VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 94311

Last change on this file since 94311 was 93115, checked in by vboxsync, 3 years ago

scm --update-copyright-year

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 167.5 KB
Line 
1/* $Id: nt.h 93115 2022-01-01 11:31:46Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2022 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef IPRT_INCLUDED_nt_nt_h
28#define IPRT_INCLUDED_nt_nt_h
29#ifndef RT_WITHOUT_PRAGMA_ONCE
30# pragma once
31#endif
32
33/** @def IPRT_NT_MAP_TO_ZW
34 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35 * to the APIs (takes care of the previous context checks).
36 */
37#ifdef DOXYGEN_RUNNING
38# define IPRT_NT_MAP_TO_ZW
39#endif
40
41#ifdef IPRT_NT_MAP_TO_ZW
42# define NtQueryDirectoryFile ZwQueryDirectoryFile
43# define NtQueryInformationFile ZwQueryInformationFile
44# define NtQueryInformationProcess ZwQueryInformationProcess
45# define NtQueryInformationThread ZwQueryInformationThread
46# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47# define NtQuerySystemInformation ZwQuerySystemInformation
48# define NtQuerySecurityObject ZwQuerySecurityObject
49# define NtSetInformationFile ZwSetInformationFile
50# define NtClose ZwClose
51# define NtCreateFile ZwCreateFile
52# define NtReadFile ZwReadFile
53# define NtWriteFile ZwWriteFile
54# define NtFlushBuffersFile ZwFlushBuffersFile
55/** @todo this is very incomplete! */
56#endif
57
58#include <ntstatus.h>
59
60/*
61 * Hacks common to both base header sets.
62 */
63#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64#define NtQueryObject Incomplete_NtQueryObject
65#define ZwQueryObject Incomplete_ZwQueryObject
66#define NtSetInformationObject Incomplete_NtSetInformationObject
67#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71#define _PEB Incomplete__PEB
72#define PEB Incomplete_PEB
73#define PPEB Incomplete_PPEB
74#define _TEB Incomplete__TEB
75#define TEB Incomplete_TEB
76#define PTEB Incomplete_PTEB
77#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86#ifdef IPRT_NT_USE_WINTERNL
87/*
88 * Use Winternl.h.
89 */
90# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119# define NtQueryTimerResolution AddedRecentlyUseOwnPrototype_NtQueryTimerResolution
120# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
122# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
123# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
124# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
125# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
126# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
127# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
128# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
129# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
130# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
131# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
132
133
134# pragma warning(push)
135# pragma warning(disable: 4668)
136# define WIN32_NO_STATUS
137# include <windef.h>
138# include <winnt.h>
139# include <winternl.h>
140# undef WIN32_NO_STATUS
141# include <ntstatus.h>
142# pragma warning(pop)
143
144# ifndef OBJ_DONT_REPARSE
145# define RTNT_NEED_CLIENT_ID
146# endif
147
148# undef _FILE_INFORMATION_CLASS
149# undef FILE_INFORMATION_CLASS
150# undef FileDirectoryInformation
151
152# undef NtQueryInformationProcess
153# undef NtSetInformationProcess
154# undef PROCESSINFOCLASS
155# undef _PROCESSINFOCLASS
156# undef PROCESS_BASIC_INFORMATION
157# undef PPROCESS_BASIC_INFORMATION
158# undef _PROCESS_BASIC_INFORMATION
159# undef ProcessBasicInformation
160# undef ProcessDebugPort
161# undef ProcessWow64Information
162# undef ProcessImageFileName
163# undef ProcessBreakOnTermination
164
165# undef RTL_USER_PROCESS_PARAMETERS
166# undef PRTL_USER_PROCESS_PARAMETERS
167# undef _RTL_USER_PROCESS_PARAMETERS
168
169# undef NtQueryInformationThread
170# undef NtSetInformationThread
171# undef THREADINFOCLASS
172# undef _THREADINFOCLASS
173# undef ThreadIsIoPending
174
175# undef NtQuerySystemInformation
176# undef NtSetSystemInformation
177# undef NtQueryTimerResolution
178# undef SYSTEM_INFORMATION_CLASS
179# undef _SYSTEM_INFORMATION_CLASS
180# undef SystemBasicInformation
181# undef SystemPerformanceInformation
182# undef SystemTimeOfDayInformation
183# undef SystemProcessInformation
184# undef SystemProcessorPerformanceInformation
185# undef SystemInterruptInformation
186# undef SystemExceptionInformation
187# undef SystemRegistryQuotaInformation
188# undef SystemLookasideInformation
189# undef SystemPolicyInformation
190
191#else
192/*
193 * Use ntifs.h and wdm.h.
194 */
195# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
196# define FORCEINLINE static __forceinline
197# else
198# define FORCEINLINE static __inline
199# endif
200
201# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
202# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
203# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
204# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
205# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
206# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
207# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
208# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
209# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
210# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
211# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
212# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
213# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
214# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
215# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
216# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
217# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
218# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
219# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
220# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
221# define _MEMORY_INFORMATION_CLASS OutdatedWdm__MEMORY_INFORMATION_CLASS
222# define MEMORY_INFORMATION_CLASS OutdatedWdm_MEMORY_INFORMATION_CLASS
223# define MemoryBasicInformation OutdatedWdm_MemoryBasicInformation
224# define NtQueryVirtualMemory OutdatedWdm_NtQueryVirtualMemory
225
226# pragma warning(push)
227# ifdef RT_ARCH_X86
228# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
229# pragma warning(disable: 4163)
230# endif
231# pragma warning(disable: 4668)
232# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
233# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
234# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
235# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
236# endif
237# if _MSC_VER >= 1900 /*RT_MSC_VER_VC140*/
238# ifdef __cplusplus
239# pragma warning(disable:5039) /* warning C5039: 'KeInitializeDpc': pointer or reference to potentially throwing function passed to 'extern "C"' function under -EHc. Undefined behavior may occur if this function throws an exception. */
240# endif
241# endif
242
243# include <ntifs.h>
244# include <wdm.h>
245
246# ifdef RT_ARCH_X86
247# undef _InterlockedAddLargeStatistic
248# endif
249# pragma warning(pop)
250
251# undef _FSINFOCLASS
252# undef FS_INFORMATION_CLASS
253# undef PFS_INFORMATION_CLASS
254# undef FileFsVolumeInformation
255# undef FileFsLabelInformation
256# undef FileFsSizeInformation
257# undef FileFsDeviceInformation
258# undef FileFsAttributeInformation
259# undef FileFsControlInformation
260# undef FileFsFullSizeInformation
261# undef FileFsObjectIdInformation
262# undef FileFsDriverPathInformation
263# undef FileFsVolumeFlagsInformation
264# undef FileFsSectorSizeInformation
265# undef FileFsDataCopyInformation
266# undef FileFsMetadataSizeInformation
267# undef FileFsFullSizeInformationEx
268# undef FileFsMaximumInformation
269# undef NtQueryVolumeInformationFile
270# undef NtSetVolumeInformationFile
271# undef _MEMORY_INFORMATION_CLASS
272# undef MEMORY_INFORMATION_CLASS
273# undef MemoryBasicInformation
274# undef NtQueryVirtualMemory
275
276# define IPRT_NT_NEED_API_GROUP_NTIFS
277#endif
278
279#undef RtlFreeUnicodeString
280#undef NtQueryObject
281#undef ZwQueryObject
282#undef NtSetInformationObject
283#undef _OBJECT_INFORMATION_CLASS
284#undef OBJECT_INFORMATION_CLASS
285#undef ObjectBasicInformation
286#undef ObjectTypeInformation
287#undef _PEB
288#undef PEB
289#undef PPEB
290#undef _TEB
291#undef TEB
292#undef PTEB
293#undef _PEB_LDR_DATA
294#undef PEB_LDR_DATA
295#undef PPEB_LDR_DATA
296#undef _KUSER_SHARED_DATA
297#undef KUSER_SHARED_DATA
298#undef PKUSER_SHARED_DATA
299
300
301#include <iprt/types.h>
302#include <iprt/assert.h>
303
304
305/** @name Useful macros
306 * @{ */
307/** Indicates that we're targeting native NT in the current source. */
308#define RTNT_USE_NATIVE_NT 1
309/** Initializes a IO_STATUS_BLOCK. */
310#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
311/** Reinitializes a IO_STATUS_BLOCK. */
312#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
313 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
314/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
315#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
316/** Constant UNICODE_STRING initializer. */
317#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
318/** Null UNICODE_STRING initializer. */
319#define RTNT_NULL_UNISTR() { 0, 0, NULL }
320
321/** Declaration wrapper for NT apis.
322 * Adds nothrow. Don't use with callbacks. */
323#define RT_DECL_NTAPI(type) DECL_NOTHROW(NTSYSAPI type NTAPI)
324/** @} */
325
326
327/** @name IPRT helper functions for NT
328 * @{ */
329RT_C_DECLS_BEGIN
330
331RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
332 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
333 PHANDLE phHandle, PULONG_PTR puDisposition);
334RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
335 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
336RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
337 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
338RTDECL(int) RTNtPathClose(HANDLE hHandle);
339
340/**
341 * Converts a windows-style path to NT format and encoding.
342 *
343 * @returns IPRT status code.
344 * @param pNtName Where to return the NT name. Free using
345 * RTNtPathFree.
346 * @param phRootDir Where to return the root handle, if applicable.
347 * @param pszPath The UTF-8 path.
348 */
349RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
350
351/**
352 * Converts a UTF-16 windows-style path to NT format.
353 *
354 * @returns IPRT status code.
355 * @param pNtName Where to return the NT name. Free using
356 * RTNtPathFree.
357 * @param phRootDir Where to return the root handle, if applicable.
358 * @param pwszPath The UTF-16 windows-style path.
359 * @param cwcPath The max length of the windows-style path in
360 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
361 * pwszPath is correctly terminated.
362 */
363RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
364
365/**
366 * How to handle ascent ('..' relative to a root handle).
367 */
368typedef enum RTNTPATHRELATIVEASCENT
369{
370 kRTNtPathRelativeAscent_Invalid = 0,
371 kRTNtPathRelativeAscent_Allow,
372 kRTNtPathRelativeAscent_Fail,
373 kRTNtPathRelativeAscent_Ignore,
374 kRTNtPathRelativeAscent_End,
375 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
376} RTNTPATHRELATIVEASCENT;
377
378/**
379 * Converts a relative windows-style path to relative NT format and encoding.
380 *
381 * @returns IPRT status code.
382 * @param pNtName Where to return the NT name. Free using
383 * rtTNtPathToNative with phRootDir set to NULL.
384 * @param phRootDir On input, the handle to the directory the path
385 * is relative to. On output, the handle to
386 * specify as root directory in the object
387 * attributes when accessing the path. If
388 * enmAscent is kRTNtPathRelativeAscent_Allow, it
389 * may have been set to NULL.
390 * @param pszPath The relative UTF-8 path.
391 * @param enmAscent How to handle ascent.
392 * @param fMustReturnAbsolute Must convert to an absolute path. This
393 * is necessary if the root dir is a NT directory
394 * object (e.g. /Devices) since they cannot parse
395 * relative paths it seems.
396 */
397RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
398 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
399
400/**
401 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
402 * chars plus a terminator.
403 *
404 * The NT string must have been returned by RTNtPathFromWinUtf8 or
405 * RTNtPathFromWinUtf16Ex.
406 *
407 * @returns IPRT status code.
408 * @param pNtName The NT path string.
409 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
410 * @sa RTNtPathFree
411 */
412RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
413
414/**
415 * Gets the NT path to the object represented by the given handle.
416 *
417 * @returns IPRT status code.
418 * @param pNtName Where to return the NT path. Free using
419 * RTNtPathFree.
420 * @param hHandle The handle.
421 * @param cwcExtra How much extra space is needed.
422 */
423RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
424
425/**
426 * Frees the native path and root handle.
427 *
428 * @param pNtName The NT path after a successful rtNtPathToNative
429 * call or RTNtPathRelativeFromUtf8.
430 * @param phRootDir The root handle variable from rtNtPathToNative,
431 */
432RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
433
434
435/**
436 * Checks whether the path could be containing alternative 8.3 names generated
437 * by NTFS, FAT, or other similar file systems.
438 *
439 * @returns Pointer to the first component that might be an 8.3 name, NULL if
440 * not 8.3 path.
441 * @param pwszPath The path to check.
442 *
443 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
444 * however, non-tilde 8.3 aliases are probably rare enough to not be
445 * worth all the extra code necessary to open each path component and
446 * check if we've got the short name or not.
447 */
448RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
449
450/**
451 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
452 * components.
453 *
454 * The path is fixed up in place. Errors are ignored.
455 *
456 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
457 * indicating the nature of last problem we ran into.
458 *
459 * @param pUniStr The path to fix up. MaximumLength is the max buffer
460 * length.
461 * @param fPathOnly Whether to only process the path and leave the filename
462 * as passed in.
463 */
464RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
465
466/**
467 * Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
468 * working on the input buffer.
469 *
470 * @returns IPRT status code, see RTNtPathExpand8dot3Path().
471 * @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
472 * length.
473 * @param fPathOnly Whether to only process the path and leave the filename
474 * as passed in.
475 * @param pUniStrDst Output string. On success, the caller must use
476 * RTUtf16Free to free what the Buffer member points to.
477 * This is all zeros and NULL on failure.
478 */
479RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const *pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING *pUniStrDst);
480
481
482RT_C_DECLS_END
483/** @} */
484
485
486/** @name NT API delcarations.
487 * @{ */
488RT_C_DECLS_BEGIN
489
490/** @name Process access rights missing in ntddk headers
491 * @{ */
492#ifndef PROCESS_TERMINATE
493# define PROCESS_TERMINATE UINT32_C(0x00000001)
494#endif
495#ifndef PROCESS_CREATE_THREAD
496# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
497#endif
498#ifndef PROCESS_SET_SESSIONID
499# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
500#endif
501#ifndef PROCESS_VM_OPERATION
502# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
503#endif
504#ifndef PROCESS_VM_READ
505# define PROCESS_VM_READ UINT32_C(0x00000010)
506#endif
507#ifndef PROCESS_VM_WRITE
508# define PROCESS_VM_WRITE UINT32_C(0x00000020)
509#endif
510#ifndef PROCESS_DUP_HANDLE
511# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
512#endif
513#ifndef PROCESS_CREATE_PROCESS
514# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
515#endif
516#ifndef PROCESS_SET_QUOTA
517# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
518#endif
519#ifndef PROCESS_SET_INFORMATION
520# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
521#endif
522#ifndef PROCESS_QUERY_INFORMATION
523# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
524#endif
525#ifndef PROCESS_SUSPEND_RESUME
526# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
527#endif
528#ifndef PROCESS_QUERY_LIMITED_INFORMATION
529# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
530#endif
531#ifndef PROCESS_SET_LIMITED_INFORMATION
532# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
533#endif
534#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
535#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
536#ifndef PROCESS_ALL_ACCESS
537# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
538#endif
539/** @} */
540
541/** @name Thread access rights missing in ntddk headers
542 * @{ */
543#ifndef THREAD_QUERY_INFORMATION
544# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
545#endif
546#ifndef THREAD_SET_THREAD_TOKEN
547# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
548#endif
549#ifndef THREAD_IMPERSONATE
550# define THREAD_IMPERSONATE UINT32_C(0x00000100)
551#endif
552#ifndef THREAD_DIRECT_IMPERSONATION
553# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
554#endif
555#ifndef THREAD_RESUME
556# define THREAD_RESUME UINT32_C(0x00001000)
557#endif
558#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
559#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
560#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
561/** @} */
562
563/** @name Special handle values.
564 * @{ */
565#ifndef NtCurrentProcess
566# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
567#endif
568#ifndef NtCurrentThread
569# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
570#endif
571#ifndef ZwCurrentProcess
572# define ZwCurrentProcess() NtCurrentProcess()
573#endif
574#ifndef ZwCurrentThread
575# define ZwCurrentThread() NtCurrentThread()
576#endif
577/** @} */
578
579
580/** @name Directory object access rights.
581 * @{ */
582#ifndef DIRECTORY_QUERY
583# define DIRECTORY_QUERY UINT32_C(0x00000001)
584#endif
585#ifndef DIRECTORY_TRAVERSE
586# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
587#endif
588#ifndef DIRECTORY_CREATE_OBJECT
589# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
590#endif
591#ifndef DIRECTORY_CREATE_SUBDIRECTORY
592# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
593#endif
594#ifndef DIRECTORY_ALL_ACCESS
595# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
596#endif
597/** @} */
598
599
600
601#ifdef RTNT_NEED_CLIENT_ID
602typedef struct _CLIENT_ID
603{
604 HANDLE UniqueProcess;
605 HANDLE UniqueThread;
606} CLIENT_ID;
607#endif
608#ifdef IPRT_NT_USE_WINTERNL
609typedef CLIENT_ID *PCLIENT_ID;
610#endif
611
612/** Extended affinity type, introduced in Windows 7 (?). */
613typedef struct _KAFFINITY_EX
614{
615 /** Count of valid bitmap entries. */
616 uint16_t Count;
617 /** Count of allocated bitmap entries. */
618 uint16_t Size;
619 /** Reserved / aligmment padding. */
620 uint32_t Reserved;
621 /** Bitmap where one bit corresponds to a CPU.
622 * @note Started at 20 entries. W10 20H2 increased it to 32. Must be
623 * probed by passing a big buffer to KeInitializeAffinityEx and check
624 * the Size afterwards. */
625 uintptr_t Bitmap[RT_FLEXIBLE_ARRAY_IN_NESTED_UNION];
626} KAFFINITY_EX;
627typedef KAFFINITY_EX *PKAFFINITY_EX;
628typedef KAFFINITY_EX const *PCKAFFINITY_EX;
629
630/** @name User Shared Data
631 * @{ */
632
633#ifdef IPRT_NT_USE_WINTERNL
634typedef struct _KSYSTEM_TIME
635{
636 ULONG LowPart;
637 LONG High1Time;
638 LONG High2Time;
639} KSYSTEM_TIME;
640typedef KSYSTEM_TIME *PKSYSTEM_TIME;
641
642typedef enum _NT_PRODUCT_TYPE
643{
644 NtProductWinNt = 1,
645 NtProductLanManNt,
646 NtProductServer
647} NT_PRODUCT_TYPE;
648
649#define PROCESSOR_FEATURE_MAX 64
650
651typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
652{
653 StandardDesign = 0,
654 NEC98x86,
655 EndAlternatives
656} ALTERNATIVE_ARCHITECTURE_TYPE;
657
658# if 0
659typedef struct _XSTATE_FEATURE
660{
661 ULONG Offset;
662 ULONG Size;
663} XSTATE_FEATURE;
664typedef XSTATE_FEATURE *PXSTATE_FEATURE;
665
666#define MAXIMUM_XSTATE_FEATURES 64
667
668typedef struct _XSTATE_CONFIGURATION
669{
670 ULONG64 EnabledFeatures;
671 ULONG Size;
672 ULONG OptimizedSave : 1;
673 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
674} XSTATE_CONFIGURATION;
675typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
676# endif
677#endif /* IPRT_NT_USE_WINTERNL */
678
679typedef struct _KUSER_SHARED_DATA
680{
681 ULONG TickCountLowDeprecated; /**< 0x000 */
682 ULONG TickCountMultiplier; /**< 0x004 */
683 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
684 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
685 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
686 USHORT ImageNumberLow; /**< 0x02c */
687 USHORT ImageNumberHigh; /**< 0x02e */
688 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
689 ULONG MaxStackTraceDepth; /**< 0x238 */
690 ULONG CryptoExponent; /**< 0x23c */
691 ULONG TimeZoneId; /**< 0x240 */
692 ULONG LargePageMinimum; /**< 0x244 */
693 ULONG AitSamplingValue; /**< 0x248 */
694 ULONG AppCompatFlag; /**< 0x24c */
695 ULONGLONG RNGSeedVersion; /**< 0x250 */
696 ULONG GlobalValidationRunlevel; /**< 0x258 */
697 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
698 ULONG Reserved2; /**< 0x260 */
699 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
700 BOOLEAN ProductTypeIsValid; /**< 0x268 */
701 BOOLEAN Reserved0[1]; /**< 0x269 */
702 USHORT NativeProcessorArchitecture; /**< 0x26a */
703 ULONG NtMajorVersion; /**< 0x26c */
704 ULONG NtMinorVersion; /**< 0x270 */
705 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
706 ULONG Reserved1; /**< 0x2b4 */
707 ULONG Reserved3; /**< 0x2b8 */
708 ULONG volatile TimeSlip; /**< 0x2bc */
709 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
710 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
711 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
712 ULONG SuiteMask; /**< 0x2d0 */
713 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
714 union /**< 0x2d5 */
715 {
716 UCHAR MitigationPolicies; /**< 0x2d5 */
717 struct
718 {
719 UCHAR NXSupportPolicy : 2;
720 UCHAR SEHValidationPolicy : 2;
721 UCHAR CurDirDevicesSkippedForDlls : 2;
722 UCHAR Reserved : 2;
723 };
724 };
725 UCHAR Reserved6[2]; /**< 0x2d6 */
726 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
727 ULONG volatile DismountCount; /**< 0x2dc */
728 ULONG ComPlusPackage; /**< 0x2e0 */
729 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
730 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
731 BOOLEAN SafeBootMode; /**< 0x2ec */
732 UCHAR Reserved12[3]; /**< 0x2ed */
733 union /**< 0x2f0 */
734 {
735 ULONG SharedDataFlags; /**< 0x2f0 */
736 struct
737 {
738 ULONG DbgErrorPortPresent : 1;
739 ULONG DbgElevationEnabled : 1;
740 ULONG DbgVirtEnabled : 1;
741 ULONG DbgInstallerDetectEnabled : 1;
742 ULONG DbgLkgEnabled : 1;
743 ULONG DbgDynProcessorEnabled : 1;
744 ULONG DbgConsoleBrokerEnabled : 1;
745 ULONG DbgSecureBootEnabled : 1;
746 ULONG SpareBits : 24;
747 };
748 };
749 ULONG DataFlagsPad[1]; /**< 0x2f4 */
750 ULONGLONG TestRetInstruction; /**< 0x2f8 */
751 LONGLONG QpcFrequency; /**< 0x300 */
752 ULONGLONG SystemCallPad[3]; /**< 0x308 */
753 union /**< 0x320 */
754 {
755 ULONG64 volatile TickCountQuad; /**< 0x320 */
756 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
757 struct /**< 0x320 */
758 {
759 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
760 ULONG TickCountPad[1]; /**< 0x32c */
761 };
762 };
763 ULONG Cookie; /**< 0x330 */
764 ULONG CookiePad[1]; /**< 0x334 */
765 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
766 ULONGLONG TimeUpdateLock; /**< 0x340 */
767 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
768 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
769 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
770 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
771 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
772 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
773 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
774 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
775 UCHAR Reserved8[14]; /**< 0x372 */
776 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
777 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
778 ULONG LangGenerationCount; /**< 0x3a4 */
779 ULONGLONG Reserved4; /**< 0x3a8 */
780 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
781 * subtracts from interrupt time. */
782 ULONGLONG volatile QpcBias; /**< 0x3b8 */
783 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
784 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
785 UCHAR Reserved9; /**< 0x3c5 */
786 union /**< 0x3c6 */
787 {
788 USHORT QpcData; /**< 0x3c6 */
789 struct /**< 0x3c6 */
790 {
791 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
792 UCHAR QpcShift; /**< 0x3c7 */
793 };
794 };
795 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
796 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
797 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
798} KUSER_SHARED_DATA;
799typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
800AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
801AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
802AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
803AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
804AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
805AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
806AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
807AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
808AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
809/** @def MM_SHARED_USER_DATA_VA
810 * Read only userland mapping of KUSER_SHARED_DATA. */
811#ifndef MM_SHARED_USER_DATA_VA
812# if ARCH_BITS == 32
813# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
814# elif ARCH_BITS == 64
815# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
816# else
817# error "Unsupported/undefined ARCH_BITS value."
818# endif
819#endif
820/** @def KI_USER_SHARED_DATA
821 * Read write kernel mapping of KUSER_SHARED_DATA. */
822#ifndef KI_USER_SHARED_DATA
823# ifdef RT_ARCH_X86
824# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
825# elif defined(RT_ARCH_AMD64)
826# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
827# else
828# error "PORT ME - KI_USER_SHARED_DATA"
829# endif
830#endif
831/** @} */
832
833
834/** @name Process And Thread Environment Blocks
835 * @{ */
836
837typedef struct _PEB_LDR_DATA
838{
839 uint32_t Length;
840 BOOLEAN Initialized;
841 BOOLEAN Padding[3];
842 HANDLE SsHandle;
843 LIST_ENTRY InLoadOrderModuleList;
844 LIST_ENTRY InMemoryOrderModuleList;
845 LIST_ENTRY InInitializationOrderModuleList;
846 /* End NT4 */
847 LIST_ENTRY *EntryInProgress;
848 BOOLEAN ShutdownInProgress;
849 HANDLE ShutdownThreadId;
850} PEB_LDR_DATA;
851typedef PEB_LDR_DATA *PPEB_LDR_DATA;
852
853typedef struct _PEB_COMMON
854{
855 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
856 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
857 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
858 union
859 {
860 uint8_t BitField; /**< 0x003 / 0x003 */
861 struct
862 {
863 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
864 } Common;
865 struct
866 {
867 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
868 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
869 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
870 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
871 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
872 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
873 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
874 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
875 } W81;
876 struct
877 {
878 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
879 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
880 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
881 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
882 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
883 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
884 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
885 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
886 } W80;
887 struct
888 {
889 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
890 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
891 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
892 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
893 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
894 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
895 } W7;
896 struct
897 {
898 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
899 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
900 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
901 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
902 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
903 } W6;
904 struct
905 {
906 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
907 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
908 } W52;
909 struct
910 {
911 BOOLEAN SpareBool;
912 } W51;
913 } Diff0;
914#if ARCH_BITS == 64
915 uint32_t Padding0; /**< 0x004 / NA */
916#endif
917 HANDLE Mutant; /**< 0x008 / 0x004 */
918 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
919 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
920 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
921 PVOID SubSystemData; /**< 0x028 / 0x014 */
922 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
923 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
924 union
925 {
926 struct
927 {
928 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
929 PVOID IFEOKey; /**< 0x048 / 0x024 */
930 union
931 {
932 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
933 struct
934 {
935 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
936 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
937 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
938 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
939 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
940 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
941 } W7, W8, W80, W81;
942 struct
943 {
944 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
945 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
946 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
947 } W6;
948 };
949#if ARCH_BITS == 64
950 uint32_t Padding1; /**< 0x054 / */
951#endif
952 } W6, W7, W8, W80, W81;
953 struct
954 {
955 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
956 PVOID SparePtr2; /**< 0x048 / 0x024 */
957 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
958#if ARCH_BITS == 64
959 uint32_t Padding1; /**< 0x054 / */
960#endif
961 } W52;
962 struct
963 {
964 PVOID FastPebLockRoutine; /**< NA / 0x020 */
965 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
966 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
967 } W51;
968 } Diff1;
969 union
970 {
971 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
972 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
973 };
974 uint32_t SystemReserved; /**< 0x060 / 0x030 */
975 union
976 {
977 struct
978 {
979 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
980 } W7, W8, W80, W81;
981 struct
982 {
983 uint32_t SpareUlong; /**< 0x064 / 0x034 */
984 } W52, W6;
985 struct
986 {
987 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
988 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
989 } W51;
990 } Diff2;
991 union
992 {
993 struct
994 {
995 PVOID ApiSetMap; /**< 0x068 / 0x038 */
996 } W7, W8, W80, W81;
997 struct
998 {
999 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
1000 } W52, W6;
1001 struct
1002 {
1003 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
1004 } W51;
1005 } Diff3;
1006 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
1007#if ARCH_BITS == 64
1008 uint32_t Padding2; /**< 0x074 / NA */
1009#endif
1010 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
1011 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
1012 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
1013 union
1014 {
1015 struct
1016 {
1017 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
1018 } W81;
1019 struct
1020 {
1021 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
1022 } W6, W7, W80;
1023 struct
1024 {
1025 PVOID ReadOnlySharedMemoryHeap;
1026 } W52;
1027 } Diff4;
1028 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
1029 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
1030 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
1031 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
1032 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
1033 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
1034#if ARCH_BITS == 32
1035 uint32_t Padding2b;
1036#endif
1037 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
1038 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
1039 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
1040 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
1041 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
1042 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
1043 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
1044 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
1045 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
1046 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
1047 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
1048#if ARCH_BITS == 64
1049 uint32_t Padding3; /**< 0x10c / NA */
1050#endif
1051 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
1052 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
1053 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
1054 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
1055 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
1056 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
1057 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
1058 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
1059 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
1060#if ARCH_BITS == 64
1061 uint32_t Padding4; /**< 0x134 / NA */
1062#endif
1063 union
1064 {
1065 struct
1066 {
1067 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
1068 } W7, W8, W80, W81;
1069 struct
1070 {
1071 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
1072 } W52, W6;
1073 } Diff5;
1074 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
1075 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
1076 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
1077 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
1078 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
1079#if ARCH_BITS == 64
1080 uint32_t Padding5; /**< 0x2c4 / NA */
1081#endif
1082 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
1083 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
1084 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
1085 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
1086 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
1087 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
1088 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
1089 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
1090 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
1091 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
1092 /* End of PEB in W52 (Windows XP (RTM))! */
1093 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
1094 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
1095 PVOID FlsBitmap; /**< 0x338 / 0x218 */
1096 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
1097 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
1098 /* End of PEB in W52 (Windows Server 2003)! */
1099 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
1100 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
1101 /* End of PEB in W6 (windows Vista)! */
1102 union
1103 {
1104 struct
1105 {
1106 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1107 } W8, W80, W81;
1108 struct
1109 {
1110 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1111 } W7;
1112 } Diff6;
1113 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1114 union
1115 {
1116 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1117 struct
1118 {
1119 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1120 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1121 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1122 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1123 } W8, W80, W81;
1124 struct
1125 {
1126 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1127 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1128 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1129 } W7;
1130 } Diff7;
1131#if ARCH_BITS == 64
1132 uint32_t Padding6; /**< 0x37c / NA */
1133#endif
1134 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1135 /* End of PEB in W8, W81. */
1136 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1137 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1138 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1139#if ARCH_BITS == 32
1140 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1141#endif
1142} PEB_COMMON;
1143typedef PEB_COMMON *PPEB_COMMON;
1144
1145AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1146AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1147AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1148AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1149AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1150AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1151AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1152AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1153AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1154
1155/** The size of the windows 10 (build 14393) PEB structure. */
1156#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1157/** The size of the windows 8.1 PEB structure. */
1158#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1159/** The size of the windows 8.0 PEB structure. */
1160#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1161/** The size of the windows 7 PEB structure. */
1162#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1163/** The size of the windows vista PEB structure. */
1164#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1165/** The size of the windows server 2003 PEB structure. */
1166#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1167/** The size of the windows XP PEB structure. */
1168#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1169
1170#if 0
1171typedef struct _NT_TIB
1172{
1173 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1174 PVOID StackBase;
1175 PVOID StackLimit;
1176 PVOID SubSystemTib;
1177 union
1178 {
1179 PVOID FiberData;
1180 ULONG Version;
1181 };
1182 PVOID ArbitraryUserPointer;
1183 struct _NT_TIB *Self;
1184} NT_TIB;
1185typedef NT_TIB *PNT_TIB;
1186#endif
1187
1188typedef struct _ACTIVATION_CONTEXT_STACK
1189{
1190 uint32_t Flags;
1191 uint32_t NextCookieSequenceNumber;
1192 PVOID ActiveFrame;
1193 LIST_ENTRY FrameListCache;
1194} ACTIVATION_CONTEXT_STACK;
1195
1196/* Common TEB. */
1197typedef struct _TEB_COMMON
1198{
1199 NT_TIB NtTib; /**< 0x000 / 0x000 */
1200 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1201 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1202 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1203 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1204 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1205 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1206 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1207 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1208 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1209 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1210 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1211 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1212 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1213 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1214 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1215 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1216#if ARCH_BITS == 64
1217 uint32_t Padding0; /**< 0x2c4 / NA */
1218#endif
1219 union
1220 {
1221 struct
1222 {
1223 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1224 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1225 } W52, W6, W7, W8, W80, W81;
1226#if ARCH_BITS == 32
1227 struct
1228 {
1229 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1230 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1231 } W51;
1232#endif
1233 } Diff0;
1234 union
1235 {
1236 struct
1237 {
1238 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1239 } W6, W7, W8, W80, W81;
1240 struct
1241 {
1242 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1243 } W52;
1244 } Diff1;
1245#if ARCH_BITS == 64
1246 uint32_t Padding1; /**< 0x2ec / NA */
1247#endif
1248 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1249 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1250 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1251 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1252 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1253 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1254 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1255 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1256 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1257 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1258 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1259 PVOID glSection; /**< 0x1230 / 0xbe4 */
1260 PVOID glTable; /**< 0x1238 / 0xbe8 */
1261 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1262 PVOID glContext; /**< 0x1248 / 0xbf0 */
1263 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1264#if ARCH_BITS == 64
1265 uint32_t Padding2; /**< 0x1254 / NA */
1266#endif
1267 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1268 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1269#if ARCH_BITS == 64
1270 WCHAR Padding3[3]; /**< 0x1472 / NA */
1271#endif
1272 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1273 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1274 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1275 PVOID Vdm; /**< 0x1690 / 0xf18 */
1276 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1277 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1278 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1279#if ARCH_BITS == 64
1280 uint32_t Padding4; /**< 0x16b4 / NA */
1281#endif
1282 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1283 union
1284 {
1285 struct
1286 {
1287 GUID ActivityId; /**< 0x1710 / 0xf50 */
1288 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1289 } W6, W7, W8, W80, W81;
1290 struct
1291 {
1292 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1293 } W52;
1294 } Diff2;
1295 union /**< 0x1728 / 0xf64 */
1296 {
1297 struct
1298 {
1299 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1300 } W8, W80, W81;
1301 struct
1302 {
1303 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1304 } W7, W6;
1305 struct
1306 {
1307 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1308 } W52;
1309 struct
1310 {
1311 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1312 } W51;
1313 } Diff3;
1314 union
1315 {
1316 struct
1317 {
1318 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1319 } W52, W6, W7, W8, W80, W81;
1320 struct
1321 {
1322 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1323 } W51;
1324 } Diff4;
1325 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1326 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1327 union
1328 {
1329 union
1330 {
1331 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1332 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1333 struct
1334 {
1335 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1336 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1337 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1338 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1339 };
1340 } W6, W7, W8, W80, W81;
1341 struct
1342 {
1343 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1344 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1345 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1346 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1347 } W51, W52;
1348 } Diff5;
1349 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1350#if ARCH_BITS == 64
1351 uint32_t Padding5; /**< 0x174c / NA */
1352#endif
1353 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1354 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1355 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1356#if ARCH_BITS == 64
1357 uint32_t Padding6; /**< 0x1764 / NA */
1358#endif
1359 union /**< 0x1770 / 0xf8c */
1360 {
1361 struct
1362 {
1363 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1364 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1365 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1366 } W8, W80, W81;
1367 struct
1368 {
1369 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1370 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1371 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1372 } W6, W7;
1373 struct
1374 {
1375 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1376 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1377 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1378 } W52;
1379#if ARCH_BITS == 32
1380 struct _Wx86ThreadState
1381 {
1382 PVOID CallBx86Eip; /**< NA / 0xf88 */
1383 PVOID DeallocationCpu; /**< NA / 0xf8c */
1384 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1385 int8_t OleStubInvoked; /**< NA / 0xf91 */
1386 } W51;
1387#endif
1388 } Diff6;
1389 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1390#if ARCH_BITS == 64
1391 PVOID DallocationBStore; /**< 0x1788 / NA */
1392 PVOID BStoreLimit; /**< 0x1790 / NA */
1393#endif
1394 union
1395 {
1396 struct
1397 {
1398 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1399 } W7, W8, W80, W81;
1400 struct
1401 {
1402 uint32_t ImpersonationLocale;
1403 } W6;
1404 } Diff7;
1405 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1406 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1407 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1408 union /**< 0x17b0 / 0xfa8 */
1409 {
1410 struct
1411 {
1412 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1413 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1414 } W8, W80, W81;
1415 struct
1416 {
1417 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1418 } W7;
1419 } Diff8;
1420#if ARCH_BITS == 64
1421 uint32_t Padding7; /**< 0x17b4 / NA */
1422#endif
1423 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1424 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1425 /* End of TEB in W51 (Windows XP)! */
1426 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1427 union
1428 {
1429 struct
1430 {
1431 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1432 } W6, W7, W8, W80, W81;
1433 struct
1434 {
1435 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1436 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1437 /* End of TEB in W52 (Windows server 2003)! */
1438 } W52;
1439 } Diff9;
1440 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1441 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1442 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1443 union
1444 {
1445 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1446 struct
1447 {
1448 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1449 };
1450 };
1451 union
1452 {
1453 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1454 struct
1455 {
1456 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1457 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1458 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1459 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1460 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1461 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1462 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1463 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1464 } Common;
1465 struct
1466 {
1467 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1468 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1469 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1470 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1471 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1472 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1473 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1474 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1475 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1476 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1477 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1478 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1479 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1480 } W8, W80, W81;
1481 struct
1482 {
1483 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1484 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1485 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1486 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1487 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1488 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1489 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1490 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1491 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1492 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1493 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1494 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1495 } W7;
1496 struct
1497 {
1498 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1499 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1500 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1501 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1502 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1503 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1504 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1505 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1506 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1507 } W6;
1508 } Diff10;
1509 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1510 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1511 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1512 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1513 union
1514 {
1515 struct
1516 {
1517 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1518 } W7, W8, W80, W81;
1519 struct
1520 {
1521 uint32_t ProcessRundown;
1522 } W6;
1523 } Diff11;
1524 union
1525 {
1526 struct
1527 {
1528 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1529 /* End of TEB in W7 (windows 7)! */
1530 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1531 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1532 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1533 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1534 /* End of TEB in W10 14393! */
1535 } W8, W80, W81, W10;
1536 struct
1537 {
1538 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1539 } W7;
1540 struct
1541 {
1542 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1543 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1544 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1545 /* End of TEB in W6 (windows Vista)! */
1546 } W6;
1547 } Diff12;
1548} TEB_COMMON;
1549typedef TEB_COMMON *PTEB_COMMON;
1550AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1551AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1552AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1553AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1554AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1555AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1556AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1557AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1558AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1559AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1560AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1561AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1562AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1563
1564
1565/** The size of the windows 8.1 PEB structure. */
1566#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1567/** The size of the windows 8.1 PEB structure. */
1568#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1569/** The size of the windows 8.0 PEB structure. */
1570#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1571/** The size of the windows 7 PEB structure. */
1572#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1573/** The size of the windows vista PEB structure. */
1574#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1575/** The size of the windows server 2003 PEB structure. */
1576#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1577/** The size of the windows XP PEB structure. */
1578#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1579
1580
1581
1582#define _PEB _PEB_COMMON
1583typedef PEB_COMMON PEB;
1584typedef PPEB_COMMON PPEB;
1585
1586#define _TEB _TEB_COMMON
1587typedef TEB_COMMON TEB;
1588typedef PTEB_COMMON PTEB;
1589
1590#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1591# ifdef RT_ARCH_X86
1592DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1593DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1594DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1595DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1596DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1597# elif defined(RT_ARCH_AMD64)
1598DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1599DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1600DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1601DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1602DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1603# else
1604# error "Port me"
1605# endif
1606#else
1607# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1608# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1609# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1610# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1611# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1612#endif
1613#define NtCurrentPeb() RTNtCurrentPeb()
1614
1615
1616/** @} */
1617
1618
1619#ifdef IPRT_NT_USE_WINTERNL
1620RT_DECL_NTAPI(NTSTATUS) NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1621typedef enum _SECTION_INHERIT
1622{
1623 ViewShare = 1,
1624 ViewUnmap
1625} SECTION_INHERIT;
1626#endif
1627RT_DECL_NTAPI(NTSTATUS) NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1628 ULONG, ULONG);
1629RT_DECL_NTAPI(NTSTATUS) NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1630RT_DECL_NTAPI(NTSTATUS) NtUnmapViewOfSection(HANDLE, PVOID);
1631
1632RT_DECL_NTAPI(NTSTATUS) NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1633RT_DECL_NTAPI(NTSTATUS) ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1634RT_DECL_NTAPI(NTSTATUS) NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1635RT_DECL_NTAPI(NTSTATUS) ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1636RT_DECL_NTAPI(NTSTATUS) NtAlertThread(HANDLE hThread);
1637#ifdef IPRT_NT_USE_WINTERNL
1638RT_DECL_NTAPI(NTSTATUS) ZwAlertThread(HANDLE hThread);
1639#endif
1640RT_DECL_NTAPI(NTSTATUS) NtTestAlert(void);
1641
1642#ifdef IPRT_NT_USE_WINTERNL
1643RT_DECL_NTAPI(NTSTATUS) NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1644RT_DECL_NTAPI(NTSTATUS) NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1645#endif
1646RT_DECL_NTAPI(NTSTATUS) ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1647RT_DECL_NTAPI(NTSTATUS) ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1648
1649#ifdef IPRT_NT_USE_WINTERNL
1650typedef struct _FILE_FS_VOLUME_INFORMATION
1651{
1652 LARGE_INTEGER VolumeCreationTime;
1653 ULONG VolumeSerialNumber;
1654 ULONG VolumeLabelLength;
1655 BOOLEAN SupportsObjects;
1656 WCHAR VolumeLabel[1];
1657} FILE_FS_VOLUME_INFORMATION;
1658typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1659typedef struct _FILE_FS_LABEL_INFORMATION
1660{
1661 ULONG VolumeLabelLength;
1662 WCHAR VolumeLabel[1];
1663} FILE_FS_LABEL_INFORMATION;
1664typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1665typedef struct _FILE_FS_SIZE_INFORMATION
1666{
1667 LARGE_INTEGER TotalAllocationUnits;
1668 LARGE_INTEGER AvailableAllocationUnits;
1669 ULONG SectorsPerAllocationUnit;
1670 ULONG BytesPerSector;
1671} FILE_FS_SIZE_INFORMATION;
1672typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1673typedef struct _FILE_FS_DEVICE_INFORMATION
1674{
1675 DEVICE_TYPE DeviceType;
1676 ULONG Characteristics;
1677} FILE_FS_DEVICE_INFORMATION;
1678typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1679typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1680{
1681 ULONG FileSystemAttributes;
1682 LONG MaximumComponentNameLength;
1683 ULONG FileSystemNameLength;
1684 WCHAR FileSystemName[1];
1685} FILE_FS_ATTRIBUTE_INFORMATION;
1686typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1687typedef struct _FILE_FS_CONTROL_INFORMATION
1688{
1689 LARGE_INTEGER FreeSpaceStartFiltering;
1690 LARGE_INTEGER FreeSpaceThreshold;
1691 LARGE_INTEGER FreeSpaceStopFiltering;
1692 LARGE_INTEGER DefaultQuotaThreshold;
1693 LARGE_INTEGER DefaultQuotaLimit;
1694 ULONG FileSystemControlFlags;
1695} FILE_FS_CONTROL_INFORMATION;
1696typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1697typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1698{
1699 LARGE_INTEGER TotalAllocationUnits;
1700 LARGE_INTEGER CallerAvailableAllocationUnits;
1701 LARGE_INTEGER ActualAvailableAllocationUnits;
1702 ULONG SectorsPerAllocationUnit;
1703 ULONG BytesPerSector;
1704} FILE_FS_FULL_SIZE_INFORMATION;
1705typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1706typedef struct _FILE_FS_OBJECTID_INFORMATION
1707{
1708 UCHAR ObjectId[16];
1709 UCHAR ExtendedInfo[48];
1710} FILE_FS_OBJECTID_INFORMATION;
1711typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1712typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1713{
1714 BOOLEAN DriverInPath;
1715 ULONG DriverNameLength;
1716 WCHAR DriverName[1];
1717} FILE_FS_DRIVER_PATH_INFORMATION;
1718typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1719typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1720{
1721 ULONG Flags;
1722} FILE_FS_VOLUME_FLAGS_INFORMATION;
1723typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1724#endif
1725#if !defined(SSINFO_OFFSET_UNKNOWN) || defined(IPRT_NT_USE_WINTERNL)
1726typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1727{
1728 ULONG LogicalBytesPerSector;
1729 ULONG PhysicalBytesPerSectorForAtomicity;
1730 ULONG PhysicalBytesPerSectorForPerformance;
1731 ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1732 ULONG Flags;
1733 ULONG ByteOffsetForSectorAlignment;
1734 ULONG ByteOffsetForPartitionAlignment;
1735} FILE_FS_SECTOR_SIZE_INFORMATION;
1736typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1737# ifndef SSINFO_OFFSET_UNKNOWN
1738# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1739# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1740# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1741# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1742# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1743# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1744# endif
1745#endif
1746#ifdef IPRT_NT_USE_WINTERNL
1747typedef struct _FILE_FS_DATA_COPY_INFORMATION
1748{
1749 ULONG NumberOfCopies;
1750} FILE_FS_DATA_COPY_INFORMATION;
1751typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1752typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1753{
1754 LARGE_INTEGER TotalMetadataAllocationUnits;
1755 ULONG SectorsPerAllocationUnit;
1756 ULONG BytesPerSector;
1757} FILE_FS_METADATA_SIZE_INFORMATION;
1758typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1759typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1760{
1761 ULONGLONG ActualTotalAllocationUnits;
1762 ULONGLONG ActualAvailableAllocationUnits;
1763 ULONGLONG ActualPoolUnavailableAllocationUnits;
1764 ULONGLONG CallerTotalAllocationUnits;
1765 ULONGLONG CallerAvailableAllocationUnits;
1766 ULONGLONG CallerPoolUnavailableAllocationUnits;
1767 ULONGLONG UsedAllocationUnits;
1768 ULONGLONG TotalReservedAllocationUnits;
1769 ULONGLONG VolumeStorageReserveAllocationUnits;
1770 ULONGLONG AvailableCommittedAllocationUnits;
1771 ULONGLONG PoolAvailableAllocationUnits;
1772 ULONG SectorsPerAllocationUnit;
1773 ULONG BytesPerSector;
1774} FILE_FS_FULL_SIZE_INFORMATION_EX;
1775typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1776#endif /* IPRT_NT_USE_WINTERNL */
1777
1778typedef enum _FSINFOCLASS
1779{
1780 FileFsVolumeInformation = 1,
1781 FileFsLabelInformation,
1782 FileFsSizeInformation, /**< FILE_FS_SIZE_INFORMATION */
1783 FileFsDeviceInformation,
1784 FileFsAttributeInformation,
1785 FileFsControlInformation,
1786 FileFsFullSizeInformation,
1787 FileFsObjectIdInformation,
1788 FileFsDriverPathInformation,
1789 FileFsVolumeFlagsInformation,
1790 FileFsSectorSizeInformation,
1791 FileFsDataCopyInformation,
1792 FileFsMetadataSizeInformation,
1793 FileFsFullSizeInformationEx,
1794 FileFsMaximumInformation
1795} FS_INFORMATION_CLASS;
1796typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1797RT_DECL_NTAPI(NTSTATUS) NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1798RT_DECL_NTAPI(NTSTATUS) NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1799
1800#ifdef IPRT_NT_USE_WINTERNL
1801typedef struct _FILE_DIRECTORY_INFORMATION
1802{
1803 ULONG NextEntryOffset;
1804 ULONG FileIndex;
1805 LARGE_INTEGER CreationTime;
1806 LARGE_INTEGER LastAccessTime;
1807 LARGE_INTEGER LastWriteTime;
1808 LARGE_INTEGER ChangeTime;
1809 LARGE_INTEGER EndOfFile;
1810 LARGE_INTEGER AllocationSize;
1811 ULONG FileAttributes;
1812 ULONG FileNameLength;
1813 WCHAR FileName[1];
1814} FILE_DIRECTORY_INFORMATION;
1815typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1816typedef struct _FILE_FULL_DIR_INFORMATION
1817{
1818 ULONG NextEntryOffset;
1819 ULONG FileIndex;
1820 LARGE_INTEGER CreationTime;
1821 LARGE_INTEGER LastAccessTime;
1822 LARGE_INTEGER LastWriteTime;
1823 LARGE_INTEGER ChangeTime;
1824 LARGE_INTEGER EndOfFile;
1825 LARGE_INTEGER AllocationSize;
1826 ULONG FileAttributes;
1827 ULONG FileNameLength;
1828 ULONG EaSize;
1829 WCHAR FileName[1];
1830} FILE_FULL_DIR_INFORMATION;
1831typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1832typedef struct _FILE_BOTH_DIR_INFORMATION
1833{
1834 ULONG NextEntryOffset; /**< 0x00: */
1835 ULONG FileIndex; /**< 0x04: */
1836 LARGE_INTEGER CreationTime; /**< 0x08: */
1837 LARGE_INTEGER LastAccessTime; /**< 0x10: */
1838 LARGE_INTEGER LastWriteTime; /**< 0x18: */
1839 LARGE_INTEGER ChangeTime; /**< 0x20: */
1840 LARGE_INTEGER EndOfFile; /**< 0x28: */
1841 LARGE_INTEGER AllocationSize; /**< 0x30: */
1842 ULONG FileAttributes; /**< 0x38: */
1843 ULONG FileNameLength; /**< 0x3c: */
1844 ULONG EaSize; /**< 0x40: */
1845 CCHAR ShortNameLength; /**< 0x44: */
1846 WCHAR ShortName[12]; /**< 0x46: */
1847 WCHAR FileName[1]; /**< 0x5e: */
1848} FILE_BOTH_DIR_INFORMATION;
1849typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1850typedef struct _FILE_BASIC_INFORMATION
1851{
1852 LARGE_INTEGER CreationTime;
1853 LARGE_INTEGER LastAccessTime;
1854 LARGE_INTEGER LastWriteTime;
1855 LARGE_INTEGER ChangeTime;
1856 ULONG FileAttributes;
1857} FILE_BASIC_INFORMATION;
1858typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1859typedef struct _FILE_STANDARD_INFORMATION
1860{
1861 LARGE_INTEGER AllocationSize;
1862 LARGE_INTEGER EndOfFile;
1863 ULONG NumberOfLinks;
1864 BOOLEAN DeletePending;
1865 BOOLEAN Directory;
1866} FILE_STANDARD_INFORMATION;
1867typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1868typedef struct _FILE_NAME_INFORMATION
1869{
1870 ULONG FileNameLength;
1871 WCHAR FileName[1];
1872} FILE_NAME_INFORMATION;
1873typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1874typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1875typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1876typedef struct _FILE_INTERNAL_INFORMATION
1877{
1878 LARGE_INTEGER IndexNumber;
1879} FILE_INTERNAL_INFORMATION;
1880typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1881typedef struct _FILE_EA_INFORMATION
1882{
1883 ULONG EaSize;
1884} FILE_EA_INFORMATION;
1885typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1886typedef struct _FILE_ACCESS_INFORMATION
1887{
1888 ACCESS_MASK AccessFlags;
1889} FILE_ACCESS_INFORMATION;
1890typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1891typedef struct _FILE_RENAME_INFORMATION
1892{
1893 union
1894 {
1895 BOOLEAN ReplaceIfExists;
1896 ULONG Flags;
1897 };
1898 HANDLE RootDirectory;
1899 ULONG FileNameLength;
1900 WCHAR FileName[1];
1901} FILE_RENAME_INFORMATION;
1902typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1903typedef struct _FILE_LINK_INFORMATION
1904{
1905 union
1906 {
1907 BOOLEAN ReplaceIfExists;
1908 ULONG Flags;
1909 };
1910 HANDLE RootDirectory;
1911 ULONG FileNameLength;
1912 WCHAR FileName[1];
1913} FILE_LINK_INFORMATION;
1914typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1915typedef struct _FILE_NAMES_INFORMATION
1916{
1917 ULONG NextEntryOffset;
1918 ULONG FileIndex;
1919 ULONG FileNameLength;
1920 WCHAR FileName[1];
1921} FILE_NAMES_INFORMATION;
1922typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1923typedef struct _FILE_DISPOSITION_INFORMATION
1924{
1925 BOOLEAN DeleteFile;
1926} FILE_DISPOSITION_INFORMATION;
1927typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1928typedef struct _FILE_POSITION_INFORMATION
1929{
1930 LARGE_INTEGER CurrentByteOffset;
1931} FILE_POSITION_INFORMATION;
1932typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1933typedef struct _FILE_FULL_EA_INFORMATION
1934{
1935 ULONG NextEntryOffset;
1936 UCHAR Flags;
1937 UCHAR EaNameLength;
1938 USHORT EaValueLength;
1939 CHAR EaName[1];
1940} FILE_FULL_EA_INFORMATION;
1941typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1942typedef struct _FILE_MODE_INFORMATION
1943{
1944 ULONG Mode;
1945} FILE_MODE_INFORMATION;
1946typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1947typedef struct _FILE_ALIGNMENT_INFORMATION
1948{
1949 ULONG AlignmentRequirement;
1950} FILE_ALIGNMENT_INFORMATION;
1951typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1952typedef struct _FILE_ALL_INFORMATION
1953{
1954 FILE_BASIC_INFORMATION BasicInformation;
1955 FILE_STANDARD_INFORMATION StandardInformation;
1956 FILE_INTERNAL_INFORMATION InternalInformation;
1957 FILE_EA_INFORMATION EaInformation;
1958 FILE_ACCESS_INFORMATION AccessInformation;
1959 FILE_POSITION_INFORMATION PositionInformation;
1960 FILE_MODE_INFORMATION ModeInformation;
1961 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1962 FILE_NAME_INFORMATION NameInformation;
1963} FILE_ALL_INFORMATION;
1964typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1965typedef struct _FILE_ALLOCATION_INFORMATION
1966{
1967 LARGE_INTEGER AllocationSize;
1968} FILE_ALLOCATION_INFORMATION;
1969typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1970typedef struct _FILE_END_OF_FILE_INFORMATION
1971{
1972 LARGE_INTEGER EndOfFile;
1973} FILE_END_OF_FILE_INFORMATION;
1974typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1975typedef struct _FILE_STREAM_INFORMATION
1976{
1977 ULONG NextEntryOffset;
1978 ULONG StreamNameLength;
1979 LARGE_INTEGER StreamSize;
1980 LARGE_INTEGER StreamAllocationSize;
1981 WCHAR StreamName[1];
1982} FILE_STREAM_INFORMATION;
1983typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
1984typedef struct _FILE_PIPE_INFORMATION
1985{
1986 ULONG ReadMode;
1987 ULONG CompletionMode;
1988} FILE_PIPE_INFORMATION;
1989typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
1990
1991typedef struct _FILE_PIPE_LOCAL_INFORMATION
1992{
1993 ULONG NamedPipeType;
1994 ULONG NamedPipeConfiguration;
1995 ULONG MaximumInstances;
1996 ULONG CurrentInstances;
1997 ULONG InboundQuota;
1998 ULONG ReadDataAvailable;
1999 ULONG OutboundQuota;
2000 ULONG WriteQuotaAvailable;
2001 ULONG NamedPipeState;
2002 ULONG NamedPipeEnd;
2003} FILE_PIPE_LOCAL_INFORMATION;
2004typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
2005
2006typedef struct _FILE_PIPE_REMOTE_INFORMATION
2007{
2008 LARGE_INTEGER CollectDataTime;
2009 ULONG MaximumCollectionCount;
2010} FILE_PIPE_REMOTE_INFORMATION;
2011typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
2012typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
2013{
2014 ULONG MaximumMessageSize;
2015 ULONG MailslotQuota;
2016 ULONG NextMessageSize;
2017 ULONG MessagesAvailable;
2018 LARGE_INTEGER ReadTimeout;
2019} FILE_MAILSLOT_QUERY_INFORMATION;
2020typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
2021typedef struct _FILE_MAILSLOT_SET_INFORMATION
2022{
2023 PLARGE_INTEGER ReadTimeout;
2024} FILE_MAILSLOT_SET_INFORMATION;
2025typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2026typedef struct _FILE_COMPRESSION_INFORMATION
2027{
2028 LARGE_INTEGER CompressedFileSize;
2029 USHORT CompressionFormat;
2030 UCHAR CompressionUnitShift;
2031 UCHAR ChunkShift;
2032 UCHAR ClusterShift;
2033 UCHAR Reserved[3];
2034} FILE_COMPRESSION_INFORMATION;
2035typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2036typedef struct _FILE_OBJECTID_INFORMATION
2037{
2038 LONGLONG FileReference;
2039 UCHAR ObjectId[16];
2040 union
2041 {
2042 struct
2043 {
2044 UCHAR BirthVolumeId[16];
2045 UCHAR BirthObjectId[16];
2046 UCHAR DomainId[16];
2047 };
2048 UCHAR ExtendedInfo[48];
2049 };
2050} FILE_OBJECTID_INFORMATION;
2051typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2052typedef struct _FILE_COMPLETION_INFORMATION
2053{
2054 HANDLE Port;
2055 PVOID Key;
2056} FILE_COMPLETION_INFORMATION;
2057typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2058typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2059{
2060 ULONG ClusterCount;
2061 HANDLE RootDirectory;
2062 ULONG FileNameLength;
2063 WCHAR FileName[1];
2064} FILE_MOVE_CLUSTER_INFORMATION;
2065typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2066typedef struct _FILE_QUOTA_INFORMATION
2067{
2068 ULONG NextEntryOffset;
2069 ULONG SidLength;
2070 LARGE_INTEGER ChangeTime;
2071 LARGE_INTEGER QuotaUsed;
2072 LARGE_INTEGER QuotaThreshold;
2073 LARGE_INTEGER QuotaLimit;
2074 SID Sid;
2075} FILE_QUOTA_INFORMATION;
2076typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2077typedef struct _FILE_REPARSE_POINT_INFORMATION
2078{
2079 LONGLONG FileReference;
2080 ULONG Tag;
2081} FILE_REPARSE_POINT_INFORMATION;
2082typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2083typedef struct _FILE_NETWORK_OPEN_INFORMATION
2084{
2085 LARGE_INTEGER CreationTime;
2086 LARGE_INTEGER LastAccessTime;
2087 LARGE_INTEGER LastWriteTime;
2088 LARGE_INTEGER ChangeTime;
2089 LARGE_INTEGER AllocationSize;
2090 LARGE_INTEGER EndOfFile;
2091 ULONG FileAttributes;
2092} FILE_NETWORK_OPEN_INFORMATION;
2093typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2094typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2095{
2096 ULONG FileAttributes;
2097 ULONG ReparseTag;
2098} FILE_ATTRIBUTE_TAG_INFORMATION;
2099typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2100typedef struct _FILE_TRACKING_INFORMATION
2101{
2102 HANDLE DestinationFile;
2103 ULONG ObjectInformationLength;
2104 CHAR ObjectInformation[1];
2105} FILE_TRACKING_INFORMATION;
2106typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2107typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2108{
2109 ULONG NextEntryOffset;
2110 ULONG FileIndex;
2111 LARGE_INTEGER CreationTime;
2112 LARGE_INTEGER LastAccessTime;
2113 LARGE_INTEGER LastWriteTime;
2114 LARGE_INTEGER ChangeTime;
2115 LARGE_INTEGER EndOfFile;
2116 LARGE_INTEGER AllocationSize;
2117 ULONG FileAttributes;
2118 ULONG FileNameLength;
2119 ULONG EaSize;
2120 CCHAR ShortNameLength;
2121 WCHAR ShortName[12];
2122 LARGE_INTEGER FileId;
2123 WCHAR FileName[1];
2124} FILE_ID_BOTH_DIR_INFORMATION;
2125typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2126typedef struct _FILE_ID_FULL_DIR_INFORMATION
2127{
2128 ULONG NextEntryOffset;
2129 ULONG FileIndex;
2130 LARGE_INTEGER CreationTime;
2131 LARGE_INTEGER LastAccessTime;
2132 LARGE_INTEGER LastWriteTime;
2133 LARGE_INTEGER ChangeTime;
2134 LARGE_INTEGER EndOfFile;
2135 LARGE_INTEGER AllocationSize;
2136 ULONG FileAttributes;
2137 ULONG FileNameLength;
2138 ULONG EaSize;
2139 LARGE_INTEGER FileId;
2140 WCHAR FileName[1];
2141} FILE_ID_FULL_DIR_INFORMATION;
2142typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2143typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2144{
2145 LARGE_INTEGER ValidDataLength;
2146} FILE_VALID_DATA_LENGTH_INFORMATION;
2147typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2148typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2149{
2150 ULONG Flags;
2151} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2152typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2153typedef enum _IO_PRIORITY_HINT
2154{
2155 IoPriorityVeryLow = 0,
2156 IoPriorityLow,
2157 IoPriorityNormal,
2158 IoPriorityHigh,
2159 IoPriorityCritical,
2160 MaxIoPriorityTypes
2161} IO_PRIORITY_HINT;
2162AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2163typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2164{
2165 IO_PRIORITY_HINT PriorityHint;
2166} FILE_IO_PRIORITY_HINT_INFORMATION;
2167typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2168typedef struct _FILE_SFIO_RESERVE_INFORMATION
2169{
2170 ULONG RequestsPerPeriod;
2171 ULONG Period;
2172 BOOLEAN RetryFailures;
2173 BOOLEAN Discardable;
2174 ULONG RequestSize;
2175 ULONG NumOutstandingRequests;
2176} FILE_SFIO_RESERVE_INFORMATION;
2177typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2178typedef struct _FILE_SFIO_VOLUME_INFORMATION
2179{
2180 ULONG MaximumRequestsPerPeriod;
2181 ULONG MinimumPeriod;
2182 ULONG MinimumTransferSize;
2183} FILE_SFIO_VOLUME_INFORMATION;
2184typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2185typedef struct _FILE_LINK_ENTRY_INFORMATION
2186{
2187 ULONG NextEntryOffset;
2188 LONGLONG ParentFileId;
2189 ULONG FileNameLength;
2190 WCHAR FileName[1];
2191} FILE_LINK_ENTRY_INFORMATION;
2192typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2193typedef struct _FILE_LINKS_INFORMATION
2194{
2195 ULONG BytesNeeded;
2196 ULONG EntriesReturned;
2197 FILE_LINK_ENTRY_INFORMATION Entry;
2198} FILE_LINKS_INFORMATION;
2199typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2200typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2201{
2202 ULONG NumberOfProcessIdsInList;
2203 ULONG_PTR ProcessIdList[1];
2204} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2205typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2206typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2207{
2208 ULONG NextEntryOffset;
2209 ULONG FileIndex;
2210 LARGE_INTEGER CreationTime;
2211 LARGE_INTEGER LastAccessTime;
2212 LARGE_INTEGER LastWriteTime;
2213 LARGE_INTEGER ChangeTime;
2214 LARGE_INTEGER EndOfFile;
2215 LARGE_INTEGER AllocationSize;
2216 ULONG FileAttributes;
2217 ULONG FileNameLength;
2218 LARGE_INTEGER FileId;
2219 GUID LockingTransactionId;
2220 ULONG TxInfoFlags;
2221 WCHAR FileName[1];
2222} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2223typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2224typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2225{
2226 BOOLEAN IsRemote;
2227} FILE_IS_REMOTE_DEVICE_INFORMATION;
2228typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2229typedef struct _FILE_NUMA_NODE_INFORMATION
2230{
2231 USHORT NodeNumber;
2232} FILE_NUMA_NODE_INFORMATION;
2233typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2234typedef struct _FILE_STANDARD_LINK_INFORMATION
2235{
2236 ULONG NumberOfAccessibleLinks;
2237 ULONG TotalNumberOfLinks;
2238 BOOLEAN DeletePending;
2239 BOOLEAN Directory;
2240} FILE_STANDARD_LINK_INFORMATION;
2241typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2242typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2243{
2244 USHORT StructureVersion;
2245 USHORT StructureSize;
2246 ULONG Protocol;
2247 USHORT ProtocolMajorVersion;
2248 USHORT ProtocolMinorVersion;
2249 USHORT ProtocolRevision;
2250 USHORT Reserved;
2251 ULONG Flags;
2252 struct
2253 {
2254 ULONG Reserved[8];
2255 } GenericReserved;
2256 struct
2257 {
2258 ULONG Reserved[16];
2259 } ProtocolSpecificReserved;
2260} FILE_REMOTE_PROTOCOL_INFORMATION;
2261typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2262typedef struct _FILE_VOLUME_NAME_INFORMATION
2263{
2264 ULONG DeviceNameLength;
2265 WCHAR DeviceName[1];
2266} FILE_VOLUME_NAME_INFORMATION;
2267typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2268# ifndef FILE_INVALID_FILE_ID
2269typedef struct _FILE_ID_128
2270{
2271 BYTE Identifier[16];
2272} FILE_ID_128;
2273typedef FILE_ID_128 *PFILE_ID_128;
2274# endif
2275typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2276{
2277 ULONG NextEntryOffset;
2278 ULONG FileIndex;
2279 LARGE_INTEGER CreationTime;
2280 LARGE_INTEGER LastAccessTime;
2281 LARGE_INTEGER LastWriteTime;
2282 LARGE_INTEGER ChangeTime;
2283 LARGE_INTEGER EndOfFile;
2284 LARGE_INTEGER AllocationSize;
2285 ULONG FileAttributes;
2286 ULONG FileNameLength;
2287 ULONG EaSize;
2288 ULONG ReparsePointTag;
2289 FILE_ID_128 FileId;
2290 WCHAR FileName[1];
2291} FILE_ID_EXTD_DIR_INFORMATION;
2292typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2293typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2294{
2295 ULONG NextEntryOffset;
2296 ULONG FileIndex;
2297 LARGE_INTEGER CreationTime;
2298 LARGE_INTEGER LastAccessTime;
2299 LARGE_INTEGER LastWriteTime;
2300 LARGE_INTEGER ChangeTime;
2301 LARGE_INTEGER EndOfFile;
2302 LARGE_INTEGER AllocationSize;
2303 ULONG FileAttributes;
2304 ULONG FileNameLength;
2305 ULONG EaSize;
2306 ULONG ReparsePointTag;
2307 FILE_ID_128 FileId;
2308 CCHAR ShortNameLength;
2309 WCHAR ShortName[12];
2310 WCHAR FileName[1];
2311} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2312typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2313typedef struct _FILE_ID_INFORMATION
2314{
2315 ULONGLONG VolumeSerialNumber;
2316 FILE_ID_128 FileId;
2317} FILE_ID_INFORMATION;
2318typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2319typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2320{
2321 ULONG NextEntryOffset;
2322 FILE_ID_128 ParentFileId;
2323 ULONG FileNameLength;
2324 WCHAR FileName[1];
2325} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2326typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2327typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2328 ULONG BytesNeeded;
2329 ULONG EntriesReturned;
2330 FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2331} FILE_LINKS_FULL_ID_INFORMATION;
2332typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2333typedef struct _FILE_DISPOSITION_INFORMATION_EX
2334{
2335 ULONG Flags;
2336} FILE_DISPOSITION_INFORMATION_EX;
2337typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2338# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2339typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2340{
2341 /*FILE_STORAGE_TIER_CLASS*/ ULONG Class;
2342 ULONG Flags;
2343} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2344typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2345# endif
2346typedef struct _FILE_STAT_INFORMATION
2347{
2348 LARGE_INTEGER FileId;
2349 LARGE_INTEGER CreationTime;
2350 LARGE_INTEGER LastAccessTime;
2351 LARGE_INTEGER LastWriteTime;
2352 LARGE_INTEGER ChangeTime;
2353 LARGE_INTEGER AllocationSize;
2354 LARGE_INTEGER EndOfFile;
2355 ULONG FileAttributes;
2356 ULONG ReparseTag;
2357 ULONG NumberOfLinks;
2358 ACCESS_MASK EffectiveAccess;
2359} FILE_STAT_INFORMATION;
2360typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2361typedef struct _FILE_STAT_LX_INFORMATION
2362{
2363 LARGE_INTEGER FileId;
2364 LARGE_INTEGER CreationTime;
2365 LARGE_INTEGER LastAccessTime;
2366 LARGE_INTEGER LastWriteTime;
2367 LARGE_INTEGER ChangeTime;
2368 LARGE_INTEGER AllocationSize;
2369 LARGE_INTEGER EndOfFile;
2370 ULONG FileAttributes;
2371 ULONG ReparseTag;
2372 ULONG NumberOfLinks;
2373 ACCESS_MASK EffectiveAccess;
2374 ULONG LxFlags;
2375 ULONG LxUid;
2376 ULONG LxGid;
2377 ULONG LxMode;
2378 ULONG LxDeviceIdMajor;
2379 ULONG LxDeviceIdMinor;
2380} FILE_STAT_LX_INFORMATION;
2381typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2382typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2383{
2384 ULONG Flags;
2385} FILE_CASE_SENSITIVE_INFORMATION;
2386typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2387
2388typedef enum _FILE_INFORMATION_CLASS
2389{
2390 FileDirectoryInformation = 1,
2391 FileFullDirectoryInformation,
2392 FileBothDirectoryInformation,
2393 FileBasicInformation,
2394 FileStandardInformation,
2395 FileInternalInformation,
2396 FileEaInformation,
2397 FileAccessInformation,
2398 FileNameInformation,
2399 FileRenameInformation,
2400 FileLinkInformation,
2401 FileNamesInformation,
2402 FileDispositionInformation,
2403 FilePositionInformation,
2404 FileFullEaInformation,
2405 FileModeInformation,
2406 FileAlignmentInformation,
2407 FileAllInformation,
2408 FileAllocationInformation,
2409 FileEndOfFileInformation,
2410 FileAlternateNameInformation,
2411 FileStreamInformation,
2412 FilePipeInformation,
2413 FilePipeLocalInformation,
2414 FilePipeRemoteInformation,
2415 FileMailslotQueryInformation,
2416 FileMailslotSetInformation,
2417 FileCompressionInformation,
2418 FileObjectIdInformation,
2419 FileCompletionInformation,
2420 FileMoveClusterInformation,
2421 FileQuotaInformation,
2422 FileReparsePointInformation,
2423 FileNetworkOpenInformation,
2424 FileAttributeTagInformation,
2425 FileTrackingInformation,
2426 FileIdBothDirectoryInformation,
2427 FileIdFullDirectoryInformation,
2428 FileValidDataLengthInformation,
2429 FileShortNameInformation,
2430 FileIoCompletionNotificationInformation,
2431 FileIoStatusBlockRangeInformation,
2432 FileIoPriorityHintInformation,
2433 FileSfioReserveInformation,
2434 FileSfioVolumeInformation,
2435 FileHardLinkInformation,
2436 FileProcessIdsUsingFileInformation,
2437 FileNormalizedNameInformation,
2438 FileNetworkPhysicalNameInformation,
2439 FileIdGlobalTxDirectoryInformation,
2440 FileIsRemoteDeviceInformation,
2441 FileUnusedInformation,
2442 FileNumaNodeInformation,
2443 FileStandardLinkInformation,
2444 FileRemoteProtocolInformation,
2445 /* Defined with Windows 10: */
2446 FileRenameInformationBypassAccessCheck,
2447 FileLinkInformationBypassAccessCheck,
2448 FileVolumeNameInformation,
2449 FileIdInformation,
2450 FileIdExtdDirectoryInformation,
2451 FileReplaceCompletionInformation,
2452 FileHardLinkFullIdInformation,
2453 FileIdExtdBothDirectoryInformation,
2454 FileDispositionInformationEx,
2455 FileRenameInformationEx,
2456 FileRenameInformationExBypassAccessCheck,
2457 FileDesiredStorageClassInformation,
2458 FileStatInformation,
2459 FileMemoryPartitionInformation,
2460 FileStatLxInformation,
2461 FileCaseSensitiveInformation,
2462 FileLinkInformationEx,
2463 FileLinkInformationExBypassAccessCheck,
2464 FileStorageReserveIdInformation,
2465 FileCaseSensitiveInformationForceAccessCheck,
2466 FileMaximumInformation
2467} FILE_INFORMATION_CLASS;
2468typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2469RT_DECL_NTAPI(NTSTATUS) NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2470RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2471 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2472RT_DECL_NTAPI(NTSTATUS) NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2473#endif /* IPRT_NT_USE_WINTERNL */
2474RT_DECL_NTAPI(NTSTATUS) NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2475RT_DECL_NTAPI(NTSTATUS) NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2476
2477
2478/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2479 * @{ */
2480#ifndef SE_GROUP_MANDATORY
2481# define SE_GROUP_MANDATORY UINT32_C(0x01)
2482#endif
2483#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2484# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2485#endif
2486#ifndef SE_GROUP_ENABLED
2487# define SE_GROUP_ENABLED UINT32_C(0x04)
2488#endif
2489#ifndef SE_GROUP_OWNER
2490# define SE_GROUP_OWNER UINT32_C(0x08)
2491#endif
2492#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2493# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2494#endif
2495#ifndef SE_GROUP_INTEGRITY
2496# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2497#endif
2498#ifndef SE_GROUP_INTEGRITY_ENABLED
2499# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2500#endif
2501#ifndef SE_GROUP_RESOURCE
2502# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2503#endif
2504#ifndef SE_GROUP_LOGON_ID
2505# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2506#endif
2507/** @} */
2508
2509
2510#ifdef IPRT_NT_USE_WINTERNL
2511
2512/** For use with KeyBasicInformation. */
2513typedef struct _KEY_BASIC_INFORMATION
2514{
2515 LARGE_INTEGER LastWriteTime;
2516 ULONG TitleIndex;
2517 ULONG NameLength;
2518 WCHAR Name[1];
2519} KEY_BASIC_INFORMATION;
2520typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2521
2522/** For use with KeyNodeInformation. */
2523typedef struct _KEY_NODE_INFORMATION
2524{
2525 LARGE_INTEGER LastWriteTime;
2526 ULONG TitleIndex;
2527 ULONG ClassOffset; /**< Offset from the start of the structure. */
2528 ULONG ClassLength;
2529 ULONG NameLength;
2530 WCHAR Name[1];
2531} KEY_NODE_INFORMATION;
2532typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2533
2534/** For use with KeyFullInformation. */
2535typedef struct _KEY_FULL_INFORMATION
2536{
2537 LARGE_INTEGER LastWriteTime;
2538 ULONG TitleIndex;
2539 ULONG ClassOffset; /**< Offset of the Class member. */
2540 ULONG ClassLength;
2541 ULONG SubKeys;
2542 ULONG MaxNameLen;
2543 ULONG MaxClassLen;
2544 ULONG Values;
2545 ULONG MaxValueNameLen;
2546 ULONG MaxValueDataLen;
2547 WCHAR Class[1];
2548} KEY_FULL_INFORMATION;
2549typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2550
2551/** For use with KeyNameInformation. */
2552typedef struct _KEY_NAME_INFORMATION
2553{
2554 ULONG NameLength;
2555 WCHAR Name[1];
2556} KEY_NAME_INFORMATION;
2557typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2558
2559/** For use with KeyCachedInformation. */
2560typedef struct _KEY_CACHED_INFORMATION
2561{
2562 LARGE_INTEGER LastWriteTime;
2563 ULONG TitleIndex;
2564 ULONG SubKeys;
2565 ULONG MaxNameLen;
2566 ULONG Values;
2567 ULONG MaxValueNameLen;
2568 ULONG MaxValueDataLen;
2569 ULONG NameLength;
2570} KEY_CACHED_INFORMATION;
2571typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2572
2573/** For use with KeyVirtualizationInformation. */
2574typedef struct _KEY_VIRTUALIZATION_INFORMATION
2575{
2576 ULONG VirtualizationCandidate : 1;
2577 ULONG VirtualizationEnabled : 1;
2578 ULONG VirtualTarget : 1;
2579 ULONG VirtualStore : 1;
2580 ULONG VirtualSource : 1;
2581 ULONG Reserved : 27;
2582} KEY_VIRTUALIZATION_INFORMATION;
2583typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2584
2585typedef enum _KEY_INFORMATION_CLASS
2586{
2587 KeyBasicInformation = 0,
2588 KeyNodeInformation,
2589 KeyFullInformation,
2590 KeyNameInformation,
2591 KeyCachedInformation,
2592 KeyFlagsInformation,
2593 KeyVirtualizationInformation,
2594 KeyHandleTagsInformation,
2595 MaxKeyInfoClass
2596} KEY_INFORMATION_CLASS;
2597RT_DECL_NTAPI(NTSTATUS) NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2598RT_DECL_NTAPI(NTSTATUS) NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2599
2600typedef struct _MEMORY_SECTION_NAME
2601{
2602 UNICODE_STRING SectionFileName;
2603 WCHAR NameBuffer[1];
2604} MEMORY_SECTION_NAME;
2605
2606#ifdef IPRT_NT_USE_WINTERNL
2607typedef struct _PROCESS_BASIC_INFORMATION
2608{
2609 NTSTATUS ExitStatus;
2610 PPEB PebBaseAddress;
2611 ULONG_PTR AffinityMask;
2612 int32_t BasePriority;
2613 ULONG_PTR UniqueProcessId;
2614 ULONG_PTR InheritedFromUniqueProcessId;
2615} PROCESS_BASIC_INFORMATION;
2616typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2617#endif
2618
2619typedef enum _PROCESSINFOCLASS
2620{
2621 ProcessBasicInformation = 0, /**< 0 / 0x00 */
2622 ProcessQuotaLimits, /**< 1 / 0x01 */
2623 ProcessIoCounters, /**< 2 / 0x02 */
2624 ProcessVmCounters, /**< 3 / 0x03 */
2625 ProcessTimes, /**< 4 / 0x04 */
2626 ProcessBasePriority, /**< 5 / 0x05 */
2627 ProcessRaisePriority, /**< 6 / 0x06 */
2628 ProcessDebugPort, /**< 7 / 0x07 */
2629 ProcessExceptionPort, /**< 8 / 0x08 */
2630 ProcessAccessToken, /**< 9 / 0x09 */
2631 ProcessLdtInformation, /**< 10 / 0x0a */
2632 ProcessLdtSize, /**< 11 / 0x0b */
2633 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
2634 ProcessIoPortHandlers, /**< 13 / 0x0d */
2635 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
2636 ProcessWorkingSetWatch, /**< 15 / 0x0f */
2637 ProcessUserModeIOPL, /**< 16 / 0x10 */
2638 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
2639 ProcessPriorityClass, /**< 18 / 0x12 */
2640 ProcessWx86Information, /**< 19 / 0x13 */
2641 ProcessHandleCount, /**< 20 / 0x14 */
2642 ProcessAffinityMask, /**< 21 / 0x15 */
2643 ProcessPriorityBoost, /**< 22 / 0x16 */
2644 ProcessDeviceMap, /**< 23 / 0x17 */
2645 ProcessSessionInformation, /**< 24 / 0x18 */
2646 ProcessForegroundInformation, /**< 25 / 0x19 */
2647 ProcessWow64Information, /**< 26 / 0x1a */
2648 ProcessImageFileName, /**< 27 / 0x1b */
2649 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
2650 ProcessBreakOnTermination, /**< 29 / 0x1d */
2651 ProcessDebugObjectHandle, /**< 30 / 0x1e */
2652 ProcessDebugFlags, /**< 31 / 0x1f */
2653 ProcessHandleTracing, /**< 32 / 0x20 */
2654 ProcessIoPriority, /**< 33 / 0x21 */
2655 ProcessExecuteFlags, /**< 34 / 0x22 */
2656 ProcessTlsInformation, /**< 35 / 0x23 */
2657 ProcessCookie, /**< 36 / 0x24 */
2658 ProcessImageInformation, /**< 37 / 0x25 */
2659 ProcessCycleTime, /**< 38 / 0x26 */
2660 ProcessPagePriority, /**< 39 / 0x27 */
2661 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
2662 ProcessThreadStackAllocation, /**< 41 / 0x29 */
2663 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
2664 ProcessImageFileNameWin32, /**< 43 / 0x2b */
2665 ProcessImageFileMapping, /**< 44 / 0x2c */
2666 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
2667 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
2668 ProcessGroupInformation, /**< 47 / 0x2f */
2669 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
2670 ProcessOwnerInformation, /**< 49 / 0x31 */
2671 ProcessWindowInformation, /**< 50 / 0x32 */
2672 ProcessHandleInformation, /**< 51 / 0x33 */
2673 ProcessMitigationPolicy, /**< 52 / 0x34 */
2674 ProcessDynamicFunctionTableInformation, /**< 53 / 0x35 */
2675 ProcessHandleCheckingMode, /**< 54 / 0x36 */
2676 ProcessKeepAliveCount, /**< 55 / 0x37 */
2677 ProcessRevokeFileHandles, /**< 56 / 0x38 */
2678 ProcessWorkingSetControl, /**< 57 / 0x39 */
2679 ProcessHandleTable, /**< 58 / 0x3a */
2680 ProcessCheckStackExtentsMode, /**< 59 / 0x3b */
2681 ProcessCommandLineInformation, /**< 60 / 0x3c */
2682 ProcessProtectionInformation, /**< 61 / 0x3d */
2683 ProcessMemoryExhaustion, /**< 62 / 0x3e */
2684 ProcessFaultInformation, /**< 63 / 0x3f */
2685 ProcessTelemetryIdInformation, /**< 64 / 0x40 */
2686 ProcessCommitReleaseInformation, /**< 65 / 0x41 */
2687 ProcessDefaultCpuSetsInformation, /**< 66 / 0x42 - aka ProcessReserved1Information */
2688 ProcessAllowedCpuSetsInformation, /**< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 */
2689 ProcessSubsystemProcess, /**< 68 / 0x44 */
2690 ProcessJobMemoryInformation, /**< 69 / 0x45 */
2691 ProcessInPrivate, /**< 70 / 0x46 */
2692 ProcessRaiseUMExceptionOnInvalidHandleClose,/**< 71 / 0x47 */
2693 ProcessIumChallengeResponse, /**< 72 / 0x48 */
2694 ProcessChildProcessInformation, /**< 73 / 0x49 */
2695 ProcessHighGraphicsPriorityInformation, /**< 74 / 0x4a */
2696 ProcessSubsystemInformation, /**< 75 / 0x4b */
2697 ProcessEnergyValues, /**< 76 / 0x4c */
2698 ProcessPowerThrottlingState, /**< 77 / 0x4d */
2699 ProcessReserved3Information, /**< 78 / 0x4e */
2700 ProcessWin32kSyscallFilterInformation, /**< 79 / 0x4f */
2701 ProcessDisableSystemAllowedCpuSets, /**< 80 / 0x50 */
2702 ProcessWakeInformation, /**< 81 / 0x51 */
2703 ProcessEnergyTrackingState, /**< 82 / 0x52 */
2704 ProcessManageWritesToExecutableMemory, /**< 83 / 0x53 */
2705 ProcessCaptureTrustletLiveDump, /**< 84 / 0x54 */
2706 ProcessTelemetryCoverage, /**< 85 / 0x55 */
2707 ProcessEnclaveInformation, /**< 86 / 0x56 */
2708 ProcessEnableReadWriteVmLogging, /**< 87 / 0x57 */
2709 ProcessUptimeInformation, /**< 88 / 0x58 */
2710 ProcessImageSection, /**< 89 / 0x59 */
2711 ProcessDebugAuthInformation, /**< 90 / 0x5a */
2712 ProcessSystemResourceManagement, /**< 92 / 0x5b */
2713 ProcessSequenceNumber, /**< 93 / 0x5c */
2714 MaxProcessInfoClass
2715} PROCESSINFOCLASS;
2716AssertCompile(ProcessSequenceNumber == 0x5c);
2717#endif
2718#if defined(IPRT_NT_USE_WINTERNL) || defined(WDK_NTDDI_VERSION) /* Present in ntddk.h from 7600.16385.1, but not in W10. */
2719RT_DECL_NTAPI(NTSTATUS) NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2720#endif
2721#ifdef IPRT_NT_USE_WINTERNL
2722#if ARCH_BITS == 32
2723/** 64-bit API pass thru to WOW64 processes. */
2724RT_DECL_NTAPI(NTSTATUS) NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2725#endif
2726
2727typedef enum _THREADINFOCLASS
2728{
2729 ThreadBasicInformation = 0,
2730 ThreadTimes,
2731 ThreadPriority,
2732 ThreadBasePriority,
2733 ThreadAffinityMask,
2734 ThreadImpersonationToken,
2735 ThreadDescriptorTableEntry,
2736 ThreadEnableAlignmentFaultFixup,
2737 ThreadEventPair_Reusable,
2738 ThreadQuerySetWin32StartAddress,
2739 ThreadZeroTlsCell,
2740 ThreadPerformanceCount,
2741 ThreadAmILastThread,
2742 ThreadIdealProcessor,
2743 ThreadPriorityBoost,
2744 ThreadSetTlsArrayAddress,
2745 ThreadIsIoPending,
2746 ThreadHideFromDebugger,
2747 ThreadBreakOnTermination,
2748 ThreadSwitchLegacyState,
2749 ThreadIsTerminated,
2750 ThreadLastSystemCall,
2751 ThreadIoPriority,
2752 ThreadCycleTime,
2753 ThreadPagePriority,
2754 ThreadActualBasePriority,
2755 ThreadTebInformation,
2756 ThreadCSwitchMon,
2757 ThreadCSwitchPmu,
2758 ThreadWow64Context,
2759 ThreadGroupInformation,
2760 ThreadUmsInformation,
2761 ThreadCounterProfiling,
2762 ThreadIdealProcessorEx,
2763 ThreadCpuAccountingInformation,
2764 MaxThreadInfoClass
2765} THREADINFOCLASS;
2766RT_DECL_NTAPI(NTSTATUS) NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2767
2768RT_DECL_NTAPI(NTSTATUS) NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2769RT_DECL_NTAPI(NTSTATUS) ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2770
2771RT_DECL_NTAPI(NTSTATUS) NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2772RT_DECL_NTAPI(NTSTATUS) NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2773RT_DECL_NTAPI(NTSTATUS) NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2774RT_DECL_NTAPI(NTSTATUS) NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2775
2776RT_DECL_NTAPI(NTSTATUS) NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2777RT_DECL_NTAPI(NTSTATUS) NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2778
2779RT_DECL_NTAPI(NTSTATUS) RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2780RT_DECL_NTAPI(NTSTATUS) RtlCopySid(ULONG, PSID, PSID);
2781RT_DECL_NTAPI(NTSTATUS) RtlCreateAcl(PACL, ULONG, ULONG);
2782RT_DECL_NTAPI(NTSTATUS) RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2783RT_DECL_NTAPI(BOOLEAN) RtlEqualSid(PSID, PSID);
2784RT_DECL_NTAPI(NTSTATUS) RtlGetVersion(PRTL_OSVERSIONINFOW);
2785RT_DECL_NTAPI(NTSTATUS) RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2786RT_DECL_NTAPI(NTSTATUS) RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2787RT_DECL_NTAPI(PULONG) RtlSubAuthoritySid(PSID, ULONG);
2788
2789#endif /* IPRT_NT_USE_WINTERNL */
2790
2791/** For use with ObjectBasicInformation.
2792 * A watered down version of this struct appears under the name
2793 * PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2794 * the first four members, so don't trust the rest. */
2795typedef struct _OBJECT_BASIC_INFORMATION
2796{
2797 ULONG Attributes;
2798 ACCESS_MASK GrantedAccess;
2799 ULONG HandleCount;
2800 ULONG PointerCount;
2801 /* Not in ntifs.h: */
2802 ULONG PagedPoolCharge;
2803 ULONG NonPagedPoolCharge;
2804 ULONG Reserved[3];
2805 ULONG NameInfoSize;
2806 ULONG TypeInfoSize;
2807 ULONG SecurityDescriptorSize;
2808 LARGE_INTEGER CreationTime;
2809} OBJECT_BASIC_INFORMATION;
2810typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2811
2812/** For use with ObjectHandleFlagInformation. */
2813typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2814{
2815 BOOLEAN Inherit;
2816 BOOLEAN ProtectFromClose;
2817} OBJECT_HANDLE_FLAG_INFORMATION;
2818typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2819
2820typedef enum _OBJECT_INFORMATION_CLASS
2821{
2822 ObjectBasicInformation = 0,
2823 ObjectNameInformation,
2824 ObjectTypeInformation,
2825 ObjectAllInformation,
2826 ObjectHandleFlagInformation,
2827 ObjectSessionInformation,
2828 MaxObjectInfoClass
2829} OBJECT_INFORMATION_CLASS;
2830typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2831#ifdef IN_RING0
2832# define NtQueryObject ZwQueryObject
2833#endif
2834RT_DECL_NTAPI(NTSTATUS) NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2835RT_DECL_NTAPI(NTSTATUS) NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2836RT_DECL_NTAPI(NTSTATUS) NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2837
2838RT_DECL_NTAPI(NTSTATUS) NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2839
2840typedef struct _OBJECT_DIRECTORY_INFORMATION
2841{
2842 UNICODE_STRING Name;
2843 UNICODE_STRING TypeName;
2844} OBJECT_DIRECTORY_INFORMATION;
2845typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2846RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2847
2848RT_DECL_NTAPI(NTSTATUS) NtSuspendProcess(HANDLE);
2849RT_DECL_NTAPI(NTSTATUS) NtResumeProcess(HANDLE);
2850/** @name ProcessDefaultHardErrorMode bit definitions.
2851 * @{ */
2852#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
2853#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2854#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2855#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2856/** @} */
2857RT_DECL_NTAPI(NTSTATUS) NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2858RT_DECL_NTAPI(NTSTATUS) NtTerminateProcess(HANDLE, LONG);
2859
2860/** Returned by NtQUerySection with SectionBasicInformation. */
2861typedef struct _SECTION_BASIC_INFORMATION
2862{
2863 PVOID BaseAddress;
2864 ULONG AllocationAttributes;
2865 LARGE_INTEGER MaximumSize;
2866} SECTION_BASIC_INFORMATION;
2867typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2868
2869/** Retured by ProcessImageInformation as well as NtQuerySection. */
2870typedef struct _SECTION_IMAGE_INFORMATION
2871{
2872 PVOID TransferAddress;
2873 ULONG ZeroBits;
2874 SIZE_T MaximumStackSize;
2875 SIZE_T CommittedStackSize;
2876 ULONG SubSystemType;
2877 union
2878 {
2879 struct
2880 {
2881 USHORT SubSystemMinorVersion;
2882 USHORT SubSystemMajorVersion;
2883 };
2884 ULONG SubSystemVersion;
2885 };
2886 ULONG GpValue;
2887 USHORT ImageCharacteristics;
2888 USHORT DllCharacteristics;
2889 USHORT Machine;
2890 BOOLEAN ImageContainsCode;
2891 union /**< Since Vista, used to be a spare BOOLEAN. */
2892 {
2893 struct
2894 {
2895 UCHAR ComPlusNativeRead : 1;
2896 UCHAR ComPlusILOnly : 1;
2897 UCHAR ImageDynamicallyRelocated : 1;
2898 UCHAR ImageMAppedFlat : 1;
2899 UCHAR Reserved : 4;
2900 };
2901 UCHAR ImageFlags;
2902 };
2903 ULONG LoaderFlags;
2904 ULONG ImageFileSize; /**< Since XP? */
2905 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2906} SECTION_IMAGE_INFORMATION;
2907typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2908
2909typedef enum _SECTION_INFORMATION_CLASS
2910{
2911 SectionBasicInformation = 0,
2912 SectionImageInformation,
2913 MaxSectionInfoClass
2914} SECTION_INFORMATION_CLASS;
2915RT_DECL_NTAPI(NTSTATUS) NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2916
2917RT_DECL_NTAPI(NTSTATUS) NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2918RT_DECL_NTAPI(NTSTATUS) NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2919RT_DECL_NTAPI(NTSTATUS) NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2920#ifndef SYMBOLIC_LINK_QUERY
2921# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2922#endif
2923#ifndef SYMBOLIC_LINK_ALL_ACCESS
2924# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2925#endif
2926
2927RT_DECL_NTAPI(NTSTATUS) NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2928RT_DECL_NTAPI(NTSTATUS) NtResumeThread(HANDLE, PULONG);
2929RT_DECL_NTAPI(NTSTATUS) NtSuspendThread(HANDLE, PULONG);
2930RT_DECL_NTAPI(NTSTATUS) NtTerminateThread(HANDLE, LONG);
2931RT_DECL_NTAPI(NTSTATUS) NtGetContextThread(HANDLE, PCONTEXT);
2932RT_DECL_NTAPI(NTSTATUS) NtSetContextThread(HANDLE, PCONTEXT);
2933RT_DECL_NTAPI(NTSTATUS) ZwYieldExecution(void);
2934
2935
2936#ifndef SEC_FILE
2937# define SEC_FILE UINT32_C(0x00800000)
2938#endif
2939#ifndef SEC_IMAGE
2940# define SEC_IMAGE UINT32_C(0x01000000)
2941#endif
2942#ifndef SEC_PROTECTED_IMAGE
2943# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2944#endif
2945#ifndef SEC_NOCACHE
2946# define SEC_NOCACHE UINT32_C(0x10000000)
2947#endif
2948#ifndef MEM_ROTATE
2949# define MEM_ROTATE UINT32_C(0x00800000)
2950#endif
2951typedef enum _MEMORY_INFORMATION_CLASS
2952{
2953 MemoryBasicInformation = 0,
2954 MemoryWorkingSetList,
2955 MemorySectionName,
2956 MemoryBasicVlmInformation
2957} MEMORY_INFORMATION_CLASS;
2958#ifndef IPRT_NT_USE_WINTERNL
2959# ifndef WDK_NTDDI_VERSION /* W10 ntifs.h has it, 7600.16385.1 didn't. */
2960typedef struct _MEMORY_BASIC_INFORMATION
2961{
2962 PVOID BaseAddress;
2963 PVOID AllocationBase;
2964 ULONG AllocationProtect;
2965# if ARCH_BITS == 64
2966 USHORT PartitionId;
2967# endif
2968 SIZE_T RegionSize;
2969 ULONG State;
2970 ULONG Protect;
2971 ULONG Type;
2972} MEMORY_BASIC_INFORMATION;
2973typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2974# endif
2975# define NtQueryVirtualMemory ZwQueryVirtualMemory
2976#endif
2977#if defined(IPRT_NT_USE_WINTERNL) || !defined(WDK_NTDDI_VERSION) /* W10 ntifs.h has it, 7600.16385.1 didn't. */
2978RT_DECL_NTAPI(NTSTATUS) NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2979#endif
2980#ifdef IPRT_NT_USE_WINTERNL
2981RT_DECL_NTAPI(NTSTATUS) NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2982#endif
2983RT_DECL_NTAPI(NTSTATUS) NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2984RT_DECL_NTAPI(NTSTATUS) NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2985
2986typedef enum _SYSTEM_INFORMATION_CLASS
2987{
2988 SystemBasicInformation = 0,
2989 SystemCpuInformation,
2990 SystemPerformanceInformation,
2991 SystemTimeOfDayInformation,
2992 SystemInformation_Unknown_4,
2993 SystemProcessInformation,
2994 SystemInformation_Unknown_6,
2995 SystemInformation_Unknown_7,
2996 SystemProcessorPerformanceInformation,
2997 SystemInformation_Unknown_9,
2998 SystemInformation_Unknown_10,
2999 SystemModuleInformation,
3000 SystemInformation_Unknown_12,
3001 SystemInformation_Unknown_13,
3002 SystemInformation_Unknown_14,
3003 SystemInformation_Unknown_15,
3004 SystemHandleInformation,
3005 SystemInformation_Unknown_17,
3006 SystemPageFileInformation,
3007 SystemInformation_Unknown_19,
3008 SystemInformation_Unknown_20,
3009 SystemCacheInformation,
3010 SystemInformation_Unknown_22,
3011 SystemInterruptInformation,
3012 SystemDpcBehaviourInformation,
3013 SystemFullMemoryInformation,
3014 SystemLoadGdiDriverInformation, /* 26 */
3015 SystemUnloadGdiDriverInformation, /* 27 */
3016 SystemTimeAdjustmentInformation,
3017 SystemSummaryMemoryInformation,
3018 SystemInformation_Unknown_30,
3019 SystemInformation_Unknown_31,
3020 SystemInformation_Unknown_32,
3021 SystemExceptionInformation,
3022 SystemCrashDumpStateInformation,
3023 SystemKernelDebuggerInformation,
3024 SystemContextSwitchInformation,
3025 SystemRegistryQuotaInformation,
3026 SystemInformation_Unknown_38,
3027 SystemInformation_Unknown_39,
3028 SystemInformation_Unknown_40,
3029 SystemInformation_Unknown_41,
3030 SystemInformation_Unknown_42,
3031 SystemInformation_Unknown_43,
3032 SystemCurrentTimeZoneInformation,
3033 SystemLookasideInformation,
3034 SystemSetTimeSlipEvent,
3035 SystemCreateSession,
3036 SystemDeleteSession,
3037 SystemInformation_Unknown_49,
3038 SystemRangeStartInformation,
3039 SystemVerifierInformation,
3040 SystemInformation_Unknown_52,
3041 SystemSessionProcessInformation,
3042 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3043 SystemInformation_Unknown_55,
3044 SystemInformation_Unknown_56,
3045 SystemExtendedProcessInformation,
3046 SystemInformation_Unknown_58,
3047 SystemInformation_Unknown_59,
3048 SystemInformation_Unknown_60,
3049 SystemInformation_Unknown_61,
3050 SystemInformation_Unknown_62,
3051 SystemInformation_Unknown_63,
3052 SystemExtendedHandleInformation, /* 64 */
3053 SystemInformation_Unknown_65,
3054 SystemInformation_Unknown_66,
3055 SystemInformation_Unknown_67, /**< See https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/codeintegrity.htm */
3056 SystemInformation_Unknown_68,
3057 SystemInformation_HotPatchInfo, /* 69 */
3058 SystemInformation_Unknown_70,
3059 SystemInformation_Unknown_71,
3060 SystemInformation_Unknown_72,
3061 SystemInformation_Unknown_73,
3062 SystemInformation_Unknown_74,
3063 SystemInformation_Unknown_75,
3064 SystemInformation_Unknown_76,
3065 SystemInformation_Unknown_77,
3066 SystemInformation_Unknown_78,
3067 SystemInformation_Unknown_79,
3068 SystemInformation_Unknown_80,
3069 SystemInformation_Unknown_81,
3070 SystemInformation_Unknown_82,
3071 SystemInformation_Unknown_83,
3072 SystemInformation_Unknown_84,
3073 SystemInformation_Unknown_85,
3074 SystemInformation_Unknown_86,
3075 SystemInformation_Unknown_87,
3076 SystemInformation_Unknown_88,
3077 SystemInformation_Unknown_89,
3078 SystemInformation_Unknown_90,
3079 SystemInformation_Unknown_91,
3080 SystemInformation_Unknown_92,
3081 SystemInformation_Unknown_93,
3082 SystemInformation_Unknown_94,
3083 SystemInformation_Unknown_95,
3084 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3085 SystemInformation_Unknown_97,
3086 SystemInformation_Unknown_98,
3087 SystemInformation_Unknown_99,
3088 SystemInformation_Unknown_100,
3089 SystemInformation_Unknown_101,
3090 SystemInformation_Unknown_102,
3091 SystemInformation_Unknown_103,
3092 SystemInformation_Unknown_104,
3093 SystemInformation_Unknown_105,
3094 SystemInformation_Unknown_107,
3095 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3096
3097 /** @todo fill gap. they've added a whole bunch of things */
3098 SystemPolicyInformation = 134,
3099 SystemInformationClassMax
3100} SYSTEM_INFORMATION_CLASS;
3101
3102#ifdef IPRT_NT_USE_WINTERNL
3103typedef struct _VM_COUNTERS
3104{
3105 SIZE_T PeakVirtualSize;
3106 SIZE_T VirtualSize;
3107 ULONG PageFaultCount;
3108 SIZE_T PeakWorkingSetSize;
3109 SIZE_T WorkingSetSize;
3110 SIZE_T QuotaPeakPagedPoolUsage;
3111 SIZE_T QuotaPagedPoolUsage;
3112 SIZE_T QuotaPeakNonPagedPoolUsage;
3113 SIZE_T QuotaNonPagedPoolUsage;
3114 SIZE_T PagefileUsage;
3115 SIZE_T PeakPagefileUsage;
3116} VM_COUNTERS;
3117typedef VM_COUNTERS *PVM_COUNTERS;
3118#endif
3119
3120#if 0
3121typedef struct _IO_COUNTERS
3122{
3123 ULONGLONG ReadOperationCount;
3124 ULONGLONG WriteOperationCount;
3125 ULONGLONG OtherOperationCount;
3126 ULONGLONG ReadTransferCount;
3127 ULONGLONG WriteTransferCount;
3128 ULONGLONG OtherTransferCount;
3129} IO_COUNTERS;
3130typedef IO_COUNTERS *PIO_COUNTERS;
3131#endif
3132
3133typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3134{
3135 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
3136 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
3137 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
3138 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
3139 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
3140 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
3141 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
3142 int32_t BasePriority; /**< 0x40 / 0x48 */
3143 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
3144 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
3145 ULONG HandleCount; /**< 0x4c / 0x60 */
3146 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
3147 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
3148 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
3149 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
3150 /* After this follows the threads, then the ProcessName.Buffer. */
3151} RTNT_SYSTEM_PROCESS_INFORMATION;
3152typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3153#ifndef IPRT_NT_USE_WINTERNL
3154typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3155typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3156#endif
3157
3158typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3159{
3160 USHORT UniqueProcessId;
3161 USHORT CreatorBackTraceIndex;
3162 UCHAR ObjectTypeIndex;
3163 UCHAR HandleAttributes;
3164 USHORT HandleValue;
3165 PVOID Object;
3166 ULONG GrantedAccess;
3167} SYSTEM_HANDLE_ENTRY_INFO;
3168typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3169
3170/** Returned by SystemHandleInformation */
3171typedef struct _SYSTEM_HANDLE_INFORMATION
3172{
3173 ULONG NumberOfHandles;
3174 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3175} SYSTEM_HANDLE_INFORMATION;
3176typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3177
3178/** Extended handle information entry.
3179 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3180typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3181{
3182 PVOID Object;
3183 HANDLE UniqueProcessId;
3184 HANDLE HandleValue;
3185 ACCESS_MASK GrantedAccess;
3186 USHORT CreatorBackTraceIndex;
3187 USHORT ObjectTypeIndex;
3188 ULONG HandleAttributes;
3189 ULONG Reserved;
3190} SYSTEM_HANDLE_ENTRY_INFO_EX;
3191typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3192
3193/** Returned by SystemExtendedHandleInformation. */
3194typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3195{
3196 ULONG_PTR NumberOfHandles;
3197 ULONG_PTR Reserved;
3198 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3199} SYSTEM_HANDLE_INFORMATION_EX;
3200typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3201
3202/** Returned by SystemSessionProcessInformation. */
3203typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3204{
3205 ULONG SessionId;
3206 ULONG BufferLength;
3207 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3208 PVOID Buffer;
3209} SYSTEM_SESSION_PROCESS_INFORMATION;
3210typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3211
3212typedef struct _RTL_PROCESS_MODULE_INFORMATION
3213{
3214 HANDLE Section; /**< 0x00 / 0x00 */
3215 PVOID MappedBase; /**< 0x04 / 0x08 */
3216 PVOID ImageBase; /**< 0x08 / 0x10 */
3217 ULONG ImageSize; /**< 0x0c / 0x18 */
3218 ULONG Flags; /**< 0x10 / 0x1c */
3219 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
3220 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
3221 USHORT LoadCount; /**< 0x18 / 0x24 */
3222 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
3223 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
3224} RTL_PROCESS_MODULE_INFORMATION;
3225typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3226
3227/** Returned by SystemModuleInformation. */
3228typedef struct _RTL_PROCESS_MODULES
3229{
3230 ULONG NumberOfModules;
3231 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
3232} RTL_PROCESS_MODULES;
3233typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3234
3235RT_DECL_NTAPI(NTSTATUS) NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3236#ifndef IPRT_NT_MAP_TO_ZW
3237RT_DECL_NTAPI(NTSTATUS) ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3238#endif
3239
3240RT_DECL_NTAPI(NTSTATUS) NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3241RT_DECL_NTAPI(NTSTATUS) NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3242
3243RT_DECL_NTAPI(NTSTATUS) NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3244RT_DECL_NTAPI(NTSTATUS) NtYieldExecution(void);
3245#ifndef IPRT_NT_USE_WINTERNL
3246RT_DECL_NTAPI(NTSTATUS) NtWaitForSingleObject(HANDLE, BOOLEAN, PLARGE_INTEGER);
3247#endif
3248typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3249typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3250RT_DECL_NTAPI(NTSTATUS) NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3251
3252RT_DECL_NTAPI(NTSTATUS) NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3253
3254#ifdef IPRT_NT_USE_WINTERNL
3255typedef enum _EVENT_TYPE
3256{
3257 /* Manual reset event. */
3258 NotificationEvent = 0,
3259 /* Automaitc reset event. */
3260 SynchronizationEvent
3261} EVENT_TYPE;
3262#endif
3263RT_DECL_NTAPI(NTSTATUS) NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3264RT_DECL_NTAPI(NTSTATUS) NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3265typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3266RT_DECL_NTAPI(NTSTATUS) NtClearEvent(HANDLE);
3267RT_DECL_NTAPI(NTSTATUS) NtResetEvent(HANDLE, PULONG);
3268RT_DECL_NTAPI(NTSTATUS) NtSetEvent(HANDLE, PULONG);
3269typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3270typedef enum _EVENT_INFORMATION_CLASS
3271{
3272 EventBasicInformation = 0
3273} EVENT_INFORMATION_CLASS;
3274/** Data returned by NtQueryEvent + EventBasicInformation. */
3275typedef struct EVENT_BASIC_INFORMATION
3276{
3277 EVENT_TYPE EventType;
3278 ULONG EventState;
3279} EVENT_BASIC_INFORMATION;
3280typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3281RT_DECL_NTAPI(NTSTATUS) NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3282
3283#ifdef IPRT_NT_USE_WINTERNL
3284/** For NtQueryValueKey. */
3285typedef enum _KEY_VALUE_INFORMATION_CLASS
3286{
3287 KeyValueBasicInformation = 0,
3288 KeyValueFullInformation,
3289 KeyValuePartialInformation,
3290 KeyValueFullInformationAlign64,
3291 KeyValuePartialInformationAlign64
3292} KEY_VALUE_INFORMATION_CLASS;
3293
3294/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3295typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3296{
3297 ULONG TitleIndex;
3298 ULONG Type;
3299 ULONG DataLength;
3300 UCHAR Data[1];
3301} KEY_VALUE_PARTIAL_INFORMATION;
3302typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3303#endif
3304RT_DECL_NTAPI(NTSTATUS) NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3305RT_DECL_NTAPI(NTSTATUS) NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3306
3307
3308RT_DECL_NTAPI(NTSTATUS) RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3309
3310
3311typedef struct _CURDIR
3312{
3313 UNICODE_STRING DosPath;
3314 HANDLE Handle; /**< 0x10 / 0x08 */
3315} CURDIR;
3316AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3317typedef CURDIR *PCURDIR;
3318
3319typedef struct _RTL_DRIVE_LETTER_CURDIR
3320{
3321 USHORT Flags;
3322 USHORT Length;
3323 ULONG TimeStamp;
3324 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
3325} RTL_DRIVE_LETTER_CURDIR;
3326typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3327
3328typedef struct _RTL_USER_PROCESS_PARAMETERS
3329{
3330 ULONG MaximumLength; /**< 0x000 / 0x000 */
3331 ULONG Length; /**< 0x004 / 0x004 */
3332 ULONG Flags; /**< 0x008 / 0x008 */
3333 ULONG DebugFlags; /**< 0x00c / 0x00c */
3334 HANDLE ConsoleHandle; /**< 0x010 / 0x010 */
3335 ULONG ConsoleFlags; /**< 0x018 / 0x014 */
3336 HANDLE StandardInput; /**< 0x020 / 0x018 */
3337 HANDLE StandardOutput; /**< 0x028 / 0x01c */
3338 HANDLE StandardError; /**< 0x030 / 0x020 */
3339 CURDIR CurrentDirectory; /**< 0x038 / 0x024 */
3340 UNICODE_STRING DllPath; /**< 0x050 / 0x030 */
3341 UNICODE_STRING ImagePathName; /**< 0x060 / 0x038 */
3342 UNICODE_STRING CommandLine; /**< 0x070 / 0x040 */
3343 PWSTR Environment; /**< 0x080 / 0x048 */
3344 ULONG StartingX; /**< 0x088 / 0x04c */
3345 ULONG StartingY; /**< 0x090 / 0x050 */
3346 ULONG CountX; /**< 0x094 / 0x054 */
3347 ULONG CountY; /**< 0x098 / 0x058 */
3348 ULONG CountCharsX; /**< 0x09c / 0x05c */
3349 ULONG CountCharsY; /**< 0x0a0 / 0x060 */
3350 ULONG FillAttribute; /**< 0x0a4 / 0x064 */
3351 ULONG WindowFlags; /**< 0x0a8 / 0x068 */
3352 ULONG ShowWindowFlags; /**< 0x0ac / 0x06c */
3353 UNICODE_STRING WindowTitle; /**< 0x0b0 / 0x070 */
3354 UNICODE_STRING DesktopInfo; /**< 0x0c0 / 0x078 */
3355 UNICODE_STRING ShellInfo; /**< 0x0d0 / 0x080 */
3356 UNICODE_STRING RuntimeInfo; /**< 0x0e0 / 0x088 */
3357 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /**< 0x0f0 / 0x090 */
3358 SIZE_T EnvironmentSize; /**< 0x3f0 / 0x - Added in Vista */
3359 SIZE_T EnvironmentVersion; /**< 0x3f8 / 0x - Added in Windows 7. */
3360 PVOID PackageDependencyData; /**< 0x400 / 0x - Added Windows 8? */
3361 ULONG ProcessGroupId; /**< 0x408 / 0x - Added Windows 8? */
3362 ULONG LoaderThreads; /**< 0x40c / 0x - Added Windows 10? */
3363} RTL_USER_PROCESS_PARAMETERS;
3364typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3365#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3366
3367typedef struct _RTL_USER_PROCESS_INFORMATION
3368{
3369 ULONG Size;
3370 HANDLE ProcessHandle;
3371 HANDLE ThreadHandle;
3372 CLIENT_ID ClientId;
3373 SECTION_IMAGE_INFORMATION ImageInformation;
3374} RTL_USER_PROCESS_INFORMATION;
3375typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3376
3377
3378RT_DECL_NTAPI(NTSTATUS) RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3379 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3380RT_DECL_NTAPI(NTSTATUS) RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3381 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3382 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3383 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3384 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3385RT_DECL_NTAPI(VOID) RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3386RT_DECL_NTAPI(NTSTATUS) RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3387 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3388
3389#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3390typedef struct _RTL_CRITICAL_SECTION
3391{
3392 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3393 LONG LockCount;
3394 LONG Recursioncount;
3395 HANDLE OwningThread;
3396 HANDLE LockSemaphore;
3397 ULONG_PTR SpinCount;
3398} RTL_CRITICAL_SECTION;
3399typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3400#endif
3401
3402/*RT_DECL_NTAPI(ULONG) RtlNtStatusToDosError(NTSTATUS rcNt);*/
3403
3404/** @def RTL_QUERY_REGISTRY_TYPECHECK
3405 * WDK 8.1+, backported in updates, ignored in older. */
3406#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
3407# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3408#endif
3409/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3410 * WDK 8.1+, backported in updates, ignored in older. */
3411#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
3412# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3413#endif
3414
3415RT_DECL_NTAPI(VOID) RtlFreeUnicodeString(PUNICODE_STRING);
3416
3417RT_C_DECLS_END
3418/** @} */
3419
3420
3421#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
3422/** @name NT Kernel APIs
3423 * @{ */
3424RT_C_DECLS_BEGIN
3425
3426typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
3427
3428RT_DECL_NTAPI(VOID) KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3429typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3430RT_DECL_NTAPI(VOID) KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3431typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3432RT_DECL_NTAPI(VOID) KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3433typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3434RT_DECL_NTAPI(BOOLEAN) KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3435typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3436RT_DECL_NTAPI(BOOLEAN) KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3437typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3438RT_DECL_NTAPI(BOOLEAN) KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3439typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3440RT_DECL_NTAPI(VOID) KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3441typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3442RT_DECL_NTAPI(VOID) KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3443typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3444RT_DECL_NTAPI(BOOLEAN) KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3445typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3446RT_DECL_NTAPI(BOOLEAN) KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3447typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3448/** Works like anding the complemented subtrahend with the minuend. */
3449RT_DECL_NTAPI(BOOLEAN) KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3450typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3451RT_DECL_NTAPI(BOOLEAN) KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3452typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3453RT_DECL_NTAPI(BOOLEAN) KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3454typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3455RT_DECL_NTAPI(BOOLEAN) KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3456typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3457RT_DECL_NTAPI(ULONG) KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3458typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3459RT_DECL_NTAPI(KEPROCESSORINDEX) KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3460typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3461typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3462typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
3463typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
3464typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
3465typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3466typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3467typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3468typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3469typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
3470typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3471typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
3472 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3473 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3474typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
3475typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3476typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
3477typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3478
3479RT_DECL_NTAPI(BOOLEAN) ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3480 PVOID pvOptionalConditions, PHANDLE phFound);
3481RT_DECL_NTAPI(NTSTATUS) ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3482 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3483 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3484RT_DECL_NTAPI(HANDLE) PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3485RT_DECL_NTAPI(UCHAR *) PsGetProcessImageFileName(PEPROCESS);
3486RT_DECL_NTAPI(BOOLEAN) PsIsProcessBeingDebugged(PEPROCESS);
3487RT_DECL_NTAPI(ULONG) PsGetProcessSessionId(PEPROCESS);
3488extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
3489extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
3490
3491typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3492typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3493
3494RT_C_DECLS_END
3495/** @ */
3496#endif /* IN_RING0 */
3497
3498
3499#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
3500/** @name NT Userland APIs
3501 * @{ */
3502RT_C_DECLS_BEGIN
3503
3504#if 0 /** @todo figure this out some time... */
3505typedef struct CSR_MSG_DATA_CREATED_PROCESS
3506{
3507 HANDLE hProcess;
3508 HANDLE hThread;
3509 CLIENT_ID
3510 DWORD idProcess;
3511 DWORD idThread;
3512 DWORD fCreate;
3513
3514} CSR_MSG_DATA_CREATED_PROCESS;
3515
3516#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3517#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3518RT_DECL_NTAPI(NTSTATUS) CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3519#endif
3520
3521RT_DECL_NTAPI(VOID) LdrInitializeThunk(PVOID, PVOID, PVOID);
3522
3523typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3524{
3525 ULONG Flags;
3526 PCUNICODE_STRING FullDllName;
3527 PCUNICODE_STRING BaseDllName;
3528 PVOID DllBase;
3529 ULONG SizeOfImage;
3530} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3531typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3532typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3533
3534typedef union _LDR_DLL_NOTIFICATION_DATA
3535{
3536 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3537 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3538} LDR_DLL_NOTIFICATION_DATA;
3539typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3540typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3541
3542typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3543
3544#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3545#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3546RT_DECL_NTAPI(NTSTATUS) LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3547 PVOID *pvCookie);
3548typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
3549RT_DECL_NTAPI(NTSTATUS) LdrUnregisterDllNotification(PVOID pvCookie);
3550typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3551
3552RT_DECL_NTAPI(NTSTATUS) LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3553 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3554typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3555 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3556RT_DECL_NTAPI(NTSTATUS) LdrUnloadDll(IN HANDLE hMod);
3557typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3558RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3559 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3560typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3561 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3562#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3563#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3564/** @since Windows XP. */
3565RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3566 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3567/** @since Windows XP. */
3568typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3569 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3570/** @since Windows 7. */
3571RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3572/** @since Windows 7. */
3573typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3574/** @since Windows 7. */
3575RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3576 OUT PHANDLE phDll);
3577/** @since Windows 7. */
3578typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3579 OUT PHANDLE phDll);
3580#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3581RT_DECL_NTAPI(NTSTATUS) LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3582typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3583RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3584 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3585typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3586 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3587#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3588/** @since Windows Vista. */
3589RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3590 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3591/** @since Windows Vista. */
3592typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3593 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3594#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3595#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3596#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3597#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3598#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3599/** @since Windows XP. */
3600RT_DECL_NTAPI(NTSTATUS) LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3601/** @since Windows XP. */
3602typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3603#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3604/** @since Windows XP. */
3605RT_DECL_NTAPI(NTSTATUS) LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3606/** @since Windows XP. */
3607typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3608
3609RT_DECL_NTAPI(NTSTATUS) RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3610RT_DECL_NTAPI(VOID) RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
3611RT_DECL_NTAPI(VOID) RtlExitUserThread(NTSTATUS rcExitCode);
3612RT_DECL_NTAPI(NTSTATUS) RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3613 IN PCUNICODE_STRING pOrgName,
3614 IN PUNICODE_STRING pDefaultSuffix,
3615 IN OUT PUNICODE_STRING pStaticString,
3616 IN OUT PUNICODE_STRING pDynamicString,
3617 IN OUT PUNICODE_STRING *ppResultString,
3618 IN PULONG pfNewFlags OPTIONAL,
3619 IN PSIZE_T pcbFilename OPTIONAL,
3620 IN PSIZE_T pcbNeeded OPTIONAL);
3621/** @since Windows 8.
3622 * @note Status code is always zero in windows 10 build 14393. */
3623RT_DECL_NTAPI(NTSTATUS) ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3624/** @copydoc ApiSetQueryApiSetPresence */
3625typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3626
3627
3628# ifdef IPRT_NT_USE_WINTERNL
3629typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3630typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3631typedef struct _RTL_HEAP_PARAMETERS
3632{
3633 ULONG Length;
3634 SIZE_T SegmentReserve;
3635 SIZE_T SegmentCommit;
3636 SIZE_T DeCommitFreeBlockThreshold;
3637 SIZE_T DeCommitTotalFreeThreshold;
3638 SIZE_T MaximumAllocationSize;
3639 SIZE_T VirtualMemoryThreshold;
3640 SIZE_T InitialCommit;
3641 SIZE_T InitialReserve;
3642 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3643 SIZE_T Reserved[2];
3644} RTL_HEAP_PARAMETERS;
3645typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3646RT_DECL_NTAPI(PVOID) RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3647 PRTL_HEAP_PARAMETERS pParameters);
3648/** @name Heap flags (for RtlCreateHeap).
3649 * @{ */
3650/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3651# define HEAP_GROWABLE UINT32_C(0x00000002)
3652# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3653# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3654# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3655# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3656# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3657# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3658# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3659# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3660# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3661# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3662# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3663# define HEAP_CLASS_0 UINT32_C(0x00000000)
3664# define HEAP_CLASS_1 UINT32_C(0x00001000)
3665# define HEAP_CLASS_2 UINT32_C(0x00002000)
3666# define HEAP_CLASS_3 UINT32_C(0x00003000)
3667# define HEAP_CLASS_4 UINT32_C(0x00004000)
3668# define HEAP_CLASS_5 UINT32_C(0x00005000)
3669# define HEAP_CLASS_6 UINT32_C(0x00006000)
3670# define HEAP_CLASS_7 UINT32_C(0x00007000)
3671# define HEAP_CLASS_8 UINT32_C(0x00008000)
3672# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3673# endif
3674# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3675# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3676# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3677# define HEAP_CLASS_GDI HEAP_CLASS_3
3678# define HEAP_CLASS_USER HEAP_CLASS_4
3679# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3680# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3681# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3682# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3683# ifdef IPRT_NT_USE_WINTERNL
3684/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3685# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3686# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3687# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3688# endif /* IPRT_NT_USE_WINTERNL */
3689/** @} */
3690# ifdef IPRT_NT_USE_WINTERNL
3691/** @name Heap tagging constants
3692 * @{ */
3693# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3694/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3695# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3696# define HEAP_TAG_SHIFT 18 */
3697# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3698/** @} */
3699RT_DECL_NTAPI(PVOID) RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3700RT_DECL_NTAPI(PVOID) RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3701RT_DECL_NTAPI(BOOLEAN) RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3702# endif /* IPRT_NT_USE_WINTERNL */
3703RT_DECL_NTAPI(SIZE_T) RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3704RT_DECL_NTAPI(SIZE_T) RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3705RT_DECL_NTAPI(NTSTATUS) RtlGetLastNtStatus(VOID);
3706RT_DECL_NTAPI(ULONG) RtlGetLastWin32Error(VOID);
3707RT_DECL_NTAPI(VOID) RtlSetLastWin32Error(ULONG uError);
3708RT_DECL_NTAPI(VOID) RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3709RT_DECL_NTAPI(VOID) RtlRestoreLastWin32Error(ULONG uError);
3710RT_DECL_NTAPI(BOOLEAN) RtlQueryPerformanceCounter(PLARGE_INTEGER);
3711RT_DECL_NTAPI(uint64_t) RtlGetSystemTimePrecise(VOID);
3712typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3713RT_DECL_NTAPI(uint64_t) RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3714typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3715RT_DECL_NTAPI(BOOLEAN) RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3716typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3717
3718RT_C_DECLS_END
3719/** @} */
3720#endif /* IN_RING3 */
3721
3722#endif /* !IPRT_INCLUDED_nt_nt_h */
3723
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette