VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 76553

Last change on this file since 76553 was 76553, checked in by vboxsync, 6 years ago

scm --update-copyright-year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 138.2 KB
Line 
1/* $Id: nt.h 76553 2019-01-01 01:45:53Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2019 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29#ifndef RT_WITHOUT_PRAGMA_ONCE
30# pragma once
31#endif
32
33/** @def IPRT_NT_MAP_TO_ZW
34 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35 * to the APIs (takes care of the previous context checks).
36 */
37#ifdef DOXYGEN_RUNNING
38# define IPRT_NT_MAP_TO_ZW
39#endif
40
41#ifdef IPRT_NT_MAP_TO_ZW
42# define NtQueryInformationFile ZwQueryInformationFile
43# define NtQueryInformationProcess ZwQueryInformationProcess
44# define NtQueryInformationThread ZwQueryInformationThread
45# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
46# define NtQuerySystemInformation ZwQuerySystemInformation
47# define NtQuerySecurityObject ZwQuerySecurityObject
48# define NtSetInformationFile ZwSetInformationFile
49# define NtClose ZwClose
50# define NtCreateFile ZwCreateFile
51# define NtReadFile ZwReadFile
52# define NtWriteFile ZwWriteFile
53# define NtFlushBuffersFile ZwFlushBuffersFile
54/** @todo this is very incomplete! */
55#endif
56
57#include <ntstatus.h>
58
59/*
60 * Hacks common to both base header sets.
61 */
62#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
63#define NtQueryObject Incomplete_NtQueryObject
64#define ZwQueryObject Incomplete_ZwQueryObject
65#define NtSetInformationObject Incomplete_NtSetInformationObject
66#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
67#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68#define ObjectBasicInformation Incomplete_ObjectBasicInformation
69#define ObjectTypeInformation Incomplete_ObjectTypeInformation
70#define _PEB Incomplete__PEB
71#define PEB Incomplete_PEB
72#define PPEB Incomplete_PPEB
73#define _TEB Incomplete__TEB
74#define TEB Incomplete_TEB
75#define PTEB Incomplete_PTEB
76#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
77#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
78#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
79#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
80#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
81#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
82
83
84
85#ifdef IPRT_NT_USE_WINTERNL
86/*
87 * Use Winternl.h.
88 */
89# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
90# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
92
93# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
94# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
95# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
96# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
98# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
99# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
100# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
101# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
102# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
103# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
104# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
105
106# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
107# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
108# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
109
110# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
111# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
112# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
113# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
115
116# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
117# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
118# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
119# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
121# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
122# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
123# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
124# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
125# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
126# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
127# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
128# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
129# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
130
131
132# pragma warning(push)
133# pragma warning(disable: 4668)
134# define WIN32_NO_STATUS
135# include <windef.h>
136# include <winnt.h>
137# include <winternl.h>
138# undef WIN32_NO_STATUS
139# include <ntstatus.h>
140# pragma warning(pop)
141
142# ifndef OBJ_DONT_REPARSE
143# define RTNT_NEED_CLIENT_ID
144# endif
145
146# undef _FILE_INFORMATION_CLASS
147# undef FILE_INFORMATION_CLASS
148# undef FileDirectoryInformation
149
150# undef NtQueryInformationProcess
151# undef NtSetInformationProcess
152# undef PROCESSINFOCLASS
153# undef _PROCESSINFOCLASS
154# undef PROCESS_BASIC_INFORMATION
155# undef PPROCESS_BASIC_INFORMATION
156# undef _PROCESS_BASIC_INFORMATION
157# undef ProcessBasicInformation
158# undef ProcessDebugPort
159# undef ProcessWow64Information
160# undef ProcessImageFileName
161# undef ProcessBreakOnTermination
162
163# undef RTL_USER_PROCESS_PARAMETERS
164# undef PRTL_USER_PROCESS_PARAMETERS
165# undef _RTL_USER_PROCESS_PARAMETERS
166
167# undef NtQueryInformationThread
168# undef NtSetInformationThread
169# undef THREADINFOCLASS
170# undef _THREADINFOCLASS
171# undef ThreadIsIoPending
172
173# undef NtQuerySystemInformation
174# undef NtSetSystemInformation
175# undef SYSTEM_INFORMATION_CLASS
176# undef _SYSTEM_INFORMATION_CLASS
177# undef SystemBasicInformation
178# undef SystemPerformanceInformation
179# undef SystemTimeOfDayInformation
180# undef SystemProcessInformation
181# undef SystemProcessorPerformanceInformation
182# undef SystemInterruptInformation
183# undef SystemExceptionInformation
184# undef SystemRegistryQuotaInformation
185# undef SystemLookasideInformation
186# undef SystemPolicyInformation
187
188#else
189/*
190 * Use ntifs.h and wdm.h.
191 */
192# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
193# define FORCEINLINE static __forceinline
194# else
195# define FORCEINLINE static __inline
196# endif
197
198# pragma warning(push)
199# ifdef RT_ARCH_X86
200# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
201# pragma warning(disable: 4163)
202# endif
203# pragma warning(disable: 4668)
204# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
205# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
206# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
207# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
208# endif
209
210# include <ntifs.h>
211# include <wdm.h>
212
213# ifdef RT_ARCH_X86
214# undef _InterlockedAddLargeStatistic
215# endif
216# pragma warning(pop)
217
218# define IPRT_NT_NEED_API_GROUP_NTIFS
219#endif
220
221#undef RtlFreeUnicodeString
222#undef NtQueryObject
223#undef ZwQueryObject
224#undef NtSetInformationObject
225#undef _OBJECT_INFORMATION_CLASS
226#undef OBJECT_INFORMATION_CLASS
227#undef ObjectBasicInformation
228#undef ObjectTypeInformation
229#undef _PEB
230#undef PEB
231#undef PPEB
232#undef _TEB
233#undef TEB
234#undef PTEB
235#undef _PEB_LDR_DATA
236#undef PEB_LDR_DATA
237#undef PPEB_LDR_DATA
238#undef _KUSER_SHARED_DATA
239#undef KUSER_SHARED_DATA
240#undef PKUSER_SHARED_DATA
241
242
243#include <iprt/types.h>
244#include <iprt/assert.h>
245
246
247/** @name Useful macros
248 * @{ */
249/** Indicates that we're targeting native NT in the current source. */
250#define RTNT_USE_NATIVE_NT 1
251/** Initializes a IO_STATUS_BLOCK. */
252#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
253/** Reinitializes a IO_STATUS_BLOCK. */
254#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
255 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
256/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
257#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
258/** Constant UNICODE_STRING initializer. */
259#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
260/** @} */
261
262
263/** @name IPRT helper functions for NT
264 * @{ */
265RT_C_DECLS_BEGIN
266
267RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
268 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
269 PHANDLE phHandle, PULONG_PTR puDisposition);
270RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
271 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
272RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
273 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
274RTDECL(int) RTNtPathClose(HANDLE hHandle);
275
276/**
277 * Converts a windows-style path to NT format and encoding.
278 *
279 * @returns IPRT status code.
280 * @param pNtName Where to return the NT name. Free using
281 * RTNtPathFree.
282 * @param phRootDir Where to return the root handle, if applicable.
283 * @param pszPath The UTF-8 path.
284 */
285RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
286
287/**
288 * Converts a UTF-16 windows-style path to NT format.
289 *
290 * @returns IPRT status code.
291 * @param pNtName Where to return the NT name. Free using
292 * RTNtPathFree.
293 * @param phRootDir Where to return the root handle, if applicable.
294 * @param pwszPath The UTF-16 windows-style path.
295 * @param cwcPath The max length of the windows-style path in
296 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
297 * pwszPath is correctly terminated.
298 */
299RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
300
301/**
302 * How to handle ascent ('..' relative to a root handle).
303 */
304typedef enum RTNTPATHRELATIVEASCENT
305{
306 kRTNtPathRelativeAscent_Invalid = 0,
307 kRTNtPathRelativeAscent_Allow,
308 kRTNtPathRelativeAscent_Fail,
309 kRTNtPathRelativeAscent_Ignore,
310 kRTNtPathRelativeAscent_End,
311 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
312} RTNTPATHRELATIVEASCENT;
313
314/**
315 * Converts a relative windows-style path to relative NT format and encoding.
316 *
317 * @returns IPRT status code.
318 * @param pNtName Where to return the NT name. Free using
319 * rtTNtPathToNative with phRootDir set to NULL.
320 * @param phRootDir On input, the handle to the directory the path
321 * is relative to. On output, the handle to
322 * specify as root directory in the object
323 * attributes when accessing the path. If
324 * enmAscent is kRTNtPathRelativeAscent_Allow, it
325 * may have been set to NULL.
326 * @param pszPath The relative UTF-8 path.
327 * @param enmAscent How to handle ascent.
328 * @param fMustReturnAbsolute Must convert to an absolute path. This
329 * is necessary if the root dir is a NT directory
330 * object (e.g. /Devices) since they cannot parse
331 * relative paths it seems.
332 */
333RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
334 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
335
336/**
337 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
338 * chars plus a terminator.
339 *
340 * The NT string must have been returned by RTNtPathFromWinUtf8 or
341 * RTNtPathFromWinUtf16Ex.
342 *
343 * @returns IPRT status code.
344 * @param pNtName The NT path string.
345 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
346 * @sa RTNtPathFree
347 */
348RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
349
350/**
351 * Frees the native path and root handle.
352 *
353 * @param pNtName The NT path after a successful rtNtPathToNative
354 * call or RTNtPathRelativeFromUtf8.
355 * @param phRootDir The root handle variable from rtNtPathToNative,
356 */
357RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
358
359
360/**
361 * Checks whether the path could be containing alternative 8.3 names generated
362 * by NTFS, FAT, or other similar file systems.
363 *
364 * @returns Pointer to the first component that might be an 8.3 name, NULL if
365 * not 8.3 path.
366 * @param pwszPath The path to check.
367 *
368 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
369 * however, non-tilde 8.3 aliases are probably rare enough to not be
370 * worth all the extra code necessary to open each path component and
371 * check if we've got the short name or not.
372 */
373RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
374
375/**
376 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
377 * components.
378 *
379 * The path is fixed up in place. Errors are ignored.
380 *
381 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
382 * indicating the nature of last problem we ran into.
383 *
384 * @param pUniStr The path to fix up. MaximumLength is the max buffer
385 * length.
386 * @param fPathOnly Whether to only process the path and leave the filename
387 * as passed in.
388 */
389RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
390
391
392RT_C_DECLS_END
393/** @} */
394
395
396/** @name NT API delcarations.
397 * @{ */
398RT_C_DECLS_BEGIN
399
400/** @name Process access rights missing in ntddk headers
401 * @{ */
402#ifndef PROCESS_TERMINATE
403# define PROCESS_TERMINATE UINT32_C(0x00000001)
404#endif
405#ifndef PROCESS_CREATE_THREAD
406# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
407#endif
408#ifndef PROCESS_SET_SESSIONID
409# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
410#endif
411#ifndef PROCESS_VM_OPERATION
412# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
413#endif
414#ifndef PROCESS_VM_READ
415# define PROCESS_VM_READ UINT32_C(0x00000010)
416#endif
417#ifndef PROCESS_VM_WRITE
418# define PROCESS_VM_WRITE UINT32_C(0x00000020)
419#endif
420#ifndef PROCESS_DUP_HANDLE
421# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
422#endif
423#ifndef PROCESS_CREATE_PROCESS
424# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
425#endif
426#ifndef PROCESS_SET_QUOTA
427# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
428#endif
429#ifndef PROCESS_SET_INFORMATION
430# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
431#endif
432#ifndef PROCESS_QUERY_INFORMATION
433# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
434#endif
435#ifndef PROCESS_SUSPEND_RESUME
436# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
437#endif
438#ifndef PROCESS_QUERY_LIMITED_INFORMATION
439# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
440#endif
441#ifndef PROCESS_SET_LIMITED_INFORMATION
442# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
443#endif
444#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
445#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
446#ifndef PROCESS_ALL_ACCESS
447# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
448#endif
449/** @} */
450
451/** @name Thread access rights missing in ntddk headers
452 * @{ */
453#ifndef THREAD_QUERY_INFORMATION
454# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
455#endif
456#ifndef THREAD_SET_THREAD_TOKEN
457# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
458#endif
459#ifndef THREAD_IMPERSONATE
460# define THREAD_IMPERSONATE UINT32_C(0x00000100)
461#endif
462#ifndef THREAD_DIRECT_IMPERSONATION
463# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
464#endif
465#ifndef THREAD_RESUME
466# define THREAD_RESUME UINT32_C(0x00001000)
467#endif
468#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
469#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
470#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
471/** @} */
472
473/** @name Special handle values.
474 * @{ */
475#ifndef NtCurrentProcess
476# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
477#endif
478#ifndef NtCurrentThread
479# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
480#endif
481#ifndef ZwCurrentProcess
482# define ZwCurrentProcess() NtCurrentProcess()
483#endif
484#ifndef ZwCurrentThread
485# define ZwCurrentThread() NtCurrentThread()
486#endif
487/** @} */
488
489
490/** @name Directory object access rights.
491 * @{ */
492#ifndef DIRECTORY_QUERY
493# define DIRECTORY_QUERY UINT32_C(0x00000001)
494#endif
495#ifndef DIRECTORY_TRAVERSE
496# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
497#endif
498#ifndef DIRECTORY_CREATE_OBJECT
499# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
500#endif
501#ifndef DIRECTORY_CREATE_SUBDIRECTORY
502# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
503#endif
504#ifndef DIRECTORY_ALL_ACCESS
505# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
506#endif
507/** @} */
508
509
510
511#ifdef RTNT_NEED_CLIENT_ID
512typedef struct _CLIENT_ID
513{
514 HANDLE UniqueProcess;
515 HANDLE UniqueThread;
516} CLIENT_ID;
517#endif
518#ifdef IPRT_NT_USE_WINTERNL
519typedef CLIENT_ID *PCLIENT_ID;
520#endif
521
522/** Extended affinity type, introduced in Windows 7 (?). */
523typedef struct _KAFFINITY_EX
524{
525 /** Count of valid bitmap entries. */
526 uint16_t Count;
527 /** Count of allocated bitmap entries. */
528 uint16_t Size;
529 /** Reserved / aligmment padding. */
530 uint32_t Reserved;
531 /** Bitmap where one bit corresponds to a CPU. */
532 uintptr_t Bitmap[20];
533} KAFFINITY_EX;
534typedef KAFFINITY_EX *PKAFFINITY_EX;
535typedef KAFFINITY_EX const *PCKAFFINITY_EX;
536
537/** @name User Shared Data
538 * @{ */
539
540#ifdef IPRT_NT_USE_WINTERNL
541typedef struct _KSYSTEM_TIME
542{
543 ULONG LowPart;
544 LONG High1Time;
545 LONG High2Time;
546} KSYSTEM_TIME;
547typedef KSYSTEM_TIME *PKSYSTEM_TIME;
548
549typedef enum _NT_PRODUCT_TYPE
550{
551 NtProductWinNt = 1,
552 NtProductLanManNt,
553 NtProductServer
554} NT_PRODUCT_TYPE;
555
556#define PROCESSOR_FEATURE_MAX 64
557
558typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
559{
560 StandardDesign = 0,
561 NEC98x86,
562 EndAlternatives
563} ALTERNATIVE_ARCHITECTURE_TYPE;
564
565# if 0
566typedef struct _XSTATE_FEATURE
567{
568 ULONG Offset;
569 ULONG Size;
570} XSTATE_FEATURE;
571typedef XSTATE_FEATURE *PXSTATE_FEATURE;
572
573#define MAXIMUM_XSTATE_FEATURES 64
574
575typedef struct _XSTATE_CONFIGURATION
576{
577 ULONG64 EnabledFeatures;
578 ULONG Size;
579 ULONG OptimizedSave : 1;
580 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
581} XSTATE_CONFIGURATION;
582typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
583# endif
584#endif /* IPRT_NT_USE_WINTERNL */
585
586typedef struct _KUSER_SHARED_DATA
587{
588 ULONG TickCountLowDeprecated; /**< 0x000 */
589 ULONG TickCountMultiplier; /**< 0x004 */
590 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
591 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
592 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
593 USHORT ImageNumberLow; /**< 0x02c */
594 USHORT ImageNumberHigh; /**< 0x02e */
595 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
596 ULONG MaxStackTraceDepth; /**< 0x238 */
597 ULONG CryptoExponent; /**< 0x23c */
598 ULONG TimeZoneId; /**< 0x240 */
599 ULONG LargePageMinimum; /**< 0x244 */
600 ULONG AitSamplingValue; /**< 0x248 */
601 ULONG AppCompatFlag; /**< 0x24c */
602 ULONGLONG RNGSeedVersion; /**< 0x250 */
603 ULONG GlobalValidationRunlevel; /**< 0x258 */
604 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
605 ULONG Reserved2; /**< 0x260 */
606 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
607 BOOLEAN ProductTypeIsValid; /**< 0x268 */
608 BOOLEAN Reserved0[1]; /**< 0x269 */
609 USHORT NativeProcessorArchitecture; /**< 0x26a */
610 ULONG NtMajorVersion; /**< 0x26c */
611 ULONG NtMinorVersion; /**< 0x270 */
612 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
613 ULONG Reserved1; /**< 0x2b4 */
614 ULONG Reserved3; /**< 0x2b8 */
615 ULONG volatile TimeSlip; /**< 0x2bc */
616 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
617 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
618 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
619 ULONG SuiteMask; /**< 0x2d0 */
620 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
621 union /**< 0x2d5 */
622 {
623 UCHAR MitigationPolicies; /**< 0x2d5 */
624 struct
625 {
626 UCHAR NXSupportPolicy : 2;
627 UCHAR SEHValidationPolicy : 2;
628 UCHAR CurDirDevicesSkippedForDlls : 2;
629 UCHAR Reserved : 2;
630 };
631 };
632 UCHAR Reserved6[2]; /**< 0x2d6 */
633 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
634 ULONG volatile DismountCount; /**< 0x2dc */
635 ULONG ComPlusPackage; /**< 0x2e0 */
636 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
637 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
638 BOOLEAN SafeBootMode; /**< 0x2ec */
639 UCHAR Reserved12[3]; /**< 0x2ed */
640 union /**< 0x2f0 */
641 {
642 ULONG SharedDataFlags; /**< 0x2f0 */
643 struct
644 {
645 ULONG DbgErrorPortPresent : 1;
646 ULONG DbgElevationEnabled : 1;
647 ULONG DbgVirtEnabled : 1;
648 ULONG DbgInstallerDetectEnabled : 1;
649 ULONG DbgLkgEnabled : 1;
650 ULONG DbgDynProcessorEnabled : 1;
651 ULONG DbgConsoleBrokerEnabled : 1;
652 ULONG DbgSecureBootEnabled : 1;
653 ULONG SpareBits : 24;
654 };
655 };
656 ULONG DataFlagsPad[1]; /**< 0x2f4 */
657 ULONGLONG TestRetInstruction; /**< 0x2f8 */
658 LONGLONG QpcFrequency; /**< 0x300 */
659 ULONGLONG SystemCallPad[3]; /**< 0x308 */
660 union /**< 0x320 */
661 {
662 ULONG64 volatile TickCountQuad; /**< 0x320 */
663 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
664 struct /**< 0x320 */
665 {
666 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
667 ULONG TickCountPad[1]; /**< 0x32c */
668 };
669 };
670 ULONG Cookie; /**< 0x330 */
671 ULONG CookiePad[1]; /**< 0x334 */
672 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
673 ULONGLONG TimeUpdateLock; /**< 0x340 */
674 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
675 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
676 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
677 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
678 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
679 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
680 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
681 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
682 UCHAR Reserved8[14]; /**< 0x372 */
683 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
684 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
685 ULONG LangGenerationCount; /**< 0x3a4 */
686 ULONGLONG Reserved4; /**< 0x3a8 */
687 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
688 * subtracts from interrupt time. */
689 ULONGLONG volatile QpcBias; /**< 0x3b8 */
690 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
691 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
692 UCHAR Reserved9; /**< 0x3c5 */
693 union /**< 0x3c6 */
694 {
695 USHORT QpcData; /**< 0x3c6 */
696 struct /**< 0x3c6 */
697 {
698 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
699 UCHAR QpcShift; /**< 0x3c7 */
700 };
701 };
702 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
703 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
704 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
705} KUSER_SHARED_DATA;
706typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
707AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
708AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
709AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
710AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
711AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
712AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
713AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
714AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
715AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
716/** @def MM_SHARED_USER_DATA_VA
717 * Read only userland mapping of KUSER_SHARED_DATA. */
718#ifndef MM_SHARED_USER_DATA_VA
719# if ARCH_BITS == 32
720# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
721# elif ARCH_BITS == 64
722# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
723# else
724# error "Unsupported/undefined ARCH_BITS value."
725# endif
726#endif
727/** @def KI_USER_SHARED_DATA
728 * Read write kernel mapping of KUSER_SHARED_DATA. */
729#ifndef KI_USER_SHARED_DATA
730# ifdef RT_ARCH_X86
731# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
732# elif defined(RT_ARCH_AMD64)
733# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
734# else
735# error "PORT ME - KI_USER_SHARED_DATA"
736# endif
737#endif
738/** @} */
739
740
741/** @name Process And Thread Environment Blocks
742 * @{ */
743
744typedef struct _PEB_LDR_DATA
745{
746 uint32_t Length;
747 BOOLEAN Initialized;
748 BOOLEAN Padding[3];
749 HANDLE SsHandle;
750 LIST_ENTRY InLoadOrderModuleList;
751 LIST_ENTRY InMemoryOrderModuleList;
752 LIST_ENTRY InInitializationOrderModuleList;
753 /* End NT4 */
754 LIST_ENTRY *EntryInProgress;
755 BOOLEAN ShutdownInProgress;
756 HANDLE ShutdownThreadId;
757} PEB_LDR_DATA;
758typedef PEB_LDR_DATA *PPEB_LDR_DATA;
759
760typedef struct _PEB_COMMON
761{
762 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
763 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
764 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
765 union
766 {
767 uint8_t BitField; /**< 0x003 / 0x003 */
768 struct
769 {
770 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
771 } Common;
772 struct
773 {
774 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
775 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
776 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
777 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
778 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
779 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
780 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
781 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
782 } W81;
783 struct
784 {
785 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
786 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
787 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
788 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
789 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
790 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
791 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
792 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
793 } W80;
794 struct
795 {
796 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
797 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
798 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
799 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
800 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
801 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
802 } W7;
803 struct
804 {
805 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
806 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
807 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
808 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
809 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
810 } W6;
811 struct
812 {
813 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
814 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
815 } W52;
816 struct
817 {
818 BOOLEAN SpareBool;
819 } W51;
820 } Diff0;
821#if ARCH_BITS == 64
822 uint32_t Padding0; /**< 0x004 / NA */
823#endif
824 HANDLE Mutant; /**< 0x008 / 0x004 */
825 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
826 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
827 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
828 PVOID SubSystemData; /**< 0x028 / 0x014 */
829 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
830 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
831 union
832 {
833 struct
834 {
835 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
836 PVOID IFEOKey; /**< 0x048 / 0x024 */
837 union
838 {
839 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
840 struct
841 {
842 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
843 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
844 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
845 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
846 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
847 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
848 } W7, W8, W80, W81;
849 struct
850 {
851 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
852 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
853 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
854 } W6;
855 };
856#if ARCH_BITS == 64
857 uint32_t Padding1; /**< 0x054 / */
858#endif
859 } W6, W7, W8, W80, W81;
860 struct
861 {
862 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
863 PVOID SparePtr2; /**< 0x048 / 0x024 */
864 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
865#if ARCH_BITS == 64
866 uint32_t Padding1; /**< 0x054 / */
867#endif
868 } W52;
869 struct
870 {
871 PVOID FastPebLockRoutine; /**< NA / 0x020 */
872 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
873 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
874 } W51;
875 } Diff1;
876 union
877 {
878 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
879 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
880 };
881 uint32_t SystemReserved; /**< 0x060 / 0x030 */
882 union
883 {
884 struct
885 {
886 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
887 } W7, W8, W80, W81;
888 struct
889 {
890 uint32_t SpareUlong; /**< 0x064 / 0x034 */
891 } W52, W6;
892 struct
893 {
894 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
895 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
896 } W51;
897 } Diff2;
898 union
899 {
900 struct
901 {
902 PVOID ApiSetMap; /**< 0x068 / 0x038 */
903 } W7, W8, W80, W81;
904 struct
905 {
906 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
907 } W52, W6;
908 struct
909 {
910 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
911 } W51;
912 } Diff3;
913 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
914#if ARCH_BITS == 64
915 uint32_t Padding2; /**< 0x074 / NA */
916#endif
917 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
918 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
919 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
920 union
921 {
922 struct
923 {
924 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
925 } W81;
926 struct
927 {
928 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
929 } W6, W7, W80;
930 struct
931 {
932 PVOID ReadOnlySharedMemoryHeap;
933 } W52;
934 } Diff4;
935 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
936 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
937 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
938 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
939 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
940 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
941#if ARCH_BITS == 32
942 uint32_t Padding2b;
943#endif
944 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
945 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
946 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
947 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
948 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
949 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
950 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
951 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
952 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
953 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
954 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
955#if ARCH_BITS == 64
956 uint32_t Padding3; /**< 0x10c / NA */
957#endif
958 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
959 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
960 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
961 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
962 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
963 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
964 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
965 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
966 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
967#if ARCH_BITS == 64
968 uint32_t Padding4; /**< 0x134 / NA */
969#endif
970 union
971 {
972 struct
973 {
974 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
975 } W7, W8, W80, W81;
976 struct
977 {
978 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
979 } W52, W6;
980 } Diff5;
981 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
982 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
983 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
984 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
985 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
986#if ARCH_BITS == 64
987 uint32_t Padding5; /**< 0x2c4 / NA */
988#endif
989 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
990 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
991 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
992 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
993 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
994 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
995 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
996 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
997 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
998 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
999 /* End of PEB in W52 (Windows XP (RTM))! */
1000 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
1001 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
1002 PVOID FlsBitmap; /**< 0x338 / 0x218 */
1003 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
1004 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
1005 /* End of PEB in W52 (Windows Server 2003)! */
1006 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
1007 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
1008 /* End of PEB in W6 (windows Vista)! */
1009 union
1010 {
1011 struct
1012 {
1013 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1014 } W8, W80, W81;
1015 struct
1016 {
1017 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1018 } W7;
1019 } Diff6;
1020 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1021 union
1022 {
1023 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1024 struct
1025 {
1026 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1027 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1028 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1029 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1030 } W8, W80, W81;
1031 struct
1032 {
1033 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1034 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1035 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1036 } W7;
1037 } Diff7;
1038#if ARCH_BITS == 64
1039 uint32_t Padding6; /**< 0x37c / NA */
1040#endif
1041 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1042 /* End of PEB in W8, W81. */
1043 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1044 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1045 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1046#if ARCH_BITS == 32
1047 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1048#endif
1049} PEB_COMMON;
1050typedef PEB_COMMON *PPEB_COMMON;
1051
1052AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1053AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1054AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1055AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1056AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1057AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1058AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1059AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1060AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1061
1062/** The size of the windows 10 (build 14393) PEB structure. */
1063#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1064/** The size of the windows 8.1 PEB structure. */
1065#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1066/** The size of the windows 8.0 PEB structure. */
1067#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1068/** The size of the windows 7 PEB structure. */
1069#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1070/** The size of the windows vista PEB structure. */
1071#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1072/** The size of the windows server 2003 PEB structure. */
1073#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1074/** The size of the windows XP PEB structure. */
1075#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1076
1077#if 0
1078typedef struct _NT_TIB
1079{
1080 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1081 PVOID StackBase;
1082 PVOID StackLimit;
1083 PVOID SubSystemTib;
1084 union
1085 {
1086 PVOID FiberData;
1087 ULONG Version;
1088 };
1089 PVOID ArbitraryUserPointer;
1090 struct _NT_TIB *Self;
1091} NT_TIB;
1092typedef NT_TIB *PNT_TIB;
1093#endif
1094
1095typedef struct _ACTIVATION_CONTEXT_STACK
1096{
1097 uint32_t Flags;
1098 uint32_t NextCookieSequenceNumber;
1099 PVOID ActiveFrame;
1100 LIST_ENTRY FrameListCache;
1101} ACTIVATION_CONTEXT_STACK;
1102
1103/* Common TEB. */
1104typedef struct _TEB_COMMON
1105{
1106 NT_TIB NtTib; /**< 0x000 / 0x000 */
1107 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1108 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1109 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1110 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1111 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1112 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1113 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1114 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1115 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1116 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1117 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1118 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1119 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1120 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1121 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1122 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1123#if ARCH_BITS == 64
1124 uint32_t Padding0; /**< 0x2c4 / NA */
1125#endif
1126 union
1127 {
1128 struct
1129 {
1130 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1131 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1132 } W52, W6, W7, W8, W80, W81;
1133#if ARCH_BITS == 32
1134 struct
1135 {
1136 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1137 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1138 } W51;
1139#endif
1140 } Diff0;
1141 union
1142 {
1143 struct
1144 {
1145 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1146 } W6, W7, W8, W80, W81;
1147 struct
1148 {
1149 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1150 } W52;
1151 } Diff1;
1152#if ARCH_BITS == 64
1153 uint32_t Padding1; /**< 0x2ec / NA */
1154#endif
1155 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1156 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1157 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1158 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1159 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1160 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1161 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1162 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1163 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1164 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1165 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1166 PVOID glSection; /**< 0x1230 / 0xbe4 */
1167 PVOID glTable; /**< 0x1238 / 0xbe8 */
1168 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1169 PVOID glContext; /**< 0x1248 / 0xbf0 */
1170 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1171#if ARCH_BITS == 64
1172 uint32_t Padding2; /**< 0x1254 / NA */
1173#endif
1174 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1175 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1176#if ARCH_BITS == 64
1177 WCHAR Padding3[3]; /**< 0x1472 / NA */
1178#endif
1179 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1180 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1181 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1182 PVOID Vdm; /**< 0x1690 / 0xf18 */
1183 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1184 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1185 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1186#if ARCH_BITS == 64
1187 uint32_t Padding4; /**< 0x16b4 / NA */
1188#endif
1189 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1190 union
1191 {
1192 struct
1193 {
1194 GUID ActivityId; /**< 0x1710 / 0xf50 */
1195 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1196 } W6, W7, W8, W80, W81;
1197 struct
1198 {
1199 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1200 } W52;
1201 } Diff2;
1202 union /**< 0x1728 / 0xf64 */
1203 {
1204 struct
1205 {
1206 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1207 } W8, W80, W81;
1208 struct
1209 {
1210 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1211 } W7, W6;
1212 struct
1213 {
1214 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1215 } W52;
1216 struct
1217 {
1218 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1219 } W51;
1220 } Diff3;
1221 union
1222 {
1223 struct
1224 {
1225 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1226 } W52, W6, W7, W8, W80, W81;
1227 struct
1228 {
1229 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1230 } W51;
1231 } Diff4;
1232 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1233 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1234 union
1235 {
1236 union
1237 {
1238 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1239 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1240 struct
1241 {
1242 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1243 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1244 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1245 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1246 };
1247 } W6, W7, W8, W80, W81;
1248 struct
1249 {
1250 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1251 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1252 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1253 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1254 } W51, W52;
1255 } Diff5;
1256 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1257#if ARCH_BITS == 64
1258 uint32_t Padding5; /**< 0x174c / NA */
1259#endif
1260 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1261 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1262 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1263#if ARCH_BITS == 64
1264 uint32_t Padding6; /**< 0x1764 / NA */
1265#endif
1266 union /**< 0x1770 / 0xf8c */
1267 {
1268 struct
1269 {
1270 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1271 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1272 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1273 } W8, W80, W81;
1274 struct
1275 {
1276 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1277 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1278 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1279 } W6, W7;
1280 struct
1281 {
1282 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1283 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1284 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1285 } W52;
1286#if ARCH_BITS == 32
1287 struct _Wx86ThreadState
1288 {
1289 PVOID CallBx86Eip; /**< NA / 0xf88 */
1290 PVOID DeallocationCpu; /**< NA / 0xf8c */
1291 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1292 int8_t OleStubInvoked; /**< NA / 0xf91 */
1293 } W51;
1294#endif
1295 } Diff6;
1296 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1297#if ARCH_BITS == 64
1298 PVOID DallocationBStore; /**< 0x1788 / NA */
1299 PVOID BStoreLimit; /**< 0x1790 / NA */
1300#endif
1301 union
1302 {
1303 struct
1304 {
1305 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1306 } W7, W8, W80, W81;
1307 struct
1308 {
1309 uint32_t ImpersonationLocale;
1310 } W6;
1311 } Diff7;
1312 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1313 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1314 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1315 union /**< 0x17b0 / 0xfa8 */
1316 {
1317 struct
1318 {
1319 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1320 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1321 } W8, W80, W81;
1322 struct
1323 {
1324 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1325 } W7;
1326 } Diff8;
1327#if ARCH_BITS == 64
1328 uint32_t Padding7; /**< 0x17b4 / NA */
1329#endif
1330 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1331 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1332 /* End of TEB in W51 (Windows XP)! */
1333 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1334 union
1335 {
1336 struct
1337 {
1338 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1339 } W6, W7, W8, W80, W81;
1340 struct
1341 {
1342 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1343 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1344 /* End of TEB in W52 (Windows server 2003)! */
1345 } W52;
1346 } Diff9;
1347 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1348 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1349 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1350 union
1351 {
1352 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1353 struct
1354 {
1355 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1356 };
1357 };
1358 union
1359 {
1360 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1361 struct
1362 {
1363 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1364 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1365 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1366 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1367 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1368 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1369 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1370 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1371 } Common;
1372 struct
1373 {
1374 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1375 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1376 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1377 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1378 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1379 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1380 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1381 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1382 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1383 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1384 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1385 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1386 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1387 } W8, W80, W81;
1388 struct
1389 {
1390 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1391 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1392 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1393 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1394 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1395 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1396 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1397 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1398 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1399 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1400 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1401 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1402 } W7;
1403 struct
1404 {
1405 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1406 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1407 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1408 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1409 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1410 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1411 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1412 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1413 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1414 } W6;
1415 } Diff10;
1416 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1417 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1418 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1419 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1420 union
1421 {
1422 struct
1423 {
1424 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1425 } W7, W8, W80, W81;
1426 struct
1427 {
1428 uint32_t ProcessRundown;
1429 } W6;
1430 } Diff11;
1431 union
1432 {
1433 struct
1434 {
1435 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1436 /* End of TEB in W7 (windows 7)! */
1437 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1438 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1439 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1440 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1441 /* End of TEB in W10 14393! */
1442 } W8, W80, W81, W10;
1443 struct
1444 {
1445 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1446 } W7;
1447 struct
1448 {
1449 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1450 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1451 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1452 /* End of TEB in W6 (windows Vista)! */
1453 } W6;
1454 } Diff12;
1455} TEB_COMMON;
1456typedef TEB_COMMON *PTEB_COMMON;
1457AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1458AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1459AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1460AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1461AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1462AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1463AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1464AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1465AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1466AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1467AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1468AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1469AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1470
1471
1472/** The size of the windows 8.1 PEB structure. */
1473#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1474/** The size of the windows 8.1 PEB structure. */
1475#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1476/** The size of the windows 8.0 PEB structure. */
1477#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1478/** The size of the windows 7 PEB structure. */
1479#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1480/** The size of the windows vista PEB structure. */
1481#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1482/** The size of the windows server 2003 PEB structure. */
1483#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1484/** The size of the windows XP PEB structure. */
1485#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1486
1487
1488
1489#define _PEB _PEB_COMMON
1490typedef PEB_COMMON PEB;
1491typedef PPEB_COMMON PPEB;
1492
1493#define _TEB _TEB_COMMON
1494typedef TEB_COMMON TEB;
1495typedef PTEB_COMMON PTEB;
1496
1497#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1498# ifdef RT_ARCH_X86
1499DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1500DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1501DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1502DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1503DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1504# elif defined(RT_ARCH_AMD64)
1505DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1506DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1507DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1508DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1509DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1510# else
1511# error "Port me"
1512# endif
1513#else
1514# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1515# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1516# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1517# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1518# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1519#endif
1520#define NtCurrentPeb() RTNtCurrentPeb()
1521
1522
1523/** @} */
1524
1525
1526#ifdef IPRT_NT_USE_WINTERNL
1527NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1528typedef enum _SECTION_INHERIT
1529{
1530 ViewShare = 1,
1531 ViewUnmap
1532} SECTION_INHERIT;
1533#endif
1534NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1535 ULONG, ULONG);
1536NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1537NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1538
1539#ifdef IPRT_NT_USE_WINTERNL
1540typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1541{
1542 ULONG FileSystemAttributes;
1543 LONG MaximumComponentNameLength;
1544 ULONG FileSystemNameLength;
1545 WCHAR FileSystemName[1];
1546} FILE_FS_ATTRIBUTE_INFORMATION;
1547typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1548
1549#endif
1550NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1551NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1552NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1553NTSYSAPI NTSTATUS NTAPI ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1554NTSYSAPI NTSTATUS NTAPI NtAlertThread(HANDLE hThread);
1555#ifdef IPRT_NT_USE_WINTERNL
1556NTSYSAPI NTSTATUS NTAPI ZwAlertThread(HANDLE hThread);
1557#endif
1558
1559#ifdef IPRT_NT_USE_WINTERNL
1560NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1561NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1562#endif
1563NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1564NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1565
1566#ifdef IPRT_NT_USE_WINTERNL
1567typedef struct _FILE_FS_SIZE_INFORMATION
1568{
1569 LARGE_INTEGER TotalAllocationUnits;
1570 LARGE_INTEGER AvailableAllocationUnits;
1571 ULONG SectorsPerAllocationUnit;
1572 ULONG BytesPerSector;
1573} FILE_FS_SIZE_INFORMATION;
1574typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1575
1576typedef enum _FSINFOCLASS
1577{
1578 FileFsVolumeInformation = 1,
1579 FileFsLabelInformation,
1580 FileFsSizeInformation, /**< FILE_FS_SIZE_INFORMATION */
1581 FileFsDeviceInformation,
1582 FileFsAttributeInformation,
1583 FileFsControlInformation,
1584 FileFsFullSizeInformation,
1585 FileFsObjectIdInformation,
1586 FileFsDriverPathInformation,
1587 FileFsVolumeFlagsInformation,
1588 FileFsSectorSizeInformation,
1589 FileFsDataCopyInformation,
1590 FileFsMaximumInformation
1591} FS_INFORMATION_CLASS;
1592typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1593NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1594
1595typedef struct _FILE_BOTH_DIR_INFORMATION
1596{
1597 ULONG NextEntryOffset; /**< 0x00: */
1598 ULONG FileIndex; /**< 0x04: */
1599 LARGE_INTEGER CreationTime; /**< 0x08: */
1600 LARGE_INTEGER LastAccessTime; /**< 0x10: */
1601 LARGE_INTEGER LastWriteTime; /**< 0x18: */
1602 LARGE_INTEGER ChangeTime; /**< 0x20: */
1603 LARGE_INTEGER EndOfFile; /**< 0x28: */
1604 LARGE_INTEGER AllocationSize; /**< 0x30: */
1605 ULONG FileAttributes; /**< 0x38: */
1606 ULONG FileNameLength; /**< 0x3c: */
1607 ULONG EaSize; /**< 0x40: */
1608 CCHAR ShortNameLength; /**< 0x44: */
1609 WCHAR ShortName[12]; /**< 0x46: */
1610 WCHAR FileName[1]; /**< 0x5e: */
1611} FILE_BOTH_DIR_INFORMATION;
1612typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1613typedef struct _FILE_BASIC_INFORMATION
1614{
1615 LARGE_INTEGER CreationTime;
1616 LARGE_INTEGER LastAccessTime;
1617 LARGE_INTEGER LastWriteTime;
1618 LARGE_INTEGER ChangeTime;
1619 ULONG FileAttributes;
1620} FILE_BASIC_INFORMATION;
1621typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1622typedef struct _FILE_STANDARD_INFORMATION
1623{
1624 LARGE_INTEGER AllocationSize;
1625 LARGE_INTEGER EndOfFile;
1626 ULONG NumberOfLinks;
1627 BOOLEAN DeletePending;
1628 BOOLEAN Directory;
1629} FILE_STANDARD_INFORMATION;
1630typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1631typedef struct _FILE_NAME_INFORMATION
1632{
1633 ULONG FileNameLength;
1634 WCHAR FileName[1];
1635} FILE_NAME_INFORMATION;
1636typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1637typedef struct _FILE_NETWORK_OPEN_INFORMATION
1638{
1639 LARGE_INTEGER CreationTime;
1640 LARGE_INTEGER LastAccessTime;
1641 LARGE_INTEGER LastWriteTime;
1642 LARGE_INTEGER ChangeTime;
1643 LARGE_INTEGER AllocationSize;
1644 LARGE_INTEGER EndOfFile;
1645 ULONG FileAttributes;
1646} FILE_NETWORK_OPEN_INFORMATION;
1647typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1648typedef enum _FILE_INFORMATION_CLASS
1649{
1650 FileDirectoryInformation = 1,
1651 FileFullDirectoryInformation,
1652 FileBothDirectoryInformation,
1653 FileBasicInformation,
1654 FileStandardInformation,
1655 FileInternalInformation,
1656 FileEaInformation,
1657 FileAccessInformation,
1658 FileNameInformation,
1659 FileRenameInformation,
1660 FileLinkInformation,
1661 FileNamesInformation,
1662 FileDispositionInformation,
1663 FilePositionInformation,
1664 FileFullEaInformation,
1665 FileModeInformation,
1666 FileAlignmentInformation,
1667 FileAllInformation,
1668 FileAllocationInformation,
1669 FileEndOfFileInformation,
1670 FileAlternateNameInformation,
1671 FileStreamInformation,
1672 FilePipeInformation,
1673 FilePipeLocalInformation,
1674 FilePipeRemoteInformation,
1675 FileMailslotQueryInformation,
1676 FileMailslotSetInformation,
1677 FileCompressionInformation,
1678 FileObjectIdInformation,
1679 FileCompletionInformation,
1680 FileMoveClusterInformation,
1681 FileQuotaInformation,
1682 FileReparsePointInformation,
1683 FileNetworkOpenInformation,
1684 FileAttributeTagInformation,
1685 FileTrackingInformation,
1686 FileIdBothDirectoryInformation,
1687 FileIdFullDirectoryInformation,
1688 FileValidDataLengthInformation,
1689 FileShortNameInformation,
1690 FileIoCompletionNotificationInformation,
1691 FileIoStatusBlockRangeInformation,
1692 FileIoPriorityHintInformation,
1693 FileSfioReserveInformation,
1694 FileSfioVolumeInformation,
1695 FileHardLinkInformation,
1696 FileProcessIdsUsingFileInformation,
1697 FileNormalizedNameInformation,
1698 FileNetworkPhysicalNameInformation,
1699 FileIdGlobalTxDirectoryInformation,
1700 FileIsRemoteDeviceInformation,
1701 FileUnusedInformation,
1702 FileNumaNodeInformation,
1703 FileStandardLinkInformation,
1704 FileRemoteProtocolInformation,
1705 FileRenameInformationBypassAccessCheck,
1706 FileLinkInformationBypassAccessCheck,
1707 FileVolumeNameInformation,
1708 FileIdInformation,
1709 FileIdExtdDirectoryInformation,
1710 FileReplaceCompletionInformation,
1711 FileHardLinkFullIdInformation,
1712 FileMaximumInformation
1713} FILE_INFORMATION_CLASS;
1714typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1715NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1716NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1717 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1718NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1719#endif /* IPRT_NT_USE_WINTERNL */
1720NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1721NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1722
1723
1724/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
1725 * @{ */
1726#ifndef SE_GROUP_MANDATORY
1727# define SE_GROUP_MANDATORY UINT32_C(0x01)
1728#endif
1729#ifndef SE_GROUP_ENABLED_BY_DEFAULT
1730# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
1731#endif
1732#ifndef SE_GROUP_ENABLED
1733# define SE_GROUP_ENABLED UINT32_C(0x04)
1734#endif
1735#ifndef SE_GROUP_OWNER
1736# define SE_GROUP_OWNER UINT32_C(0x08)
1737#endif
1738#ifndef SE_GROUP_USE_FOR_DENY_ONLY
1739# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
1740#endif
1741#ifndef SE_GROUP_INTEGRITY
1742# define SE_GROUP_INTEGRITY UINT32_C(0x20)
1743#endif
1744#ifndef SE_GROUP_INTEGRITY_ENABLED
1745# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
1746#endif
1747#ifndef SE_GROUP_RESOURCE
1748# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
1749#endif
1750#ifndef SE_GROUP_LOGON_ID
1751# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
1752#endif
1753/** @} */
1754
1755
1756#ifdef IPRT_NT_USE_WINTERNL
1757
1758/** For use with KeyBasicInformation. */
1759typedef struct _KEY_BASIC_INFORMATION
1760{
1761 LARGE_INTEGER LastWriteTime;
1762 ULONG TitleIndex;
1763 ULONG NameLength;
1764 WCHAR Name[1];
1765} KEY_BASIC_INFORMATION;
1766typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1767
1768/** For use with KeyNodeInformation. */
1769typedef struct _KEY_NODE_INFORMATION
1770{
1771 LARGE_INTEGER LastWriteTime;
1772 ULONG TitleIndex;
1773 ULONG ClassOffset; /**< Offset from the start of the structure. */
1774 ULONG ClassLength;
1775 ULONG NameLength;
1776 WCHAR Name[1];
1777} KEY_NODE_INFORMATION;
1778typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1779
1780/** For use with KeyFullInformation. */
1781typedef struct _KEY_FULL_INFORMATION
1782{
1783 LARGE_INTEGER LastWriteTime;
1784 ULONG TitleIndex;
1785 ULONG ClassOffset; /**< Offset of the Class member. */
1786 ULONG ClassLength;
1787 ULONG SubKeys;
1788 ULONG MaxNameLen;
1789 ULONG MaxClassLen;
1790 ULONG Values;
1791 ULONG MaxValueNameLen;
1792 ULONG MaxValueDataLen;
1793 WCHAR Class[1];
1794} KEY_FULL_INFORMATION;
1795typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1796
1797/** For use with KeyNameInformation. */
1798typedef struct _KEY_NAME_INFORMATION
1799{
1800 ULONG NameLength;
1801 WCHAR Name[1];
1802} KEY_NAME_INFORMATION;
1803typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1804
1805/** For use with KeyCachedInformation. */
1806typedef struct _KEY_CACHED_INFORMATION
1807{
1808 LARGE_INTEGER LastWriteTime;
1809 ULONG TitleIndex;
1810 ULONG SubKeys;
1811 ULONG MaxNameLen;
1812 ULONG Values;
1813 ULONG MaxValueNameLen;
1814 ULONG MaxValueDataLen;
1815 ULONG NameLength;
1816} KEY_CACHED_INFORMATION;
1817typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1818
1819/** For use with KeyVirtualizationInformation. */
1820typedef struct _KEY_VIRTUALIZATION_INFORMATION
1821{
1822 ULONG VirtualizationCandidate : 1;
1823 ULONG VirtualizationEnabled : 1;
1824 ULONG VirtualTarget : 1;
1825 ULONG VirtualStore : 1;
1826 ULONG VirtualSource : 1;
1827 ULONG Reserved : 27;
1828} KEY_VIRTUALIZATION_INFORMATION;
1829typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1830
1831typedef enum _KEY_INFORMATION_CLASS
1832{
1833 KeyBasicInformation = 0,
1834 KeyNodeInformation,
1835 KeyFullInformation,
1836 KeyNameInformation,
1837 KeyCachedInformation,
1838 KeyFlagsInformation,
1839 KeyVirtualizationInformation,
1840 KeyHandleTagsInformation,
1841 MaxKeyInfoClass
1842} KEY_INFORMATION_CLASS;
1843NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1844NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1845
1846typedef struct _MEMORY_SECTION_NAME
1847{
1848 UNICODE_STRING SectionFileName;
1849 WCHAR NameBuffer[1];
1850} MEMORY_SECTION_NAME;
1851
1852#ifdef IPRT_NT_USE_WINTERNL
1853typedef struct _PROCESS_BASIC_INFORMATION
1854{
1855 NTSTATUS ExitStatus;
1856 PPEB PebBaseAddress;
1857 ULONG_PTR AffinityMask;
1858 int32_t BasePriority;
1859 ULONG_PTR UniqueProcessId;
1860 ULONG_PTR InheritedFromUniqueProcessId;
1861} PROCESS_BASIC_INFORMATION;
1862typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1863#endif
1864
1865typedef enum _PROCESSINFOCLASS
1866{
1867 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1868 ProcessQuotaLimits, /**< 1 / 0x01 */
1869 ProcessIoCounters, /**< 2 / 0x02 */
1870 ProcessVmCounters, /**< 3 / 0x03 */
1871 ProcessTimes, /**< 4 / 0x04 */
1872 ProcessBasePriority, /**< 5 / 0x05 */
1873 ProcessRaisePriority, /**< 6 / 0x06 */
1874 ProcessDebugPort, /**< 7 / 0x07 */
1875 ProcessExceptionPort, /**< 8 / 0x08 */
1876 ProcessAccessToken, /**< 9 / 0x09 */
1877 ProcessLdtInformation, /**< 10 / 0x0a */
1878 ProcessLdtSize, /**< 11 / 0x0b */
1879 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1880 ProcessIoPortHandlers, /**< 13 / 0x0d */
1881 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1882 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1883 ProcessUserModeIOPL, /**< 16 / 0x10 */
1884 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1885 ProcessPriorityClass, /**< 18 / 0x12 */
1886 ProcessWx86Information, /**< 19 / 0x13 */
1887 ProcessHandleCount, /**< 20 / 0x14 */
1888 ProcessAffinityMask, /**< 21 / 0x15 */
1889 ProcessPriorityBoost, /**< 22 / 0x16 */
1890 ProcessDeviceMap, /**< 23 / 0x17 */
1891 ProcessSessionInformation, /**< 24 / 0x18 */
1892 ProcessForegroundInformation, /**< 25 / 0x19 */
1893 ProcessWow64Information, /**< 26 / 0x1a */
1894 ProcessImageFileName, /**< 27 / 0x1b */
1895 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1896 ProcessBreakOnTermination, /**< 29 / 0x1d */
1897 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1898 ProcessDebugFlags, /**< 31 / 0x1f */
1899 ProcessHandleTracing, /**< 32 / 0x20 */
1900 ProcessIoPriority, /**< 33 / 0x21 */
1901 ProcessExecuteFlags, /**< 34 / 0x22 */
1902 ProcessTlsInformation, /**< 35 / 0x23 */
1903 ProcessCookie, /**< 36 / 0x24 */
1904 ProcessImageInformation, /**< 37 / 0x25 */
1905 ProcessCycleTime, /**< 38 / 0x26 */
1906 ProcessPagePriority, /**< 39 / 0x27 */
1907 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1908 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1909 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1910 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1911 ProcessImageFileMapping, /**< 44 / 0x2c */
1912 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1913 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1914 ProcessGroupInformation, /**< 47 / 0x2f */
1915 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1916 ProcessOwnerInformation, /**< 49 / 0x31 */
1917 ProcessWindowInformation, /**< 50 / 0x32 */
1918 ProcessHandleInformation, /**< 51 / 0x33 */
1919 ProcessMitigationPolicy, /**< 52 / 0x34 */
1920 ProcessDynamicFunctionTableInformation, /**< 53 / 0x35 */
1921 ProcessHandleCheckingMode, /**< 54 / 0x36 */
1922 ProcessKeepAliveCount, /**< 55 / 0x37 */
1923 ProcessRevokeFileHandles, /**< 56 / 0x38 */
1924 ProcessWorkingSetControl, /**< 57 / 0x39 */
1925 ProcessHandleTable, /**< 58 / 0x3a */
1926 ProcessCheckStackExtentsMode, /**< 59 / 0x3b */
1927 ProcessCommandLineInformation, /**< 60 / 0x3c */
1928 ProcessProtectionInformation, /**< 61 / 0x3d */
1929 ProcessMemoryExhaustion, /**< 62 / 0x3e */
1930 ProcessFaultInformation, /**< 63 / 0x3f */
1931 ProcessTelemetryIdInformation, /**< 64 / 0x40 */
1932 ProcessCommitReleaseInformation, /**< 65 / 0x41 */
1933 ProcessDefaultCpuSetsInformation, /**< 66 / 0x42 - aka ProcessReserved1Information */
1934 ProcessAllowedCpuSetsInformation, /**< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 */
1935 ProcessSubsystemProcess, /**< 68 / 0x44 */
1936 ProcessJobMemoryInformation, /**< 69 / 0x45 */
1937 ProcessInPrivate, /**< 70 / 0x46 */
1938 ProcessRaiseUMExceptionOnInvalidHandleClose,/**< 71 / 0x47 */
1939 ProcessIumChallengeResponse, /**< 72 / 0x48 */
1940 ProcessChildProcessInformation, /**< 73 / 0x49 */
1941 ProcessHighGraphicsPriorityInformation, /**< 74 / 0x4a */
1942 ProcessSubsystemInformation, /**< 75 / 0x4b */
1943 ProcessEnergyValues, /**< 76 / 0x4c */
1944 ProcessPowerThrottlingState, /**< 77 / 0x4d */
1945 ProcessReserved3Information, /**< 78 / 0x4e */
1946 ProcessWin32kSyscallFilterInformation, /**< 79 / 0x4f */
1947 ProcessDisableSystemAllowedCpuSets, /**< 80 / 0x50 */
1948 ProcessWakeInformation, /**< 81 / 0x51 */
1949 ProcessEnergyTrackingState, /**< 82 / 0x52 */
1950 ProcessManageWritesToExecutableMemory, /**< 83 / 0x53 */
1951 ProcessCaptureTrustletLiveDump, /**< 84 / 0x54 */
1952 ProcessTelemetryCoverage, /**< 85 / 0x55 */
1953 ProcessEnclaveInformation, /**< 86 / 0x56 */
1954 ProcessEnableReadWriteVmLogging, /**< 87 / 0x57 */
1955 ProcessUptimeInformation, /**< 88 / 0x58 */
1956 ProcessImageSection, /**< 89 / 0x59 */
1957 ProcessDebugAuthInformation, /**< 90 / 0x5a */
1958 ProcessSystemResourceManagement, /**< 92 / 0x5b */
1959 ProcessSequenceNumber, /**< 93 / 0x5c */
1960 MaxProcessInfoClass
1961} PROCESSINFOCLASS;
1962AssertCompile(ProcessSequenceNumber == 0x5c);
1963NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1964#if ARCH_BITS == 32
1965/** 64-bit API pass thru to WOW64 processes. */
1966NTSYSAPI NTSTATUS NTAPI NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1967#endif
1968
1969typedef enum _THREADINFOCLASS
1970{
1971 ThreadBasicInformation = 0,
1972 ThreadTimes,
1973 ThreadPriority,
1974 ThreadBasePriority,
1975 ThreadAffinityMask,
1976 ThreadImpersonationToken,
1977 ThreadDescriptorTableEntry,
1978 ThreadEnableAlignmentFaultFixup,
1979 ThreadEventPair_Reusable,
1980 ThreadQuerySetWin32StartAddress,
1981 ThreadZeroTlsCell,
1982 ThreadPerformanceCount,
1983 ThreadAmILastThread,
1984 ThreadIdealProcessor,
1985 ThreadPriorityBoost,
1986 ThreadSetTlsArrayAddress,
1987 ThreadIsIoPending,
1988 ThreadHideFromDebugger,
1989 ThreadBreakOnTermination,
1990 ThreadSwitchLegacyState,
1991 ThreadIsTerminated,
1992 ThreadLastSystemCall,
1993 ThreadIoPriority,
1994 ThreadCycleTime,
1995 ThreadPagePriority,
1996 ThreadActualBasePriority,
1997 ThreadTebInformation,
1998 ThreadCSwitchMon,
1999 ThreadCSwitchPmu,
2000 ThreadWow64Context,
2001 ThreadGroupInformation,
2002 ThreadUmsInformation,
2003 ThreadCounterProfiling,
2004 ThreadIdealProcessorEx,
2005 ThreadCpuAccountingInformation,
2006 MaxThreadInfoClass
2007} THREADINFOCLASS;
2008NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2009
2010NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2011NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2012
2013NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2014NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2015NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2016NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2017
2018NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2019NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2020
2021NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2022NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
2023NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
2024NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2025NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
2026NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
2027NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2028NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2029NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
2030
2031#endif /* IPRT_NT_USE_WINTERNL */
2032
2033/** For use with ObjectHandleFlagInformation. */
2034typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2035{
2036 BOOLEAN Inherit;
2037 BOOLEAN ProtectFromClose;
2038} OBJECT_HANDLE_FLAG_INFORMATION;
2039typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2040
2041typedef enum _OBJECT_INFORMATION_CLASS
2042{
2043 ObjectBasicInformation = 0,
2044 ObjectNameInformation,
2045 ObjectTypeInformation,
2046 ObjectAllInformation,
2047 ObjectHandleFlagInformation,
2048 ObjectSessionInformation,
2049 MaxObjectInfoClass
2050} OBJECT_INFORMATION_CLASS;
2051typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2052#ifdef IN_RING0
2053# define NtQueryObject ZwQueryObject
2054#endif
2055NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2056NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2057NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2058
2059NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2060
2061typedef struct _OBJECT_DIRECTORY_INFORMATION
2062{
2063 UNICODE_STRING Name;
2064 UNICODE_STRING TypeName;
2065} OBJECT_DIRECTORY_INFORMATION;
2066typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2067NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2068
2069NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
2070NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
2071/** @name ProcessDefaultHardErrorMode bit definitions.
2072 * @{ */
2073#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
2074#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2075#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2076#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2077/** @} */
2078NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2079NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
2080
2081/** Returned by NtQUerySection with SectionBasicInformation. */
2082typedef struct _SECTION_BASIC_INFORMATION
2083{
2084 PVOID BaseAddress;
2085 ULONG AllocationAttributes;
2086 LARGE_INTEGER MaximumSize;
2087} SECTION_BASIC_INFORMATION;
2088typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2089
2090/** Retured by ProcessImageInformation as well as NtQuerySection. */
2091typedef struct _SECTION_IMAGE_INFORMATION
2092{
2093 PVOID TransferAddress;
2094 ULONG ZeroBits;
2095 SIZE_T MaximumStackSize;
2096 SIZE_T CommittedStackSize;
2097 ULONG SubSystemType;
2098 union
2099 {
2100 struct
2101 {
2102 USHORT SubSystemMinorVersion;
2103 USHORT SubSystemMajorVersion;
2104 };
2105 ULONG SubSystemVersion;
2106 };
2107 ULONG GpValue;
2108 USHORT ImageCharacteristics;
2109 USHORT DllCharacteristics;
2110 USHORT Machine;
2111 BOOLEAN ImageContainsCode;
2112 union /**< Since Vista, used to be a spare BOOLEAN. */
2113 {
2114 struct
2115 {
2116 UCHAR ComPlusNativeRead : 1;
2117 UCHAR ComPlusILOnly : 1;
2118 UCHAR ImageDynamicallyRelocated : 1;
2119 UCHAR ImageMAppedFlat : 1;
2120 UCHAR Reserved : 4;
2121 };
2122 UCHAR ImageFlags;
2123 };
2124 ULONG LoaderFlags;
2125 ULONG ImageFileSize; /**< Since XP? */
2126 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2127} SECTION_IMAGE_INFORMATION;
2128typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2129
2130typedef enum _SECTION_INFORMATION_CLASS
2131{
2132 SectionBasicInformation = 0,
2133 SectionImageInformation,
2134 MaxSectionInfoClass
2135} SECTION_INFORMATION_CLASS;
2136NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2137
2138NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2139NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2140NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2141#ifndef SYMBOLIC_LINK_QUERY
2142# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2143#endif
2144#ifndef SYMBOLIC_LINK_ALL_ACCESS
2145# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2146#endif
2147
2148NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2149NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2150NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2151NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2152NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2153NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2154NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(void);
2155
2156
2157#ifndef SEC_FILE
2158# define SEC_FILE UINT32_C(0x00800000)
2159#endif
2160#ifndef SEC_IMAGE
2161# define SEC_IMAGE UINT32_C(0x01000000)
2162#endif
2163#ifndef SEC_PROTECTED_IMAGE
2164# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2165#endif
2166#ifndef SEC_NOCACHE
2167# define SEC_NOCACHE UINT32_C(0x10000000)
2168#endif
2169#ifndef MEM_ROTATE
2170# define MEM_ROTATE UINT32_C(0x00800000)
2171#endif
2172typedef enum _MEMORY_INFORMATION_CLASS
2173{
2174 MemoryBasicInformation = 0,
2175 MemoryWorkingSetList,
2176 MemorySectionName,
2177 MemoryBasicVlmInformation
2178} MEMORY_INFORMATION_CLASS;
2179#ifdef IN_RING0
2180typedef struct _MEMORY_BASIC_INFORMATION
2181{
2182 PVOID BaseAddress;
2183 PVOID AllocationBase;
2184 ULONG AllocationProtect;
2185 SIZE_T RegionSize;
2186 ULONG State;
2187 ULONG Protect;
2188 ULONG Type;
2189} MEMORY_BASIC_INFORMATION;
2190typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2191# define NtQueryVirtualMemory ZwQueryVirtualMemory
2192#endif
2193NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2194#ifdef IPRT_NT_USE_WINTERNL
2195NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2196#endif
2197NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2198NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2199
2200typedef enum _SYSTEM_INFORMATION_CLASS
2201{
2202 SystemBasicInformation = 0,
2203 SystemCpuInformation,
2204 SystemPerformanceInformation,
2205 SystemTimeOfDayInformation,
2206 SystemInformation_Unknown_4,
2207 SystemProcessInformation,
2208 SystemInformation_Unknown_6,
2209 SystemInformation_Unknown_7,
2210 SystemProcessorPerformanceInformation,
2211 SystemInformation_Unknown_9,
2212 SystemInformation_Unknown_10,
2213 SystemModuleInformation,
2214 SystemInformation_Unknown_12,
2215 SystemInformation_Unknown_13,
2216 SystemInformation_Unknown_14,
2217 SystemInformation_Unknown_15,
2218 SystemHandleInformation,
2219 SystemInformation_Unknown_17,
2220 SystemPageFileInformation,
2221 SystemInformation_Unknown_19,
2222 SystemInformation_Unknown_20,
2223 SystemCacheInformation,
2224 SystemInformation_Unknown_22,
2225 SystemInterruptInformation,
2226 SystemDpcBehaviourInformation,
2227 SystemFullMemoryInformation,
2228 SystemLoadGdiDriverInformation, /* 26 */
2229 SystemUnloadGdiDriverInformation, /* 27 */
2230 SystemTimeAdjustmentInformation,
2231 SystemSummaryMemoryInformation,
2232 SystemInformation_Unknown_30,
2233 SystemInformation_Unknown_31,
2234 SystemInformation_Unknown_32,
2235 SystemExceptionInformation,
2236 SystemCrashDumpStateInformation,
2237 SystemKernelDebuggerInformation,
2238 SystemContextSwitchInformation,
2239 SystemRegistryQuotaInformation,
2240 SystemInformation_Unknown_38,
2241 SystemInformation_Unknown_39,
2242 SystemInformation_Unknown_40,
2243 SystemInformation_Unknown_41,
2244 SystemInformation_Unknown_42,
2245 SystemInformation_Unknown_43,
2246 SystemCurrentTimeZoneInformation,
2247 SystemLookasideInformation,
2248 SystemSetTimeSlipEvent,
2249 SystemCreateSession,
2250 SystemDeleteSession,
2251 SystemInformation_Unknown_49,
2252 SystemRangeStartInformation,
2253 SystemVerifierInformation,
2254 SystemInformation_Unknown_52,
2255 SystemSessionProcessInformation,
2256 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2257 SystemInformation_Unknown_55,
2258 SystemInformation_Unknown_56,
2259 SystemExtendedProcessInformation,
2260 SystemInformation_Unknown_58,
2261 SystemInformation_Unknown_59,
2262 SystemInformation_Unknown_60,
2263 SystemInformation_Unknown_61,
2264 SystemInformation_Unknown_62,
2265 SystemInformation_Unknown_63,
2266 SystemExtendedHandleInformation, /* 64 */
2267 SystemInformation_Unknown_65,
2268 SystemInformation_Unknown_66,
2269 SystemInformation_Unknown_67,
2270 SystemInformation_Unknown_68,
2271 SystemInformation_HotPatchInfo, /* 69 */
2272 SystemInformation_Unknown_70,
2273 SystemInformation_Unknown_71,
2274 SystemInformation_Unknown_72,
2275 SystemInformation_Unknown_73,
2276 SystemInformation_Unknown_74,
2277 SystemInformation_Unknown_75,
2278 SystemInformation_Unknown_76,
2279 SystemInformation_Unknown_77,
2280 SystemInformation_Unknown_78,
2281 SystemInformation_Unknown_79,
2282 SystemInformation_Unknown_80,
2283 SystemInformation_Unknown_81,
2284 SystemInformation_Unknown_82,
2285 SystemInformation_Unknown_83,
2286 SystemInformation_Unknown_84,
2287 SystemInformation_Unknown_85,
2288 SystemInformation_Unknown_86,
2289 SystemInformation_Unknown_87,
2290 SystemInformation_Unknown_88,
2291 SystemInformation_Unknown_89,
2292 SystemInformation_Unknown_90,
2293 SystemInformation_Unknown_91,
2294 SystemInformation_Unknown_92,
2295 SystemInformation_Unknown_93,
2296 SystemInformation_Unknown_94,
2297 SystemInformation_Unknown_95,
2298 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2299 SystemInformation_Unknown_97,
2300 SystemInformation_Unknown_98,
2301 SystemInformation_Unknown_99,
2302 SystemInformation_Unknown_100,
2303 SystemInformation_Unknown_101,
2304 SystemInformation_Unknown_102,
2305 SystemInformation_Unknown_103,
2306 SystemInformation_Unknown_104,
2307 SystemInformation_Unknown_105,
2308 SystemInformation_Unknown_107,
2309 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2310
2311 /** @todo fill gap. they've added a whole bunch of things */
2312 SystemPolicyInformation = 134,
2313 SystemInformationClassMax
2314} SYSTEM_INFORMATION_CLASS;
2315
2316#ifdef IPRT_NT_USE_WINTERNL
2317typedef struct _VM_COUNTERS
2318{
2319 SIZE_T PeakVirtualSize;
2320 SIZE_T VirtualSize;
2321 ULONG PageFaultCount;
2322 SIZE_T PeakWorkingSetSize;
2323 SIZE_T WorkingSetSize;
2324 SIZE_T QuotaPeakPagedPoolUsage;
2325 SIZE_T QuotaPagedPoolUsage;
2326 SIZE_T QuotaPeakNonPagedPoolUsage;
2327 SIZE_T QuotaNonPagedPoolUsage;
2328 SIZE_T PagefileUsage;
2329 SIZE_T PeakPagefileUsage;
2330} VM_COUNTERS;
2331typedef VM_COUNTERS *PVM_COUNTERS;
2332#endif
2333
2334#if 0
2335typedef struct _IO_COUNTERS
2336{
2337 ULONGLONG ReadOperationCount;
2338 ULONGLONG WriteOperationCount;
2339 ULONGLONG OtherOperationCount;
2340 ULONGLONG ReadTransferCount;
2341 ULONGLONG WriteTransferCount;
2342 ULONGLONG OtherTransferCount;
2343} IO_COUNTERS;
2344typedef IO_COUNTERS *PIO_COUNTERS;
2345#endif
2346
2347typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2348{
2349 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2350 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2351 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2352 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2353 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2354 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2355 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2356 int32_t BasePriority; /**< 0x40 / 0x48 */
2357 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2358 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2359 ULONG HandleCount; /**< 0x4c / 0x60 */
2360 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2361 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2362 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2363 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2364 /* After this follows the threads, then the ProcessName.Buffer. */
2365} RTNT_SYSTEM_PROCESS_INFORMATION;
2366typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2367#ifndef IPRT_NT_USE_WINTERNL
2368typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2369typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2370#endif
2371
2372typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2373{
2374 USHORT UniqueProcessId;
2375 USHORT CreatorBackTraceIndex;
2376 UCHAR ObjectTypeIndex;
2377 UCHAR HandleAttributes;
2378 USHORT HandleValue;
2379 PVOID Object;
2380 ULONG GrantedAccess;
2381} SYSTEM_HANDLE_ENTRY_INFO;
2382typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2383
2384/** Returned by SystemHandleInformation */
2385typedef struct _SYSTEM_HANDLE_INFORMATION
2386{
2387 ULONG NumberOfHandles;
2388 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2389} SYSTEM_HANDLE_INFORMATION;
2390typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2391
2392/** Extended handle information entry.
2393 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2394typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2395{
2396 PVOID Object;
2397 HANDLE UniqueProcessId;
2398 HANDLE HandleValue;
2399 ACCESS_MASK GrantedAccess;
2400 USHORT CreatorBackTraceIndex;
2401 USHORT ObjectTypeIndex;
2402 ULONG HandleAttributes;
2403 ULONG Reserved;
2404} SYSTEM_HANDLE_ENTRY_INFO_EX;
2405typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2406
2407/** Returned by SystemExtendedHandleInformation. */
2408typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2409{
2410 ULONG_PTR NumberOfHandles;
2411 ULONG_PTR Reserved;
2412 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2413} SYSTEM_HANDLE_INFORMATION_EX;
2414typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2415
2416/** Returned by SystemSessionProcessInformation. */
2417typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2418{
2419 ULONG SessionId;
2420 ULONG BufferLength;
2421 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2422 PVOID Buffer;
2423} SYSTEM_SESSION_PROCESS_INFORMATION;
2424typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2425
2426typedef struct _RTL_PROCESS_MODULE_INFORMATION
2427{
2428 HANDLE Section; /**< 0x00 / 0x00 */
2429 PVOID MappedBase; /**< 0x04 / 0x08 */
2430 PVOID ImageBase; /**< 0x08 / 0x10 */
2431 ULONG ImageSize; /**< 0x0c / 0x18 */
2432 ULONG Flags; /**< 0x10 / 0x1c */
2433 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
2434 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
2435 USHORT LoadCount; /**< 0x18 / 0x24 */
2436 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
2437 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
2438} RTL_PROCESS_MODULE_INFORMATION;
2439typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
2440
2441/** Returned by SystemModuleInformation. */
2442typedef struct _RTL_PROCESS_MODULES
2443{
2444 ULONG NumberOfModules;
2445 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
2446} RTL_PROCESS_MODULES;
2447typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
2448
2449NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2450#ifndef IPRT_NT_MAP_TO_ZW
2451NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2452#endif
2453
2454NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2455NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2456
2457NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2458NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2459#ifndef IPRT_NT_USE_WINTERNL
2460NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2461#endif
2462typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2463typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2464NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2465
2466NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2467
2468#ifdef IPRT_NT_USE_WINTERNL
2469typedef enum _EVENT_TYPE
2470{
2471 /* Manual reset event. */
2472 NotificationEvent = 0,
2473 /* Automaitc reset event. */
2474 SynchronizationEvent
2475} EVENT_TYPE;
2476#endif
2477NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2478NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2479typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2480NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2481NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2482NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2483typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2484typedef enum _EVENT_INFORMATION_CLASS
2485{
2486 EventBasicInformation = 0
2487} EVENT_INFORMATION_CLASS;
2488/** Data returned by NtQueryEvent + EventBasicInformation. */
2489typedef struct EVENT_BASIC_INFORMATION
2490{
2491 EVENT_TYPE EventType;
2492 ULONG EventState;
2493} EVENT_BASIC_INFORMATION;
2494typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2495NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2496
2497#ifdef IPRT_NT_USE_WINTERNL
2498/** For NtQueryValueKey. */
2499typedef enum _KEY_VALUE_INFORMATION_CLASS
2500{
2501 KeyValueBasicInformation = 0,
2502 KeyValueFullInformation,
2503 KeyValuePartialInformation,
2504 KeyValueFullInformationAlign64,
2505 KeyValuePartialInformationAlign64
2506} KEY_VALUE_INFORMATION_CLASS;
2507
2508/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2509typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2510{
2511 ULONG TitleIndex;
2512 ULONG Type;
2513 ULONG DataLength;
2514 UCHAR Data[1];
2515} KEY_VALUE_PARTIAL_INFORMATION;
2516typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2517#endif
2518NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2519NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2520
2521
2522NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2523
2524
2525typedef struct _CURDIR
2526{
2527 UNICODE_STRING DosPath;
2528 HANDLE Handle; /**< 0x10 / 0x08 */
2529} CURDIR;
2530AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
2531typedef CURDIR *PCURDIR;
2532
2533typedef struct _RTL_DRIVE_LETTER_CURDIR
2534{
2535 USHORT Flags;
2536 USHORT Length;
2537 ULONG TimeStamp;
2538 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2539} RTL_DRIVE_LETTER_CURDIR;
2540typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2541
2542typedef struct _RTL_USER_PROCESS_PARAMETERS
2543{
2544 ULONG MaximumLength; /**< 0x000 / 0x000 */
2545 ULONG Length; /**< 0x004 / 0x004 */
2546 ULONG Flags; /**< 0x008 / 0x008 */
2547 ULONG DebugFlags; /**< 0x00c / 0x00c */
2548 HANDLE ConsoleHandle; /**< 0x010 / 0x010 */
2549 ULONG ConsoleFlags; /**< 0x018 / 0x014 */
2550 HANDLE StandardInput; /**< 0x020 / 0x018 */
2551 HANDLE StandardOutput; /**< 0x028 / 0x01c */
2552 HANDLE StandardError; /**< 0x030 / 0x020 */
2553 CURDIR CurrentDirectory; /**< 0x038 / 0x024 */
2554 UNICODE_STRING DllPath; /**< 0x050 / 0x030 */
2555 UNICODE_STRING ImagePathName; /**< 0x060 / 0x038 */
2556 UNICODE_STRING CommandLine; /**< 0x070 / 0x040 */
2557 PWSTR Environment; /**< 0x080 / 0x048 */
2558 ULONG StartingX; /**< 0x088 / 0x04c */
2559 ULONG StartingY; /**< 0x090 / 0x050 */
2560 ULONG CountX; /**< 0x094 / 0x054 */
2561 ULONG CountY; /**< 0x098 / 0x058 */
2562 ULONG CountCharsX; /**< 0x09c / 0x05c */
2563 ULONG CountCharsY; /**< 0x0a0 / 0x060 */
2564 ULONG FillAttribute; /**< 0x0a4 / 0x064 */
2565 ULONG WindowFlags; /**< 0x0a8 / 0x068 */
2566 ULONG ShowWindowFlags; /**< 0x0ac / 0x06c */
2567 UNICODE_STRING WindowTitle; /**< 0x0b0 / 0x070 */
2568 UNICODE_STRING DesktopInfo; /**< 0x0c0 / 0x078 */
2569 UNICODE_STRING ShellInfo; /**< 0x0d0 / 0x080 */
2570 UNICODE_STRING RuntimeInfo; /**< 0x0e0 / 0x088 */
2571 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /**< 0x0f0 / 0x090 */
2572 SIZE_T EnvironmentSize; /**< 0x3f0 / 0x - Added in Vista */
2573 SIZE_T EnvironmentVersion; /**< 0x3f8 / 0x - Added in Windows 7. */
2574 PVOID PackageDependencyData; /**< 0x400 / 0x - Added Windows 8? */
2575 ULONG ProcessGroupId; /**< 0x408 / 0x - Added Windows 8? */
2576 ULONG LoaderThreads; /**< 0x40c / 0x - Added Windows 10? */
2577} RTL_USER_PROCESS_PARAMETERS;
2578typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2579#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2580
2581typedef struct _RTL_USER_PROCESS_INFORMATION
2582{
2583 ULONG Size;
2584 HANDLE ProcessHandle;
2585 HANDLE ThreadHandle;
2586 CLIENT_ID ClientId;
2587 SECTION_IMAGE_INFORMATION ImageInformation;
2588} RTL_USER_PROCESS_INFORMATION;
2589typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2590
2591
2592NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2593 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2594NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2595 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2596 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2597 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2598 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2599NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2600NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2601 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2602
2603#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2604typedef struct _RTL_CRITICAL_SECTION
2605{
2606 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2607 LONG LockCount;
2608 LONG Recursioncount;
2609 HANDLE OwningThread;
2610 HANDLE LockSemaphore;
2611 ULONG_PTR SpinCount;
2612} RTL_CRITICAL_SECTION;
2613typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2614#endif
2615
2616/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2617
2618/** @def RTL_QUERY_REGISTRY_TYPECHECK
2619 * WDK 8.1+, backported in updates, ignored in older. */
2620#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2621# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2622#endif
2623/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2624 * WDK 8.1+, backported in updates, ignored in older. */
2625#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2626# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2627#endif
2628
2629
2630RT_C_DECLS_END
2631/** @} */
2632
2633
2634#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2635/** @name NT Kernel APIs
2636 * @{ */
2637RT_C_DECLS_BEGIN
2638
2639typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2640
2641NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2642typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2643NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2644typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2645NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2646typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2647NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2648typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2649NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2650typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2651NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2652typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2653NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2654typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2655NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2656typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2657NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2658typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2659NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2660typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2661/** Works like anding the complemented subtrahend with the minuend. */
2662NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2663typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2664NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2665typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2666NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2667typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2668NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2669typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2670NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2671typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2672NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2673typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2674typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2675typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2676typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2677typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2678typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2679typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2680typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2681typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2682typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2683typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2684typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2685 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2686 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2687typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2688typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2689typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2690typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
2691
2692NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2693 PVOID pvOptionalConditions, PHANDLE phFound);
2694NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2695 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2696 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2697NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2698NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2699NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2700NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2701extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2702extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2703
2704typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2705typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2706
2707RT_C_DECLS_END
2708/** @ */
2709#endif /* IN_RING0 */
2710
2711
2712#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2713/** @name NT Userland APIs
2714 * @{ */
2715RT_C_DECLS_BEGIN
2716
2717#if 0 /** @todo figure this out some time... */
2718typedef struct CSR_MSG_DATA_CREATED_PROCESS
2719{
2720 HANDLE hProcess;
2721 HANDLE hThread;
2722 CLIENT_ID
2723 DWORD idProcess;
2724 DWORD idThread;
2725 DWORD fCreate;
2726
2727} CSR_MSG_DATA_CREATED_PROCESS;
2728
2729#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2730#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2731NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2732#endif
2733
2734NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2735
2736typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2737{
2738 ULONG Flags;
2739 PCUNICODE_STRING FullDllName;
2740 PCUNICODE_STRING BaseDllName;
2741 PVOID DllBase;
2742 ULONG SizeOfImage;
2743} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2744typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2745typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2746
2747typedef union _LDR_DLL_NOTIFICATION_DATA
2748{
2749 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2750 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2751} LDR_DLL_NOTIFICATION_DATA;
2752typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2753typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2754
2755typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2756
2757#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2758#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2759NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2760 PVOID *pvCookie);
2761typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2762NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2763typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2764
2765NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2766 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2767typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2768 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2769NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2770typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2771NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2772 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2773typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2774 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2775#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2776#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2777/** @since Windows XP. */
2778NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2779 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2780/** @since Windows XP. */
2781typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2782 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2783/** @since Windows 7. */
2784NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2785/** @since Windows 7. */
2786typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2787/** @since Windows 7. */
2788NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2789 OUT PHANDLE phDll);
2790/** @since Windows 7. */
2791typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2792 OUT PHANDLE phDll);
2793#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2794NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2795typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2796NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2797 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2798typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2799 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2800#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2801/** @since Windows Vista. */
2802NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2803 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2804/** @since Windows Vista. */
2805typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2806 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2807#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2808#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2809#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2810#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2811#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2812/** @since Windows XP. */
2813NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2814/** @since Windows XP. */
2815typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2816#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2817/** @since Windows XP. */
2818NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2819/** @since Windows XP. */
2820typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2821
2822NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2823NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2824NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2825NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2826 IN PCUNICODE_STRING pOrgName,
2827 IN PUNICODE_STRING pDefaultSuffix,
2828 IN OUT PUNICODE_STRING pStaticString,
2829 IN OUT PUNICODE_STRING pDynamicString,
2830 IN OUT PUNICODE_STRING *ppResultString,
2831 IN PULONG pfNewFlags OPTIONAL,
2832 IN PSIZE_T pcbFilename OPTIONAL,
2833 IN PSIZE_T pcbNeeded OPTIONAL);
2834/** @since Windows 8.
2835 * @note Status code is always zero in windows 10 build 14393. */
2836NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2837/** @copydoc ApiSetQueryApiSetPresence */
2838typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2839
2840
2841# ifdef IPRT_NT_USE_WINTERNL
2842typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2843typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2844typedef struct _RTL_HEAP_PARAMETERS
2845{
2846 ULONG Length;
2847 SIZE_T SegmentReserve;
2848 SIZE_T SegmentCommit;
2849 SIZE_T DeCommitFreeBlockThreshold;
2850 SIZE_T DeCommitTotalFreeThreshold;
2851 SIZE_T MaximumAllocationSize;
2852 SIZE_T VirtualMemoryThreshold;
2853 SIZE_T InitialCommit;
2854 SIZE_T InitialReserve;
2855 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2856 SIZE_T Reserved[2];
2857} RTL_HEAP_PARAMETERS;
2858typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2859NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2860 PRTL_HEAP_PARAMETERS pParameters);
2861/** @name Heap flags (for RtlCreateHeap).
2862 * @{ */
2863/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2864# define HEAP_GROWABLE UINT32_C(0x00000002)
2865# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2866# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2867# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2868# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2869# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2870# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2871# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2872# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2873# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2874# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2875# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2876# define HEAP_CLASS_0 UINT32_C(0x00000000)
2877# define HEAP_CLASS_1 UINT32_C(0x00001000)
2878# define HEAP_CLASS_2 UINT32_C(0x00002000)
2879# define HEAP_CLASS_3 UINT32_C(0x00003000)
2880# define HEAP_CLASS_4 UINT32_C(0x00004000)
2881# define HEAP_CLASS_5 UINT32_C(0x00005000)
2882# define HEAP_CLASS_6 UINT32_C(0x00006000)
2883# define HEAP_CLASS_7 UINT32_C(0x00007000)
2884# define HEAP_CLASS_8 UINT32_C(0x00008000)
2885# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2886# endif
2887# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2888# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2889# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2890# define HEAP_CLASS_GDI HEAP_CLASS_3
2891# define HEAP_CLASS_USER HEAP_CLASS_4
2892# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2893# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2894# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2895# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2896# ifdef IPRT_NT_USE_WINTERNL
2897/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2898# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2899# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2900# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2901# endif /* IPRT_NT_USE_WINTERNL */
2902/** @} */
2903# ifdef IPRT_NT_USE_WINTERNL
2904/** @name Heap tagging constants
2905 * @{ */
2906# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2907/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2908# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2909# define HEAP_TAG_SHIFT 18 */
2910# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2911/** @} */
2912NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2913NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2914NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2915# endif /* IPRT_NT_USE_WINTERNL */
2916NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2917NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2918NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2919NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2920NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2921NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2922NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2923NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2924NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2925NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2926typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2927NTSYSAPI uint64_t NTAPI RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
2928typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
2929NTSYSAPI BOOLEAN NTAPI RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
2930typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
2931
2932RT_C_DECLS_END
2933/** @} */
2934#endif /* IN_RING3 */
2935
2936#endif
2937
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette