nt.h@ 86177

Last change on this file since 86177 was 86177, checked in by vboxsync, 4 years ago
Revert r140428 for now (Runtime/mp-r0drv-nt.cpp: Dynamically determine the size of the KAFFINITY_EX structure as it is not static across Windows versions (increased lately with W10 20H2) )
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 166.1 KB

Line
1	/* $Id: nt.h 86177 2020-09-19 16:06:57Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2020 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef IPRT_INCLUDED_nt_nt_h
28	#define IPRT_INCLUDED_nt_nt_h
29	#ifndef RT_WITHOUT_PRAGMA_ONCE
30	# pragma once
31	#endif
32
33	/** @def IPRT_NT_MAP_TO_ZW
34	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35	* to the APIs (takes care of the previous context checks).
36	*/
37	#ifdef DOXYGEN_RUNNING
38	# define IPRT_NT_MAP_TO_ZW
39	#endif
40
41	#ifdef IPRT_NT_MAP_TO_ZW
42	# define NtQueryDirectoryFile ZwQueryDirectoryFile
43	# define NtQueryInformationFile ZwQueryInformationFile
44	# define NtQueryInformationProcess ZwQueryInformationProcess
45	# define NtQueryInformationThread ZwQueryInformationThread
46	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47	# define NtQuerySystemInformation ZwQuerySystemInformation
48	# define NtQuerySecurityObject ZwQuerySecurityObject
49	# define NtSetInformationFile ZwSetInformationFile
50	# define NtClose ZwClose
51	# define NtCreateFile ZwCreateFile
52	# define NtReadFile ZwReadFile
53	# define NtWriteFile ZwWriteFile
54	# define NtFlushBuffersFile ZwFlushBuffersFile
55	/** @todo this is very incomplete! */
56	#endif
57
58	#include <ntstatus.h>
59
60	/*
61	* Hacks common to both base header sets.
62	*/
63	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64	#define NtQueryObject Incomplete_NtQueryObject
65	#define ZwQueryObject Incomplete_ZwQueryObject
66	#define NtSetInformationObject Incomplete_NtSetInformationObject
67	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71	#define _PEB Incomplete__PEB
72	#define PEB Incomplete_PEB
73	#define PPEB Incomplete_PPEB
74	#define _TEB Incomplete__TEB
75	#define TEB Incomplete_TEB
76	#define PTEB Incomplete_PTEB
77	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86	#ifdef IPRT_NT_USE_WINTERNL
87	/*
88	* Use Winternl.h.
89	*/
90	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
122	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
123	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
124	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
125	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
126	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
127	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
128	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
129	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
130	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
131
132
133	# pragma warning(push)
134	# pragma warning(disable: 4668)
135	# define WIN32_NO_STATUS
136	# include <windef.h>
137	# include <winnt.h>
138	# include <winternl.h>
139	# undef WIN32_NO_STATUS
140	# include <ntstatus.h>
141	# pragma warning(pop)
142
143	# ifndef OBJ_DONT_REPARSE
144	# define RTNT_NEED_CLIENT_ID
145	# endif
146
147	# undef _FILE_INFORMATION_CLASS
148	# undef FILE_INFORMATION_CLASS
149	# undef FileDirectoryInformation
150
151	# undef NtQueryInformationProcess
152	# undef NtSetInformationProcess
153	# undef PROCESSINFOCLASS
154	# undef _PROCESSINFOCLASS
155	# undef PROCESS_BASIC_INFORMATION
156	# undef PPROCESS_BASIC_INFORMATION
157	# undef _PROCESS_BASIC_INFORMATION
158	# undef ProcessBasicInformation
159	# undef ProcessDebugPort
160	# undef ProcessWow64Information
161	# undef ProcessImageFileName
162	# undef ProcessBreakOnTermination
163
164	# undef RTL_USER_PROCESS_PARAMETERS
165	# undef PRTL_USER_PROCESS_PARAMETERS
166	# undef _RTL_USER_PROCESS_PARAMETERS
167
168	# undef NtQueryInformationThread
169	# undef NtSetInformationThread
170	# undef THREADINFOCLASS
171	# undef _THREADINFOCLASS
172	# undef ThreadIsIoPending
173
174	# undef NtQuerySystemInformation
175	# undef NtSetSystemInformation
176	# undef SYSTEM_INFORMATION_CLASS
177	# undef _SYSTEM_INFORMATION_CLASS
178	# undef SystemBasicInformation
179	# undef SystemPerformanceInformation
180	# undef SystemTimeOfDayInformation
181	# undef SystemProcessInformation
182	# undef SystemProcessorPerformanceInformation
183	# undef SystemInterruptInformation
184	# undef SystemExceptionInformation
185	# undef SystemRegistryQuotaInformation
186	# undef SystemLookasideInformation
187	# undef SystemPolicyInformation
188
189	#else
190	/*
191	* Use ntifs.h and wdm.h.
192	*/
193	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
194	# define FORCEINLINE static __forceinline
195	# else
196	# define FORCEINLINE static __inline
197	# endif
198
199	# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
200	# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
201	# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
202	# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
203	# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
204	# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
205	# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
206	# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
207	# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
208	# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
209	# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
210	# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
211	# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
212	# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
213	# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
214	# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
215	# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
216	# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
217	# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
218	# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
219
220	# pragma warning(push)
221	# ifdef RT_ARCH_X86
222	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
223	# pragma warning(disable: 4163)
224	# endif
225	# pragma warning(disable: 4668)
226	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
227	# if _MSC_VER >= 1800 /RT_MSC_VER_VC120/
228	# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
229	# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
230	# endif
231	# if _MSC_VER >= 1900 /RT_MSC_VER_VC140/
232	# ifdef __cplusplus
233	# pragma warning(disable:5039) /* warning C5039: 'KeInitializeDpc': pointer or reference to potentially throwing function passed to 'extern "C"' function under -EHc. Undefined behavior may occur if this function throws an exception. */
234	# endif
235	# endif
236
237	# include <ntifs.h>
238	# include <wdm.h>
239
240	# ifdef RT_ARCH_X86
241	# undef _InterlockedAddLargeStatistic
242	# endif
243	# pragma warning(pop)
244
245	# undef _FSINFOCLASS
246	# undef FS_INFORMATION_CLASS
247	# undef PFS_INFORMATION_CLASS
248	# undef FileFsVolumeInformation
249	# undef FileFsLabelInformation
250	# undef FileFsSizeInformation
251	# undef FileFsDeviceInformation
252	# undef FileFsAttributeInformation
253	# undef FileFsControlInformation
254	# undef FileFsFullSizeInformation
255	# undef FileFsObjectIdInformation
256	# undef FileFsDriverPathInformation
257	# undef FileFsVolumeFlagsInformation
258	# undef FileFsSectorSizeInformation
259	# undef FileFsDataCopyInformation
260	# undef FileFsMetadataSizeInformation
261	# undef FileFsFullSizeInformationEx
262	# undef FileFsMaximumInformation
263	# undef NtQueryVolumeInformationFile
264	# undef NtSetVolumeInformationFile
265
266	# define IPRT_NT_NEED_API_GROUP_NTIFS
267	#endif
268
269	#undef RtlFreeUnicodeString
270	#undef NtQueryObject
271	#undef ZwQueryObject
272	#undef NtSetInformationObject
273	#undef _OBJECT_INFORMATION_CLASS
274	#undef OBJECT_INFORMATION_CLASS
275	#undef ObjectBasicInformation
276	#undef ObjectTypeInformation
277	#undef _PEB
278	#undef PEB
279	#undef PPEB
280	#undef _TEB
281	#undef TEB
282	#undef PTEB
283	#undef _PEB_LDR_DATA
284	#undef PEB_LDR_DATA
285	#undef PPEB_LDR_DATA
286	#undef _KUSER_SHARED_DATA
287	#undef KUSER_SHARED_DATA
288	#undef PKUSER_SHARED_DATA
289
290
291	#include <iprt/types.h>
292	#include <iprt/assert.h>
293
294
295	/** @name Useful macros
296	* @{ */
297	/** Indicates that we're targeting native NT in the current source. */
298	#define RTNT_USE_NATIVE_NT 1
299	/** Initializes a IO_STATUS_BLOCK. */
300	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
301	/** Reinitializes a IO_STATUS_BLOCK. */
302	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
303	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
304	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
305	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
306	/** Constant UNICODE_STRING initializer. */
307	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
308
309	/** Declaration wrapper for NT apis.
310	* Adds nothrow. Don't use with callbacks. */
311	#define RT_DECL_NTAPI(type) DECL_NOTHROW(NTSYSAPI type NTAPI)
312	/** @} */
313
314
315	/** @name IPRT helper functions for NT
316	* @{ */
317	RT_C_DECLS_BEGIN
318
319	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
320	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
321	PHANDLE phHandle, PULONG_PTR puDisposition);
322	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
323	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
324	RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
325	ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
326	RTDECL(int) RTNtPathClose(HANDLE hHandle);
327
328	/**
329	* Converts a windows-style path to NT format and encoding.
330	*
331	* @returns IPRT status code.
332	* @param pNtName Where to return the NT name. Free using
333	* RTNtPathFree.
334	* @param phRootDir Where to return the root handle, if applicable.
335	* @param pszPath The UTF-8 path.
336	*/
337	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
338
339	/**
340	* Converts a UTF-16 windows-style path to NT format.
341	*
342	* @returns IPRT status code.
343	* @param pNtName Where to return the NT name. Free using
344	* RTNtPathFree.
345	* @param phRootDir Where to return the root handle, if applicable.
346	* @param pwszPath The UTF-16 windows-style path.
347	* @param cwcPath The max length of the windows-style path in
348	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
349	* pwszPath is correctly terminated.
350	*/
351	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
352
353	/**
354	* How to handle ascent ('..' relative to a root handle).
355	*/
356	typedef enum RTNTPATHRELATIVEASCENT
357	{
358	kRTNtPathRelativeAscent_Invalid = 0,
359	kRTNtPathRelativeAscent_Allow,
360	kRTNtPathRelativeAscent_Fail,
361	kRTNtPathRelativeAscent_Ignore,
362	kRTNtPathRelativeAscent_End,
363	kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
364	} RTNTPATHRELATIVEASCENT;
365
366	/**
367	* Converts a relative windows-style path to relative NT format and encoding.
368	*
369	* @returns IPRT status code.
370	* @param pNtName Where to return the NT name. Free using
371	* rtTNtPathToNative with phRootDir set to NULL.
372	* @param phRootDir On input, the handle to the directory the path
373	* is relative to. On output, the handle to
374	* specify as root directory in the object
375	* attributes when accessing the path. If
376	* enmAscent is kRTNtPathRelativeAscent_Allow, it
377	* may have been set to NULL.
378	* @param pszPath The relative UTF-8 path.
379	* @param enmAscent How to handle ascent.
380	* @param fMustReturnAbsolute Must convert to an absolute path. This
381	* is necessary if the root dir is a NT directory
382	* object (e.g. /Devices) since they cannot parse
383	* relative paths it seems.
384	*/
385	RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath,
386	RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
387
388	/**
389	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
390	* chars plus a terminator.
391	*
392	* The NT string must have been returned by RTNtPathFromWinUtf8 or
393	* RTNtPathFromWinUtf16Ex.
394	*
395	* @returns IPRT status code.
396	* @param pNtName The NT path string.
397	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
398	* @sa RTNtPathFree
399	*/
400	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
401
402	/**
403	* Gets the NT path to the object represented by the given handle.
404	*
405	* @returns IPRT status code.
406	* @param pNtName Where to return the NT path. Free using
407	* RTNtPathFree.
408	* @param hHandle The handle.
409	* @param cwcExtra How much extra space is needed.
410	*/
411	RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
412
413	/**
414	* Frees the native path and root handle.
415	*
416	* @param pNtName The NT path after a successful rtNtPathToNative
417	* call or RTNtPathRelativeFromUtf8.
418	* @param phRootDir The root handle variable from rtNtPathToNative,
419	*/
420	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
421
422
423	/**
424	* Checks whether the path could be containing alternative 8.3 names generated
425	* by NTFS, FAT, or other similar file systems.
426	*
427	* @returns Pointer to the first component that might be an 8.3 name, NULL if
428	* not 8.3 path.
429	* @param pwszPath The path to check.
430	*
431	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
432	* however, non-tilde 8.3 aliases are probably rare enough to not be
433	* worth all the extra code necessary to open each path component and
434	* check if we've got the short name or not.
435	*/
436	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
437
438	/**
439	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
440	* components.
441	*
442	* The path is fixed up in place. Errors are ignored.
443	*
444	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
445	* indicating the nature of last problem we ran into.
446	*
447	* @param pUniStr The path to fix up. MaximumLength is the max buffer
448	* length.
449	* @param fPathOnly Whether to only process the path and leave the filename
450	* as passed in.
451	*/
452	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
453
454	/**
455	* Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
456	* working on the input buffer.
457	*
458	* @returns IPRT status code, see RTNtPathExpand8dot3Path().
459	* @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
460	* length.
461	* @param fPathOnly Whether to only process the path and leave the filename
462	* as passed in.
463	* @param pUniStrDst Output string. On success, the caller must use
464	* RTUtf16Free to free what the Buffer member points to.
465	* This is all zeros and NULL on failure.
466	*/
467	RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING pUniStrDst);
468
469
470	RT_C_DECLS_END
471	/** @} */
472
473
474	/** @name NT API delcarations.
475	* @{ */
476	RT_C_DECLS_BEGIN
477
478	/** @name Process access rights missing in ntddk headers
479	* @{ */
480	#ifndef PROCESS_TERMINATE
481	# define PROCESS_TERMINATE UINT32_C(0x00000001)
482	#endif
483	#ifndef PROCESS_CREATE_THREAD
484	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
485	#endif
486	#ifndef PROCESS_SET_SESSIONID
487	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
488	#endif
489	#ifndef PROCESS_VM_OPERATION
490	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
491	#endif
492	#ifndef PROCESS_VM_READ
493	# define PROCESS_VM_READ UINT32_C(0x00000010)
494	#endif
495	#ifndef PROCESS_VM_WRITE
496	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
497	#endif
498	#ifndef PROCESS_DUP_HANDLE
499	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
500	#endif
501	#ifndef PROCESS_CREATE_PROCESS
502	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
503	#endif
504	#ifndef PROCESS_SET_QUOTA
505	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
506	#endif
507	#ifndef PROCESS_SET_INFORMATION
508	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
509	#endif
510	#ifndef PROCESS_QUERY_INFORMATION
511	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
512	#endif
513	#ifndef PROCESS_SUSPEND_RESUME
514	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
515	#endif
516	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
517	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
518	#endif
519	#ifndef PROCESS_SET_LIMITED_INFORMATION
520	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
521	#endif
522	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
523	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
524	#ifndef PROCESS_ALL_ACCESS
525	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
526	#endif
527	/** @} */
528
529	/** @name Thread access rights missing in ntddk headers
530	* @{ */
531	#ifndef THREAD_QUERY_INFORMATION
532	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
533	#endif
534	#ifndef THREAD_SET_THREAD_TOKEN
535	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
536	#endif
537	#ifndef THREAD_IMPERSONATE
538	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
539	#endif
540	#ifndef THREAD_DIRECT_IMPERSONATION
541	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
542	#endif
543	#ifndef THREAD_RESUME
544	# define THREAD_RESUME UINT32_C(0x00001000)
545	#endif
546	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
547	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
548	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
549	/** @} */
550
551	/** @name Special handle values.
552	* @{ */
553	#ifndef NtCurrentProcess
554	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
555	#endif
556	#ifndef NtCurrentThread
557	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
558	#endif
559	#ifndef ZwCurrentProcess
560	# define ZwCurrentProcess() NtCurrentProcess()
561	#endif
562	#ifndef ZwCurrentThread
563	# define ZwCurrentThread() NtCurrentThread()
564	#endif
565	/** @} */
566
567
568	/** @name Directory object access rights.
569	* @{ */
570	#ifndef DIRECTORY_QUERY
571	# define DIRECTORY_QUERY UINT32_C(0x00000001)
572	#endif
573	#ifndef DIRECTORY_TRAVERSE
574	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
575	#endif
576	#ifndef DIRECTORY_CREATE_OBJECT
577	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
578	#endif
579	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
580	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
581	#endif
582	#ifndef DIRECTORY_ALL_ACCESS
583	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
584	#endif
585	/** @} */
586
587
588
589	#ifdef RTNT_NEED_CLIENT_ID
590	typedef struct _CLIENT_ID
591	{
592	HANDLE UniqueProcess;
593	HANDLE UniqueThread;
594	} CLIENT_ID;
595	#endif
596	#ifdef IPRT_NT_USE_WINTERNL
597	typedef CLIENT_ID *PCLIENT_ID;
598	#endif
599
600	/** Extended affinity type, introduced in Windows 7 (?). */
601	typedef struct _KAFFINITY_EX
602	{
603	/** Count of valid bitmap entries. */
604	uint16_t Count;
605	/** Count of allocated bitmap entries. */
606	uint16_t Size;
607	/** Reserved / aligmment padding. */
608	uint32_t Reserved;
609	/** Bitmap where one bit corresponds to a CPU. */
610	uintptr_t Bitmap[20];
611	} KAFFINITY_EX;
612	typedef KAFFINITY_EX *PKAFFINITY_EX;
613	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
614
615	/** @name User Shared Data
616	* @{ */
617
618	#ifdef IPRT_NT_USE_WINTERNL
619	typedef struct _KSYSTEM_TIME
620	{
621	ULONG LowPart;
622	LONG High1Time;
623	LONG High2Time;
624	} KSYSTEM_TIME;
625	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
626
627	typedef enum _NT_PRODUCT_TYPE
628	{
629	NtProductWinNt = 1,
630	NtProductLanManNt,
631	NtProductServer
632	} NT_PRODUCT_TYPE;
633
634	#define PROCESSOR_FEATURE_MAX 64
635
636	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
637	{
638	StandardDesign = 0,
639	NEC98x86,
640	EndAlternatives
641	} ALTERNATIVE_ARCHITECTURE_TYPE;
642
643	# if 0
644	typedef struct _XSTATE_FEATURE
645	{
646	ULONG Offset;
647	ULONG Size;
648	} XSTATE_FEATURE;
649	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
650
651	#define MAXIMUM_XSTATE_FEATURES 64
652
653	typedef struct _XSTATE_CONFIGURATION
654	{
655	ULONG64 EnabledFeatures;
656	ULONG Size;
657	ULONG OptimizedSave : 1;
658	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
659	} XSTATE_CONFIGURATION;
660	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
661	# endif
662	#endif /* IPRT_NT_USE_WINTERNL */
663
664	typedef struct _KUSER_SHARED_DATA
665	{
666	ULONG TickCountLowDeprecated; /*< 0x000 /
667	ULONG TickCountMultiplier; /*< 0x004 /
668	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
669	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
670	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
671	USHORT ImageNumberLow; /*< 0x02c /
672	USHORT ImageNumberHigh; /*< 0x02e /
673	WCHAR NtSystemRoot[260]; /*< 0x030 - Seems to be last member in NT 3.51. /
674	ULONG MaxStackTraceDepth; /*< 0x238 /
675	ULONG CryptoExponent; /*< 0x23c /
676	ULONG TimeZoneId; /*< 0x240 /
677	ULONG LargePageMinimum; /*< 0x244 /
678	ULONG AitSamplingValue; /*< 0x248 /
679	ULONG AppCompatFlag; /*< 0x24c /
680	ULONGLONG RNGSeedVersion; /*< 0x250 /
681	ULONG GlobalValidationRunlevel; /*< 0x258 /
682	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
683	ULONG Reserved2; /*< 0x260 /
684	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
685	BOOLEAN ProductTypeIsValid; /*< 0x268 /
686	BOOLEAN Reserved0[1]; /*< 0x269 /
687	USHORT NativeProcessorArchitecture; /*< 0x26a /
688	ULONG NtMajorVersion; /*< 0x26c /
689	ULONG NtMinorVersion; /*< 0x270 /
690	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
691	ULONG Reserved1; /*< 0x2b4 /
692	ULONG Reserved3; /*< 0x2b8 /
693	ULONG volatile TimeSlip; /*< 0x2bc /
694	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
695	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
696	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
697	ULONG SuiteMask; /*< 0x2d0 /
698	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
699	union /*< 0x2d5 /
700	{
701	UCHAR MitigationPolicies; /*< 0x2d5 /
702	struct
703	{
704	UCHAR NXSupportPolicy : 2;
705	UCHAR SEHValidationPolicy : 2;
706	UCHAR CurDirDevicesSkippedForDlls : 2;
707	UCHAR Reserved : 2;
708	};
709	};
710	UCHAR Reserved6[2]; /*< 0x2d6 /
711	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
712	ULONG volatile DismountCount; /*< 0x2dc /
713	ULONG ComPlusPackage; /*< 0x2e0 /
714	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
715	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
716	BOOLEAN SafeBootMode; /*< 0x2ec /
717	UCHAR Reserved12[3]; /*< 0x2ed /
718	union /*< 0x2f0 /
719	{
720	ULONG SharedDataFlags; /*< 0x2f0 /
721	struct
722	{
723	ULONG DbgErrorPortPresent : 1;
724	ULONG DbgElevationEnabled : 1;
725	ULONG DbgVirtEnabled : 1;
726	ULONG DbgInstallerDetectEnabled : 1;
727	ULONG DbgLkgEnabled : 1;
728	ULONG DbgDynProcessorEnabled : 1;
729	ULONG DbgConsoleBrokerEnabled : 1;
730	ULONG DbgSecureBootEnabled : 1;
731	ULONG SpareBits : 24;
732	};
733	};
734	ULONG DataFlagsPad[1]; /*< 0x2f4 /
735	ULONGLONG TestRetInstruction; /*< 0x2f8 /
736	LONGLONG QpcFrequency; /*< 0x300 /
737	ULONGLONG SystemCallPad[3]; /*< 0x308 /
738	union /*< 0x320 /
739	{
740	ULONG64 volatile TickCountQuad; /*< 0x320 /
741	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
742	struct /*< 0x320 /
743	{
744	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
745	ULONG TickCountPad[1]; /*< 0x32c /
746	};
747	};
748	ULONG Cookie; /*< 0x330 /
749	ULONG CookiePad[1]; /*< 0x334 /
750	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
751	ULONGLONG TimeUpdateLock; /*< 0x340 /
752	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
753	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
754	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
755	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
756	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
757	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
758	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
759	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
760	UCHAR Reserved8[14]; /*< 0x372 /
761	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
762	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
763	ULONG LangGenerationCount; /*< 0x3a4 /
764	ULONGLONG Reserved4; /*< 0x3a8 /
765	ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
766	* subtracts from interrupt time. */
767	ULONGLONG volatile QpcBias; /*< 0x3b8 /
768	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
769	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
770	UCHAR Reserved9; /*< 0x3c5 /
771	union /*< 0x3c6 /
772	{
773	USHORT QpcData; /*< 0x3c6 /
774	struct /*< 0x3c6 /
775	{
776	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
777	UCHAR QpcShift; /*< 0x3c7 /
778	};
779	};
780	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
781	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
782	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
783	} KUSER_SHARED_DATA;
784	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
785	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
786	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
787	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
788	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
789	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
790	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
791	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
792	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
793	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
794	/** @def MM_SHARED_USER_DATA_VA
795	* Read only userland mapping of KUSER_SHARED_DATA. */
796	#ifndef MM_SHARED_USER_DATA_VA
797	# if ARCH_BITS == 32
798	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
799	# elif ARCH_BITS == 64
800	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
801	# else
802	# error "Unsupported/undefined ARCH_BITS value."
803	# endif
804	#endif
805	/** @def KI_USER_SHARED_DATA
806	* Read write kernel mapping of KUSER_SHARED_DATA. */
807	#ifndef KI_USER_SHARED_DATA
808	# ifdef RT_ARCH_X86
809	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
810	# elif defined(RT_ARCH_AMD64)
811	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
812	# else
813	# error "PORT ME - KI_USER_SHARED_DATA"
814	# endif
815	#endif
816	/** @} */
817
818
819	/** @name Process And Thread Environment Blocks
820	* @{ */
821
822	typedef struct _PEB_LDR_DATA
823	{
824	uint32_t Length;
825	BOOLEAN Initialized;
826	BOOLEAN Padding[3];
827	HANDLE SsHandle;
828	LIST_ENTRY InLoadOrderModuleList;
829	LIST_ENTRY InMemoryOrderModuleList;
830	LIST_ENTRY InInitializationOrderModuleList;
831	/* End NT4 */
832	LIST_ENTRY *EntryInProgress;
833	BOOLEAN ShutdownInProgress;
834	HANDLE ShutdownThreadId;
835	} PEB_LDR_DATA;
836	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
837
838	typedef struct _PEB_COMMON
839	{
840	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
841	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
842	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
843	union
844	{
845	uint8_t BitField; /*< 0x003 / 0x003 /
846	struct
847	{
848	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
849	} Common;
850	struct
851	{
852	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
853	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
854	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
855	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
856	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
857	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
858	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
859	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
860	} W81;
861	struct
862	{
863	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
864	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
865	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
866	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
867	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
868	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
869	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
870	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
871	} W80;
872	struct
873	{
874	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
875	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
876	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
877	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
878	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
879	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
880	} W7;
881	struct
882	{
883	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
884	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
885	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
886	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
887	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
888	} W6;
889	struct
890	{
891	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
892	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
893	} W52;
894	struct
895	{
896	BOOLEAN SpareBool;
897	} W51;
898	} Diff0;
899	#if ARCH_BITS == 64
900	uint32_t Padding0; /*< 0x004 / NA /
901	#endif
902	HANDLE Mutant; /*< 0x008 / 0x004 /
903	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
904	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
905	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
906	PVOID SubSystemData; /*< 0x028 / 0x014 /
907	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
908	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
909	union
910	{
911	struct
912	{
913	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
914	PVOID IFEOKey; /*< 0x048 / 0x024 /
915	union
916	{
917	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
918	struct
919	{
920	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
921	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
922	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
923	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
924	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
925	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
926	} W7, W8, W80, W81;
927	struct
928	{
929	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
930	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
931	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
932	} W6;
933	};
934	#if ARCH_BITS == 64
935	uint32_t Padding1; /*< 0x054 / /
936	#endif
937	} W6, W7, W8, W80, W81;
938	struct
939	{
940	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
941	PVOID SparePtr2; /*< 0x048 / 0x024 /
942	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
943	#if ARCH_BITS == 64
944	uint32_t Padding1; /*< 0x054 / /
945	#endif
946	} W52;
947	struct
948	{
949	PVOID FastPebLockRoutine; /*< NA / 0x020 /
950	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
951	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
952	} W51;
953	} Diff1;
954	union
955	{
956	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
957	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
958	};
959	uint32_t SystemReserved; /*< 0x060 / 0x030 /
960	union
961	{
962	struct
963	{
964	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
965	} W7, W8, W80, W81;
966	struct
967	{
968	uint32_t SpareUlong; /*< 0x064 / 0x034 /
969	} W52, W6;
970	struct
971	{
972	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
973	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
974	} W51;
975	} Diff2;
976	union
977	{
978	struct
979	{
980	PVOID ApiSetMap; /*< 0x068 / 0x038 /
981	} W7, W8, W80, W81;
982	struct
983	{
984	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
985	} W52, W6;
986	struct
987	{
988	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
989	} W51;
990	} Diff3;
991	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
992	#if ARCH_BITS == 64
993	uint32_t Padding2; /*< 0x074 / NA /
994	#endif
995	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
996	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
997	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
998	union
999	{
1000	struct
1001	{
1002	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
1003	} W81;
1004	struct
1005	{
1006	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
1007	} W6, W7, W80;
1008	struct
1009	{
1010	PVOID ReadOnlySharedMemoryHeap;
1011	} W52;
1012	} Diff4;
1013	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
1014	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
1015	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
1016	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
1017	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
1018	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
1019	#if ARCH_BITS == 32
1020	uint32_t Padding2b;
1021	#endif
1022	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
1023	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
1024	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
1025	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
1026	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
1027	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
1028	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
1029	PVOID ProcessHeaps; /< 0x0f0 / 0x090 - Last NT 3.51 member. /
1030	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
1031	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
1032	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
1033	#if ARCH_BITS == 64
1034	uint32_t Padding3; /*< 0x10c / NA /
1035	#endif
1036	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
1037	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
1038	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
1039	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
1040	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
1041	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
1042	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
1043	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
1044	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
1045	#if ARCH_BITS == 64
1046	uint32_t Padding4; /*< 0x134 / NA /
1047	#endif
1048	union
1049	{
1050	struct
1051	{
1052	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
1053	} W7, W8, W80, W81;
1054	struct
1055	{
1056	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
1057	} W52, W6;
1058	} Diff5;
1059	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
1060	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
1061	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
1062	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
1063	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
1064	#if ARCH_BITS == 64
1065	uint32_t Padding5; /*< 0x2c4 / NA /
1066	#endif
1067	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
1068	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
1069	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
1070	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
1071	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
1072	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
1073	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
1074	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
1075	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
1076	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
1077	/* End of PEB in W52 (Windows XP (RTM))! */
1078	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
1079	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
1080	PVOID FlsBitmap; /*< 0x338 / 0x218 /
1081	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
1082	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
1083	/* End of PEB in W52 (Windows Server 2003)! */
1084	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
1085	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
1086	/* End of PEB in W6 (windows Vista)! */
1087	union
1088	{
1089	struct
1090	{
1091	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
1092	} W8, W80, W81;
1093	struct
1094	{
1095	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
1096	} W7;
1097	} Diff6;
1098	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
1099	union
1100	{
1101	uint32_t TracingFlags; /*< 0x378 / 0x240 /
1102	struct
1103	{
1104	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1105	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1106	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
1107	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
1108	} W8, W80, W81;
1109	struct
1110	{
1111	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1112	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1113	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
1114	} W7;
1115	} Diff7;
1116	#if ARCH_BITS == 64
1117	uint32_t Padding6; /*< 0x37c / NA /
1118	#endif
1119	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
1120	/* End of PEB in W8, W81. */
1121	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
1122	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
1123	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
1124	#if ARCH_BITS == 32
1125	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
1126	#endif
1127	} PEB_COMMON;
1128	typedef PEB_COMMON *PPEB_COMMON;
1129
1130	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1131	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1132	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1133	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1134	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1135	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1136	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1137	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1138	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1139
1140	/** The size of the windows 10 (build 14393) PEB structure. */
1141	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1142	/** The size of the windows 8.1 PEB structure. */
1143	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1144	/** The size of the windows 8.0 PEB structure. */
1145	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1146	/** The size of the windows 7 PEB structure. */
1147	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1148	/** The size of the windows vista PEB structure. */
1149	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1150	/** The size of the windows server 2003 PEB structure. */
1151	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1152	/** The size of the windows XP PEB structure. */
1153	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1154
1155	#if 0
1156	typedef struct _NT_TIB
1157	{
1158	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1159	PVOID StackBase;
1160	PVOID StackLimit;
1161	PVOID SubSystemTib;
1162	union
1163	{
1164	PVOID FiberData;
1165	ULONG Version;
1166	};
1167	PVOID ArbitraryUserPointer;
1168	struct _NT_TIB *Self;
1169	} NT_TIB;
1170	typedef NT_TIB *PNT_TIB;
1171	#endif
1172
1173	typedef struct _ACTIVATION_CONTEXT_STACK
1174	{
1175	uint32_t Flags;
1176	uint32_t NextCookieSequenceNumber;
1177	PVOID ActiveFrame;
1178	LIST_ENTRY FrameListCache;
1179	} ACTIVATION_CONTEXT_STACK;
1180
1181	/* Common TEB. */
1182	typedef struct _TEB_COMMON
1183	{
1184	NT_TIB NtTib; /*< 0x000 / 0x000 /
1185	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1186	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1187	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1188	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1189	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1190	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1191	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1192	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1193	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1194	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1195	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1196	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1197	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1198	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1199	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1200	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1201	#if ARCH_BITS == 64
1202	uint32_t Padding0; /*< 0x2c4 / NA /
1203	#endif
1204	union
1205	{
1206	struct
1207	{
1208	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1209	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1210	} W52, W6, W7, W8, W80, W81;
1211	#if ARCH_BITS == 32
1212	struct
1213	{
1214	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1215	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1216	} W51;
1217	#endif
1218	} Diff0;
1219	union
1220	{
1221	struct
1222	{
1223	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1224	} W6, W7, W8, W80, W81;
1225	struct
1226	{
1227	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1228	} W52;
1229	} Diff1;
1230	#if ARCH_BITS == 64
1231	uint32_t Padding1; /*< 0x2ec / NA /
1232	#endif
1233	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1234	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1235	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1236	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1237	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1238	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1239	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1240	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1241	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1242	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1243	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1244	PVOID glSection; /*< 0x1230 / 0xbe4 /
1245	PVOID glTable; /*< 0x1238 / 0xbe8 /
1246	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1247	PVOID glContext; /*< 0x1248 / 0xbf0 /
1248	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1249	#if ARCH_BITS == 64
1250	uint32_t Padding2; /*< 0x1254 / NA /
1251	#endif
1252	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1253	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1254	#if ARCH_BITS == 64
1255	WCHAR Padding3[3]; /*< 0x1472 / NA /
1256	#endif
1257	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1258	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1259	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1260	PVOID Vdm; /*< 0x1690 / 0xf18 /
1261	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1262	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1263	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1264	#if ARCH_BITS == 64
1265	uint32_t Padding4; /*< 0x16b4 / NA /
1266	#endif
1267	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1268	union
1269	{
1270	struct
1271	{
1272	GUID ActivityId; /*< 0x1710 / 0xf50 /
1273	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1274	} W6, W7, W8, W80, W81;
1275	struct
1276	{
1277	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1278	} W52;
1279	} Diff2;
1280	union /*< 0x1728 / 0xf64 /
1281	{
1282	struct
1283	{
1284	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1285	} W8, W80, W81;
1286	struct
1287	{
1288	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1289	} W7, W6;
1290	struct
1291	{
1292	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1293	} W52;
1294	struct
1295	{
1296	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1297	} W51;
1298	} Diff3;
1299	union
1300	{
1301	struct
1302	{
1303	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1304	} W52, W6, W7, W8, W80, W81;
1305	struct
1306	{
1307	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1308	} W51;
1309	} Diff4;
1310	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1311	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1312	union
1313	{
1314	union
1315	{
1316	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1317	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1318	struct
1319	{
1320	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1321	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1322	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1323	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1324	};
1325	} W6, W7, W8, W80, W81;
1326	struct
1327	{
1328	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1329	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1330	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1331	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1332	} W51, W52;
1333	} Diff5;
1334	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1335	#if ARCH_BITS == 64
1336	uint32_t Padding5; /*< 0x174c / NA /
1337	#endif
1338	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1339	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1340	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1341	#if ARCH_BITS == 64
1342	uint32_t Padding6; /*< 0x1764 / NA /
1343	#endif
1344	union /*< 0x1770 / 0xf8c /
1345	{
1346	struct
1347	{
1348	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1349	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1350	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1351	} W8, W80, W81;
1352	struct
1353	{
1354	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1355	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1356	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1357	} W6, W7;
1358	struct
1359	{
1360	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1361	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1362	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1363	} W52;
1364	#if ARCH_BITS == 32
1365	struct _Wx86ThreadState
1366	{
1367	PVOID CallBx86Eip; /*< NA / 0xf88 /
1368	PVOID DeallocationCpu; /*< NA / 0xf8c /
1369	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1370	int8_t OleStubInvoked; /*< NA / 0xf91 /
1371	} W51;
1372	#endif
1373	} Diff6;
1374	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1375	#if ARCH_BITS == 64
1376	PVOID DallocationBStore; /*< 0x1788 / NA /
1377	PVOID BStoreLimit; /*< 0x1790 / NA /
1378	#endif
1379	union
1380	{
1381	struct
1382	{
1383	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1384	} W7, W8, W80, W81;
1385	struct
1386	{
1387	uint32_t ImpersonationLocale;
1388	} W6;
1389	} Diff7;
1390	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1391	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1392	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1393	union /*< 0x17b0 / 0xfa8 /
1394	{
1395	struct
1396	{
1397	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1398	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1399	} W8, W80, W81;
1400	struct
1401	{
1402	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1403	} W7;
1404	} Diff8;
1405	#if ARCH_BITS == 64
1406	uint32_t Padding7; /*< 0x17b4 / NA /
1407	#endif
1408	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1409	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1410	/* End of TEB in W51 (Windows XP)! */
1411	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1412	union
1413	{
1414	struct
1415	{
1416	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1417	} W6, W7, W8, W80, W81;
1418	struct
1419	{
1420	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1421	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1422	/* End of TEB in W52 (Windows server 2003)! */
1423	} W52;
1424	} Diff9;
1425	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1426	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1427	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1428	union
1429	{
1430	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1431	struct
1432	{
1433	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1434	};
1435	};
1436	union
1437	{
1438	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1439	struct
1440	{
1441	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1442	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1443	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1444	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1445	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1446	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1447	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1448	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1449	} Common;
1450	struct
1451	{
1452	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1453	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1454	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1455	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1456	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1457	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1458	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1459	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1460	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1461	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1462	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1463	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1464	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1465	} W8, W80, W81;
1466	struct
1467	{
1468	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1469	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1470	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1471	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1472	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1473	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1474	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1475	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1476	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1477	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1478	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1479	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1480	} W7;
1481	struct
1482	{
1483	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1484	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1485	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1486	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1487	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1488	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1489	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1490	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1491	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1492	} W6;
1493	} Diff10;
1494	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1495	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1496	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1497	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1498	union
1499	{
1500	struct
1501	{
1502	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1503	} W7, W8, W80, W81;
1504	struct
1505	{
1506	uint32_t ProcessRundown;
1507	} W6;
1508	} Diff11;
1509	union
1510	{
1511	struct
1512	{
1513	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1514	/* End of TEB in W7 (windows 7)! */
1515	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1516	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1517	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1518	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1519	/* End of TEB in W10 14393! */
1520	} W8, W80, W81, W10;
1521	struct
1522	{
1523	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1524	} W7;
1525	struct
1526	{
1527	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1528	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1529	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1530	/* End of TEB in W6 (windows Vista)! */
1531	} W6;
1532	} Diff12;
1533	} TEB_COMMON;
1534	typedef TEB_COMMON *PTEB_COMMON;
1535	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1536	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1537	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1538	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1539	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1540	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1541	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1542	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1543	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1544	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1545	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1546	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1547	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1548
1549
1550	/** The size of the windows 8.1 PEB structure. */
1551	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1552	/** The size of the windows 8.1 PEB structure. */
1553	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1554	/** The size of the windows 8.0 PEB structure. */
1555	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1556	/** The size of the windows 7 PEB structure. */
1557	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1558	/** The size of the windows vista PEB structure. */
1559	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1560	/** The size of the windows server 2003 PEB structure. */
1561	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1562	/** The size of the windows XP PEB structure. */
1563	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1564
1565
1566
1567	#define _PEB _PEB_COMMON
1568	typedef PEB_COMMON PEB;
1569	typedef PPEB_COMMON PPEB;
1570
1571	#define _TEB _TEB_COMMON
1572	typedef TEB_COMMON TEB;
1573	typedef PTEB_COMMON PTEB;
1574
1575	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1576	# ifdef RT_ARCH_X86
1577	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1578	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1579	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1580	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1581	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1582	# elif defined(RT_ARCH_AMD64)
1583	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1584	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1585	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1586	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1587	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1588	# else
1589	# error "Port me"
1590	# endif
1591	#else
1592	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1593	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1594	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1595	# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1596	# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1597	#endif
1598	#define NtCurrentPeb() RTNtCurrentPeb()
1599
1600
1601	/** @} */
1602
1603
1604	#ifdef IPRT_NT_USE_WINTERNL
1605	RT_DECL_NTAPI(NTSTATUS) NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1606	typedef enum _SECTION_INHERIT
1607	{
1608	ViewShare = 1,
1609	ViewUnmap
1610	} SECTION_INHERIT;
1611	#endif
1612	RT_DECL_NTAPI(NTSTATUS) NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1613	ULONG, ULONG);
1614	RT_DECL_NTAPI(NTSTATUS) NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1615	RT_DECL_NTAPI(NTSTATUS) NtUnmapViewOfSection(HANDLE, PVOID);
1616
1617	RT_DECL_NTAPI(NTSTATUS) NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1618	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1619	RT_DECL_NTAPI(NTSTATUS) NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1620	RT_DECL_NTAPI(NTSTATUS) ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1621	RT_DECL_NTAPI(NTSTATUS) NtAlertThread(HANDLE hThread);
1622	#ifdef IPRT_NT_USE_WINTERNL
1623	RT_DECL_NTAPI(NTSTATUS) ZwAlertThread(HANDLE hThread);
1624	#endif
1625	RT_DECL_NTAPI(NTSTATUS) NtTestAlert(void);
1626
1627	#ifdef IPRT_NT_USE_WINTERNL
1628	RT_DECL_NTAPI(NTSTATUS) NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1629	RT_DECL_NTAPI(NTSTATUS) NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1630	#endif
1631	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1632	RT_DECL_NTAPI(NTSTATUS) ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1633
1634	#ifdef IPRT_NT_USE_WINTERNL
1635	typedef struct _FILE_FS_VOLUME_INFORMATION
1636	{
1637	LARGE_INTEGER VolumeCreationTime;
1638	ULONG VolumeSerialNumber;
1639	ULONG VolumeLabelLength;
1640	BOOLEAN SupportsObjects;
1641	WCHAR VolumeLabel[1];
1642	} FILE_FS_VOLUME_INFORMATION;
1643	typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1644	typedef struct _FILE_FS_LABEL_INFORMATION
1645	{
1646	ULONG VolumeLabelLength;
1647	WCHAR VolumeLabel[1];
1648	} FILE_FS_LABEL_INFORMATION;
1649	typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1650	typedef struct _FILE_FS_SIZE_INFORMATION
1651	{
1652	LARGE_INTEGER TotalAllocationUnits;
1653	LARGE_INTEGER AvailableAllocationUnits;
1654	ULONG SectorsPerAllocationUnit;
1655	ULONG BytesPerSector;
1656	} FILE_FS_SIZE_INFORMATION;
1657	typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1658	typedef struct _FILE_FS_DEVICE_INFORMATION
1659	{
1660	DEVICE_TYPE DeviceType;
1661	ULONG Characteristics;
1662	} FILE_FS_DEVICE_INFORMATION;
1663	typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1664	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1665	{
1666	ULONG FileSystemAttributes;
1667	LONG MaximumComponentNameLength;
1668	ULONG FileSystemNameLength;
1669	WCHAR FileSystemName[1];
1670	} FILE_FS_ATTRIBUTE_INFORMATION;
1671	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1672	typedef struct _FILE_FS_CONTROL_INFORMATION
1673	{
1674	LARGE_INTEGER FreeSpaceStartFiltering;
1675	LARGE_INTEGER FreeSpaceThreshold;
1676	LARGE_INTEGER FreeSpaceStopFiltering;
1677	LARGE_INTEGER DefaultQuotaThreshold;
1678	LARGE_INTEGER DefaultQuotaLimit;
1679	ULONG FileSystemControlFlags;
1680	} FILE_FS_CONTROL_INFORMATION;
1681	typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1682	typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1683	{
1684	LARGE_INTEGER TotalAllocationUnits;
1685	LARGE_INTEGER CallerAvailableAllocationUnits;
1686	LARGE_INTEGER ActualAvailableAllocationUnits;
1687	ULONG SectorsPerAllocationUnit;
1688	ULONG BytesPerSector;
1689	} FILE_FS_FULL_SIZE_INFORMATION;
1690	typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1691	typedef struct _FILE_FS_OBJECTID_INFORMATION
1692	{
1693	UCHAR ObjectId[16];
1694	UCHAR ExtendedInfo[48];
1695	} FILE_FS_OBJECTID_INFORMATION;
1696	typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1697	typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1698	{
1699	BOOLEAN DriverInPath;
1700	ULONG DriverNameLength;
1701	WCHAR DriverName[1];
1702	} FILE_FS_DRIVER_PATH_INFORMATION;
1703	typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1704	typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1705	{
1706	ULONG Flags;
1707	} FILE_FS_VOLUME_FLAGS_INFORMATION;
1708	typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1709	#endif
1710	#if !defined(SSINFO_OFFSET_UNKNOWN) \|\| defined(IPRT_NT_USE_WINTERNL)
1711	typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1712	{
1713	ULONG LogicalBytesPerSector;
1714	ULONG PhysicalBytesPerSectorForAtomicity;
1715	ULONG PhysicalBytesPerSectorForPerformance;
1716	ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1717	ULONG Flags;
1718	ULONG ByteOffsetForSectorAlignment;
1719	ULONG ByteOffsetForPartitionAlignment;
1720	} FILE_FS_SECTOR_SIZE_INFORMATION;
1721	typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1722	# ifndef SSINFO_OFFSET_UNKNOWN
1723	# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1724	# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1725	# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1726	# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1727	# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1728	# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1729	# endif
1730	#endif
1731	#ifdef IPRT_NT_USE_WINTERNL
1732	typedef struct _FILE_FS_DATA_COPY_INFORMATION
1733	{
1734	ULONG NumberOfCopies;
1735	} FILE_FS_DATA_COPY_INFORMATION;
1736	typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1737	typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1738	{
1739	LARGE_INTEGER TotalMetadataAllocationUnits;
1740	ULONG SectorsPerAllocationUnit;
1741	ULONG BytesPerSector;
1742	} FILE_FS_METADATA_SIZE_INFORMATION;
1743	typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1744	typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1745	{
1746	ULONGLONG ActualTotalAllocationUnits;
1747	ULONGLONG ActualAvailableAllocationUnits;
1748	ULONGLONG ActualPoolUnavailableAllocationUnits;
1749	ULONGLONG CallerTotalAllocationUnits;
1750	ULONGLONG CallerAvailableAllocationUnits;
1751	ULONGLONG CallerPoolUnavailableAllocationUnits;
1752	ULONGLONG UsedAllocationUnits;
1753	ULONGLONG TotalReservedAllocationUnits;
1754	ULONGLONG VolumeStorageReserveAllocationUnits;
1755	ULONGLONG AvailableCommittedAllocationUnits;
1756	ULONGLONG PoolAvailableAllocationUnits;
1757	ULONG SectorsPerAllocationUnit;
1758	ULONG BytesPerSector;
1759	} FILE_FS_FULL_SIZE_INFORMATION_EX;
1760	typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1761	#endif /* IPRT_NT_USE_WINTERNL */
1762
1763	typedef enum _FSINFOCLASS
1764	{
1765	FileFsVolumeInformation = 1,
1766	FileFsLabelInformation,
1767	FileFsSizeInformation, /*< FILE_FS_SIZE_INFORMATION /
1768	FileFsDeviceInformation,
1769	FileFsAttributeInformation,
1770	FileFsControlInformation,
1771	FileFsFullSizeInformation,
1772	FileFsObjectIdInformation,
1773	FileFsDriverPathInformation,
1774	FileFsVolumeFlagsInformation,
1775	FileFsSectorSizeInformation,
1776	FileFsDataCopyInformation,
1777	FileFsMetadataSizeInformation,
1778	FileFsFullSizeInformationEx,
1779	FileFsMaximumInformation
1780	} FS_INFORMATION_CLASS;
1781	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1782	RT_DECL_NTAPI(NTSTATUS) NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1783	RT_DECL_NTAPI(NTSTATUS) NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1784
1785	#ifdef IPRT_NT_USE_WINTERNL
1786	typedef struct _FILE_DIRECTORY_INFORMATION
1787	{
1788	ULONG NextEntryOffset;
1789	ULONG FileIndex;
1790	LARGE_INTEGER CreationTime;
1791	LARGE_INTEGER LastAccessTime;
1792	LARGE_INTEGER LastWriteTime;
1793	LARGE_INTEGER ChangeTime;
1794	LARGE_INTEGER EndOfFile;
1795	LARGE_INTEGER AllocationSize;
1796	ULONG FileAttributes;
1797	ULONG FileNameLength;
1798	WCHAR FileName[1];
1799	} FILE_DIRECTORY_INFORMATION;
1800	typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1801	typedef struct _FILE_FULL_DIR_INFORMATION
1802	{
1803	ULONG NextEntryOffset;
1804	ULONG FileIndex;
1805	LARGE_INTEGER CreationTime;
1806	LARGE_INTEGER LastAccessTime;
1807	LARGE_INTEGER LastWriteTime;
1808	LARGE_INTEGER ChangeTime;
1809	LARGE_INTEGER EndOfFile;
1810	LARGE_INTEGER AllocationSize;
1811	ULONG FileAttributes;
1812	ULONG FileNameLength;
1813	ULONG EaSize;
1814	WCHAR FileName[1];
1815	} FILE_FULL_DIR_INFORMATION;
1816	typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1817	typedef struct _FILE_BOTH_DIR_INFORMATION
1818	{
1819	ULONG NextEntryOffset; /*< 0x00: /
1820	ULONG FileIndex; /*< 0x04: /
1821	LARGE_INTEGER CreationTime; /*< 0x08: /
1822	LARGE_INTEGER LastAccessTime; /*< 0x10: /
1823	LARGE_INTEGER LastWriteTime; /*< 0x18: /
1824	LARGE_INTEGER ChangeTime; /*< 0x20: /
1825	LARGE_INTEGER EndOfFile; /*< 0x28: /
1826	LARGE_INTEGER AllocationSize; /*< 0x30: /
1827	ULONG FileAttributes; /*< 0x38: /
1828	ULONG FileNameLength; /*< 0x3c: /
1829	ULONG EaSize; /*< 0x40: /
1830	CCHAR ShortNameLength; /*< 0x44: /
1831	WCHAR ShortName[12]; /*< 0x46: /
1832	WCHAR FileName[1]; /*< 0x5e: /
1833	} FILE_BOTH_DIR_INFORMATION;
1834	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1835	typedef struct _FILE_BASIC_INFORMATION
1836	{
1837	LARGE_INTEGER CreationTime;
1838	LARGE_INTEGER LastAccessTime;
1839	LARGE_INTEGER LastWriteTime;
1840	LARGE_INTEGER ChangeTime;
1841	ULONG FileAttributes;
1842	} FILE_BASIC_INFORMATION;
1843	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1844	typedef struct _FILE_STANDARD_INFORMATION
1845	{
1846	LARGE_INTEGER AllocationSize;
1847	LARGE_INTEGER EndOfFile;
1848	ULONG NumberOfLinks;
1849	BOOLEAN DeletePending;
1850	BOOLEAN Directory;
1851	} FILE_STANDARD_INFORMATION;
1852	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1853	typedef struct _FILE_NAME_INFORMATION
1854	{
1855	ULONG FileNameLength;
1856	WCHAR FileName[1];
1857	} FILE_NAME_INFORMATION;
1858	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1859	typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1860	typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1861	typedef struct _FILE_INTERNAL_INFORMATION
1862	{
1863	LARGE_INTEGER IndexNumber;
1864	} FILE_INTERNAL_INFORMATION;
1865	typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1866	typedef struct _FILE_EA_INFORMATION
1867	{
1868	ULONG EaSize;
1869	} FILE_EA_INFORMATION;
1870	typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1871	typedef struct _FILE_ACCESS_INFORMATION
1872	{
1873	ACCESS_MASK AccessFlags;
1874	} FILE_ACCESS_INFORMATION;
1875	typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1876	typedef struct _FILE_RENAME_INFORMATION
1877	{
1878	union
1879	{
1880	BOOLEAN ReplaceIfExists;
1881	ULONG Flags;
1882	};
1883	HANDLE RootDirectory;
1884	ULONG FileNameLength;
1885	WCHAR FileName[1];
1886	} FILE_RENAME_INFORMATION;
1887	typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1888	typedef struct _FILE_LINK_INFORMATION
1889	{
1890	union
1891	{
1892	BOOLEAN ReplaceIfExists;
1893	ULONG Flags;
1894	};
1895	HANDLE RootDirectory;
1896	ULONG FileNameLength;
1897	WCHAR FileName[1];
1898	} FILE_LINK_INFORMATION;
1899	typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1900	typedef struct _FILE_NAMES_INFORMATION
1901	{
1902	ULONG NextEntryOffset;
1903	ULONG FileIndex;
1904	ULONG FileNameLength;
1905	WCHAR FileName[1];
1906	} FILE_NAMES_INFORMATION;
1907	typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1908	typedef struct _FILE_DISPOSITION_INFORMATION
1909	{
1910	BOOLEAN DeleteFile;
1911	} FILE_DISPOSITION_INFORMATION;
1912	typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1913	typedef struct _FILE_POSITION_INFORMATION
1914	{
1915	LARGE_INTEGER CurrentByteOffset;
1916	} FILE_POSITION_INFORMATION;
1917	typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1918	typedef struct _FILE_FULL_EA_INFORMATION
1919	{
1920	ULONG NextEntryOffset;
1921	UCHAR Flags;
1922	UCHAR EaNameLength;
1923	USHORT EaValueLength;
1924	CHAR EaName[1];
1925	} FILE_FULL_EA_INFORMATION;
1926	typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1927	typedef struct _FILE_MODE_INFORMATION
1928	{
1929	ULONG Mode;
1930	} FILE_MODE_INFORMATION;
1931	typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1932	typedef struct _FILE_ALIGNMENT_INFORMATION
1933	{
1934	ULONG AlignmentRequirement;
1935	} FILE_ALIGNMENT_INFORMATION;
1936	typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1937	typedef struct _FILE_ALL_INFORMATION
1938	{
1939	FILE_BASIC_INFORMATION BasicInformation;
1940	FILE_STANDARD_INFORMATION StandardInformation;
1941	FILE_INTERNAL_INFORMATION InternalInformation;
1942	FILE_EA_INFORMATION EaInformation;
1943	FILE_ACCESS_INFORMATION AccessInformation;
1944	FILE_POSITION_INFORMATION PositionInformation;
1945	FILE_MODE_INFORMATION ModeInformation;
1946	FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1947	FILE_NAME_INFORMATION NameInformation;
1948	} FILE_ALL_INFORMATION;
1949	typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1950	typedef struct _FILE_ALLOCATION_INFORMATION
1951	{
1952	LARGE_INTEGER AllocationSize;
1953	} FILE_ALLOCATION_INFORMATION;
1954	typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1955	typedef struct _FILE_END_OF_FILE_INFORMATION
1956	{
1957	LARGE_INTEGER EndOfFile;
1958	} FILE_END_OF_FILE_INFORMATION;
1959	typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1960	typedef struct _FILE_STREAM_INFORMATION
1961	{
1962	ULONG NextEntryOffset;
1963	ULONG StreamNameLength;
1964	LARGE_INTEGER StreamSize;
1965	LARGE_INTEGER StreamAllocationSize;
1966	WCHAR StreamName[1];
1967	} FILE_STREAM_INFORMATION;
1968	typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
1969	typedef struct _FILE_PIPE_INFORMATION
1970	{
1971	ULONG ReadMode;
1972	ULONG CompletionMode;
1973	} FILE_PIPE_INFORMATION;
1974	typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
1975
1976	typedef struct _FILE_PIPE_LOCAL_INFORMATION
1977	{
1978	ULONG NamedPipeType;
1979	ULONG NamedPipeConfiguration;
1980	ULONG MaximumInstances;
1981	ULONG CurrentInstances;
1982	ULONG InboundQuota;
1983	ULONG ReadDataAvailable;
1984	ULONG OutboundQuota;
1985	ULONG WriteQuotaAvailable;
1986	ULONG NamedPipeState;
1987	ULONG NamedPipeEnd;
1988	} FILE_PIPE_LOCAL_INFORMATION;
1989	typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
1990
1991	typedef struct _FILE_PIPE_REMOTE_INFORMATION
1992	{
1993	LARGE_INTEGER CollectDataTime;
1994	ULONG MaximumCollectionCount;
1995	} FILE_PIPE_REMOTE_INFORMATION;
1996	typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
1997	typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
1998	{
1999	ULONG MaximumMessageSize;
2000	ULONG MailslotQuota;
2001	ULONG NextMessageSize;
2002	ULONG MessagesAvailable;
2003	LARGE_INTEGER ReadTimeout;
2004	} FILE_MAILSLOT_QUERY_INFORMATION;
2005	typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
2006	typedef struct _FILE_MAILSLOT_SET_INFORMATION
2007	{
2008	PLARGE_INTEGER ReadTimeout;
2009	} FILE_MAILSLOT_SET_INFORMATION;
2010	typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2011	typedef struct _FILE_COMPRESSION_INFORMATION
2012	{
2013	LARGE_INTEGER CompressedFileSize;
2014	USHORT CompressionFormat;
2015	UCHAR CompressionUnitShift;
2016	UCHAR ChunkShift;
2017	UCHAR ClusterShift;
2018	UCHAR Reserved[3];
2019	} FILE_COMPRESSION_INFORMATION;
2020	typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2021	typedef struct _FILE_OBJECTID_INFORMATION
2022	{
2023	LONGLONG FileReference;
2024	UCHAR ObjectId[16];
2025	union
2026	{
2027	struct
2028	{
2029	UCHAR BirthVolumeId[16];
2030	UCHAR BirthObjectId[16];
2031	UCHAR DomainId[16];
2032	};
2033	UCHAR ExtendedInfo[48];
2034	};
2035	} FILE_OBJECTID_INFORMATION;
2036	typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2037	typedef struct _FILE_COMPLETION_INFORMATION
2038	{
2039	HANDLE Port;
2040	PVOID Key;
2041	} FILE_COMPLETION_INFORMATION;
2042	typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2043	typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2044	{
2045	ULONG ClusterCount;
2046	HANDLE RootDirectory;
2047	ULONG FileNameLength;
2048	WCHAR FileName[1];
2049	} FILE_MOVE_CLUSTER_INFORMATION;
2050	typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2051	typedef struct _FILE_QUOTA_INFORMATION
2052	{
2053	ULONG NextEntryOffset;
2054	ULONG SidLength;
2055	LARGE_INTEGER ChangeTime;
2056	LARGE_INTEGER QuotaUsed;
2057	LARGE_INTEGER QuotaThreshold;
2058	LARGE_INTEGER QuotaLimit;
2059	SID Sid;
2060	} FILE_QUOTA_INFORMATION;
2061	typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2062	typedef struct _FILE_REPARSE_POINT_INFORMATION
2063	{
2064	LONGLONG FileReference;
2065	ULONG Tag;
2066	} FILE_REPARSE_POINT_INFORMATION;
2067	typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2068	typedef struct _FILE_NETWORK_OPEN_INFORMATION
2069	{
2070	LARGE_INTEGER CreationTime;
2071	LARGE_INTEGER LastAccessTime;
2072	LARGE_INTEGER LastWriteTime;
2073	LARGE_INTEGER ChangeTime;
2074	LARGE_INTEGER AllocationSize;
2075	LARGE_INTEGER EndOfFile;
2076	ULONG FileAttributes;
2077	} FILE_NETWORK_OPEN_INFORMATION;
2078	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2079	typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2080	{
2081	ULONG FileAttributes;
2082	ULONG ReparseTag;
2083	} FILE_ATTRIBUTE_TAG_INFORMATION;
2084	typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2085	typedef struct _FILE_TRACKING_INFORMATION
2086	{
2087	HANDLE DestinationFile;
2088	ULONG ObjectInformationLength;
2089	CHAR ObjectInformation[1];
2090	} FILE_TRACKING_INFORMATION;
2091	typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2092	typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2093	{
2094	ULONG NextEntryOffset;
2095	ULONG FileIndex;
2096	LARGE_INTEGER CreationTime;
2097	LARGE_INTEGER LastAccessTime;
2098	LARGE_INTEGER LastWriteTime;
2099	LARGE_INTEGER ChangeTime;
2100	LARGE_INTEGER EndOfFile;
2101	LARGE_INTEGER AllocationSize;
2102	ULONG FileAttributes;
2103	ULONG FileNameLength;
2104	ULONG EaSize;
2105	CCHAR ShortNameLength;
2106	WCHAR ShortName[12];
2107	LARGE_INTEGER FileId;
2108	WCHAR FileName[1];
2109	} FILE_ID_BOTH_DIR_INFORMATION;
2110	typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2111	typedef struct _FILE_ID_FULL_DIR_INFORMATION
2112	{
2113	ULONG NextEntryOffset;
2114	ULONG FileIndex;
2115	LARGE_INTEGER CreationTime;
2116	LARGE_INTEGER LastAccessTime;
2117	LARGE_INTEGER LastWriteTime;
2118	LARGE_INTEGER ChangeTime;
2119	LARGE_INTEGER EndOfFile;
2120	LARGE_INTEGER AllocationSize;
2121	ULONG FileAttributes;
2122	ULONG FileNameLength;
2123	ULONG EaSize;
2124	LARGE_INTEGER FileId;
2125	WCHAR FileName[1];
2126	} FILE_ID_FULL_DIR_INFORMATION;
2127	typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2128	typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2129	{
2130	LARGE_INTEGER ValidDataLength;
2131	} FILE_VALID_DATA_LENGTH_INFORMATION;
2132	typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2133	typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2134	{
2135	ULONG Flags;
2136	} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2137	typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2138	typedef enum _IO_PRIORITY_HINT
2139	{
2140	IoPriorityVeryLow = 0,
2141	IoPriorityLow,
2142	IoPriorityNormal,
2143	IoPriorityHigh,
2144	IoPriorityCritical,
2145	MaxIoPriorityTypes
2146	} IO_PRIORITY_HINT;
2147	AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2148	typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2149	{
2150	IO_PRIORITY_HINT PriorityHint;
2151	} FILE_IO_PRIORITY_HINT_INFORMATION;
2152	typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2153	typedef struct _FILE_SFIO_RESERVE_INFORMATION
2154	{
2155	ULONG RequestsPerPeriod;
2156	ULONG Period;
2157	BOOLEAN RetryFailures;
2158	BOOLEAN Discardable;
2159	ULONG RequestSize;
2160	ULONG NumOutstandingRequests;
2161	} FILE_SFIO_RESERVE_INFORMATION;
2162	typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2163	typedef struct _FILE_SFIO_VOLUME_INFORMATION
2164	{
2165	ULONG MaximumRequestsPerPeriod;
2166	ULONG MinimumPeriod;
2167	ULONG MinimumTransferSize;
2168	} FILE_SFIO_VOLUME_INFORMATION;
2169	typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2170	typedef struct _FILE_LINK_ENTRY_INFORMATION
2171	{
2172	ULONG NextEntryOffset;
2173	LONGLONG ParentFileId;
2174	ULONG FileNameLength;
2175	WCHAR FileName[1];
2176	} FILE_LINK_ENTRY_INFORMATION;
2177	typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2178	typedef struct _FILE_LINKS_INFORMATION
2179	{
2180	ULONG BytesNeeded;
2181	ULONG EntriesReturned;
2182	FILE_LINK_ENTRY_INFORMATION Entry;
2183	} FILE_LINKS_INFORMATION;
2184	typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2185	typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2186	{
2187	ULONG NumberOfProcessIdsInList;
2188	ULONG_PTR ProcessIdList[1];
2189	} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2190	typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2191	typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2192	{
2193	ULONG NextEntryOffset;
2194	ULONG FileIndex;
2195	LARGE_INTEGER CreationTime;
2196	LARGE_INTEGER LastAccessTime;
2197	LARGE_INTEGER LastWriteTime;
2198	LARGE_INTEGER ChangeTime;
2199	LARGE_INTEGER EndOfFile;
2200	LARGE_INTEGER AllocationSize;
2201	ULONG FileAttributes;
2202	ULONG FileNameLength;
2203	LARGE_INTEGER FileId;
2204	GUID LockingTransactionId;
2205	ULONG TxInfoFlags;
2206	WCHAR FileName[1];
2207	} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2208	typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2209	typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2210	{
2211	BOOLEAN IsRemote;
2212	} FILE_IS_REMOTE_DEVICE_INFORMATION;
2213	typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2214	typedef struct _FILE_NUMA_NODE_INFORMATION
2215	{
2216	USHORT NodeNumber;
2217	} FILE_NUMA_NODE_INFORMATION;
2218	typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2219	typedef struct _FILE_STANDARD_LINK_INFORMATION
2220	{
2221	ULONG NumberOfAccessibleLinks;
2222	ULONG TotalNumberOfLinks;
2223	BOOLEAN DeletePending;
2224	BOOLEAN Directory;
2225	} FILE_STANDARD_LINK_INFORMATION;
2226	typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2227	typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2228	{
2229	USHORT StructureVersion;
2230	USHORT StructureSize;
2231	ULONG Protocol;
2232	USHORT ProtocolMajorVersion;
2233	USHORT ProtocolMinorVersion;
2234	USHORT ProtocolRevision;
2235	USHORT Reserved;
2236	ULONG Flags;
2237	struct
2238	{
2239	ULONG Reserved[8];
2240	} GenericReserved;
2241	struct
2242	{
2243	ULONG Reserved[16];
2244	} ProtocolSpecificReserved;
2245	} FILE_REMOTE_PROTOCOL_INFORMATION;
2246	typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2247	typedef struct _FILE_VOLUME_NAME_INFORMATION
2248	{
2249	ULONG DeviceNameLength;
2250	WCHAR DeviceName[1];
2251	} FILE_VOLUME_NAME_INFORMATION;
2252	typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2253	# ifndef FILE_INVALID_FILE_ID
2254	typedef struct _FILE_ID_128
2255	{
2256	BYTE Identifier[16];
2257	} FILE_ID_128;
2258	typedef FILE_ID_128 *PFILE_ID_128;
2259	# endif
2260	typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2261	{
2262	ULONG NextEntryOffset;
2263	ULONG FileIndex;
2264	LARGE_INTEGER CreationTime;
2265	LARGE_INTEGER LastAccessTime;
2266	LARGE_INTEGER LastWriteTime;
2267	LARGE_INTEGER ChangeTime;
2268	LARGE_INTEGER EndOfFile;
2269	LARGE_INTEGER AllocationSize;
2270	ULONG FileAttributes;
2271	ULONG FileNameLength;
2272	ULONG EaSize;
2273	ULONG ReparsePointTag;
2274	FILE_ID_128 FileId;
2275	WCHAR FileName[1];
2276	} FILE_ID_EXTD_DIR_INFORMATION;
2277	typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2278	typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2279	{
2280	ULONG NextEntryOffset;
2281	ULONG FileIndex;
2282	LARGE_INTEGER CreationTime;
2283	LARGE_INTEGER LastAccessTime;
2284	LARGE_INTEGER LastWriteTime;
2285	LARGE_INTEGER ChangeTime;
2286	LARGE_INTEGER EndOfFile;
2287	LARGE_INTEGER AllocationSize;
2288	ULONG FileAttributes;
2289	ULONG FileNameLength;
2290	ULONG EaSize;
2291	ULONG ReparsePointTag;
2292	FILE_ID_128 FileId;
2293	CCHAR ShortNameLength;
2294	WCHAR ShortName[12];
2295	WCHAR FileName[1];
2296	} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2297	typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2298	typedef struct _FILE_ID_INFORMATION
2299	{
2300	ULONGLONG VolumeSerialNumber;
2301	FILE_ID_128 FileId;
2302	} FILE_ID_INFORMATION;
2303	typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2304	typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2305	{
2306	ULONG NextEntryOffset;
2307	FILE_ID_128 ParentFileId;
2308	ULONG FileNameLength;
2309	WCHAR FileName[1];
2310	} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2311	typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2312	typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2313	ULONG BytesNeeded;
2314	ULONG EntriesReturned;
2315	FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2316	} FILE_LINKS_FULL_ID_INFORMATION;
2317	typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2318	typedef struct _FILE_DISPOSITION_INFORMATION_EX
2319	{
2320	ULONG Flags;
2321	} FILE_DISPOSITION_INFORMATION_EX;
2322	typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2323	# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2324	typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2325	{
2326	/FILE_STORAGE_TIER_CLASS/ ULONG Class;
2327	ULONG Flags;
2328	} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2329	typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2330	# endif
2331	typedef struct _FILE_STAT_INFORMATION
2332	{
2333	LARGE_INTEGER FileId;
2334	LARGE_INTEGER CreationTime;
2335	LARGE_INTEGER LastAccessTime;
2336	LARGE_INTEGER LastWriteTime;
2337	LARGE_INTEGER ChangeTime;
2338	LARGE_INTEGER AllocationSize;
2339	LARGE_INTEGER EndOfFile;
2340	ULONG FileAttributes;
2341	ULONG ReparseTag;
2342	ULONG NumberOfLinks;
2343	ACCESS_MASK EffectiveAccess;
2344	} FILE_STAT_INFORMATION;
2345	typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2346	typedef struct _FILE_STAT_LX_INFORMATION
2347	{
2348	LARGE_INTEGER FileId;
2349	LARGE_INTEGER CreationTime;
2350	LARGE_INTEGER LastAccessTime;
2351	LARGE_INTEGER LastWriteTime;
2352	LARGE_INTEGER ChangeTime;
2353	LARGE_INTEGER AllocationSize;
2354	LARGE_INTEGER EndOfFile;
2355	ULONG FileAttributes;
2356	ULONG ReparseTag;
2357	ULONG NumberOfLinks;
2358	ACCESS_MASK EffectiveAccess;
2359	ULONG LxFlags;
2360	ULONG LxUid;
2361	ULONG LxGid;
2362	ULONG LxMode;
2363	ULONG LxDeviceIdMajor;
2364	ULONG LxDeviceIdMinor;
2365	} FILE_STAT_LX_INFORMATION;
2366	typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2367	typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2368	{
2369	ULONG Flags;
2370	} FILE_CASE_SENSITIVE_INFORMATION;
2371	typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2372
2373	typedef enum _FILE_INFORMATION_CLASS
2374	{
2375	FileDirectoryInformation = 1,
2376	FileFullDirectoryInformation,
2377	FileBothDirectoryInformation,
2378	FileBasicInformation,
2379	FileStandardInformation,
2380	FileInternalInformation,
2381	FileEaInformation,
2382	FileAccessInformation,
2383	FileNameInformation,
2384	FileRenameInformation,
2385	FileLinkInformation,
2386	FileNamesInformation,
2387	FileDispositionInformation,
2388	FilePositionInformation,
2389	FileFullEaInformation,
2390	FileModeInformation,
2391	FileAlignmentInformation,
2392	FileAllInformation,
2393	FileAllocationInformation,
2394	FileEndOfFileInformation,
2395	FileAlternateNameInformation,
2396	FileStreamInformation,
2397	FilePipeInformation,
2398	FilePipeLocalInformation,
2399	FilePipeRemoteInformation,
2400	FileMailslotQueryInformation,
2401	FileMailslotSetInformation,
2402	FileCompressionInformation,
2403	FileObjectIdInformation,
2404	FileCompletionInformation,
2405	FileMoveClusterInformation,
2406	FileQuotaInformation,
2407	FileReparsePointInformation,
2408	FileNetworkOpenInformation,
2409	FileAttributeTagInformation,
2410	FileTrackingInformation,
2411	FileIdBothDirectoryInformation,
2412	FileIdFullDirectoryInformation,
2413	FileValidDataLengthInformation,
2414	FileShortNameInformation,
2415	FileIoCompletionNotificationInformation,
2416	FileIoStatusBlockRangeInformation,
2417	FileIoPriorityHintInformation,
2418	FileSfioReserveInformation,
2419	FileSfioVolumeInformation,
2420	FileHardLinkInformation,
2421	FileProcessIdsUsingFileInformation,
2422	FileNormalizedNameInformation,
2423	FileNetworkPhysicalNameInformation,
2424	FileIdGlobalTxDirectoryInformation,
2425	FileIsRemoteDeviceInformation,
2426	FileUnusedInformation,
2427	FileNumaNodeInformation,
2428	FileStandardLinkInformation,
2429	FileRemoteProtocolInformation,
2430	/* Defined with Windows 10: */
2431	FileRenameInformationBypassAccessCheck,
2432	FileLinkInformationBypassAccessCheck,
2433	FileVolumeNameInformation,
2434	FileIdInformation,
2435	FileIdExtdDirectoryInformation,
2436	FileReplaceCompletionInformation,
2437	FileHardLinkFullIdInformation,
2438	FileIdExtdBothDirectoryInformation,
2439	FileDispositionInformationEx,
2440	FileRenameInformationEx,
2441	FileRenameInformationExBypassAccessCheck,
2442	FileDesiredStorageClassInformation,
2443	FileStatInformation,
2444	FileMemoryPartitionInformation,
2445	FileStatLxInformation,
2446	FileCaseSensitiveInformation,
2447	FileLinkInformationEx,
2448	FileLinkInformationExBypassAccessCheck,
2449	FileStorageReserveIdInformation,
2450	FileCaseSensitiveInformationForceAccessCheck,
2451	FileMaximumInformation
2452	} FILE_INFORMATION_CLASS;
2453	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2454	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2455	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2456	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2457	RT_DECL_NTAPI(NTSTATUS) NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2458	#endif /* IPRT_NT_USE_WINTERNL */
2459	RT_DECL_NTAPI(NTSTATUS) NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2460	RT_DECL_NTAPI(NTSTATUS) NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2461
2462
2463	/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2464	* @{ */
2465	#ifndef SE_GROUP_MANDATORY
2466	# define SE_GROUP_MANDATORY UINT32_C(0x01)
2467	#endif
2468	#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2469	# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2470	#endif
2471	#ifndef SE_GROUP_ENABLED
2472	# define SE_GROUP_ENABLED UINT32_C(0x04)
2473	#endif
2474	#ifndef SE_GROUP_OWNER
2475	# define SE_GROUP_OWNER UINT32_C(0x08)
2476	#endif
2477	#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2478	# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2479	#endif
2480	#ifndef SE_GROUP_INTEGRITY
2481	# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2482	#endif
2483	#ifndef SE_GROUP_INTEGRITY_ENABLED
2484	# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2485	#endif
2486	#ifndef SE_GROUP_RESOURCE
2487	# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2488	#endif
2489	#ifndef SE_GROUP_LOGON_ID
2490	# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2491	#endif
2492	/** @} */
2493
2494
2495	#ifdef IPRT_NT_USE_WINTERNL
2496
2497	/** For use with KeyBasicInformation. */
2498	typedef struct _KEY_BASIC_INFORMATION
2499	{
2500	LARGE_INTEGER LastWriteTime;
2501	ULONG TitleIndex;
2502	ULONG NameLength;
2503	WCHAR Name[1];
2504	} KEY_BASIC_INFORMATION;
2505	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2506
2507	/** For use with KeyNodeInformation. */
2508	typedef struct _KEY_NODE_INFORMATION
2509	{
2510	LARGE_INTEGER LastWriteTime;
2511	ULONG TitleIndex;
2512	ULONG ClassOffset; /*< Offset from the start of the structure. /
2513	ULONG ClassLength;
2514	ULONG NameLength;
2515	WCHAR Name[1];
2516	} KEY_NODE_INFORMATION;
2517	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2518
2519	/** For use with KeyFullInformation. */
2520	typedef struct _KEY_FULL_INFORMATION
2521	{
2522	LARGE_INTEGER LastWriteTime;
2523	ULONG TitleIndex;
2524	ULONG ClassOffset; /*< Offset of the Class member. /
2525	ULONG ClassLength;
2526	ULONG SubKeys;
2527	ULONG MaxNameLen;
2528	ULONG MaxClassLen;
2529	ULONG Values;
2530	ULONG MaxValueNameLen;
2531	ULONG MaxValueDataLen;
2532	WCHAR Class[1];
2533	} KEY_FULL_INFORMATION;
2534	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2535
2536	/** For use with KeyNameInformation. */
2537	typedef struct _KEY_NAME_INFORMATION
2538	{
2539	ULONG NameLength;
2540	WCHAR Name[1];
2541	} KEY_NAME_INFORMATION;
2542	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2543
2544	/** For use with KeyCachedInformation. */
2545	typedef struct _KEY_CACHED_INFORMATION
2546	{
2547	LARGE_INTEGER LastWriteTime;
2548	ULONG TitleIndex;
2549	ULONG SubKeys;
2550	ULONG MaxNameLen;
2551	ULONG Values;
2552	ULONG MaxValueNameLen;
2553	ULONG MaxValueDataLen;
2554	ULONG NameLength;
2555	} KEY_CACHED_INFORMATION;
2556	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2557
2558	/** For use with KeyVirtualizationInformation. */
2559	typedef struct _KEY_VIRTUALIZATION_INFORMATION
2560	{
2561	ULONG VirtualizationCandidate : 1;
2562	ULONG VirtualizationEnabled : 1;
2563	ULONG VirtualTarget : 1;
2564	ULONG VirtualStore : 1;
2565	ULONG VirtualSource : 1;
2566	ULONG Reserved : 27;
2567	} KEY_VIRTUALIZATION_INFORMATION;
2568	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2569
2570	typedef enum _KEY_INFORMATION_CLASS
2571	{
2572	KeyBasicInformation = 0,
2573	KeyNodeInformation,
2574	KeyFullInformation,
2575	KeyNameInformation,
2576	KeyCachedInformation,
2577	KeyFlagsInformation,
2578	KeyVirtualizationInformation,
2579	KeyHandleTagsInformation,
2580	MaxKeyInfoClass
2581	} KEY_INFORMATION_CLASS;
2582	RT_DECL_NTAPI(NTSTATUS) NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2583	RT_DECL_NTAPI(NTSTATUS) NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2584
2585	typedef struct _MEMORY_SECTION_NAME
2586	{
2587	UNICODE_STRING SectionFileName;
2588	WCHAR NameBuffer[1];
2589	} MEMORY_SECTION_NAME;
2590
2591	#ifdef IPRT_NT_USE_WINTERNL
2592	typedef struct _PROCESS_BASIC_INFORMATION
2593	{
2594	NTSTATUS ExitStatus;
2595	PPEB PebBaseAddress;
2596	ULONG_PTR AffinityMask;
2597	int32_t BasePriority;
2598	ULONG_PTR UniqueProcessId;
2599	ULONG_PTR InheritedFromUniqueProcessId;
2600	} PROCESS_BASIC_INFORMATION;
2601	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2602	#endif
2603
2604	typedef enum _PROCESSINFOCLASS
2605	{
2606	ProcessBasicInformation = 0, /*< 0 / 0x00 /
2607	ProcessQuotaLimits, /*< 1 / 0x01 /
2608	ProcessIoCounters, /*< 2 / 0x02 /
2609	ProcessVmCounters, /*< 3 / 0x03 /
2610	ProcessTimes, /*< 4 / 0x04 /
2611	ProcessBasePriority, /*< 5 / 0x05 /
2612	ProcessRaisePriority, /*< 6 / 0x06 /
2613	ProcessDebugPort, /*< 7 / 0x07 /
2614	ProcessExceptionPort, /*< 8 / 0x08 /
2615	ProcessAccessToken, /*< 9 / 0x09 /
2616	ProcessLdtInformation, /*< 10 / 0x0a /
2617	ProcessLdtSize, /*< 11 / 0x0b /
2618	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
2619	ProcessIoPortHandlers, /*< 13 / 0x0d /
2620	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
2621	ProcessWorkingSetWatch, /*< 15 / 0x0f /
2622	ProcessUserModeIOPL, /*< 16 / 0x10 /
2623	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
2624	ProcessPriorityClass, /*< 18 / 0x12 /
2625	ProcessWx86Information, /*< 19 / 0x13 /
2626	ProcessHandleCount, /*< 20 / 0x14 /
2627	ProcessAffinityMask, /*< 21 / 0x15 /
2628	ProcessPriorityBoost, /*< 22 / 0x16 /
2629	ProcessDeviceMap, /*< 23 / 0x17 /
2630	ProcessSessionInformation, /*< 24 / 0x18 /
2631	ProcessForegroundInformation, /*< 25 / 0x19 /
2632	ProcessWow64Information, /*< 26 / 0x1a /
2633	ProcessImageFileName, /*< 27 / 0x1b /
2634	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
2635	ProcessBreakOnTermination, /*< 29 / 0x1d /
2636	ProcessDebugObjectHandle, /*< 30 / 0x1e /
2637	ProcessDebugFlags, /*< 31 / 0x1f /
2638	ProcessHandleTracing, /*< 32 / 0x20 /
2639	ProcessIoPriority, /*< 33 / 0x21 /
2640	ProcessExecuteFlags, /*< 34 / 0x22 /
2641	ProcessTlsInformation, /*< 35 / 0x23 /
2642	ProcessCookie, /*< 36 / 0x24 /
2643	ProcessImageInformation, /*< 37 / 0x25 /
2644	ProcessCycleTime, /*< 38 / 0x26 /
2645	ProcessPagePriority, /*< 39 / 0x27 /
2646	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
2647	ProcessThreadStackAllocation, /*< 41 / 0x29 /
2648	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
2649	ProcessImageFileNameWin32, /*< 43 / 0x2b /
2650	ProcessImageFileMapping, /*< 44 / 0x2c /
2651	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
2652	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
2653	ProcessGroupInformation, /*< 47 / 0x2f /
2654	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
2655	ProcessOwnerInformation, /*< 49 / 0x31 /
2656	ProcessWindowInformation, /*< 50 / 0x32 /
2657	ProcessHandleInformation, /*< 51 / 0x33 /
2658	ProcessMitigationPolicy, /*< 52 / 0x34 /
2659	ProcessDynamicFunctionTableInformation, /*< 53 / 0x35 /
2660	ProcessHandleCheckingMode, /*< 54 / 0x36 /
2661	ProcessKeepAliveCount, /*< 55 / 0x37 /
2662	ProcessRevokeFileHandles, /*< 56 / 0x38 /
2663	ProcessWorkingSetControl, /*< 57 / 0x39 /
2664	ProcessHandleTable, /*< 58 / 0x3a /
2665	ProcessCheckStackExtentsMode, /*< 59 / 0x3b /
2666	ProcessCommandLineInformation, /*< 60 / 0x3c /
2667	ProcessProtectionInformation, /*< 61 / 0x3d /
2668	ProcessMemoryExhaustion, /*< 62 / 0x3e /
2669	ProcessFaultInformation, /*< 63 / 0x3f /
2670	ProcessTelemetryIdInformation, /*< 64 / 0x40 /
2671	ProcessCommitReleaseInformation, /*< 65 / 0x41 /
2672	ProcessDefaultCpuSetsInformation, /*< 66 / 0x42 - aka ProcessReserved1Information /
2673	ProcessAllowedCpuSetsInformation, /*< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 /
2674	ProcessSubsystemProcess, /*< 68 / 0x44 /
2675	ProcessJobMemoryInformation, /*< 69 / 0x45 /
2676	ProcessInPrivate, /*< 70 / 0x46 /
2677	ProcessRaiseUMExceptionOnInvalidHandleClose,/*< 71 / 0x47 /
2678	ProcessIumChallengeResponse, /*< 72 / 0x48 /
2679	ProcessChildProcessInformation, /*< 73 / 0x49 /
2680	ProcessHighGraphicsPriorityInformation, /*< 74 / 0x4a /
2681	ProcessSubsystemInformation, /*< 75 / 0x4b /
2682	ProcessEnergyValues, /*< 76 / 0x4c /
2683	ProcessPowerThrottlingState, /*< 77 / 0x4d /
2684	ProcessReserved3Information, /*< 78 / 0x4e /
2685	ProcessWin32kSyscallFilterInformation, /*< 79 / 0x4f /
2686	ProcessDisableSystemAllowedCpuSets, /*< 80 / 0x50 /
2687	ProcessWakeInformation, /*< 81 / 0x51 /
2688	ProcessEnergyTrackingState, /*< 82 / 0x52 /
2689	ProcessManageWritesToExecutableMemory, /*< 83 / 0x53 /
2690	ProcessCaptureTrustletLiveDump, /*< 84 / 0x54 /
2691	ProcessTelemetryCoverage, /*< 85 / 0x55 /
2692	ProcessEnclaveInformation, /*< 86 / 0x56 /
2693	ProcessEnableReadWriteVmLogging, /*< 87 / 0x57 /
2694	ProcessUptimeInformation, /*< 88 / 0x58 /
2695	ProcessImageSection, /*< 89 / 0x59 /
2696	ProcessDebugAuthInformation, /*< 90 / 0x5a /
2697	ProcessSystemResourceManagement, /*< 92 / 0x5b /
2698	ProcessSequenceNumber, /*< 93 / 0x5c /
2699	MaxProcessInfoClass
2700	} PROCESSINFOCLASS;
2701	AssertCompile(ProcessSequenceNumber == 0x5c);
2702	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2703	#if ARCH_BITS == 32
2704	/** 64-bit API pass thru to WOW64 processes. */
2705	RT_DECL_NTAPI(NTSTATUS) NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2706	#endif
2707
2708	typedef enum _THREADINFOCLASS
2709	{
2710	ThreadBasicInformation = 0,
2711	ThreadTimes,
2712	ThreadPriority,
2713	ThreadBasePriority,
2714	ThreadAffinityMask,
2715	ThreadImpersonationToken,
2716	ThreadDescriptorTableEntry,
2717	ThreadEnableAlignmentFaultFixup,
2718	ThreadEventPair_Reusable,
2719	ThreadQuerySetWin32StartAddress,
2720	ThreadZeroTlsCell,
2721	ThreadPerformanceCount,
2722	ThreadAmILastThread,
2723	ThreadIdealProcessor,
2724	ThreadPriorityBoost,
2725	ThreadSetTlsArrayAddress,
2726	ThreadIsIoPending,
2727	ThreadHideFromDebugger,
2728	ThreadBreakOnTermination,
2729	ThreadSwitchLegacyState,
2730	ThreadIsTerminated,
2731	ThreadLastSystemCall,
2732	ThreadIoPriority,
2733	ThreadCycleTime,
2734	ThreadPagePriority,
2735	ThreadActualBasePriority,
2736	ThreadTebInformation,
2737	ThreadCSwitchMon,
2738	ThreadCSwitchPmu,
2739	ThreadWow64Context,
2740	ThreadGroupInformation,
2741	ThreadUmsInformation,
2742	ThreadCounterProfiling,
2743	ThreadIdealProcessorEx,
2744	ThreadCpuAccountingInformation,
2745	MaxThreadInfoClass
2746	} THREADINFOCLASS;
2747	RT_DECL_NTAPI(NTSTATUS) NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2748
2749	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2750	RT_DECL_NTAPI(NTSTATUS) ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2751
2752	RT_DECL_NTAPI(NTSTATUS) NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2753	RT_DECL_NTAPI(NTSTATUS) NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2754	RT_DECL_NTAPI(NTSTATUS) NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2755	RT_DECL_NTAPI(NTSTATUS) NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2756
2757	RT_DECL_NTAPI(NTSTATUS) NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2758	RT_DECL_NTAPI(NTSTATUS) NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2759
2760	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2761	RT_DECL_NTAPI(NTSTATUS) RtlCopySid(ULONG, PSID, PSID);
2762	RT_DECL_NTAPI(NTSTATUS) RtlCreateAcl(PACL, ULONG, ULONG);
2763	RT_DECL_NTAPI(NTSTATUS) RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2764	RT_DECL_NTAPI(BOOLEAN) RtlEqualSid(PSID, PSID);
2765	RT_DECL_NTAPI(NTSTATUS) RtlGetVersion(PRTL_OSVERSIONINFOW);
2766	RT_DECL_NTAPI(NTSTATUS) RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2767	RT_DECL_NTAPI(NTSTATUS) RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2768	RT_DECL_NTAPI(PULONG) RtlSubAuthoritySid(PSID, ULONG);
2769
2770	#endif /* IPRT_NT_USE_WINTERNL */
2771
2772	/** For use with ObjectBasicInformation.
2773	* A watered down version of this struct appears under the name
2774	* PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2775	* the first four members, so don't trust the rest. */
2776	typedef struct _OBJECT_BASIC_INFORMATION
2777	{
2778	ULONG Attributes;
2779	ACCESS_MASK GrantedAccess;
2780	ULONG HandleCount;
2781	ULONG PointerCount;
2782	/* Not in ntifs.h: */
2783	ULONG PagedPoolCharge;
2784	ULONG NonPagedPoolCharge;
2785	ULONG Reserved[3];
2786	ULONG NameInfoSize;
2787	ULONG TypeInfoSize;
2788	ULONG SecurityDescriptorSize;
2789	LARGE_INTEGER CreationTime;
2790	} OBJECT_BASIC_INFORMATION;
2791	typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2792
2793	/** For use with ObjectHandleFlagInformation. */
2794	typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2795	{
2796	BOOLEAN Inherit;
2797	BOOLEAN ProtectFromClose;
2798	} OBJECT_HANDLE_FLAG_INFORMATION;
2799	typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2800
2801	typedef enum _OBJECT_INFORMATION_CLASS
2802	{
2803	ObjectBasicInformation = 0,
2804	ObjectNameInformation,
2805	ObjectTypeInformation,
2806	ObjectAllInformation,
2807	ObjectHandleFlagInformation,
2808	ObjectSessionInformation,
2809	MaxObjectInfoClass
2810	} OBJECT_INFORMATION_CLASS;
2811	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2812	#ifdef IN_RING0
2813	# define NtQueryObject ZwQueryObject
2814	#endif
2815	RT_DECL_NTAPI(NTSTATUS) NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2816	RT_DECL_NTAPI(NTSTATUS) NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2817	RT_DECL_NTAPI(NTSTATUS) NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2818
2819	RT_DECL_NTAPI(NTSTATUS) NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2820
2821	typedef struct _OBJECT_DIRECTORY_INFORMATION
2822	{
2823	UNICODE_STRING Name;
2824	UNICODE_STRING TypeName;
2825	} OBJECT_DIRECTORY_INFORMATION;
2826	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2827	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2828
2829	RT_DECL_NTAPI(NTSTATUS) NtSuspendProcess(HANDLE);
2830	RT_DECL_NTAPI(NTSTATUS) NtResumeProcess(HANDLE);
2831	/** @name ProcessDefaultHardErrorMode bit definitions.
2832	* @{ */
2833	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
2834	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2835	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2836	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2837	/** @} */
2838	RT_DECL_NTAPI(NTSTATUS) NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2839	RT_DECL_NTAPI(NTSTATUS) NtTerminateProcess(HANDLE, LONG);
2840
2841	/** Returned by NtQUerySection with SectionBasicInformation. */
2842	typedef struct _SECTION_BASIC_INFORMATION
2843	{
2844	PVOID BaseAddress;
2845	ULONG AllocationAttributes;
2846	LARGE_INTEGER MaximumSize;
2847	} SECTION_BASIC_INFORMATION;
2848	typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2849
2850	/** Retured by ProcessImageInformation as well as NtQuerySection. */
2851	typedef struct _SECTION_IMAGE_INFORMATION
2852	{
2853	PVOID TransferAddress;
2854	ULONG ZeroBits;
2855	SIZE_T MaximumStackSize;
2856	SIZE_T CommittedStackSize;
2857	ULONG SubSystemType;
2858	union
2859	{
2860	struct
2861	{
2862	USHORT SubSystemMinorVersion;
2863	USHORT SubSystemMajorVersion;
2864	};
2865	ULONG SubSystemVersion;
2866	};
2867	ULONG GpValue;
2868	USHORT ImageCharacteristics;
2869	USHORT DllCharacteristics;
2870	USHORT Machine;
2871	BOOLEAN ImageContainsCode;
2872	union /*< Since Vista, used to be a spare BOOLEAN. /
2873	{
2874	struct
2875	{
2876	UCHAR ComPlusNativeRead : 1;
2877	UCHAR ComPlusILOnly : 1;
2878	UCHAR ImageDynamicallyRelocated : 1;
2879	UCHAR ImageMAppedFlat : 1;
2880	UCHAR Reserved : 4;
2881	};
2882	UCHAR ImageFlags;
2883	};
2884	ULONG LoaderFlags;
2885	ULONG ImageFileSize; /*< Since XP? /
2886	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
2887	} SECTION_IMAGE_INFORMATION;
2888	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2889
2890	typedef enum _SECTION_INFORMATION_CLASS
2891	{
2892	SectionBasicInformation = 0,
2893	SectionImageInformation,
2894	MaxSectionInfoClass
2895	} SECTION_INFORMATION_CLASS;
2896	RT_DECL_NTAPI(NTSTATUS) NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2897
2898	RT_DECL_NTAPI(NTSTATUS) NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2899	RT_DECL_NTAPI(NTSTATUS) NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2900	RT_DECL_NTAPI(NTSTATUS) NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2901	#ifndef SYMBOLIC_LINK_QUERY
2902	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2903	#endif
2904	#ifndef SYMBOLIC_LINK_ALL_ACCESS
2905	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
2906	#endif
2907
2908	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2909	RT_DECL_NTAPI(NTSTATUS) NtResumeThread(HANDLE, PULONG);
2910	RT_DECL_NTAPI(NTSTATUS) NtSuspendThread(HANDLE, PULONG);
2911	RT_DECL_NTAPI(NTSTATUS) NtTerminateThread(HANDLE, LONG);
2912	RT_DECL_NTAPI(NTSTATUS) NtGetContextThread(HANDLE, PCONTEXT);
2913	RT_DECL_NTAPI(NTSTATUS) NtSetContextThread(HANDLE, PCONTEXT);
2914	RT_DECL_NTAPI(NTSTATUS) ZwYieldExecution(void);
2915
2916
2917	#ifndef SEC_FILE
2918	# define SEC_FILE UINT32_C(0x00800000)
2919	#endif
2920	#ifndef SEC_IMAGE
2921	# define SEC_IMAGE UINT32_C(0x01000000)
2922	#endif
2923	#ifndef SEC_PROTECTED_IMAGE
2924	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2925	#endif
2926	#ifndef SEC_NOCACHE
2927	# define SEC_NOCACHE UINT32_C(0x10000000)
2928	#endif
2929	#ifndef MEM_ROTATE
2930	# define MEM_ROTATE UINT32_C(0x00800000)
2931	#endif
2932	typedef enum _MEMORY_INFORMATION_CLASS
2933	{
2934	MemoryBasicInformation = 0,
2935	MemoryWorkingSetList,
2936	MemorySectionName,
2937	MemoryBasicVlmInformation
2938	} MEMORY_INFORMATION_CLASS;
2939	#ifdef IN_RING0
2940	typedef struct _MEMORY_BASIC_INFORMATION
2941	{
2942	PVOID BaseAddress;
2943	PVOID AllocationBase;
2944	ULONG AllocationProtect;
2945	SIZE_T RegionSize;
2946	ULONG State;
2947	ULONG Protect;
2948	ULONG Type;
2949	} MEMORY_BASIC_INFORMATION;
2950	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2951	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2952	#endif
2953	RT_DECL_NTAPI(NTSTATUS) NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2954	#ifdef IPRT_NT_USE_WINTERNL
2955	RT_DECL_NTAPI(NTSTATUS) NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2956	#endif
2957	RT_DECL_NTAPI(NTSTATUS) NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2958	RT_DECL_NTAPI(NTSTATUS) NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2959
2960	typedef enum _SYSTEM_INFORMATION_CLASS
2961	{
2962	SystemBasicInformation = 0,
2963	SystemCpuInformation,
2964	SystemPerformanceInformation,
2965	SystemTimeOfDayInformation,
2966	SystemInformation_Unknown_4,
2967	SystemProcessInformation,
2968	SystemInformation_Unknown_6,
2969	SystemInformation_Unknown_7,
2970	SystemProcessorPerformanceInformation,
2971	SystemInformation_Unknown_9,
2972	SystemInformation_Unknown_10,
2973	SystemModuleInformation,
2974	SystemInformation_Unknown_12,
2975	SystemInformation_Unknown_13,
2976	SystemInformation_Unknown_14,
2977	SystemInformation_Unknown_15,
2978	SystemHandleInformation,
2979	SystemInformation_Unknown_17,
2980	SystemPageFileInformation,
2981	SystemInformation_Unknown_19,
2982	SystemInformation_Unknown_20,
2983	SystemCacheInformation,
2984	SystemInformation_Unknown_22,
2985	SystemInterruptInformation,
2986	SystemDpcBehaviourInformation,
2987	SystemFullMemoryInformation,
2988	SystemLoadGdiDriverInformation, /* 26 */
2989	SystemUnloadGdiDriverInformation, /* 27 */
2990	SystemTimeAdjustmentInformation,
2991	SystemSummaryMemoryInformation,
2992	SystemInformation_Unknown_30,
2993	SystemInformation_Unknown_31,
2994	SystemInformation_Unknown_32,
2995	SystemExceptionInformation,
2996	SystemCrashDumpStateInformation,
2997	SystemKernelDebuggerInformation,
2998	SystemContextSwitchInformation,
2999	SystemRegistryQuotaInformation,
3000	SystemInformation_Unknown_38,
3001	SystemInformation_Unknown_39,
3002	SystemInformation_Unknown_40,
3003	SystemInformation_Unknown_41,
3004	SystemInformation_Unknown_42,
3005	SystemInformation_Unknown_43,
3006	SystemCurrentTimeZoneInformation,
3007	SystemLookasideInformation,
3008	SystemSetTimeSlipEvent,
3009	SystemCreateSession,
3010	SystemDeleteSession,
3011	SystemInformation_Unknown_49,
3012	SystemRangeStartInformation,
3013	SystemVerifierInformation,
3014	SystemInformation_Unknown_52,
3015	SystemSessionProcessInformation,
3016	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3017	SystemInformation_Unknown_55,
3018	SystemInformation_Unknown_56,
3019	SystemExtendedProcessInformation,
3020	SystemInformation_Unknown_58,
3021	SystemInformation_Unknown_59,
3022	SystemInformation_Unknown_60,
3023	SystemInformation_Unknown_61,
3024	SystemInformation_Unknown_62,
3025	SystemInformation_Unknown_63,
3026	SystemExtendedHandleInformation, /* 64 */
3027	SystemInformation_Unknown_65,
3028	SystemInformation_Unknown_66,
3029	SystemInformation_Unknown_67,
3030	SystemInformation_Unknown_68,
3031	SystemInformation_HotPatchInfo, /* 69 */
3032	SystemInformation_Unknown_70,
3033	SystemInformation_Unknown_71,
3034	SystemInformation_Unknown_72,
3035	SystemInformation_Unknown_73,
3036	SystemInformation_Unknown_74,
3037	SystemInformation_Unknown_75,
3038	SystemInformation_Unknown_76,
3039	SystemInformation_Unknown_77,
3040	SystemInformation_Unknown_78,
3041	SystemInformation_Unknown_79,
3042	SystemInformation_Unknown_80,
3043	SystemInformation_Unknown_81,
3044	SystemInformation_Unknown_82,
3045	SystemInformation_Unknown_83,
3046	SystemInformation_Unknown_84,
3047	SystemInformation_Unknown_85,
3048	SystemInformation_Unknown_86,
3049	SystemInformation_Unknown_87,
3050	SystemInformation_Unknown_88,
3051	SystemInformation_Unknown_89,
3052	SystemInformation_Unknown_90,
3053	SystemInformation_Unknown_91,
3054	SystemInformation_Unknown_92,
3055	SystemInformation_Unknown_93,
3056	SystemInformation_Unknown_94,
3057	SystemInformation_Unknown_95,
3058	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3059	SystemInformation_Unknown_97,
3060	SystemInformation_Unknown_98,
3061	SystemInformation_Unknown_99,
3062	SystemInformation_Unknown_100,
3063	SystemInformation_Unknown_101,
3064	SystemInformation_Unknown_102,
3065	SystemInformation_Unknown_103,
3066	SystemInformation_Unknown_104,
3067	SystemInformation_Unknown_105,
3068	SystemInformation_Unknown_107,
3069	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3070
3071	/** @todo fill gap. they've added a whole bunch of things */
3072	SystemPolicyInformation = 134,
3073	SystemInformationClassMax
3074	} SYSTEM_INFORMATION_CLASS;
3075
3076	#ifdef IPRT_NT_USE_WINTERNL
3077	typedef struct _VM_COUNTERS
3078	{
3079	SIZE_T PeakVirtualSize;
3080	SIZE_T VirtualSize;
3081	ULONG PageFaultCount;
3082	SIZE_T PeakWorkingSetSize;
3083	SIZE_T WorkingSetSize;
3084	SIZE_T QuotaPeakPagedPoolUsage;
3085	SIZE_T QuotaPagedPoolUsage;
3086	SIZE_T QuotaPeakNonPagedPoolUsage;
3087	SIZE_T QuotaNonPagedPoolUsage;
3088	SIZE_T PagefileUsage;
3089	SIZE_T PeakPagefileUsage;
3090	} VM_COUNTERS;
3091	typedef VM_COUNTERS *PVM_COUNTERS;
3092	#endif
3093
3094	#if 0
3095	typedef struct _IO_COUNTERS
3096	{
3097	ULONGLONG ReadOperationCount;
3098	ULONGLONG WriteOperationCount;
3099	ULONGLONG OtherOperationCount;
3100	ULONGLONG ReadTransferCount;
3101	ULONGLONG WriteTransferCount;
3102	ULONGLONG OtherTransferCount;
3103	} IO_COUNTERS;
3104	typedef IO_COUNTERS *PIO_COUNTERS;
3105	#endif
3106
3107	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3108	{
3109	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
3110	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
3111	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
3112	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
3113	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
3114	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
3115	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
3116	int32_t BasePriority; /*< 0x40 / 0x48 /
3117	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
3118	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
3119	ULONG HandleCount; /*< 0x4c / 0x60 /
3120	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
3121	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
3122	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
3123	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
3124	/* After this follows the threads, then the ProcessName.Buffer. */
3125	} RTNT_SYSTEM_PROCESS_INFORMATION;
3126	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3127	#ifndef IPRT_NT_USE_WINTERNL
3128	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3129	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3130	#endif
3131
3132	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3133	{
3134	USHORT UniqueProcessId;
3135	USHORT CreatorBackTraceIndex;
3136	UCHAR ObjectTypeIndex;
3137	UCHAR HandleAttributes;
3138	USHORT HandleValue;
3139	PVOID Object;
3140	ULONG GrantedAccess;
3141	} SYSTEM_HANDLE_ENTRY_INFO;
3142	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3143
3144	/** Returned by SystemHandleInformation */
3145	typedef struct _SYSTEM_HANDLE_INFORMATION
3146	{
3147	ULONG NumberOfHandles;
3148	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3149	} SYSTEM_HANDLE_INFORMATION;
3150	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3151
3152	/** Extended handle information entry.
3153	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3154	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3155	{
3156	PVOID Object;
3157	HANDLE UniqueProcessId;
3158	HANDLE HandleValue;
3159	ACCESS_MASK GrantedAccess;
3160	USHORT CreatorBackTraceIndex;
3161	USHORT ObjectTypeIndex;
3162	ULONG HandleAttributes;
3163	ULONG Reserved;
3164	} SYSTEM_HANDLE_ENTRY_INFO_EX;
3165	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3166
3167	/** Returned by SystemExtendedHandleInformation. */
3168	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3169	{
3170	ULONG_PTR NumberOfHandles;
3171	ULONG_PTR Reserved;
3172	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3173	} SYSTEM_HANDLE_INFORMATION_EX;
3174	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3175
3176	/** Returned by SystemSessionProcessInformation. */
3177	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3178	{
3179	ULONG SessionId;
3180	ULONG BufferLength;
3181	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3182	PVOID Buffer;
3183	} SYSTEM_SESSION_PROCESS_INFORMATION;
3184	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3185
3186	typedef struct _RTL_PROCESS_MODULE_INFORMATION
3187	{
3188	HANDLE Section; /*< 0x00 / 0x00 /
3189	PVOID MappedBase; /*< 0x04 / 0x08 /
3190	PVOID ImageBase; /*< 0x08 / 0x10 /
3191	ULONG ImageSize; /*< 0x0c / 0x18 /
3192	ULONG Flags; /*< 0x10 / 0x1c /
3193	USHORT LoadOrderIndex; /*< 0x14 / 0x20 /
3194	USHORT InitOrderIndex; /*< 0x16 / 0x22 /
3195	USHORT LoadCount; /*< 0x18 / 0x24 /
3196	USHORT OffsetToFileName; /*< 0x1a / 0x26 /
3197	UCHAR FullPathName[256]; /*< 0x1c / 0x28 /
3198	} RTL_PROCESS_MODULE_INFORMATION;
3199	typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3200
3201	/** Returned by SystemModuleInformation. */
3202	typedef struct _RTL_PROCESS_MODULES
3203	{
3204	ULONG NumberOfModules;
3205	RTL_PROCESS_MODULE_INFORMATION Modules[1]; /*< 0x04 / 0x08 /
3206	} RTL_PROCESS_MODULES;
3207	typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3208
3209	RT_DECL_NTAPI(NTSTATUS) NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3210	#ifndef IPRT_NT_MAP_TO_ZW
3211	RT_DECL_NTAPI(NTSTATUS) ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3212	#endif
3213
3214	RT_DECL_NTAPI(NTSTATUS) NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3215	RT_DECL_NTAPI(NTSTATUS) NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3216
3217	RT_DECL_NTAPI(NTSTATUS) NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3218	RT_DECL_NTAPI(NTSTATUS) NtYieldExecution(void);
3219	#ifndef IPRT_NT_USE_WINTERNL
3220	RT_DECL_NTAPI(NTSTATUS) NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
3221	#endif
3222	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3223	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3224	RT_DECL_NTAPI(NTSTATUS) NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3225
3226	RT_DECL_NTAPI(NTSTATUS) NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3227
3228	#ifdef IPRT_NT_USE_WINTERNL
3229	typedef enum _EVENT_TYPE
3230	{
3231	/* Manual reset event. */
3232	NotificationEvent = 0,
3233	/* Automaitc reset event. */
3234	SynchronizationEvent
3235	} EVENT_TYPE;
3236	#endif
3237	RT_DECL_NTAPI(NTSTATUS) NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3238	RT_DECL_NTAPI(NTSTATUS) NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3239	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3240	RT_DECL_NTAPI(NTSTATUS) NtClearEvent(HANDLE);
3241	RT_DECL_NTAPI(NTSTATUS) NtResetEvent(HANDLE, PULONG);
3242	RT_DECL_NTAPI(NTSTATUS) NtSetEvent(HANDLE, PULONG);
3243	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3244	typedef enum _EVENT_INFORMATION_CLASS
3245	{
3246	EventBasicInformation = 0
3247	} EVENT_INFORMATION_CLASS;
3248	/** Data returned by NtQueryEvent + EventBasicInformation. */
3249	typedef struct EVENT_BASIC_INFORMATION
3250	{
3251	EVENT_TYPE EventType;
3252	ULONG EventState;
3253	} EVENT_BASIC_INFORMATION;
3254	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3255	RT_DECL_NTAPI(NTSTATUS) NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3256
3257	#ifdef IPRT_NT_USE_WINTERNL
3258	/** For NtQueryValueKey. */
3259	typedef enum _KEY_VALUE_INFORMATION_CLASS
3260	{
3261	KeyValueBasicInformation = 0,
3262	KeyValueFullInformation,
3263	KeyValuePartialInformation,
3264	KeyValueFullInformationAlign64,
3265	KeyValuePartialInformationAlign64
3266	} KEY_VALUE_INFORMATION_CLASS;
3267
3268	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3269	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3270	{
3271	ULONG TitleIndex;
3272	ULONG Type;
3273	ULONG DataLength;
3274	UCHAR Data[1];
3275	} KEY_VALUE_PARTIAL_INFORMATION;
3276	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3277	#endif
3278	RT_DECL_NTAPI(NTSTATUS) NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3279	RT_DECL_NTAPI(NTSTATUS) NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3280
3281
3282	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3283
3284
3285	typedef struct _CURDIR
3286	{
3287	UNICODE_STRING DosPath;
3288	HANDLE Handle; /*< 0x10 / 0x08 /
3289	} CURDIR;
3290	AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3291	typedef CURDIR *PCURDIR;
3292
3293	typedef struct _RTL_DRIVE_LETTER_CURDIR
3294	{
3295	USHORT Flags;
3296	USHORT Length;
3297	ULONG TimeStamp;
3298	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
3299	} RTL_DRIVE_LETTER_CURDIR;
3300	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3301
3302	typedef struct _RTL_USER_PROCESS_PARAMETERS
3303	{
3304	ULONG MaximumLength; /*< 0x000 / 0x000 /
3305	ULONG Length; /*< 0x004 / 0x004 /
3306	ULONG Flags; /*< 0x008 / 0x008 /
3307	ULONG DebugFlags; /*< 0x00c / 0x00c /
3308	HANDLE ConsoleHandle; /*< 0x010 / 0x010 /
3309	ULONG ConsoleFlags; /*< 0x018 / 0x014 /
3310	HANDLE StandardInput; /*< 0x020 / 0x018 /
3311	HANDLE StandardOutput; /*< 0x028 / 0x01c /
3312	HANDLE StandardError; /*< 0x030 / 0x020 /
3313	CURDIR CurrentDirectory; /*< 0x038 / 0x024 /
3314	UNICODE_STRING DllPath; /*< 0x050 / 0x030 /
3315	UNICODE_STRING ImagePathName; /*< 0x060 / 0x038 /
3316	UNICODE_STRING CommandLine; /*< 0x070 / 0x040 /
3317	PWSTR Environment; /*< 0x080 / 0x048 /
3318	ULONG StartingX; /*< 0x088 / 0x04c /
3319	ULONG StartingY; /*< 0x090 / 0x050 /
3320	ULONG CountX; /*< 0x094 / 0x054 /
3321	ULONG CountY; /*< 0x098 / 0x058 /
3322	ULONG CountCharsX; /*< 0x09c / 0x05c /
3323	ULONG CountCharsY; /*< 0x0a0 / 0x060 /
3324	ULONG FillAttribute; /*< 0x0a4 / 0x064 /
3325	ULONG WindowFlags; /*< 0x0a8 / 0x068 /
3326	ULONG ShowWindowFlags; /*< 0x0ac / 0x06c /
3327	UNICODE_STRING WindowTitle; /*< 0x0b0 / 0x070 /
3328	UNICODE_STRING DesktopInfo; /*< 0x0c0 / 0x078 /
3329	UNICODE_STRING ShellInfo; /*< 0x0d0 / 0x080 /
3330	UNICODE_STRING RuntimeInfo; /*< 0x0e0 / 0x088 /
3331	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /*< 0x0f0 / 0x090 /
3332	SIZE_T EnvironmentSize; /*< 0x3f0 / 0x - Added in Vista /
3333	SIZE_T EnvironmentVersion; /*< 0x3f8 / 0x - Added in Windows 7. /
3334	PVOID PackageDependencyData; /*< 0x400 / 0x - Added Windows 8? /
3335	ULONG ProcessGroupId; /*< 0x408 / 0x - Added Windows 8? /
3336	ULONG LoaderThreads; /*< 0x40c / 0x - Added Windows 10? /
3337	} RTL_USER_PROCESS_PARAMETERS;
3338	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3339	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3340
3341	typedef struct _RTL_USER_PROCESS_INFORMATION
3342	{
3343	ULONG Size;
3344	HANDLE ProcessHandle;
3345	HANDLE ThreadHandle;
3346	CLIENT_ID ClientId;
3347	SECTION_IMAGE_INFORMATION ImageInformation;
3348	} RTL_USER_PROCESS_INFORMATION;
3349	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3350
3351
3352	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3353	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3354	RT_DECL_NTAPI(NTSTATUS) RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3355	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3356	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3357	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3358	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3359	RT_DECL_NTAPI(VOID) RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3360	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3361	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3362
3363	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3364	typedef struct _RTL_CRITICAL_SECTION
3365	{
3366	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3367	LONG LockCount;
3368	LONG Recursioncount;
3369	HANDLE OwningThread;
3370	HANDLE LockSemaphore;
3371	ULONG_PTR SpinCount;
3372	} RTL_CRITICAL_SECTION;
3373	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3374	#endif
3375
3376	/RT_DECL_NTAPI(ULONG) RtlNtStatusToDosError(NTSTATUS rcNt);/
3377
3378	/** @def RTL_QUERY_REGISTRY_TYPECHECK
3379	* WDK 8.1+, backported in updates, ignored in older. */
3380	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
3381	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3382	#endif
3383	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3384	* WDK 8.1+, backported in updates, ignored in older. */
3385	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
3386	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3387	#endif
3388
3389
3390	RT_C_DECLS_END
3391	/** @} */
3392
3393
3394	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
3395	/** @name NT Kernel APIs
3396	* @{ */
3397	RT_C_DECLS_BEGIN
3398
3399	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
3400
3401	RT_DECL_NTAPI(VOID) KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3402	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3403	RT_DECL_NTAPI(VOID) KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3404	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3405	RT_DECL_NTAPI(VOID) KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3406	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3407	RT_DECL_NTAPI(BOOLEAN) KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3408	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3409	RT_DECL_NTAPI(BOOLEAN) KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3410	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3411	RT_DECL_NTAPI(BOOLEAN) KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3412	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3413	RT_DECL_NTAPI(VOID) KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3414	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3415	RT_DECL_NTAPI(VOID) KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3416	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3417	RT_DECL_NTAPI(BOOLEAN) KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3418	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3419	RT_DECL_NTAPI(BOOLEAN) KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3420	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3421	/** Works like anding the complemented subtrahend with the minuend. */
3422	RT_DECL_NTAPI(BOOLEAN) KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3423	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3424	RT_DECL_NTAPI(BOOLEAN) KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3425	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3426	RT_DECL_NTAPI(BOOLEAN) KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3427	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3428	RT_DECL_NTAPI(BOOLEAN) KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3429	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3430	RT_DECL_NTAPI(ULONG) KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3431	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3432	RT_DECL_NTAPI(KEPROCESSORINDEX) KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3433	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3434	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3435	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
3436	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
3437	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
3438	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3439	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3440	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3441	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3442	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
3443	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3444	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
3445	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3446	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3447	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
3448	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3449	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
3450	typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3451
3452	RT_DECL_NTAPI(BOOLEAN) ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3453	PVOID pvOptionalConditions, PHANDLE phFound);
3454	RT_DECL_NTAPI(NTSTATUS) ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3455	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3456	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3457	RT_DECL_NTAPI(HANDLE) PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3458	RT_DECL_NTAPI(UCHAR *) PsGetProcessImageFileName(PEPROCESS);
3459	RT_DECL_NTAPI(BOOLEAN) PsIsProcessBeingDebugged(PEPROCESS);
3460	RT_DECL_NTAPI(ULONG) PsGetProcessSessionId(PEPROCESS);
3461	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
3462	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
3463
3464	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3465	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3466
3467	RT_C_DECLS_END
3468	/** @ */
3469	#endif /* IN_RING0 */
3470
3471
3472	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
3473	/** @name NT Userland APIs
3474	* @{ */
3475	RT_C_DECLS_BEGIN
3476
3477	#if 0 /** @todo figure this out some time... */
3478	typedef struct CSR_MSG_DATA_CREATED_PROCESS
3479	{
3480	HANDLE hProcess;
3481	HANDLE hThread;
3482	CLIENT_ID
3483	DWORD idProcess;
3484	DWORD idThread;
3485	DWORD fCreate;
3486
3487	} CSR_MSG_DATA_CREATED_PROCESS;
3488
3489	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3490	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3491	RT_DECL_NTAPI(NTSTATUS) CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3492	#endif
3493
3494	RT_DECL_NTAPI(VOID) LdrInitializeThunk(PVOID, PVOID, PVOID);
3495
3496	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3497	{
3498	ULONG Flags;
3499	PCUNICODE_STRING FullDllName;
3500	PCUNICODE_STRING BaseDllName;
3501	PVOID DllBase;
3502	ULONG SizeOfImage;
3503	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3504	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3505	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3506
3507	typedef union _LDR_DLL_NOTIFICATION_DATA
3508	{
3509	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3510	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3511	} LDR_DLL_NOTIFICATION_DATA;
3512	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3513	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3514
3515	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3516
3517	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3518	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3519	RT_DECL_NTAPI(NTSTATUS) LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3520	PVOID *pvCookie);
3521	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
3522	RT_DECL_NTAPI(NTSTATUS) LdrUnregisterDllNotification(PVOID pvCookie);
3523	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3524
3525	RT_DECL_NTAPI(NTSTATUS) LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3526	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3527	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3528	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3529	RT_DECL_NTAPI(NTSTATUS) LdrUnloadDll(IN HANDLE hMod);
3530	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3531	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3532	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3533	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3534	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3535	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3536	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3537	/** @since Windows XP. */
3538	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3539	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3540	/** @since Windows XP. */
3541	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3542	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3543	/** @since Windows 7. */
3544	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3545	/** @since Windows 7. */
3546	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3547	/** @since Windows 7. */
3548	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3549	OUT PHANDLE phDll);
3550	/** @since Windows 7. */
3551	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3552	OUT PHANDLE phDll);
3553	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3554	RT_DECL_NTAPI(NTSTATUS) LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3555	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3556	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3557	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3558	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3559	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3560	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3561	/** @since Windows Vista. */
3562	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3563	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3564	/** @since Windows Vista. */
3565	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
3566	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3567	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3568	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3569	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3570	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3571	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3572	/** @since Windows XP. */
3573	RT_DECL_NTAPI(NTSTATUS) LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3574	/** @since Windows XP. */
3575	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
3576	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3577	/** @since Windows XP. */
3578	RT_DECL_NTAPI(NTSTATUS) LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3579	/** @since Windows XP. */
3580	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3581
3582	RT_DECL_NTAPI(NTSTATUS) RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3583	RT_DECL_NTAPI(VOID) RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
3584	RT_DECL_NTAPI(VOID) RtlExitUserThread(NTSTATUS rcExitCode);
3585	RT_DECL_NTAPI(NTSTATUS) RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3586	IN PCUNICODE_STRING pOrgName,
3587	IN PUNICODE_STRING pDefaultSuffix,
3588	IN OUT PUNICODE_STRING pStaticString,
3589	IN OUT PUNICODE_STRING pDynamicString,
3590	IN OUT PUNICODE_STRING *ppResultString,
3591	IN PULONG pfNewFlags OPTIONAL,
3592	IN PSIZE_T pcbFilename OPTIONAL,
3593	IN PSIZE_T pcbNeeded OPTIONAL);
3594	/** @since Windows 8.
3595	* @note Status code is always zero in windows 10 build 14393. */
3596	RT_DECL_NTAPI(NTSTATUS) ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3597	/** @copydoc ApiSetQueryApiSetPresence */
3598	typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3599
3600
3601	# ifdef IPRT_NT_USE_WINTERNL
3602	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3603	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3604	typedef struct _RTL_HEAP_PARAMETERS
3605	{
3606	ULONG Length;
3607	SIZE_T SegmentReserve;
3608	SIZE_T SegmentCommit;
3609	SIZE_T DeCommitFreeBlockThreshold;
3610	SIZE_T DeCommitTotalFreeThreshold;
3611	SIZE_T MaximumAllocationSize;
3612	SIZE_T VirtualMemoryThreshold;
3613	SIZE_T InitialCommit;
3614	SIZE_T InitialReserve;
3615	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3616	SIZE_T Reserved[2];
3617	} RTL_HEAP_PARAMETERS;
3618	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3619	RT_DECL_NTAPI(PVOID) RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3620	PRTL_HEAP_PARAMETERS pParameters);
3621	/** @name Heap flags (for RtlCreateHeap).
3622	* @{ */
3623	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3624	# define HEAP_GROWABLE UINT32_C(0x00000002)
3625	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3626	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3627	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3628	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3629	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3630	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3631	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3632	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3633	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3634	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3635	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3636	# define HEAP_CLASS_0 UINT32_C(0x00000000)
3637	# define HEAP_CLASS_1 UINT32_C(0x00001000)
3638	# define HEAP_CLASS_2 UINT32_C(0x00002000)
3639	# define HEAP_CLASS_3 UINT32_C(0x00003000)
3640	# define HEAP_CLASS_4 UINT32_C(0x00004000)
3641	# define HEAP_CLASS_5 UINT32_C(0x00005000)
3642	# define HEAP_CLASS_6 UINT32_C(0x00006000)
3643	# define HEAP_CLASS_7 UINT32_C(0x00007000)
3644	# define HEAP_CLASS_8 UINT32_C(0x00008000)
3645	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3646	# endif
3647	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3648	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3649	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3650	# define HEAP_CLASS_GDI HEAP_CLASS_3
3651	# define HEAP_CLASS_USER HEAP_CLASS_4
3652	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3653	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3654	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3655	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3656	# ifdef IPRT_NT_USE_WINTERNL
3657	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3658	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3659	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3660	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3661	# endif /* IPRT_NT_USE_WINTERNL */
3662	/** @} */
3663	# ifdef IPRT_NT_USE_WINTERNL
3664	/** @name Heap tagging constants
3665	* @{ */
3666	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3667	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3668	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3669	# define HEAP_TAG_SHIFT 18 */
3670	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3671	/** @} */
3672	RT_DECL_NTAPI(PVOID) RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3673	RT_DECL_NTAPI(PVOID) RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3674	RT_DECL_NTAPI(BOOLEAN) RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3675	# endif /* IPRT_NT_USE_WINTERNL */
3676	RT_DECL_NTAPI(SIZE_T) RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3677	RT_DECL_NTAPI(VOID) RtlFreeUnicodeString(PUNICODE_STRING);
3678	RT_DECL_NTAPI(SIZE_T) RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3679	RT_DECL_NTAPI(NTSTATUS) RtlGetLastNtStatus(VOID);
3680	RT_DECL_NTAPI(ULONG) RtlGetLastWin32Error(VOID);
3681	RT_DECL_NTAPI(VOID) RtlSetLastWin32Error(ULONG uError);
3682	RT_DECL_NTAPI(VOID) RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3683	RT_DECL_NTAPI(VOID) RtlRestoreLastWin32Error(ULONG uError);
3684	RT_DECL_NTAPI(BOOLEAN) RtlQueryPerformanceCounter(PLARGE_INTEGER);
3685	RT_DECL_NTAPI(uint64_t) RtlGetSystemTimePrecise(VOID);
3686	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3687	RT_DECL_NTAPI(uint64_t) RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3688	typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3689	RT_DECL_NTAPI(BOOLEAN) RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3690	typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3691
3692	RT_C_DECLS_END
3693	/** @} */
3694	#endif /* IN_RING3 */
3695
3696	#endif /* !IPRT_INCLUDED_nt_nt_h */
3697

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 86177

Download in other formats: