nt.h@ 86716

Last change on this file since 86716 was 86191, checked in by vboxsync, 4 years ago
Runtime/mp-r0drv-nt.cpp: Dynamically determine the size of the KAFFINITY_EX structure as it is not static across Windows versions (increased lately with W10 20H2) [2nd attempt]
Property svn:eol-style set to `native` Property svn:keywords set to `Author Date Id Revision`
File size: 166.3 KB

Line
1	/* $Id: nt.h 86191 2020-09-21 09:59:04Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2020 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.virtualbox.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef IPRT_INCLUDED_nt_nt_h
28	#define IPRT_INCLUDED_nt_nt_h
29	#ifndef RT_WITHOUT_PRAGMA_ONCE
30	# pragma once
31	#endif
32
33	/** @def IPRT_NT_MAP_TO_ZW
34	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35	* to the APIs (takes care of the previous context checks).
36	*/
37	#ifdef DOXYGEN_RUNNING
38	# define IPRT_NT_MAP_TO_ZW
39	#endif
40
41	#ifdef IPRT_NT_MAP_TO_ZW
42	# define NtQueryDirectoryFile ZwQueryDirectoryFile
43	# define NtQueryInformationFile ZwQueryInformationFile
44	# define NtQueryInformationProcess ZwQueryInformationProcess
45	# define NtQueryInformationThread ZwQueryInformationThread
46	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47	# define NtQuerySystemInformation ZwQuerySystemInformation
48	# define NtQuerySecurityObject ZwQuerySecurityObject
49	# define NtSetInformationFile ZwSetInformationFile
50	# define NtClose ZwClose
51	# define NtCreateFile ZwCreateFile
52	# define NtReadFile ZwReadFile
53	# define NtWriteFile ZwWriteFile
54	# define NtFlushBuffersFile ZwFlushBuffersFile
55	/** @todo this is very incomplete! */
56	#endif
57
58	#include <ntstatus.h>
59
60	/*
61	* Hacks common to both base header sets.
62	*/
63	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64	#define NtQueryObject Incomplete_NtQueryObject
65	#define ZwQueryObject Incomplete_ZwQueryObject
66	#define NtSetInformationObject Incomplete_NtSetInformationObject
67	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71	#define _PEB Incomplete__PEB
72	#define PEB Incomplete_PEB
73	#define PPEB Incomplete_PPEB
74	#define _TEB Incomplete__TEB
75	#define TEB Incomplete_TEB
76	#define PTEB Incomplete_PTEB
77	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86	#ifdef IPRT_NT_USE_WINTERNL
87	/*
88	* Use Winternl.h.
89	*/
90	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
122	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
123	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
124	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
125	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
126	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
127	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
128	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
129	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
130	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
131
132
133	# pragma warning(push)
134	# pragma warning(disable: 4668)
135	# define WIN32_NO_STATUS
136	# include <windef.h>
137	# include <winnt.h>
138	# include <winternl.h>
139	# undef WIN32_NO_STATUS
140	# include <ntstatus.h>
141	# pragma warning(pop)
142
143	# ifndef OBJ_DONT_REPARSE
144	# define RTNT_NEED_CLIENT_ID
145	# endif
146
147	# undef _FILE_INFORMATION_CLASS
148	# undef FILE_INFORMATION_CLASS
149	# undef FileDirectoryInformation
150
151	# undef NtQueryInformationProcess
152	# undef NtSetInformationProcess
153	# undef PROCESSINFOCLASS
154	# undef _PROCESSINFOCLASS
155	# undef PROCESS_BASIC_INFORMATION
156	# undef PPROCESS_BASIC_INFORMATION
157	# undef _PROCESS_BASIC_INFORMATION
158	# undef ProcessBasicInformation
159	# undef ProcessDebugPort
160	# undef ProcessWow64Information
161	# undef ProcessImageFileName
162	# undef ProcessBreakOnTermination
163
164	# undef RTL_USER_PROCESS_PARAMETERS
165	# undef PRTL_USER_PROCESS_PARAMETERS
166	# undef _RTL_USER_PROCESS_PARAMETERS
167
168	# undef NtQueryInformationThread
169	# undef NtSetInformationThread
170	# undef THREADINFOCLASS
171	# undef _THREADINFOCLASS
172	# undef ThreadIsIoPending
173
174	# undef NtQuerySystemInformation
175	# undef NtSetSystemInformation
176	# undef SYSTEM_INFORMATION_CLASS
177	# undef _SYSTEM_INFORMATION_CLASS
178	# undef SystemBasicInformation
179	# undef SystemPerformanceInformation
180	# undef SystemTimeOfDayInformation
181	# undef SystemProcessInformation
182	# undef SystemProcessorPerformanceInformation
183	# undef SystemInterruptInformation
184	# undef SystemExceptionInformation
185	# undef SystemRegistryQuotaInformation
186	# undef SystemLookasideInformation
187	# undef SystemPolicyInformation
188
189	#else
190	/*
191	* Use ntifs.h and wdm.h.
192	*/
193	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
194	# define FORCEINLINE static __forceinline
195	# else
196	# define FORCEINLINE static __inline
197	# endif
198
199	# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
200	# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
201	# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
202	# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
203	# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
204	# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
205	# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
206	# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
207	# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
208	# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
209	# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
210	# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
211	# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
212	# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
213	# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
214	# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
215	# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
216	# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
217	# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
218	# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
219
220	# pragma warning(push)
221	# ifdef RT_ARCH_X86
222	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
223	# pragma warning(disable: 4163)
224	# endif
225	# pragma warning(disable: 4668)
226	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
227	# if _MSC_VER >= 1800 /RT_MSC_VER_VC120/
228	# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
229	# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
230	# endif
231	# if _MSC_VER >= 1900 /RT_MSC_VER_VC140/
232	# ifdef __cplusplus
233	# pragma warning(disable:5039) /* warning C5039: 'KeInitializeDpc': pointer or reference to potentially throwing function passed to 'extern "C"' function under -EHc. Undefined behavior may occur if this function throws an exception. */
234	# endif
235	# endif
236
237	# include <ntifs.h>
238	# include <wdm.h>
239
240	# ifdef RT_ARCH_X86
241	# undef _InterlockedAddLargeStatistic
242	# endif
243	# pragma warning(pop)
244
245	# undef _FSINFOCLASS
246	# undef FS_INFORMATION_CLASS
247	# undef PFS_INFORMATION_CLASS
248	# undef FileFsVolumeInformation
249	# undef FileFsLabelInformation
250	# undef FileFsSizeInformation
251	# undef FileFsDeviceInformation
252	# undef FileFsAttributeInformation
253	# undef FileFsControlInformation
254	# undef FileFsFullSizeInformation
255	# undef FileFsObjectIdInformation
256	# undef FileFsDriverPathInformation
257	# undef FileFsVolumeFlagsInformation
258	# undef FileFsSectorSizeInformation
259	# undef FileFsDataCopyInformation
260	# undef FileFsMetadataSizeInformation
261	# undef FileFsFullSizeInformationEx
262	# undef FileFsMaximumInformation
263	# undef NtQueryVolumeInformationFile
264	# undef NtSetVolumeInformationFile
265
266	# define IPRT_NT_NEED_API_GROUP_NTIFS
267	#endif
268
269	#undef RtlFreeUnicodeString
270	#undef NtQueryObject
271	#undef ZwQueryObject
272	#undef NtSetInformationObject
273	#undef _OBJECT_INFORMATION_CLASS
274	#undef OBJECT_INFORMATION_CLASS
275	#undef ObjectBasicInformation
276	#undef ObjectTypeInformation
277	#undef _PEB
278	#undef PEB
279	#undef PPEB
280	#undef _TEB
281	#undef TEB
282	#undef PTEB
283	#undef _PEB_LDR_DATA
284	#undef PEB_LDR_DATA
285	#undef PPEB_LDR_DATA
286	#undef _KUSER_SHARED_DATA
287	#undef KUSER_SHARED_DATA
288	#undef PKUSER_SHARED_DATA
289
290
291	#include <iprt/types.h>
292	#include <iprt/assert.h>
293
294
295	/** @name Useful macros
296	* @{ */
297	/** Indicates that we're targeting native NT in the current source. */
298	#define RTNT_USE_NATIVE_NT 1
299	/** Initializes a IO_STATUS_BLOCK. */
300	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
301	/** Reinitializes a IO_STATUS_BLOCK. */
302	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
303	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
304	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
305	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
306	/** Constant UNICODE_STRING initializer. */
307	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
308
309	/** Declaration wrapper for NT apis.
310	* Adds nothrow. Don't use with callbacks. */
311	#define RT_DECL_NTAPI(type) DECL_NOTHROW(NTSYSAPI type NTAPI)
312	/** @} */
313
314
315	/** @name IPRT helper functions for NT
316	* @{ */
317	RT_C_DECLS_BEGIN
318
319	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
320	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
321	PHANDLE phHandle, PULONG_PTR puDisposition);
322	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
323	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
324	RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
325	ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
326	RTDECL(int) RTNtPathClose(HANDLE hHandle);
327
328	/**
329	* Converts a windows-style path to NT format and encoding.
330	*
331	* @returns IPRT status code.
332	* @param pNtName Where to return the NT name. Free using
333	* RTNtPathFree.
334	* @param phRootDir Where to return the root handle, if applicable.
335	* @param pszPath The UTF-8 path.
336	*/
337	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
338
339	/**
340	* Converts a UTF-16 windows-style path to NT format.
341	*
342	* @returns IPRT status code.
343	* @param pNtName Where to return the NT name. Free using
344	* RTNtPathFree.
345	* @param phRootDir Where to return the root handle, if applicable.
346	* @param pwszPath The UTF-16 windows-style path.
347	* @param cwcPath The max length of the windows-style path in
348	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
349	* pwszPath is correctly terminated.
350	*/
351	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
352
353	/**
354	* How to handle ascent ('..' relative to a root handle).
355	*/
356	typedef enum RTNTPATHRELATIVEASCENT
357	{
358	kRTNtPathRelativeAscent_Invalid = 0,
359	kRTNtPathRelativeAscent_Allow,
360	kRTNtPathRelativeAscent_Fail,
361	kRTNtPathRelativeAscent_Ignore,
362	kRTNtPathRelativeAscent_End,
363	kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
364	} RTNTPATHRELATIVEASCENT;
365
366	/**
367	* Converts a relative windows-style path to relative NT format and encoding.
368	*
369	* @returns IPRT status code.
370	* @param pNtName Where to return the NT name. Free using
371	* rtTNtPathToNative with phRootDir set to NULL.
372	* @param phRootDir On input, the handle to the directory the path
373	* is relative to. On output, the handle to
374	* specify as root directory in the object
375	* attributes when accessing the path. If
376	* enmAscent is kRTNtPathRelativeAscent_Allow, it
377	* may have been set to NULL.
378	* @param pszPath The relative UTF-8 path.
379	* @param enmAscent How to handle ascent.
380	* @param fMustReturnAbsolute Must convert to an absolute path. This
381	* is necessary if the root dir is a NT directory
382	* object (e.g. /Devices) since they cannot parse
383	* relative paths it seems.
384	*/
385	RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath,
386	RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
387
388	/**
389	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
390	* chars plus a terminator.
391	*
392	* The NT string must have been returned by RTNtPathFromWinUtf8 or
393	* RTNtPathFromWinUtf16Ex.
394	*
395	* @returns IPRT status code.
396	* @param pNtName The NT path string.
397	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
398	* @sa RTNtPathFree
399	*/
400	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
401
402	/**
403	* Gets the NT path to the object represented by the given handle.
404	*
405	* @returns IPRT status code.
406	* @param pNtName Where to return the NT path. Free using
407	* RTNtPathFree.
408	* @param hHandle The handle.
409	* @param cwcExtra How much extra space is needed.
410	*/
411	RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
412
413	/**
414	* Frees the native path and root handle.
415	*
416	* @param pNtName The NT path after a successful rtNtPathToNative
417	* call or RTNtPathRelativeFromUtf8.
418	* @param phRootDir The root handle variable from rtNtPathToNative,
419	*/
420	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
421
422
423	/**
424	* Checks whether the path could be containing alternative 8.3 names generated
425	* by NTFS, FAT, or other similar file systems.
426	*
427	* @returns Pointer to the first component that might be an 8.3 name, NULL if
428	* not 8.3 path.
429	* @param pwszPath The path to check.
430	*
431	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
432	* however, non-tilde 8.3 aliases are probably rare enough to not be
433	* worth all the extra code necessary to open each path component and
434	* check if we've got the short name or not.
435	*/
436	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
437
438	/**
439	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
440	* components.
441	*
442	* The path is fixed up in place. Errors are ignored.
443	*
444	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
445	* indicating the nature of last problem we ran into.
446	*
447	* @param pUniStr The path to fix up. MaximumLength is the max buffer
448	* length.
449	* @param fPathOnly Whether to only process the path and leave the filename
450	* as passed in.
451	*/
452	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
453
454	/**
455	* Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
456	* working on the input buffer.
457	*
458	* @returns IPRT status code, see RTNtPathExpand8dot3Path().
459	* @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
460	* length.
461	* @param fPathOnly Whether to only process the path and leave the filename
462	* as passed in.
463	* @param pUniStrDst Output string. On success, the caller must use
464	* RTUtf16Free to free what the Buffer member points to.
465	* This is all zeros and NULL on failure.
466	*/
467	RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING pUniStrDst);
468
469
470	RT_C_DECLS_END
471	/** @} */
472
473
474	/** @name NT API delcarations.
475	* @{ */
476	RT_C_DECLS_BEGIN
477
478	/** @name Process access rights missing in ntddk headers
479	* @{ */
480	#ifndef PROCESS_TERMINATE
481	# define PROCESS_TERMINATE UINT32_C(0x00000001)
482	#endif
483	#ifndef PROCESS_CREATE_THREAD
484	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
485	#endif
486	#ifndef PROCESS_SET_SESSIONID
487	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
488	#endif
489	#ifndef PROCESS_VM_OPERATION
490	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
491	#endif
492	#ifndef PROCESS_VM_READ
493	# define PROCESS_VM_READ UINT32_C(0x00000010)
494	#endif
495	#ifndef PROCESS_VM_WRITE
496	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
497	#endif
498	#ifndef PROCESS_DUP_HANDLE
499	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
500	#endif
501	#ifndef PROCESS_CREATE_PROCESS
502	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
503	#endif
504	#ifndef PROCESS_SET_QUOTA
505	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
506	#endif
507	#ifndef PROCESS_SET_INFORMATION
508	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
509	#endif
510	#ifndef PROCESS_QUERY_INFORMATION
511	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
512	#endif
513	#ifndef PROCESS_SUSPEND_RESUME
514	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
515	#endif
516	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
517	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
518	#endif
519	#ifndef PROCESS_SET_LIMITED_INFORMATION
520	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
521	#endif
522	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
523	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
524	#ifndef PROCESS_ALL_ACCESS
525	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
526	#endif
527	/** @} */
528
529	/** @name Thread access rights missing in ntddk headers
530	* @{ */
531	#ifndef THREAD_QUERY_INFORMATION
532	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
533	#endif
534	#ifndef THREAD_SET_THREAD_TOKEN
535	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
536	#endif
537	#ifndef THREAD_IMPERSONATE
538	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
539	#endif
540	#ifndef THREAD_DIRECT_IMPERSONATION
541	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
542	#endif
543	#ifndef THREAD_RESUME
544	# define THREAD_RESUME UINT32_C(0x00001000)
545	#endif
546	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
547	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
548	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
549	/** @} */
550
551	/** @name Special handle values.
552	* @{ */
553	#ifndef NtCurrentProcess
554	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
555	#endif
556	#ifndef NtCurrentThread
557	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
558	#endif
559	#ifndef ZwCurrentProcess
560	# define ZwCurrentProcess() NtCurrentProcess()
561	#endif
562	#ifndef ZwCurrentThread
563	# define ZwCurrentThread() NtCurrentThread()
564	#endif
565	/** @} */
566
567
568	/** @name Directory object access rights.
569	* @{ */
570	#ifndef DIRECTORY_QUERY
571	# define DIRECTORY_QUERY UINT32_C(0x00000001)
572	#endif
573	#ifndef DIRECTORY_TRAVERSE
574	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
575	#endif
576	#ifndef DIRECTORY_CREATE_OBJECT
577	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
578	#endif
579	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
580	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
581	#endif
582	#ifndef DIRECTORY_ALL_ACCESS
583	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
584	#endif
585	/** @} */
586
587
588
589	#ifdef RTNT_NEED_CLIENT_ID
590	typedef struct _CLIENT_ID
591	{
592	HANDLE UniqueProcess;
593	HANDLE UniqueThread;
594	} CLIENT_ID;
595	#endif
596	#ifdef IPRT_NT_USE_WINTERNL
597	typedef CLIENT_ID *PCLIENT_ID;
598	#endif
599
600	/** Extended affinity type, introduced in Windows 7 (?). */
601	typedef struct _KAFFINITY_EX
602	{
603	/** Count of valid bitmap entries. */
604	uint16_t Count;
605	/** Count of allocated bitmap entries. */
606	uint16_t Size;
607	/** Reserved / aligmment padding. */
608	uint32_t Reserved;
609	/** Bitmap where one bit corresponds to a CPU.
610	* @note Started at 20 entries. W10 20H2 increased it to 32. Must be
611	* probed by passing a big buffer to KeInitializeAffinityEx and check
612	* the Size afterwards. */
613	uintptr_t Bitmap[RT_FLEXIBLE_ARRAY_IN_NESTED_UNION];
614	} KAFFINITY_EX;
615	typedef KAFFINITY_EX *PKAFFINITY_EX;
616	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
617
618	/** @name User Shared Data
619	* @{ */
620
621	#ifdef IPRT_NT_USE_WINTERNL
622	typedef struct _KSYSTEM_TIME
623	{
624	ULONG LowPart;
625	LONG High1Time;
626	LONG High2Time;
627	} KSYSTEM_TIME;
628	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
629
630	typedef enum _NT_PRODUCT_TYPE
631	{
632	NtProductWinNt = 1,
633	NtProductLanManNt,
634	NtProductServer
635	} NT_PRODUCT_TYPE;
636
637	#define PROCESSOR_FEATURE_MAX 64
638
639	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
640	{
641	StandardDesign = 0,
642	NEC98x86,
643	EndAlternatives
644	} ALTERNATIVE_ARCHITECTURE_TYPE;
645
646	# if 0
647	typedef struct _XSTATE_FEATURE
648	{
649	ULONG Offset;
650	ULONG Size;
651	} XSTATE_FEATURE;
652	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
653
654	#define MAXIMUM_XSTATE_FEATURES 64
655
656	typedef struct _XSTATE_CONFIGURATION
657	{
658	ULONG64 EnabledFeatures;
659	ULONG Size;
660	ULONG OptimizedSave : 1;
661	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
662	} XSTATE_CONFIGURATION;
663	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
664	# endif
665	#endif /* IPRT_NT_USE_WINTERNL */
666
667	typedef struct _KUSER_SHARED_DATA
668	{
669	ULONG TickCountLowDeprecated; /*< 0x000 /
670	ULONG TickCountMultiplier; /*< 0x004 /
671	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
672	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
673	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
674	USHORT ImageNumberLow; /*< 0x02c /
675	USHORT ImageNumberHigh; /*< 0x02e /
676	WCHAR NtSystemRoot[260]; /*< 0x030 - Seems to be last member in NT 3.51. /
677	ULONG MaxStackTraceDepth; /*< 0x238 /
678	ULONG CryptoExponent; /*< 0x23c /
679	ULONG TimeZoneId; /*< 0x240 /
680	ULONG LargePageMinimum; /*< 0x244 /
681	ULONG AitSamplingValue; /*< 0x248 /
682	ULONG AppCompatFlag; /*< 0x24c /
683	ULONGLONG RNGSeedVersion; /*< 0x250 /
684	ULONG GlobalValidationRunlevel; /*< 0x258 /
685	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
686	ULONG Reserved2; /*< 0x260 /
687	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
688	BOOLEAN ProductTypeIsValid; /*< 0x268 /
689	BOOLEAN Reserved0[1]; /*< 0x269 /
690	USHORT NativeProcessorArchitecture; /*< 0x26a /
691	ULONG NtMajorVersion; /*< 0x26c /
692	ULONG NtMinorVersion; /*< 0x270 /
693	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
694	ULONG Reserved1; /*< 0x2b4 /
695	ULONG Reserved3; /*< 0x2b8 /
696	ULONG volatile TimeSlip; /*< 0x2bc /
697	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
698	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
699	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
700	ULONG SuiteMask; /*< 0x2d0 /
701	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
702	union /*< 0x2d5 /
703	{
704	UCHAR MitigationPolicies; /*< 0x2d5 /
705	struct
706	{
707	UCHAR NXSupportPolicy : 2;
708	UCHAR SEHValidationPolicy : 2;
709	UCHAR CurDirDevicesSkippedForDlls : 2;
710	UCHAR Reserved : 2;
711	};
712	};
713	UCHAR Reserved6[2]; /*< 0x2d6 /
714	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
715	ULONG volatile DismountCount; /*< 0x2dc /
716	ULONG ComPlusPackage; /*< 0x2e0 /
717	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
718	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
719	BOOLEAN SafeBootMode; /*< 0x2ec /
720	UCHAR Reserved12[3]; /*< 0x2ed /
721	union /*< 0x2f0 /
722	{
723	ULONG SharedDataFlags; /*< 0x2f0 /
724	struct
725	{
726	ULONG DbgErrorPortPresent : 1;
727	ULONG DbgElevationEnabled : 1;
728	ULONG DbgVirtEnabled : 1;
729	ULONG DbgInstallerDetectEnabled : 1;
730	ULONG DbgLkgEnabled : 1;
731	ULONG DbgDynProcessorEnabled : 1;
732	ULONG DbgConsoleBrokerEnabled : 1;
733	ULONG DbgSecureBootEnabled : 1;
734	ULONG SpareBits : 24;
735	};
736	};
737	ULONG DataFlagsPad[1]; /*< 0x2f4 /
738	ULONGLONG TestRetInstruction; /*< 0x2f8 /
739	LONGLONG QpcFrequency; /*< 0x300 /
740	ULONGLONG SystemCallPad[3]; /*< 0x308 /
741	union /*< 0x320 /
742	{
743	ULONG64 volatile TickCountQuad; /*< 0x320 /
744	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
745	struct /*< 0x320 /
746	{
747	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
748	ULONG TickCountPad[1]; /*< 0x32c /
749	};
750	};
751	ULONG Cookie; /*< 0x330 /
752	ULONG CookiePad[1]; /*< 0x334 /
753	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
754	ULONGLONG TimeUpdateLock; /*< 0x340 /
755	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
756	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
757	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
758	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
759	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
760	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
761	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
762	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
763	UCHAR Reserved8[14]; /*< 0x372 /
764	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
765	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
766	ULONG LangGenerationCount; /*< 0x3a4 /
767	ULONGLONG Reserved4; /*< 0x3a8 /
768	ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
769	* subtracts from interrupt time. */
770	ULONGLONG volatile QpcBias; /*< 0x3b8 /
771	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
772	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
773	UCHAR Reserved9; /*< 0x3c5 /
774	union /*< 0x3c6 /
775	{
776	USHORT QpcData; /*< 0x3c6 /
777	struct /*< 0x3c6 /
778	{
779	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
780	UCHAR QpcShift; /*< 0x3c7 /
781	};
782	};
783	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
784	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
785	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
786	} KUSER_SHARED_DATA;
787	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
788	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
789	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
790	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
791	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
792	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
793	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
794	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
795	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
796	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
797	/** @def MM_SHARED_USER_DATA_VA
798	* Read only userland mapping of KUSER_SHARED_DATA. */
799	#ifndef MM_SHARED_USER_DATA_VA
800	# if ARCH_BITS == 32
801	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
802	# elif ARCH_BITS == 64
803	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
804	# else
805	# error "Unsupported/undefined ARCH_BITS value."
806	# endif
807	#endif
808	/** @def KI_USER_SHARED_DATA
809	* Read write kernel mapping of KUSER_SHARED_DATA. */
810	#ifndef KI_USER_SHARED_DATA
811	# ifdef RT_ARCH_X86
812	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
813	# elif defined(RT_ARCH_AMD64)
814	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
815	# else
816	# error "PORT ME - KI_USER_SHARED_DATA"
817	# endif
818	#endif
819	/** @} */
820
821
822	/** @name Process And Thread Environment Blocks
823	* @{ */
824
825	typedef struct _PEB_LDR_DATA
826	{
827	uint32_t Length;
828	BOOLEAN Initialized;
829	BOOLEAN Padding[3];
830	HANDLE SsHandle;
831	LIST_ENTRY InLoadOrderModuleList;
832	LIST_ENTRY InMemoryOrderModuleList;
833	LIST_ENTRY InInitializationOrderModuleList;
834	/* End NT4 */
835	LIST_ENTRY *EntryInProgress;
836	BOOLEAN ShutdownInProgress;
837	HANDLE ShutdownThreadId;
838	} PEB_LDR_DATA;
839	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
840
841	typedef struct _PEB_COMMON
842	{
843	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
844	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
845	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
846	union
847	{
848	uint8_t BitField; /*< 0x003 / 0x003 /
849	struct
850	{
851	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
852	} Common;
853	struct
854	{
855	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
856	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
857	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
858	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
859	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
860	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
861	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
862	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
863	} W81;
864	struct
865	{
866	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
867	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
868	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
869	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
870	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
871	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
872	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
873	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
874	} W80;
875	struct
876	{
877	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
878	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
879	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
880	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
881	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
882	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
883	} W7;
884	struct
885	{
886	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
887	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
888	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
889	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
890	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
891	} W6;
892	struct
893	{
894	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
895	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
896	} W52;
897	struct
898	{
899	BOOLEAN SpareBool;
900	} W51;
901	} Diff0;
902	#if ARCH_BITS == 64
903	uint32_t Padding0; /*< 0x004 / NA /
904	#endif
905	HANDLE Mutant; /*< 0x008 / 0x004 /
906	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
907	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
908	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
909	PVOID SubSystemData; /*< 0x028 / 0x014 /
910	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
911	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
912	union
913	{
914	struct
915	{
916	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
917	PVOID IFEOKey; /*< 0x048 / 0x024 /
918	union
919	{
920	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
921	struct
922	{
923	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
924	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
925	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
926	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
927	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
928	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
929	} W7, W8, W80, W81;
930	struct
931	{
932	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
933	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
934	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
935	} W6;
936	};
937	#if ARCH_BITS == 64
938	uint32_t Padding1; /*< 0x054 / /
939	#endif
940	} W6, W7, W8, W80, W81;
941	struct
942	{
943	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
944	PVOID SparePtr2; /*< 0x048 / 0x024 /
945	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
946	#if ARCH_BITS == 64
947	uint32_t Padding1; /*< 0x054 / /
948	#endif
949	} W52;
950	struct
951	{
952	PVOID FastPebLockRoutine; /*< NA / 0x020 /
953	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
954	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
955	} W51;
956	} Diff1;
957	union
958	{
959	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
960	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
961	};
962	uint32_t SystemReserved; /*< 0x060 / 0x030 /
963	union
964	{
965	struct
966	{
967	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
968	} W7, W8, W80, W81;
969	struct
970	{
971	uint32_t SpareUlong; /*< 0x064 / 0x034 /
972	} W52, W6;
973	struct
974	{
975	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
976	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
977	} W51;
978	} Diff2;
979	union
980	{
981	struct
982	{
983	PVOID ApiSetMap; /*< 0x068 / 0x038 /
984	} W7, W8, W80, W81;
985	struct
986	{
987	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
988	} W52, W6;
989	struct
990	{
991	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
992	} W51;
993	} Diff3;
994	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
995	#if ARCH_BITS == 64
996	uint32_t Padding2; /*< 0x074 / NA /
997	#endif
998	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
999	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
1000	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
1001	union
1002	{
1003	struct
1004	{
1005	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
1006	} W81;
1007	struct
1008	{
1009	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
1010	} W6, W7, W80;
1011	struct
1012	{
1013	PVOID ReadOnlySharedMemoryHeap;
1014	} W52;
1015	} Diff4;
1016	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
1017	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
1018	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
1019	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
1020	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
1021	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
1022	#if ARCH_BITS == 32
1023	uint32_t Padding2b;
1024	#endif
1025	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
1026	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
1027	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
1028	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
1029	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
1030	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
1031	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
1032	PVOID ProcessHeaps; /< 0x0f0 / 0x090 - Last NT 3.51 member. /
1033	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
1034	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
1035	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
1036	#if ARCH_BITS == 64
1037	uint32_t Padding3; /*< 0x10c / NA /
1038	#endif
1039	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
1040	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
1041	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
1042	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
1043	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
1044	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
1045	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
1046	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
1047	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
1048	#if ARCH_BITS == 64
1049	uint32_t Padding4; /*< 0x134 / NA /
1050	#endif
1051	union
1052	{
1053	struct
1054	{
1055	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
1056	} W7, W8, W80, W81;
1057	struct
1058	{
1059	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
1060	} W52, W6;
1061	} Diff5;
1062	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
1063	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
1064	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
1065	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
1066	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
1067	#if ARCH_BITS == 64
1068	uint32_t Padding5; /*< 0x2c4 / NA /
1069	#endif
1070	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
1071	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
1072	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
1073	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
1074	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
1075	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
1076	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
1077	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
1078	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
1079	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
1080	/* End of PEB in W52 (Windows XP (RTM))! */
1081	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
1082	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
1083	PVOID FlsBitmap; /*< 0x338 / 0x218 /
1084	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
1085	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
1086	/* End of PEB in W52 (Windows Server 2003)! */
1087	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
1088	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
1089	/* End of PEB in W6 (windows Vista)! */
1090	union
1091	{
1092	struct
1093	{
1094	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
1095	} W8, W80, W81;
1096	struct
1097	{
1098	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
1099	} W7;
1100	} Diff6;
1101	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
1102	union
1103	{
1104	uint32_t TracingFlags; /*< 0x378 / 0x240 /
1105	struct
1106	{
1107	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1108	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1109	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
1110	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
1111	} W8, W80, W81;
1112	struct
1113	{
1114	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1115	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1116	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
1117	} W7;
1118	} Diff7;
1119	#if ARCH_BITS == 64
1120	uint32_t Padding6; /*< 0x37c / NA /
1121	#endif
1122	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
1123	/* End of PEB in W8, W81. */
1124	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
1125	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
1126	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
1127	#if ARCH_BITS == 32
1128	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
1129	#endif
1130	} PEB_COMMON;
1131	typedef PEB_COMMON *PPEB_COMMON;
1132
1133	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1134	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1135	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1136	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1137	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1138	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1139	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1140	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1141	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1142
1143	/** The size of the windows 10 (build 14393) PEB structure. */
1144	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1145	/** The size of the windows 8.1 PEB structure. */
1146	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1147	/** The size of the windows 8.0 PEB structure. */
1148	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1149	/** The size of the windows 7 PEB structure. */
1150	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1151	/** The size of the windows vista PEB structure. */
1152	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1153	/** The size of the windows server 2003 PEB structure. */
1154	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1155	/** The size of the windows XP PEB structure. */
1156	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1157
1158	#if 0
1159	typedef struct _NT_TIB
1160	{
1161	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1162	PVOID StackBase;
1163	PVOID StackLimit;
1164	PVOID SubSystemTib;
1165	union
1166	{
1167	PVOID FiberData;
1168	ULONG Version;
1169	};
1170	PVOID ArbitraryUserPointer;
1171	struct _NT_TIB *Self;
1172	} NT_TIB;
1173	typedef NT_TIB *PNT_TIB;
1174	#endif
1175
1176	typedef struct _ACTIVATION_CONTEXT_STACK
1177	{
1178	uint32_t Flags;
1179	uint32_t NextCookieSequenceNumber;
1180	PVOID ActiveFrame;
1181	LIST_ENTRY FrameListCache;
1182	} ACTIVATION_CONTEXT_STACK;
1183
1184	/* Common TEB. */
1185	typedef struct _TEB_COMMON
1186	{
1187	NT_TIB NtTib; /*< 0x000 / 0x000 /
1188	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1189	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1190	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1191	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1192	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1193	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1194	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1195	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1196	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1197	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1198	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1199	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1200	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1201	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1202	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1203	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1204	#if ARCH_BITS == 64
1205	uint32_t Padding0; /*< 0x2c4 / NA /
1206	#endif
1207	union
1208	{
1209	struct
1210	{
1211	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1212	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1213	} W52, W6, W7, W8, W80, W81;
1214	#if ARCH_BITS == 32
1215	struct
1216	{
1217	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1218	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1219	} W51;
1220	#endif
1221	} Diff0;
1222	union
1223	{
1224	struct
1225	{
1226	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1227	} W6, W7, W8, W80, W81;
1228	struct
1229	{
1230	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1231	} W52;
1232	} Diff1;
1233	#if ARCH_BITS == 64
1234	uint32_t Padding1; /*< 0x2ec / NA /
1235	#endif
1236	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1237	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1238	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1239	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1240	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1241	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1242	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1243	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1244	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1245	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1246	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1247	PVOID glSection; /*< 0x1230 / 0xbe4 /
1248	PVOID glTable; /*< 0x1238 / 0xbe8 /
1249	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1250	PVOID glContext; /*< 0x1248 / 0xbf0 /
1251	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1252	#if ARCH_BITS == 64
1253	uint32_t Padding2; /*< 0x1254 / NA /
1254	#endif
1255	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1256	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1257	#if ARCH_BITS == 64
1258	WCHAR Padding3[3]; /*< 0x1472 / NA /
1259	#endif
1260	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1261	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1262	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1263	PVOID Vdm; /*< 0x1690 / 0xf18 /
1264	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1265	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1266	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1267	#if ARCH_BITS == 64
1268	uint32_t Padding4; /*< 0x16b4 / NA /
1269	#endif
1270	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1271	union
1272	{
1273	struct
1274	{
1275	GUID ActivityId; /*< 0x1710 / 0xf50 /
1276	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1277	} W6, W7, W8, W80, W81;
1278	struct
1279	{
1280	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1281	} W52;
1282	} Diff2;
1283	union /*< 0x1728 / 0xf64 /
1284	{
1285	struct
1286	{
1287	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1288	} W8, W80, W81;
1289	struct
1290	{
1291	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1292	} W7, W6;
1293	struct
1294	{
1295	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1296	} W52;
1297	struct
1298	{
1299	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1300	} W51;
1301	} Diff3;
1302	union
1303	{
1304	struct
1305	{
1306	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1307	} W52, W6, W7, W8, W80, W81;
1308	struct
1309	{
1310	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1311	} W51;
1312	} Diff4;
1313	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1314	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1315	union
1316	{
1317	union
1318	{
1319	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1320	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1321	struct
1322	{
1323	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1324	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1325	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1326	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1327	};
1328	} W6, W7, W8, W80, W81;
1329	struct
1330	{
1331	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1332	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1333	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1334	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1335	} W51, W52;
1336	} Diff5;
1337	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1338	#if ARCH_BITS == 64
1339	uint32_t Padding5; /*< 0x174c / NA /
1340	#endif
1341	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1342	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1343	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1344	#if ARCH_BITS == 64
1345	uint32_t Padding6; /*< 0x1764 / NA /
1346	#endif
1347	union /*< 0x1770 / 0xf8c /
1348	{
1349	struct
1350	{
1351	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1352	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1353	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1354	} W8, W80, W81;
1355	struct
1356	{
1357	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1358	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1359	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1360	} W6, W7;
1361	struct
1362	{
1363	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1364	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1365	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1366	} W52;
1367	#if ARCH_BITS == 32
1368	struct _Wx86ThreadState
1369	{
1370	PVOID CallBx86Eip; /*< NA / 0xf88 /
1371	PVOID DeallocationCpu; /*< NA / 0xf8c /
1372	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1373	int8_t OleStubInvoked; /*< NA / 0xf91 /
1374	} W51;
1375	#endif
1376	} Diff6;
1377	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1378	#if ARCH_BITS == 64
1379	PVOID DallocationBStore; /*< 0x1788 / NA /
1380	PVOID BStoreLimit; /*< 0x1790 / NA /
1381	#endif
1382	union
1383	{
1384	struct
1385	{
1386	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1387	} W7, W8, W80, W81;
1388	struct
1389	{
1390	uint32_t ImpersonationLocale;
1391	} W6;
1392	} Diff7;
1393	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1394	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1395	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1396	union /*< 0x17b0 / 0xfa8 /
1397	{
1398	struct
1399	{
1400	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1401	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1402	} W8, W80, W81;
1403	struct
1404	{
1405	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1406	} W7;
1407	} Diff8;
1408	#if ARCH_BITS == 64
1409	uint32_t Padding7; /*< 0x17b4 / NA /
1410	#endif
1411	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1412	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1413	/* End of TEB in W51 (Windows XP)! */
1414	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1415	union
1416	{
1417	struct
1418	{
1419	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1420	} W6, W7, W8, W80, W81;
1421	struct
1422	{
1423	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1424	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1425	/* End of TEB in W52 (Windows server 2003)! */
1426	} W52;
1427	} Diff9;
1428	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1429	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1430	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1431	union
1432	{
1433	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1434	struct
1435	{
1436	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1437	};
1438	};
1439	union
1440	{
1441	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1442	struct
1443	{
1444	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1445	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1446	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1447	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1448	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1449	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1450	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1451	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1452	} Common;
1453	struct
1454	{
1455	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1456	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1457	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1458	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1459	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1460	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1461	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1462	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1463	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1464	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1465	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1466	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1467	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1468	} W8, W80, W81;
1469	struct
1470	{
1471	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1472	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1473	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1474	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1475	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1476	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1477	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1478	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1479	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1480	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1481	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1482	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1483	} W7;
1484	struct
1485	{
1486	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1487	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1488	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1489	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1490	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1491	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1492	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1493	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1494	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1495	} W6;
1496	} Diff10;
1497	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1498	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1499	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1500	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1501	union
1502	{
1503	struct
1504	{
1505	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1506	} W7, W8, W80, W81;
1507	struct
1508	{
1509	uint32_t ProcessRundown;
1510	} W6;
1511	} Diff11;
1512	union
1513	{
1514	struct
1515	{
1516	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1517	/* End of TEB in W7 (windows 7)! */
1518	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1519	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1520	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1521	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1522	/* End of TEB in W10 14393! */
1523	} W8, W80, W81, W10;
1524	struct
1525	{
1526	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1527	} W7;
1528	struct
1529	{
1530	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1531	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1532	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1533	/* End of TEB in W6 (windows Vista)! */
1534	} W6;
1535	} Diff12;
1536	} TEB_COMMON;
1537	typedef TEB_COMMON *PTEB_COMMON;
1538	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1539	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1540	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1541	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1542	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1543	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1544	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1545	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1546	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1547	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1548	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1549	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1550	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1551
1552
1553	/** The size of the windows 8.1 PEB structure. */
1554	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1555	/** The size of the windows 8.1 PEB structure. */
1556	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1557	/** The size of the windows 8.0 PEB structure. */
1558	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1559	/** The size of the windows 7 PEB structure. */
1560	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1561	/** The size of the windows vista PEB structure. */
1562	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1563	/** The size of the windows server 2003 PEB structure. */
1564	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1565	/** The size of the windows XP PEB structure. */
1566	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1567
1568
1569
1570	#define _PEB _PEB_COMMON
1571	typedef PEB_COMMON PEB;
1572	typedef PPEB_COMMON PPEB;
1573
1574	#define _TEB _TEB_COMMON
1575	typedef TEB_COMMON TEB;
1576	typedef PTEB_COMMON PTEB;
1577
1578	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1579	# ifdef RT_ARCH_X86
1580	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1581	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1582	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1583	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1584	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1585	# elif defined(RT_ARCH_AMD64)
1586	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1587	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1588	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1589	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1590	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1591	# else
1592	# error "Port me"
1593	# endif
1594	#else
1595	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1596	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1597	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1598	# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1599	# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1600	#endif
1601	#define NtCurrentPeb() RTNtCurrentPeb()
1602
1603
1604	/** @} */
1605
1606
1607	#ifdef IPRT_NT_USE_WINTERNL
1608	RT_DECL_NTAPI(NTSTATUS) NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1609	typedef enum _SECTION_INHERIT
1610	{
1611	ViewShare = 1,
1612	ViewUnmap
1613	} SECTION_INHERIT;
1614	#endif
1615	RT_DECL_NTAPI(NTSTATUS) NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1616	ULONG, ULONG);
1617	RT_DECL_NTAPI(NTSTATUS) NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1618	RT_DECL_NTAPI(NTSTATUS) NtUnmapViewOfSection(HANDLE, PVOID);
1619
1620	RT_DECL_NTAPI(NTSTATUS) NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1621	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1622	RT_DECL_NTAPI(NTSTATUS) NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1623	RT_DECL_NTAPI(NTSTATUS) ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1624	RT_DECL_NTAPI(NTSTATUS) NtAlertThread(HANDLE hThread);
1625	#ifdef IPRT_NT_USE_WINTERNL
1626	RT_DECL_NTAPI(NTSTATUS) ZwAlertThread(HANDLE hThread);
1627	#endif
1628	RT_DECL_NTAPI(NTSTATUS) NtTestAlert(void);
1629
1630	#ifdef IPRT_NT_USE_WINTERNL
1631	RT_DECL_NTAPI(NTSTATUS) NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1632	RT_DECL_NTAPI(NTSTATUS) NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1633	#endif
1634	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1635	RT_DECL_NTAPI(NTSTATUS) ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1636
1637	#ifdef IPRT_NT_USE_WINTERNL
1638	typedef struct _FILE_FS_VOLUME_INFORMATION
1639	{
1640	LARGE_INTEGER VolumeCreationTime;
1641	ULONG VolumeSerialNumber;
1642	ULONG VolumeLabelLength;
1643	BOOLEAN SupportsObjects;
1644	WCHAR VolumeLabel[1];
1645	} FILE_FS_VOLUME_INFORMATION;
1646	typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1647	typedef struct _FILE_FS_LABEL_INFORMATION
1648	{
1649	ULONG VolumeLabelLength;
1650	WCHAR VolumeLabel[1];
1651	} FILE_FS_LABEL_INFORMATION;
1652	typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1653	typedef struct _FILE_FS_SIZE_INFORMATION
1654	{
1655	LARGE_INTEGER TotalAllocationUnits;
1656	LARGE_INTEGER AvailableAllocationUnits;
1657	ULONG SectorsPerAllocationUnit;
1658	ULONG BytesPerSector;
1659	} FILE_FS_SIZE_INFORMATION;
1660	typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1661	typedef struct _FILE_FS_DEVICE_INFORMATION
1662	{
1663	DEVICE_TYPE DeviceType;
1664	ULONG Characteristics;
1665	} FILE_FS_DEVICE_INFORMATION;
1666	typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1667	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1668	{
1669	ULONG FileSystemAttributes;
1670	LONG MaximumComponentNameLength;
1671	ULONG FileSystemNameLength;
1672	WCHAR FileSystemName[1];
1673	} FILE_FS_ATTRIBUTE_INFORMATION;
1674	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1675	typedef struct _FILE_FS_CONTROL_INFORMATION
1676	{
1677	LARGE_INTEGER FreeSpaceStartFiltering;
1678	LARGE_INTEGER FreeSpaceThreshold;
1679	LARGE_INTEGER FreeSpaceStopFiltering;
1680	LARGE_INTEGER DefaultQuotaThreshold;
1681	LARGE_INTEGER DefaultQuotaLimit;
1682	ULONG FileSystemControlFlags;
1683	} FILE_FS_CONTROL_INFORMATION;
1684	typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1685	typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1686	{
1687	LARGE_INTEGER TotalAllocationUnits;
1688	LARGE_INTEGER CallerAvailableAllocationUnits;
1689	LARGE_INTEGER ActualAvailableAllocationUnits;
1690	ULONG SectorsPerAllocationUnit;
1691	ULONG BytesPerSector;
1692	} FILE_FS_FULL_SIZE_INFORMATION;
1693	typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1694	typedef struct _FILE_FS_OBJECTID_INFORMATION
1695	{
1696	UCHAR ObjectId[16];
1697	UCHAR ExtendedInfo[48];
1698	} FILE_FS_OBJECTID_INFORMATION;
1699	typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1700	typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1701	{
1702	BOOLEAN DriverInPath;
1703	ULONG DriverNameLength;
1704	WCHAR DriverName[1];
1705	} FILE_FS_DRIVER_PATH_INFORMATION;
1706	typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1707	typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1708	{
1709	ULONG Flags;
1710	} FILE_FS_VOLUME_FLAGS_INFORMATION;
1711	typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1712	#endif
1713	#if !defined(SSINFO_OFFSET_UNKNOWN) \|\| defined(IPRT_NT_USE_WINTERNL)
1714	typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1715	{
1716	ULONG LogicalBytesPerSector;
1717	ULONG PhysicalBytesPerSectorForAtomicity;
1718	ULONG PhysicalBytesPerSectorForPerformance;
1719	ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1720	ULONG Flags;
1721	ULONG ByteOffsetForSectorAlignment;
1722	ULONG ByteOffsetForPartitionAlignment;
1723	} FILE_FS_SECTOR_SIZE_INFORMATION;
1724	typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1725	# ifndef SSINFO_OFFSET_UNKNOWN
1726	# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1727	# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1728	# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1729	# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1730	# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1731	# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1732	# endif
1733	#endif
1734	#ifdef IPRT_NT_USE_WINTERNL
1735	typedef struct _FILE_FS_DATA_COPY_INFORMATION
1736	{
1737	ULONG NumberOfCopies;
1738	} FILE_FS_DATA_COPY_INFORMATION;
1739	typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1740	typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1741	{
1742	LARGE_INTEGER TotalMetadataAllocationUnits;
1743	ULONG SectorsPerAllocationUnit;
1744	ULONG BytesPerSector;
1745	} FILE_FS_METADATA_SIZE_INFORMATION;
1746	typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1747	typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1748	{
1749	ULONGLONG ActualTotalAllocationUnits;
1750	ULONGLONG ActualAvailableAllocationUnits;
1751	ULONGLONG ActualPoolUnavailableAllocationUnits;
1752	ULONGLONG CallerTotalAllocationUnits;
1753	ULONGLONG CallerAvailableAllocationUnits;
1754	ULONGLONG CallerPoolUnavailableAllocationUnits;
1755	ULONGLONG UsedAllocationUnits;
1756	ULONGLONG TotalReservedAllocationUnits;
1757	ULONGLONG VolumeStorageReserveAllocationUnits;
1758	ULONGLONG AvailableCommittedAllocationUnits;
1759	ULONGLONG PoolAvailableAllocationUnits;
1760	ULONG SectorsPerAllocationUnit;
1761	ULONG BytesPerSector;
1762	} FILE_FS_FULL_SIZE_INFORMATION_EX;
1763	typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1764	#endif /* IPRT_NT_USE_WINTERNL */
1765
1766	typedef enum _FSINFOCLASS
1767	{
1768	FileFsVolumeInformation = 1,
1769	FileFsLabelInformation,
1770	FileFsSizeInformation, /*< FILE_FS_SIZE_INFORMATION /
1771	FileFsDeviceInformation,
1772	FileFsAttributeInformation,
1773	FileFsControlInformation,
1774	FileFsFullSizeInformation,
1775	FileFsObjectIdInformation,
1776	FileFsDriverPathInformation,
1777	FileFsVolumeFlagsInformation,
1778	FileFsSectorSizeInformation,
1779	FileFsDataCopyInformation,
1780	FileFsMetadataSizeInformation,
1781	FileFsFullSizeInformationEx,
1782	FileFsMaximumInformation
1783	} FS_INFORMATION_CLASS;
1784	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1785	RT_DECL_NTAPI(NTSTATUS) NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1786	RT_DECL_NTAPI(NTSTATUS) NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1787
1788	#ifdef IPRT_NT_USE_WINTERNL
1789	typedef struct _FILE_DIRECTORY_INFORMATION
1790	{
1791	ULONG NextEntryOffset;
1792	ULONG FileIndex;
1793	LARGE_INTEGER CreationTime;
1794	LARGE_INTEGER LastAccessTime;
1795	LARGE_INTEGER LastWriteTime;
1796	LARGE_INTEGER ChangeTime;
1797	LARGE_INTEGER EndOfFile;
1798	LARGE_INTEGER AllocationSize;
1799	ULONG FileAttributes;
1800	ULONG FileNameLength;
1801	WCHAR FileName[1];
1802	} FILE_DIRECTORY_INFORMATION;
1803	typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1804	typedef struct _FILE_FULL_DIR_INFORMATION
1805	{
1806	ULONG NextEntryOffset;
1807	ULONG FileIndex;
1808	LARGE_INTEGER CreationTime;
1809	LARGE_INTEGER LastAccessTime;
1810	LARGE_INTEGER LastWriteTime;
1811	LARGE_INTEGER ChangeTime;
1812	LARGE_INTEGER EndOfFile;
1813	LARGE_INTEGER AllocationSize;
1814	ULONG FileAttributes;
1815	ULONG FileNameLength;
1816	ULONG EaSize;
1817	WCHAR FileName[1];
1818	} FILE_FULL_DIR_INFORMATION;
1819	typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1820	typedef struct _FILE_BOTH_DIR_INFORMATION
1821	{
1822	ULONG NextEntryOffset; /*< 0x00: /
1823	ULONG FileIndex; /*< 0x04: /
1824	LARGE_INTEGER CreationTime; /*< 0x08: /
1825	LARGE_INTEGER LastAccessTime; /*< 0x10: /
1826	LARGE_INTEGER LastWriteTime; /*< 0x18: /
1827	LARGE_INTEGER ChangeTime; /*< 0x20: /
1828	LARGE_INTEGER EndOfFile; /*< 0x28: /
1829	LARGE_INTEGER AllocationSize; /*< 0x30: /
1830	ULONG FileAttributes; /*< 0x38: /
1831	ULONG FileNameLength; /*< 0x3c: /
1832	ULONG EaSize; /*< 0x40: /
1833	CCHAR ShortNameLength; /*< 0x44: /
1834	WCHAR ShortName[12]; /*< 0x46: /
1835	WCHAR FileName[1]; /*< 0x5e: /
1836	} FILE_BOTH_DIR_INFORMATION;
1837	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1838	typedef struct _FILE_BASIC_INFORMATION
1839	{
1840	LARGE_INTEGER CreationTime;
1841	LARGE_INTEGER LastAccessTime;
1842	LARGE_INTEGER LastWriteTime;
1843	LARGE_INTEGER ChangeTime;
1844	ULONG FileAttributes;
1845	} FILE_BASIC_INFORMATION;
1846	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1847	typedef struct _FILE_STANDARD_INFORMATION
1848	{
1849	LARGE_INTEGER AllocationSize;
1850	LARGE_INTEGER EndOfFile;
1851	ULONG NumberOfLinks;
1852	BOOLEAN DeletePending;
1853	BOOLEAN Directory;
1854	} FILE_STANDARD_INFORMATION;
1855	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1856	typedef struct _FILE_NAME_INFORMATION
1857	{
1858	ULONG FileNameLength;
1859	WCHAR FileName[1];
1860	} FILE_NAME_INFORMATION;
1861	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1862	typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1863	typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1864	typedef struct _FILE_INTERNAL_INFORMATION
1865	{
1866	LARGE_INTEGER IndexNumber;
1867	} FILE_INTERNAL_INFORMATION;
1868	typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1869	typedef struct _FILE_EA_INFORMATION
1870	{
1871	ULONG EaSize;
1872	} FILE_EA_INFORMATION;
1873	typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1874	typedef struct _FILE_ACCESS_INFORMATION
1875	{
1876	ACCESS_MASK AccessFlags;
1877	} FILE_ACCESS_INFORMATION;
1878	typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1879	typedef struct _FILE_RENAME_INFORMATION
1880	{
1881	union
1882	{
1883	BOOLEAN ReplaceIfExists;
1884	ULONG Flags;
1885	};
1886	HANDLE RootDirectory;
1887	ULONG FileNameLength;
1888	WCHAR FileName[1];
1889	} FILE_RENAME_INFORMATION;
1890	typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1891	typedef struct _FILE_LINK_INFORMATION
1892	{
1893	union
1894	{
1895	BOOLEAN ReplaceIfExists;
1896	ULONG Flags;
1897	};
1898	HANDLE RootDirectory;
1899	ULONG FileNameLength;
1900	WCHAR FileName[1];
1901	} FILE_LINK_INFORMATION;
1902	typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1903	typedef struct _FILE_NAMES_INFORMATION
1904	{
1905	ULONG NextEntryOffset;
1906	ULONG FileIndex;
1907	ULONG FileNameLength;
1908	WCHAR FileName[1];
1909	} FILE_NAMES_INFORMATION;
1910	typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1911	typedef struct _FILE_DISPOSITION_INFORMATION
1912	{
1913	BOOLEAN DeleteFile;
1914	} FILE_DISPOSITION_INFORMATION;
1915	typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1916	typedef struct _FILE_POSITION_INFORMATION
1917	{
1918	LARGE_INTEGER CurrentByteOffset;
1919	} FILE_POSITION_INFORMATION;
1920	typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1921	typedef struct _FILE_FULL_EA_INFORMATION
1922	{
1923	ULONG NextEntryOffset;
1924	UCHAR Flags;
1925	UCHAR EaNameLength;
1926	USHORT EaValueLength;
1927	CHAR EaName[1];
1928	} FILE_FULL_EA_INFORMATION;
1929	typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1930	typedef struct _FILE_MODE_INFORMATION
1931	{
1932	ULONG Mode;
1933	} FILE_MODE_INFORMATION;
1934	typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1935	typedef struct _FILE_ALIGNMENT_INFORMATION
1936	{
1937	ULONG AlignmentRequirement;
1938	} FILE_ALIGNMENT_INFORMATION;
1939	typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1940	typedef struct _FILE_ALL_INFORMATION
1941	{
1942	FILE_BASIC_INFORMATION BasicInformation;
1943	FILE_STANDARD_INFORMATION StandardInformation;
1944	FILE_INTERNAL_INFORMATION InternalInformation;
1945	FILE_EA_INFORMATION EaInformation;
1946	FILE_ACCESS_INFORMATION AccessInformation;
1947	FILE_POSITION_INFORMATION PositionInformation;
1948	FILE_MODE_INFORMATION ModeInformation;
1949	FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1950	FILE_NAME_INFORMATION NameInformation;
1951	} FILE_ALL_INFORMATION;
1952	typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1953	typedef struct _FILE_ALLOCATION_INFORMATION
1954	{
1955	LARGE_INTEGER AllocationSize;
1956	} FILE_ALLOCATION_INFORMATION;
1957	typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1958	typedef struct _FILE_END_OF_FILE_INFORMATION
1959	{
1960	LARGE_INTEGER EndOfFile;
1961	} FILE_END_OF_FILE_INFORMATION;
1962	typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1963	typedef struct _FILE_STREAM_INFORMATION
1964	{
1965	ULONG NextEntryOffset;
1966	ULONG StreamNameLength;
1967	LARGE_INTEGER StreamSize;
1968	LARGE_INTEGER StreamAllocationSize;
1969	WCHAR StreamName[1];
1970	} FILE_STREAM_INFORMATION;
1971	typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
1972	typedef struct _FILE_PIPE_INFORMATION
1973	{
1974	ULONG ReadMode;
1975	ULONG CompletionMode;
1976	} FILE_PIPE_INFORMATION;
1977	typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
1978
1979	typedef struct _FILE_PIPE_LOCAL_INFORMATION
1980	{
1981	ULONG NamedPipeType;
1982	ULONG NamedPipeConfiguration;
1983	ULONG MaximumInstances;
1984	ULONG CurrentInstances;
1985	ULONG InboundQuota;
1986	ULONG ReadDataAvailable;
1987	ULONG OutboundQuota;
1988	ULONG WriteQuotaAvailable;
1989	ULONG NamedPipeState;
1990	ULONG NamedPipeEnd;
1991	} FILE_PIPE_LOCAL_INFORMATION;
1992	typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
1993
1994	typedef struct _FILE_PIPE_REMOTE_INFORMATION
1995	{
1996	LARGE_INTEGER CollectDataTime;
1997	ULONG MaximumCollectionCount;
1998	} FILE_PIPE_REMOTE_INFORMATION;
1999	typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
2000	typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
2001	{
2002	ULONG MaximumMessageSize;
2003	ULONG MailslotQuota;
2004	ULONG NextMessageSize;
2005	ULONG MessagesAvailable;
2006	LARGE_INTEGER ReadTimeout;
2007	} FILE_MAILSLOT_QUERY_INFORMATION;
2008	typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
2009	typedef struct _FILE_MAILSLOT_SET_INFORMATION
2010	{
2011	PLARGE_INTEGER ReadTimeout;
2012	} FILE_MAILSLOT_SET_INFORMATION;
2013	typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2014	typedef struct _FILE_COMPRESSION_INFORMATION
2015	{
2016	LARGE_INTEGER CompressedFileSize;
2017	USHORT CompressionFormat;
2018	UCHAR CompressionUnitShift;
2019	UCHAR ChunkShift;
2020	UCHAR ClusterShift;
2021	UCHAR Reserved[3];
2022	} FILE_COMPRESSION_INFORMATION;
2023	typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2024	typedef struct _FILE_OBJECTID_INFORMATION
2025	{
2026	LONGLONG FileReference;
2027	UCHAR ObjectId[16];
2028	union
2029	{
2030	struct
2031	{
2032	UCHAR BirthVolumeId[16];
2033	UCHAR BirthObjectId[16];
2034	UCHAR DomainId[16];
2035	};
2036	UCHAR ExtendedInfo[48];
2037	};
2038	} FILE_OBJECTID_INFORMATION;
2039	typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2040	typedef struct _FILE_COMPLETION_INFORMATION
2041	{
2042	HANDLE Port;
2043	PVOID Key;
2044	} FILE_COMPLETION_INFORMATION;
2045	typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2046	typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2047	{
2048	ULONG ClusterCount;
2049	HANDLE RootDirectory;
2050	ULONG FileNameLength;
2051	WCHAR FileName[1];
2052	} FILE_MOVE_CLUSTER_INFORMATION;
2053	typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2054	typedef struct _FILE_QUOTA_INFORMATION
2055	{
2056	ULONG NextEntryOffset;
2057	ULONG SidLength;
2058	LARGE_INTEGER ChangeTime;
2059	LARGE_INTEGER QuotaUsed;
2060	LARGE_INTEGER QuotaThreshold;
2061	LARGE_INTEGER QuotaLimit;
2062	SID Sid;
2063	} FILE_QUOTA_INFORMATION;
2064	typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2065	typedef struct _FILE_REPARSE_POINT_INFORMATION
2066	{
2067	LONGLONG FileReference;
2068	ULONG Tag;
2069	} FILE_REPARSE_POINT_INFORMATION;
2070	typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2071	typedef struct _FILE_NETWORK_OPEN_INFORMATION
2072	{
2073	LARGE_INTEGER CreationTime;
2074	LARGE_INTEGER LastAccessTime;
2075	LARGE_INTEGER LastWriteTime;
2076	LARGE_INTEGER ChangeTime;
2077	LARGE_INTEGER AllocationSize;
2078	LARGE_INTEGER EndOfFile;
2079	ULONG FileAttributes;
2080	} FILE_NETWORK_OPEN_INFORMATION;
2081	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2082	typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2083	{
2084	ULONG FileAttributes;
2085	ULONG ReparseTag;
2086	} FILE_ATTRIBUTE_TAG_INFORMATION;
2087	typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2088	typedef struct _FILE_TRACKING_INFORMATION
2089	{
2090	HANDLE DestinationFile;
2091	ULONG ObjectInformationLength;
2092	CHAR ObjectInformation[1];
2093	} FILE_TRACKING_INFORMATION;
2094	typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2095	typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2096	{
2097	ULONG NextEntryOffset;
2098	ULONG FileIndex;
2099	LARGE_INTEGER CreationTime;
2100	LARGE_INTEGER LastAccessTime;
2101	LARGE_INTEGER LastWriteTime;
2102	LARGE_INTEGER ChangeTime;
2103	LARGE_INTEGER EndOfFile;
2104	LARGE_INTEGER AllocationSize;
2105	ULONG FileAttributes;
2106	ULONG FileNameLength;
2107	ULONG EaSize;
2108	CCHAR ShortNameLength;
2109	WCHAR ShortName[12];
2110	LARGE_INTEGER FileId;
2111	WCHAR FileName[1];
2112	} FILE_ID_BOTH_DIR_INFORMATION;
2113	typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2114	typedef struct _FILE_ID_FULL_DIR_INFORMATION
2115	{
2116	ULONG NextEntryOffset;
2117	ULONG FileIndex;
2118	LARGE_INTEGER CreationTime;
2119	LARGE_INTEGER LastAccessTime;
2120	LARGE_INTEGER LastWriteTime;
2121	LARGE_INTEGER ChangeTime;
2122	LARGE_INTEGER EndOfFile;
2123	LARGE_INTEGER AllocationSize;
2124	ULONG FileAttributes;
2125	ULONG FileNameLength;
2126	ULONG EaSize;
2127	LARGE_INTEGER FileId;
2128	WCHAR FileName[1];
2129	} FILE_ID_FULL_DIR_INFORMATION;
2130	typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2131	typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2132	{
2133	LARGE_INTEGER ValidDataLength;
2134	} FILE_VALID_DATA_LENGTH_INFORMATION;
2135	typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2136	typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2137	{
2138	ULONG Flags;
2139	} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2140	typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2141	typedef enum _IO_PRIORITY_HINT
2142	{
2143	IoPriorityVeryLow = 0,
2144	IoPriorityLow,
2145	IoPriorityNormal,
2146	IoPriorityHigh,
2147	IoPriorityCritical,
2148	MaxIoPriorityTypes
2149	} IO_PRIORITY_HINT;
2150	AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2151	typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2152	{
2153	IO_PRIORITY_HINT PriorityHint;
2154	} FILE_IO_PRIORITY_HINT_INFORMATION;
2155	typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2156	typedef struct _FILE_SFIO_RESERVE_INFORMATION
2157	{
2158	ULONG RequestsPerPeriod;
2159	ULONG Period;
2160	BOOLEAN RetryFailures;
2161	BOOLEAN Discardable;
2162	ULONG RequestSize;
2163	ULONG NumOutstandingRequests;
2164	} FILE_SFIO_RESERVE_INFORMATION;
2165	typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2166	typedef struct _FILE_SFIO_VOLUME_INFORMATION
2167	{
2168	ULONG MaximumRequestsPerPeriod;
2169	ULONG MinimumPeriod;
2170	ULONG MinimumTransferSize;
2171	} FILE_SFIO_VOLUME_INFORMATION;
2172	typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2173	typedef struct _FILE_LINK_ENTRY_INFORMATION
2174	{
2175	ULONG NextEntryOffset;
2176	LONGLONG ParentFileId;
2177	ULONG FileNameLength;
2178	WCHAR FileName[1];
2179	} FILE_LINK_ENTRY_INFORMATION;
2180	typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2181	typedef struct _FILE_LINKS_INFORMATION
2182	{
2183	ULONG BytesNeeded;
2184	ULONG EntriesReturned;
2185	FILE_LINK_ENTRY_INFORMATION Entry;
2186	} FILE_LINKS_INFORMATION;
2187	typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2188	typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2189	{
2190	ULONG NumberOfProcessIdsInList;
2191	ULONG_PTR ProcessIdList[1];
2192	} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2193	typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2194	typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2195	{
2196	ULONG NextEntryOffset;
2197	ULONG FileIndex;
2198	LARGE_INTEGER CreationTime;
2199	LARGE_INTEGER LastAccessTime;
2200	LARGE_INTEGER LastWriteTime;
2201	LARGE_INTEGER ChangeTime;
2202	LARGE_INTEGER EndOfFile;
2203	LARGE_INTEGER AllocationSize;
2204	ULONG FileAttributes;
2205	ULONG FileNameLength;
2206	LARGE_INTEGER FileId;
2207	GUID LockingTransactionId;
2208	ULONG TxInfoFlags;
2209	WCHAR FileName[1];
2210	} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2211	typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2212	typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2213	{
2214	BOOLEAN IsRemote;
2215	} FILE_IS_REMOTE_DEVICE_INFORMATION;
2216	typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2217	typedef struct _FILE_NUMA_NODE_INFORMATION
2218	{
2219	USHORT NodeNumber;
2220	} FILE_NUMA_NODE_INFORMATION;
2221	typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2222	typedef struct _FILE_STANDARD_LINK_INFORMATION
2223	{
2224	ULONG NumberOfAccessibleLinks;
2225	ULONG TotalNumberOfLinks;
2226	BOOLEAN DeletePending;
2227	BOOLEAN Directory;
2228	} FILE_STANDARD_LINK_INFORMATION;
2229	typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2230	typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2231	{
2232	USHORT StructureVersion;
2233	USHORT StructureSize;
2234	ULONG Protocol;
2235	USHORT ProtocolMajorVersion;
2236	USHORT ProtocolMinorVersion;
2237	USHORT ProtocolRevision;
2238	USHORT Reserved;
2239	ULONG Flags;
2240	struct
2241	{
2242	ULONG Reserved[8];
2243	} GenericReserved;
2244	struct
2245	{
2246	ULONG Reserved[16];
2247	} ProtocolSpecificReserved;
2248	} FILE_REMOTE_PROTOCOL_INFORMATION;
2249	typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2250	typedef struct _FILE_VOLUME_NAME_INFORMATION
2251	{
2252	ULONG DeviceNameLength;
2253	WCHAR DeviceName[1];
2254	} FILE_VOLUME_NAME_INFORMATION;
2255	typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2256	# ifndef FILE_INVALID_FILE_ID
2257	typedef struct _FILE_ID_128
2258	{
2259	BYTE Identifier[16];
2260	} FILE_ID_128;
2261	typedef FILE_ID_128 *PFILE_ID_128;
2262	# endif
2263	typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2264	{
2265	ULONG NextEntryOffset;
2266	ULONG FileIndex;
2267	LARGE_INTEGER CreationTime;
2268	LARGE_INTEGER LastAccessTime;
2269	LARGE_INTEGER LastWriteTime;
2270	LARGE_INTEGER ChangeTime;
2271	LARGE_INTEGER EndOfFile;
2272	LARGE_INTEGER AllocationSize;
2273	ULONG FileAttributes;
2274	ULONG FileNameLength;
2275	ULONG EaSize;
2276	ULONG ReparsePointTag;
2277	FILE_ID_128 FileId;
2278	WCHAR FileName[1];
2279	} FILE_ID_EXTD_DIR_INFORMATION;
2280	typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2281	typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2282	{
2283	ULONG NextEntryOffset;
2284	ULONG FileIndex;
2285	LARGE_INTEGER CreationTime;
2286	LARGE_INTEGER LastAccessTime;
2287	LARGE_INTEGER LastWriteTime;
2288	LARGE_INTEGER ChangeTime;
2289	LARGE_INTEGER EndOfFile;
2290	LARGE_INTEGER AllocationSize;
2291	ULONG FileAttributes;
2292	ULONG FileNameLength;
2293	ULONG EaSize;
2294	ULONG ReparsePointTag;
2295	FILE_ID_128 FileId;
2296	CCHAR ShortNameLength;
2297	WCHAR ShortName[12];
2298	WCHAR FileName[1];
2299	} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2300	typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2301	typedef struct _FILE_ID_INFORMATION
2302	{
2303	ULONGLONG VolumeSerialNumber;
2304	FILE_ID_128 FileId;
2305	} FILE_ID_INFORMATION;
2306	typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2307	typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2308	{
2309	ULONG NextEntryOffset;
2310	FILE_ID_128 ParentFileId;
2311	ULONG FileNameLength;
2312	WCHAR FileName[1];
2313	} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2314	typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2315	typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2316	ULONG BytesNeeded;
2317	ULONG EntriesReturned;
2318	FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2319	} FILE_LINKS_FULL_ID_INFORMATION;
2320	typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2321	typedef struct _FILE_DISPOSITION_INFORMATION_EX
2322	{
2323	ULONG Flags;
2324	} FILE_DISPOSITION_INFORMATION_EX;
2325	typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2326	# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2327	typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2328	{
2329	/FILE_STORAGE_TIER_CLASS/ ULONG Class;
2330	ULONG Flags;
2331	} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2332	typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2333	# endif
2334	typedef struct _FILE_STAT_INFORMATION
2335	{
2336	LARGE_INTEGER FileId;
2337	LARGE_INTEGER CreationTime;
2338	LARGE_INTEGER LastAccessTime;
2339	LARGE_INTEGER LastWriteTime;
2340	LARGE_INTEGER ChangeTime;
2341	LARGE_INTEGER AllocationSize;
2342	LARGE_INTEGER EndOfFile;
2343	ULONG FileAttributes;
2344	ULONG ReparseTag;
2345	ULONG NumberOfLinks;
2346	ACCESS_MASK EffectiveAccess;
2347	} FILE_STAT_INFORMATION;
2348	typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2349	typedef struct _FILE_STAT_LX_INFORMATION
2350	{
2351	LARGE_INTEGER FileId;
2352	LARGE_INTEGER CreationTime;
2353	LARGE_INTEGER LastAccessTime;
2354	LARGE_INTEGER LastWriteTime;
2355	LARGE_INTEGER ChangeTime;
2356	LARGE_INTEGER AllocationSize;
2357	LARGE_INTEGER EndOfFile;
2358	ULONG FileAttributes;
2359	ULONG ReparseTag;
2360	ULONG NumberOfLinks;
2361	ACCESS_MASK EffectiveAccess;
2362	ULONG LxFlags;
2363	ULONG LxUid;
2364	ULONG LxGid;
2365	ULONG LxMode;
2366	ULONG LxDeviceIdMajor;
2367	ULONG LxDeviceIdMinor;
2368	} FILE_STAT_LX_INFORMATION;
2369	typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2370	typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2371	{
2372	ULONG Flags;
2373	} FILE_CASE_SENSITIVE_INFORMATION;
2374	typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2375
2376	typedef enum _FILE_INFORMATION_CLASS
2377	{
2378	FileDirectoryInformation = 1,
2379	FileFullDirectoryInformation,
2380	FileBothDirectoryInformation,
2381	FileBasicInformation,
2382	FileStandardInformation,
2383	FileInternalInformation,
2384	FileEaInformation,
2385	FileAccessInformation,
2386	FileNameInformation,
2387	FileRenameInformation,
2388	FileLinkInformation,
2389	FileNamesInformation,
2390	FileDispositionInformation,
2391	FilePositionInformation,
2392	FileFullEaInformation,
2393	FileModeInformation,
2394	FileAlignmentInformation,
2395	FileAllInformation,
2396	FileAllocationInformation,
2397	FileEndOfFileInformation,
2398	FileAlternateNameInformation,
2399	FileStreamInformation,
2400	FilePipeInformation,
2401	FilePipeLocalInformation,
2402	FilePipeRemoteInformation,
2403	FileMailslotQueryInformation,
2404	FileMailslotSetInformation,
2405	FileCompressionInformation,
2406	FileObjectIdInformation,
2407	FileCompletionInformation,
2408	FileMoveClusterInformation,
2409	FileQuotaInformation,
2410	FileReparsePointInformation,
2411	FileNetworkOpenInformation,
2412	FileAttributeTagInformation,
2413	FileTrackingInformation,
2414	FileIdBothDirectoryInformation,
2415	FileIdFullDirectoryInformation,
2416	FileValidDataLengthInformation,
2417	FileShortNameInformation,
2418	FileIoCompletionNotificationInformation,
2419	FileIoStatusBlockRangeInformation,
2420	FileIoPriorityHintInformation,
2421	FileSfioReserveInformation,
2422	FileSfioVolumeInformation,
2423	FileHardLinkInformation,
2424	FileProcessIdsUsingFileInformation,
2425	FileNormalizedNameInformation,
2426	FileNetworkPhysicalNameInformation,
2427	FileIdGlobalTxDirectoryInformation,
2428	FileIsRemoteDeviceInformation,
2429	FileUnusedInformation,
2430	FileNumaNodeInformation,
2431	FileStandardLinkInformation,
2432	FileRemoteProtocolInformation,
2433	/* Defined with Windows 10: */
2434	FileRenameInformationBypassAccessCheck,
2435	FileLinkInformationBypassAccessCheck,
2436	FileVolumeNameInformation,
2437	FileIdInformation,
2438	FileIdExtdDirectoryInformation,
2439	FileReplaceCompletionInformation,
2440	FileHardLinkFullIdInformation,
2441	FileIdExtdBothDirectoryInformation,
2442	FileDispositionInformationEx,
2443	FileRenameInformationEx,
2444	FileRenameInformationExBypassAccessCheck,
2445	FileDesiredStorageClassInformation,
2446	FileStatInformation,
2447	FileMemoryPartitionInformation,
2448	FileStatLxInformation,
2449	FileCaseSensitiveInformation,
2450	FileLinkInformationEx,
2451	FileLinkInformationExBypassAccessCheck,
2452	FileStorageReserveIdInformation,
2453	FileCaseSensitiveInformationForceAccessCheck,
2454	FileMaximumInformation
2455	} FILE_INFORMATION_CLASS;
2456	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2457	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2458	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2459	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2460	RT_DECL_NTAPI(NTSTATUS) NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2461	#endif /* IPRT_NT_USE_WINTERNL */
2462	RT_DECL_NTAPI(NTSTATUS) NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2463	RT_DECL_NTAPI(NTSTATUS) NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2464
2465
2466	/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2467	* @{ */
2468	#ifndef SE_GROUP_MANDATORY
2469	# define SE_GROUP_MANDATORY UINT32_C(0x01)
2470	#endif
2471	#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2472	# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2473	#endif
2474	#ifndef SE_GROUP_ENABLED
2475	# define SE_GROUP_ENABLED UINT32_C(0x04)
2476	#endif
2477	#ifndef SE_GROUP_OWNER
2478	# define SE_GROUP_OWNER UINT32_C(0x08)
2479	#endif
2480	#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2481	# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2482	#endif
2483	#ifndef SE_GROUP_INTEGRITY
2484	# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2485	#endif
2486	#ifndef SE_GROUP_INTEGRITY_ENABLED
2487	# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2488	#endif
2489	#ifndef SE_GROUP_RESOURCE
2490	# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2491	#endif
2492	#ifndef SE_GROUP_LOGON_ID
2493	# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2494	#endif
2495	/** @} */
2496
2497
2498	#ifdef IPRT_NT_USE_WINTERNL
2499
2500	/** For use with KeyBasicInformation. */
2501	typedef struct _KEY_BASIC_INFORMATION
2502	{
2503	LARGE_INTEGER LastWriteTime;
2504	ULONG TitleIndex;
2505	ULONG NameLength;
2506	WCHAR Name[1];
2507	} KEY_BASIC_INFORMATION;
2508	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2509
2510	/** For use with KeyNodeInformation. */
2511	typedef struct _KEY_NODE_INFORMATION
2512	{
2513	LARGE_INTEGER LastWriteTime;
2514	ULONG TitleIndex;
2515	ULONG ClassOffset; /*< Offset from the start of the structure. /
2516	ULONG ClassLength;
2517	ULONG NameLength;
2518	WCHAR Name[1];
2519	} KEY_NODE_INFORMATION;
2520	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2521
2522	/** For use with KeyFullInformation. */
2523	typedef struct _KEY_FULL_INFORMATION
2524	{
2525	LARGE_INTEGER LastWriteTime;
2526	ULONG TitleIndex;
2527	ULONG ClassOffset; /*< Offset of the Class member. /
2528	ULONG ClassLength;
2529	ULONG SubKeys;
2530	ULONG MaxNameLen;
2531	ULONG MaxClassLen;
2532	ULONG Values;
2533	ULONG MaxValueNameLen;
2534	ULONG MaxValueDataLen;
2535	WCHAR Class[1];
2536	} KEY_FULL_INFORMATION;
2537	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2538
2539	/** For use with KeyNameInformation. */
2540	typedef struct _KEY_NAME_INFORMATION
2541	{
2542	ULONG NameLength;
2543	WCHAR Name[1];
2544	} KEY_NAME_INFORMATION;
2545	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2546
2547	/** For use with KeyCachedInformation. */
2548	typedef struct _KEY_CACHED_INFORMATION
2549	{
2550	LARGE_INTEGER LastWriteTime;
2551	ULONG TitleIndex;
2552	ULONG SubKeys;
2553	ULONG MaxNameLen;
2554	ULONG Values;
2555	ULONG MaxValueNameLen;
2556	ULONG MaxValueDataLen;
2557	ULONG NameLength;
2558	} KEY_CACHED_INFORMATION;
2559	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2560
2561	/** For use with KeyVirtualizationInformation. */
2562	typedef struct _KEY_VIRTUALIZATION_INFORMATION
2563	{
2564	ULONG VirtualizationCandidate : 1;
2565	ULONG VirtualizationEnabled : 1;
2566	ULONG VirtualTarget : 1;
2567	ULONG VirtualStore : 1;
2568	ULONG VirtualSource : 1;
2569	ULONG Reserved : 27;
2570	} KEY_VIRTUALIZATION_INFORMATION;
2571	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2572
2573	typedef enum _KEY_INFORMATION_CLASS
2574	{
2575	KeyBasicInformation = 0,
2576	KeyNodeInformation,
2577	KeyFullInformation,
2578	KeyNameInformation,
2579	KeyCachedInformation,
2580	KeyFlagsInformation,
2581	KeyVirtualizationInformation,
2582	KeyHandleTagsInformation,
2583	MaxKeyInfoClass
2584	} KEY_INFORMATION_CLASS;
2585	RT_DECL_NTAPI(NTSTATUS) NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2586	RT_DECL_NTAPI(NTSTATUS) NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2587
2588	typedef struct _MEMORY_SECTION_NAME
2589	{
2590	UNICODE_STRING SectionFileName;
2591	WCHAR NameBuffer[1];
2592	} MEMORY_SECTION_NAME;
2593
2594	#ifdef IPRT_NT_USE_WINTERNL
2595	typedef struct _PROCESS_BASIC_INFORMATION
2596	{
2597	NTSTATUS ExitStatus;
2598	PPEB PebBaseAddress;
2599	ULONG_PTR AffinityMask;
2600	int32_t BasePriority;
2601	ULONG_PTR UniqueProcessId;
2602	ULONG_PTR InheritedFromUniqueProcessId;
2603	} PROCESS_BASIC_INFORMATION;
2604	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2605	#endif
2606
2607	typedef enum _PROCESSINFOCLASS
2608	{
2609	ProcessBasicInformation = 0, /*< 0 / 0x00 /
2610	ProcessQuotaLimits, /*< 1 / 0x01 /
2611	ProcessIoCounters, /*< 2 / 0x02 /
2612	ProcessVmCounters, /*< 3 / 0x03 /
2613	ProcessTimes, /*< 4 / 0x04 /
2614	ProcessBasePriority, /*< 5 / 0x05 /
2615	ProcessRaisePriority, /*< 6 / 0x06 /
2616	ProcessDebugPort, /*< 7 / 0x07 /
2617	ProcessExceptionPort, /*< 8 / 0x08 /
2618	ProcessAccessToken, /*< 9 / 0x09 /
2619	ProcessLdtInformation, /*< 10 / 0x0a /
2620	ProcessLdtSize, /*< 11 / 0x0b /
2621	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
2622	ProcessIoPortHandlers, /*< 13 / 0x0d /
2623	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
2624	ProcessWorkingSetWatch, /*< 15 / 0x0f /
2625	ProcessUserModeIOPL, /*< 16 / 0x10 /
2626	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
2627	ProcessPriorityClass, /*< 18 / 0x12 /
2628	ProcessWx86Information, /*< 19 / 0x13 /
2629	ProcessHandleCount, /*< 20 / 0x14 /
2630	ProcessAffinityMask, /*< 21 / 0x15 /
2631	ProcessPriorityBoost, /*< 22 / 0x16 /
2632	ProcessDeviceMap, /*< 23 / 0x17 /
2633	ProcessSessionInformation, /*< 24 / 0x18 /
2634	ProcessForegroundInformation, /*< 25 / 0x19 /
2635	ProcessWow64Information, /*< 26 / 0x1a /
2636	ProcessImageFileName, /*< 27 / 0x1b /
2637	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
2638	ProcessBreakOnTermination, /*< 29 / 0x1d /
2639	ProcessDebugObjectHandle, /*< 30 / 0x1e /
2640	ProcessDebugFlags, /*< 31 / 0x1f /
2641	ProcessHandleTracing, /*< 32 / 0x20 /
2642	ProcessIoPriority, /*< 33 / 0x21 /
2643	ProcessExecuteFlags, /*< 34 / 0x22 /
2644	ProcessTlsInformation, /*< 35 / 0x23 /
2645	ProcessCookie, /*< 36 / 0x24 /
2646	ProcessImageInformation, /*< 37 / 0x25 /
2647	ProcessCycleTime, /*< 38 / 0x26 /
2648	ProcessPagePriority, /*< 39 / 0x27 /
2649	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
2650	ProcessThreadStackAllocation, /*< 41 / 0x29 /
2651	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
2652	ProcessImageFileNameWin32, /*< 43 / 0x2b /
2653	ProcessImageFileMapping, /*< 44 / 0x2c /
2654	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
2655	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
2656	ProcessGroupInformation, /*< 47 / 0x2f /
2657	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
2658	ProcessOwnerInformation, /*< 49 / 0x31 /
2659	ProcessWindowInformation, /*< 50 / 0x32 /
2660	ProcessHandleInformation, /*< 51 / 0x33 /
2661	ProcessMitigationPolicy, /*< 52 / 0x34 /
2662	ProcessDynamicFunctionTableInformation, /*< 53 / 0x35 /
2663	ProcessHandleCheckingMode, /*< 54 / 0x36 /
2664	ProcessKeepAliveCount, /*< 55 / 0x37 /
2665	ProcessRevokeFileHandles, /*< 56 / 0x38 /
2666	ProcessWorkingSetControl, /*< 57 / 0x39 /
2667	ProcessHandleTable, /*< 58 / 0x3a /
2668	ProcessCheckStackExtentsMode, /*< 59 / 0x3b /
2669	ProcessCommandLineInformation, /*< 60 / 0x3c /
2670	ProcessProtectionInformation, /*< 61 / 0x3d /
2671	ProcessMemoryExhaustion, /*< 62 / 0x3e /
2672	ProcessFaultInformation, /*< 63 / 0x3f /
2673	ProcessTelemetryIdInformation, /*< 64 / 0x40 /
2674	ProcessCommitReleaseInformation, /*< 65 / 0x41 /
2675	ProcessDefaultCpuSetsInformation, /*< 66 / 0x42 - aka ProcessReserved1Information /
2676	ProcessAllowedCpuSetsInformation, /*< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 /
2677	ProcessSubsystemProcess, /*< 68 / 0x44 /
2678	ProcessJobMemoryInformation, /*< 69 / 0x45 /
2679	ProcessInPrivate, /*< 70 / 0x46 /
2680	ProcessRaiseUMExceptionOnInvalidHandleClose,/*< 71 / 0x47 /
2681	ProcessIumChallengeResponse, /*< 72 / 0x48 /
2682	ProcessChildProcessInformation, /*< 73 / 0x49 /
2683	ProcessHighGraphicsPriorityInformation, /*< 74 / 0x4a /
2684	ProcessSubsystemInformation, /*< 75 / 0x4b /
2685	ProcessEnergyValues, /*< 76 / 0x4c /
2686	ProcessPowerThrottlingState, /*< 77 / 0x4d /
2687	ProcessReserved3Information, /*< 78 / 0x4e /
2688	ProcessWin32kSyscallFilterInformation, /*< 79 / 0x4f /
2689	ProcessDisableSystemAllowedCpuSets, /*< 80 / 0x50 /
2690	ProcessWakeInformation, /*< 81 / 0x51 /
2691	ProcessEnergyTrackingState, /*< 82 / 0x52 /
2692	ProcessManageWritesToExecutableMemory, /*< 83 / 0x53 /
2693	ProcessCaptureTrustletLiveDump, /*< 84 / 0x54 /
2694	ProcessTelemetryCoverage, /*< 85 / 0x55 /
2695	ProcessEnclaveInformation, /*< 86 / 0x56 /
2696	ProcessEnableReadWriteVmLogging, /*< 87 / 0x57 /
2697	ProcessUptimeInformation, /*< 88 / 0x58 /
2698	ProcessImageSection, /*< 89 / 0x59 /
2699	ProcessDebugAuthInformation, /*< 90 / 0x5a /
2700	ProcessSystemResourceManagement, /*< 92 / 0x5b /
2701	ProcessSequenceNumber, /*< 93 / 0x5c /
2702	MaxProcessInfoClass
2703	} PROCESSINFOCLASS;
2704	AssertCompile(ProcessSequenceNumber == 0x5c);
2705	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2706	#if ARCH_BITS == 32
2707	/** 64-bit API pass thru to WOW64 processes. */
2708	RT_DECL_NTAPI(NTSTATUS) NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2709	#endif
2710
2711	typedef enum _THREADINFOCLASS
2712	{
2713	ThreadBasicInformation = 0,
2714	ThreadTimes,
2715	ThreadPriority,
2716	ThreadBasePriority,
2717	ThreadAffinityMask,
2718	ThreadImpersonationToken,
2719	ThreadDescriptorTableEntry,
2720	ThreadEnableAlignmentFaultFixup,
2721	ThreadEventPair_Reusable,
2722	ThreadQuerySetWin32StartAddress,
2723	ThreadZeroTlsCell,
2724	ThreadPerformanceCount,
2725	ThreadAmILastThread,
2726	ThreadIdealProcessor,
2727	ThreadPriorityBoost,
2728	ThreadSetTlsArrayAddress,
2729	ThreadIsIoPending,
2730	ThreadHideFromDebugger,
2731	ThreadBreakOnTermination,
2732	ThreadSwitchLegacyState,
2733	ThreadIsTerminated,
2734	ThreadLastSystemCall,
2735	ThreadIoPriority,
2736	ThreadCycleTime,
2737	ThreadPagePriority,
2738	ThreadActualBasePriority,
2739	ThreadTebInformation,
2740	ThreadCSwitchMon,
2741	ThreadCSwitchPmu,
2742	ThreadWow64Context,
2743	ThreadGroupInformation,
2744	ThreadUmsInformation,
2745	ThreadCounterProfiling,
2746	ThreadIdealProcessorEx,
2747	ThreadCpuAccountingInformation,
2748	MaxThreadInfoClass
2749	} THREADINFOCLASS;
2750	RT_DECL_NTAPI(NTSTATUS) NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2751
2752	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2753	RT_DECL_NTAPI(NTSTATUS) ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2754
2755	RT_DECL_NTAPI(NTSTATUS) NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2756	RT_DECL_NTAPI(NTSTATUS) NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2757	RT_DECL_NTAPI(NTSTATUS) NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2758	RT_DECL_NTAPI(NTSTATUS) NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2759
2760	RT_DECL_NTAPI(NTSTATUS) NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2761	RT_DECL_NTAPI(NTSTATUS) NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2762
2763	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2764	RT_DECL_NTAPI(NTSTATUS) RtlCopySid(ULONG, PSID, PSID);
2765	RT_DECL_NTAPI(NTSTATUS) RtlCreateAcl(PACL, ULONG, ULONG);
2766	RT_DECL_NTAPI(NTSTATUS) RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2767	RT_DECL_NTAPI(BOOLEAN) RtlEqualSid(PSID, PSID);
2768	RT_DECL_NTAPI(NTSTATUS) RtlGetVersion(PRTL_OSVERSIONINFOW);
2769	RT_DECL_NTAPI(NTSTATUS) RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2770	RT_DECL_NTAPI(NTSTATUS) RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2771	RT_DECL_NTAPI(PULONG) RtlSubAuthoritySid(PSID, ULONG);
2772
2773	#endif /* IPRT_NT_USE_WINTERNL */
2774
2775	/** For use with ObjectBasicInformation.
2776	* A watered down version of this struct appears under the name
2777	* PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2778	* the first four members, so don't trust the rest. */
2779	typedef struct _OBJECT_BASIC_INFORMATION
2780	{
2781	ULONG Attributes;
2782	ACCESS_MASK GrantedAccess;
2783	ULONG HandleCount;
2784	ULONG PointerCount;
2785	/* Not in ntifs.h: */
2786	ULONG PagedPoolCharge;
2787	ULONG NonPagedPoolCharge;
2788	ULONG Reserved[3];
2789	ULONG NameInfoSize;
2790	ULONG TypeInfoSize;
2791	ULONG SecurityDescriptorSize;
2792	LARGE_INTEGER CreationTime;
2793	} OBJECT_BASIC_INFORMATION;
2794	typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2795
2796	/** For use with ObjectHandleFlagInformation. */
2797	typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2798	{
2799	BOOLEAN Inherit;
2800	BOOLEAN ProtectFromClose;
2801	} OBJECT_HANDLE_FLAG_INFORMATION;
2802	typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2803
2804	typedef enum _OBJECT_INFORMATION_CLASS
2805	{
2806	ObjectBasicInformation = 0,
2807	ObjectNameInformation,
2808	ObjectTypeInformation,
2809	ObjectAllInformation,
2810	ObjectHandleFlagInformation,
2811	ObjectSessionInformation,
2812	MaxObjectInfoClass
2813	} OBJECT_INFORMATION_CLASS;
2814	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2815	#ifdef IN_RING0
2816	# define NtQueryObject ZwQueryObject
2817	#endif
2818	RT_DECL_NTAPI(NTSTATUS) NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2819	RT_DECL_NTAPI(NTSTATUS) NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2820	RT_DECL_NTAPI(NTSTATUS) NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2821
2822	RT_DECL_NTAPI(NTSTATUS) NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2823
2824	typedef struct _OBJECT_DIRECTORY_INFORMATION
2825	{
2826	UNICODE_STRING Name;
2827	UNICODE_STRING TypeName;
2828	} OBJECT_DIRECTORY_INFORMATION;
2829	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2830	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2831
2832	RT_DECL_NTAPI(NTSTATUS) NtSuspendProcess(HANDLE);
2833	RT_DECL_NTAPI(NTSTATUS) NtResumeProcess(HANDLE);
2834	/** @name ProcessDefaultHardErrorMode bit definitions.
2835	* @{ */
2836	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
2837	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2838	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2839	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2840	/** @} */
2841	RT_DECL_NTAPI(NTSTATUS) NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2842	RT_DECL_NTAPI(NTSTATUS) NtTerminateProcess(HANDLE, LONG);
2843
2844	/** Returned by NtQUerySection with SectionBasicInformation. */
2845	typedef struct _SECTION_BASIC_INFORMATION
2846	{
2847	PVOID BaseAddress;
2848	ULONG AllocationAttributes;
2849	LARGE_INTEGER MaximumSize;
2850	} SECTION_BASIC_INFORMATION;
2851	typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2852
2853	/** Retured by ProcessImageInformation as well as NtQuerySection. */
2854	typedef struct _SECTION_IMAGE_INFORMATION
2855	{
2856	PVOID TransferAddress;
2857	ULONG ZeroBits;
2858	SIZE_T MaximumStackSize;
2859	SIZE_T CommittedStackSize;
2860	ULONG SubSystemType;
2861	union
2862	{
2863	struct
2864	{
2865	USHORT SubSystemMinorVersion;
2866	USHORT SubSystemMajorVersion;
2867	};
2868	ULONG SubSystemVersion;
2869	};
2870	ULONG GpValue;
2871	USHORT ImageCharacteristics;
2872	USHORT DllCharacteristics;
2873	USHORT Machine;
2874	BOOLEAN ImageContainsCode;
2875	union /*< Since Vista, used to be a spare BOOLEAN. /
2876	{
2877	struct
2878	{
2879	UCHAR ComPlusNativeRead : 1;
2880	UCHAR ComPlusILOnly : 1;
2881	UCHAR ImageDynamicallyRelocated : 1;
2882	UCHAR ImageMAppedFlat : 1;
2883	UCHAR Reserved : 4;
2884	};
2885	UCHAR ImageFlags;
2886	};
2887	ULONG LoaderFlags;
2888	ULONG ImageFileSize; /*< Since XP? /
2889	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
2890	} SECTION_IMAGE_INFORMATION;
2891	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2892
2893	typedef enum _SECTION_INFORMATION_CLASS
2894	{
2895	SectionBasicInformation = 0,
2896	SectionImageInformation,
2897	MaxSectionInfoClass
2898	} SECTION_INFORMATION_CLASS;
2899	RT_DECL_NTAPI(NTSTATUS) NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2900
2901	RT_DECL_NTAPI(NTSTATUS) NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2902	RT_DECL_NTAPI(NTSTATUS) NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2903	RT_DECL_NTAPI(NTSTATUS) NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2904	#ifndef SYMBOLIC_LINK_QUERY
2905	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2906	#endif
2907	#ifndef SYMBOLIC_LINK_ALL_ACCESS
2908	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
2909	#endif
2910
2911	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2912	RT_DECL_NTAPI(NTSTATUS) NtResumeThread(HANDLE, PULONG);
2913	RT_DECL_NTAPI(NTSTATUS) NtSuspendThread(HANDLE, PULONG);
2914	RT_DECL_NTAPI(NTSTATUS) NtTerminateThread(HANDLE, LONG);
2915	RT_DECL_NTAPI(NTSTATUS) NtGetContextThread(HANDLE, PCONTEXT);
2916	RT_DECL_NTAPI(NTSTATUS) NtSetContextThread(HANDLE, PCONTEXT);
2917	RT_DECL_NTAPI(NTSTATUS) ZwYieldExecution(void);
2918
2919
2920	#ifndef SEC_FILE
2921	# define SEC_FILE UINT32_C(0x00800000)
2922	#endif
2923	#ifndef SEC_IMAGE
2924	# define SEC_IMAGE UINT32_C(0x01000000)
2925	#endif
2926	#ifndef SEC_PROTECTED_IMAGE
2927	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2928	#endif
2929	#ifndef SEC_NOCACHE
2930	# define SEC_NOCACHE UINT32_C(0x10000000)
2931	#endif
2932	#ifndef MEM_ROTATE
2933	# define MEM_ROTATE UINT32_C(0x00800000)
2934	#endif
2935	typedef enum _MEMORY_INFORMATION_CLASS
2936	{
2937	MemoryBasicInformation = 0,
2938	MemoryWorkingSetList,
2939	MemorySectionName,
2940	MemoryBasicVlmInformation
2941	} MEMORY_INFORMATION_CLASS;
2942	#ifdef IN_RING0
2943	typedef struct _MEMORY_BASIC_INFORMATION
2944	{
2945	PVOID BaseAddress;
2946	PVOID AllocationBase;
2947	ULONG AllocationProtect;
2948	SIZE_T RegionSize;
2949	ULONG State;
2950	ULONG Protect;
2951	ULONG Type;
2952	} MEMORY_BASIC_INFORMATION;
2953	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2954	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2955	#endif
2956	RT_DECL_NTAPI(NTSTATUS) NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2957	#ifdef IPRT_NT_USE_WINTERNL
2958	RT_DECL_NTAPI(NTSTATUS) NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2959	#endif
2960	RT_DECL_NTAPI(NTSTATUS) NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2961	RT_DECL_NTAPI(NTSTATUS) NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2962
2963	typedef enum _SYSTEM_INFORMATION_CLASS
2964	{
2965	SystemBasicInformation = 0,
2966	SystemCpuInformation,
2967	SystemPerformanceInformation,
2968	SystemTimeOfDayInformation,
2969	SystemInformation_Unknown_4,
2970	SystemProcessInformation,
2971	SystemInformation_Unknown_6,
2972	SystemInformation_Unknown_7,
2973	SystemProcessorPerformanceInformation,
2974	SystemInformation_Unknown_9,
2975	SystemInformation_Unknown_10,
2976	SystemModuleInformation,
2977	SystemInformation_Unknown_12,
2978	SystemInformation_Unknown_13,
2979	SystemInformation_Unknown_14,
2980	SystemInformation_Unknown_15,
2981	SystemHandleInformation,
2982	SystemInformation_Unknown_17,
2983	SystemPageFileInformation,
2984	SystemInformation_Unknown_19,
2985	SystemInformation_Unknown_20,
2986	SystemCacheInformation,
2987	SystemInformation_Unknown_22,
2988	SystemInterruptInformation,
2989	SystemDpcBehaviourInformation,
2990	SystemFullMemoryInformation,
2991	SystemLoadGdiDriverInformation, /* 26 */
2992	SystemUnloadGdiDriverInformation, /* 27 */
2993	SystemTimeAdjustmentInformation,
2994	SystemSummaryMemoryInformation,
2995	SystemInformation_Unknown_30,
2996	SystemInformation_Unknown_31,
2997	SystemInformation_Unknown_32,
2998	SystemExceptionInformation,
2999	SystemCrashDumpStateInformation,
3000	SystemKernelDebuggerInformation,
3001	SystemContextSwitchInformation,
3002	SystemRegistryQuotaInformation,
3003	SystemInformation_Unknown_38,
3004	SystemInformation_Unknown_39,
3005	SystemInformation_Unknown_40,
3006	SystemInformation_Unknown_41,
3007	SystemInformation_Unknown_42,
3008	SystemInformation_Unknown_43,
3009	SystemCurrentTimeZoneInformation,
3010	SystemLookasideInformation,
3011	SystemSetTimeSlipEvent,
3012	SystemCreateSession,
3013	SystemDeleteSession,
3014	SystemInformation_Unknown_49,
3015	SystemRangeStartInformation,
3016	SystemVerifierInformation,
3017	SystemInformation_Unknown_52,
3018	SystemSessionProcessInformation,
3019	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3020	SystemInformation_Unknown_55,
3021	SystemInformation_Unknown_56,
3022	SystemExtendedProcessInformation,
3023	SystemInformation_Unknown_58,
3024	SystemInformation_Unknown_59,
3025	SystemInformation_Unknown_60,
3026	SystemInformation_Unknown_61,
3027	SystemInformation_Unknown_62,
3028	SystemInformation_Unknown_63,
3029	SystemExtendedHandleInformation, /* 64 */
3030	SystemInformation_Unknown_65,
3031	SystemInformation_Unknown_66,
3032	SystemInformation_Unknown_67,
3033	SystemInformation_Unknown_68,
3034	SystemInformation_HotPatchInfo, /* 69 */
3035	SystemInformation_Unknown_70,
3036	SystemInformation_Unknown_71,
3037	SystemInformation_Unknown_72,
3038	SystemInformation_Unknown_73,
3039	SystemInformation_Unknown_74,
3040	SystemInformation_Unknown_75,
3041	SystemInformation_Unknown_76,
3042	SystemInformation_Unknown_77,
3043	SystemInformation_Unknown_78,
3044	SystemInformation_Unknown_79,
3045	SystemInformation_Unknown_80,
3046	SystemInformation_Unknown_81,
3047	SystemInformation_Unknown_82,
3048	SystemInformation_Unknown_83,
3049	SystemInformation_Unknown_84,
3050	SystemInformation_Unknown_85,
3051	SystemInformation_Unknown_86,
3052	SystemInformation_Unknown_87,
3053	SystemInformation_Unknown_88,
3054	SystemInformation_Unknown_89,
3055	SystemInformation_Unknown_90,
3056	SystemInformation_Unknown_91,
3057	SystemInformation_Unknown_92,
3058	SystemInformation_Unknown_93,
3059	SystemInformation_Unknown_94,
3060	SystemInformation_Unknown_95,
3061	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3062	SystemInformation_Unknown_97,
3063	SystemInformation_Unknown_98,
3064	SystemInformation_Unknown_99,
3065	SystemInformation_Unknown_100,
3066	SystemInformation_Unknown_101,
3067	SystemInformation_Unknown_102,
3068	SystemInformation_Unknown_103,
3069	SystemInformation_Unknown_104,
3070	SystemInformation_Unknown_105,
3071	SystemInformation_Unknown_107,
3072	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3073
3074	/** @todo fill gap. they've added a whole bunch of things */
3075	SystemPolicyInformation = 134,
3076	SystemInformationClassMax
3077	} SYSTEM_INFORMATION_CLASS;
3078
3079	#ifdef IPRT_NT_USE_WINTERNL
3080	typedef struct _VM_COUNTERS
3081	{
3082	SIZE_T PeakVirtualSize;
3083	SIZE_T VirtualSize;
3084	ULONG PageFaultCount;
3085	SIZE_T PeakWorkingSetSize;
3086	SIZE_T WorkingSetSize;
3087	SIZE_T QuotaPeakPagedPoolUsage;
3088	SIZE_T QuotaPagedPoolUsage;
3089	SIZE_T QuotaPeakNonPagedPoolUsage;
3090	SIZE_T QuotaNonPagedPoolUsage;
3091	SIZE_T PagefileUsage;
3092	SIZE_T PeakPagefileUsage;
3093	} VM_COUNTERS;
3094	typedef VM_COUNTERS *PVM_COUNTERS;
3095	#endif
3096
3097	#if 0
3098	typedef struct _IO_COUNTERS
3099	{
3100	ULONGLONG ReadOperationCount;
3101	ULONGLONG WriteOperationCount;
3102	ULONGLONG OtherOperationCount;
3103	ULONGLONG ReadTransferCount;
3104	ULONGLONG WriteTransferCount;
3105	ULONGLONG OtherTransferCount;
3106	} IO_COUNTERS;
3107	typedef IO_COUNTERS *PIO_COUNTERS;
3108	#endif
3109
3110	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3111	{
3112	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
3113	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
3114	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
3115	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
3116	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
3117	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
3118	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
3119	int32_t BasePriority; /*< 0x40 / 0x48 /
3120	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
3121	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
3122	ULONG HandleCount; /*< 0x4c / 0x60 /
3123	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
3124	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
3125	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
3126	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
3127	/* After this follows the threads, then the ProcessName.Buffer. */
3128	} RTNT_SYSTEM_PROCESS_INFORMATION;
3129	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3130	#ifndef IPRT_NT_USE_WINTERNL
3131	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3132	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3133	#endif
3134
3135	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3136	{
3137	USHORT UniqueProcessId;
3138	USHORT CreatorBackTraceIndex;
3139	UCHAR ObjectTypeIndex;
3140	UCHAR HandleAttributes;
3141	USHORT HandleValue;
3142	PVOID Object;
3143	ULONG GrantedAccess;
3144	} SYSTEM_HANDLE_ENTRY_INFO;
3145	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3146
3147	/** Returned by SystemHandleInformation */
3148	typedef struct _SYSTEM_HANDLE_INFORMATION
3149	{
3150	ULONG NumberOfHandles;
3151	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3152	} SYSTEM_HANDLE_INFORMATION;
3153	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3154
3155	/** Extended handle information entry.
3156	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3157	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3158	{
3159	PVOID Object;
3160	HANDLE UniqueProcessId;
3161	HANDLE HandleValue;
3162	ACCESS_MASK GrantedAccess;
3163	USHORT CreatorBackTraceIndex;
3164	USHORT ObjectTypeIndex;
3165	ULONG HandleAttributes;
3166	ULONG Reserved;
3167	} SYSTEM_HANDLE_ENTRY_INFO_EX;
3168	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3169
3170	/** Returned by SystemExtendedHandleInformation. */
3171	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3172	{
3173	ULONG_PTR NumberOfHandles;
3174	ULONG_PTR Reserved;
3175	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3176	} SYSTEM_HANDLE_INFORMATION_EX;
3177	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3178
3179	/** Returned by SystemSessionProcessInformation. */
3180	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3181	{
3182	ULONG SessionId;
3183	ULONG BufferLength;
3184	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3185	PVOID Buffer;
3186	} SYSTEM_SESSION_PROCESS_INFORMATION;
3187	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3188
3189	typedef struct _RTL_PROCESS_MODULE_INFORMATION
3190	{
3191	HANDLE Section; /*< 0x00 / 0x00 /
3192	PVOID MappedBase; /*< 0x04 / 0x08 /
3193	PVOID ImageBase; /*< 0x08 / 0x10 /
3194	ULONG ImageSize; /*< 0x0c / 0x18 /
3195	ULONG Flags; /*< 0x10 / 0x1c /
3196	USHORT LoadOrderIndex; /*< 0x14 / 0x20 /
3197	USHORT InitOrderIndex; /*< 0x16 / 0x22 /
3198	USHORT LoadCount; /*< 0x18 / 0x24 /
3199	USHORT OffsetToFileName; /*< 0x1a / 0x26 /
3200	UCHAR FullPathName[256]; /*< 0x1c / 0x28 /
3201	} RTL_PROCESS_MODULE_INFORMATION;
3202	typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3203
3204	/** Returned by SystemModuleInformation. */
3205	typedef struct _RTL_PROCESS_MODULES
3206	{
3207	ULONG NumberOfModules;
3208	RTL_PROCESS_MODULE_INFORMATION Modules[1]; /*< 0x04 / 0x08 /
3209	} RTL_PROCESS_MODULES;
3210	typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3211
3212	RT_DECL_NTAPI(NTSTATUS) NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3213	#ifndef IPRT_NT_MAP_TO_ZW
3214	RT_DECL_NTAPI(NTSTATUS) ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3215	#endif
3216
3217	RT_DECL_NTAPI(NTSTATUS) NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3218	RT_DECL_NTAPI(NTSTATUS) NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3219
3220	RT_DECL_NTAPI(NTSTATUS) NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3221	RT_DECL_NTAPI(NTSTATUS) NtYieldExecution(void);
3222	#ifndef IPRT_NT_USE_WINTERNL
3223	RT_DECL_NTAPI(NTSTATUS) NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
3224	#endif
3225	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3226	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3227	RT_DECL_NTAPI(NTSTATUS) NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3228
3229	RT_DECL_NTAPI(NTSTATUS) NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3230
3231	#ifdef IPRT_NT_USE_WINTERNL
3232	typedef enum _EVENT_TYPE
3233	{
3234	/* Manual reset event. */
3235	NotificationEvent = 0,
3236	/* Automaitc reset event. */
3237	SynchronizationEvent
3238	} EVENT_TYPE;
3239	#endif
3240	RT_DECL_NTAPI(NTSTATUS) NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3241	RT_DECL_NTAPI(NTSTATUS) NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3242	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3243	RT_DECL_NTAPI(NTSTATUS) NtClearEvent(HANDLE);
3244	RT_DECL_NTAPI(NTSTATUS) NtResetEvent(HANDLE, PULONG);
3245	RT_DECL_NTAPI(NTSTATUS) NtSetEvent(HANDLE, PULONG);
3246	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3247	typedef enum _EVENT_INFORMATION_CLASS
3248	{
3249	EventBasicInformation = 0
3250	} EVENT_INFORMATION_CLASS;
3251	/** Data returned by NtQueryEvent + EventBasicInformation. */
3252	typedef struct EVENT_BASIC_INFORMATION
3253	{
3254	EVENT_TYPE EventType;
3255	ULONG EventState;
3256	} EVENT_BASIC_INFORMATION;
3257	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3258	RT_DECL_NTAPI(NTSTATUS) NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3259
3260	#ifdef IPRT_NT_USE_WINTERNL
3261	/** For NtQueryValueKey. */
3262	typedef enum _KEY_VALUE_INFORMATION_CLASS
3263	{
3264	KeyValueBasicInformation = 0,
3265	KeyValueFullInformation,
3266	KeyValuePartialInformation,
3267	KeyValueFullInformationAlign64,
3268	KeyValuePartialInformationAlign64
3269	} KEY_VALUE_INFORMATION_CLASS;
3270
3271	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3272	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3273	{
3274	ULONG TitleIndex;
3275	ULONG Type;
3276	ULONG DataLength;
3277	UCHAR Data[1];
3278	} KEY_VALUE_PARTIAL_INFORMATION;
3279	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3280	#endif
3281	RT_DECL_NTAPI(NTSTATUS) NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3282	RT_DECL_NTAPI(NTSTATUS) NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3283
3284
3285	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3286
3287
3288	typedef struct _CURDIR
3289	{
3290	UNICODE_STRING DosPath;
3291	HANDLE Handle; /*< 0x10 / 0x08 /
3292	} CURDIR;
3293	AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3294	typedef CURDIR *PCURDIR;
3295
3296	typedef struct _RTL_DRIVE_LETTER_CURDIR
3297	{
3298	USHORT Flags;
3299	USHORT Length;
3300	ULONG TimeStamp;
3301	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
3302	} RTL_DRIVE_LETTER_CURDIR;
3303	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3304
3305	typedef struct _RTL_USER_PROCESS_PARAMETERS
3306	{
3307	ULONG MaximumLength; /*< 0x000 / 0x000 /
3308	ULONG Length; /*< 0x004 / 0x004 /
3309	ULONG Flags; /*< 0x008 / 0x008 /
3310	ULONG DebugFlags; /*< 0x00c / 0x00c /
3311	HANDLE ConsoleHandle; /*< 0x010 / 0x010 /
3312	ULONG ConsoleFlags; /*< 0x018 / 0x014 /
3313	HANDLE StandardInput; /*< 0x020 / 0x018 /
3314	HANDLE StandardOutput; /*< 0x028 / 0x01c /
3315	HANDLE StandardError; /*< 0x030 / 0x020 /
3316	CURDIR CurrentDirectory; /*< 0x038 / 0x024 /
3317	UNICODE_STRING DllPath; /*< 0x050 / 0x030 /
3318	UNICODE_STRING ImagePathName; /*< 0x060 / 0x038 /
3319	UNICODE_STRING CommandLine; /*< 0x070 / 0x040 /
3320	PWSTR Environment; /*< 0x080 / 0x048 /
3321	ULONG StartingX; /*< 0x088 / 0x04c /
3322	ULONG StartingY; /*< 0x090 / 0x050 /
3323	ULONG CountX; /*< 0x094 / 0x054 /
3324	ULONG CountY; /*< 0x098 / 0x058 /
3325	ULONG CountCharsX; /*< 0x09c / 0x05c /
3326	ULONG CountCharsY; /*< 0x0a0 / 0x060 /
3327	ULONG FillAttribute; /*< 0x0a4 / 0x064 /
3328	ULONG WindowFlags; /*< 0x0a8 / 0x068 /
3329	ULONG ShowWindowFlags; /*< 0x0ac / 0x06c /
3330	UNICODE_STRING WindowTitle; /*< 0x0b0 / 0x070 /
3331	UNICODE_STRING DesktopInfo; /*< 0x0c0 / 0x078 /
3332	UNICODE_STRING ShellInfo; /*< 0x0d0 / 0x080 /
3333	UNICODE_STRING RuntimeInfo; /*< 0x0e0 / 0x088 /
3334	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /*< 0x0f0 / 0x090 /
3335	SIZE_T EnvironmentSize; /*< 0x3f0 / 0x - Added in Vista /
3336	SIZE_T EnvironmentVersion; /*< 0x3f8 / 0x - Added in Windows 7. /
3337	PVOID PackageDependencyData; /*< 0x400 / 0x - Added Windows 8? /
3338	ULONG ProcessGroupId; /*< 0x408 / 0x - Added Windows 8? /
3339	ULONG LoaderThreads; /*< 0x40c / 0x - Added Windows 10? /
3340	} RTL_USER_PROCESS_PARAMETERS;
3341	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3342	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3343
3344	typedef struct _RTL_USER_PROCESS_INFORMATION
3345	{
3346	ULONG Size;
3347	HANDLE ProcessHandle;
3348	HANDLE ThreadHandle;
3349	CLIENT_ID ClientId;
3350	SECTION_IMAGE_INFORMATION ImageInformation;
3351	} RTL_USER_PROCESS_INFORMATION;
3352	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3353
3354
3355	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3356	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3357	RT_DECL_NTAPI(NTSTATUS) RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3358	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3359	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3360	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3361	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3362	RT_DECL_NTAPI(VOID) RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3363	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3364	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3365
3366	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3367	typedef struct _RTL_CRITICAL_SECTION
3368	{
3369	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3370	LONG LockCount;
3371	LONG Recursioncount;
3372	HANDLE OwningThread;
3373	HANDLE LockSemaphore;
3374	ULONG_PTR SpinCount;
3375	} RTL_CRITICAL_SECTION;
3376	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3377	#endif
3378
3379	/RT_DECL_NTAPI(ULONG) RtlNtStatusToDosError(NTSTATUS rcNt);/
3380
3381	/** @def RTL_QUERY_REGISTRY_TYPECHECK
3382	* WDK 8.1+, backported in updates, ignored in older. */
3383	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
3384	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3385	#endif
3386	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3387	* WDK 8.1+, backported in updates, ignored in older. */
3388	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
3389	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3390	#endif
3391
3392
3393	RT_C_DECLS_END
3394	/** @} */
3395
3396
3397	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
3398	/** @name NT Kernel APIs
3399	* @{ */
3400	RT_C_DECLS_BEGIN
3401
3402	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
3403
3404	RT_DECL_NTAPI(VOID) KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3405	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3406	RT_DECL_NTAPI(VOID) KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3407	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3408	RT_DECL_NTAPI(VOID) KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3409	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3410	RT_DECL_NTAPI(BOOLEAN) KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3411	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3412	RT_DECL_NTAPI(BOOLEAN) KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3413	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3414	RT_DECL_NTAPI(BOOLEAN) KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3415	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3416	RT_DECL_NTAPI(VOID) KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3417	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3418	RT_DECL_NTAPI(VOID) KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3419	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3420	RT_DECL_NTAPI(BOOLEAN) KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3421	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3422	RT_DECL_NTAPI(BOOLEAN) KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3423	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3424	/** Works like anding the complemented subtrahend with the minuend. */
3425	RT_DECL_NTAPI(BOOLEAN) KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3426	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3427	RT_DECL_NTAPI(BOOLEAN) KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3428	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3429	RT_DECL_NTAPI(BOOLEAN) KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3430	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3431	RT_DECL_NTAPI(BOOLEAN) KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3432	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3433	RT_DECL_NTAPI(ULONG) KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3434	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3435	RT_DECL_NTAPI(KEPROCESSORINDEX) KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3436	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3437	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3438	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
3439	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
3440	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
3441	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3442	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3443	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3444	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3445	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
3446	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3447	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
3448	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3449	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3450	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
3451	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3452	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
3453	typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3454
3455	RT_DECL_NTAPI(BOOLEAN) ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3456	PVOID pvOptionalConditions, PHANDLE phFound);
3457	RT_DECL_NTAPI(NTSTATUS) ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3458	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3459	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3460	RT_DECL_NTAPI(HANDLE) PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3461	RT_DECL_NTAPI(UCHAR *) PsGetProcessImageFileName(PEPROCESS);
3462	RT_DECL_NTAPI(BOOLEAN) PsIsProcessBeingDebugged(PEPROCESS);
3463	RT_DECL_NTAPI(ULONG) PsGetProcessSessionId(PEPROCESS);
3464	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
3465	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
3466
3467	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3468	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3469
3470	RT_C_DECLS_END
3471	/** @ */
3472	#endif /* IN_RING0 */
3473
3474
3475	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
3476	/** @name NT Userland APIs
3477	* @{ */
3478	RT_C_DECLS_BEGIN
3479
3480	#if 0 /** @todo figure this out some time... */
3481	typedef struct CSR_MSG_DATA_CREATED_PROCESS
3482	{
3483	HANDLE hProcess;
3484	HANDLE hThread;
3485	CLIENT_ID
3486	DWORD idProcess;
3487	DWORD idThread;
3488	DWORD fCreate;
3489
3490	} CSR_MSG_DATA_CREATED_PROCESS;
3491
3492	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3493	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3494	RT_DECL_NTAPI(NTSTATUS) CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3495	#endif
3496
3497	RT_DECL_NTAPI(VOID) LdrInitializeThunk(PVOID, PVOID, PVOID);
3498
3499	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3500	{
3501	ULONG Flags;
3502	PCUNICODE_STRING FullDllName;
3503	PCUNICODE_STRING BaseDllName;
3504	PVOID DllBase;
3505	ULONG SizeOfImage;
3506	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3507	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3508	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3509
3510	typedef union _LDR_DLL_NOTIFICATION_DATA
3511	{
3512	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3513	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3514	} LDR_DLL_NOTIFICATION_DATA;
3515	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3516	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3517
3518	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3519
3520	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3521	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3522	RT_DECL_NTAPI(NTSTATUS) LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3523	PVOID *pvCookie);
3524	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
3525	RT_DECL_NTAPI(NTSTATUS) LdrUnregisterDllNotification(PVOID pvCookie);
3526	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3527
3528	RT_DECL_NTAPI(NTSTATUS) LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3529	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3530	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3531	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3532	RT_DECL_NTAPI(NTSTATUS) LdrUnloadDll(IN HANDLE hMod);
3533	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3534	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3535	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3536	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3537	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3538	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3539	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3540	/** @since Windows XP. */
3541	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3542	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3543	/** @since Windows XP. */
3544	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3545	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3546	/** @since Windows 7. */
3547	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3548	/** @since Windows 7. */
3549	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3550	/** @since Windows 7. */
3551	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3552	OUT PHANDLE phDll);
3553	/** @since Windows 7. */
3554	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3555	OUT PHANDLE phDll);
3556	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3557	RT_DECL_NTAPI(NTSTATUS) LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3558	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3559	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3560	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3561	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3562	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3563	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3564	/** @since Windows Vista. */
3565	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3566	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3567	/** @since Windows Vista. */
3568	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
3569	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3570	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3571	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3572	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3573	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3574	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3575	/** @since Windows XP. */
3576	RT_DECL_NTAPI(NTSTATUS) LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3577	/** @since Windows XP. */
3578	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
3579	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3580	/** @since Windows XP. */
3581	RT_DECL_NTAPI(NTSTATUS) LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3582	/** @since Windows XP. */
3583	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3584
3585	RT_DECL_NTAPI(NTSTATUS) RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3586	RT_DECL_NTAPI(VOID) RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
3587	RT_DECL_NTAPI(VOID) RtlExitUserThread(NTSTATUS rcExitCode);
3588	RT_DECL_NTAPI(NTSTATUS) RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3589	IN PCUNICODE_STRING pOrgName,
3590	IN PUNICODE_STRING pDefaultSuffix,
3591	IN OUT PUNICODE_STRING pStaticString,
3592	IN OUT PUNICODE_STRING pDynamicString,
3593	IN OUT PUNICODE_STRING *ppResultString,
3594	IN PULONG pfNewFlags OPTIONAL,
3595	IN PSIZE_T pcbFilename OPTIONAL,
3596	IN PSIZE_T pcbNeeded OPTIONAL);
3597	/** @since Windows 8.
3598	* @note Status code is always zero in windows 10 build 14393. */
3599	RT_DECL_NTAPI(NTSTATUS) ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3600	/** @copydoc ApiSetQueryApiSetPresence */
3601	typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3602
3603
3604	# ifdef IPRT_NT_USE_WINTERNL
3605	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3606	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3607	typedef struct _RTL_HEAP_PARAMETERS
3608	{
3609	ULONG Length;
3610	SIZE_T SegmentReserve;
3611	SIZE_T SegmentCommit;
3612	SIZE_T DeCommitFreeBlockThreshold;
3613	SIZE_T DeCommitTotalFreeThreshold;
3614	SIZE_T MaximumAllocationSize;
3615	SIZE_T VirtualMemoryThreshold;
3616	SIZE_T InitialCommit;
3617	SIZE_T InitialReserve;
3618	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3619	SIZE_T Reserved[2];
3620	} RTL_HEAP_PARAMETERS;
3621	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3622	RT_DECL_NTAPI(PVOID) RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3623	PRTL_HEAP_PARAMETERS pParameters);
3624	/** @name Heap flags (for RtlCreateHeap).
3625	* @{ */
3626	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3627	# define HEAP_GROWABLE UINT32_C(0x00000002)
3628	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3629	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3630	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3631	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3632	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3633	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3634	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3635	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3636	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3637	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3638	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3639	# define HEAP_CLASS_0 UINT32_C(0x00000000)
3640	# define HEAP_CLASS_1 UINT32_C(0x00001000)
3641	# define HEAP_CLASS_2 UINT32_C(0x00002000)
3642	# define HEAP_CLASS_3 UINT32_C(0x00003000)
3643	# define HEAP_CLASS_4 UINT32_C(0x00004000)
3644	# define HEAP_CLASS_5 UINT32_C(0x00005000)
3645	# define HEAP_CLASS_6 UINT32_C(0x00006000)
3646	# define HEAP_CLASS_7 UINT32_C(0x00007000)
3647	# define HEAP_CLASS_8 UINT32_C(0x00008000)
3648	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3649	# endif
3650	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3651	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3652	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3653	# define HEAP_CLASS_GDI HEAP_CLASS_3
3654	# define HEAP_CLASS_USER HEAP_CLASS_4
3655	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3656	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3657	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3658	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3659	# ifdef IPRT_NT_USE_WINTERNL
3660	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3661	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3662	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3663	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3664	# endif /* IPRT_NT_USE_WINTERNL */
3665	/** @} */
3666	# ifdef IPRT_NT_USE_WINTERNL
3667	/** @name Heap tagging constants
3668	* @{ */
3669	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3670	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3671	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3672	# define HEAP_TAG_SHIFT 18 */
3673	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3674	/** @} */
3675	RT_DECL_NTAPI(PVOID) RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3676	RT_DECL_NTAPI(PVOID) RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3677	RT_DECL_NTAPI(BOOLEAN) RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3678	# endif /* IPRT_NT_USE_WINTERNL */
3679	RT_DECL_NTAPI(SIZE_T) RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3680	RT_DECL_NTAPI(VOID) RtlFreeUnicodeString(PUNICODE_STRING);
3681	RT_DECL_NTAPI(SIZE_T) RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3682	RT_DECL_NTAPI(NTSTATUS) RtlGetLastNtStatus(VOID);
3683	RT_DECL_NTAPI(ULONG) RtlGetLastWin32Error(VOID);
3684	RT_DECL_NTAPI(VOID) RtlSetLastWin32Error(ULONG uError);
3685	RT_DECL_NTAPI(VOID) RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3686	RT_DECL_NTAPI(VOID) RtlRestoreLastWin32Error(ULONG uError);
3687	RT_DECL_NTAPI(BOOLEAN) RtlQueryPerformanceCounter(PLARGE_INTEGER);
3688	RT_DECL_NTAPI(uint64_t) RtlGetSystemTimePrecise(VOID);
3689	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3690	RT_DECL_NTAPI(uint64_t) RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3691	typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3692	RT_DECL_NTAPI(BOOLEAN) RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3693	typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3694
3695	RT_C_DECLS_END
3696	/** @} */
3697	#endif /* IN_RING3 */
3698
3699	#endif /* !IPRT_INCLUDED_nt_nt_h */
3700

Note: See TracBrowser for help on using the repository browser.

source: vbox/trunk/include/iprt/nt/nt.h@ 86716

Download in other formats: