Changeset 52139 in vbox for trunk/include/iprt

Timestamp:

Jul 22, 2014 8:19:29 PM (11 years ago)

Author:

vboxsync

Message:

SUP: child-process purification to avoid sysfer.dll.

File:

• trunk/include/iprt/nt/nt.h (modified) (13 diffs)

trunk/include/iprt/nt/nt.h

@@ -66 +66 @@
 #define TEB                        Incomplete_TEB
 #define PTEB                       Incomplete_PTEB
+#define _PEB_LDR_DATA              Incomplete__PEB_LDR_DATA
+#define PEB_LDR_DATA               Incomplete_PEB_LDR_DATA
+#define PPEB_LDR_DATA              Incomplete_PPEB_LDR_DATA
 
 
@@ -198 +201 @@
 #undef TEB
 #undef PTEB
+#undef _PEB_LDR_DATA
+#undef PEB_LDR_DATA
+#undef PPEB_LDR_DATA
 
 
@@ -357 +363 @@
  * @{ */
 
+typedef struct _PEB_LDR_DATA
+{
+    uint32_t Length;
+    BOOLEAN Initialized;
+    BOOLEAN Padding[3];
+    HANDLE SsHandle;
+    LIST_ENTRY InLoadOrderModuleList;
+    LIST_ENTRY InMemoryOrderModuleList;
+    LIST_ENTRY InInitializationOrderModuleList;
+    /* End NT4 */
+    LIST_ENTRY *EntryInProgress;
+    BOOLEAN ShutdownInProgress;
+    HANDLE ShutdownThreadId;
+} PEB_LDR_DATA;
+typedef PEB_LDR_DATA *PPEB_LDR_DATA;
+
 typedef struct _PEB_COMMON
 {
@@ -423 +445 @@
     HANDLE Mutant;                                                          /**< 0x008 / 0x004 */
     PVOID ImageBaseAddress;                                                 /**< 0x010 / 0x008 */
-    struct _PEB_LDR_DATA *Ldr;                                              /**< 0x018 / 0x00c */
+    PPEB_LDR_DATA *Ldr;                                                     /**< 0x018 / 0x00c */
     struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters;                 /**< 0x020 / 0x010 */
     PVOID SubSystemData;                                                    /**< 0x028 / 0x014 */
@@ -1071 +1093 @@
 #define _PEB        _PEB_COMMON
 typedef PEB_COMMON  PEB;
-typedef PPEB_COMMON *PPEB;
+typedef PPEB_COMMON PPEB;
 
 #define _TEB        _TEB_COMMON
@@ -1084 +1106 @@
 #ifdef IPRT_NT_USE_WINTERNL
 NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
+NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
 
 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
@@ -1392 +1415 @@
 /** @} */
 NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
+NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
 
 /** Retured by ProcessImageInformation as well as NtQuerySection. */
@@ -1444 +1468 @@
 NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
 NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
+NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
+NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
+NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
+
 
 #ifndef SEC_FILE
@@ -1482 +1510 @@
 #endif
 NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
+#ifdef IPRT_NT_USE_WINTERNL
+NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
+#endif
+NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
+NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
 
 typedef enum _SYSTEM_INFORMATION_CLASS
@@ -1670 +1703 @@
 NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
 NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
+#ifndef IPRT_NT_USE_WINTERNL
+NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTERGER);
+#endif
+
 
 NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
@@ -1747 +1784 @@
                                                    PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
 NTSYSAPI VOID     NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
+NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
+                                            PFNRT, PVOID, PHANDLE, PCLIENT_ID);
+
 
 RT_C_DECLS_END
@@ -1755 +1795 @@
 /** @name NT Kernel APIs
  * @{ */
+RT_C_DECLS_BEGIN
+
 NTSYSAPI BOOLEAN  NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
                                               PVOID pvOptionalConditions, PHANDLE phFound);
@@ -1767 +1809 @@
 extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType;    /**< In vista+ this is the ALPC port object type. */
 
+RT_C_DECLS_END
 /** @ */
 #endif /* IN_RING0 */
 
-#endif
-
+
+#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
+/** @name NT Userland APIs
+ * @{ */
+RT_C_DECLS_BEGIN
+
+#if 0 /** @todo figure this out some time... */
+typedef struct CSR_MSG_DATA_CREATED_PROCESS
+{
+    HANDLE hProcess;
+    HANDLE hThread;
+    CLIENT_ID
+    DWORD idProcess;
+    DWORD idThread;
+    DWORD fCreate;
+
+} CSR_MSG_DATA_CREATED_PROCESS;
+
+#define CSR_MSG_NO_CREATED_PROCESS    UINT32_C(0x10000)
+#define CSR_MSG_NO_CREATED_THREAD     UINT32_C(0x10001)
+NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
+#endif
+NTSYSAPI VOID NTAPI     LdrInitializeThunk(PVOID, PVOID, PVOID);
+
+RT_C_DECLS_END
+/** @} */
+#endif /* IN_RING3 */
+
+#endif
+