/** @} */
347
348
349	/** @name NT API delcarations.
350	* @{ */
351	RT_C_DECLS_BEGIN
352
353	/** @name Process access rights missing in ntddk headers
354	* @{ */
355	#ifndef PROCESS_TERMINATE
356	# define PROCESS_TERMINATE UINT32_C(0x00000001)
357	#endif
358	#ifndef PROCESS_CREATE_THREAD
359	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
360	#endif
361	#ifndef PROCESS_SET_SESSIONID
362	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
363	#endif
364	#ifndef PROCESS_VM_OPERATION
365	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
366	#endif
367	#ifndef PROCESS_VM_READ
368	# define PROCESS_VM_READ UINT32_C(0x00000010)
369	#endif
370	#ifndef PROCESS_VM_WRITE
371	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
372	#endif
373	#ifndef PROCESS_DUP_HANDLE
374	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
375	#endif
376	#ifndef PROCESS_CREATE_PROCESS
377	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
378	#endif
379	#ifndef PROCESS_SET_QUOTA
380	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
381	#endif
382	#ifndef PROCESS_SET_INFORMATION
383	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
384	#endif
385	#ifndef PROCESS_QUERY_INFORMATION
386	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
387	#endif
388	#ifndef PROCESS_SUSPEND_RESUME
389	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
390	#endif
391	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
392	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
393	#endif
394	#ifndef PROCESS_SET_LIMITED_INFORMATION
395	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
396	#endif
397	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
398	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
399	#ifndef PROCESS_ALL_ACCESS
400	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
401	#endif
402	/** @} */
403
404	/** @name Thread access rights missing in ntddk headers
405	* @{ */
406	#ifndef THREAD_QUERY_INFORMATION
407	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
408	#endif
409	#ifndef THREAD_SET_THREAD_TOKEN
410	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
411	#endif
412	#ifndef THREAD_IMPERSONATE
413	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
414	#endif
415	#ifndef THREAD_DIRECT_IMPERSONATION
416	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
417	#endif
418	#ifndef THREAD_RESUME
419	# define THREAD_RESUME UINT32_C(0x00001000)
420	#endif
421	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
422	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
423	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
424	/** @} */
425
426	/** @name Special handle values.
427	* @{ */
428	#ifndef NtCurrentProcess
429	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
430	#endif
431	#ifndef NtCurrentThread
432	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
433	#endif
434	#ifndef ZwCurrentProcess
435	# define ZwCurrentProcess() NtCurrentProcess()
436	#endif
437	#ifndef ZwCurrentThread
438	# define ZwCurrentThread() NtCurrentThread()
439	#endif
440	/** @} */
441
442
443	/** @name Directory object access rights.
444	* @{ */
445	#ifndef DIRECTORY_QUERY
446	# define DIRECTORY_QUERY UINT32_C(0x00000001)
447	#endif
448	#ifndef DIRECTORY_TRAVERSE
449	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
450	#endif
451	#ifndef DIRECTORY_CREATE_OBJECT
452	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
453	#endif
454	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
455	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
456	#endif
457	#ifndef DIRECTORY_ALL_ACCESS
458	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
459	#endif
460	/** @} */
461
462
463
464	#ifdef IPRT_NT_USE_WINTERNL
465	typedef struct _CLIENT_ID
466	{
467	HANDLE UniqueProcess;
468	HANDLE UniqueThread;
469	} CLIENT_ID;
470	typedef CLIENT_ID *PCLIENT_ID;
471	#endif
472
473	/** Extended affinity type, introduced in Windows 7 (?). */
474	typedef struct _KAFFINITY_EX
475	{
476	/** Count of valid bitmap entries. */
477	uint16_t Count;
478	/** Count of allocated bitmap entries. */
479	uint16_t Size;
480	/** Reserved / aligmment padding. */
481	uint32_t Reserved;
482	/** Bitmap where one bit corresponds to a CPU. */
483	uintptr_t Bitmap[20];
484	} KAFFINITY_EX;
485	typedef KAFFINITY_EX *PKAFFINITY_EX;
486	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
487
488	/** @name User Shared Data
489	* @{ */
490
491	#ifdef IPRT_NT_USE_WINTERNL
492	typedef struct _KSYSTEM_TIME
493	{
494	ULONG LowPart;
495	LONG High1Time;
496	LONG High2Time;
497	} KSYSTEM_TIME;
498	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
499
500	typedef enum _NT_PRODUCT_TYPE
501	{
502	NtProductWinNt = 1,
503	NtProductLanManNt,
504	NtProductServer
505	} NT_PRODUCT_TYPE;
506
507	#define PROCESSOR_FEATURE_MAX 64
508
509	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
510	{
511	StandardDesign = 0,
512	NEC98x86,
513	EndAlternatives
514	} ALTERNATIVE_ARCHITECTURE_TYPE;
515
516	# if 0
517	typedef struct _XSTATE_FEATURE
518	{
519	ULONG Offset;
520	ULONG Size;
521	} XSTATE_FEATURE;
522	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
523
524	#define MAXIMUM_XSTATE_FEATURES 64
525
526	typedef struct _XSTATE_CONFIGURATION
527	{
528	ULONG64 EnabledFeatures;
529	ULONG Size;
530	ULONG OptimizedSave : 1;
531	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
532	} XSTATE_CONFIGURATION;
533	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
534	# endif
535	#endif /* IPRT_NT_USE_WINTERNL */
536
537	typedef struct _KUSER_SHARED_DATA
538	{
539	ULONG TickCountLowDeprecated; /*< 0x000 /
540	ULONG TickCountMultiplier; /*< 0x004 /
541	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
542	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
543	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
544	USHORT ImageNumberLow; /*< 0x02c /
545	USHORT ImageNumberHigh; /*< 0x02e /
546	WCHAR NtSystemRoot[260]; /*< 0x030 /
547	ULONG MaxStackTraceDepth; /*< 0x238 /
548	ULONG CryptoExponent; /*< 0x23c /
549	ULONG TimeZoneId; /*< 0x240 /
550	ULONG LargePageMinimum; /*< 0x244 /
551	ULONG AitSamplingValue; /*< 0x248 /
552	ULONG AppCompatFlag; /*< 0x24c /
553	ULONGLONG RNGSeedVersion; /*< 0x250 /
554	ULONG GlobalValidationRunlevel; /*< 0x258 /
555	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
556	ULONG Reserved2; /*< 0x260 /
557	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
558	BOOLEAN ProductTypeIsValid; /*< 0x268 /
559	BOOLEAN Reserved0[1]; /*< 0x269 /
560	USHORT NativeProcessorArchitecture; /*< 0x26a /
561	ULONG NtMajorVersion; /*< 0x26c /
562	ULONG NtMinorVersion; /*< 0x270 /
563	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
564	ULONG Reserved1; /*< 0x2b4 /
565	ULONG Reserved3; /*< 0x2b8 /
566	ULONG volatile TimeSlip; /*< 0x2bc /
567	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
568	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
569	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
570	ULONG SuiteMask; /*< 0x2d0 /
571	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
572	union /*< 0x2d5 /
573	{
574	UCHAR MitigationPolicies; /*< 0x2d5 /
575	struct
576	{
577	UCHAR NXSupportPolicy : 2;
578	UCHAR SEHValidationPolicy : 2;
579	UCHAR CurDirDevicesSkippedForDlls : 2;
580	UCHAR Reserved : 2;
581	};
582	};
583	UCHAR Reserved6[2]; /*< 0x2d6 /
584	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
585	ULONG volatile DismountCount; /*< 0x2dc /
586	ULONG ComPlusPackage; /*< 0x2e0 /
587	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
588	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
589	BOOLEAN SafeBootMode; /*< 0x2ec /
590	UCHAR Reserved12[3]; /*< 0x2ed /
591	union /*< 0x2f0 /
592	{
593	ULONG SharedDataFlags; /*< 0x2f0 /
594	struct
595	{
596	ULONG DbgErrorPortPresent : 1;
597	ULONG DbgElevationEnabled : 1;
598	ULONG DbgVirtEnabled : 1;
599	ULONG DbgInstallerDetectEnabled : 1;
600	ULONG DbgLkgEnabled : 1;
601	ULONG DbgDynProcessorEnabled : 1;
602	ULONG DbgConsoleBrokerEnabled : 1;
603	ULONG DbgSecureBootEnabled : 1;
604	ULONG SpareBits : 24;
605	};
606	};
607	ULONG DataFlagsPad[1]; /*< 0x2f4 /
608	ULONGLONG TestRetInstruction; /*< 0x2f8 /
609	LONGLONG QpcFrequency; /*< 0x300 /
610	ULONGLONG SystemCallPad[3]; /*< 0x308 /
611	union /*< 0x320 /
612	{
613	ULONG64 volatile TickCountQuad; /*< 0x320 /
614	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
615	struct /*< 0x320 /
616	{
617	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
618	ULONG TickCountPad[1]; /*< 0x32c /
619	};
620	};
621	ULONG Cookie; /*< 0x330 /
622	ULONG CookiePad[1]; /*< 0x334 /
623	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
624	ULONGLONG TimeUpdateLock; /*< 0x340 /
625	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
626	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
627	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
628	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
629	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
630	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
631	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
632	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
633	UCHAR Reserved8[14]; /*< 0x372 /
634	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
635	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
636	ULONG LangGenerationCount; /*< 0x3a4 /
637	ULONGLONG Reserved4; /*< 0x3a8 /
638	ULONGLONG volatile InterruptTimeBias; /*< 0x3b0 /
639	ULONGLONG volatile QpcBias; /*< 0x3b8 /
640	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
641	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
642	UCHAR Reserved9; /*< 0x3c5 /
643	union /*< 0x3c6 /
644	{
645	USHORT QpcData; /*< 0x3c6 /
646	struct /*< 0x3c6 /
647	{
648	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
649	UCHAR QpcShift; /*< 0x3c7 /
650	};
651	};
652	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
653	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
654	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
655	} KUSER_SHARED_DATA;
656	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
657	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
658	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
659	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
660	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
661	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
662	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
663	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
664	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
665	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
666	/** @def MM_SHARED_USER_DATA_VA
667	* Read only userland mapping of KUSER_SHARED_DATA. */
668	#ifndef MM_SHARED_USER_DATA_VA
669	# if ARCH_BITS == 32
670	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
671	# elif ARCH_BITS == 64
672	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
673	# else
674	# error "Unsupported/undefined ARCH_BITS value."
675	# endif
676	#endif
677	/** @def KI_USER_SHARED_DATA
678	* Read write kernel mapping of KUSER_SHARED_DATA. */
679	#ifndef KI_USER_SHARED_DATA
680	# ifdef RT_ARCH_X86
681	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
682	# elif defined(RT_ARCH_AMD64)
683	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
684	# else
685	# error "PORT ME - KI_USER_SHARED_DATA"
686	# endif
687	#endif
688	/** @} */
689
690
691	/** @name Process And Thread Environment Blocks
692	* @{ */
693
694	typedef struct _PEB_LDR_DATA
695	{
696	uint32_t Length;
697	BOOLEAN Initialized;
698	BOOLEAN Padding[3];
699	HANDLE SsHandle;
700	LIST_ENTRY InLoadOrderModuleList;
701	LIST_ENTRY InMemoryOrderModuleList;
702	LIST_ENTRY InInitializationOrderModuleList;
703	/* End NT4 */
704	LIST_ENTRY *EntryInProgress;
705	BOOLEAN ShutdownInProgress;
706	HANDLE ShutdownThreadId;
707	} PEB_LDR_DATA;
708	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
709
710	typedef struct _PEB_COMMON
711	{
712	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
713	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
714	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
715	union
716	{
717	uint8_t BitField; /*< 0x003 / 0x003 /
718	struct
719	{
720	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
721	} Common;
722	struct
723	{
724	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
725	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
726	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
727	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
728	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
729	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
730	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
731	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
732	} W81;
733	struct
734	{
735	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
736	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
737	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
738	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
739	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
740	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
741	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
742	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
743	} W80;
744	struct
745	{
746	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
747	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
748	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
749	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
750	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
751	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
752	} W7;
753	struct
754	{
755	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
756	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
757	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
758	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
759	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
760	} W6;
761	struct
762	{
763	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
764	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
765	} W52;
766	struct
767	{
768	BOOLEAN SpareBool;
769	} W51;
770	} Diff0;
771	#if ARCH_BITS == 64
772	uint32_t Padding0; /*< 0x004 / NA /
773	#endif
774	HANDLE Mutant; /*< 0x008 / 0x004 /
775	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
776	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
777	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
778	PVOID SubSystemData; /*< 0x028 / 0x014 /
779	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
780	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
781	union
782	{
783	struct
784	{
785	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
786	PVOID IFEOKey; /*< 0x048 / 0x024 /
787	union
788	{
789	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
790	struct
791	{
792	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
793	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
794	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
795	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
796	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
797	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
798	} W7, W8, W80, W81;
799	struct
800	{
801	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
802	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
803	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
804	} W6;
805	};
806	#if ARCH_BITS == 64
807	uint32_t Padding1; /*< 0x054 / /
808	#endif
809	} W6, W7, W8, W80, W81;
810	struct
811	{
812	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
813	PVOID SparePtr2; /*< 0x048 / 0x024 /
814	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
815	#if ARCH_BITS == 64
816	uint32_t Padding1; /*< 0x054 / /
817	#endif
818	} W52;
819	struct
820	{
821	PVOID FastPebLockRoutine; /*< NA / 0x020 /
822	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
823	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
824	} W51;
825	} Diff1;
826	union
827	{
828	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
829	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
830	};
831	uint32_t SystemReserved; /*< 0x060 / 0x030 /
832	union
833	{
834	struct
835	{
836	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
837	} W7, W8, W80, W81;
838	struct
839	{
840	uint32_t SpareUlong; /*< 0x064 / 0x034 /
841	} W52, W6;
842	struct
843	{
844	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
845	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
846	} W51;
847	} Diff2;
848	union
849	{
850	struct
851	{
852	PVOID ApiSetMap; /*< 0x068 / 0x038 /
853	} W7, W8, W80, W81;
854	struct
855	{
856	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
857	} W52, W6;
858	struct
859	{
860	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
861	} W51;
862	} Diff3;
863	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
864	#if ARCH_BITS == 64
865	uint32_t Padding2; /*< 0x074 / NA /
866	#endif
867	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
868	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
869	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
870	union
871	{
872	struct
873	{
874	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
875	} W81;
876	struct
877	{
878	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
879	} W6, W7, W80;
880	struct
881	{
882	PVOID ReadOnlySharedMemoryHeap;
883	} W52;
884	} Diff4;
885	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
886	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
887	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
888	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
889	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
890	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
891	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
892	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
893	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
894	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
895	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
896	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
897	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
898	PVOID ProcessHeaps; /< 0x0f0 / 0x090 /
899	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
900	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
901	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
902	#if ARCH_BITS == 64
903	uint32_t Padding3; /*< 0x10c / NA /
904	#endif
905	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
906	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
907	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
908	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
909	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
910	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
911	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
912	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
913	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
914	#if ARCH_BITS == 64
915	uint32_t Padding4; /*< 0x134 / NA /
916	#endif
917	union
918	{
919	struct
920	{
921	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
922	} W7, W8, W80, W81;
923	struct
924	{
925	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
926	} W52, W6;
927	} Diff5;
928	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
929	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
930	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
931	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
932	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
933	#if ARCH_BITS == 64
934	uint32_t Padding5; /*< 0x2c4 / NA /
935	#endif
936	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
937	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
938	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
939	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
940	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
941	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
942	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
943	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
944	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
945	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
946	/* End of PEB in W52 (Windows XP (RTM))! */
947	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
948	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
949	PVOID FlsBitmap; /*< 0x338 / 0x218 /
950	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
951	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
952	/* End of PEB in W52 (Windows Server 2003)! */
953	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
954	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
955	/* End of PEB in W6 (windows Vista)! */
956	union
957	{
958	struct
959	{
960	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
961	} W8, W80, W81;
962	struct
963	{
964	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
965	} W7;
966	} Diff6;
967	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
968	union
969	{
970	uint32_t TracingFlags; /*< 0x378 / 0x240 /
971	struct
972	{
973	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
974	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
975	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
976	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
977	} W8, W80, W81;
978	struct
979	{
980	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
981	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
982	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
983	} W7;
984	} Diff7;
985	#if ARCH_BITS == 64
986	uint32_t Padding6; /*< 0x37c / NA /
987	#endif
988	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
989	/* End of PEB in W8, W81. */
990	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
991	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
992	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
993	#if ARCH_BITS == 32
994	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
995	#endif
996	} PEB_COMMON;
997	typedef PEB_COMMON *PPEB_COMMON;
998
999	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1000	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1001	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1002	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1003	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1004	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1005	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1006	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1007	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1008
1009	/** The size of the windows 10 (build 14393) PEB structure. */
1010	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1011	/** The size of the windows 8.1 PEB structure. */
1012	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1013	/** The size of the windows 8.0 PEB structure. */
1014	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1015	/** The size of the windows 7 PEB structure. */
1016	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1017	/** The size of the windows vista PEB structure. */
1018	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1019	/** The size of the windows server 2003 PEB structure. */
1020	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1021	/** The size of the windows XP PEB structure. */
1022	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1023
1024	#if 0
1025	typedef struct _NT_TIB
1026	{
1027	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1028	PVOID StackBase;
1029	PVOID StackLimit;
1030	PVOID SubSystemTib;
1031	union
1032	{
1033	PVOID FiberData;
1034	ULONG Version;
1035	};
1036	PVOID ArbitraryUserPointer;
1037	struct _NT_TIB *Self;
1038	} NT_TIB;
1039	typedef NT_TIB *PNT_TIB;
1040	#endif
1041
1042	typedef struct _ACTIVATION_CONTEXT_STACK
1043	{
1044	uint32_t Flags;
1045	uint32_t NextCookieSequenceNumber;
1046	PVOID ActiveFrame;
1047	LIST_ENTRY FrameListCache;
1048	} ACTIVATION_CONTEXT_STACK;
1049
1050	/* Common TEB. */
1051	typedef struct _TEB_COMMON
1052	{
1053	NT_TIB NtTib; /*< 0x000 / 0x000 /
1054	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1055	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1056	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1057	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1058	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1059	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1060	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1061	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1062	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1063	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1064	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1065	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1066	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1067	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1068	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1069	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1070	#if ARCH_BITS == 64
1071	uint32_t Padding0; /*< 0x2c4 / NA /
1072	#endif
1073	union
1074	{
1075	struct
1076	{
1077	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1078	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1079	} W52, W6, W7, W8, W80, W81;
1080	#if ARCH_BITS == 32
1081	struct
1082	{
1083	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1084	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1085	} W51;
1086	#endif
1087	} Diff0;
1088	union
1089	{
1090	struct
1091	{
1092	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1093	} W6, W7, W8, W80, W81;
1094	struct
1095	{
1096	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1097	} W52;
1098	} Diff1;
1099	#if ARCH_BITS == 64
1100	uint32_t Padding1; /*< 0x2ec / NA /
1101	#endif
1102	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1103	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1104	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1105	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1106	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1107	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1108	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1109	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1110	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1111	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1112	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1113	PVOID glSection; /*< 0x1230 / 0xbe4 /
1114	PVOID glTable; /*< 0x1238 / 0xbe8 /
1115	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1116	PVOID glContext; /*< 0x1248 / 0xbf0 /
1117	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1118	#if ARCH_BITS == 64
1119	uint32_t Padding2; /*< 0x1254 / NA /
1120	#endif
1121	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1122	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1123	#if ARCH_BITS == 64
1124	WCHAR Padding3[3]; /*< 0x1472 / NA /
1125	#endif
1126	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1127	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1128	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1129	PVOID Vdm; /*< 0x1690 / 0xf18 /
1130	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1131	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1132	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1133	#if ARCH_BITS == 64
1134	uint32_t Padding4; /*< 0x16b4 / NA /
1135	#endif
1136	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1137	union
1138	{
1139	struct
1140	{
1141	GUID ActivityId; /*< 0x1710 / 0xf50 /
1142	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1143	} W6, W7, W8, W80, W81;
1144	struct
1145	{
1146	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1147	} W52;
1148	} Diff2;
1149	union /*< 0x1728 / 0xf64 /
1150	{
1151	struct
1152	{
1153	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1154	} W8, W80, W81;
1155	struct
1156	{
1157	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1158	} W7, W6;
1159	struct
1160	{
1161	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1162	} W52;
1163	struct
1164	{
1165	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1166	} W51;
1167	} Diff3;
1168	union
1169	{
1170	struct
1171	{
1172	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1173	} W52, W6, W7, W8, W80, W81;
1174	struct
1175	{
1176	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1177	} W51;
1178	} Diff4;
1179	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1180	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1181	union
1182	{
1183	union
1184	{
1185	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1186	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1187	struct
1188	{
1189	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1190	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1191	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1192	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1193	};
1194	} W6, W7, W8, W80, W81;
1195	struct
1196	{
1197	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1198	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1199	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1200	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1201	} W51, W52;
1202	} Diff5;
1203	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1204	#if ARCH_BITS == 64
1205	uint32_t Padding5; /*< 0x174c / NA /
1206	#endif
1207	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1208	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1209	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1210	#if ARCH_BITS == 64
1211	uint32_t Padding6; /*< 0x1764 / NA /
1212	#endif
1213	union /*< 0x1770 / 0xf8c /
1214	{
1215	struct
1216	{
1217	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1218	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1219	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1220	} W8, W80, W81;
1221	struct
1222	{
1223	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1224	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1225	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1226	} W6, W7;
1227	struct
1228	{
1229	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1230	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1231	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1232	} W52;
1233	#if ARCH_BITS == 32
1234	struct _Wx86ThreadState
1235	{
1236	PVOID CallBx86Eip; /*< NA / 0xf88 /
1237	PVOID DeallocationCpu; /*< NA / 0xf8c /
1238	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1239	int8_t OleStubInvoked; /*< NA / 0xf91 /
1240	} W51;
1241	#endif
1242	} Diff6;
1243	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1244	#if ARCH_BITS == 64
1245	PVOID DallocationBStore; /*< 0x1788 / NA /
1246	PVOID BStoreLimit; /*< 0x1790 / NA /
1247	#endif
1248	union
1249	{
1250	struct
1251	{
1252	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1253	} W7, W8, W80, W81;
1254	struct
1255	{
1256	uint32_t ImpersonationLocale;
1257	} W6;
1258	} Diff7;
1259	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1260	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1261	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1262	union /*< 0x17b0 / 0xfa8 /
1263	{
1264	struct
1265	{
1266	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1267	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1268	} W8, W80, W81;
1269	struct
1270	{
1271	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1272	} W7;
1273	} Diff8;
1274	#if ARCH_BITS == 64
1275	uint32_t Padding7; /*< 0x17b4 / NA /
1276	#endif
1277	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1278	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1279	/* End of TEB in W51 (Windows XP)! */
1280	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1281	union
1282	{
1283	struct
1284	{
1285	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1286	} W6, W7, W8, W80, W81;
1287	struct
1288	{
1289	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1290	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1291	/* End of TEB in W52 (Windows server 2003)! */
1292	} W52;
1293	} Diff9;
1294	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1295	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1296	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1297	union
1298	{
1299	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1300	struct
1301	{
1302	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1303	};
1304	};
1305	union
1306	{
1307	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1308	struct
1309	{
1310	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1311	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1312	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1313	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1314	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1315	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1316	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1317	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1318	} Common;
1319	struct
1320	{
1321	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1322	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1323	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1324	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1325	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1326	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1327	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1328	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1329	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1330	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1331	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1332	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1333	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1334	} W8, W80, W81;
1335	struct
1336	{
1337	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1338	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1339	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1340	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1341	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1342	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1343	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1344	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1345	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1346	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1347	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1348	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1349	} W7;
1350	struct
1351	{
1352	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1353	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1354	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1355	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1356	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1357	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1358	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1359	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1360	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1361	} W6;
1362	} Diff10;
1363	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1364	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1365	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1366	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1367	union
1368	{
1369	struct
1370	{
1371	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1372	} W7, W8, W80, W81;
1373	struct
1374	{
1375	uint32_t ProcessRundown;
1376	} W6;
1377	} Diff11;
1378	union
1379	{
1380	struct
1381	{
1382	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1383	/* End of TEB in W7 (windows 7)! */
1384	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1385	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1386	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1387	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1388	/* End of TEB in W10 14393! */
1389	} W8, W80, W81, W10;
1390	struct
1391	{
1392	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1393	} W7;
1394	struct
1395	{
1396	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1397	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1398	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1399	/* End of TEB in W6 (windows Vista)! */
1400	} W6;
1401	} Diff12;
1402	} TEB_COMMON;
1403	typedef TEB_COMMON *PTEB_COMMON;
1404	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1405	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1406	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1407	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1408	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1409	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1410	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1411	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1412	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1413	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1414	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1415	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1416	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1417
1418
1419	/** The size of the windows 8.1 PEB structure. */
1420	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1421	/** The size of the windows 8.1 PEB structure. */
1422	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1423	/** The size of the windows 8.0 PEB structure. */
1424	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1425	/** The size of the windows 7 PEB structure. */
1426	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1427	/** The size of the windows vista PEB structure. */
1428	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1429	/** The size of the windows server 2003 PEB structure. */
1430	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1431	/** The size of the windows XP PEB structure. */
1432	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1433
1434
1435
1436	#define _PEB _PEB_COMMON
1437	typedef PEB_COMMON PEB;
1438	typedef PPEB_COMMON PPEB;
1439
1440	#define _TEB _TEB_COMMON
1441	typedef TEB_COMMON TEB;
1442	typedef PTEB_COMMON PTEB;
1443
1444	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1445	# ifdef RT_ARCH_X86
1446	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1447	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1448	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1449	# elif defined(RT_ARCH_AMD64)
1450	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1451	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1452	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1453	# else
1454	# error "Port me"
1455	# endif
1456	#else
1457	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1458	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1459	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1460	#endif
1461	#define NtCurrentPeb() RTNtCurrentPeb()
1462
1463
1464	/** @} */
1465
1466
1467	#ifdef IPRT_NT_USE_WINTERNL
1468	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1469	typedef enum _SECTION_INHERIT
1470	{
1471	ViewShare = 1,
1472	ViewUnmap
1473	} SECTION_INHERIT;
1474	#endif
1475	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1476	ULONG, ULONG);
1477	NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1478	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1479
1480	#ifdef IPRT_NT_USE_WINTERNL
1481	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1482	{
1483	ULONG FileSystemAttributes;
1484	LONG MaximumComponentNameLength;
1485	ULONG FileSystemNameLength;
1486	WCHAR FileSystemName[1];
1487	} FILE_FS_ATTRIBUTE_INFORMATION;
1488	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1489
1490	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1491	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1492	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1493	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1494
1495	typedef enum _FSINFOCLASS
1496	{
1497	FileFsVolumeInformation = 1,
1498	FileFsLabelInformation,
1499	FileFsSizeInformation,
1500	FileFsDeviceInformation,
1501	FileFsAttributeInformation,
1502	FileFsControlInformation,
1503	FileFsFullSizeInformation,
1504	FileFsObjectIdInformation,
1505	FileFsDriverPathInformation,
1506	FileFsVolumeFlagsInformation,
1507	FileFsSectorSizeInformation,
1508	FileFsDataCopyInformation,
1509	FileFsMaximumInformation
1510	} FS_INFORMATION_CLASS;
1511	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1512	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1513
1514	typedef struct _FILE_BOTH_DIR_INFORMATION
1515	{
1516	ULONG NextEntryOffset;
1517	ULONG FileIndex;
1518	LARGE_INTEGER CreationTime;
1519	LARGE_INTEGER LastAccessTime;
1520	LARGE_INTEGER LastWriteTime;
1521	LARGE_INTEGER ChangeTime;
1522	LARGE_INTEGER EndOfFile;
1523	LARGE_INTEGER AllocationSize;
1524	ULONG FileAttributes;
1525	ULONG FileNameLength;
1526	ULONG EaSize;
1527	CCHAR ShortNameLength;
1528	WCHAR ShortName[12];
1529	WCHAR FileName[1];
1530	} FILE_BOTH_DIR_INFORMATION;
1531	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1532	typedef struct _FILE_BASIC_INFORMATION
1533	{
1534	LARGE_INTEGER CreationTime;
1535	LARGE_INTEGER LastAccessTime;
1536	LARGE_INTEGER LastWriteTime;
1537	LARGE_INTEGER ChangeTime;
1538	ULONG FileAttributes;
1539	} FILE_BASIC_INFORMATION;
1540	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1541	typedef struct _FILE_STANDARD_INFORMATION
1542	{
1543	LARGE_INTEGER AllocationSize;
1544	LARGE_INTEGER EndOfFile;
1545	ULONG NumberOfLinks;
1546	BOOLEAN DeletePending;
1547	BOOLEAN Directory;
1548	} FILE_STANDARD_INFORMATION;
1549	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1550	typedef struct _FILE_NAME_INFORMATION
1551	{
1552	ULONG FileNameLength;
1553	WCHAR FileName[1];
1554	} FILE_NAME_INFORMATION;
1555	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1556	typedef struct _FILE_NETWORK_OPEN_INFORMATION
1557	{
1558	LARGE_INTEGER CreationTime;
1559	LARGE_INTEGER LastAccessTime;
1560	LARGE_INTEGER LastWriteTime;
1561	LARGE_INTEGER ChangeTime;
1562	LARGE_INTEGER AllocationSize;
1563	LARGE_INTEGER EndOfFile;
1564	ULONG FileAttributes;
1565	} FILE_NETWORK_OPEN_INFORMATION;
1566	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1567	typedef enum _FILE_INFORMATION_CLASS
1568	{
1569	FileDirectoryInformation = 1,
1570	FileFullDirectoryInformation,
1571	FileBothDirectoryInformation,
1572	FileBasicInformation,
1573	FileStandardInformation,
1574	FileInternalInformation,
1575	FileEaInformation,
1576	FileAccessInformation,
1577	FileNameInformation,
1578	FileRenameInformation,
1579	FileLinkInformation,
1580	FileNamesInformation,
1581	FileDispositionInformation,
1582	FilePositionInformation,
1583	FileFullEaInformation,
1584	FileModeInformation,
1585	FileAlignmentInformation,
1586	FileAllInformation,
1587	FileAllocationInformation,
1588	FileEndOfFileInformation,
1589	FileAlternateNameInformation,
1590	FileStreamInformation,
1591	FilePipeInformation,
1592	FilePipeLocalInformation,
1593	FilePipeRemoteInformation,
1594	FileMailslotQueryInformation,
1595	FileMailslotSetInformation,
1596	FileCompressionInformation,
1597	FileObjectIdInformation,
1598	FileCompletionInformation,
1599	FileMoveClusterInformation,
1600	FileQuotaInformation,
1601	FileReparsePointInformation,
1602	FileNetworkOpenInformation,
1603	FileAttributeTagInformation,
1604	FileTrackingInformation,
1605	FileIdBothDirectoryInformation,
1606	FileIdFullDirectoryInformation,
1607	FileValidDataLengthInformation,
1608	FileShortNameInformation,
1609	FileIoCompletionNotificationInformation,
1610	FileIoStatusBlockRangeInformation,
1611	FileIoPriorityHintInformation,
1612	FileSfioReserveInformation,
1613	FileSfioVolumeInformation,
1614	FileHardLinkInformation,
1615	FileProcessIdsUsingFileInformation,
1616	FileNormalizedNameInformation,
1617	FileNetworkPhysicalNameInformation,
1618	FileIdGlobalTxDirectoryInformation,
1619	FileIsRemoteDeviceInformation,
1620	FileUnusedInformation,
1621	FileNumaNodeInformation,
1622	FileStandardLinkInformation,
1623	FileRemoteProtocolInformation,
1624	FileRenameInformationBypassAccessCheck,
1625	FileLinkInformationBypassAccessCheck,
1626	FileVolumeNameInformation,
1627	FileIdInformation,
1628	FileIdExtdDirectoryInformation,
1629	FileReplaceCompletionInformation,
1630	FileHardLinkFullIdInformation,
1631	FileMaximumInformation
1632	} FILE_INFORMATION_CLASS;
1633	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1634	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1635	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1636	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1637	NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1638	#endif /* IPRT_NT_USE_WINTERNL */
1639	NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1640	NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1641
1642	#ifdef IPRT_NT_USE_WINTERNL
1643
1644	/** For use with KeyBasicInformation. */
1645	typedef struct _KEY_BASIC_INFORMATION
1646	{
1647	LARGE_INTEGER LastWriteTime;
1648	ULONG TitleIndex;
1649	ULONG NameLength;
1650	WCHAR Name[1];
1651	} KEY_BASIC_INFORMATION;
1652	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1653
1654	/** For use with KeyNodeInformation. */
1655	typedef struct _KEY_NODE_INFORMATION
1656	{
1657	LARGE_INTEGER LastWriteTime;
1658	ULONG TitleIndex;
1659	ULONG ClassOffset; /*< Offset from the start of the structure. /
1660	ULONG ClassLength;
1661	ULONG NameLength;
1662	WCHAR Name[1];
1663	} KEY_NODE_INFORMATION;
1664	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1665
1666	/** For use with KeyFullInformation. */
1667	typedef struct _KEY_FULL_INFORMATION
1668	{
1669	LARGE_INTEGER LastWriteTime;
1670	ULONG TitleIndex;
1671	ULONG ClassOffset; /*< Offset of the Class member. /
1672	ULONG ClassLength;
1673	ULONG SubKeys;
1674	ULONG MaxNameLen;
1675	ULONG MaxClassLen;
1676	ULONG Values;
1677	ULONG MaxValueNameLen;
1678	ULONG MaxValueDataLen;
1679	WCHAR Class[1];
1680	} KEY_FULL_INFORMATION;
1681	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1682
1683	/** For use with KeyNameInformation. */
1684	typedef struct _KEY_NAME_INFORMATION
1685	{
1686	ULONG NameLength;
1687	WCHAR Name[1];
1688	} KEY_NAME_INFORMATION;
1689	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1690
1691	/** For use with KeyCachedInformation. */
1692	typedef struct _KEY_CACHED_INFORMATION
1693	{
1694	LARGE_INTEGER LastWriteTime;
1695	ULONG TitleIndex;
1696	ULONG SubKeys;
1697	ULONG MaxNameLen;
1698	ULONG Values;
1699	ULONG MaxValueNameLen;
1700	ULONG MaxValueDataLen;
1701	ULONG NameLength;
1702	} KEY_CACHED_INFORMATION;
1703	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1704
1705	/** For use with KeyVirtualizationInformation. */
1706	typedef struct _KEY_VIRTUALIZATION_INFORMATION
1707	{
1708	ULONG VirtualizationCandidate : 1;
1709	ULONG VirtualizationEnabled : 1;
1710	ULONG VirtualTarget : 1;
1711	ULONG VirtualStore : 1;
1712	ULONG VirtualSource : 1;
1713	ULONG Reserved : 27;
1714	} KEY_VIRTUALIZATION_INFORMATION;
1715	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1716
1717	typedef enum _KEY_INFORMATION_CLASS
1718	{
1719	KeyBasicInformation = 0,
1720	KeyNodeInformation,
1721	KeyFullInformation,
1722	KeyNameInformation,
1723	KeyCachedInformation,
1724	KeyFlagsInformation,
1725	KeyVirtualizationInformation,
1726	KeyHandleTagsInformation,
1727	MaxKeyInfoClass
1728	} KEY_INFORMATION_CLASS;
1729	NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1730	NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1731
1732	typedef struct _MEMORY_SECTION_NAME
1733	{
1734	UNICODE_STRING SectionFileName;
1735	WCHAR NameBuffer[1];
1736	} MEMORY_SECTION_NAME;
1737
1738	#ifdef IPRT_NT_USE_WINTERNL
1739	typedef struct _PROCESS_BASIC_INFORMATION
1740	{
1741	NTSTATUS ExitStatus;
1742	PPEB PebBaseAddress;
1743	ULONG_PTR AffinityMask;
1744	int32_t BasePriority;
1745	ULONG_PTR UniqueProcessId;
1746	ULONG_PTR InheritedFromUniqueProcessId;
1747	} PROCESS_BASIC_INFORMATION;
1748	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1749	#endif
1750
1751	typedef enum _PROCESSINFOCLASS
1752	{
1753	ProcessBasicInformation = 0, /*< 0 / 0x00 /
1754	ProcessQuotaLimits, /*< 1 / 0x01 /
1755	ProcessIoCounters, /*< 2 / 0x02 /
1756	ProcessVmCounters, /*< 3 / 0x03 /
1757	ProcessTimes, /*< 4 / 0x04 /
1758	ProcessBasePriority, /*< 5 / 0x05 /
1759	ProcessRaisePriority, /*< 6 / 0x06 /
1760	ProcessDebugPort, /*< 7 / 0x07 /
1761	ProcessExceptionPort, /*< 8 / 0x08 /
1762	ProcessAccessToken, /*< 9 / 0x09 /
1763	ProcessLdtInformation, /*< 10 / 0x0a /
1764	ProcessLdtSize, /*< 11 / 0x0b /
1765	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
1766	ProcessIoPortHandlers, /*< 13 / 0x0d /
1767	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
1768	ProcessWorkingSetWatch, /*< 15 / 0x0f /
1769	ProcessUserModeIOPL, /*< 16 / 0x10 /
1770	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
1771	ProcessPriorityClass, /*< 18 / 0x12 /
1772	ProcessWx86Information, /*< 19 / 0x13 /
1773	ProcessHandleCount, /*< 20 / 0x14 /
1774	ProcessAffinityMask, /*< 21 / 0x15 /
1775	ProcessPriorityBoost, /*< 22 / 0x16 /
1776	ProcessDeviceMap, /*< 23 / 0x17 /
1777	ProcessSessionInformation, /*< 24 / 0x18 /
1778	ProcessForegroundInformation, /*< 25 / 0x19 /
1779	ProcessWow64Information, /*< 26 / 0x1a /
1780	ProcessImageFileName, /*< 27 / 0x1b /
1781	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
1782	ProcessBreakOnTermination, /*< 29 / 0x1d /
1783	ProcessDebugObjectHandle, /*< 30 / 0x1e /
1784	ProcessDebugFlags, /*< 31 / 0x1f /
1785	ProcessHandleTracing, /*< 32 / 0x20 /
1786	ProcessIoPriority, /*< 33 / 0x21 /
1787	ProcessExecuteFlags, /*< 34 / 0x22 /
1788	ProcessTlsInformation, /*< 35 / 0x23 /
1789	ProcessCookie, /*< 36 / 0x24 /
1790	ProcessImageInformation, /*< 37 / 0x25 /
1791	ProcessCycleTime, /*< 38 / 0x26 /
1792	ProcessPagePriority, /*< 39 / 0x27 /
1793	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
1794	ProcessThreadStackAllocation, /*< 41 / 0x29 /
1795	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
1796	ProcessImageFileNameWin32, /*< 43 / 0x2b /
1797	ProcessImageFileMapping, /*< 44 / 0x2c /
1798	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
1799	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
1800	ProcessGroupInformation, /*< 47 / 0x2f /
1801	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
1802	ProcessConsoleHostProcess, /*< 49 / 0x31 /
1803	ProcessWindowsInformation, /*< 50 / 0x32 /
1804	ProcessUnknown51,
1805	ProcessUnknown52,
1806	ProcessUnknown53,
1807	ProcessUnknown54,
1808	ProcessUnknown55,
1809	ProcessUnknown56,
1810	ProcessUnknown57,
1811	ProcessUnknown58,
1812	ProcessUnknown59,
1813	ProcessUnknown60,
1814	ProcessUnknown61,
1815	ProcessUnknown62,
1816	ProcessUnknown63,
1817	ProcessUnknown64,
1818	ProcessUnknown65,
1819	ProcessUnknown66,
1820	ProcessMaybe_KeSetCpuSetsProcess, /*< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. /
1821	MaxProcessInfoClass /*< 68 / 0x44 /
1822	} PROCESSINFOCLASS;
1823	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1824
1825	typedef enum _THREADINFOCLASS
1826	{
1827	ThreadBasicInformation = 0,
1828	ThreadTimes,
1829	ThreadPriority,
1830	ThreadBasePriority,
1831	ThreadAffinityMask,
1832	ThreadImpersonationToken,
1833	ThreadDescriptorTableEntry,
1834	ThreadEnableAlignmentFaultFixup,
1835	ThreadEventPair_Reusable,
1836	ThreadQuerySetWin32StartAddress,
1837	ThreadZeroTlsCell,
1838	ThreadPerformanceCount,
1839	ThreadAmILastThread,
1840	ThreadIdealProcessor,
1841	ThreadPriorityBoost,
1842	ThreadSetTlsArrayAddress,
1843	ThreadIsIoPending,
1844	ThreadHideFromDebugger,
1845	ThreadBreakOnTermination,
1846	ThreadSwitchLegacyState,
1847	ThreadIsTerminated,
1848	ThreadLastSystemCall,
1849	ThreadIoPriority,
1850	ThreadCycleTime,
1851	ThreadPagePriority,
1852	ThreadActualBasePriority,
1853	ThreadTebInformation,
1854	ThreadCSwitchMon,
1855	ThreadCSwitchPmu,
1856	ThreadWow64Context,
1857	ThreadGroupInformation,
1858	ThreadUmsInformation,
1859	ThreadCounterProfiling,
1860	ThreadIdealProcessorEx,
1861	ThreadCpuAccountingInformation,
1862	MaxThreadInfoClass
1863	} THREADINFOCLASS;
1864	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1865
1866	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1867
1868	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1869	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1870	NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1871
1872	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1873	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1874
1875	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1876	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1877	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1878	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1879	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1880	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1881	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1882	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1883	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1884
1885	#endif /* IPRT_NT_USE_WINTERNL */
1886
1887	typedef enum _OBJECT_INFORMATION_CLASS
1888	{
1889	ObjectBasicInformation = 0,
1890	ObjectNameInformation,
1891	ObjectTypeInformation,
1892	ObjectAllInformation,
1893	ObjectDataInformation
1894	} OBJECT_INFORMATION_CLASS;
1895	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1896	#ifdef IN_RING0
1897	# define NtQueryObject ZwQueryObject
1898	#endif
1899	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1900	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1901	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1902
1903	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1904
1905	typedef struct _OBJECT_DIRECTORY_INFORMATION
1906	{
1907	UNICODE_STRING Name;
1908	UNICODE_STRING TypeName;
1909	} OBJECT_DIRECTORY_INFORMATION;
1910	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1911	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1912
1913	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1914	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1915	/** @name ProcessDefaultHardErrorMode bit definitions.
1916	* @{ */
1917	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
1918	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1919	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1920	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1921	/** @} */
1922	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1923	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1924
1925	/** Retured by ProcessImageInformation as well as NtQuerySection. */
1926	typedef struct _SECTION_IMAGE_INFORMATION
1927	{
1928	PVOID TransferAddress;
1929	ULONG ZeroBits;
1930	SIZE_T MaximumStackSize;
1931	SIZE_T CommittedStackSize;
1932	ULONG SubSystemType;
1933	union
1934	{
1935	struct
1936	{
1937	USHORT SubSystemMinorVersion;
1938	USHORT SubSystemMajorVersion;
1939	};
1940	ULONG SubSystemVersion;
1941	};
1942	ULONG GpValue;
1943	USHORT ImageCharacteristics;
1944	USHORT DllCharacteristics;
1945	USHORT Machine;
1946	BOOLEAN ImageContainsCode;
1947	union /*< Since Vista, used to be a spare BOOLEAN. /
1948	{
1949	struct
1950	{
1951	UCHAR ComPlusNativeRead : 1;
1952	UCHAR ComPlusILOnly : 1;
1953	UCHAR ImageDynamicallyRelocated : 1;
1954	UCHAR ImageMAppedFlat : 1;
1955	UCHAR Reserved : 4;
1956	};
1957	UCHAR ImageFlags;
1958	};
1959	ULONG LoaderFlags;
1960	ULONG ImageFileSize; /*< Since XP? /
1961	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
1962	} SECTION_IMAGE_INFORMATION;
1963	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
1964
1965	typedef enum _SECTION_INFORMATION_CLASS
1966	{
1967	SectionBasicInformation = 0,
1968	SectionImageInformation,
1969	MaxSectionInfoClass
1970	} SECTION_INFORMATION_CLASS;
1971	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
1972
1973	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
1974	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1975	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
1976	#ifndef SYMBOLIC_LINK_QUERY
1977	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
1978	#endif
1979	#ifndef SYMBOLIC_LINK_ALL_ACCESS
1980	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
1981	#endif
1982
1983	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
1984	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
1985	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
1986	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
1987	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
1988	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
1989
1990
1991	#ifndef SEC_FILE
1992	# define SEC_FILE UINT32_C(0x00800000)
1993	#endif
1994	#ifndef SEC_IMAGE
1995	# define SEC_IMAGE UINT32_C(0x01000000)
1996	#endif
1997	#ifndef SEC_PROTECTED_IMAGE
1998	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
1999	#endif
2000	#ifndef SEC_NOCACHE
2001	# define SEC_NOCACHE UINT32_C(0x10000000)
2002	#endif
2003	#ifndef MEM_ROTATE
2004	# define MEM_ROTATE UINT32_C(0x00800000)
2005	#endif
2006	typedef enum _MEMORY_INFORMATION_CLASS
2007	{
2008	MemoryBasicInformation = 0,
2009	MemoryWorkingSetList,
2010	MemorySectionName,
2011	MemoryBasicVlmInformation
2012	} MEMORY_INFORMATION_CLASS;
2013	#ifdef IN_RING0
2014	typedef struct _MEMORY_BASIC_INFORMATION
2015	{
2016	PVOID BaseAddress;
2017	PVOID AllocationBase;
2018	ULONG AllocationProtect;
2019	SIZE_T RegionSize;
2020	ULONG State;
2021	ULONG Protect;
2022	ULONG Type;
2023	} MEMORY_BASIC_INFORMATION;
2024	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2025	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2026	#endif
2027	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2028	#ifdef IPRT_NT_USE_WINTERNL
2029	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2030	#endif
2031	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2032	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2033
2034	typedef enum _SYSTEM_INFORMATION_CLASS
2035	{
2036	SystemBasicInformation = 0,
2037	SystemCpuInformation,
2038	SystemPerformanceInformation,
2039	SystemTimeOfDayInformation,
2040	SystemInformation_Unknown_4,
2041	SystemProcessInformation,
2042	SystemInformation_Unknown_6,
2043	SystemInformation_Unknown_7,
2044	SystemProcessorPerformanceInformation,
2045	SystemInformation_Unknown_9,
2046	SystemInformation_Unknown_10,
2047	SystemModuleInformation,
2048	SystemInformation_Unknown_12,
2049	SystemInformation_Unknown_13,
2050	SystemInformation_Unknown_14,
2051	SystemInformation_Unknown_15,
2052	SystemHandleInformation,
2053	SystemInformation_Unknown_17,
2054	SystemPageFileInformation,
2055	SystemInformation_Unknown_19,
2056	SystemInformation_Unknown_20,
2057	SystemCacheInformation,
2058	SystemInformation_Unknown_22,
2059	SystemInterruptInformation,
2060	SystemDpcBehaviourInformation,
2061	SystemFullMemoryInformation,
2062	SystemLoadGdiDriverInformation, /* 26 */
2063	SystemUnloadGdiDriverInformation, /* 27 */
2064	SystemTimeAdjustmentInformation,
2065	SystemSummaryMemoryInformation,
2066	SystemInformation_Unknown_30,
2067	SystemInformation_Unknown_31,
2068	SystemInformation_Unknown_32,
2069	SystemExceptionInformation,
2070	SystemCrashDumpStateInformation,
2071	SystemKernelDebuggerInformation,
2072	SystemContextSwitchInformation,
2073	SystemRegistryQuotaInformation,
2074	SystemInformation_Unknown_38,
2075	SystemInformation_Unknown_39,
2076	SystemInformation_Unknown_40,
2077	SystemInformation_Unknown_41,
2078	SystemInformation_Unknown_42,
2079	SystemInformation_Unknown_43,
2080	SystemCurrentTimeZoneInformation,
2081	SystemLookasideInformation,
2082	SystemSetTimeSlipEvent,
2083	SystemCreateSession,
2084	SystemDeleteSession,
2085	SystemInformation_Unknown_49,
2086	SystemRangeStartInformation,
2087	SystemVerifierInformation,
2088	SystemInformation_Unknown_52,
2089	SystemSessionProcessInformation,
2090	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2091	SystemInformation_Unknown_55,
2092	SystemInformation_Unknown_56,
2093	SystemExtendedProcessInformation,
2094	SystemInformation_Unknown_58,
2095	SystemInformation_Unknown_59,
2096	SystemInformation_Unknown_60,
2097	SystemInformation_Unknown_61,
2098	SystemInformation_Unknown_62,
2099	SystemInformation_Unknown_63,
2100	SystemExtendedHandleInformation, /* 64 */
2101	SystemInformation_Unknown_65,
2102	SystemInformation_Unknown_66,
2103	SystemInformation_Unknown_67,
2104	SystemInformation_Unknown_68,
2105	SystemInformation_HotPatchInfo, /* 69 */
2106	SystemInformation_Unknown_70,
2107	SystemInformation_Unknown_71,
2108	SystemInformation_Unknown_72,
2109	SystemInformation_Unknown_73,
2110	SystemInformation_Unknown_74,
2111	SystemInformation_Unknown_75,
2112	SystemInformation_Unknown_76,
2113	SystemInformation_Unknown_77,
2114	SystemInformation_Unknown_78,
2115	SystemInformation_Unknown_79,
2116	SystemInformation_Unknown_80,
2117	SystemInformation_Unknown_81,
2118	SystemInformation_Unknown_82,
2119	SystemInformation_Unknown_83,
2120	SystemInformation_Unknown_84,
2121	SystemInformation_Unknown_85,
2122	SystemInformation_Unknown_86,
2123	SystemInformation_Unknown_87,
2124	SystemInformation_Unknown_88,
2125	SystemInformation_Unknown_89,
2126	SystemInformation_Unknown_90,
2127	SystemInformation_Unknown_91,
2128	SystemInformation_Unknown_92,
2129	SystemInformation_Unknown_93,
2130	SystemInformation_Unknown_94,
2131	SystemInformation_Unknown_95,
2132	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2133	SystemInformation_Unknown_97,
2134	SystemInformation_Unknown_98,
2135	SystemInformation_Unknown_99,
2136	SystemInformation_Unknown_100,
2137	SystemInformation_Unknown_101,
2138	SystemInformation_Unknown_102,
2139	SystemInformation_Unknown_103,
2140	SystemInformation_Unknown_104,
2141	SystemInformation_Unknown_105,
2142	SystemInformation_Unknown_107,
2143	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2144
2145	/** @todo fill gap. they've added a whole bunch of things */
2146	SystemPolicyInformation = 134,
2147	SystemInformationClassMax
2148	} SYSTEM_INFORMATION_CLASS;
2149
2150	#ifdef IPRT_NT_USE_WINTERNL
2151	typedef struct _VM_COUNTERS
2152	{
2153	SIZE_T PeakVirtualSize;
2154	SIZE_T VirtualSize;
2155	ULONG PageFaultCount;
2156	SIZE_T PeakWorkingSetSize;
2157	SIZE_T WorkingSetSize;
2158	SIZE_T QuotaPeakPagedPoolUsage;
2159	SIZE_T QuotaPagedPoolUsage;
2160	SIZE_T QuotaPeakNonPagedPoolUsage;
2161	SIZE_T QuotaNonPagedPoolUsage;
2162	SIZE_T PagefileUsage;
2163	SIZE_T PeakPagefileUsage;
2164	} VM_COUNTERS;
2165	typedef VM_COUNTERS *PVM_COUNTERS;
2166	#endif
2167
2168	#if 0
2169	typedef struct _IO_COUNTERS
2170	{
2171	ULONGLONG ReadOperationCount;
2172	ULONGLONG WriteOperationCount;
2173	ULONGLONG OtherOperationCount;
2174	ULONGLONG ReadTransferCount;
2175	ULONGLONG WriteTransferCount;
2176	ULONGLONG OtherTransferCount;
2177	} IO_COUNTERS;
2178	typedef IO_COUNTERS *PIO_COUNTERS;
2179	#endif
2180
2181	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2182	{
2183	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
2184	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
2185	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
2186	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
2187	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
2188	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
2189	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
2190	int32_t BasePriority; /*< 0x40 / 0x48 /
2191	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
2192	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
2193	ULONG HandleCount; /*< 0x4c / 0x60 /
2194	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
2195	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
2196	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
2197	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
2198	/* After this follows the threads, then the ProcessName.Buffer. */
2199	} RTNT_SYSTEM_PROCESS_INFORMATION;
2200	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2201	#ifndef IPRT_NT_USE_WINTERNL
2202	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2203	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2204	#endif
2205
2206	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2207	{
2208	USHORT UniqueProcessId;
2209	USHORT CreatorBackTraceIndex;
2210	UCHAR ObjectTypeIndex;
2211	UCHAR HandleAttributes;
2212	USHORT HandleValue;
2213	PVOID Object;
2214	ULONG GrantedAccess;
2215	} SYSTEM_HANDLE_ENTRY_INFO;
2216	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2217
2218	/** Returned by SystemHandleInformation */
2219	typedef struct _SYSTEM_HANDLE_INFORMATION
2220	{
2221	ULONG NumberOfHandles;
2222	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2223	} SYSTEM_HANDLE_INFORMATION;
2224	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2225
2226	/** Extended handle information entry.
2227	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2228	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2229	{
2230	PVOID Object;
2231	HANDLE UniqueProcessId;
2232	HANDLE HandleValue;
2233	ACCESS_MASK GrantedAccess;
2234	USHORT CreatorBackTraceIndex;
2235	USHORT ObjectTypeIndex;
2236	ULONG HandleAttributes;
2237	ULONG Reserved;
2238	} SYSTEM_HANDLE_ENTRY_INFO_EX;
2239	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2240
2241	/** Returned by SystemExtendedHandleInformation. */
2242	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2243	{
2244	ULONG_PTR NumberOfHandles;
2245	ULONG_PTR Reserved;
2246	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2247	} SYSTEM_HANDLE_INFORMATION_EX;
2248	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2249
2250	/** Input to SystemSessionProcessInformation. */
2251	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2252	{
2253	ULONG SessionId;
2254	ULONG BufferLength;
2255	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2256	PVOID Buffer;
2257	} SYSTEM_SESSION_PROCESS_INFORMATION;
2258	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2259
2260	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2261
2262	NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2263	NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2264
2265	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2266	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2267	#ifndef IPRT_NT_USE_WINTERNL
2268	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2269	#endif
2270	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2271	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2272	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2273
2274	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2275
2276	#ifdef IPRT_NT_USE_WINTERNL
2277	typedef enum _EVENT_TYPE
2278	{
2279	/* Manual reset event. */
2280	NotificationEvent = 0,
2281	/* Automaitc reset event. */
2282	SynchronizationEvent
2283	} EVENT_TYPE;
2284	#endif
2285	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2286	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2287	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2288	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2289	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2290	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2291	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2292	typedef enum _EVENT_INFORMATION_CLASS
2293	{
2294	EventBasicInformation = 0
2295	} EVENT_INFORMATION_CLASS;
2296	/** Data returned by NtQueryEvent + EventBasicInformation. */
2297	typedef struct EVENT_BASIC_INFORMATION
2298	{
2299	EVENT_TYPE EventType;
2300	ULONG EventState;
2301	} EVENT_BASIC_INFORMATION;
2302	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2303	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2304
2305	#ifdef IPRT_NT_USE_WINTERNL
2306	/** For NtQueryValueKey. */
2307	typedef enum _KEY_VALUE_INFORMATION_CLASS
2308	{
2309	KeyValueBasicInformation = 0,
2310	KeyValueFullInformation,
2311	KeyValuePartialInformation,
2312	KeyValueFullInformationAlign64,
2313	KeyValuePartialInformationAlign64
2314	} KEY_VALUE_INFORMATION_CLASS;
2315
2316	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2317	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2318	{
2319	ULONG TitleIndex;
2320	ULONG Type;
2321	ULONG DataLength;
2322	UCHAR Data[1];
2323	} KEY_VALUE_PARTIAL_INFORMATION;
2324	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2325	#endif
2326	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2327	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2328
2329
2330	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2331
2332
2333	typedef struct _CURDIR
2334	{
2335	UNICODE_STRING DosPath;
2336	HANDLE Handle;
2337	} CURDIR;
2338	typedef CURDIR *PCURDIR;
2339
2340	typedef struct _RTL_DRIVE_LETTER_CURDIR
2341	{
2342	USHORT Flags;
2343	USHORT Length;
2344	ULONG TimeStamp;
2345	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
2346	} RTL_DRIVE_LETTER_CURDIR;
2347	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2348
2349	typedef struct _RTL_USER_PROCESS_PARAMETERS
2350	{
2351	ULONG MaximumLength;
2352	ULONG Length;
2353	ULONG Flags;
2354	ULONG DebugFlags;
2355	HANDLE ConsoleHandle;
2356	ULONG ConsoleFlags;
2357	HANDLE StandardInput;
2358	HANDLE StandardOutput;
2359	HANDLE StandardError;
2360	CURDIR CurrentDirectory;
2361	UNICODE_STRING DllPath;
2362	UNICODE_STRING ImagePathName;
2363	UNICODE_STRING CommandLine;
2364	PWSTR Environment;
2365	ULONG StartingX;
2366	ULONG StartingY;
2367	ULONG CountX;
2368	ULONG CountY;
2369	ULONG CountCharsX;
2370	ULONG CountCharsY;
2371	ULONG FillAttribute;
2372	ULONG WindowFlags;
2373	ULONG ShowWindowFlags;
2374	UNICODE_STRING WindowTitle;
2375	UNICODE_STRING DesktopInfo;
2376	UNICODE_STRING ShellInfo;
2377	UNICODE_STRING RuntimeInfo;
2378	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2379	SIZE_T EnvironmentSize; /*< Added in Vista /
2380	SIZE_T EnvironmentVersion; /*< Added in Windows 7. /
2381	PVOID PackageDependencyData; /*< Added Windows 8? /
2382	ULONG ProcessGroupId; /*< Added Windows 8? /
2383	} RTL_USER_PROCESS_PARAMETERS;
2384	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2385	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2386
2387	typedef struct _RTL_USER_PROCESS_INFORMATION
2388	{
2389	ULONG Size;
2390	HANDLE ProcessHandle;
2391	HANDLE ThreadHandle;
2392	CLIENT_ID ClientId;
2393	SECTION_IMAGE_INFORMATION ImageInformation;
2394	} RTL_USER_PROCESS_INFORMATION;
2395	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2396
2397
2398	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2399	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2400	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2401	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2402	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2403	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2404	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2405	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2406	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2407	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2408
2409	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2410	typedef struct _RTL_CRITICAL_SECTION
2411	{
2412	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2413	LONG LockCount;
2414	LONG Recursioncount;
2415	HANDLE OwningThread;
2416	HANDLE LockSemaphore;
2417	ULONG_PTR SpinCount;
2418	} RTL_CRITICAL_SECTION;
2419	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2420	#endif
2421
2422	/NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);/
2423
2424	/** @def RTL_QUERY_REGISTRY_TYPECHECK
2425	* WDK 8.1+, backported in updates, ignored in older. */
2426	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
2427	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2428	#endif
2429	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2430	* WDK 8.1+, backported in updates, ignored in older. */
2431	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
2432	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2433	#endif
2434
2435
2436	RT_C_DECLS_END
2437	/** @} */
2438
2439
2440	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
2441	/** @name NT Kernel APIs
2442	* @{ */
2443	RT_C_DECLS_BEGIN
2444
2445	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
2446
2447	NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2448	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2449	NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2450	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2451	NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2452	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2453	NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2454	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2455	NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2456	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2457	NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2458	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2459	NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2460	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2461	NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2462	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2463	NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2464	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2465	NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2466	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2467	/** Works like anding the complemented subtrahend with the minuend. */
2468	NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2469	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2470	NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2471	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2472	NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2473	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2474	NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2475	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2476	NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2477	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2478	NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2479	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2480	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2481	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
2482	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
2483	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
2484	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2485	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2486	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2487	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2488	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
2489	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2490	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
2491	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2492	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2493	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
2494	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2495	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
2496
2497	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2498	PVOID pvOptionalConditions, PHANDLE phFound);
2499	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2500	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2501	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2502	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2503	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2504	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2505	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2506	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
2507	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
2508
2509	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2510	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2511
2512	RT_C_DECLS_END
2513	/** @ */
2514	#endif /* IN_RING0 */
2515
2516
2517	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
2518	/** @name NT Userland APIs
2519	* @{ */
2520	RT_C_DECLS_BEGIN
2521
2522	#if 0 /** @todo figure this out some time... */
2523	typedef struct CSR_MSG_DATA_CREATED_PROCESS
2524	{
2525	HANDLE hProcess;
2526	HANDLE hThread;
2527	CLIENT_ID
2528	DWORD idProcess;
2529	DWORD idThread;
2530	DWORD fCreate;
2531
2532	} CSR_MSG_DATA_CREATED_PROCESS;
2533
2534	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2535	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2536	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2537	#endif
2538
2539	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2540
2541	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2542	{
2543	ULONG Flags;
2544	PCUNICODE_STRING FullDllName;
2545	PCUNICODE_STRING BaseDllName;
2546	PVOID DllBase;
2547	ULONG SizeOfImage;
2548	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2549	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2550	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2551
2552	typedef union _LDR_DLL_NOTIFICATION_DATA
2553	{
2554	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2555	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2556	} LDR_DLL_NOTIFICATION_DATA;
2557	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2558	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2559
2560	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2561
2562	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2563	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2564	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2565	PVOID *pvCookie);
2566	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
2567	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2568	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2569
2570	NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2571	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2572	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2573	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2574	NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2575	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2576	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2577	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2578	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2579	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2580	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2581	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2582	/** @since Windows XP. */
2583	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2584	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2585	/** @since Windows XP. */
2586	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2587	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2588	/** @since Windows 7. */
2589	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2590	/** @since Windows 7. */
2591	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2592	/** @since Windows 7. */
2593	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2594	OUT PHANDLE phDll);
2595	/** @since Windows 7. */
2596	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2597	OUT PHANDLE phDll);
2598	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2599	NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2600	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2601	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2602	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2603	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2604	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2605	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2606	/** @since Windows Vista. */
2607	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2608	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2609	/** @since Windows Vista. */
2610	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
2611	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2612	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2613	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2614	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2615	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2616	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2617	/** @since Windows XP. */
2618	NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2619	/** @since Windows XP. */
2620	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
2621	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2622	/** @since Windows XP. */
2623	NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2624	/** @since Windows XP. */
2625	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2626
2627	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2628	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
2629	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2630	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2631	IN PCUNICODE_STRING pOrgName,
2632	IN PUNICODE_STRING pDefaultSuffix,
2633	IN OUT PUNICODE_STRING pStaticString,
2634	IN OUT PUNICODE_STRING pDynamicString,
2635	IN OUT PUNICODE_STRING *ppResultString,
2636	IN PULONG pfNewFlags OPTIONAL,
2637	IN PSIZE_T pcbFilename OPTIONAL,
2638	IN PSIZE_T pcbNeeded OPTIONAL);
2639
2640	# ifdef IPRT_NT_USE_WINTERNL
2641	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2642	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2643	typedef struct _RTL_HEAP_PARAMETERS
2644	{
2645	ULONG Length;
2646	SIZE_T SegmentReserve;
2647	SIZE_T SegmentCommit;
2648	SIZE_T DeCommitFreeBlockThreshold;
2649	SIZE_T DeCommitTotalFreeThreshold;
2650	SIZE_T MaximumAllocationSize;
2651	SIZE_T VirtualMemoryThreshold;
2652	SIZE_T InitialCommit;
2653	SIZE_T InitialReserve;
2654	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2655	SIZE_T Reserved[2];
2656	} RTL_HEAP_PARAMETERS;
2657	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2658	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2659	PRTL_HEAP_PARAMETERS pParameters);
2660	/** @name Heap flags (for RtlCreateHeap).
2661	* @{ */
2662	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2663	# define HEAP_GROWABLE UINT32_C(0x00000002)
2664	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2665	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2666	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2667	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2668	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2669	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2670	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2671	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2672	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2673	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2674	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2675	# define HEAP_CLASS_0 UINT32_C(0x00000000)
2676	# define HEAP_CLASS_1 UINT32_C(0x00001000)
2677	# define HEAP_CLASS_2 UINT32_C(0x00002000)
2678	# define HEAP_CLASS_3 UINT32_C(0x00003000)
2679	# define HEAP_CLASS_4 UINT32_C(0x00004000)
2680	# define HEAP_CLASS_5 UINT32_C(0x00005000)
2681	# define HEAP_CLASS_6 UINT32_C(0x00006000)
2682	# define HEAP_CLASS_7 UINT32_C(0x00007000)
2683	# define HEAP_CLASS_8 UINT32_C(0x00008000)
2684	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2685	# endif
2686	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2687	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2688	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2689	# define HEAP_CLASS_GDI HEAP_CLASS_3
2690	# define HEAP_CLASS_USER HEAP_CLASS_4
2691	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2692	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2693	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2694	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2695	# ifdef IPRT_NT_USE_WINTERNL
2696	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2697	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2698	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2699	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2700	# endif /* IPRT_NT_USE_WINTERNL */
2701	/** @} */
2702	# ifdef IPRT_NT_USE_WINTERNL
2703	/** @name Heap tagging constants
2704	* @{ */
2705	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2706	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2707	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2708	# define HEAP_TAG_SHIFT 18 */
2709	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2710	/** @} */
2711	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2712	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2713	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2714	# endif /* IPRT_NT_USE_WINTERNL */
2715	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2716	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2717	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2718	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2719	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2720	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2721	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2722	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2723	NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2724	NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2725	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2726
2727	RT_C_DECLS_END
2728	/** @} */
2729	#endif /* IN_RING3 */
2730
2731	#endif
2732

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 65238

Download in other formats: