VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 69705

Last change on this file since 69705 was 69705, checked in by vboxsync, 7 years ago

IPRT: VFS and NT path handling fixes.

  • Rewrote RTDirQueryInfo for NT. When RTDirOpen* now opens directories, it will request read-attribute access in additions to listing.
  • Major adjustment of the VFS path parser. It now accepts both slashes and will deal differently with '..' in operations on directories.
  • Implemented native RTDirRelPathQueryInfo for NT.
  • NT directory object (NT namespace objects, not file system dirs) fixes for NT specific RTDirRel APIs.
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 129.4 KB
Line 
1/* $Id: nt.h 69705 2017-11-15 16:42:59Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43# define NtQuerySystemInformation ZwQuerySystemInformation
44# define NtQuerySecurityObject ZwQuerySecurityObject
45# define NtSetInformationFile ZwSetInformationFile
46# define NtClose ZwClose
47# define NtCreateFile ZwCreateFile
48# define NtReadFile ZwReadFile
49# define NtWriteFile ZwWriteFile
50# define NtFlushBuffersFile ZwFlushBuffersFile
51/** @todo this is very incomplete! */
52#endif
53
54#include <ntstatus.h>
55
56/*
57 * Hacks common to both base header sets.
58 */
59#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60#define NtQueryObject Incomplete_NtQueryObject
61#define ZwQueryObject Incomplete_ZwQueryObject
62#define NtSetInformationObject Incomplete_NtSetInformationObject
63#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67#define _PEB Incomplete__PEB
68#define PEB Incomplete_PEB
69#define PPEB Incomplete_PPEB
70#define _TEB Incomplete__TEB
71#define TEB Incomplete_TEB
72#define PTEB Incomplete_PTEB
73#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82#ifdef IPRT_NT_USE_WINTERNL
83/*
84 * Use Winternl.h.
85 */
86# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129# pragma warning(push)
130# pragma warning(disable: 4668)
131# define WIN32_NO_STATUS
132# include <windef.h>
133# include <winnt.h>
134# include <winternl.h>
135# undef WIN32_NO_STATUS
136# include <ntstatus.h>
137# pragma warning(pop)
138
139
140# undef _FILE_INFORMATION_CLASS
141# undef FILE_INFORMATION_CLASS
142# undef FileDirectoryInformation
143
144# undef NtQueryInformationProcess
145# undef NtSetInformationProcess
146# undef PROCESSINFOCLASS
147# undef _PROCESSINFOCLASS
148# undef PROCESS_BASIC_INFORMATION
149# undef PPROCESS_BASIC_INFORMATION
150# undef _PROCESS_BASIC_INFORMATION
151# undef ProcessBasicInformation
152# undef ProcessDebugPort
153# undef ProcessWow64Information
154# undef ProcessImageFileName
155# undef ProcessBreakOnTermination
156
157# undef RTL_USER_PROCESS_PARAMETERS
158# undef PRTL_USER_PROCESS_PARAMETERS
159# undef _RTL_USER_PROCESS_PARAMETERS
160
161# undef NtQueryInformationThread
162# undef NtSetInformationThread
163# undef THREADINFOCLASS
164# undef _THREADINFOCLASS
165# undef ThreadIsIoPending
166
167# undef NtQuerySystemInformation
168# undef NtSetSystemInformation
169# undef SYSTEM_INFORMATION_CLASS
170# undef _SYSTEM_INFORMATION_CLASS
171# undef SystemBasicInformation
172# undef SystemPerformanceInformation
173# undef SystemTimeOfDayInformation
174# undef SystemProcessInformation
175# undef SystemProcessorPerformanceInformation
176# undef SystemInterruptInformation
177# undef SystemExceptionInformation
178# undef SystemRegistryQuotaInformation
179# undef SystemLookasideInformation
180# undef SystemPolicyInformation
181
182#else
183/*
184 * Use ntifs.h and wdm.h.
185 */
186# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
187# define FORCEINLINE static __forceinline
188# else
189# define FORCEINLINE static __inline
190# endif
191
192# pragma warning(push)
193# ifdef RT_ARCH_X86
194# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
195# pragma warning(disable: 4163)
196# endif
197# pragma warning(disable: 4668)
198# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
199# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
200# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
201# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
202# endif
203
204# include <ntifs.h>
205# include <wdm.h>
206
207# ifdef RT_ARCH_X86
208# undef _InterlockedAddLargeStatistic
209# endif
210# pragma warning(pop)
211
212# define IPRT_NT_NEED_API_GROUP_NTIFS
213#endif
214
215#undef RtlFreeUnicodeString
216#undef NtQueryObject
217#undef ZwQueryObject
218#undef NtSetInformationObject
219#undef _OBJECT_INFORMATION_CLASS
220#undef OBJECT_INFORMATION_CLASS
221#undef ObjectBasicInformation
222#undef ObjectTypeInformation
223#undef _PEB
224#undef PEB
225#undef PPEB
226#undef _TEB
227#undef TEB
228#undef PTEB
229#undef _PEB_LDR_DATA
230#undef PEB_LDR_DATA
231#undef PPEB_LDR_DATA
232#undef _KUSER_SHARED_DATA
233#undef KUSER_SHARED_DATA
234#undef PKUSER_SHARED_DATA
235
236
237#include <iprt/types.h>
238#include <iprt/assert.h>
239
240
241/** @name Useful macros
242 * @{ */
243/** Indicates that we're targeting native NT in the current source. */
244#define RTNT_USE_NATIVE_NT 1
245/** Initializes a IO_STATUS_BLOCK. */
246#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
247/** Reinitializes a IO_STATUS_BLOCK. */
248#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
249 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
250/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
251#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
252/** Constant UNICODE_STRING initializer. */
253#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
254/** @} */
255
256
257/** @name IPRT helper functions for NT
258 * @{ */
259RT_C_DECLS_BEGIN
260
261RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
262 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
263 PHANDLE phHandle, PULONG_PTR puDisposition);
264RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
265 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
266RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
267 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
268RTDECL(int) RTNtPathClose(HANDLE hHandle);
269
270/**
271 * Converts a windows-style path to NT format and encoding.
272 *
273 * @returns IPRT status code.
274 * @param pNtName Where to return the NT name. Free using
275 * RTNtPathFree.
276 * @param phRootDir Where to return the root handle, if applicable.
277 * @param pszPath The UTF-8 path.
278 */
279RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
280
281/**
282 * Converts a UTF-16 windows-style path to NT format.
283 *
284 * @returns IPRT status code.
285 * @param pNtName Where to return the NT name. Free using
286 * RTNtPathFree.
287 * @param phRootDir Where to return the root handle, if applicable.
288 * @param pwszPath The UTF-16 windows-style path.
289 * @param cwcPath The max length of the windows-style path in
290 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
291 * pwszPath is correctly terminated.
292 */
293RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
294
295/**
296 * How to handle ascent ('..' relative to a root handle).
297 */
298typedef enum RTNTPATHRELATIVEASCENT
299{
300 kRTNtPathRelativeAscent_Invalid = 0,
301 kRTNtPathRelativeAscent_Allow,
302 kRTNtPathRelativeAscent_Fail,
303 kRTNtPathRelativeAscent_Ignore,
304 kRTNtPathRelativeAscent_End,
305 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
306} RTNTPATHRELATIVEASCENT;
307
308/**
309 * Converts a relative windows-style path to relative NT format and encoding.
310 *
311 * @returns IPRT status code.
312 * @param pNtName Where to return the NT name. Free using
313 * rtTNtPathToNative with phRootDir set to NULL.
314 * @param phRootDir On input, the handle to the directory the path
315 * is relative to. On output, the handle to
316 * specify as root directory in the object
317 * attributes when accessing the path. If
318 * enmAscent is kRTNtPathRelativeAscent_Allow, it
319 * may have been set to NULL.
320 * @param pszPath The relative UTF-8 path.
321 * @param enmAscent How to handle ascent.
322 * @param fMustReturnAbsolute Must convert to an absolute path. This
323 * is necessary if the root dir is a NT directory
324 * object (e.g. /Devices) since they cannot parse
325 * relative paths it seems.
326 */
327RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
328 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
329
330/**
331 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
332 * chars plus a terminator.
333 *
334 * The NT string must have been returned by RTNtPathFromWinUtf8 or
335 * RTNtPathFromWinUtf16Ex.
336 *
337 * @returns IPRT status code.
338 * @param pNtName The NT path string.
339 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
340 * @sa RTNtPathFree
341 */
342RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
343
344/**
345 * Frees the native path and root handle.
346 *
347 * @param pNtName The NT path after a successful rtNtPathToNative
348 * call or RTNtPathRelativeFromUtf8.
349 * @param phRootDir The root handle variable from rtNtPathToNative,
350 */
351RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
352
353
354/**
355 * Checks whether the path could be containing alternative 8.3 names generated
356 * by NTFS, FAT, or other similar file systems.
357 *
358 * @returns Pointer to the first component that might be an 8.3 name, NULL if
359 * not 8.3 path.
360 * @param pwszPath The path to check.
361 *
362 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
363 * however, non-tilde 8.3 aliases are probably rare enough to not be
364 * worth all the extra code necessary to open each path component and
365 * check if we've got the short name or not.
366 */
367RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
368
369/**
370 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
371 * components.
372 *
373 * The path is fixed up in place. Errors are ignored.
374 *
375 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
376 * indicating the nature of last problem we ran into.
377 *
378 * @param pUniStr The path to fix up. MaximumLength is the max buffer
379 * length.
380 * @param fPathOnly Whether to only process the path and leave the filename
381 * as passed in.
382 */
383RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
384
385
386RT_C_DECLS_END
387/** @} */
388
389
390/** @name NT API delcarations.
391 * @{ */
392RT_C_DECLS_BEGIN
393
394/** @name Process access rights missing in ntddk headers
395 * @{ */
396#ifndef PROCESS_TERMINATE
397# define PROCESS_TERMINATE UINT32_C(0x00000001)
398#endif
399#ifndef PROCESS_CREATE_THREAD
400# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
401#endif
402#ifndef PROCESS_SET_SESSIONID
403# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
404#endif
405#ifndef PROCESS_VM_OPERATION
406# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
407#endif
408#ifndef PROCESS_VM_READ
409# define PROCESS_VM_READ UINT32_C(0x00000010)
410#endif
411#ifndef PROCESS_VM_WRITE
412# define PROCESS_VM_WRITE UINT32_C(0x00000020)
413#endif
414#ifndef PROCESS_DUP_HANDLE
415# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
416#endif
417#ifndef PROCESS_CREATE_PROCESS
418# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
419#endif
420#ifndef PROCESS_SET_QUOTA
421# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
422#endif
423#ifndef PROCESS_SET_INFORMATION
424# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
425#endif
426#ifndef PROCESS_QUERY_INFORMATION
427# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
428#endif
429#ifndef PROCESS_SUSPEND_RESUME
430# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
431#endif
432#ifndef PROCESS_QUERY_LIMITED_INFORMATION
433# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
434#endif
435#ifndef PROCESS_SET_LIMITED_INFORMATION
436# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
437#endif
438#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
439#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
440#ifndef PROCESS_ALL_ACCESS
441# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
442#endif
443/** @} */
444
445/** @name Thread access rights missing in ntddk headers
446 * @{ */
447#ifndef THREAD_QUERY_INFORMATION
448# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
449#endif
450#ifndef THREAD_SET_THREAD_TOKEN
451# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
452#endif
453#ifndef THREAD_IMPERSONATE
454# define THREAD_IMPERSONATE UINT32_C(0x00000100)
455#endif
456#ifndef THREAD_DIRECT_IMPERSONATION
457# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
458#endif
459#ifndef THREAD_RESUME
460# define THREAD_RESUME UINT32_C(0x00001000)
461#endif
462#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
463#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
464#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
465/** @} */
466
467/** @name Special handle values.
468 * @{ */
469#ifndef NtCurrentProcess
470# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
471#endif
472#ifndef NtCurrentThread
473# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
474#endif
475#ifndef ZwCurrentProcess
476# define ZwCurrentProcess() NtCurrentProcess()
477#endif
478#ifndef ZwCurrentThread
479# define ZwCurrentThread() NtCurrentThread()
480#endif
481/** @} */
482
483
484/** @name Directory object access rights.
485 * @{ */
486#ifndef DIRECTORY_QUERY
487# define DIRECTORY_QUERY UINT32_C(0x00000001)
488#endif
489#ifndef DIRECTORY_TRAVERSE
490# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
491#endif
492#ifndef DIRECTORY_CREATE_OBJECT
493# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
494#endif
495#ifndef DIRECTORY_CREATE_SUBDIRECTORY
496# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
497#endif
498#ifndef DIRECTORY_ALL_ACCESS
499# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
500#endif
501/** @} */
502
503
504
505#ifdef IPRT_NT_USE_WINTERNL
506typedef struct _CLIENT_ID
507{
508 HANDLE UniqueProcess;
509 HANDLE UniqueThread;
510} CLIENT_ID;
511typedef CLIENT_ID *PCLIENT_ID;
512#endif
513
514/** Extended affinity type, introduced in Windows 7 (?). */
515typedef struct _KAFFINITY_EX
516{
517 /** Count of valid bitmap entries. */
518 uint16_t Count;
519 /** Count of allocated bitmap entries. */
520 uint16_t Size;
521 /** Reserved / aligmment padding. */
522 uint32_t Reserved;
523 /** Bitmap where one bit corresponds to a CPU. */
524 uintptr_t Bitmap[20];
525} KAFFINITY_EX;
526typedef KAFFINITY_EX *PKAFFINITY_EX;
527typedef KAFFINITY_EX const *PCKAFFINITY_EX;
528
529/** @name User Shared Data
530 * @{ */
531
532#ifdef IPRT_NT_USE_WINTERNL
533typedef struct _KSYSTEM_TIME
534{
535 ULONG LowPart;
536 LONG High1Time;
537 LONG High2Time;
538} KSYSTEM_TIME;
539typedef KSYSTEM_TIME *PKSYSTEM_TIME;
540
541typedef enum _NT_PRODUCT_TYPE
542{
543 NtProductWinNt = 1,
544 NtProductLanManNt,
545 NtProductServer
546} NT_PRODUCT_TYPE;
547
548#define PROCESSOR_FEATURE_MAX 64
549
550typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
551{
552 StandardDesign = 0,
553 NEC98x86,
554 EndAlternatives
555} ALTERNATIVE_ARCHITECTURE_TYPE;
556
557# if 0
558typedef struct _XSTATE_FEATURE
559{
560 ULONG Offset;
561 ULONG Size;
562} XSTATE_FEATURE;
563typedef XSTATE_FEATURE *PXSTATE_FEATURE;
564
565#define MAXIMUM_XSTATE_FEATURES 64
566
567typedef struct _XSTATE_CONFIGURATION
568{
569 ULONG64 EnabledFeatures;
570 ULONG Size;
571 ULONG OptimizedSave : 1;
572 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
573} XSTATE_CONFIGURATION;
574typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
575# endif
576#endif /* IPRT_NT_USE_WINTERNL */
577
578typedef struct _KUSER_SHARED_DATA
579{
580 ULONG TickCountLowDeprecated; /**< 0x000 */
581 ULONG TickCountMultiplier; /**< 0x004 */
582 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
583 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
584 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
585 USHORT ImageNumberLow; /**< 0x02c */
586 USHORT ImageNumberHigh; /**< 0x02e */
587 WCHAR NtSystemRoot[260]; /**< 0x030 */
588 ULONG MaxStackTraceDepth; /**< 0x238 */
589 ULONG CryptoExponent; /**< 0x23c */
590 ULONG TimeZoneId; /**< 0x240 */
591 ULONG LargePageMinimum; /**< 0x244 */
592 ULONG AitSamplingValue; /**< 0x248 */
593 ULONG AppCompatFlag; /**< 0x24c */
594 ULONGLONG RNGSeedVersion; /**< 0x250 */
595 ULONG GlobalValidationRunlevel; /**< 0x258 */
596 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
597 ULONG Reserved2; /**< 0x260 */
598 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
599 BOOLEAN ProductTypeIsValid; /**< 0x268 */
600 BOOLEAN Reserved0[1]; /**< 0x269 */
601 USHORT NativeProcessorArchitecture; /**< 0x26a */
602 ULONG NtMajorVersion; /**< 0x26c */
603 ULONG NtMinorVersion; /**< 0x270 */
604 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
605 ULONG Reserved1; /**< 0x2b4 */
606 ULONG Reserved3; /**< 0x2b8 */
607 ULONG volatile TimeSlip; /**< 0x2bc */
608 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
609 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
610 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
611 ULONG SuiteMask; /**< 0x2d0 */
612 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
613 union /**< 0x2d5 */
614 {
615 UCHAR MitigationPolicies; /**< 0x2d5 */
616 struct
617 {
618 UCHAR NXSupportPolicy : 2;
619 UCHAR SEHValidationPolicy : 2;
620 UCHAR CurDirDevicesSkippedForDlls : 2;
621 UCHAR Reserved : 2;
622 };
623 };
624 UCHAR Reserved6[2]; /**< 0x2d6 */
625 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
626 ULONG volatile DismountCount; /**< 0x2dc */
627 ULONG ComPlusPackage; /**< 0x2e0 */
628 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
629 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
630 BOOLEAN SafeBootMode; /**< 0x2ec */
631 UCHAR Reserved12[3]; /**< 0x2ed */
632 union /**< 0x2f0 */
633 {
634 ULONG SharedDataFlags; /**< 0x2f0 */
635 struct
636 {
637 ULONG DbgErrorPortPresent : 1;
638 ULONG DbgElevationEnabled : 1;
639 ULONG DbgVirtEnabled : 1;
640 ULONG DbgInstallerDetectEnabled : 1;
641 ULONG DbgLkgEnabled : 1;
642 ULONG DbgDynProcessorEnabled : 1;
643 ULONG DbgConsoleBrokerEnabled : 1;
644 ULONG DbgSecureBootEnabled : 1;
645 ULONG SpareBits : 24;
646 };
647 };
648 ULONG DataFlagsPad[1]; /**< 0x2f4 */
649 ULONGLONG TestRetInstruction; /**< 0x2f8 */
650 LONGLONG QpcFrequency; /**< 0x300 */
651 ULONGLONG SystemCallPad[3]; /**< 0x308 */
652 union /**< 0x320 */
653 {
654 ULONG64 volatile TickCountQuad; /**< 0x320 */
655 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
656 struct /**< 0x320 */
657 {
658 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
659 ULONG TickCountPad[1]; /**< 0x32c */
660 };
661 };
662 ULONG Cookie; /**< 0x330 */
663 ULONG CookiePad[1]; /**< 0x334 */
664 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
665 ULONGLONG TimeUpdateLock; /**< 0x340 */
666 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
667 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
668 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
669 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
670 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
671 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
672 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
673 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
674 UCHAR Reserved8[14]; /**< 0x372 */
675 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
676 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
677 ULONG LangGenerationCount; /**< 0x3a4 */
678 ULONGLONG Reserved4; /**< 0x3a8 */
679 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 */
680 ULONGLONG volatile QpcBias; /**< 0x3b8 */
681 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
682 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
683 UCHAR Reserved9; /**< 0x3c5 */
684 union /**< 0x3c6 */
685 {
686 USHORT QpcData; /**< 0x3c6 */
687 struct /**< 0x3c6 */
688 {
689 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
690 UCHAR QpcShift; /**< 0x3c7 */
691 };
692 };
693 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
694 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
695 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
696} KUSER_SHARED_DATA;
697typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
698AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
699AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
700AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
701AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
702AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
703AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
704AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
705AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
706AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
707/** @def MM_SHARED_USER_DATA_VA
708 * Read only userland mapping of KUSER_SHARED_DATA. */
709#ifndef MM_SHARED_USER_DATA_VA
710# if ARCH_BITS == 32
711# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
712# elif ARCH_BITS == 64
713# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
714# else
715# error "Unsupported/undefined ARCH_BITS value."
716# endif
717#endif
718/** @def KI_USER_SHARED_DATA
719 * Read write kernel mapping of KUSER_SHARED_DATA. */
720#ifndef KI_USER_SHARED_DATA
721# ifdef RT_ARCH_X86
722# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
723# elif defined(RT_ARCH_AMD64)
724# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
725# else
726# error "PORT ME - KI_USER_SHARED_DATA"
727# endif
728#endif
729/** @} */
730
731
732/** @name Process And Thread Environment Blocks
733 * @{ */
734
735typedef struct _PEB_LDR_DATA
736{
737 uint32_t Length;
738 BOOLEAN Initialized;
739 BOOLEAN Padding[3];
740 HANDLE SsHandle;
741 LIST_ENTRY InLoadOrderModuleList;
742 LIST_ENTRY InMemoryOrderModuleList;
743 LIST_ENTRY InInitializationOrderModuleList;
744 /* End NT4 */
745 LIST_ENTRY *EntryInProgress;
746 BOOLEAN ShutdownInProgress;
747 HANDLE ShutdownThreadId;
748} PEB_LDR_DATA;
749typedef PEB_LDR_DATA *PPEB_LDR_DATA;
750
751typedef struct _PEB_COMMON
752{
753 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
754 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
755 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
756 union
757 {
758 uint8_t BitField; /**< 0x003 / 0x003 */
759 struct
760 {
761 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
762 } Common;
763 struct
764 {
765 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
766 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
767 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
768 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
769 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
770 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
771 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
772 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
773 } W81;
774 struct
775 {
776 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
777 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
778 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
779 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
780 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
781 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
782 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
783 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
784 } W80;
785 struct
786 {
787 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
788 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
789 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
790 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
791 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
792 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
793 } W7;
794 struct
795 {
796 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
797 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
798 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
799 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
800 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
801 } W6;
802 struct
803 {
804 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
805 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
806 } W52;
807 struct
808 {
809 BOOLEAN SpareBool;
810 } W51;
811 } Diff0;
812#if ARCH_BITS == 64
813 uint32_t Padding0; /**< 0x004 / NA */
814#endif
815 HANDLE Mutant; /**< 0x008 / 0x004 */
816 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
817 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
818 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
819 PVOID SubSystemData; /**< 0x028 / 0x014 */
820 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
821 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
822 union
823 {
824 struct
825 {
826 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
827 PVOID IFEOKey; /**< 0x048 / 0x024 */
828 union
829 {
830 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
831 struct
832 {
833 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
834 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
835 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
836 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
837 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
838 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
839 } W7, W8, W80, W81;
840 struct
841 {
842 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
843 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
844 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
845 } W6;
846 };
847#if ARCH_BITS == 64
848 uint32_t Padding1; /**< 0x054 / */
849#endif
850 } W6, W7, W8, W80, W81;
851 struct
852 {
853 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
854 PVOID SparePtr2; /**< 0x048 / 0x024 */
855 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
856#if ARCH_BITS == 64
857 uint32_t Padding1; /**< 0x054 / */
858#endif
859 } W52;
860 struct
861 {
862 PVOID FastPebLockRoutine; /**< NA / 0x020 */
863 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
864 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
865 } W51;
866 } Diff1;
867 union
868 {
869 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
870 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
871 };
872 uint32_t SystemReserved; /**< 0x060 / 0x030 */
873 union
874 {
875 struct
876 {
877 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
878 } W7, W8, W80, W81;
879 struct
880 {
881 uint32_t SpareUlong; /**< 0x064 / 0x034 */
882 } W52, W6;
883 struct
884 {
885 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
886 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
887 } W51;
888 } Diff2;
889 union
890 {
891 struct
892 {
893 PVOID ApiSetMap; /**< 0x068 / 0x038 */
894 } W7, W8, W80, W81;
895 struct
896 {
897 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
898 } W52, W6;
899 struct
900 {
901 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
902 } W51;
903 } Diff3;
904 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
905#if ARCH_BITS == 64
906 uint32_t Padding2; /**< 0x074 / NA */
907#endif
908 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
909 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
910 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
911 union
912 {
913 struct
914 {
915 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
916 } W81;
917 struct
918 {
919 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
920 } W6, W7, W80;
921 struct
922 {
923 PVOID ReadOnlySharedMemoryHeap;
924 } W52;
925 } Diff4;
926 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
927 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
928 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
929 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
930 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
931 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
932 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
933 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
934 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
935 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
936 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
937 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
938 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
939 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 */
940 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
941 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
942 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
943#if ARCH_BITS == 64
944 uint32_t Padding3; /**< 0x10c / NA */
945#endif
946 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
947 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
948 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
949 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
950 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
951 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
952 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
953 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
954 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
955#if ARCH_BITS == 64
956 uint32_t Padding4; /**< 0x134 / NA */
957#endif
958 union
959 {
960 struct
961 {
962 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
963 } W7, W8, W80, W81;
964 struct
965 {
966 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
967 } W52, W6;
968 } Diff5;
969 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
970 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
971 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
972 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
973 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
974#if ARCH_BITS == 64
975 uint32_t Padding5; /**< 0x2c4 / NA */
976#endif
977 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
978 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
979 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
980 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
981 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
982 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
983 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
984 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
985 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
986 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
987 /* End of PEB in W52 (Windows XP (RTM))! */
988 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
989 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
990 PVOID FlsBitmap; /**< 0x338 / 0x218 */
991 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
992 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
993 /* End of PEB in W52 (Windows Server 2003)! */
994 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
995 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
996 /* End of PEB in W6 (windows Vista)! */
997 union
998 {
999 struct
1000 {
1001 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1002 } W8, W80, W81;
1003 struct
1004 {
1005 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1006 } W7;
1007 } Diff6;
1008 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1009 union
1010 {
1011 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1012 struct
1013 {
1014 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1015 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1016 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1017 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1018 } W8, W80, W81;
1019 struct
1020 {
1021 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1022 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1023 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1024 } W7;
1025 } Diff7;
1026#if ARCH_BITS == 64
1027 uint32_t Padding6; /**< 0x37c / NA */
1028#endif
1029 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1030 /* End of PEB in W8, W81. */
1031 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1032 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1033 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1034#if ARCH_BITS == 32
1035 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1036#endif
1037} PEB_COMMON;
1038typedef PEB_COMMON *PPEB_COMMON;
1039
1040AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1041AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1042AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1043AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1044AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1045AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1046AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1047AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1048AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1049
1050/** The size of the windows 10 (build 14393) PEB structure. */
1051#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1052/** The size of the windows 8.1 PEB structure. */
1053#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1054/** The size of the windows 8.0 PEB structure. */
1055#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1056/** The size of the windows 7 PEB structure. */
1057#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1058/** The size of the windows vista PEB structure. */
1059#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1060/** The size of the windows server 2003 PEB structure. */
1061#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1062/** The size of the windows XP PEB structure. */
1063#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1064
1065#if 0
1066typedef struct _NT_TIB
1067{
1068 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1069 PVOID StackBase;
1070 PVOID StackLimit;
1071 PVOID SubSystemTib;
1072 union
1073 {
1074 PVOID FiberData;
1075 ULONG Version;
1076 };
1077 PVOID ArbitraryUserPointer;
1078 struct _NT_TIB *Self;
1079} NT_TIB;
1080typedef NT_TIB *PNT_TIB;
1081#endif
1082
1083typedef struct _ACTIVATION_CONTEXT_STACK
1084{
1085 uint32_t Flags;
1086 uint32_t NextCookieSequenceNumber;
1087 PVOID ActiveFrame;
1088 LIST_ENTRY FrameListCache;
1089} ACTIVATION_CONTEXT_STACK;
1090
1091/* Common TEB. */
1092typedef struct _TEB_COMMON
1093{
1094 NT_TIB NtTib; /**< 0x000 / 0x000 */
1095 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1096 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1097 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1098 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1099 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1100 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1101 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1102 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1103 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1104 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1105 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1106 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1107 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1108 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1109 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1110 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1111#if ARCH_BITS == 64
1112 uint32_t Padding0; /**< 0x2c4 / NA */
1113#endif
1114 union
1115 {
1116 struct
1117 {
1118 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1119 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1120 } W52, W6, W7, W8, W80, W81;
1121#if ARCH_BITS == 32
1122 struct
1123 {
1124 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1125 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1126 } W51;
1127#endif
1128 } Diff0;
1129 union
1130 {
1131 struct
1132 {
1133 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1134 } W6, W7, W8, W80, W81;
1135 struct
1136 {
1137 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1138 } W52;
1139 } Diff1;
1140#if ARCH_BITS == 64
1141 uint32_t Padding1; /**< 0x2ec / NA */
1142#endif
1143 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1144 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1145 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1146 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1147 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1148 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1149 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1150 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1151 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1152 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1153 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1154 PVOID glSection; /**< 0x1230 / 0xbe4 */
1155 PVOID glTable; /**< 0x1238 / 0xbe8 */
1156 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1157 PVOID glContext; /**< 0x1248 / 0xbf0 */
1158 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1159#if ARCH_BITS == 64
1160 uint32_t Padding2; /**< 0x1254 / NA */
1161#endif
1162 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1163 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1164#if ARCH_BITS == 64
1165 WCHAR Padding3[3]; /**< 0x1472 / NA */
1166#endif
1167 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1168 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1169 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1170 PVOID Vdm; /**< 0x1690 / 0xf18 */
1171 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1172 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1173 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1174#if ARCH_BITS == 64
1175 uint32_t Padding4; /**< 0x16b4 / NA */
1176#endif
1177 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1178 union
1179 {
1180 struct
1181 {
1182 GUID ActivityId; /**< 0x1710 / 0xf50 */
1183 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1184 } W6, W7, W8, W80, W81;
1185 struct
1186 {
1187 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1188 } W52;
1189 } Diff2;
1190 union /**< 0x1728 / 0xf64 */
1191 {
1192 struct
1193 {
1194 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1195 } W8, W80, W81;
1196 struct
1197 {
1198 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1199 } W7, W6;
1200 struct
1201 {
1202 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1203 } W52;
1204 struct
1205 {
1206 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1207 } W51;
1208 } Diff3;
1209 union
1210 {
1211 struct
1212 {
1213 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1214 } W52, W6, W7, W8, W80, W81;
1215 struct
1216 {
1217 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1218 } W51;
1219 } Diff4;
1220 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1221 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1222 union
1223 {
1224 union
1225 {
1226 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1227 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1228 struct
1229 {
1230 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1231 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1232 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1233 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1234 };
1235 } W6, W7, W8, W80, W81;
1236 struct
1237 {
1238 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1239 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1240 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1241 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1242 } W51, W52;
1243 } Diff5;
1244 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1245#if ARCH_BITS == 64
1246 uint32_t Padding5; /**< 0x174c / NA */
1247#endif
1248 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1249 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1250 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1251#if ARCH_BITS == 64
1252 uint32_t Padding6; /**< 0x1764 / NA */
1253#endif
1254 union /**< 0x1770 / 0xf8c */
1255 {
1256 struct
1257 {
1258 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1259 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1260 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1261 } W8, W80, W81;
1262 struct
1263 {
1264 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1265 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1266 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1267 } W6, W7;
1268 struct
1269 {
1270 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1271 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1272 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1273 } W52;
1274#if ARCH_BITS == 32
1275 struct _Wx86ThreadState
1276 {
1277 PVOID CallBx86Eip; /**< NA / 0xf88 */
1278 PVOID DeallocationCpu; /**< NA / 0xf8c */
1279 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1280 int8_t OleStubInvoked; /**< NA / 0xf91 */
1281 } W51;
1282#endif
1283 } Diff6;
1284 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1285#if ARCH_BITS == 64
1286 PVOID DallocationBStore; /**< 0x1788 / NA */
1287 PVOID BStoreLimit; /**< 0x1790 / NA */
1288#endif
1289 union
1290 {
1291 struct
1292 {
1293 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1294 } W7, W8, W80, W81;
1295 struct
1296 {
1297 uint32_t ImpersonationLocale;
1298 } W6;
1299 } Diff7;
1300 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1301 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1302 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1303 union /**< 0x17b0 / 0xfa8 */
1304 {
1305 struct
1306 {
1307 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1308 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1309 } W8, W80, W81;
1310 struct
1311 {
1312 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1313 } W7;
1314 } Diff8;
1315#if ARCH_BITS == 64
1316 uint32_t Padding7; /**< 0x17b4 / NA */
1317#endif
1318 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1319 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1320 /* End of TEB in W51 (Windows XP)! */
1321 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1322 union
1323 {
1324 struct
1325 {
1326 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1327 } W6, W7, W8, W80, W81;
1328 struct
1329 {
1330 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1331 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1332 /* End of TEB in W52 (Windows server 2003)! */
1333 } W52;
1334 } Diff9;
1335 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1336 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1337 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1338 union
1339 {
1340 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1341 struct
1342 {
1343 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1344 };
1345 };
1346 union
1347 {
1348 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1349 struct
1350 {
1351 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1352 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1353 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1354 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1355 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1356 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1357 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1358 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1359 } Common;
1360 struct
1361 {
1362 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1363 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1364 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1365 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1366 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1367 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1368 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1369 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1370 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1371 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1372 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1373 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1374 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1375 } W8, W80, W81;
1376 struct
1377 {
1378 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1379 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1380 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1381 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1382 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1383 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1384 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1385 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1386 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1387 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1388 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1389 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1390 } W7;
1391 struct
1392 {
1393 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1394 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1395 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1396 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1397 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1398 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1399 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1400 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1401 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1402 } W6;
1403 } Diff10;
1404 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1405 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1406 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1407 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1408 union
1409 {
1410 struct
1411 {
1412 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1413 } W7, W8, W80, W81;
1414 struct
1415 {
1416 uint32_t ProcessRundown;
1417 } W6;
1418 } Diff11;
1419 union
1420 {
1421 struct
1422 {
1423 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1424 /* End of TEB in W7 (windows 7)! */
1425 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1426 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1427 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1428 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1429 /* End of TEB in W10 14393! */
1430 } W8, W80, W81, W10;
1431 struct
1432 {
1433 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1434 } W7;
1435 struct
1436 {
1437 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1438 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1439 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1440 /* End of TEB in W6 (windows Vista)! */
1441 } W6;
1442 } Diff12;
1443} TEB_COMMON;
1444typedef TEB_COMMON *PTEB_COMMON;
1445AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1446AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1447AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1448AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1449AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1450AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1451AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1452AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1453AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1454AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1455AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1456AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1457AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1458
1459
1460/** The size of the windows 8.1 PEB structure. */
1461#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1462/** The size of the windows 8.1 PEB structure. */
1463#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1464/** The size of the windows 8.0 PEB structure. */
1465#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1466/** The size of the windows 7 PEB structure. */
1467#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1468/** The size of the windows vista PEB structure. */
1469#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1470/** The size of the windows server 2003 PEB structure. */
1471#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1472/** The size of the windows XP PEB structure. */
1473#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1474
1475
1476
1477#define _PEB _PEB_COMMON
1478typedef PEB_COMMON PEB;
1479typedef PPEB_COMMON PPEB;
1480
1481#define _TEB _TEB_COMMON
1482typedef TEB_COMMON TEB;
1483typedef PTEB_COMMON PTEB;
1484
1485#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1486# ifdef RT_ARCH_X86
1487DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1488DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1489DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1490# elif defined(RT_ARCH_AMD64)
1491DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1492DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1493DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1494# else
1495# error "Port me"
1496# endif
1497#else
1498# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1499# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1500# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1501#endif
1502#define NtCurrentPeb() RTNtCurrentPeb()
1503
1504
1505/** @} */
1506
1507
1508#ifdef IPRT_NT_USE_WINTERNL
1509NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1510typedef enum _SECTION_INHERIT
1511{
1512 ViewShare = 1,
1513 ViewUnmap
1514} SECTION_INHERIT;
1515#endif
1516NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1517 ULONG, ULONG);
1518NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1519NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1520
1521#ifdef IPRT_NT_USE_WINTERNL
1522typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1523{
1524 ULONG FileSystemAttributes;
1525 LONG MaximumComponentNameLength;
1526 ULONG FileSystemNameLength;
1527 WCHAR FileSystemName[1];
1528} FILE_FS_ATTRIBUTE_INFORMATION;
1529typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1530
1531NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1532NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1533NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1534NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1535
1536typedef enum _FSINFOCLASS
1537{
1538 FileFsVolumeInformation = 1,
1539 FileFsLabelInformation,
1540 FileFsSizeInformation,
1541 FileFsDeviceInformation,
1542 FileFsAttributeInformation,
1543 FileFsControlInformation,
1544 FileFsFullSizeInformation,
1545 FileFsObjectIdInformation,
1546 FileFsDriverPathInformation,
1547 FileFsVolumeFlagsInformation,
1548 FileFsSectorSizeInformation,
1549 FileFsDataCopyInformation,
1550 FileFsMaximumInformation
1551} FS_INFORMATION_CLASS;
1552typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1553NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1554
1555typedef struct _FILE_BOTH_DIR_INFORMATION
1556{
1557 ULONG NextEntryOffset;
1558 ULONG FileIndex;
1559 LARGE_INTEGER CreationTime;
1560 LARGE_INTEGER LastAccessTime;
1561 LARGE_INTEGER LastWriteTime;
1562 LARGE_INTEGER ChangeTime;
1563 LARGE_INTEGER EndOfFile;
1564 LARGE_INTEGER AllocationSize;
1565 ULONG FileAttributes;
1566 ULONG FileNameLength;
1567 ULONG EaSize;
1568 CCHAR ShortNameLength;
1569 WCHAR ShortName[12];
1570 WCHAR FileName[1];
1571} FILE_BOTH_DIR_INFORMATION;
1572typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1573typedef struct _FILE_BASIC_INFORMATION
1574{
1575 LARGE_INTEGER CreationTime;
1576 LARGE_INTEGER LastAccessTime;
1577 LARGE_INTEGER LastWriteTime;
1578 LARGE_INTEGER ChangeTime;
1579 ULONG FileAttributes;
1580} FILE_BASIC_INFORMATION;
1581typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1582typedef struct _FILE_STANDARD_INFORMATION
1583{
1584 LARGE_INTEGER AllocationSize;
1585 LARGE_INTEGER EndOfFile;
1586 ULONG NumberOfLinks;
1587 BOOLEAN DeletePending;
1588 BOOLEAN Directory;
1589} FILE_STANDARD_INFORMATION;
1590typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1591typedef struct _FILE_NAME_INFORMATION
1592{
1593 ULONG FileNameLength;
1594 WCHAR FileName[1];
1595} FILE_NAME_INFORMATION;
1596typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1597typedef struct _FILE_NETWORK_OPEN_INFORMATION
1598{
1599 LARGE_INTEGER CreationTime;
1600 LARGE_INTEGER LastAccessTime;
1601 LARGE_INTEGER LastWriteTime;
1602 LARGE_INTEGER ChangeTime;
1603 LARGE_INTEGER AllocationSize;
1604 LARGE_INTEGER EndOfFile;
1605 ULONG FileAttributes;
1606} FILE_NETWORK_OPEN_INFORMATION;
1607typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1608typedef enum _FILE_INFORMATION_CLASS
1609{
1610 FileDirectoryInformation = 1,
1611 FileFullDirectoryInformation,
1612 FileBothDirectoryInformation,
1613 FileBasicInformation,
1614 FileStandardInformation,
1615 FileInternalInformation,
1616 FileEaInformation,
1617 FileAccessInformation,
1618 FileNameInformation,
1619 FileRenameInformation,
1620 FileLinkInformation,
1621 FileNamesInformation,
1622 FileDispositionInformation,
1623 FilePositionInformation,
1624 FileFullEaInformation,
1625 FileModeInformation,
1626 FileAlignmentInformation,
1627 FileAllInformation,
1628 FileAllocationInformation,
1629 FileEndOfFileInformation,
1630 FileAlternateNameInformation,
1631 FileStreamInformation,
1632 FilePipeInformation,
1633 FilePipeLocalInformation,
1634 FilePipeRemoteInformation,
1635 FileMailslotQueryInformation,
1636 FileMailslotSetInformation,
1637 FileCompressionInformation,
1638 FileObjectIdInformation,
1639 FileCompletionInformation,
1640 FileMoveClusterInformation,
1641 FileQuotaInformation,
1642 FileReparsePointInformation,
1643 FileNetworkOpenInformation,
1644 FileAttributeTagInformation,
1645 FileTrackingInformation,
1646 FileIdBothDirectoryInformation,
1647 FileIdFullDirectoryInformation,
1648 FileValidDataLengthInformation,
1649 FileShortNameInformation,
1650 FileIoCompletionNotificationInformation,
1651 FileIoStatusBlockRangeInformation,
1652 FileIoPriorityHintInformation,
1653 FileSfioReserveInformation,
1654 FileSfioVolumeInformation,
1655 FileHardLinkInformation,
1656 FileProcessIdsUsingFileInformation,
1657 FileNormalizedNameInformation,
1658 FileNetworkPhysicalNameInformation,
1659 FileIdGlobalTxDirectoryInformation,
1660 FileIsRemoteDeviceInformation,
1661 FileUnusedInformation,
1662 FileNumaNodeInformation,
1663 FileStandardLinkInformation,
1664 FileRemoteProtocolInformation,
1665 FileRenameInformationBypassAccessCheck,
1666 FileLinkInformationBypassAccessCheck,
1667 FileVolumeNameInformation,
1668 FileIdInformation,
1669 FileIdExtdDirectoryInformation,
1670 FileReplaceCompletionInformation,
1671 FileHardLinkFullIdInformation,
1672 FileMaximumInformation
1673} FILE_INFORMATION_CLASS;
1674typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1675NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1676NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1677 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1678NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1679#endif /* IPRT_NT_USE_WINTERNL */
1680NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1681NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1682
1683#ifdef IPRT_NT_USE_WINTERNL
1684
1685/** For use with KeyBasicInformation. */
1686typedef struct _KEY_BASIC_INFORMATION
1687{
1688 LARGE_INTEGER LastWriteTime;
1689 ULONG TitleIndex;
1690 ULONG NameLength;
1691 WCHAR Name[1];
1692} KEY_BASIC_INFORMATION;
1693typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1694
1695/** For use with KeyNodeInformation. */
1696typedef struct _KEY_NODE_INFORMATION
1697{
1698 LARGE_INTEGER LastWriteTime;
1699 ULONG TitleIndex;
1700 ULONG ClassOffset; /**< Offset from the start of the structure. */
1701 ULONG ClassLength;
1702 ULONG NameLength;
1703 WCHAR Name[1];
1704} KEY_NODE_INFORMATION;
1705typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1706
1707/** For use with KeyFullInformation. */
1708typedef struct _KEY_FULL_INFORMATION
1709{
1710 LARGE_INTEGER LastWriteTime;
1711 ULONG TitleIndex;
1712 ULONG ClassOffset; /**< Offset of the Class member. */
1713 ULONG ClassLength;
1714 ULONG SubKeys;
1715 ULONG MaxNameLen;
1716 ULONG MaxClassLen;
1717 ULONG Values;
1718 ULONG MaxValueNameLen;
1719 ULONG MaxValueDataLen;
1720 WCHAR Class[1];
1721} KEY_FULL_INFORMATION;
1722typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1723
1724/** For use with KeyNameInformation. */
1725typedef struct _KEY_NAME_INFORMATION
1726{
1727 ULONG NameLength;
1728 WCHAR Name[1];
1729} KEY_NAME_INFORMATION;
1730typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1731
1732/** For use with KeyCachedInformation. */
1733typedef struct _KEY_CACHED_INFORMATION
1734{
1735 LARGE_INTEGER LastWriteTime;
1736 ULONG TitleIndex;
1737 ULONG SubKeys;
1738 ULONG MaxNameLen;
1739 ULONG Values;
1740 ULONG MaxValueNameLen;
1741 ULONG MaxValueDataLen;
1742 ULONG NameLength;
1743} KEY_CACHED_INFORMATION;
1744typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1745
1746/** For use with KeyVirtualizationInformation. */
1747typedef struct _KEY_VIRTUALIZATION_INFORMATION
1748{
1749 ULONG VirtualizationCandidate : 1;
1750 ULONG VirtualizationEnabled : 1;
1751 ULONG VirtualTarget : 1;
1752 ULONG VirtualStore : 1;
1753 ULONG VirtualSource : 1;
1754 ULONG Reserved : 27;
1755} KEY_VIRTUALIZATION_INFORMATION;
1756typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1757
1758typedef enum _KEY_INFORMATION_CLASS
1759{
1760 KeyBasicInformation = 0,
1761 KeyNodeInformation,
1762 KeyFullInformation,
1763 KeyNameInformation,
1764 KeyCachedInformation,
1765 KeyFlagsInformation,
1766 KeyVirtualizationInformation,
1767 KeyHandleTagsInformation,
1768 MaxKeyInfoClass
1769} KEY_INFORMATION_CLASS;
1770NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1771NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1772
1773typedef struct _MEMORY_SECTION_NAME
1774{
1775 UNICODE_STRING SectionFileName;
1776 WCHAR NameBuffer[1];
1777} MEMORY_SECTION_NAME;
1778
1779#ifdef IPRT_NT_USE_WINTERNL
1780typedef struct _PROCESS_BASIC_INFORMATION
1781{
1782 NTSTATUS ExitStatus;
1783 PPEB PebBaseAddress;
1784 ULONG_PTR AffinityMask;
1785 int32_t BasePriority;
1786 ULONG_PTR UniqueProcessId;
1787 ULONG_PTR InheritedFromUniqueProcessId;
1788} PROCESS_BASIC_INFORMATION;
1789typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1790#endif
1791
1792typedef enum _PROCESSINFOCLASS
1793{
1794 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1795 ProcessQuotaLimits, /**< 1 / 0x01 */
1796 ProcessIoCounters, /**< 2 / 0x02 */
1797 ProcessVmCounters, /**< 3 / 0x03 */
1798 ProcessTimes, /**< 4 / 0x04 */
1799 ProcessBasePriority, /**< 5 / 0x05 */
1800 ProcessRaisePriority, /**< 6 / 0x06 */
1801 ProcessDebugPort, /**< 7 / 0x07 */
1802 ProcessExceptionPort, /**< 8 / 0x08 */
1803 ProcessAccessToken, /**< 9 / 0x09 */
1804 ProcessLdtInformation, /**< 10 / 0x0a */
1805 ProcessLdtSize, /**< 11 / 0x0b */
1806 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1807 ProcessIoPortHandlers, /**< 13 / 0x0d */
1808 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1809 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1810 ProcessUserModeIOPL, /**< 16 / 0x10 */
1811 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1812 ProcessPriorityClass, /**< 18 / 0x12 */
1813 ProcessWx86Information, /**< 19 / 0x13 */
1814 ProcessHandleCount, /**< 20 / 0x14 */
1815 ProcessAffinityMask, /**< 21 / 0x15 */
1816 ProcessPriorityBoost, /**< 22 / 0x16 */
1817 ProcessDeviceMap, /**< 23 / 0x17 */
1818 ProcessSessionInformation, /**< 24 / 0x18 */
1819 ProcessForegroundInformation, /**< 25 / 0x19 */
1820 ProcessWow64Information, /**< 26 / 0x1a */
1821 ProcessImageFileName, /**< 27 / 0x1b */
1822 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1823 ProcessBreakOnTermination, /**< 29 / 0x1d */
1824 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1825 ProcessDebugFlags, /**< 31 / 0x1f */
1826 ProcessHandleTracing, /**< 32 / 0x20 */
1827 ProcessIoPriority, /**< 33 / 0x21 */
1828 ProcessExecuteFlags, /**< 34 / 0x22 */
1829 ProcessTlsInformation, /**< 35 / 0x23 */
1830 ProcessCookie, /**< 36 / 0x24 */
1831 ProcessImageInformation, /**< 37 / 0x25 */
1832 ProcessCycleTime, /**< 38 / 0x26 */
1833 ProcessPagePriority, /**< 39 / 0x27 */
1834 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1835 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1836 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1837 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1838 ProcessImageFileMapping, /**< 44 / 0x2c */
1839 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1840 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1841 ProcessGroupInformation, /**< 47 / 0x2f */
1842 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1843 ProcessConsoleHostProcess, /**< 49 / 0x31 */
1844 ProcessWindowsInformation, /**< 50 / 0x32 */
1845 ProcessUnknown51,
1846 ProcessUnknown52,
1847 ProcessUnknown53,
1848 ProcessUnknown54,
1849 ProcessUnknown55,
1850 ProcessUnknown56,
1851 ProcessUnknown57,
1852 ProcessUnknown58,
1853 ProcessUnknown59,
1854 ProcessUnknown60,
1855 ProcessUnknown61,
1856 ProcessUnknown62,
1857 ProcessUnknown63,
1858 ProcessUnknown64,
1859 ProcessUnknown65,
1860 ProcessUnknown66,
1861 ProcessMaybe_KeSetCpuSetsProcess, /**< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. */
1862 MaxProcessInfoClass /**< 68 / 0x44 */
1863} PROCESSINFOCLASS;
1864NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1865
1866typedef enum _THREADINFOCLASS
1867{
1868 ThreadBasicInformation = 0,
1869 ThreadTimes,
1870 ThreadPriority,
1871 ThreadBasePriority,
1872 ThreadAffinityMask,
1873 ThreadImpersonationToken,
1874 ThreadDescriptorTableEntry,
1875 ThreadEnableAlignmentFaultFixup,
1876 ThreadEventPair_Reusable,
1877 ThreadQuerySetWin32StartAddress,
1878 ThreadZeroTlsCell,
1879 ThreadPerformanceCount,
1880 ThreadAmILastThread,
1881 ThreadIdealProcessor,
1882 ThreadPriorityBoost,
1883 ThreadSetTlsArrayAddress,
1884 ThreadIsIoPending,
1885 ThreadHideFromDebugger,
1886 ThreadBreakOnTermination,
1887 ThreadSwitchLegacyState,
1888 ThreadIsTerminated,
1889 ThreadLastSystemCall,
1890 ThreadIoPriority,
1891 ThreadCycleTime,
1892 ThreadPagePriority,
1893 ThreadActualBasePriority,
1894 ThreadTebInformation,
1895 ThreadCSwitchMon,
1896 ThreadCSwitchPmu,
1897 ThreadWow64Context,
1898 ThreadGroupInformation,
1899 ThreadUmsInformation,
1900 ThreadCounterProfiling,
1901 ThreadIdealProcessorEx,
1902 ThreadCpuAccountingInformation,
1903 MaxThreadInfoClass
1904} THREADINFOCLASS;
1905NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1906
1907NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1908
1909NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1910NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1911NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1912
1913NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1914NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1915
1916NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1917NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1918NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1919NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1920NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1921NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1922NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1923NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1924NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1925
1926#endif /* IPRT_NT_USE_WINTERNL */
1927
1928typedef enum _OBJECT_INFORMATION_CLASS
1929{
1930 ObjectBasicInformation = 0,
1931 ObjectNameInformation,
1932 ObjectTypeInformation,
1933 ObjectAllInformation,
1934 ObjectDataInformation
1935} OBJECT_INFORMATION_CLASS;
1936typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1937#ifdef IN_RING0
1938# define NtQueryObject ZwQueryObject
1939#endif
1940NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1941NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1942NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1943
1944NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1945
1946typedef struct _OBJECT_DIRECTORY_INFORMATION
1947{
1948 UNICODE_STRING Name;
1949 UNICODE_STRING TypeName;
1950} OBJECT_DIRECTORY_INFORMATION;
1951typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1952NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1953
1954NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1955NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1956/** @name ProcessDefaultHardErrorMode bit definitions.
1957 * @{ */
1958#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1959#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1960#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1961#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1962/** @} */
1963NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1964NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1965
1966/** Retured by ProcessImageInformation as well as NtQuerySection. */
1967typedef struct _SECTION_IMAGE_INFORMATION
1968{
1969 PVOID TransferAddress;
1970 ULONG ZeroBits;
1971 SIZE_T MaximumStackSize;
1972 SIZE_T CommittedStackSize;
1973 ULONG SubSystemType;
1974 union
1975 {
1976 struct
1977 {
1978 USHORT SubSystemMinorVersion;
1979 USHORT SubSystemMajorVersion;
1980 };
1981 ULONG SubSystemVersion;
1982 };
1983 ULONG GpValue;
1984 USHORT ImageCharacteristics;
1985 USHORT DllCharacteristics;
1986 USHORT Machine;
1987 BOOLEAN ImageContainsCode;
1988 union /**< Since Vista, used to be a spare BOOLEAN. */
1989 {
1990 struct
1991 {
1992 UCHAR ComPlusNativeRead : 1;
1993 UCHAR ComPlusILOnly : 1;
1994 UCHAR ImageDynamicallyRelocated : 1;
1995 UCHAR ImageMAppedFlat : 1;
1996 UCHAR Reserved : 4;
1997 };
1998 UCHAR ImageFlags;
1999 };
2000 ULONG LoaderFlags;
2001 ULONG ImageFileSize; /**< Since XP? */
2002 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2003} SECTION_IMAGE_INFORMATION;
2004typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2005
2006typedef enum _SECTION_INFORMATION_CLASS
2007{
2008 SectionBasicInformation = 0,
2009 SectionImageInformation,
2010 MaxSectionInfoClass
2011} SECTION_INFORMATION_CLASS;
2012NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2013
2014NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2015NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2016NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2017#ifndef SYMBOLIC_LINK_QUERY
2018# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2019#endif
2020#ifndef SYMBOLIC_LINK_ALL_ACCESS
2021# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2022#endif
2023
2024NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2025NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2026NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2027NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2028NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2029NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2030
2031
2032#ifndef SEC_FILE
2033# define SEC_FILE UINT32_C(0x00800000)
2034#endif
2035#ifndef SEC_IMAGE
2036# define SEC_IMAGE UINT32_C(0x01000000)
2037#endif
2038#ifndef SEC_PROTECTED_IMAGE
2039# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2040#endif
2041#ifndef SEC_NOCACHE
2042# define SEC_NOCACHE UINT32_C(0x10000000)
2043#endif
2044#ifndef MEM_ROTATE
2045# define MEM_ROTATE UINT32_C(0x00800000)
2046#endif
2047typedef enum _MEMORY_INFORMATION_CLASS
2048{
2049 MemoryBasicInformation = 0,
2050 MemoryWorkingSetList,
2051 MemorySectionName,
2052 MemoryBasicVlmInformation
2053} MEMORY_INFORMATION_CLASS;
2054#ifdef IN_RING0
2055typedef struct _MEMORY_BASIC_INFORMATION
2056{
2057 PVOID BaseAddress;
2058 PVOID AllocationBase;
2059 ULONG AllocationProtect;
2060 SIZE_T RegionSize;
2061 ULONG State;
2062 ULONG Protect;
2063 ULONG Type;
2064} MEMORY_BASIC_INFORMATION;
2065typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2066# define NtQueryVirtualMemory ZwQueryVirtualMemory
2067#endif
2068NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2069#ifdef IPRT_NT_USE_WINTERNL
2070NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2071#endif
2072NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2073NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2074
2075typedef enum _SYSTEM_INFORMATION_CLASS
2076{
2077 SystemBasicInformation = 0,
2078 SystemCpuInformation,
2079 SystemPerformanceInformation,
2080 SystemTimeOfDayInformation,
2081 SystemInformation_Unknown_4,
2082 SystemProcessInformation,
2083 SystemInformation_Unknown_6,
2084 SystemInformation_Unknown_7,
2085 SystemProcessorPerformanceInformation,
2086 SystemInformation_Unknown_9,
2087 SystemInformation_Unknown_10,
2088 SystemModuleInformation,
2089 SystemInformation_Unknown_12,
2090 SystemInformation_Unknown_13,
2091 SystemInformation_Unknown_14,
2092 SystemInformation_Unknown_15,
2093 SystemHandleInformation,
2094 SystemInformation_Unknown_17,
2095 SystemPageFileInformation,
2096 SystemInformation_Unknown_19,
2097 SystemInformation_Unknown_20,
2098 SystemCacheInformation,
2099 SystemInformation_Unknown_22,
2100 SystemInterruptInformation,
2101 SystemDpcBehaviourInformation,
2102 SystemFullMemoryInformation,
2103 SystemLoadGdiDriverInformation, /* 26 */
2104 SystemUnloadGdiDriverInformation, /* 27 */
2105 SystemTimeAdjustmentInformation,
2106 SystemSummaryMemoryInformation,
2107 SystemInformation_Unknown_30,
2108 SystemInformation_Unknown_31,
2109 SystemInformation_Unknown_32,
2110 SystemExceptionInformation,
2111 SystemCrashDumpStateInformation,
2112 SystemKernelDebuggerInformation,
2113 SystemContextSwitchInformation,
2114 SystemRegistryQuotaInformation,
2115 SystemInformation_Unknown_38,
2116 SystemInformation_Unknown_39,
2117 SystemInformation_Unknown_40,
2118 SystemInformation_Unknown_41,
2119 SystemInformation_Unknown_42,
2120 SystemInformation_Unknown_43,
2121 SystemCurrentTimeZoneInformation,
2122 SystemLookasideInformation,
2123 SystemSetTimeSlipEvent,
2124 SystemCreateSession,
2125 SystemDeleteSession,
2126 SystemInformation_Unknown_49,
2127 SystemRangeStartInformation,
2128 SystemVerifierInformation,
2129 SystemInformation_Unknown_52,
2130 SystemSessionProcessInformation,
2131 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2132 SystemInformation_Unknown_55,
2133 SystemInformation_Unknown_56,
2134 SystemExtendedProcessInformation,
2135 SystemInformation_Unknown_58,
2136 SystemInformation_Unknown_59,
2137 SystemInformation_Unknown_60,
2138 SystemInformation_Unknown_61,
2139 SystemInformation_Unknown_62,
2140 SystemInformation_Unknown_63,
2141 SystemExtendedHandleInformation, /* 64 */
2142 SystemInformation_Unknown_65,
2143 SystemInformation_Unknown_66,
2144 SystemInformation_Unknown_67,
2145 SystemInformation_Unknown_68,
2146 SystemInformation_HotPatchInfo, /* 69 */
2147 SystemInformation_Unknown_70,
2148 SystemInformation_Unknown_71,
2149 SystemInformation_Unknown_72,
2150 SystemInformation_Unknown_73,
2151 SystemInformation_Unknown_74,
2152 SystemInformation_Unknown_75,
2153 SystemInformation_Unknown_76,
2154 SystemInformation_Unknown_77,
2155 SystemInformation_Unknown_78,
2156 SystemInformation_Unknown_79,
2157 SystemInformation_Unknown_80,
2158 SystemInformation_Unknown_81,
2159 SystemInformation_Unknown_82,
2160 SystemInformation_Unknown_83,
2161 SystemInformation_Unknown_84,
2162 SystemInformation_Unknown_85,
2163 SystemInformation_Unknown_86,
2164 SystemInformation_Unknown_87,
2165 SystemInformation_Unknown_88,
2166 SystemInformation_Unknown_89,
2167 SystemInformation_Unknown_90,
2168 SystemInformation_Unknown_91,
2169 SystemInformation_Unknown_92,
2170 SystemInformation_Unknown_93,
2171 SystemInformation_Unknown_94,
2172 SystemInformation_Unknown_95,
2173 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2174 SystemInformation_Unknown_97,
2175 SystemInformation_Unknown_98,
2176 SystemInformation_Unknown_99,
2177 SystemInformation_Unknown_100,
2178 SystemInformation_Unknown_101,
2179 SystemInformation_Unknown_102,
2180 SystemInformation_Unknown_103,
2181 SystemInformation_Unknown_104,
2182 SystemInformation_Unknown_105,
2183 SystemInformation_Unknown_107,
2184 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2185
2186 /** @todo fill gap. they've added a whole bunch of things */
2187 SystemPolicyInformation = 134,
2188 SystemInformationClassMax
2189} SYSTEM_INFORMATION_CLASS;
2190
2191#ifdef IPRT_NT_USE_WINTERNL
2192typedef struct _VM_COUNTERS
2193{
2194 SIZE_T PeakVirtualSize;
2195 SIZE_T VirtualSize;
2196 ULONG PageFaultCount;
2197 SIZE_T PeakWorkingSetSize;
2198 SIZE_T WorkingSetSize;
2199 SIZE_T QuotaPeakPagedPoolUsage;
2200 SIZE_T QuotaPagedPoolUsage;
2201 SIZE_T QuotaPeakNonPagedPoolUsage;
2202 SIZE_T QuotaNonPagedPoolUsage;
2203 SIZE_T PagefileUsage;
2204 SIZE_T PeakPagefileUsage;
2205} VM_COUNTERS;
2206typedef VM_COUNTERS *PVM_COUNTERS;
2207#endif
2208
2209#if 0
2210typedef struct _IO_COUNTERS
2211{
2212 ULONGLONG ReadOperationCount;
2213 ULONGLONG WriteOperationCount;
2214 ULONGLONG OtherOperationCount;
2215 ULONGLONG ReadTransferCount;
2216 ULONGLONG WriteTransferCount;
2217 ULONGLONG OtherTransferCount;
2218} IO_COUNTERS;
2219typedef IO_COUNTERS *PIO_COUNTERS;
2220#endif
2221
2222typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2223{
2224 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2225 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2226 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2227 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2228 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2229 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2230 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2231 int32_t BasePriority; /**< 0x40 / 0x48 */
2232 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2233 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2234 ULONG HandleCount; /**< 0x4c / 0x60 */
2235 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2236 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2237 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2238 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2239 /* After this follows the threads, then the ProcessName.Buffer. */
2240} RTNT_SYSTEM_PROCESS_INFORMATION;
2241typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2242#ifndef IPRT_NT_USE_WINTERNL
2243typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2244typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2245#endif
2246
2247typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2248{
2249 USHORT UniqueProcessId;
2250 USHORT CreatorBackTraceIndex;
2251 UCHAR ObjectTypeIndex;
2252 UCHAR HandleAttributes;
2253 USHORT HandleValue;
2254 PVOID Object;
2255 ULONG GrantedAccess;
2256} SYSTEM_HANDLE_ENTRY_INFO;
2257typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2258
2259/** Returned by SystemHandleInformation */
2260typedef struct _SYSTEM_HANDLE_INFORMATION
2261{
2262 ULONG NumberOfHandles;
2263 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2264} SYSTEM_HANDLE_INFORMATION;
2265typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2266
2267/** Extended handle information entry.
2268 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2269typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2270{
2271 PVOID Object;
2272 HANDLE UniqueProcessId;
2273 HANDLE HandleValue;
2274 ACCESS_MASK GrantedAccess;
2275 USHORT CreatorBackTraceIndex;
2276 USHORT ObjectTypeIndex;
2277 ULONG HandleAttributes;
2278 ULONG Reserved;
2279} SYSTEM_HANDLE_ENTRY_INFO_EX;
2280typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2281
2282/** Returned by SystemExtendedHandleInformation. */
2283typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2284{
2285 ULONG_PTR NumberOfHandles;
2286 ULONG_PTR Reserved;
2287 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2288} SYSTEM_HANDLE_INFORMATION_EX;
2289typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2290
2291/** Returned by SystemSessionProcessInformation. */
2292typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2293{
2294 ULONG SessionId;
2295 ULONG BufferLength;
2296 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2297 PVOID Buffer;
2298} SYSTEM_SESSION_PROCESS_INFORMATION;
2299typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2300
2301typedef struct _RTL_PROCESS_MODULE_INFORMATION
2302{
2303 HANDLE Section; /**< 0x00 / 0x00 */
2304 PVOID MappedBase; /**< 0x04 / 0x08 */
2305 PVOID ImageBase; /**< 0x08 / 0x10 */
2306 ULONG ImageSize; /**< 0x0c / 0x18 */
2307 ULONG Flags; /**< 0x10 / 0x1c */
2308 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
2309 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
2310 USHORT LoadCount; /**< 0x18 / 0x24 */
2311 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
2312 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
2313} RTL_PROCESS_MODULE_INFORMATION;
2314typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
2315
2316/** Returned by SystemModuleInformation. */
2317typedef struct _RTL_PROCESS_MODULES
2318{
2319 ULONG NumberOfModules;
2320 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
2321} RTL_PROCESS_MODULES;
2322typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
2323
2324NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2325
2326NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2327NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2328
2329NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2330NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2331#ifndef IPRT_NT_USE_WINTERNL
2332NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2333#endif
2334typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2335typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2336NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2337
2338NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2339
2340#ifdef IPRT_NT_USE_WINTERNL
2341typedef enum _EVENT_TYPE
2342{
2343 /* Manual reset event. */
2344 NotificationEvent = 0,
2345 /* Automaitc reset event. */
2346 SynchronizationEvent
2347} EVENT_TYPE;
2348#endif
2349NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2350NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2351typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2352NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2353NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2354NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2355typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2356typedef enum _EVENT_INFORMATION_CLASS
2357{
2358 EventBasicInformation = 0
2359} EVENT_INFORMATION_CLASS;
2360/** Data returned by NtQueryEvent + EventBasicInformation. */
2361typedef struct EVENT_BASIC_INFORMATION
2362{
2363 EVENT_TYPE EventType;
2364 ULONG EventState;
2365} EVENT_BASIC_INFORMATION;
2366typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2367NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2368
2369#ifdef IPRT_NT_USE_WINTERNL
2370/** For NtQueryValueKey. */
2371typedef enum _KEY_VALUE_INFORMATION_CLASS
2372{
2373 KeyValueBasicInformation = 0,
2374 KeyValueFullInformation,
2375 KeyValuePartialInformation,
2376 KeyValueFullInformationAlign64,
2377 KeyValuePartialInformationAlign64
2378} KEY_VALUE_INFORMATION_CLASS;
2379
2380/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2381typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2382{
2383 ULONG TitleIndex;
2384 ULONG Type;
2385 ULONG DataLength;
2386 UCHAR Data[1];
2387} KEY_VALUE_PARTIAL_INFORMATION;
2388typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2389#endif
2390NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2391NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2392
2393
2394NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2395
2396
2397typedef struct _CURDIR
2398{
2399 UNICODE_STRING DosPath;
2400 HANDLE Handle;
2401} CURDIR;
2402typedef CURDIR *PCURDIR;
2403
2404typedef struct _RTL_DRIVE_LETTER_CURDIR
2405{
2406 USHORT Flags;
2407 USHORT Length;
2408 ULONG TimeStamp;
2409 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2410} RTL_DRIVE_LETTER_CURDIR;
2411typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2412
2413typedef struct _RTL_USER_PROCESS_PARAMETERS
2414{
2415 ULONG MaximumLength;
2416 ULONG Length;
2417 ULONG Flags;
2418 ULONG DebugFlags;
2419 HANDLE ConsoleHandle;
2420 ULONG ConsoleFlags;
2421 HANDLE StandardInput;
2422 HANDLE StandardOutput;
2423 HANDLE StandardError;
2424 CURDIR CurrentDirectory;
2425 UNICODE_STRING DllPath;
2426 UNICODE_STRING ImagePathName;
2427 UNICODE_STRING CommandLine;
2428 PWSTR Environment;
2429 ULONG StartingX;
2430 ULONG StartingY;
2431 ULONG CountX;
2432 ULONG CountY;
2433 ULONG CountCharsX;
2434 ULONG CountCharsY;
2435 ULONG FillAttribute;
2436 ULONG WindowFlags;
2437 ULONG ShowWindowFlags;
2438 UNICODE_STRING WindowTitle;
2439 UNICODE_STRING DesktopInfo;
2440 UNICODE_STRING ShellInfo;
2441 UNICODE_STRING RuntimeInfo;
2442 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2443 SIZE_T EnvironmentSize; /**< Added in Vista */
2444 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2445 PVOID PackageDependencyData; /**< Added Windows 8? */
2446 ULONG ProcessGroupId; /**< Added Windows 8? */
2447} RTL_USER_PROCESS_PARAMETERS;
2448typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2449#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2450
2451typedef struct _RTL_USER_PROCESS_INFORMATION
2452{
2453 ULONG Size;
2454 HANDLE ProcessHandle;
2455 HANDLE ThreadHandle;
2456 CLIENT_ID ClientId;
2457 SECTION_IMAGE_INFORMATION ImageInformation;
2458} RTL_USER_PROCESS_INFORMATION;
2459typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2460
2461
2462NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2463 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2464NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2465 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2466 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2467 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2468 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2469NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2470NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2471 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2472
2473#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2474typedef struct _RTL_CRITICAL_SECTION
2475{
2476 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2477 LONG LockCount;
2478 LONG Recursioncount;
2479 HANDLE OwningThread;
2480 HANDLE LockSemaphore;
2481 ULONG_PTR SpinCount;
2482} RTL_CRITICAL_SECTION;
2483typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2484#endif
2485
2486/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2487
2488/** @def RTL_QUERY_REGISTRY_TYPECHECK
2489 * WDK 8.1+, backported in updates, ignored in older. */
2490#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2491# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2492#endif
2493/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2494 * WDK 8.1+, backported in updates, ignored in older. */
2495#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2496# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2497#endif
2498
2499
2500RT_C_DECLS_END
2501/** @} */
2502
2503
2504#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2505/** @name NT Kernel APIs
2506 * @{ */
2507RT_C_DECLS_BEGIN
2508
2509typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2510
2511NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2512typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2513NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2514typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2515NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2516typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2517NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2518typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2519NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2520typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2521NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2522typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2523NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2524typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2525NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2526typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2527NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2528typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2529NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2530typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2531/** Works like anding the complemented subtrahend with the minuend. */
2532NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2533typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2534NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2535typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2536NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2537typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2538NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2539typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2540NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2541typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2542NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2543typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2544typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2545typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2546typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2547typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2548typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2549typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2550typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2551typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2552typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2553typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2554typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2555 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2556 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2557typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2558typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2559typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2560
2561NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2562 PVOID pvOptionalConditions, PHANDLE phFound);
2563NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2564 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2565 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2566NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2567NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2568NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2569NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2570extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2571extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2572
2573typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2574typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2575
2576RT_C_DECLS_END
2577/** @ */
2578#endif /* IN_RING0 */
2579
2580
2581#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2582/** @name NT Userland APIs
2583 * @{ */
2584RT_C_DECLS_BEGIN
2585
2586#if 0 /** @todo figure this out some time... */
2587typedef struct CSR_MSG_DATA_CREATED_PROCESS
2588{
2589 HANDLE hProcess;
2590 HANDLE hThread;
2591 CLIENT_ID
2592 DWORD idProcess;
2593 DWORD idThread;
2594 DWORD fCreate;
2595
2596} CSR_MSG_DATA_CREATED_PROCESS;
2597
2598#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2599#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2600NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2601#endif
2602
2603NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2604
2605typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2606{
2607 ULONG Flags;
2608 PCUNICODE_STRING FullDllName;
2609 PCUNICODE_STRING BaseDllName;
2610 PVOID DllBase;
2611 ULONG SizeOfImage;
2612} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2613typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2614typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2615
2616typedef union _LDR_DLL_NOTIFICATION_DATA
2617{
2618 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2619 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2620} LDR_DLL_NOTIFICATION_DATA;
2621typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2622typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2623
2624typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2625
2626#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2627#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2628NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2629 PVOID *pvCookie);
2630typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2631NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2632typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2633
2634NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2635 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2636typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2637 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2638NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2639typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2640NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2641 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2642typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2643 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2644#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2645#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2646/** @since Windows XP. */
2647NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2648 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2649/** @since Windows XP. */
2650typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2651 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2652/** @since Windows 7. */
2653NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2654/** @since Windows 7. */
2655typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2656/** @since Windows 7. */
2657NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2658 OUT PHANDLE phDll);
2659/** @since Windows 7. */
2660typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2661 OUT PHANDLE phDll);
2662#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2663NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2664typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2665NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2666 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2667typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2668 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2669#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2670/** @since Windows Vista. */
2671NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2672 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2673/** @since Windows Vista. */
2674typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2675 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2676#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2677#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2678#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2679#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2680#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2681/** @since Windows XP. */
2682NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2683/** @since Windows XP. */
2684typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2685#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2686/** @since Windows XP. */
2687NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2688/** @since Windows XP. */
2689typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2690
2691NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2692NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2693NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2694NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2695 IN PCUNICODE_STRING pOrgName,
2696 IN PUNICODE_STRING pDefaultSuffix,
2697 IN OUT PUNICODE_STRING pStaticString,
2698 IN OUT PUNICODE_STRING pDynamicString,
2699 IN OUT PUNICODE_STRING *ppResultString,
2700 IN PULONG pfNewFlags OPTIONAL,
2701 IN PSIZE_T pcbFilename OPTIONAL,
2702 IN PSIZE_T pcbNeeded OPTIONAL);
2703/** @since Windows 8.
2704 * @note Status code is always zero in windows 10 build 14393. */
2705NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2706/** @copydoc ApiSetQueryApiSetPresence */
2707typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2708
2709
2710# ifdef IPRT_NT_USE_WINTERNL
2711typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2712typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2713typedef struct _RTL_HEAP_PARAMETERS
2714{
2715 ULONG Length;
2716 SIZE_T SegmentReserve;
2717 SIZE_T SegmentCommit;
2718 SIZE_T DeCommitFreeBlockThreshold;
2719 SIZE_T DeCommitTotalFreeThreshold;
2720 SIZE_T MaximumAllocationSize;
2721 SIZE_T VirtualMemoryThreshold;
2722 SIZE_T InitialCommit;
2723 SIZE_T InitialReserve;
2724 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2725 SIZE_T Reserved[2];
2726} RTL_HEAP_PARAMETERS;
2727typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2728NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2729 PRTL_HEAP_PARAMETERS pParameters);
2730/** @name Heap flags (for RtlCreateHeap).
2731 * @{ */
2732/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2733# define HEAP_GROWABLE UINT32_C(0x00000002)
2734# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2735# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2736# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2737# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2738# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2739# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2740# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2741# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2742# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2743# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2744# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2745# define HEAP_CLASS_0 UINT32_C(0x00000000)
2746# define HEAP_CLASS_1 UINT32_C(0x00001000)
2747# define HEAP_CLASS_2 UINT32_C(0x00002000)
2748# define HEAP_CLASS_3 UINT32_C(0x00003000)
2749# define HEAP_CLASS_4 UINT32_C(0x00004000)
2750# define HEAP_CLASS_5 UINT32_C(0x00005000)
2751# define HEAP_CLASS_6 UINT32_C(0x00006000)
2752# define HEAP_CLASS_7 UINT32_C(0x00007000)
2753# define HEAP_CLASS_8 UINT32_C(0x00008000)
2754# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2755# endif
2756# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2757# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2758# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2759# define HEAP_CLASS_GDI HEAP_CLASS_3
2760# define HEAP_CLASS_USER HEAP_CLASS_4
2761# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2762# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2763# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2764# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2765# ifdef IPRT_NT_USE_WINTERNL
2766/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2767# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2768# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2769# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2770# endif /* IPRT_NT_USE_WINTERNL */
2771/** @} */
2772# ifdef IPRT_NT_USE_WINTERNL
2773/** @name Heap tagging constants
2774 * @{ */
2775# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2776/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2777# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2778# define HEAP_TAG_SHIFT 18 */
2779# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2780/** @} */
2781NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2782NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2783NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2784# endif /* IPRT_NT_USE_WINTERNL */
2785NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2786NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2787NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2788NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2789NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2790NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2791NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2792NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2793NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2794NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2795typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2796
2797RT_C_DECLS_END
2798/** @} */
2799#endif /* IN_RING3 */
2800
2801#endif
2802
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette