nt.h@ 83941

Last change on this file since 83941 was 82968, checked in by vboxsync, 5 years ago
Copyright year updates by scm.
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 165.5 KB

Line
1	/* $Id: nt.h 82968 2020-02-04 10:35:17Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2020 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef IPRT_INCLUDED_nt_nt_h
28	#define IPRT_INCLUDED_nt_nt_h
29	#ifndef RT_WITHOUT_PRAGMA_ONCE
30	# pragma once
31	#endif
32
33	/** @def IPRT_NT_MAP_TO_ZW
34	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35	* to the APIs (takes care of the previous context checks).
36	*/
37	#ifdef DOXYGEN_RUNNING
38	# define IPRT_NT_MAP_TO_ZW
39	#endif
40
41	#ifdef IPRT_NT_MAP_TO_ZW
42	# define NtQueryDirectoryFile ZwQueryDirectoryFile
43	# define NtQueryInformationFile ZwQueryInformationFile
44	# define NtQueryInformationProcess ZwQueryInformationProcess
45	# define NtQueryInformationThread ZwQueryInformationThread
46	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47	# define NtQuerySystemInformation ZwQuerySystemInformation
48	# define NtQuerySecurityObject ZwQuerySecurityObject
49	# define NtSetInformationFile ZwSetInformationFile
50	# define NtClose ZwClose
51	# define NtCreateFile ZwCreateFile
52	# define NtReadFile ZwReadFile
53	# define NtWriteFile ZwWriteFile
54	# define NtFlushBuffersFile ZwFlushBuffersFile
55	/** @todo this is very incomplete! */
56	#endif
57
58	#include <ntstatus.h>
59
60	/*
61	* Hacks common to both base header sets.
62	*/
63	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64	#define NtQueryObject Incomplete_NtQueryObject
65	#define ZwQueryObject Incomplete_ZwQueryObject
66	#define NtSetInformationObject Incomplete_NtSetInformationObject
67	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71	#define _PEB Incomplete__PEB
72	#define PEB Incomplete_PEB
73	#define PPEB Incomplete_PPEB
74	#define _TEB Incomplete__TEB
75	#define TEB Incomplete_TEB
76	#define PTEB Incomplete_PTEB
77	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86	#ifdef IPRT_NT_USE_WINTERNL
87	/*
88	* Use Winternl.h.
89	*/
90	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
122	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
123	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
124	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
125	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
126	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
127	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
128	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
129	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
130	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
131
132
133	# pragma warning(push)
134	# pragma warning(disable: 4668)
135	# define WIN32_NO_STATUS
136	# include <windef.h>
137	# include <winnt.h>
138	# include <winternl.h>
139	# undef WIN32_NO_STATUS
140	# include <ntstatus.h>
141	# pragma warning(pop)
142
143	# ifndef OBJ_DONT_REPARSE
144	# define RTNT_NEED_CLIENT_ID
145	# endif
146
147	# undef _FILE_INFORMATION_CLASS
148	# undef FILE_INFORMATION_CLASS
149	# undef FileDirectoryInformation
150
151	# undef NtQueryInformationProcess
152	# undef NtSetInformationProcess
153	# undef PROCESSINFOCLASS
154	# undef _PROCESSINFOCLASS
155	# undef PROCESS_BASIC_INFORMATION
156	# undef PPROCESS_BASIC_INFORMATION
157	# undef _PROCESS_BASIC_INFORMATION
158	# undef ProcessBasicInformation
159	# undef ProcessDebugPort
160	# undef ProcessWow64Information
161	# undef ProcessImageFileName
162	# undef ProcessBreakOnTermination
163
164	# undef RTL_USER_PROCESS_PARAMETERS
165	# undef PRTL_USER_PROCESS_PARAMETERS
166	# undef _RTL_USER_PROCESS_PARAMETERS
167
168	# undef NtQueryInformationThread
169	# undef NtSetInformationThread
170	# undef THREADINFOCLASS
171	# undef _THREADINFOCLASS
172	# undef ThreadIsIoPending
173
174	# undef NtQuerySystemInformation
175	# undef NtSetSystemInformation
176	# undef SYSTEM_INFORMATION_CLASS
177	# undef _SYSTEM_INFORMATION_CLASS
178	# undef SystemBasicInformation
179	# undef SystemPerformanceInformation
180	# undef SystemTimeOfDayInformation
181	# undef SystemProcessInformation
182	# undef SystemProcessorPerformanceInformation
183	# undef SystemInterruptInformation
184	# undef SystemExceptionInformation
185	# undef SystemRegistryQuotaInformation
186	# undef SystemLookasideInformation
187	# undef SystemPolicyInformation
188
189	#else
190	/*
191	* Use ntifs.h and wdm.h.
192	*/
193	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
194	# define FORCEINLINE static __forceinline
195	# else
196	# define FORCEINLINE static __inline
197	# endif
198
199	# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
200	# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
201	# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
202	# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
203	# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
204	# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
205	# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
206	# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
207	# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
208	# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
209	# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
210	# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
211	# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
212	# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
213	# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
214	# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
215	# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
216	# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
217	# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
218	# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
219
220	# pragma warning(push)
221	# ifdef RT_ARCH_X86
222	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
223	# pragma warning(disable: 4163)
224	# endif
225	# pragma warning(disable: 4668)
226	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
227	# if _MSC_VER >= 1800 /RT_MSC_VER_VC120/
228	# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
229	# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
230	# endif
231
232	# include <ntifs.h>
233	# include <wdm.h>
234
235	# ifdef RT_ARCH_X86
236	# undef _InterlockedAddLargeStatistic
237	# endif
238	# pragma warning(pop)
239
240	# undef _FSINFOCLASS
241	# undef FS_INFORMATION_CLASS
242	# undef PFS_INFORMATION_CLASS
243	# undef FileFsVolumeInformation
244	# undef FileFsLabelInformation
245	# undef FileFsSizeInformation
246	# undef FileFsDeviceInformation
247	# undef FileFsAttributeInformation
248	# undef FileFsControlInformation
249	# undef FileFsFullSizeInformation
250	# undef FileFsObjectIdInformation
251	# undef FileFsDriverPathInformation
252	# undef FileFsVolumeFlagsInformation
253	# undef FileFsSectorSizeInformation
254	# undef FileFsDataCopyInformation
255	# undef FileFsMetadataSizeInformation
256	# undef FileFsFullSizeInformationEx
257	# undef FileFsMaximumInformation
258	# undef NtQueryVolumeInformationFile
259	# undef NtSetVolumeInformationFile
260
261	# define IPRT_NT_NEED_API_GROUP_NTIFS
262	#endif
263
264	#undef RtlFreeUnicodeString
265	#undef NtQueryObject
266	#undef ZwQueryObject
267	#undef NtSetInformationObject
268	#undef _OBJECT_INFORMATION_CLASS
269	#undef OBJECT_INFORMATION_CLASS
270	#undef ObjectBasicInformation
271	#undef ObjectTypeInformation
272	#undef _PEB
273	#undef PEB
274	#undef PPEB
275	#undef _TEB
276	#undef TEB
277	#undef PTEB
278	#undef _PEB_LDR_DATA
279	#undef PEB_LDR_DATA
280	#undef PPEB_LDR_DATA
281	#undef _KUSER_SHARED_DATA
282	#undef KUSER_SHARED_DATA
283	#undef PKUSER_SHARED_DATA
284
285
286	#include <iprt/types.h>
287	#include <iprt/assert.h>
288
289
290	/** @name Useful macros
291	* @{ */
292	/** Indicates that we're targeting native NT in the current source. */
293	#define RTNT_USE_NATIVE_NT 1
294	/** Initializes a IO_STATUS_BLOCK. */
295	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
296	/** Reinitializes a IO_STATUS_BLOCK. */
297	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
298	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
299	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
300	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
301	/** Constant UNICODE_STRING initializer. */
302	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
303	/** @} */
304
305
306	/** @name IPRT helper functions for NT
307	* @{ */
308	RT_C_DECLS_BEGIN
309
310	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
311	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
312	PHANDLE phHandle, PULONG_PTR puDisposition);
313	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
314	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
315	RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
316	ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
317	RTDECL(int) RTNtPathClose(HANDLE hHandle);
318
319	/**
320	* Converts a windows-style path to NT format and encoding.
321	*
322	* @returns IPRT status code.
323	* @param pNtName Where to return the NT name. Free using
324	* RTNtPathFree.
325	* @param phRootDir Where to return the root handle, if applicable.
326	* @param pszPath The UTF-8 path.
327	*/
328	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
329
330	/**
331	* Converts a UTF-16 windows-style path to NT format.
332	*
333	* @returns IPRT status code.
334	* @param pNtName Where to return the NT name. Free using
335	* RTNtPathFree.
336	* @param phRootDir Where to return the root handle, if applicable.
337	* @param pwszPath The UTF-16 windows-style path.
338	* @param cwcPath The max length of the windows-style path in
339	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
340	* pwszPath is correctly terminated.
341	*/
342	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
343
344	/**
345	* How to handle ascent ('..' relative to a root handle).
346	*/
347	typedef enum RTNTPATHRELATIVEASCENT
348	{
349	kRTNtPathRelativeAscent_Invalid = 0,
350	kRTNtPathRelativeAscent_Allow,
351	kRTNtPathRelativeAscent_Fail,
352	kRTNtPathRelativeAscent_Ignore,
353	kRTNtPathRelativeAscent_End,
354	kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
355	} RTNTPATHRELATIVEASCENT;
356
357	/**
358	* Converts a relative windows-style path to relative NT format and encoding.
359	*
360	* @returns IPRT status code.
361	* @param pNtName Where to return the NT name. Free using
362	* rtTNtPathToNative with phRootDir set to NULL.
363	* @param phRootDir On input, the handle to the directory the path
364	* is relative to. On output, the handle to
365	* specify as root directory in the object
366	* attributes when accessing the path. If
367	* enmAscent is kRTNtPathRelativeAscent_Allow, it
368	* may have been set to NULL.
369	* @param pszPath The relative UTF-8 path.
370	* @param enmAscent How to handle ascent.
371	* @param fMustReturnAbsolute Must convert to an absolute path. This
372	* is necessary if the root dir is a NT directory
373	* object (e.g. /Devices) since they cannot parse
374	* relative paths it seems.
375	*/
376	RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath,
377	RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
378
379	/**
380	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
381	* chars plus a terminator.
382	*
383	* The NT string must have been returned by RTNtPathFromWinUtf8 or
384	* RTNtPathFromWinUtf16Ex.
385	*
386	* @returns IPRT status code.
387	* @param pNtName The NT path string.
388	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
389	* @sa RTNtPathFree
390	*/
391	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
392
393	/**
394	* Gets the NT path to the object represented by the given handle.
395	*
396	* @returns IPRT status code.
397	* @param pNtName Where to return the NT path. Free using
398	* RTUtf16Alloc.
399	* @param hHandle The handle.
400	* @param cwcExtra How much extra space is needed.
401	*/
402	RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
403
404	/**
405	* Frees the native path and root handle.
406	*
407	* @param pNtName The NT path after a successful rtNtPathToNative
408	* call or RTNtPathRelativeFromUtf8.
409	* @param phRootDir The root handle variable from rtNtPathToNative,
410	*/
411	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
412
413
414	/**
415	* Checks whether the path could be containing alternative 8.3 names generated
416	* by NTFS, FAT, or other similar file systems.
417	*
418	* @returns Pointer to the first component that might be an 8.3 name, NULL if
419	* not 8.3 path.
420	* @param pwszPath The path to check.
421	*
422	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
423	* however, non-tilde 8.3 aliases are probably rare enough to not be
424	* worth all the extra code necessary to open each path component and
425	* check if we've got the short name or not.
426	*/
427	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
428
429	/**
430	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
431	* components.
432	*
433	* The path is fixed up in place. Errors are ignored.
434	*
435	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
436	* indicating the nature of last problem we ran into.
437	*
438	* @param pUniStr The path to fix up. MaximumLength is the max buffer
439	* length.
440	* @param fPathOnly Whether to only process the path and leave the filename
441	* as passed in.
442	*/
443	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
444
445	/**
446	* Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
447	* working on the input buffer.
448	*
449	* @returns IPRT status code, see RTNtPathExpand8dot3Path().
450	* @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
451	* length.
452	* @param fPathOnly Whether to only process the path and leave the filename
453	* as passed in.
454	* @param pUniStrDst Output string. On success, the caller must use
455	* RTUtf16Free to free what the Buffer member points to.
456	* This is all zeros and NULL on failure.
457	*/
458	RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING pUniStrDst);
459
460
461	RT_C_DECLS_END
462	/** @} */
463
464
465	/** @name NT API delcarations.
466	* @{ */
467	RT_C_DECLS_BEGIN
468
469	/** @name Process access rights missing in ntddk headers
470	* @{ */
471	#ifndef PROCESS_TERMINATE
472	# define PROCESS_TERMINATE UINT32_C(0x00000001)
473	#endif
474	#ifndef PROCESS_CREATE_THREAD
475	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
476	#endif
477	#ifndef PROCESS_SET_SESSIONID
478	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
479	#endif
480	#ifndef PROCESS_VM_OPERATION
481	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
482	#endif
483	#ifndef PROCESS_VM_READ
484	# define PROCESS_VM_READ UINT32_C(0x00000010)
485	#endif
486	#ifndef PROCESS_VM_WRITE
487	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
488	#endif
489	#ifndef PROCESS_DUP_HANDLE
490	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
491	#endif
492	#ifndef PROCESS_CREATE_PROCESS
493	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
494	#endif
495	#ifndef PROCESS_SET_QUOTA
496	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
497	#endif
498	#ifndef PROCESS_SET_INFORMATION
499	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
500	#endif
501	#ifndef PROCESS_QUERY_INFORMATION
502	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
503	#endif
504	#ifndef PROCESS_SUSPEND_RESUME
505	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
506	#endif
507	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
508	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
509	#endif
510	#ifndef PROCESS_SET_LIMITED_INFORMATION
511	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
512	#endif
513	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
514	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
515	#ifndef PROCESS_ALL_ACCESS
516	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
517	#endif
518	/** @} */
519
520	/** @name Thread access rights missing in ntddk headers
521	* @{ */
522	#ifndef THREAD_QUERY_INFORMATION
523	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
524	#endif
525	#ifndef THREAD_SET_THREAD_TOKEN
526	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
527	#endif
528	#ifndef THREAD_IMPERSONATE
529	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
530	#endif
531	#ifndef THREAD_DIRECT_IMPERSONATION
532	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
533	#endif
534	#ifndef THREAD_RESUME
535	# define THREAD_RESUME UINT32_C(0x00001000)
536	#endif
537	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
538	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
539	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
540	/** @} */
541
542	/** @name Special handle values.
543	* @{ */
544	#ifndef NtCurrentProcess
545	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
546	#endif
547	#ifndef NtCurrentThread
548	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
549	#endif
550	#ifndef ZwCurrentProcess
551	# define ZwCurrentProcess() NtCurrentProcess()
552	#endif
553	#ifndef ZwCurrentThread
554	# define ZwCurrentThread() NtCurrentThread()
555	#endif
556	/** @} */
557
558
559	/** @name Directory object access rights.
560	* @{ */
561	#ifndef DIRECTORY_QUERY
562	# define DIRECTORY_QUERY UINT32_C(0x00000001)
563	#endif
564	#ifndef DIRECTORY_TRAVERSE
565	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
566	#endif
567	#ifndef DIRECTORY_CREATE_OBJECT
568	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
569	#endif
570	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
571	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
572	#endif
573	#ifndef DIRECTORY_ALL_ACCESS
574	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
575	#endif
576	/** @} */
577
578
579
580	#ifdef RTNT_NEED_CLIENT_ID
581	typedef struct _CLIENT_ID
582	{
583	HANDLE UniqueProcess;
584	HANDLE UniqueThread;
585	} CLIENT_ID;
586	#endif
587	#ifdef IPRT_NT_USE_WINTERNL
588	typedef CLIENT_ID *PCLIENT_ID;
589	#endif
590
591	/** Extended affinity type, introduced in Windows 7 (?). */
592	typedef struct _KAFFINITY_EX
593	{
594	/** Count of valid bitmap entries. */
595	uint16_t Count;
596	/** Count of allocated bitmap entries. */
597	uint16_t Size;
598	/** Reserved / aligmment padding. */
599	uint32_t Reserved;
600	/** Bitmap where one bit corresponds to a CPU. */
601	uintptr_t Bitmap[20];
602	} KAFFINITY_EX;
603	typedef KAFFINITY_EX *PKAFFINITY_EX;
604	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
605
606	/** @name User Shared Data
607	* @{ */
608
609	#ifdef IPRT_NT_USE_WINTERNL
610	typedef struct _KSYSTEM_TIME
611	{
612	ULONG LowPart;
613	LONG High1Time;
614	LONG High2Time;
615	} KSYSTEM_TIME;
616	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
617
618	typedef enum _NT_PRODUCT_TYPE
619	{
620	NtProductWinNt = 1,
621	NtProductLanManNt,
622	NtProductServer
623	} NT_PRODUCT_TYPE;
624
625	#define PROCESSOR_FEATURE_MAX 64
626
627	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
628	{
629	StandardDesign = 0,
630	NEC98x86,
631	EndAlternatives
632	} ALTERNATIVE_ARCHITECTURE_TYPE;
633
634	# if 0
635	typedef struct _XSTATE_FEATURE
636	{
637	ULONG Offset;
638	ULONG Size;
639	} XSTATE_FEATURE;
640	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
641
642	#define MAXIMUM_XSTATE_FEATURES 64
643
644	typedef struct _XSTATE_CONFIGURATION
645	{
646	ULONG64 EnabledFeatures;
647	ULONG Size;
648	ULONG OptimizedSave : 1;
649	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
650	} XSTATE_CONFIGURATION;
651	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
652	# endif
653	#endif /* IPRT_NT_USE_WINTERNL */
654
655	typedef struct _KUSER_SHARED_DATA
656	{
657	ULONG TickCountLowDeprecated; /*< 0x000 /
658	ULONG TickCountMultiplier; /*< 0x004 /
659	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
660	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
661	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
662	USHORT ImageNumberLow; /*< 0x02c /
663	USHORT ImageNumberHigh; /*< 0x02e /
664	WCHAR NtSystemRoot[260]; /*< 0x030 - Seems to be last member in NT 3.51. /
665	ULONG MaxStackTraceDepth; /*< 0x238 /
666	ULONG CryptoExponent; /*< 0x23c /
667	ULONG TimeZoneId; /*< 0x240 /
668	ULONG LargePageMinimum; /*< 0x244 /
669	ULONG AitSamplingValue; /*< 0x248 /
670	ULONG AppCompatFlag; /*< 0x24c /
671	ULONGLONG RNGSeedVersion; /*< 0x250 /
672	ULONG GlobalValidationRunlevel; /*< 0x258 /
673	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
674	ULONG Reserved2; /*< 0x260 /
675	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
676	BOOLEAN ProductTypeIsValid; /*< 0x268 /
677	BOOLEAN Reserved0[1]; /*< 0x269 /
678	USHORT NativeProcessorArchitecture; /*< 0x26a /
679	ULONG NtMajorVersion; /*< 0x26c /
680	ULONG NtMinorVersion; /*< 0x270 /
681	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
682	ULONG Reserved1; /*< 0x2b4 /
683	ULONG Reserved3; /*< 0x2b8 /
684	ULONG volatile TimeSlip; /*< 0x2bc /
685	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
686	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
687	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
688	ULONG SuiteMask; /*< 0x2d0 /
689	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
690	union /*< 0x2d5 /
691	{
692	UCHAR MitigationPolicies; /*< 0x2d5 /
693	struct
694	{
695	UCHAR NXSupportPolicy : 2;
696	UCHAR SEHValidationPolicy : 2;
697	UCHAR CurDirDevicesSkippedForDlls : 2;
698	UCHAR Reserved : 2;
699	};
700	};
701	UCHAR Reserved6[2]; /*< 0x2d6 /
702	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
703	ULONG volatile DismountCount; /*< 0x2dc /
704	ULONG ComPlusPackage; /*< 0x2e0 /
705	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
706	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
707	BOOLEAN SafeBootMode; /*< 0x2ec /
708	UCHAR Reserved12[3]; /*< 0x2ed /
709	union /*< 0x2f0 /
710	{
711	ULONG SharedDataFlags; /*< 0x2f0 /
712	struct
713	{
714	ULONG DbgErrorPortPresent : 1;
715	ULONG DbgElevationEnabled : 1;
716	ULONG DbgVirtEnabled : 1;
717	ULONG DbgInstallerDetectEnabled : 1;
718	ULONG DbgLkgEnabled : 1;
719	ULONG DbgDynProcessorEnabled : 1;
720	ULONG DbgConsoleBrokerEnabled : 1;
721	ULONG DbgSecureBootEnabled : 1;
722	ULONG SpareBits : 24;
723	};
724	};
725	ULONG DataFlagsPad[1]; /*< 0x2f4 /
726	ULONGLONG TestRetInstruction; /*< 0x2f8 /
727	LONGLONG QpcFrequency; /*< 0x300 /
728	ULONGLONG SystemCallPad[3]; /*< 0x308 /
729	union /*< 0x320 /
730	{
731	ULONG64 volatile TickCountQuad; /*< 0x320 /
732	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
733	struct /*< 0x320 /
734	{
735	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
736	ULONG TickCountPad[1]; /*< 0x32c /
737	};
738	};
739	ULONG Cookie; /*< 0x330 /
740	ULONG CookiePad[1]; /*< 0x334 /
741	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
742	ULONGLONG TimeUpdateLock; /*< 0x340 /
743	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
744	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
745	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
746	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
747	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
748	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
749	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
750	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
751	UCHAR Reserved8[14]; /*< 0x372 /
752	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
753	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
754	ULONG LangGenerationCount; /*< 0x3a4 /
755	ULONGLONG Reserved4; /*< 0x3a8 /
756	ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
757	* subtracts from interrupt time. */
758	ULONGLONG volatile QpcBias; /*< 0x3b8 /
759	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
760	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
761	UCHAR Reserved9; /*< 0x3c5 /
762	union /*< 0x3c6 /
763	{
764	USHORT QpcData; /*< 0x3c6 /
765	struct /*< 0x3c6 /
766	{
767	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
768	UCHAR QpcShift; /*< 0x3c7 /
769	};
770	};
771	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
772	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
773	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
774	} KUSER_SHARED_DATA;
775	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
776	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
777	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
778	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
779	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
780	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
781	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
782	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
783	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
784	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
785	/** @def MM_SHARED_USER_DATA_VA
786	* Read only userland mapping of KUSER_SHARED_DATA. */
787	#ifndef MM_SHARED_USER_DATA_VA
788	# if ARCH_BITS == 32
789	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
790	# elif ARCH_BITS == 64
791	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
792	# else
793	# error "Unsupported/undefined ARCH_BITS value."
794	# endif
795	#endif
796	/** @def KI_USER_SHARED_DATA
797	* Read write kernel mapping of KUSER_SHARED_DATA. */
798	#ifndef KI_USER_SHARED_DATA
799	# ifdef RT_ARCH_X86
800	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
801	# elif defined(RT_ARCH_AMD64)
802	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
803	# else
804	# error "PORT ME - KI_USER_SHARED_DATA"
805	# endif
806	#endif
807	/** @} */
808
809
810	/** @name Process And Thread Environment Blocks
811	* @{ */
812
813	typedef struct _PEB_LDR_DATA
814	{
815	uint32_t Length;
816	BOOLEAN Initialized;
817	BOOLEAN Padding[3];
818	HANDLE SsHandle;
819	LIST_ENTRY InLoadOrderModuleList;
820	LIST_ENTRY InMemoryOrderModuleList;
821	LIST_ENTRY InInitializationOrderModuleList;
822	/* End NT4 */
823	LIST_ENTRY *EntryInProgress;
824	BOOLEAN ShutdownInProgress;
825	HANDLE ShutdownThreadId;
826	} PEB_LDR_DATA;
827	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
828
829	typedef struct _PEB_COMMON
830	{
831	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
832	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
833	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
834	union
835	{
836	uint8_t BitField; /*< 0x003 / 0x003 /
837	struct
838	{
839	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
840	} Common;
841	struct
842	{
843	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
844	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
845	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
846	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
847	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
848	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
849	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
850	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
851	} W81;
852	struct
853	{
854	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
855	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
856	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
857	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
858	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
859	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
860	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
861	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
862	} W80;
863	struct
864	{
865	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
866	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
867	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
868	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
869	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
870	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
871	} W7;
872	struct
873	{
874	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
875	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
876	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
877	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
878	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
879	} W6;
880	struct
881	{
882	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
883	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
884	} W52;
885	struct
886	{
887	BOOLEAN SpareBool;
888	} W51;
889	} Diff0;
890	#if ARCH_BITS == 64
891	uint32_t Padding0; /*< 0x004 / NA /
892	#endif
893	HANDLE Mutant; /*< 0x008 / 0x004 /
894	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
895	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
896	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
897	PVOID SubSystemData; /*< 0x028 / 0x014 /
898	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
899	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
900	union
901	{
902	struct
903	{
904	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
905	PVOID IFEOKey; /*< 0x048 / 0x024 /
906	union
907	{
908	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
909	struct
910	{
911	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
912	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
913	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
914	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
915	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
916	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
917	} W7, W8, W80, W81;
918	struct
919	{
920	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
921	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
922	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
923	} W6;
924	};
925	#if ARCH_BITS == 64
926	uint32_t Padding1; /*< 0x054 / /
927	#endif
928	} W6, W7, W8, W80, W81;
929	struct
930	{
931	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
932	PVOID SparePtr2; /*< 0x048 / 0x024 /
933	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
934	#if ARCH_BITS == 64
935	uint32_t Padding1; /*< 0x054 / /
936	#endif
937	} W52;
938	struct
939	{
940	PVOID FastPebLockRoutine; /*< NA / 0x020 /
941	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
942	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
943	} W51;
944	} Diff1;
945	union
946	{
947	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
948	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
949	};
950	uint32_t SystemReserved; /*< 0x060 / 0x030 /
951	union
952	{
953	struct
954	{
955	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
956	} W7, W8, W80, W81;
957	struct
958	{
959	uint32_t SpareUlong; /*< 0x064 / 0x034 /
960	} W52, W6;
961	struct
962	{
963	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
964	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
965	} W51;
966	} Diff2;
967	union
968	{
969	struct
970	{
971	PVOID ApiSetMap; /*< 0x068 / 0x038 /
972	} W7, W8, W80, W81;
973	struct
974	{
975	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
976	} W52, W6;
977	struct
978	{
979	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
980	} W51;
981	} Diff3;
982	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
983	#if ARCH_BITS == 64
984	uint32_t Padding2; /*< 0x074 / NA /
985	#endif
986	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
987	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
988	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
989	union
990	{
991	struct
992	{
993	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
994	} W81;
995	struct
996	{
997	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
998	} W6, W7, W80;
999	struct
1000	{
1001	PVOID ReadOnlySharedMemoryHeap;
1002	} W52;
1003	} Diff4;
1004	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
1005	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
1006	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
1007	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
1008	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
1009	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
1010	#if ARCH_BITS == 32
1011	uint32_t Padding2b;
1012	#endif
1013	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
1014	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
1015	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
1016	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
1017	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
1018	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
1019	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
1020	PVOID ProcessHeaps; /< 0x0f0 / 0x090 - Last NT 3.51 member. /
1021	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
1022	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
1023	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
1024	#if ARCH_BITS == 64
1025	uint32_t Padding3; /*< 0x10c / NA /
1026	#endif
1027	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
1028	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
1029	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
1030	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
1031	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
1032	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
1033	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
1034	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
1035	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
1036	#if ARCH_BITS == 64
1037	uint32_t Padding4; /*< 0x134 / NA /
1038	#endif
1039	union
1040	{
1041	struct
1042	{
1043	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
1044	} W7, W8, W80, W81;
1045	struct
1046	{
1047	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
1048	} W52, W6;
1049	} Diff5;
1050	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
1051	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
1052	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
1053	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
1054	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
1055	#if ARCH_BITS == 64
1056	uint32_t Padding5; /*< 0x2c4 / NA /
1057	#endif
1058	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
1059	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
1060	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
1061	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
1062	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
1063	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
1064	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
1065	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
1066	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
1067	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
1068	/* End of PEB in W52 (Windows XP (RTM))! */
1069	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
1070	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
1071	PVOID FlsBitmap; /*< 0x338 / 0x218 /
1072	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
1073	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
1074	/* End of PEB in W52 (Windows Server 2003)! */
1075	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
1076	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
1077	/* End of PEB in W6 (windows Vista)! */
1078	union
1079	{
1080	struct
1081	{
1082	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
1083	} W8, W80, W81;
1084	struct
1085	{
1086	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
1087	} W7;
1088	} Diff6;
1089	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
1090	union
1091	{
1092	uint32_t TracingFlags; /*< 0x378 / 0x240 /
1093	struct
1094	{
1095	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1096	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1097	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
1098	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
1099	} W8, W80, W81;
1100	struct
1101	{
1102	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1103	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1104	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
1105	} W7;
1106	} Diff7;
1107	#if ARCH_BITS == 64
1108	uint32_t Padding6; /*< 0x37c / NA /
1109	#endif
1110	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
1111	/* End of PEB in W8, W81. */
1112	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
1113	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
1114	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
1115	#if ARCH_BITS == 32
1116	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
1117	#endif
1118	} PEB_COMMON;
1119	typedef PEB_COMMON *PPEB_COMMON;
1120
1121	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1122	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1123	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1124	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1125	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1126	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1127	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1128	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1129	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1130
1131	/** The size of the windows 10 (build 14393) PEB structure. */
1132	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1133	/** The size of the windows 8.1 PEB structure. */
1134	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1135	/** The size of the windows 8.0 PEB structure. */
1136	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1137	/** The size of the windows 7 PEB structure. */
1138	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1139	/** The size of the windows vista PEB structure. */
1140	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1141	/** The size of the windows server 2003 PEB structure. */
1142	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1143	/** The size of the windows XP PEB structure. */
1144	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1145
1146	#if 0
1147	typedef struct _NT_TIB
1148	{
1149	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1150	PVOID StackBase;
1151	PVOID StackLimit;
1152	PVOID SubSystemTib;
1153	union
1154	{
1155	PVOID FiberData;
1156	ULONG Version;
1157	};
1158	PVOID ArbitraryUserPointer;
1159	struct _NT_TIB *Self;
1160	} NT_TIB;
1161	typedef NT_TIB *PNT_TIB;
1162	#endif
1163
1164	typedef struct _ACTIVATION_CONTEXT_STACK
1165	{
1166	uint32_t Flags;
1167	uint32_t NextCookieSequenceNumber;
1168	PVOID ActiveFrame;
1169	LIST_ENTRY FrameListCache;
1170	} ACTIVATION_CONTEXT_STACK;
1171
1172	/* Common TEB. */
1173	typedef struct _TEB_COMMON
1174	{
1175	NT_TIB NtTib; /*< 0x000 / 0x000 /
1176	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1177	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1178	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1179	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1180	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1181	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1182	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1183	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1184	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1185	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1186	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1187	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1188	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1189	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1190	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1191	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1192	#if ARCH_BITS == 64
1193	uint32_t Padding0; /*< 0x2c4 / NA /
1194	#endif
1195	union
1196	{
1197	struct
1198	{
1199	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1200	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1201	} W52, W6, W7, W8, W80, W81;
1202	#if ARCH_BITS == 32
1203	struct
1204	{
1205	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1206	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1207	} W51;
1208	#endif
1209	} Diff0;
1210	union
1211	{
1212	struct
1213	{
1214	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1215	} W6, W7, W8, W80, W81;
1216	struct
1217	{
1218	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1219	} W52;
1220	} Diff1;
1221	#if ARCH_BITS == 64
1222	uint32_t Padding1; /*< 0x2ec / NA /
1223	#endif
1224	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1225	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1226	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1227	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1228	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1229	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1230	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1231	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1232	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1233	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1234	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1235	PVOID glSection; /*< 0x1230 / 0xbe4 /
1236	PVOID glTable; /*< 0x1238 / 0xbe8 /
1237	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1238	PVOID glContext; /*< 0x1248 / 0xbf0 /
1239	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1240	#if ARCH_BITS == 64
1241	uint32_t Padding2; /*< 0x1254 / NA /
1242	#endif
1243	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1244	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1245	#if ARCH_BITS == 64
1246	WCHAR Padding3[3]; /*< 0x1472 / NA /
1247	#endif
1248	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1249	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1250	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1251	PVOID Vdm; /*< 0x1690 / 0xf18 /
1252	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1253	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1254	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1255	#if ARCH_BITS == 64
1256	uint32_t Padding4; /*< 0x16b4 / NA /
1257	#endif
1258	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1259	union
1260	{
1261	struct
1262	{
1263	GUID ActivityId; /*< 0x1710 / 0xf50 /
1264	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1265	} W6, W7, W8, W80, W81;
1266	struct
1267	{
1268	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1269	} W52;
1270	} Diff2;
1271	union /*< 0x1728 / 0xf64 /
1272	{
1273	struct
1274	{
1275	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1276	} W8, W80, W81;
1277	struct
1278	{
1279	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1280	} W7, W6;
1281	struct
1282	{
1283	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1284	} W52;
1285	struct
1286	{
1287	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1288	} W51;
1289	} Diff3;
1290	union
1291	{
1292	struct
1293	{
1294	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1295	} W52, W6, W7, W8, W80, W81;
1296	struct
1297	{
1298	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1299	} W51;
1300	} Diff4;
1301	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1302	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1303	union
1304	{
1305	union
1306	{
1307	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1308	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1309	struct
1310	{
1311	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1312	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1313	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1314	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1315	};
1316	} W6, W7, W8, W80, W81;
1317	struct
1318	{
1319	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1320	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1321	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1322	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1323	} W51, W52;
1324	} Diff5;
1325	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1326	#if ARCH_BITS == 64
1327	uint32_t Padding5; /*< 0x174c / NA /
1328	#endif
1329	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1330	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1331	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1332	#if ARCH_BITS == 64
1333	uint32_t Padding6; /*< 0x1764 / NA /
1334	#endif
1335	union /*< 0x1770 / 0xf8c /
1336	{
1337	struct
1338	{
1339	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1340	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1341	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1342	} W8, W80, W81;
1343	struct
1344	{
1345	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1346	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1347	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1348	} W6, W7;
1349	struct
1350	{
1351	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1352	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1353	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1354	} W52;
1355	#if ARCH_BITS == 32
1356	struct _Wx86ThreadState
1357	{
1358	PVOID CallBx86Eip; /*< NA / 0xf88 /
1359	PVOID DeallocationCpu; /*< NA / 0xf8c /
1360	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1361	int8_t OleStubInvoked; /*< NA / 0xf91 /
1362	} W51;
1363	#endif
1364	} Diff6;
1365	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1366	#if ARCH_BITS == 64
1367	PVOID DallocationBStore; /*< 0x1788 / NA /
1368	PVOID BStoreLimit; /*< 0x1790 / NA /
1369	#endif
1370	union
1371	{
1372	struct
1373	{
1374	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1375	} W7, W8, W80, W81;
1376	struct
1377	{
1378	uint32_t ImpersonationLocale;
1379	} W6;
1380	} Diff7;
1381	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1382	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1383	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1384	union /*< 0x17b0 / 0xfa8 /
1385	{
1386	struct
1387	{
1388	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1389	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1390	} W8, W80, W81;
1391	struct
1392	{
1393	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1394	} W7;
1395	} Diff8;
1396	#if ARCH_BITS == 64
1397	uint32_t Padding7; /*< 0x17b4 / NA /
1398	#endif
1399	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1400	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1401	/* End of TEB in W51 (Windows XP)! */
1402	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1403	union
1404	{
1405	struct
1406	{
1407	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1408	} W6, W7, W8, W80, W81;
1409	struct
1410	{
1411	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1412	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1413	/* End of TEB in W52 (Windows server 2003)! */
1414	} W52;
1415	} Diff9;
1416	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1417	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1418	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1419	union
1420	{
1421	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1422	struct
1423	{
1424	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1425	};
1426	};
1427	union
1428	{
1429	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1430	struct
1431	{
1432	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1433	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1434	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1435	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1436	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1437	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1438	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1439	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1440	} Common;
1441	struct
1442	{
1443	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1444	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1445	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1446	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1447	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1448	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1449	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1450	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1451	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1452	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1453	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1454	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1455	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1456	} W8, W80, W81;
1457	struct
1458	{
1459	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1460	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1461	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1462	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1463	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1464	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1465	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1466	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1467	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1468	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1469	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1470	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1471	} W7;
1472	struct
1473	{
1474	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1475	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1476	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1477	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1478	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1479	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1480	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1481	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1482	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1483	} W6;
1484	} Diff10;
1485	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1486	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1487	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1488	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1489	union
1490	{
1491	struct
1492	{
1493	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1494	} W7, W8, W80, W81;
1495	struct
1496	{
1497	uint32_t ProcessRundown;
1498	} W6;
1499	} Diff11;
1500	union
1501	{
1502	struct
1503	{
1504	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1505	/* End of TEB in W7 (windows 7)! */
1506	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1507	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1508	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1509	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1510	/* End of TEB in W10 14393! */
1511	} W8, W80, W81, W10;
1512	struct
1513	{
1514	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1515	} W7;
1516	struct
1517	{
1518	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1519	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1520	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1521	/* End of TEB in W6 (windows Vista)! */
1522	} W6;
1523	} Diff12;
1524	} TEB_COMMON;
1525	typedef TEB_COMMON *PTEB_COMMON;
1526	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1527	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1528	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1529	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1530	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1531	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1532	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1533	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1534	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1535	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1536	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1537	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1538	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1539
1540
1541	/** The size of the windows 8.1 PEB structure. */
1542	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1543	/** The size of the windows 8.1 PEB structure. */
1544	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1545	/** The size of the windows 8.0 PEB structure. */
1546	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1547	/** The size of the windows 7 PEB structure. */
1548	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1549	/** The size of the windows vista PEB structure. */
1550	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1551	/** The size of the windows server 2003 PEB structure. */
1552	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1553	/** The size of the windows XP PEB structure. */
1554	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1555
1556
1557
1558	#define _PEB _PEB_COMMON
1559	typedef PEB_COMMON PEB;
1560	typedef PPEB_COMMON PPEB;
1561
1562	#define _TEB _TEB_COMMON
1563	typedef TEB_COMMON TEB;
1564	typedef PTEB_COMMON PTEB;
1565
1566	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1567	# ifdef RT_ARCH_X86
1568	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1569	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1570	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1571	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1572	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1573	# elif defined(RT_ARCH_AMD64)
1574	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1575	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1576	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1577	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1578	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1579	# else
1580	# error "Port me"
1581	# endif
1582	#else
1583	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1584	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1585	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1586	# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1587	# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1588	#endif
1589	#define NtCurrentPeb() RTNtCurrentPeb()
1590
1591
1592	/** @} */
1593
1594
1595	#ifdef IPRT_NT_USE_WINTERNL
1596	NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1597	typedef enum _SECTION_INHERIT
1598	{
1599	ViewShare = 1,
1600	ViewUnmap
1601	} SECTION_INHERIT;
1602	#endif
1603	NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1604	ULONG, ULONG);
1605	NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1606	NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1607
1608	NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1609	NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1610	NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1611	NTSYSAPI NTSTATUS NTAPI ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1612	NTSYSAPI NTSTATUS NTAPI NtAlertThread(HANDLE hThread);
1613	#ifdef IPRT_NT_USE_WINTERNL
1614	NTSYSAPI NTSTATUS NTAPI ZwAlertThread(HANDLE hThread);
1615	#endif
1616	NTSYSAPI NTSTATUS NTAPI NtTestAlert(void);
1617
1618	#ifdef IPRT_NT_USE_WINTERNL
1619	NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1620	NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1621	#endif
1622	NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1623	NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1624
1625	#ifdef IPRT_NT_USE_WINTERNL
1626	typedef struct _FILE_FS_VOLUME_INFORMATION
1627	{
1628	LARGE_INTEGER VolumeCreationTime;
1629	ULONG VolumeSerialNumber;
1630	ULONG VolumeLabelLength;
1631	BOOLEAN SupportsObjects;
1632	WCHAR VolumeLabel[1];
1633	} FILE_FS_VOLUME_INFORMATION;
1634	typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1635	typedef struct _FILE_FS_LABEL_INFORMATION
1636	{
1637	ULONG VolumeLabelLength;
1638	WCHAR VolumeLabel[1];
1639	} FILE_FS_LABEL_INFORMATION;
1640	typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1641	typedef struct _FILE_FS_SIZE_INFORMATION
1642	{
1643	LARGE_INTEGER TotalAllocationUnits;
1644	LARGE_INTEGER AvailableAllocationUnits;
1645	ULONG SectorsPerAllocationUnit;
1646	ULONG BytesPerSector;
1647	} FILE_FS_SIZE_INFORMATION;
1648	typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1649	typedef struct _FILE_FS_DEVICE_INFORMATION
1650	{
1651	DEVICE_TYPE DeviceType;
1652	ULONG Characteristics;
1653	} FILE_FS_DEVICE_INFORMATION;
1654	typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1655	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1656	{
1657	ULONG FileSystemAttributes;
1658	LONG MaximumComponentNameLength;
1659	ULONG FileSystemNameLength;
1660	WCHAR FileSystemName[1];
1661	} FILE_FS_ATTRIBUTE_INFORMATION;
1662	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1663	typedef struct _FILE_FS_CONTROL_INFORMATION
1664	{
1665	LARGE_INTEGER FreeSpaceStartFiltering;
1666	LARGE_INTEGER FreeSpaceThreshold;
1667	LARGE_INTEGER FreeSpaceStopFiltering;
1668	LARGE_INTEGER DefaultQuotaThreshold;
1669	LARGE_INTEGER DefaultQuotaLimit;
1670	ULONG FileSystemControlFlags;
1671	} FILE_FS_CONTROL_INFORMATION;
1672	typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1673	typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1674	{
1675	LARGE_INTEGER TotalAllocationUnits;
1676	LARGE_INTEGER CallerAvailableAllocationUnits;
1677	LARGE_INTEGER ActualAvailableAllocationUnits;
1678	ULONG SectorsPerAllocationUnit;
1679	ULONG BytesPerSector;
1680	} FILE_FS_FULL_SIZE_INFORMATION;
1681	typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1682	typedef struct _FILE_FS_OBJECTID_INFORMATION
1683	{
1684	UCHAR ObjectId[16];
1685	UCHAR ExtendedInfo[48];
1686	} FILE_FS_OBJECTID_INFORMATION;
1687	typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1688	typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1689	{
1690	BOOLEAN DriverInPath;
1691	ULONG DriverNameLength;
1692	WCHAR DriverName[1];
1693	} FILE_FS_DRIVER_PATH_INFORMATION;
1694	typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1695	typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1696	{
1697	ULONG Flags;
1698	} FILE_FS_VOLUME_FLAGS_INFORMATION;
1699	typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1700	#endif
1701	#if !defined(SSINFO_OFFSET_UNKNOWN) \|\| defined(IPRT_NT_USE_WINTERNL)
1702	typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1703	{
1704	ULONG LogicalBytesPerSector;
1705	ULONG PhysicalBytesPerSectorForAtomicity;
1706	ULONG PhysicalBytesPerSectorForPerformance;
1707	ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1708	ULONG Flags;
1709	ULONG ByteOffsetForSectorAlignment;
1710	ULONG ByteOffsetForPartitionAlignment;
1711	} FILE_FS_SECTOR_SIZE_INFORMATION;
1712	typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1713	# ifndef SSINFO_OFFSET_UNKNOWN
1714	# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1715	# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1716	# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1717	# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1718	# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1719	# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1720	# endif
1721	#endif
1722	#ifdef IPRT_NT_USE_WINTERNL
1723	typedef struct _FILE_FS_DATA_COPY_INFORMATION
1724	{
1725	ULONG NumberOfCopies;
1726	} FILE_FS_DATA_COPY_INFORMATION;
1727	typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1728	typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1729	{
1730	LARGE_INTEGER TotalMetadataAllocationUnits;
1731	ULONG SectorsPerAllocationUnit;
1732	ULONG BytesPerSector;
1733	} FILE_FS_METADATA_SIZE_INFORMATION;
1734	typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1735	typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1736	{
1737	ULONGLONG ActualTotalAllocationUnits;
1738	ULONGLONG ActualAvailableAllocationUnits;
1739	ULONGLONG ActualPoolUnavailableAllocationUnits;
1740	ULONGLONG CallerTotalAllocationUnits;
1741	ULONGLONG CallerAvailableAllocationUnits;
1742	ULONGLONG CallerPoolUnavailableAllocationUnits;
1743	ULONGLONG UsedAllocationUnits;
1744	ULONGLONG TotalReservedAllocationUnits;
1745	ULONGLONG VolumeStorageReserveAllocationUnits;
1746	ULONGLONG AvailableCommittedAllocationUnits;
1747	ULONGLONG PoolAvailableAllocationUnits;
1748	ULONG SectorsPerAllocationUnit;
1749	ULONG BytesPerSector;
1750	} FILE_FS_FULL_SIZE_INFORMATION_EX;
1751	typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1752	#endif /* IPRT_NT_USE_WINTERNL */
1753
1754	typedef enum _FSINFOCLASS
1755	{
1756	FileFsVolumeInformation = 1,
1757	FileFsLabelInformation,
1758	FileFsSizeInformation, /*< FILE_FS_SIZE_INFORMATION /
1759	FileFsDeviceInformation,
1760	FileFsAttributeInformation,
1761	FileFsControlInformation,
1762	FileFsFullSizeInformation,
1763	FileFsObjectIdInformation,
1764	FileFsDriverPathInformation,
1765	FileFsVolumeFlagsInformation,
1766	FileFsSectorSizeInformation,
1767	FileFsDataCopyInformation,
1768	FileFsMetadataSizeInformation,
1769	FileFsFullSizeInformationEx,
1770	FileFsMaximumInformation
1771	} FS_INFORMATION_CLASS;
1772	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1773	NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1774	NTSYSAPI NTSTATUS NTAPI NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1775
1776	#ifdef IPRT_NT_USE_WINTERNL
1777	typedef struct _FILE_DIRECTORY_INFORMATION
1778	{
1779	ULONG NextEntryOffset;
1780	ULONG FileIndex;
1781	LARGE_INTEGER CreationTime;
1782	LARGE_INTEGER LastAccessTime;
1783	LARGE_INTEGER LastWriteTime;
1784	LARGE_INTEGER ChangeTime;
1785	LARGE_INTEGER EndOfFile;
1786	LARGE_INTEGER AllocationSize;
1787	ULONG FileAttributes;
1788	ULONG FileNameLength;
1789	WCHAR FileName[1];
1790	} FILE_DIRECTORY_INFORMATION;
1791	typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1792	typedef struct _FILE_FULL_DIR_INFORMATION
1793	{
1794	ULONG NextEntryOffset;
1795	ULONG FileIndex;
1796	LARGE_INTEGER CreationTime;
1797	LARGE_INTEGER LastAccessTime;
1798	LARGE_INTEGER LastWriteTime;
1799	LARGE_INTEGER ChangeTime;
1800	LARGE_INTEGER EndOfFile;
1801	LARGE_INTEGER AllocationSize;
1802	ULONG FileAttributes;
1803	ULONG FileNameLength;
1804	ULONG EaSize;
1805	WCHAR FileName[1];
1806	} FILE_FULL_DIR_INFORMATION;
1807	typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1808	typedef struct _FILE_BOTH_DIR_INFORMATION
1809	{
1810	ULONG NextEntryOffset; /*< 0x00: /
1811	ULONG FileIndex; /*< 0x04: /
1812	LARGE_INTEGER CreationTime; /*< 0x08: /
1813	LARGE_INTEGER LastAccessTime; /*< 0x10: /
1814	LARGE_INTEGER LastWriteTime; /*< 0x18: /
1815	LARGE_INTEGER ChangeTime; /*< 0x20: /
1816	LARGE_INTEGER EndOfFile; /*< 0x28: /
1817	LARGE_INTEGER AllocationSize; /*< 0x30: /
1818	ULONG FileAttributes; /*< 0x38: /
1819	ULONG FileNameLength; /*< 0x3c: /
1820	ULONG EaSize; /*< 0x40: /
1821	CCHAR ShortNameLength; /*< 0x44: /
1822	WCHAR ShortName[12]; /*< 0x46: /
1823	WCHAR FileName[1]; /*< 0x5e: /
1824	} FILE_BOTH_DIR_INFORMATION;
1825	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1826	typedef struct _FILE_BASIC_INFORMATION
1827	{
1828	LARGE_INTEGER CreationTime;
1829	LARGE_INTEGER LastAccessTime;
1830	LARGE_INTEGER LastWriteTime;
1831	LARGE_INTEGER ChangeTime;
1832	ULONG FileAttributes;
1833	} FILE_BASIC_INFORMATION;
1834	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1835	typedef struct _FILE_STANDARD_INFORMATION
1836	{
1837	LARGE_INTEGER AllocationSize;
1838	LARGE_INTEGER EndOfFile;
1839	ULONG NumberOfLinks;
1840	BOOLEAN DeletePending;
1841	BOOLEAN Directory;
1842	} FILE_STANDARD_INFORMATION;
1843	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1844	typedef struct _FILE_NAME_INFORMATION
1845	{
1846	ULONG FileNameLength;
1847	WCHAR FileName[1];
1848	} FILE_NAME_INFORMATION;
1849	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1850	typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1851	typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1852	typedef struct _FILE_INTERNAL_INFORMATION
1853	{
1854	LARGE_INTEGER IndexNumber;
1855	} FILE_INTERNAL_INFORMATION;
1856	typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1857	typedef struct _FILE_EA_INFORMATION
1858	{
1859	ULONG EaSize;
1860	} FILE_EA_INFORMATION;
1861	typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1862	typedef struct _FILE_ACCESS_INFORMATION
1863	{
1864	ACCESS_MASK AccessFlags;
1865	} FILE_ACCESS_INFORMATION;
1866	typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1867	typedef struct _FILE_RENAME_INFORMATION
1868	{
1869	union
1870	{
1871	BOOLEAN ReplaceIfExists;
1872	ULONG Flags;
1873	};
1874	HANDLE RootDirectory;
1875	ULONG FileNameLength;
1876	WCHAR FileName[1];
1877	} FILE_RENAME_INFORMATION;
1878	typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1879	typedef struct _FILE_LINK_INFORMATION
1880	{
1881	union
1882	{
1883	BOOLEAN ReplaceIfExists;
1884	ULONG Flags;
1885	};
1886	HANDLE RootDirectory;
1887	ULONG FileNameLength;
1888	WCHAR FileName[1];
1889	} FILE_LINK_INFORMATION;
1890	typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1891	typedef struct _FILE_NAMES_INFORMATION
1892	{
1893	ULONG NextEntryOffset;
1894	ULONG FileIndex;
1895	ULONG FileNameLength;
1896	WCHAR FileName[1];
1897	} FILE_NAMES_INFORMATION;
1898	typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1899	typedef struct _FILE_DISPOSITION_INFORMATION
1900	{
1901	BOOLEAN DeleteFile;
1902	} FILE_DISPOSITION_INFORMATION;
1903	typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1904	typedef struct _FILE_POSITION_INFORMATION
1905	{
1906	LARGE_INTEGER CurrentByteOffset;
1907	} FILE_POSITION_INFORMATION;
1908	typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1909	typedef struct _FILE_FULL_EA_INFORMATION
1910	{
1911	ULONG NextEntryOffset;
1912	UCHAR Flags;
1913	UCHAR EaNameLength;
1914	USHORT EaValueLength;
1915	CHAR EaName[1];
1916	} FILE_FULL_EA_INFORMATION;
1917	typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1918	typedef struct _FILE_MODE_INFORMATION
1919	{
1920	ULONG Mode;
1921	} FILE_MODE_INFORMATION;
1922	typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1923	typedef struct _FILE_ALIGNMENT_INFORMATION
1924	{
1925	ULONG AlignmentRequirement;
1926	} FILE_ALIGNMENT_INFORMATION;
1927	typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1928	typedef struct _FILE_ALL_INFORMATION
1929	{
1930	FILE_BASIC_INFORMATION BasicInformation;
1931	FILE_STANDARD_INFORMATION StandardInformation;
1932	FILE_INTERNAL_INFORMATION InternalInformation;
1933	FILE_EA_INFORMATION EaInformation;
1934	FILE_ACCESS_INFORMATION AccessInformation;
1935	FILE_POSITION_INFORMATION PositionInformation;
1936	FILE_MODE_INFORMATION ModeInformation;
1937	FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1938	FILE_NAME_INFORMATION NameInformation;
1939	} FILE_ALL_INFORMATION;
1940	typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1941	typedef struct _FILE_ALLOCATION_INFORMATION
1942	{
1943	LARGE_INTEGER AllocationSize;
1944	} FILE_ALLOCATION_INFORMATION;
1945	typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1946	typedef struct _FILE_END_OF_FILE_INFORMATION
1947	{
1948	LARGE_INTEGER EndOfFile;
1949	} FILE_END_OF_FILE_INFORMATION;
1950	typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1951	typedef struct _FILE_STREAM_INFORMATION
1952	{
1953	ULONG NextEntryOffset;
1954	ULONG StreamNameLength;
1955	LARGE_INTEGER StreamSize;
1956	LARGE_INTEGER StreamAllocationSize;
1957	WCHAR StreamName[1];
1958	} FILE_STREAM_INFORMATION;
1959	typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
1960	typedef struct _FILE_PIPE_INFORMATION
1961	{
1962	ULONG ReadMode;
1963	ULONG CompletionMode;
1964	} FILE_PIPE_INFORMATION;
1965	typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
1966
1967	typedef struct _FILE_PIPE_LOCAL_INFORMATION
1968	{
1969	ULONG NamedPipeType;
1970	ULONG NamedPipeConfiguration;
1971	ULONG MaximumInstances;
1972	ULONG CurrentInstances;
1973	ULONG InboundQuota;
1974	ULONG ReadDataAvailable;
1975	ULONG OutboundQuota;
1976	ULONG WriteQuotaAvailable;
1977	ULONG NamedPipeState;
1978	ULONG NamedPipeEnd;
1979	} FILE_PIPE_LOCAL_INFORMATION;
1980	typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
1981
1982	typedef struct _FILE_PIPE_REMOTE_INFORMATION
1983	{
1984	LARGE_INTEGER CollectDataTime;
1985	ULONG MaximumCollectionCount;
1986	} FILE_PIPE_REMOTE_INFORMATION;
1987	typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
1988	typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
1989	{
1990	ULONG MaximumMessageSize;
1991	ULONG MailslotQuota;
1992	ULONG NextMessageSize;
1993	ULONG MessagesAvailable;
1994	LARGE_INTEGER ReadTimeout;
1995	} FILE_MAILSLOT_QUERY_INFORMATION;
1996	typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
1997	typedef struct _FILE_MAILSLOT_SET_INFORMATION
1998	{
1999	PLARGE_INTEGER ReadTimeout;
2000	} FILE_MAILSLOT_SET_INFORMATION;
2001	typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2002	typedef struct _FILE_COMPRESSION_INFORMATION
2003	{
2004	LARGE_INTEGER CompressedFileSize;
2005	USHORT CompressionFormat;
2006	UCHAR CompressionUnitShift;
2007	UCHAR ChunkShift;
2008	UCHAR ClusterShift;
2009	UCHAR Reserved[3];
2010	} FILE_COMPRESSION_INFORMATION;
2011	typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2012	typedef struct _FILE_OBJECTID_INFORMATION
2013	{
2014	LONGLONG FileReference;
2015	UCHAR ObjectId[16];
2016	union
2017	{
2018	struct
2019	{
2020	UCHAR BirthVolumeId[16];
2021	UCHAR BirthObjectId[16];
2022	UCHAR DomainId[16];
2023	};
2024	UCHAR ExtendedInfo[48];
2025	};
2026	} FILE_OBJECTID_INFORMATION;
2027	typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2028	typedef struct _FILE_COMPLETION_INFORMATION
2029	{
2030	HANDLE Port;
2031	PVOID Key;
2032	} FILE_COMPLETION_INFORMATION;
2033	typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2034	typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2035	{
2036	ULONG ClusterCount;
2037	HANDLE RootDirectory;
2038	ULONG FileNameLength;
2039	WCHAR FileName[1];
2040	} FILE_MOVE_CLUSTER_INFORMATION;
2041	typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2042	typedef struct _FILE_QUOTA_INFORMATION
2043	{
2044	ULONG NextEntryOffset;
2045	ULONG SidLength;
2046	LARGE_INTEGER ChangeTime;
2047	LARGE_INTEGER QuotaUsed;
2048	LARGE_INTEGER QuotaThreshold;
2049	LARGE_INTEGER QuotaLimit;
2050	SID Sid;
2051	} FILE_QUOTA_INFORMATION;
2052	typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2053	typedef struct _FILE_REPARSE_POINT_INFORMATION
2054	{
2055	LONGLONG FileReference;
2056	ULONG Tag;
2057	} FILE_REPARSE_POINT_INFORMATION;
2058	typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2059	typedef struct _FILE_NETWORK_OPEN_INFORMATION
2060	{
2061	LARGE_INTEGER CreationTime;
2062	LARGE_INTEGER LastAccessTime;
2063	LARGE_INTEGER LastWriteTime;
2064	LARGE_INTEGER ChangeTime;
2065	LARGE_INTEGER AllocationSize;
2066	LARGE_INTEGER EndOfFile;
2067	ULONG FileAttributes;
2068	} FILE_NETWORK_OPEN_INFORMATION;
2069	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2070	typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2071	{
2072	ULONG FileAttributes;
2073	ULONG ReparseTag;
2074	} FILE_ATTRIBUTE_TAG_INFORMATION;
2075	typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2076	typedef struct _FILE_TRACKING_INFORMATION
2077	{
2078	HANDLE DestinationFile;
2079	ULONG ObjectInformationLength;
2080	CHAR ObjectInformation[1];
2081	} FILE_TRACKING_INFORMATION;
2082	typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2083	typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2084	{
2085	ULONG NextEntryOffset;
2086	ULONG FileIndex;
2087	LARGE_INTEGER CreationTime;
2088	LARGE_INTEGER LastAccessTime;
2089	LARGE_INTEGER LastWriteTime;
2090	LARGE_INTEGER ChangeTime;
2091	LARGE_INTEGER EndOfFile;
2092	LARGE_INTEGER AllocationSize;
2093	ULONG FileAttributes;
2094	ULONG FileNameLength;
2095	ULONG EaSize;
2096	CCHAR ShortNameLength;
2097	WCHAR ShortName[12];
2098	LARGE_INTEGER FileId;
2099	WCHAR FileName[1];
2100	} FILE_ID_BOTH_DIR_INFORMATION;
2101	typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2102	typedef struct _FILE_ID_FULL_DIR_INFORMATION
2103	{
2104	ULONG NextEntryOffset;
2105	ULONG FileIndex;
2106	LARGE_INTEGER CreationTime;
2107	LARGE_INTEGER LastAccessTime;
2108	LARGE_INTEGER LastWriteTime;
2109	LARGE_INTEGER ChangeTime;
2110	LARGE_INTEGER EndOfFile;
2111	LARGE_INTEGER AllocationSize;
2112	ULONG FileAttributes;
2113	ULONG FileNameLength;
2114	ULONG EaSize;
2115	LARGE_INTEGER FileId;
2116	WCHAR FileName[1];
2117	} FILE_ID_FULL_DIR_INFORMATION;
2118	typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2119	typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2120	{
2121	LARGE_INTEGER ValidDataLength;
2122	} FILE_VALID_DATA_LENGTH_INFORMATION;
2123	typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2124	typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2125	{
2126	ULONG Flags;
2127	} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2128	typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2129	typedef enum _IO_PRIORITY_HINT
2130	{
2131	IoPriorityVeryLow = 0,
2132	IoPriorityLow,
2133	IoPriorityNormal,
2134	IoPriorityHigh,
2135	IoPriorityCritical,
2136	MaxIoPriorityTypes
2137	} IO_PRIORITY_HINT;
2138	AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2139	typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2140	{
2141	IO_PRIORITY_HINT PriorityHint;
2142	} FILE_IO_PRIORITY_HINT_INFORMATION;
2143	typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2144	typedef struct _FILE_SFIO_RESERVE_INFORMATION
2145	{
2146	ULONG RequestsPerPeriod;
2147	ULONG Period;
2148	BOOLEAN RetryFailures;
2149	BOOLEAN Discardable;
2150	ULONG RequestSize;
2151	ULONG NumOutstandingRequests;
2152	} FILE_SFIO_RESERVE_INFORMATION;
2153	typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2154	typedef struct _FILE_SFIO_VOLUME_INFORMATION
2155	{
2156	ULONG MaximumRequestsPerPeriod;
2157	ULONG MinimumPeriod;
2158	ULONG MinimumTransferSize;
2159	} FILE_SFIO_VOLUME_INFORMATION;
2160	typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2161	typedef struct _FILE_LINK_ENTRY_INFORMATION
2162	{
2163	ULONG NextEntryOffset;
2164	LONGLONG ParentFileId;
2165	ULONG FileNameLength;
2166	WCHAR FileName[1];
2167	} FILE_LINK_ENTRY_INFORMATION;
2168	typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2169	typedef struct _FILE_LINKS_INFORMATION
2170	{
2171	ULONG BytesNeeded;
2172	ULONG EntriesReturned;
2173	FILE_LINK_ENTRY_INFORMATION Entry;
2174	} FILE_LINKS_INFORMATION;
2175	typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2176	typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2177	{
2178	ULONG NumberOfProcessIdsInList;
2179	ULONG_PTR ProcessIdList[1];
2180	} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2181	typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2182	typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2183	{
2184	ULONG NextEntryOffset;
2185	ULONG FileIndex;
2186	LARGE_INTEGER CreationTime;
2187	LARGE_INTEGER LastAccessTime;
2188	LARGE_INTEGER LastWriteTime;
2189	LARGE_INTEGER ChangeTime;
2190	LARGE_INTEGER EndOfFile;
2191	LARGE_INTEGER AllocationSize;
2192	ULONG FileAttributes;
2193	ULONG FileNameLength;
2194	LARGE_INTEGER FileId;
2195	GUID LockingTransactionId;
2196	ULONG TxInfoFlags;
2197	WCHAR FileName[1];
2198	} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2199	typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2200	typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2201	{
2202	BOOLEAN IsRemote;
2203	} FILE_IS_REMOTE_DEVICE_INFORMATION;
2204	typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2205	typedef struct _FILE_NUMA_NODE_INFORMATION
2206	{
2207	USHORT NodeNumber;
2208	} FILE_NUMA_NODE_INFORMATION;
2209	typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2210	typedef struct _FILE_STANDARD_LINK_INFORMATION
2211	{
2212	ULONG NumberOfAccessibleLinks;
2213	ULONG TotalNumberOfLinks;
2214	BOOLEAN DeletePending;
2215	BOOLEAN Directory;
2216	} FILE_STANDARD_LINK_INFORMATION;
2217	typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2218	typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2219	{
2220	USHORT StructureVersion;
2221	USHORT StructureSize;
2222	ULONG Protocol;
2223	USHORT ProtocolMajorVersion;
2224	USHORT ProtocolMinorVersion;
2225	USHORT ProtocolRevision;
2226	USHORT Reserved;
2227	ULONG Flags;
2228	struct
2229	{
2230	ULONG Reserved[8];
2231	} GenericReserved;
2232	struct
2233	{
2234	ULONG Reserved[16];
2235	} ProtocolSpecificReserved;
2236	} FILE_REMOTE_PROTOCOL_INFORMATION;
2237	typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2238	typedef struct _FILE_VOLUME_NAME_INFORMATION
2239	{
2240	ULONG DeviceNameLength;
2241	WCHAR DeviceName[1];
2242	} FILE_VOLUME_NAME_INFORMATION;
2243	typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2244	# ifndef FILE_INVALID_FILE_ID
2245	typedef struct _FILE_ID_128
2246	{
2247	BYTE Identifier[16];
2248	} FILE_ID_128;
2249	typedef FILE_ID_128 *PFILE_ID_128;
2250	# endif
2251	typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2252	{
2253	ULONG NextEntryOffset;
2254	ULONG FileIndex;
2255	LARGE_INTEGER CreationTime;
2256	LARGE_INTEGER LastAccessTime;
2257	LARGE_INTEGER LastWriteTime;
2258	LARGE_INTEGER ChangeTime;
2259	LARGE_INTEGER EndOfFile;
2260	LARGE_INTEGER AllocationSize;
2261	ULONG FileAttributes;
2262	ULONG FileNameLength;
2263	ULONG EaSize;
2264	ULONG ReparsePointTag;
2265	FILE_ID_128 FileId;
2266	WCHAR FileName[1];
2267	} FILE_ID_EXTD_DIR_INFORMATION;
2268	typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2269	typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2270	{
2271	ULONG NextEntryOffset;
2272	ULONG FileIndex;
2273	LARGE_INTEGER CreationTime;
2274	LARGE_INTEGER LastAccessTime;
2275	LARGE_INTEGER LastWriteTime;
2276	LARGE_INTEGER ChangeTime;
2277	LARGE_INTEGER EndOfFile;
2278	LARGE_INTEGER AllocationSize;
2279	ULONG FileAttributes;
2280	ULONG FileNameLength;
2281	ULONG EaSize;
2282	ULONG ReparsePointTag;
2283	FILE_ID_128 FileId;
2284	CCHAR ShortNameLength;
2285	WCHAR ShortName[12];
2286	WCHAR FileName[1];
2287	} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2288	typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2289	typedef struct _FILE_ID_INFORMATION
2290	{
2291	ULONGLONG VolumeSerialNumber;
2292	FILE_ID_128 FileId;
2293	} FILE_ID_INFORMATION;
2294	typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2295	typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2296	{
2297	ULONG NextEntryOffset;
2298	FILE_ID_128 ParentFileId;
2299	ULONG FileNameLength;
2300	WCHAR FileName[1];
2301	} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2302	typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2303	typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2304	ULONG BytesNeeded;
2305	ULONG EntriesReturned;
2306	FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2307	} FILE_LINKS_FULL_ID_INFORMATION;
2308	typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2309	typedef struct _FILE_DISPOSITION_INFORMATION_EX
2310	{
2311	ULONG Flags;
2312	} FILE_DISPOSITION_INFORMATION_EX;
2313	typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2314	# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2315	typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2316	{
2317	/FILE_STORAGE_TIER_CLASS/ ULONG Class;
2318	ULONG Flags;
2319	} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2320	typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2321	# endif
2322	typedef struct _FILE_STAT_INFORMATION
2323	{
2324	LARGE_INTEGER FileId;
2325	LARGE_INTEGER CreationTime;
2326	LARGE_INTEGER LastAccessTime;
2327	LARGE_INTEGER LastWriteTime;
2328	LARGE_INTEGER ChangeTime;
2329	LARGE_INTEGER AllocationSize;
2330	LARGE_INTEGER EndOfFile;
2331	ULONG FileAttributes;
2332	ULONG ReparseTag;
2333	ULONG NumberOfLinks;
2334	ACCESS_MASK EffectiveAccess;
2335	} FILE_STAT_INFORMATION;
2336	typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2337	typedef struct _FILE_STAT_LX_INFORMATION
2338	{
2339	LARGE_INTEGER FileId;
2340	LARGE_INTEGER CreationTime;
2341	LARGE_INTEGER LastAccessTime;
2342	LARGE_INTEGER LastWriteTime;
2343	LARGE_INTEGER ChangeTime;
2344	LARGE_INTEGER AllocationSize;
2345	LARGE_INTEGER EndOfFile;
2346	ULONG FileAttributes;
2347	ULONG ReparseTag;
2348	ULONG NumberOfLinks;
2349	ACCESS_MASK EffectiveAccess;
2350	ULONG LxFlags;
2351	ULONG LxUid;
2352	ULONG LxGid;
2353	ULONG LxMode;
2354	ULONG LxDeviceIdMajor;
2355	ULONG LxDeviceIdMinor;
2356	} FILE_STAT_LX_INFORMATION;
2357	typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2358	typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2359	{
2360	ULONG Flags;
2361	} FILE_CASE_SENSITIVE_INFORMATION;
2362	typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2363
2364	typedef enum _FILE_INFORMATION_CLASS
2365	{
2366	FileDirectoryInformation = 1,
2367	FileFullDirectoryInformation,
2368	FileBothDirectoryInformation,
2369	FileBasicInformation,
2370	FileStandardInformation,
2371	FileInternalInformation,
2372	FileEaInformation,
2373	FileAccessInformation,
2374	FileNameInformation,
2375	FileRenameInformation,
2376	FileLinkInformation,
2377	FileNamesInformation,
2378	FileDispositionInformation,
2379	FilePositionInformation,
2380	FileFullEaInformation,
2381	FileModeInformation,
2382	FileAlignmentInformation,
2383	FileAllInformation,
2384	FileAllocationInformation,
2385	FileEndOfFileInformation,
2386	FileAlternateNameInformation,
2387	FileStreamInformation,
2388	FilePipeInformation,
2389	FilePipeLocalInformation,
2390	FilePipeRemoteInformation,
2391	FileMailslotQueryInformation,
2392	FileMailslotSetInformation,
2393	FileCompressionInformation,
2394	FileObjectIdInformation,
2395	FileCompletionInformation,
2396	FileMoveClusterInformation,
2397	FileQuotaInformation,
2398	FileReparsePointInformation,
2399	FileNetworkOpenInformation,
2400	FileAttributeTagInformation,
2401	FileTrackingInformation,
2402	FileIdBothDirectoryInformation,
2403	FileIdFullDirectoryInformation,
2404	FileValidDataLengthInformation,
2405	FileShortNameInformation,
2406	FileIoCompletionNotificationInformation,
2407	FileIoStatusBlockRangeInformation,
2408	FileIoPriorityHintInformation,
2409	FileSfioReserveInformation,
2410	FileSfioVolumeInformation,
2411	FileHardLinkInformation,
2412	FileProcessIdsUsingFileInformation,
2413	FileNormalizedNameInformation,
2414	FileNetworkPhysicalNameInformation,
2415	FileIdGlobalTxDirectoryInformation,
2416	FileIsRemoteDeviceInformation,
2417	FileUnusedInformation,
2418	FileNumaNodeInformation,
2419	FileStandardLinkInformation,
2420	FileRemoteProtocolInformation,
2421	/* Defined with Windows 10: */
2422	FileRenameInformationBypassAccessCheck,
2423	FileLinkInformationBypassAccessCheck,
2424	FileVolumeNameInformation,
2425	FileIdInformation,
2426	FileIdExtdDirectoryInformation,
2427	FileReplaceCompletionInformation,
2428	FileHardLinkFullIdInformation,
2429	FileIdExtdBothDirectoryInformation,
2430	FileDispositionInformationEx,
2431	FileRenameInformationEx,
2432	FileRenameInformationExBypassAccessCheck,
2433	FileDesiredStorageClassInformation,
2434	FileStatInformation,
2435	FileMemoryPartitionInformation,
2436	FileStatLxInformation,
2437	FileCaseSensitiveInformation,
2438	FileLinkInformationEx,
2439	FileLinkInformationExBypassAccessCheck,
2440	FileStorageReserveIdInformation,
2441	FileCaseSensitiveInformationForceAccessCheck,
2442	FileMaximumInformation
2443	} FILE_INFORMATION_CLASS;
2444	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2445	NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2446	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2447	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2448	NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2449	#endif /* IPRT_NT_USE_WINTERNL */
2450	NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2451	NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2452
2453
2454	/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2455	* @{ */
2456	#ifndef SE_GROUP_MANDATORY
2457	# define SE_GROUP_MANDATORY UINT32_C(0x01)
2458	#endif
2459	#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2460	# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2461	#endif
2462	#ifndef SE_GROUP_ENABLED
2463	# define SE_GROUP_ENABLED UINT32_C(0x04)
2464	#endif
2465	#ifndef SE_GROUP_OWNER
2466	# define SE_GROUP_OWNER UINT32_C(0x08)
2467	#endif
2468	#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2469	# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2470	#endif
2471	#ifndef SE_GROUP_INTEGRITY
2472	# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2473	#endif
2474	#ifndef SE_GROUP_INTEGRITY_ENABLED
2475	# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2476	#endif
2477	#ifndef SE_GROUP_RESOURCE
2478	# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2479	#endif
2480	#ifndef SE_GROUP_LOGON_ID
2481	# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2482	#endif
2483	/** @} */
2484
2485
2486	#ifdef IPRT_NT_USE_WINTERNL
2487
2488	/** For use with KeyBasicInformation. */
2489	typedef struct _KEY_BASIC_INFORMATION
2490	{
2491	LARGE_INTEGER LastWriteTime;
2492	ULONG TitleIndex;
2493	ULONG NameLength;
2494	WCHAR Name[1];
2495	} KEY_BASIC_INFORMATION;
2496	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2497
2498	/** For use with KeyNodeInformation. */
2499	typedef struct _KEY_NODE_INFORMATION
2500	{
2501	LARGE_INTEGER LastWriteTime;
2502	ULONG TitleIndex;
2503	ULONG ClassOffset; /*< Offset from the start of the structure. /
2504	ULONG ClassLength;
2505	ULONG NameLength;
2506	WCHAR Name[1];
2507	} KEY_NODE_INFORMATION;
2508	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2509
2510	/** For use with KeyFullInformation. */
2511	typedef struct _KEY_FULL_INFORMATION
2512	{
2513	LARGE_INTEGER LastWriteTime;
2514	ULONG TitleIndex;
2515	ULONG ClassOffset; /*< Offset of the Class member. /
2516	ULONG ClassLength;
2517	ULONG SubKeys;
2518	ULONG MaxNameLen;
2519	ULONG MaxClassLen;
2520	ULONG Values;
2521	ULONG MaxValueNameLen;
2522	ULONG MaxValueDataLen;
2523	WCHAR Class[1];
2524	} KEY_FULL_INFORMATION;
2525	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2526
2527	/** For use with KeyNameInformation. */
2528	typedef struct _KEY_NAME_INFORMATION
2529	{
2530	ULONG NameLength;
2531	WCHAR Name[1];
2532	} KEY_NAME_INFORMATION;
2533	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2534
2535	/** For use with KeyCachedInformation. */
2536	typedef struct _KEY_CACHED_INFORMATION
2537	{
2538	LARGE_INTEGER LastWriteTime;
2539	ULONG TitleIndex;
2540	ULONG SubKeys;
2541	ULONG MaxNameLen;
2542	ULONG Values;
2543	ULONG MaxValueNameLen;
2544	ULONG MaxValueDataLen;
2545	ULONG NameLength;
2546	} KEY_CACHED_INFORMATION;
2547	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2548
2549	/** For use with KeyVirtualizationInformation. */
2550	typedef struct _KEY_VIRTUALIZATION_INFORMATION
2551	{
2552	ULONG VirtualizationCandidate : 1;
2553	ULONG VirtualizationEnabled : 1;
2554	ULONG VirtualTarget : 1;
2555	ULONG VirtualStore : 1;
2556	ULONG VirtualSource : 1;
2557	ULONG Reserved : 27;
2558	} KEY_VIRTUALIZATION_INFORMATION;
2559	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2560
2561	typedef enum _KEY_INFORMATION_CLASS
2562	{
2563	KeyBasicInformation = 0,
2564	KeyNodeInformation,
2565	KeyFullInformation,
2566	KeyNameInformation,
2567	KeyCachedInformation,
2568	KeyFlagsInformation,
2569	KeyVirtualizationInformation,
2570	KeyHandleTagsInformation,
2571	MaxKeyInfoClass
2572	} KEY_INFORMATION_CLASS;
2573	NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2574	NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2575
2576	typedef struct _MEMORY_SECTION_NAME
2577	{
2578	UNICODE_STRING SectionFileName;
2579	WCHAR NameBuffer[1];
2580	} MEMORY_SECTION_NAME;
2581
2582	#ifdef IPRT_NT_USE_WINTERNL
2583	typedef struct _PROCESS_BASIC_INFORMATION
2584	{
2585	NTSTATUS ExitStatus;
2586	PPEB PebBaseAddress;
2587	ULONG_PTR AffinityMask;
2588	int32_t BasePriority;
2589	ULONG_PTR UniqueProcessId;
2590	ULONG_PTR InheritedFromUniqueProcessId;
2591	} PROCESS_BASIC_INFORMATION;
2592	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2593	#endif
2594
2595	typedef enum _PROCESSINFOCLASS
2596	{
2597	ProcessBasicInformation = 0, /*< 0 / 0x00 /
2598	ProcessQuotaLimits, /*< 1 / 0x01 /
2599	ProcessIoCounters, /*< 2 / 0x02 /
2600	ProcessVmCounters, /*< 3 / 0x03 /
2601	ProcessTimes, /*< 4 / 0x04 /
2602	ProcessBasePriority, /*< 5 / 0x05 /
2603	ProcessRaisePriority, /*< 6 / 0x06 /
2604	ProcessDebugPort, /*< 7 / 0x07 /
2605	ProcessExceptionPort, /*< 8 / 0x08 /
2606	ProcessAccessToken, /*< 9 / 0x09 /
2607	ProcessLdtInformation, /*< 10 / 0x0a /
2608	ProcessLdtSize, /*< 11 / 0x0b /
2609	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
2610	ProcessIoPortHandlers, /*< 13 / 0x0d /
2611	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
2612	ProcessWorkingSetWatch, /*< 15 / 0x0f /
2613	ProcessUserModeIOPL, /*< 16 / 0x10 /
2614	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
2615	ProcessPriorityClass, /*< 18 / 0x12 /
2616	ProcessWx86Information, /*< 19 / 0x13 /
2617	ProcessHandleCount, /*< 20 / 0x14 /
2618	ProcessAffinityMask, /*< 21 / 0x15 /
2619	ProcessPriorityBoost, /*< 22 / 0x16 /
2620	ProcessDeviceMap, /*< 23 / 0x17 /
2621	ProcessSessionInformation, /*< 24 / 0x18 /
2622	ProcessForegroundInformation, /*< 25 / 0x19 /
2623	ProcessWow64Information, /*< 26 / 0x1a /
2624	ProcessImageFileName, /*< 27 / 0x1b /
2625	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
2626	ProcessBreakOnTermination, /*< 29 / 0x1d /
2627	ProcessDebugObjectHandle, /*< 30 / 0x1e /
2628	ProcessDebugFlags, /*< 31 / 0x1f /
2629	ProcessHandleTracing, /*< 32 / 0x20 /
2630	ProcessIoPriority, /*< 33 / 0x21 /
2631	ProcessExecuteFlags, /*< 34 / 0x22 /
2632	ProcessTlsInformation, /*< 35 / 0x23 /
2633	ProcessCookie, /*< 36 / 0x24 /
2634	ProcessImageInformation, /*< 37 / 0x25 /
2635	ProcessCycleTime, /*< 38 / 0x26 /
2636	ProcessPagePriority, /*< 39 / 0x27 /
2637	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
2638	ProcessThreadStackAllocation, /*< 41 / 0x29 /
2639	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
2640	ProcessImageFileNameWin32, /*< 43 / 0x2b /
2641	ProcessImageFileMapping, /*< 44 / 0x2c /
2642	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
2643	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
2644	ProcessGroupInformation, /*< 47 / 0x2f /
2645	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
2646	ProcessOwnerInformation, /*< 49 / 0x31 /
2647	ProcessWindowInformation, /*< 50 / 0x32 /
2648	ProcessHandleInformation, /*< 51 / 0x33 /
2649	ProcessMitigationPolicy, /*< 52 / 0x34 /
2650	ProcessDynamicFunctionTableInformation, /*< 53 / 0x35 /
2651	ProcessHandleCheckingMode, /*< 54 / 0x36 /
2652	ProcessKeepAliveCount, /*< 55 / 0x37 /
2653	ProcessRevokeFileHandles, /*< 56 / 0x38 /
2654	ProcessWorkingSetControl, /*< 57 / 0x39 /
2655	ProcessHandleTable, /*< 58 / 0x3a /
2656	ProcessCheckStackExtentsMode, /*< 59 / 0x3b /
2657	ProcessCommandLineInformation, /*< 60 / 0x3c /
2658	ProcessProtectionInformation, /*< 61 / 0x3d /
2659	ProcessMemoryExhaustion, /*< 62 / 0x3e /
2660	ProcessFaultInformation, /*< 63 / 0x3f /
2661	ProcessTelemetryIdInformation, /*< 64 / 0x40 /
2662	ProcessCommitReleaseInformation, /*< 65 / 0x41 /
2663	ProcessDefaultCpuSetsInformation, /*< 66 / 0x42 - aka ProcessReserved1Information /
2664	ProcessAllowedCpuSetsInformation, /*< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 /
2665	ProcessSubsystemProcess, /*< 68 / 0x44 /
2666	ProcessJobMemoryInformation, /*< 69 / 0x45 /
2667	ProcessInPrivate, /*< 70 / 0x46 /
2668	ProcessRaiseUMExceptionOnInvalidHandleClose,/*< 71 / 0x47 /
2669	ProcessIumChallengeResponse, /*< 72 / 0x48 /
2670	ProcessChildProcessInformation, /*< 73 / 0x49 /
2671	ProcessHighGraphicsPriorityInformation, /*< 74 / 0x4a /
2672	ProcessSubsystemInformation, /*< 75 / 0x4b /
2673	ProcessEnergyValues, /*< 76 / 0x4c /
2674	ProcessPowerThrottlingState, /*< 77 / 0x4d /
2675	ProcessReserved3Information, /*< 78 / 0x4e /
2676	ProcessWin32kSyscallFilterInformation, /*< 79 / 0x4f /
2677	ProcessDisableSystemAllowedCpuSets, /*< 80 / 0x50 /
2678	ProcessWakeInformation, /*< 81 / 0x51 /
2679	ProcessEnergyTrackingState, /*< 82 / 0x52 /
2680	ProcessManageWritesToExecutableMemory, /*< 83 / 0x53 /
2681	ProcessCaptureTrustletLiveDump, /*< 84 / 0x54 /
2682	ProcessTelemetryCoverage, /*< 85 / 0x55 /
2683	ProcessEnclaveInformation, /*< 86 / 0x56 /
2684	ProcessEnableReadWriteVmLogging, /*< 87 / 0x57 /
2685	ProcessUptimeInformation, /*< 88 / 0x58 /
2686	ProcessImageSection, /*< 89 / 0x59 /
2687	ProcessDebugAuthInformation, /*< 90 / 0x5a /
2688	ProcessSystemResourceManagement, /*< 92 / 0x5b /
2689	ProcessSequenceNumber, /*< 93 / 0x5c /
2690	MaxProcessInfoClass
2691	} PROCESSINFOCLASS;
2692	AssertCompile(ProcessSequenceNumber == 0x5c);
2693	NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2694	#if ARCH_BITS == 32
2695	/** 64-bit API pass thru to WOW64 processes. */
2696	NTSYSAPI NTSTATUS NTAPI NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2697	#endif
2698
2699	typedef enum _THREADINFOCLASS
2700	{
2701	ThreadBasicInformation = 0,
2702	ThreadTimes,
2703	ThreadPriority,
2704	ThreadBasePriority,
2705	ThreadAffinityMask,
2706	ThreadImpersonationToken,
2707	ThreadDescriptorTableEntry,
2708	ThreadEnableAlignmentFaultFixup,
2709	ThreadEventPair_Reusable,
2710	ThreadQuerySetWin32StartAddress,
2711	ThreadZeroTlsCell,
2712	ThreadPerformanceCount,
2713	ThreadAmILastThread,
2714	ThreadIdealProcessor,
2715	ThreadPriorityBoost,
2716	ThreadSetTlsArrayAddress,
2717	ThreadIsIoPending,
2718	ThreadHideFromDebugger,
2719	ThreadBreakOnTermination,
2720	ThreadSwitchLegacyState,
2721	ThreadIsTerminated,
2722	ThreadLastSystemCall,
2723	ThreadIoPriority,
2724	ThreadCycleTime,
2725	ThreadPagePriority,
2726	ThreadActualBasePriority,
2727	ThreadTebInformation,
2728	ThreadCSwitchMon,
2729	ThreadCSwitchPmu,
2730	ThreadWow64Context,
2731	ThreadGroupInformation,
2732	ThreadUmsInformation,
2733	ThreadCounterProfiling,
2734	ThreadIdealProcessorEx,
2735	ThreadCpuAccountingInformation,
2736	MaxThreadInfoClass
2737	} THREADINFOCLASS;
2738	NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2739
2740	NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2741	NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2742
2743	NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2744	NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2745	NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2746	NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2747
2748	NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2749	NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2750
2751	NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2752	NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
2753	NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
2754	NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2755	NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
2756	NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
2757	NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2758	NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2759	NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
2760
2761	#endif /* IPRT_NT_USE_WINTERNL */
2762
2763	/** For use with ObjectBasicInformation.
2764	* A watered down version of this struct appears under the name
2765	* PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2766	* the first four members, so don't trust the rest. */
2767	typedef struct _OBJECT_BASIC_INFORMATION
2768	{
2769	ULONG Attributes;
2770	ACCESS_MASK GrantedAccess;
2771	ULONG HandleCount;
2772	ULONG PointerCount;
2773	/* Not in ntifs.h: */
2774	ULONG PagedPoolCharge;
2775	ULONG NonPagedPoolCharge;
2776	ULONG Reserved[3];
2777	ULONG NameInfoSize;
2778	ULONG TypeInfoSize;
2779	ULONG SecurityDescriptorSize;
2780	LARGE_INTEGER CreationTime;
2781	} OBJECT_BASIC_INFORMATION;
2782	typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2783
2784	/** For use with ObjectHandleFlagInformation. */
2785	typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2786	{
2787	BOOLEAN Inherit;
2788	BOOLEAN ProtectFromClose;
2789	} OBJECT_HANDLE_FLAG_INFORMATION;
2790	typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2791
2792	typedef enum _OBJECT_INFORMATION_CLASS
2793	{
2794	ObjectBasicInformation = 0,
2795	ObjectNameInformation,
2796	ObjectTypeInformation,
2797	ObjectAllInformation,
2798	ObjectHandleFlagInformation,
2799	ObjectSessionInformation,
2800	MaxObjectInfoClass
2801	} OBJECT_INFORMATION_CLASS;
2802	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2803	#ifdef IN_RING0
2804	# define NtQueryObject ZwQueryObject
2805	#endif
2806	NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2807	NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2808	NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2809
2810	NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2811
2812	typedef struct _OBJECT_DIRECTORY_INFORMATION
2813	{
2814	UNICODE_STRING Name;
2815	UNICODE_STRING TypeName;
2816	} OBJECT_DIRECTORY_INFORMATION;
2817	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2818	NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2819
2820	NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
2821	NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
2822	/** @name ProcessDefaultHardErrorMode bit definitions.
2823	* @{ */
2824	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
2825	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2826	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2827	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2828	/** @} */
2829	NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2830	NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
2831
2832	/** Returned by NtQUerySection with SectionBasicInformation. */
2833	typedef struct _SECTION_BASIC_INFORMATION
2834	{
2835	PVOID BaseAddress;
2836	ULONG AllocationAttributes;
2837	LARGE_INTEGER MaximumSize;
2838	} SECTION_BASIC_INFORMATION;
2839	typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2840
2841	/** Retured by ProcessImageInformation as well as NtQuerySection. */
2842	typedef struct _SECTION_IMAGE_INFORMATION
2843	{
2844	PVOID TransferAddress;
2845	ULONG ZeroBits;
2846	SIZE_T MaximumStackSize;
2847	SIZE_T CommittedStackSize;
2848	ULONG SubSystemType;
2849	union
2850	{
2851	struct
2852	{
2853	USHORT SubSystemMinorVersion;
2854	USHORT SubSystemMajorVersion;
2855	};
2856	ULONG SubSystemVersion;
2857	};
2858	ULONG GpValue;
2859	USHORT ImageCharacteristics;
2860	USHORT DllCharacteristics;
2861	USHORT Machine;
2862	BOOLEAN ImageContainsCode;
2863	union /*< Since Vista, used to be a spare BOOLEAN. /
2864	{
2865	struct
2866	{
2867	UCHAR ComPlusNativeRead : 1;
2868	UCHAR ComPlusILOnly : 1;
2869	UCHAR ImageDynamicallyRelocated : 1;
2870	UCHAR ImageMAppedFlat : 1;
2871	UCHAR Reserved : 4;
2872	};
2873	UCHAR ImageFlags;
2874	};
2875	ULONG LoaderFlags;
2876	ULONG ImageFileSize; /*< Since XP? /
2877	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
2878	} SECTION_IMAGE_INFORMATION;
2879	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2880
2881	typedef enum _SECTION_INFORMATION_CLASS
2882	{
2883	SectionBasicInformation = 0,
2884	SectionImageInformation,
2885	MaxSectionInfoClass
2886	} SECTION_INFORMATION_CLASS;
2887	NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2888
2889	NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2890	NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2891	NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2892	#ifndef SYMBOLIC_LINK_QUERY
2893	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2894	#endif
2895	#ifndef SYMBOLIC_LINK_ALL_ACCESS
2896	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
2897	#endif
2898
2899	NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2900	NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2901	NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2902	NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2903	NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2904	NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2905	NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(void);
2906
2907
2908	#ifndef SEC_FILE
2909	# define SEC_FILE UINT32_C(0x00800000)
2910	#endif
2911	#ifndef SEC_IMAGE
2912	# define SEC_IMAGE UINT32_C(0x01000000)
2913	#endif
2914	#ifndef SEC_PROTECTED_IMAGE
2915	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2916	#endif
2917	#ifndef SEC_NOCACHE
2918	# define SEC_NOCACHE UINT32_C(0x10000000)
2919	#endif
2920	#ifndef MEM_ROTATE
2921	# define MEM_ROTATE UINT32_C(0x00800000)
2922	#endif
2923	typedef enum _MEMORY_INFORMATION_CLASS
2924	{
2925	MemoryBasicInformation = 0,
2926	MemoryWorkingSetList,
2927	MemorySectionName,
2928	MemoryBasicVlmInformation
2929	} MEMORY_INFORMATION_CLASS;
2930	#ifdef IN_RING0
2931	typedef struct _MEMORY_BASIC_INFORMATION
2932	{
2933	PVOID BaseAddress;
2934	PVOID AllocationBase;
2935	ULONG AllocationProtect;
2936	SIZE_T RegionSize;
2937	ULONG State;
2938	ULONG Protect;
2939	ULONG Type;
2940	} MEMORY_BASIC_INFORMATION;
2941	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2942	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2943	#endif
2944	NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2945	#ifdef IPRT_NT_USE_WINTERNL
2946	NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2947	#endif
2948	NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2949	NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2950
2951	typedef enum _SYSTEM_INFORMATION_CLASS
2952	{
2953	SystemBasicInformation = 0,
2954	SystemCpuInformation,
2955	SystemPerformanceInformation,
2956	SystemTimeOfDayInformation,
2957	SystemInformation_Unknown_4,
2958	SystemProcessInformation,
2959	SystemInformation_Unknown_6,
2960	SystemInformation_Unknown_7,
2961	SystemProcessorPerformanceInformation,
2962	SystemInformation_Unknown_9,
2963	SystemInformation_Unknown_10,
2964	SystemModuleInformation,
2965	SystemInformation_Unknown_12,
2966	SystemInformation_Unknown_13,
2967	SystemInformation_Unknown_14,
2968	SystemInformation_Unknown_15,
2969	SystemHandleInformation,
2970	SystemInformation_Unknown_17,
2971	SystemPageFileInformation,
2972	SystemInformation_Unknown_19,
2973	SystemInformation_Unknown_20,
2974	SystemCacheInformation,
2975	SystemInformation_Unknown_22,
2976	SystemInterruptInformation,
2977	SystemDpcBehaviourInformation,
2978	SystemFullMemoryInformation,
2979	SystemLoadGdiDriverInformation, /* 26 */
2980	SystemUnloadGdiDriverInformation, /* 27 */
2981	SystemTimeAdjustmentInformation,
2982	SystemSummaryMemoryInformation,
2983	SystemInformation_Unknown_30,
2984	SystemInformation_Unknown_31,
2985	SystemInformation_Unknown_32,
2986	SystemExceptionInformation,
2987	SystemCrashDumpStateInformation,
2988	SystemKernelDebuggerInformation,
2989	SystemContextSwitchInformation,
2990	SystemRegistryQuotaInformation,
2991	SystemInformation_Unknown_38,
2992	SystemInformation_Unknown_39,
2993	SystemInformation_Unknown_40,
2994	SystemInformation_Unknown_41,
2995	SystemInformation_Unknown_42,
2996	SystemInformation_Unknown_43,
2997	SystemCurrentTimeZoneInformation,
2998	SystemLookasideInformation,
2999	SystemSetTimeSlipEvent,
3000	SystemCreateSession,
3001	SystemDeleteSession,
3002	SystemInformation_Unknown_49,
3003	SystemRangeStartInformation,
3004	SystemVerifierInformation,
3005	SystemInformation_Unknown_52,
3006	SystemSessionProcessInformation,
3007	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3008	SystemInformation_Unknown_55,
3009	SystemInformation_Unknown_56,
3010	SystemExtendedProcessInformation,
3011	SystemInformation_Unknown_58,
3012	SystemInformation_Unknown_59,
3013	SystemInformation_Unknown_60,
3014	SystemInformation_Unknown_61,
3015	SystemInformation_Unknown_62,
3016	SystemInformation_Unknown_63,
3017	SystemExtendedHandleInformation, /* 64 */
3018	SystemInformation_Unknown_65,
3019	SystemInformation_Unknown_66,
3020	SystemInformation_Unknown_67,
3021	SystemInformation_Unknown_68,
3022	SystemInformation_HotPatchInfo, /* 69 */
3023	SystemInformation_Unknown_70,
3024	SystemInformation_Unknown_71,
3025	SystemInformation_Unknown_72,
3026	SystemInformation_Unknown_73,
3027	SystemInformation_Unknown_74,
3028	SystemInformation_Unknown_75,
3029	SystemInformation_Unknown_76,
3030	SystemInformation_Unknown_77,
3031	SystemInformation_Unknown_78,
3032	SystemInformation_Unknown_79,
3033	SystemInformation_Unknown_80,
3034	SystemInformation_Unknown_81,
3035	SystemInformation_Unknown_82,
3036	SystemInformation_Unknown_83,
3037	SystemInformation_Unknown_84,
3038	SystemInformation_Unknown_85,
3039	SystemInformation_Unknown_86,
3040	SystemInformation_Unknown_87,
3041	SystemInformation_Unknown_88,
3042	SystemInformation_Unknown_89,
3043	SystemInformation_Unknown_90,
3044	SystemInformation_Unknown_91,
3045	SystemInformation_Unknown_92,
3046	SystemInformation_Unknown_93,
3047	SystemInformation_Unknown_94,
3048	SystemInformation_Unknown_95,
3049	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3050	SystemInformation_Unknown_97,
3051	SystemInformation_Unknown_98,
3052	SystemInformation_Unknown_99,
3053	SystemInformation_Unknown_100,
3054	SystemInformation_Unknown_101,
3055	SystemInformation_Unknown_102,
3056	SystemInformation_Unknown_103,
3057	SystemInformation_Unknown_104,
3058	SystemInformation_Unknown_105,
3059	SystemInformation_Unknown_107,
3060	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3061
3062	/** @todo fill gap. they've added a whole bunch of things */
3063	SystemPolicyInformation = 134,
3064	SystemInformationClassMax
3065	} SYSTEM_INFORMATION_CLASS;
3066
3067	#ifdef IPRT_NT_USE_WINTERNL
3068	typedef struct _VM_COUNTERS
3069	{
3070	SIZE_T PeakVirtualSize;
3071	SIZE_T VirtualSize;
3072	ULONG PageFaultCount;
3073	SIZE_T PeakWorkingSetSize;
3074	SIZE_T WorkingSetSize;
3075	SIZE_T QuotaPeakPagedPoolUsage;
3076	SIZE_T QuotaPagedPoolUsage;
3077	SIZE_T QuotaPeakNonPagedPoolUsage;
3078	SIZE_T QuotaNonPagedPoolUsage;
3079	SIZE_T PagefileUsage;
3080	SIZE_T PeakPagefileUsage;
3081	} VM_COUNTERS;
3082	typedef VM_COUNTERS *PVM_COUNTERS;
3083	#endif
3084
3085	#if 0
3086	typedef struct _IO_COUNTERS
3087	{
3088	ULONGLONG ReadOperationCount;
3089	ULONGLONG WriteOperationCount;
3090	ULONGLONG OtherOperationCount;
3091	ULONGLONG ReadTransferCount;
3092	ULONGLONG WriteTransferCount;
3093	ULONGLONG OtherTransferCount;
3094	} IO_COUNTERS;
3095	typedef IO_COUNTERS *PIO_COUNTERS;
3096	#endif
3097
3098	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3099	{
3100	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
3101	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
3102	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
3103	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
3104	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
3105	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
3106	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
3107	int32_t BasePriority; /*< 0x40 / 0x48 /
3108	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
3109	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
3110	ULONG HandleCount; /*< 0x4c / 0x60 /
3111	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
3112	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
3113	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
3114	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
3115	/* After this follows the threads, then the ProcessName.Buffer. */
3116	} RTNT_SYSTEM_PROCESS_INFORMATION;
3117	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3118	#ifndef IPRT_NT_USE_WINTERNL
3119	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3120	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3121	#endif
3122
3123	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3124	{
3125	USHORT UniqueProcessId;
3126	USHORT CreatorBackTraceIndex;
3127	UCHAR ObjectTypeIndex;
3128	UCHAR HandleAttributes;
3129	USHORT HandleValue;
3130	PVOID Object;
3131	ULONG GrantedAccess;
3132	} SYSTEM_HANDLE_ENTRY_INFO;
3133	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3134
3135	/** Returned by SystemHandleInformation */
3136	typedef struct _SYSTEM_HANDLE_INFORMATION
3137	{
3138	ULONG NumberOfHandles;
3139	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3140	} SYSTEM_HANDLE_INFORMATION;
3141	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3142
3143	/** Extended handle information entry.
3144	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3145	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3146	{
3147	PVOID Object;
3148	HANDLE UniqueProcessId;
3149	HANDLE HandleValue;
3150	ACCESS_MASK GrantedAccess;
3151	USHORT CreatorBackTraceIndex;
3152	USHORT ObjectTypeIndex;
3153	ULONG HandleAttributes;
3154	ULONG Reserved;
3155	} SYSTEM_HANDLE_ENTRY_INFO_EX;
3156	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3157
3158	/** Returned by SystemExtendedHandleInformation. */
3159	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3160	{
3161	ULONG_PTR NumberOfHandles;
3162	ULONG_PTR Reserved;
3163	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3164	} SYSTEM_HANDLE_INFORMATION_EX;
3165	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3166
3167	/** Returned by SystemSessionProcessInformation. */
3168	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3169	{
3170	ULONG SessionId;
3171	ULONG BufferLength;
3172	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3173	PVOID Buffer;
3174	} SYSTEM_SESSION_PROCESS_INFORMATION;
3175	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3176
3177	typedef struct _RTL_PROCESS_MODULE_INFORMATION
3178	{
3179	HANDLE Section; /*< 0x00 / 0x00 /
3180	PVOID MappedBase; /*< 0x04 / 0x08 /
3181	PVOID ImageBase; /*< 0x08 / 0x10 /
3182	ULONG ImageSize; /*< 0x0c / 0x18 /
3183	ULONG Flags; /*< 0x10 / 0x1c /
3184	USHORT LoadOrderIndex; /*< 0x14 / 0x20 /
3185	USHORT InitOrderIndex; /*< 0x16 / 0x22 /
3186	USHORT LoadCount; /*< 0x18 / 0x24 /
3187	USHORT OffsetToFileName; /*< 0x1a / 0x26 /
3188	UCHAR FullPathName[256]; /*< 0x1c / 0x28 /
3189	} RTL_PROCESS_MODULE_INFORMATION;
3190	typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3191
3192	/** Returned by SystemModuleInformation. */
3193	typedef struct _RTL_PROCESS_MODULES
3194	{
3195	ULONG NumberOfModules;
3196	RTL_PROCESS_MODULE_INFORMATION Modules[1]; /*< 0x04 / 0x08 /
3197	} RTL_PROCESS_MODULES;
3198	typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3199
3200	NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3201	#ifndef IPRT_NT_MAP_TO_ZW
3202	NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3203	#endif
3204
3205	NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3206	NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3207
3208	NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3209	NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
3210	#ifndef IPRT_NT_USE_WINTERNL
3211	NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
3212	#endif
3213	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3214	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3215	NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3216
3217	NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3218
3219	#ifdef IPRT_NT_USE_WINTERNL
3220	typedef enum _EVENT_TYPE
3221	{
3222	/* Manual reset event. */
3223	NotificationEvent = 0,
3224	/* Automaitc reset event. */
3225	SynchronizationEvent
3226	} EVENT_TYPE;
3227	#endif
3228	NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3229	NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3230	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3231	NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
3232	NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
3233	NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
3234	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3235	typedef enum _EVENT_INFORMATION_CLASS
3236	{
3237	EventBasicInformation = 0
3238	} EVENT_INFORMATION_CLASS;
3239	/** Data returned by NtQueryEvent + EventBasicInformation. */
3240	typedef struct EVENT_BASIC_INFORMATION
3241	{
3242	EVENT_TYPE EventType;
3243	ULONG EventState;
3244	} EVENT_BASIC_INFORMATION;
3245	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3246	NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3247
3248	#ifdef IPRT_NT_USE_WINTERNL
3249	/** For NtQueryValueKey. */
3250	typedef enum _KEY_VALUE_INFORMATION_CLASS
3251	{
3252	KeyValueBasicInformation = 0,
3253	KeyValueFullInformation,
3254	KeyValuePartialInformation,
3255	KeyValueFullInformationAlign64,
3256	KeyValuePartialInformationAlign64
3257	} KEY_VALUE_INFORMATION_CLASS;
3258
3259	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3260	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3261	{
3262	ULONG TitleIndex;
3263	ULONG Type;
3264	ULONG DataLength;
3265	UCHAR Data[1];
3266	} KEY_VALUE_PARTIAL_INFORMATION;
3267	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3268	#endif
3269	NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3270	NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3271
3272
3273	NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3274
3275
3276	typedef struct _CURDIR
3277	{
3278	UNICODE_STRING DosPath;
3279	HANDLE Handle; /*< 0x10 / 0x08 /
3280	} CURDIR;
3281	AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3282	typedef CURDIR *PCURDIR;
3283
3284	typedef struct _RTL_DRIVE_LETTER_CURDIR
3285	{
3286	USHORT Flags;
3287	USHORT Length;
3288	ULONG TimeStamp;
3289	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
3290	} RTL_DRIVE_LETTER_CURDIR;
3291	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3292
3293	typedef struct _RTL_USER_PROCESS_PARAMETERS
3294	{
3295	ULONG MaximumLength; /*< 0x000 / 0x000 /
3296	ULONG Length; /*< 0x004 / 0x004 /
3297	ULONG Flags; /*< 0x008 / 0x008 /
3298	ULONG DebugFlags; /*< 0x00c / 0x00c /
3299	HANDLE ConsoleHandle; /*< 0x010 / 0x010 /
3300	ULONG ConsoleFlags; /*< 0x018 / 0x014 /
3301	HANDLE StandardInput; /*< 0x020 / 0x018 /
3302	HANDLE StandardOutput; /*< 0x028 / 0x01c /
3303	HANDLE StandardError; /*< 0x030 / 0x020 /
3304	CURDIR CurrentDirectory; /*< 0x038 / 0x024 /
3305	UNICODE_STRING DllPath; /*< 0x050 / 0x030 /
3306	UNICODE_STRING ImagePathName; /*< 0x060 / 0x038 /
3307	UNICODE_STRING CommandLine; /*< 0x070 / 0x040 /
3308	PWSTR Environment; /*< 0x080 / 0x048 /
3309	ULONG StartingX; /*< 0x088 / 0x04c /
3310	ULONG StartingY; /*< 0x090 / 0x050 /
3311	ULONG CountX; /*< 0x094 / 0x054 /
3312	ULONG CountY; /*< 0x098 / 0x058 /
3313	ULONG CountCharsX; /*< 0x09c / 0x05c /
3314	ULONG CountCharsY; /*< 0x0a0 / 0x060 /
3315	ULONG FillAttribute; /*< 0x0a4 / 0x064 /
3316	ULONG WindowFlags; /*< 0x0a8 / 0x068 /
3317	ULONG ShowWindowFlags; /*< 0x0ac / 0x06c /
3318	UNICODE_STRING WindowTitle; /*< 0x0b0 / 0x070 /
3319	UNICODE_STRING DesktopInfo; /*< 0x0c0 / 0x078 /
3320	UNICODE_STRING ShellInfo; /*< 0x0d0 / 0x080 /
3321	UNICODE_STRING RuntimeInfo; /*< 0x0e0 / 0x088 /
3322	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /*< 0x0f0 / 0x090 /
3323	SIZE_T EnvironmentSize; /*< 0x3f0 / 0x - Added in Vista /
3324	SIZE_T EnvironmentVersion; /*< 0x3f8 / 0x - Added in Windows 7. /
3325	PVOID PackageDependencyData; /*< 0x400 / 0x - Added Windows 8? /
3326	ULONG ProcessGroupId; /*< 0x408 / 0x - Added Windows 8? /
3327	ULONG LoaderThreads; /*< 0x40c / 0x - Added Windows 10? /
3328	} RTL_USER_PROCESS_PARAMETERS;
3329	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3330	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3331
3332	typedef struct _RTL_USER_PROCESS_INFORMATION
3333	{
3334	ULONG Size;
3335	HANDLE ProcessHandle;
3336	HANDLE ThreadHandle;
3337	CLIENT_ID ClientId;
3338	SECTION_IMAGE_INFORMATION ImageInformation;
3339	} RTL_USER_PROCESS_INFORMATION;
3340	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3341
3342
3343	NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3344	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3345	NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3346	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3347	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3348	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3349	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3350	NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3351	NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3352	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3353
3354	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3355	typedef struct _RTL_CRITICAL_SECTION
3356	{
3357	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3358	LONG LockCount;
3359	LONG Recursioncount;
3360	HANDLE OwningThread;
3361	HANDLE LockSemaphore;
3362	ULONG_PTR SpinCount;
3363	} RTL_CRITICAL_SECTION;
3364	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3365	#endif
3366
3367	/NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);/
3368
3369	/** @def RTL_QUERY_REGISTRY_TYPECHECK
3370	* WDK 8.1+, backported in updates, ignored in older. */
3371	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
3372	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3373	#endif
3374	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3375	* WDK 8.1+, backported in updates, ignored in older. */
3376	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
3377	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3378	#endif
3379
3380
3381	RT_C_DECLS_END
3382	/** @} */
3383
3384
3385	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
3386	/** @name NT Kernel APIs
3387	* @{ */
3388	RT_C_DECLS_BEGIN
3389
3390	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
3391
3392	NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3393	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3394	NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3395	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3396	NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3397	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3398	NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3399	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3400	NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3401	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3402	NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3403	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3404	NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3405	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3406	NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3407	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3408	NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3409	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3410	NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3411	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3412	/** Works like anding the complemented subtrahend with the minuend. */
3413	NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3414	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3415	NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3416	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3417	NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3418	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3419	NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3420	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3421	NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3422	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3423	NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3424	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3425	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3426	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
3427	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
3428	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
3429	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3430	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3431	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3432	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3433	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
3434	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3435	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
3436	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3437	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3438	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
3439	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3440	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
3441	typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3442
3443	NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3444	PVOID pvOptionalConditions, PHANDLE phFound);
3445	NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3446	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3447	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3448	NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3449	NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
3450	NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
3451	NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
3452	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
3453	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
3454
3455	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3456	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3457
3458	RT_C_DECLS_END
3459	/** @ */
3460	#endif /* IN_RING0 */
3461
3462
3463	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
3464	/** @name NT Userland APIs
3465	* @{ */
3466	RT_C_DECLS_BEGIN
3467
3468	#if 0 /** @todo figure this out some time... */
3469	typedef struct CSR_MSG_DATA_CREATED_PROCESS
3470	{
3471	HANDLE hProcess;
3472	HANDLE hThread;
3473	CLIENT_ID
3474	DWORD idProcess;
3475	DWORD idThread;
3476	DWORD fCreate;
3477
3478	} CSR_MSG_DATA_CREATED_PROCESS;
3479
3480	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3481	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3482	NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3483	#endif
3484
3485	NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
3486
3487	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3488	{
3489	ULONG Flags;
3490	PCUNICODE_STRING FullDllName;
3491	PCUNICODE_STRING BaseDllName;
3492	PVOID DllBase;
3493	ULONG SizeOfImage;
3494	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3495	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3496	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3497
3498	typedef union _LDR_DLL_NOTIFICATION_DATA
3499	{
3500	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3501	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3502	} LDR_DLL_NOTIFICATION_DATA;
3503	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3504	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3505
3506	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3507
3508	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3509	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3510	NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3511	PVOID *pvCookie);
3512	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
3513	NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
3514	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3515
3516	NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3517	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3518	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3519	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3520	NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
3521	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3522	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3523	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3524	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3525	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3526	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3527	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3528	/** @since Windows XP. */
3529	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3530	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3531	/** @since Windows XP. */
3532	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3533	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3534	/** @since Windows 7. */
3535	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3536	/** @since Windows 7. */
3537	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3538	/** @since Windows 7. */
3539	NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3540	OUT PHANDLE phDll);
3541	/** @since Windows 7. */
3542	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3543	OUT PHANDLE phDll);
3544	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3545	NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3546	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3547	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3548	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3549	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3550	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3551	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3552	/** @since Windows Vista. */
3553	NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3554	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3555	/** @since Windows Vista. */
3556	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
3557	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3558	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3559	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3560	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3561	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3562	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3563	/** @since Windows XP. */
3564	NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3565	/** @since Windows XP. */
3566	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
3567	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3568	/** @since Windows XP. */
3569	NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3570	/** @since Windows XP. */
3571	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3572
3573	NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3574	NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
3575	NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
3576	NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3577	IN PCUNICODE_STRING pOrgName,
3578	IN PUNICODE_STRING pDefaultSuffix,
3579	IN OUT PUNICODE_STRING pStaticString,
3580	IN OUT PUNICODE_STRING pDynamicString,
3581	IN OUT PUNICODE_STRING *ppResultString,
3582	IN PULONG pfNewFlags OPTIONAL,
3583	IN PSIZE_T pcbFilename OPTIONAL,
3584	IN PSIZE_T pcbNeeded OPTIONAL);
3585	/** @since Windows 8.
3586	* @note Status code is always zero in windows 10 build 14393. */
3587	NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3588	/** @copydoc ApiSetQueryApiSetPresence */
3589	typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3590
3591
3592	# ifdef IPRT_NT_USE_WINTERNL
3593	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3594	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3595	typedef struct _RTL_HEAP_PARAMETERS
3596	{
3597	ULONG Length;
3598	SIZE_T SegmentReserve;
3599	SIZE_T SegmentCommit;
3600	SIZE_T DeCommitFreeBlockThreshold;
3601	SIZE_T DeCommitTotalFreeThreshold;
3602	SIZE_T MaximumAllocationSize;
3603	SIZE_T VirtualMemoryThreshold;
3604	SIZE_T InitialCommit;
3605	SIZE_T InitialReserve;
3606	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3607	SIZE_T Reserved[2];
3608	} RTL_HEAP_PARAMETERS;
3609	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3610	NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3611	PRTL_HEAP_PARAMETERS pParameters);
3612	/** @name Heap flags (for RtlCreateHeap).
3613	* @{ */
3614	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3615	# define HEAP_GROWABLE UINT32_C(0x00000002)
3616	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3617	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3618	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3619	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3620	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3621	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3622	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3623	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3624	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3625	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3626	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3627	# define HEAP_CLASS_0 UINT32_C(0x00000000)
3628	# define HEAP_CLASS_1 UINT32_C(0x00001000)
3629	# define HEAP_CLASS_2 UINT32_C(0x00002000)
3630	# define HEAP_CLASS_3 UINT32_C(0x00003000)
3631	# define HEAP_CLASS_4 UINT32_C(0x00004000)
3632	# define HEAP_CLASS_5 UINT32_C(0x00005000)
3633	# define HEAP_CLASS_6 UINT32_C(0x00006000)
3634	# define HEAP_CLASS_7 UINT32_C(0x00007000)
3635	# define HEAP_CLASS_8 UINT32_C(0x00008000)
3636	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3637	# endif
3638	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3639	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3640	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3641	# define HEAP_CLASS_GDI HEAP_CLASS_3
3642	# define HEAP_CLASS_USER HEAP_CLASS_4
3643	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3644	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3645	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3646	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3647	# ifdef IPRT_NT_USE_WINTERNL
3648	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3649	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3650	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3651	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3652	# endif /* IPRT_NT_USE_WINTERNL */
3653	/** @} */
3654	# ifdef IPRT_NT_USE_WINTERNL
3655	/** @name Heap tagging constants
3656	* @{ */
3657	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3658	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3659	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3660	# define HEAP_TAG_SHIFT 18 */
3661	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3662	/** @} */
3663	NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3664	NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3665	NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3666	# endif /* IPRT_NT_USE_WINTERNL */
3667	NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3668	NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
3669	NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3670	NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
3671	NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
3672	NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
3673	NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3674	NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
3675	NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
3676	NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
3677	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3678	NTSYSAPI uint64_t NTAPI RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3679	typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3680	NTSYSAPI BOOLEAN NTAPI RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3681	typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3682
3683	RT_C_DECLS_END
3684	/** @} */
3685	#endif /* IN_RING3 */
3686
3687	#endif /* !IPRT_INCLUDED_nt_nt_h */
3688

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 83941

Download in other formats: