VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 70286

Last change on this file since 70286 was 70197, checked in by vboxsync, 7 years ago

IPRT/R3: Made the core work on NT 3.51 (still experimental).
  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 129.7 KB
Line 
1/* $Id: nt.h 70197 2017-12-18 13:40:58Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.virtualbox.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43# define NtQuerySystemInformation ZwQuerySystemInformation
44# define NtQuerySecurityObject ZwQuerySecurityObject
45# define NtSetInformationFile ZwSetInformationFile
46# define NtClose ZwClose
47# define NtCreateFile ZwCreateFile
48# define NtReadFile ZwReadFile
49# define NtWriteFile ZwWriteFile
50# define NtFlushBuffersFile ZwFlushBuffersFile
51/** @todo this is very incomplete! */
52#endif
53
54#include <ntstatus.h>
55
56/*
57 * Hacks common to both base header sets.
58 */
59#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60#define NtQueryObject Incomplete_NtQueryObject
61#define ZwQueryObject Incomplete_ZwQueryObject
62#define NtSetInformationObject Incomplete_NtSetInformationObject
63#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67#define _PEB Incomplete__PEB
68#define PEB Incomplete_PEB
69#define PPEB Incomplete_PPEB
70#define _TEB Incomplete__TEB
71#define TEB Incomplete_TEB
72#define PTEB Incomplete_PTEB
73#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82#ifdef IPRT_NT_USE_WINTERNL
83/*
84 * Use Winternl.h.
85 */
86# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129# pragma warning(push)
130# pragma warning(disable: 4668)
131# define WIN32_NO_STATUS
132# include <windef.h>
133# include <winnt.h>
134# include <winternl.h>
135# undef WIN32_NO_STATUS
136# include <ntstatus.h>
137# pragma warning(pop)
138
139
140# undef _FILE_INFORMATION_CLASS
141# undef FILE_INFORMATION_CLASS
142# undef FileDirectoryInformation
143
144# undef NtQueryInformationProcess
145# undef NtSetInformationProcess
146# undef PROCESSINFOCLASS
147# undef _PROCESSINFOCLASS
148# undef PROCESS_BASIC_INFORMATION
149# undef PPROCESS_BASIC_INFORMATION
150# undef _PROCESS_BASIC_INFORMATION
151# undef ProcessBasicInformation
152# undef ProcessDebugPort
153# undef ProcessWow64Information
154# undef ProcessImageFileName
155# undef ProcessBreakOnTermination
156
157# undef RTL_USER_PROCESS_PARAMETERS
158# undef PRTL_USER_PROCESS_PARAMETERS
159# undef _RTL_USER_PROCESS_PARAMETERS
160
161# undef NtQueryInformationThread
162# undef NtSetInformationThread
163# undef THREADINFOCLASS
164# undef _THREADINFOCLASS
165# undef ThreadIsIoPending
166
167# undef NtQuerySystemInformation
168# undef NtSetSystemInformation
169# undef SYSTEM_INFORMATION_CLASS
170# undef _SYSTEM_INFORMATION_CLASS
171# undef SystemBasicInformation
172# undef SystemPerformanceInformation
173# undef SystemTimeOfDayInformation
174# undef SystemProcessInformation
175# undef SystemProcessorPerformanceInformation
176# undef SystemInterruptInformation
177# undef SystemExceptionInformation
178# undef SystemRegistryQuotaInformation
179# undef SystemLookasideInformation
180# undef SystemPolicyInformation
181
182#else
183/*
184 * Use ntifs.h and wdm.h.
185 */
186# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
187# define FORCEINLINE static __forceinline
188# else
189# define FORCEINLINE static __inline
190# endif
191
192# pragma warning(push)
193# ifdef RT_ARCH_X86
194# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
195# pragma warning(disable: 4163)
196# endif
197# pragma warning(disable: 4668)
198# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
199# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
200# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
201# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
202# endif
203
204# include <ntifs.h>
205# include <wdm.h>
206
207# ifdef RT_ARCH_X86
208# undef _InterlockedAddLargeStatistic
209# endif
210# pragma warning(pop)
211
212# define IPRT_NT_NEED_API_GROUP_NTIFS
213#endif
214
215#undef RtlFreeUnicodeString
216#undef NtQueryObject
217#undef ZwQueryObject
218#undef NtSetInformationObject
219#undef _OBJECT_INFORMATION_CLASS
220#undef OBJECT_INFORMATION_CLASS
221#undef ObjectBasicInformation
222#undef ObjectTypeInformation
223#undef _PEB
224#undef PEB
225#undef PPEB
226#undef _TEB
227#undef TEB
228#undef PTEB
229#undef _PEB_LDR_DATA
230#undef PEB_LDR_DATA
231#undef PPEB_LDR_DATA
232#undef _KUSER_SHARED_DATA
233#undef KUSER_SHARED_DATA
234#undef PKUSER_SHARED_DATA
235
236
237#include <iprt/types.h>
238#include <iprt/assert.h>
239
240
241/** @name Useful macros
242 * @{ */
243/** Indicates that we're targeting native NT in the current source. */
244#define RTNT_USE_NATIVE_NT 1
245/** Initializes a IO_STATUS_BLOCK. */
246#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
247/** Reinitializes a IO_STATUS_BLOCK. */
248#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
249 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
250/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
251#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
252/** Constant UNICODE_STRING initializer. */
253#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
254/** @} */
255
256
257/** @name IPRT helper functions for NT
258 * @{ */
259RT_C_DECLS_BEGIN
260
261RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
262 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
263 PHANDLE phHandle, PULONG_PTR puDisposition);
264RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
265 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
266RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
267 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
268RTDECL(int) RTNtPathClose(HANDLE hHandle);
269
270/**
271 * Converts a windows-style path to NT format and encoding.
272 *
273 * @returns IPRT status code.
274 * @param pNtName Where to return the NT name. Free using
275 * RTNtPathFree.
276 * @param phRootDir Where to return the root handle, if applicable.
277 * @param pszPath The UTF-8 path.
278 */
279RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
280
281/**
282 * Converts a UTF-16 windows-style path to NT format.
283 *
284 * @returns IPRT status code.
285 * @param pNtName Where to return the NT name. Free using
286 * RTNtPathFree.
287 * @param phRootDir Where to return the root handle, if applicable.
288 * @param pwszPath The UTF-16 windows-style path.
289 * @param cwcPath The max length of the windows-style path in
290 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
291 * pwszPath is correctly terminated.
292 */
293RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
294
295/**
296 * How to handle ascent ('..' relative to a root handle).
297 */
298typedef enum RTNTPATHRELATIVEASCENT
299{
300 kRTNtPathRelativeAscent_Invalid = 0,
301 kRTNtPathRelativeAscent_Allow,
302 kRTNtPathRelativeAscent_Fail,
303 kRTNtPathRelativeAscent_Ignore,
304 kRTNtPathRelativeAscent_End,
305 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
306} RTNTPATHRELATIVEASCENT;
307
308/**
309 * Converts a relative windows-style path to relative NT format and encoding.
310 *
311 * @returns IPRT status code.
312 * @param pNtName Where to return the NT name. Free using
313 * rtTNtPathToNative with phRootDir set to NULL.
314 * @param phRootDir On input, the handle to the directory the path
315 * is relative to. On output, the handle to
316 * specify as root directory in the object
317 * attributes when accessing the path. If
318 * enmAscent is kRTNtPathRelativeAscent_Allow, it
319 * may have been set to NULL.
320 * @param pszPath The relative UTF-8 path.
321 * @param enmAscent How to handle ascent.
322 * @param fMustReturnAbsolute Must convert to an absolute path. This
323 * is necessary if the root dir is a NT directory
324 * object (e.g. /Devices) since they cannot parse
325 * relative paths it seems.
326 */
327RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
328 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
329
330/**
331 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
332 * chars plus a terminator.
333 *
334 * The NT string must have been returned by RTNtPathFromWinUtf8 or
335 * RTNtPathFromWinUtf16Ex.
336 *
337 * @returns IPRT status code.
338 * @param pNtName The NT path string.
339 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
340 * @sa RTNtPathFree
341 */
342RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
343
344/**
345 * Frees the native path and root handle.
346 *
347 * @param pNtName The NT path after a successful rtNtPathToNative
348 * call or RTNtPathRelativeFromUtf8.
349 * @param phRootDir The root handle variable from rtNtPathToNative,
350 */
351RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
352
353
354/**
355 * Checks whether the path could be containing alternative 8.3 names generated
356 * by NTFS, FAT, or other similar file systems.
357 *
358 * @returns Pointer to the first component that might be an 8.3 name, NULL if
359 * not 8.3 path.
360 * @param pwszPath The path to check.
361 *
362 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
363 * however, non-tilde 8.3 aliases are probably rare enough to not be
364 * worth all the extra code necessary to open each path component and
365 * check if we've got the short name or not.
366 */
367RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
368
369/**
370 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
371 * components.
372 *
373 * The path is fixed up in place. Errors are ignored.
374 *
375 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
376 * indicating the nature of last problem we ran into.
377 *
378 * @param pUniStr The path to fix up. MaximumLength is the max buffer
379 * length.
380 * @param fPathOnly Whether to only process the path and leave the filename
381 * as passed in.
382 */
383RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
384
385
386RT_C_DECLS_END
387/** @} */
388
389
390/** @name NT API delcarations.
391 * @{ */
392RT_C_DECLS_BEGIN
393
394/** @name Process access rights missing in ntddk headers
395 * @{ */
396#ifndef PROCESS_TERMINATE
397# define PROCESS_TERMINATE UINT32_C(0x00000001)
398#endif
399#ifndef PROCESS_CREATE_THREAD
400# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
401#endif
402#ifndef PROCESS_SET_SESSIONID
403# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
404#endif
405#ifndef PROCESS_VM_OPERATION
406# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
407#endif
408#ifndef PROCESS_VM_READ
409# define PROCESS_VM_READ UINT32_C(0x00000010)
410#endif
411#ifndef PROCESS_VM_WRITE
412# define PROCESS_VM_WRITE UINT32_C(0x00000020)
413#endif
414#ifndef PROCESS_DUP_HANDLE
415# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
416#endif
417#ifndef PROCESS_CREATE_PROCESS
418# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
419#endif
420#ifndef PROCESS_SET_QUOTA
421# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
422#endif
423#ifndef PROCESS_SET_INFORMATION
424# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
425#endif
426#ifndef PROCESS_QUERY_INFORMATION
427# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
428#endif
429#ifndef PROCESS_SUSPEND_RESUME
430# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
431#endif
432#ifndef PROCESS_QUERY_LIMITED_INFORMATION
433# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
434#endif
435#ifndef PROCESS_SET_LIMITED_INFORMATION
436# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
437#endif
438#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
439#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
440#ifndef PROCESS_ALL_ACCESS
441# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
442#endif
443/** @} */
444
445/** @name Thread access rights missing in ntddk headers
446 * @{ */
447#ifndef THREAD_QUERY_INFORMATION
448# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
449#endif
450#ifndef THREAD_SET_THREAD_TOKEN
451# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
452#endif
453#ifndef THREAD_IMPERSONATE
454# define THREAD_IMPERSONATE UINT32_C(0x00000100)
455#endif
456#ifndef THREAD_DIRECT_IMPERSONATION
457# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
458#endif
459#ifndef THREAD_RESUME
460# define THREAD_RESUME UINT32_C(0x00001000)
461#endif
462#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
463#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
464#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
465/** @} */
466
467/** @name Special handle values.
468 * @{ */
469#ifndef NtCurrentProcess
470# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
471#endif
472#ifndef NtCurrentThread
473# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
474#endif
475#ifndef ZwCurrentProcess
476# define ZwCurrentProcess() NtCurrentProcess()
477#endif
478#ifndef ZwCurrentThread
479# define ZwCurrentThread() NtCurrentThread()
480#endif
481/** @} */
482
483
484/** @name Directory object access rights.
485 * @{ */
486#ifndef DIRECTORY_QUERY
487# define DIRECTORY_QUERY UINT32_C(0x00000001)
488#endif
489#ifndef DIRECTORY_TRAVERSE
490# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
491#endif
492#ifndef DIRECTORY_CREATE_OBJECT
493# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
494#endif
495#ifndef DIRECTORY_CREATE_SUBDIRECTORY
496# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
497#endif
498#ifndef DIRECTORY_ALL_ACCESS
499# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
500#endif
501/** @} */
502
503
504
505#ifdef IPRT_NT_USE_WINTERNL
506typedef struct _CLIENT_ID
507{
508 HANDLE UniqueProcess;
509 HANDLE UniqueThread;
510} CLIENT_ID;
511typedef CLIENT_ID *PCLIENT_ID;
512#endif
513
514/** Extended affinity type, introduced in Windows 7 (?). */
515typedef struct _KAFFINITY_EX
516{
517 /** Count of valid bitmap entries. */
518 uint16_t Count;
519 /** Count of allocated bitmap entries. */
520 uint16_t Size;
521 /** Reserved / aligmment padding. */
522 uint32_t Reserved;
523 /** Bitmap where one bit corresponds to a CPU. */
524 uintptr_t Bitmap[20];
525} KAFFINITY_EX;
526typedef KAFFINITY_EX *PKAFFINITY_EX;
527typedef KAFFINITY_EX const *PCKAFFINITY_EX;
528
529/** @name User Shared Data
530 * @{ */
531
532#ifdef IPRT_NT_USE_WINTERNL
533typedef struct _KSYSTEM_TIME
534{
535 ULONG LowPart;
536 LONG High1Time;
537 LONG High2Time;
538} KSYSTEM_TIME;
539typedef KSYSTEM_TIME *PKSYSTEM_TIME;
540
541typedef enum _NT_PRODUCT_TYPE
542{
543 NtProductWinNt = 1,
544 NtProductLanManNt,
545 NtProductServer
546} NT_PRODUCT_TYPE;
547
548#define PROCESSOR_FEATURE_MAX 64
549
550typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
551{
552 StandardDesign = 0,
553 NEC98x86,
554 EndAlternatives
555} ALTERNATIVE_ARCHITECTURE_TYPE;
556
557# if 0
558typedef struct _XSTATE_FEATURE
559{
560 ULONG Offset;
561 ULONG Size;
562} XSTATE_FEATURE;
563typedef XSTATE_FEATURE *PXSTATE_FEATURE;
564
565#define MAXIMUM_XSTATE_FEATURES 64
566
567typedef struct _XSTATE_CONFIGURATION
568{
569 ULONG64 EnabledFeatures;
570 ULONG Size;
571 ULONG OptimizedSave : 1;
572 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
573} XSTATE_CONFIGURATION;
574typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
575# endif
576#endif /* IPRT_NT_USE_WINTERNL */
577
578typedef struct _KUSER_SHARED_DATA
579{
580 ULONG TickCountLowDeprecated; /**< 0x000 */
581 ULONG TickCountMultiplier; /**< 0x004 */
582 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
583 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
584 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
585 USHORT ImageNumberLow; /**< 0x02c */
586 USHORT ImageNumberHigh; /**< 0x02e */
587 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
588 ULONG MaxStackTraceDepth; /**< 0x238 */
589 ULONG CryptoExponent; /**< 0x23c */
590 ULONG TimeZoneId; /**< 0x240 */
591 ULONG LargePageMinimum; /**< 0x244 */
592 ULONG AitSamplingValue; /**< 0x248 */
593 ULONG AppCompatFlag; /**< 0x24c */
594 ULONGLONG RNGSeedVersion; /**< 0x250 */
595 ULONG GlobalValidationRunlevel; /**< 0x258 */
596 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
597 ULONG Reserved2; /**< 0x260 */
598 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
599 BOOLEAN ProductTypeIsValid; /**< 0x268 */
600 BOOLEAN Reserved0[1]; /**< 0x269 */
601 USHORT NativeProcessorArchitecture; /**< 0x26a */
602 ULONG NtMajorVersion; /**< 0x26c */
603 ULONG NtMinorVersion; /**< 0x270 */
604 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
605 ULONG Reserved1; /**< 0x2b4 */
606 ULONG Reserved3; /**< 0x2b8 */
607 ULONG volatile TimeSlip; /**< 0x2bc */
608 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
609 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
610 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
611 ULONG SuiteMask; /**< 0x2d0 */
612 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
613 union /**< 0x2d5 */
614 {
615 UCHAR MitigationPolicies; /**< 0x2d5 */
616 struct
617 {
618 UCHAR NXSupportPolicy : 2;
619 UCHAR SEHValidationPolicy : 2;
620 UCHAR CurDirDevicesSkippedForDlls : 2;
621 UCHAR Reserved : 2;
622 };
623 };
624 UCHAR Reserved6[2]; /**< 0x2d6 */
625 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
626 ULONG volatile DismountCount; /**< 0x2dc */
627 ULONG ComPlusPackage; /**< 0x2e0 */
628 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
629 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
630 BOOLEAN SafeBootMode; /**< 0x2ec */
631 UCHAR Reserved12[3]; /**< 0x2ed */
632 union /**< 0x2f0 */
633 {
634 ULONG SharedDataFlags; /**< 0x2f0 */
635 struct
636 {
637 ULONG DbgErrorPortPresent : 1;
638 ULONG DbgElevationEnabled : 1;
639 ULONG DbgVirtEnabled : 1;
640 ULONG DbgInstallerDetectEnabled : 1;
641 ULONG DbgLkgEnabled : 1;
642 ULONG DbgDynProcessorEnabled : 1;
643 ULONG DbgConsoleBrokerEnabled : 1;
644 ULONG DbgSecureBootEnabled : 1;
645 ULONG SpareBits : 24;
646 };
647 };
648 ULONG DataFlagsPad[1]; /**< 0x2f4 */
649 ULONGLONG TestRetInstruction; /**< 0x2f8 */
650 LONGLONG QpcFrequency; /**< 0x300 */
651 ULONGLONG SystemCallPad[3]; /**< 0x308 */
652 union /**< 0x320 */
653 {
654 ULONG64 volatile TickCountQuad; /**< 0x320 */
655 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
656 struct /**< 0x320 */
657 {
658 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
659 ULONG TickCountPad[1]; /**< 0x32c */
660 };
661 };
662 ULONG Cookie; /**< 0x330 */
663 ULONG CookiePad[1]; /**< 0x334 */
664 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
665 ULONGLONG TimeUpdateLock; /**< 0x340 */
666 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
667 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
668 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
669 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
670 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
671 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
672 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
673 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
674 UCHAR Reserved8[14]; /**< 0x372 */
675 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
676 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
677 ULONG LangGenerationCount; /**< 0x3a4 */
678 ULONGLONG Reserved4; /**< 0x3a8 */
679 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 */
680 ULONGLONG volatile QpcBias; /**< 0x3b8 */
681 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
682 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
683 UCHAR Reserved9; /**< 0x3c5 */
684 union /**< 0x3c6 */
685 {
686 USHORT QpcData; /**< 0x3c6 */
687 struct /**< 0x3c6 */
688 {
689 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
690 UCHAR QpcShift; /**< 0x3c7 */
691 };
692 };
693 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
694 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
695 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
696} KUSER_SHARED_DATA;
697typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
698AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
699AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
700AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
701AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
702AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
703AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
704AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
705AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
706AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
707/** @def MM_SHARED_USER_DATA_VA
708 * Read only userland mapping of KUSER_SHARED_DATA. */
709#ifndef MM_SHARED_USER_DATA_VA
710# if ARCH_BITS == 32
711# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
712# elif ARCH_BITS == 64
713# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
714# else
715# error "Unsupported/undefined ARCH_BITS value."
716# endif
717#endif
718/** @def KI_USER_SHARED_DATA
719 * Read write kernel mapping of KUSER_SHARED_DATA. */
720#ifndef KI_USER_SHARED_DATA
721# ifdef RT_ARCH_X86
722# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
723# elif defined(RT_ARCH_AMD64)
724# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
725# else
726# error "PORT ME - KI_USER_SHARED_DATA"
727# endif
728#endif
729/** @} */
730
731
732/** @name Process And Thread Environment Blocks
733 * @{ */
734
735typedef struct _PEB_LDR_DATA
736{
737 uint32_t Length;
738 BOOLEAN Initialized;
739 BOOLEAN Padding[3];
740 HANDLE SsHandle;
741 LIST_ENTRY InLoadOrderModuleList;
742 LIST_ENTRY InMemoryOrderModuleList;
743 LIST_ENTRY InInitializationOrderModuleList;
744 /* End NT4 */
745 LIST_ENTRY *EntryInProgress;
746 BOOLEAN ShutdownInProgress;
747 HANDLE ShutdownThreadId;
748} PEB_LDR_DATA;
749typedef PEB_LDR_DATA *PPEB_LDR_DATA;
750
751typedef struct _PEB_COMMON
752{
753 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
754 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
755 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
756 union
757 {
758 uint8_t BitField; /**< 0x003 / 0x003 */
759 struct
760 {
761 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
762 } Common;
763 struct
764 {
765 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
766 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
767 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
768 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
769 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
770 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
771 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
772 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
773 } W81;
774 struct
775 {
776 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
777 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
778 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
779 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
780 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
781 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
782 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
783 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
784 } W80;
785 struct
786 {
787 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
788 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
789 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
790 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
791 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
792 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
793 } W7;
794 struct
795 {
796 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
797 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
798 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
799 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
800 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
801 } W6;
802 struct
803 {
804 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
805 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
806 } W52;
807 struct
808 {
809 BOOLEAN SpareBool;
810 } W51;
811 } Diff0;
812#if ARCH_BITS == 64
813 uint32_t Padding0; /**< 0x004 / NA */
814#endif
815 HANDLE Mutant; /**< 0x008 / 0x004 */
816 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
817 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
818 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
819 PVOID SubSystemData; /**< 0x028 / 0x014 */
820 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
821 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
822 union
823 {
824 struct
825 {
826 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
827 PVOID IFEOKey; /**< 0x048 / 0x024 */
828 union
829 {
830 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
831 struct
832 {
833 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
834 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
835 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
836 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
837 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
838 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
839 } W7, W8, W80, W81;
840 struct
841 {
842 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
843 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
844 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
845 } W6;
846 };
847#if ARCH_BITS == 64
848 uint32_t Padding1; /**< 0x054 / */
849#endif
850 } W6, W7, W8, W80, W81;
851 struct
852 {
853 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
854 PVOID SparePtr2; /**< 0x048 / 0x024 */
855 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
856#if ARCH_BITS == 64
857 uint32_t Padding1; /**< 0x054 / */
858#endif
859 } W52;
860 struct
861 {
862 PVOID FastPebLockRoutine; /**< NA / 0x020 */
863 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
864 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
865 } W51;
866 } Diff1;
867 union
868 {
869 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
870 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
871 };
872 uint32_t SystemReserved; /**< 0x060 / 0x030 */
873 union
874 {
875 struct
876 {
877 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
878 } W7, W8, W80, W81;
879 struct
880 {
881 uint32_t SpareUlong; /**< 0x064 / 0x034 */
882 } W52, W6;
883 struct
884 {
885 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
886 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
887 } W51;
888 } Diff2;
889 union
890 {
891 struct
892 {
893 PVOID ApiSetMap; /**< 0x068 / 0x038 */
894 } W7, W8, W80, W81;
895 struct
896 {
897 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
898 } W52, W6;
899 struct
900 {
901 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
902 } W51;
903 } Diff3;
904 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
905#if ARCH_BITS == 64
906 uint32_t Padding2; /**< 0x074 / NA */
907#endif
908 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
909 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
910 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
911 union
912 {
913 struct
914 {
915 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
916 } W81;
917 struct
918 {
919 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
920 } W6, W7, W80;
921 struct
922 {
923 PVOID ReadOnlySharedMemoryHeap;
924 } W52;
925 } Diff4;
926 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
927 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
928 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
929 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
930 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
931 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
932#if ARCH_BITS == 32
933 uint32_t Padding2b;
934#endif
935 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
936 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
937 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
938 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
939 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
940 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
941 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
942 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
943 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
944 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
945 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
946#if ARCH_BITS == 64
947 uint32_t Padding3; /**< 0x10c / NA */
948#endif
949 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
950 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
951 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
952 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
953 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
954 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
955 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
956 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
957 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
958#if ARCH_BITS == 64
959 uint32_t Padding4; /**< 0x134 / NA */
960#endif
961 union
962 {
963 struct
964 {
965 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
966 } W7, W8, W80, W81;
967 struct
968 {
969 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
970 } W52, W6;
971 } Diff5;
972 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
973 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
974 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
975 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
976 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
977#if ARCH_BITS == 64
978 uint32_t Padding5; /**< 0x2c4 / NA */
979#endif
980 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
981 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
982 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
983 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
984 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
985 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
986 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
987 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
988 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
989 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
990 /* End of PEB in W52 (Windows XP (RTM))! */
991 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
992 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
993 PVOID FlsBitmap; /**< 0x338 / 0x218 */
994 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
995 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
996 /* End of PEB in W52 (Windows Server 2003)! */
997 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
998 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
999 /* End of PEB in W6 (windows Vista)! */
1000 union
1001 {
1002 struct
1003 {
1004 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1005 } W8, W80, W81;
1006 struct
1007 {
1008 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1009 } W7;
1010 } Diff6;
1011 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1012 union
1013 {
1014 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1015 struct
1016 {
1017 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1018 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1019 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1020 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1021 } W8, W80, W81;
1022 struct
1023 {
1024 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1025 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1026 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1027 } W7;
1028 } Diff7;
1029#if ARCH_BITS == 64
1030 uint32_t Padding6; /**< 0x37c / NA */
1031#endif
1032 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1033 /* End of PEB in W8, W81. */
1034 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1035 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1036 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1037#if ARCH_BITS == 32
1038 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1039#endif
1040} PEB_COMMON;
1041typedef PEB_COMMON *PPEB_COMMON;
1042
1043AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1044AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1045AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1046AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1047AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1048AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1049AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1050AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1051AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1052
1053/** The size of the windows 10 (build 14393) PEB structure. */
1054#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1055/** The size of the windows 8.1 PEB structure. */
1056#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1057/** The size of the windows 8.0 PEB structure. */
1058#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1059/** The size of the windows 7 PEB structure. */
1060#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1061/** The size of the windows vista PEB structure. */
1062#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1063/** The size of the windows server 2003 PEB structure. */
1064#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1065/** The size of the windows XP PEB structure. */
1066#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1067
1068#if 0
1069typedef struct _NT_TIB
1070{
1071 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1072 PVOID StackBase;
1073 PVOID StackLimit;
1074 PVOID SubSystemTib;
1075 union
1076 {
1077 PVOID FiberData;
1078 ULONG Version;
1079 };
1080 PVOID ArbitraryUserPointer;
1081 struct _NT_TIB *Self;
1082} NT_TIB;
1083typedef NT_TIB *PNT_TIB;
1084#endif
1085
1086typedef struct _ACTIVATION_CONTEXT_STACK
1087{
1088 uint32_t Flags;
1089 uint32_t NextCookieSequenceNumber;
1090 PVOID ActiveFrame;
1091 LIST_ENTRY FrameListCache;
1092} ACTIVATION_CONTEXT_STACK;
1093
1094/* Common TEB. */
1095typedef struct _TEB_COMMON
1096{
1097 NT_TIB NtTib; /**< 0x000 / 0x000 */
1098 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1099 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1100 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1101 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1102 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1103 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1104 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1105 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1106 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1107 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1108 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1109 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1110 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1111 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1112 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1113 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1114#if ARCH_BITS == 64
1115 uint32_t Padding0; /**< 0x2c4 / NA */
1116#endif
1117 union
1118 {
1119 struct
1120 {
1121 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1122 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1123 } W52, W6, W7, W8, W80, W81;
1124#if ARCH_BITS == 32
1125 struct
1126 {
1127 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1128 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1129 } W51;
1130#endif
1131 } Diff0;
1132 union
1133 {
1134 struct
1135 {
1136 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1137 } W6, W7, W8, W80, W81;
1138 struct
1139 {
1140 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1141 } W52;
1142 } Diff1;
1143#if ARCH_BITS == 64
1144 uint32_t Padding1; /**< 0x2ec / NA */
1145#endif
1146 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1147 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1148 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1149 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1150 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1151 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1152 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1153 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1154 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1155 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1156 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1157 PVOID glSection; /**< 0x1230 / 0xbe4 */
1158 PVOID glTable; /**< 0x1238 / 0xbe8 */
1159 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1160 PVOID glContext; /**< 0x1248 / 0xbf0 */
1161 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1162#if ARCH_BITS == 64
1163 uint32_t Padding2; /**< 0x1254 / NA */
1164#endif
1165 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1166 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1167#if ARCH_BITS == 64
1168 WCHAR Padding3[3]; /**< 0x1472 / NA */
1169#endif
1170 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1171 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1172 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1173 PVOID Vdm; /**< 0x1690 / 0xf18 */
1174 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1175 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1176 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1177#if ARCH_BITS == 64
1178 uint32_t Padding4; /**< 0x16b4 / NA */
1179#endif
1180 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1181 union
1182 {
1183 struct
1184 {
1185 GUID ActivityId; /**< 0x1710 / 0xf50 */
1186 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1187 } W6, W7, W8, W80, W81;
1188 struct
1189 {
1190 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1191 } W52;
1192 } Diff2;
1193 union /**< 0x1728 / 0xf64 */
1194 {
1195 struct
1196 {
1197 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1198 } W8, W80, W81;
1199 struct
1200 {
1201 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1202 } W7, W6;
1203 struct
1204 {
1205 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1206 } W52;
1207 struct
1208 {
1209 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1210 } W51;
1211 } Diff3;
1212 union
1213 {
1214 struct
1215 {
1216 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1217 } W52, W6, W7, W8, W80, W81;
1218 struct
1219 {
1220 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1221 } W51;
1222 } Diff4;
1223 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1224 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1225 union
1226 {
1227 union
1228 {
1229 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1230 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1231 struct
1232 {
1233 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1234 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1235 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1236 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1237 };
1238 } W6, W7, W8, W80, W81;
1239 struct
1240 {
1241 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1242 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1243 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1244 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1245 } W51, W52;
1246 } Diff5;
1247 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1248#if ARCH_BITS == 64
1249 uint32_t Padding5; /**< 0x174c / NA */
1250#endif
1251 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1252 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1253 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1254#if ARCH_BITS == 64
1255 uint32_t Padding6; /**< 0x1764 / NA */
1256#endif
1257 union /**< 0x1770 / 0xf8c */
1258 {
1259 struct
1260 {
1261 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1262 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1263 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1264 } W8, W80, W81;
1265 struct
1266 {
1267 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1268 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1269 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1270 } W6, W7;
1271 struct
1272 {
1273 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1274 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1275 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1276 } W52;
1277#if ARCH_BITS == 32
1278 struct _Wx86ThreadState
1279 {
1280 PVOID CallBx86Eip; /**< NA / 0xf88 */
1281 PVOID DeallocationCpu; /**< NA / 0xf8c */
1282 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1283 int8_t OleStubInvoked; /**< NA / 0xf91 */
1284 } W51;
1285#endif
1286 } Diff6;
1287 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1288#if ARCH_BITS == 64
1289 PVOID DallocationBStore; /**< 0x1788 / NA */
1290 PVOID BStoreLimit; /**< 0x1790 / NA */
1291#endif
1292 union
1293 {
1294 struct
1295 {
1296 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1297 } W7, W8, W80, W81;
1298 struct
1299 {
1300 uint32_t ImpersonationLocale;
1301 } W6;
1302 } Diff7;
1303 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1304 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1305 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1306 union /**< 0x17b0 / 0xfa8 */
1307 {
1308 struct
1309 {
1310 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1311 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1312 } W8, W80, W81;
1313 struct
1314 {
1315 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1316 } W7;
1317 } Diff8;
1318#if ARCH_BITS == 64
1319 uint32_t Padding7; /**< 0x17b4 / NA */
1320#endif
1321 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1322 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1323 /* End of TEB in W51 (Windows XP)! */
1324 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1325 union
1326 {
1327 struct
1328 {
1329 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1330 } W6, W7, W8, W80, W81;
1331 struct
1332 {
1333 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1334 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1335 /* End of TEB in W52 (Windows server 2003)! */
1336 } W52;
1337 } Diff9;
1338 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1339 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1340 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1341 union
1342 {
1343 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1344 struct
1345 {
1346 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1347 };
1348 };
1349 union
1350 {
1351 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1352 struct
1353 {
1354 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1355 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1356 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1357 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1358 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1359 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1360 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1361 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1362 } Common;
1363 struct
1364 {
1365 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1366 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1367 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1368 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1369 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1370 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1371 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1372 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1373 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1374 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1375 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1376 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1377 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1378 } W8, W80, W81;
1379 struct
1380 {
1381 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1382 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1383 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1384 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1385 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1386 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1387 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1388 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1389 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1390 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1391 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1392 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1393 } W7;
1394 struct
1395 {
1396 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1397 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1398 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1399 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1400 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1401 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1402 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1403 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1404 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1405 } W6;
1406 } Diff10;
1407 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1408 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1409 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1410 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1411 union
1412 {
1413 struct
1414 {
1415 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1416 } W7, W8, W80, W81;
1417 struct
1418 {
1419 uint32_t ProcessRundown;
1420 } W6;
1421 } Diff11;
1422 union
1423 {
1424 struct
1425 {
1426 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1427 /* End of TEB in W7 (windows 7)! */
1428 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1429 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1430 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1431 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1432 /* End of TEB in W10 14393! */
1433 } W8, W80, W81, W10;
1434 struct
1435 {
1436 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1437 } W7;
1438 struct
1439 {
1440 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1441 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1442 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1443 /* End of TEB in W6 (windows Vista)! */
1444 } W6;
1445 } Diff12;
1446} TEB_COMMON;
1447typedef TEB_COMMON *PTEB_COMMON;
1448AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1449AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1450AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1451AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1452AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1453AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1454AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1455AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1456AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1457AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1458AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1459AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1460AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1461
1462
1463/** The size of the windows 8.1 PEB structure. */
1464#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1465/** The size of the windows 8.1 PEB structure. */
1466#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1467/** The size of the windows 8.0 PEB structure. */
1468#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1469/** The size of the windows 7 PEB structure. */
1470#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1471/** The size of the windows vista PEB structure. */
1472#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1473/** The size of the windows server 2003 PEB structure. */
1474#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1475/** The size of the windows XP PEB structure. */
1476#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1477
1478
1479
1480#define _PEB _PEB_COMMON
1481typedef PEB_COMMON PEB;
1482typedef PPEB_COMMON PPEB;
1483
1484#define _TEB _TEB_COMMON
1485typedef TEB_COMMON TEB;
1486typedef PTEB_COMMON PTEB;
1487
1488#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1489# ifdef RT_ARCH_X86
1490DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1491DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1492DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1493# elif defined(RT_ARCH_AMD64)
1494DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1495DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1496DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return (uint32_t)__readgsqword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1497# else
1498# error "Port me"
1499# endif
1500#else
1501# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1502# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1503# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1504#endif
1505#define NtCurrentPeb() RTNtCurrentPeb()
1506
1507
1508/** @} */
1509
1510
1511#ifdef IPRT_NT_USE_WINTERNL
1512NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1513typedef enum _SECTION_INHERIT
1514{
1515 ViewShare = 1,
1516 ViewUnmap
1517} SECTION_INHERIT;
1518#endif
1519NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1520 ULONG, ULONG);
1521NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1522NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1523
1524#ifdef IPRT_NT_USE_WINTERNL
1525typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1526{
1527 ULONG FileSystemAttributes;
1528 LONG MaximumComponentNameLength;
1529 ULONG FileSystemNameLength;
1530 WCHAR FileSystemName[1];
1531} FILE_FS_ATTRIBUTE_INFORMATION;
1532typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1533
1534NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1535NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1536NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1537NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1538
1539typedef enum _FSINFOCLASS
1540{
1541 FileFsVolumeInformation = 1,
1542 FileFsLabelInformation,
1543 FileFsSizeInformation,
1544 FileFsDeviceInformation,
1545 FileFsAttributeInformation,
1546 FileFsControlInformation,
1547 FileFsFullSizeInformation,
1548 FileFsObjectIdInformation,
1549 FileFsDriverPathInformation,
1550 FileFsVolumeFlagsInformation,
1551 FileFsSectorSizeInformation,
1552 FileFsDataCopyInformation,
1553 FileFsMaximumInformation
1554} FS_INFORMATION_CLASS;
1555typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1556NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1557
1558typedef struct _FILE_BOTH_DIR_INFORMATION
1559{
1560 ULONG NextEntryOffset;
1561 ULONG FileIndex;
1562 LARGE_INTEGER CreationTime;
1563 LARGE_INTEGER LastAccessTime;
1564 LARGE_INTEGER LastWriteTime;
1565 LARGE_INTEGER ChangeTime;
1566 LARGE_INTEGER EndOfFile;
1567 LARGE_INTEGER AllocationSize;
1568 ULONG FileAttributes;
1569 ULONG FileNameLength;
1570 ULONG EaSize;
1571 CCHAR ShortNameLength;
1572 WCHAR ShortName[12];
1573 WCHAR FileName[1];
1574} FILE_BOTH_DIR_INFORMATION;
1575typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1576typedef struct _FILE_BASIC_INFORMATION
1577{
1578 LARGE_INTEGER CreationTime;
1579 LARGE_INTEGER LastAccessTime;
1580 LARGE_INTEGER LastWriteTime;
1581 LARGE_INTEGER ChangeTime;
1582 ULONG FileAttributes;
1583} FILE_BASIC_INFORMATION;
1584typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1585typedef struct _FILE_STANDARD_INFORMATION
1586{
1587 LARGE_INTEGER AllocationSize;
1588 LARGE_INTEGER EndOfFile;
1589 ULONG NumberOfLinks;
1590 BOOLEAN DeletePending;
1591 BOOLEAN Directory;
1592} FILE_STANDARD_INFORMATION;
1593typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1594typedef struct _FILE_NAME_INFORMATION
1595{
1596 ULONG FileNameLength;
1597 WCHAR FileName[1];
1598} FILE_NAME_INFORMATION;
1599typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1600typedef struct _FILE_NETWORK_OPEN_INFORMATION
1601{
1602 LARGE_INTEGER CreationTime;
1603 LARGE_INTEGER LastAccessTime;
1604 LARGE_INTEGER LastWriteTime;
1605 LARGE_INTEGER ChangeTime;
1606 LARGE_INTEGER AllocationSize;
1607 LARGE_INTEGER EndOfFile;
1608 ULONG FileAttributes;
1609} FILE_NETWORK_OPEN_INFORMATION;
1610typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1611typedef enum _FILE_INFORMATION_CLASS
1612{
1613 FileDirectoryInformation = 1,
1614 FileFullDirectoryInformation,
1615 FileBothDirectoryInformation,
1616 FileBasicInformation,
1617 FileStandardInformation,
1618 FileInternalInformation,
1619 FileEaInformation,
1620 FileAccessInformation,
1621 FileNameInformation,
1622 FileRenameInformation,
1623 FileLinkInformation,
1624 FileNamesInformation,
1625 FileDispositionInformation,
1626 FilePositionInformation,
1627 FileFullEaInformation,
1628 FileModeInformation,
1629 FileAlignmentInformation,
1630 FileAllInformation,
1631 FileAllocationInformation,
1632 FileEndOfFileInformation,
1633 FileAlternateNameInformation,
1634 FileStreamInformation,
1635 FilePipeInformation,
1636 FilePipeLocalInformation,
1637 FilePipeRemoteInformation,
1638 FileMailslotQueryInformation,
1639 FileMailslotSetInformation,
1640 FileCompressionInformation,
1641 FileObjectIdInformation,
1642 FileCompletionInformation,
1643 FileMoveClusterInformation,
1644 FileQuotaInformation,
1645 FileReparsePointInformation,
1646 FileNetworkOpenInformation,
1647 FileAttributeTagInformation,
1648 FileTrackingInformation,
1649 FileIdBothDirectoryInformation,
1650 FileIdFullDirectoryInformation,
1651 FileValidDataLengthInformation,
1652 FileShortNameInformation,
1653 FileIoCompletionNotificationInformation,
1654 FileIoStatusBlockRangeInformation,
1655 FileIoPriorityHintInformation,
1656 FileSfioReserveInformation,
1657 FileSfioVolumeInformation,
1658 FileHardLinkInformation,
1659 FileProcessIdsUsingFileInformation,
1660 FileNormalizedNameInformation,
1661 FileNetworkPhysicalNameInformation,
1662 FileIdGlobalTxDirectoryInformation,
1663 FileIsRemoteDeviceInformation,
1664 FileUnusedInformation,
1665 FileNumaNodeInformation,
1666 FileStandardLinkInformation,
1667 FileRemoteProtocolInformation,
1668 FileRenameInformationBypassAccessCheck,
1669 FileLinkInformationBypassAccessCheck,
1670 FileVolumeNameInformation,
1671 FileIdInformation,
1672 FileIdExtdDirectoryInformation,
1673 FileReplaceCompletionInformation,
1674 FileHardLinkFullIdInformation,
1675 FileMaximumInformation
1676} FILE_INFORMATION_CLASS;
1677typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1678NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1679NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1680 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1681NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1682#endif /* IPRT_NT_USE_WINTERNL */
1683NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1684NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1685
1686#ifdef IPRT_NT_USE_WINTERNL
1687
1688/** For use with KeyBasicInformation. */
1689typedef struct _KEY_BASIC_INFORMATION
1690{
1691 LARGE_INTEGER LastWriteTime;
1692 ULONG TitleIndex;
1693 ULONG NameLength;
1694 WCHAR Name[1];
1695} KEY_BASIC_INFORMATION;
1696typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1697
1698/** For use with KeyNodeInformation. */
1699typedef struct _KEY_NODE_INFORMATION
1700{
1701 LARGE_INTEGER LastWriteTime;
1702 ULONG TitleIndex;
1703 ULONG ClassOffset; /**< Offset from the start of the structure. */
1704 ULONG ClassLength;
1705 ULONG NameLength;
1706 WCHAR Name[1];
1707} KEY_NODE_INFORMATION;
1708typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1709
1710/** For use with KeyFullInformation. */
1711typedef struct _KEY_FULL_INFORMATION
1712{
1713 LARGE_INTEGER LastWriteTime;
1714 ULONG TitleIndex;
1715 ULONG ClassOffset; /**< Offset of the Class member. */
1716 ULONG ClassLength;
1717 ULONG SubKeys;
1718 ULONG MaxNameLen;
1719 ULONG MaxClassLen;
1720 ULONG Values;
1721 ULONG MaxValueNameLen;
1722 ULONG MaxValueDataLen;
1723 WCHAR Class[1];
1724} KEY_FULL_INFORMATION;
1725typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1726
1727/** For use with KeyNameInformation. */
1728typedef struct _KEY_NAME_INFORMATION
1729{
1730 ULONG NameLength;
1731 WCHAR Name[1];
1732} KEY_NAME_INFORMATION;
1733typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1734
1735/** For use with KeyCachedInformation. */
1736typedef struct _KEY_CACHED_INFORMATION
1737{
1738 LARGE_INTEGER LastWriteTime;
1739 ULONG TitleIndex;
1740 ULONG SubKeys;
1741 ULONG MaxNameLen;
1742 ULONG Values;
1743 ULONG MaxValueNameLen;
1744 ULONG MaxValueDataLen;
1745 ULONG NameLength;
1746} KEY_CACHED_INFORMATION;
1747typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1748
1749/** For use with KeyVirtualizationInformation. */
1750typedef struct _KEY_VIRTUALIZATION_INFORMATION
1751{
1752 ULONG VirtualizationCandidate : 1;
1753 ULONG VirtualizationEnabled : 1;
1754 ULONG VirtualTarget : 1;
1755 ULONG VirtualStore : 1;
1756 ULONG VirtualSource : 1;
1757 ULONG Reserved : 27;
1758} KEY_VIRTUALIZATION_INFORMATION;
1759typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1760
1761typedef enum _KEY_INFORMATION_CLASS
1762{
1763 KeyBasicInformation = 0,
1764 KeyNodeInformation,
1765 KeyFullInformation,
1766 KeyNameInformation,
1767 KeyCachedInformation,
1768 KeyFlagsInformation,
1769 KeyVirtualizationInformation,
1770 KeyHandleTagsInformation,
1771 MaxKeyInfoClass
1772} KEY_INFORMATION_CLASS;
1773NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1774NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1775
1776typedef struct _MEMORY_SECTION_NAME
1777{
1778 UNICODE_STRING SectionFileName;
1779 WCHAR NameBuffer[1];
1780} MEMORY_SECTION_NAME;
1781
1782#ifdef IPRT_NT_USE_WINTERNL
1783typedef struct _PROCESS_BASIC_INFORMATION
1784{
1785 NTSTATUS ExitStatus;
1786 PPEB PebBaseAddress;
1787 ULONG_PTR AffinityMask;
1788 int32_t BasePriority;
1789 ULONG_PTR UniqueProcessId;
1790 ULONG_PTR InheritedFromUniqueProcessId;
1791} PROCESS_BASIC_INFORMATION;
1792typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1793#endif
1794
1795typedef enum _PROCESSINFOCLASS
1796{
1797 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1798 ProcessQuotaLimits, /**< 1 / 0x01 */
1799 ProcessIoCounters, /**< 2 / 0x02 */
1800 ProcessVmCounters, /**< 3 / 0x03 */
1801 ProcessTimes, /**< 4 / 0x04 */
1802 ProcessBasePriority, /**< 5 / 0x05 */
1803 ProcessRaisePriority, /**< 6 / 0x06 */
1804 ProcessDebugPort, /**< 7 / 0x07 */
1805 ProcessExceptionPort, /**< 8 / 0x08 */
1806 ProcessAccessToken, /**< 9 / 0x09 */
1807 ProcessLdtInformation, /**< 10 / 0x0a */
1808 ProcessLdtSize, /**< 11 / 0x0b */
1809 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1810 ProcessIoPortHandlers, /**< 13 / 0x0d */
1811 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1812 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1813 ProcessUserModeIOPL, /**< 16 / 0x10 */
1814 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1815 ProcessPriorityClass, /**< 18 / 0x12 */
1816 ProcessWx86Information, /**< 19 / 0x13 */
1817 ProcessHandleCount, /**< 20 / 0x14 */
1818 ProcessAffinityMask, /**< 21 / 0x15 */
1819 ProcessPriorityBoost, /**< 22 / 0x16 */
1820 ProcessDeviceMap, /**< 23 / 0x17 */
1821 ProcessSessionInformation, /**< 24 / 0x18 */
1822 ProcessForegroundInformation, /**< 25 / 0x19 */
1823 ProcessWow64Information, /**< 26 / 0x1a */
1824 ProcessImageFileName, /**< 27 / 0x1b */
1825 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1826 ProcessBreakOnTermination, /**< 29 / 0x1d */
1827 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1828 ProcessDebugFlags, /**< 31 / 0x1f */
1829 ProcessHandleTracing, /**< 32 / 0x20 */
1830 ProcessIoPriority, /**< 33 / 0x21 */
1831 ProcessExecuteFlags, /**< 34 / 0x22 */
1832 ProcessTlsInformation, /**< 35 / 0x23 */
1833 ProcessCookie, /**< 36 / 0x24 */
1834 ProcessImageInformation, /**< 37 / 0x25 */
1835 ProcessCycleTime, /**< 38 / 0x26 */
1836 ProcessPagePriority, /**< 39 / 0x27 */
1837 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1838 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1839 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1840 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1841 ProcessImageFileMapping, /**< 44 / 0x2c */
1842 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1843 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1844 ProcessGroupInformation, /**< 47 / 0x2f */
1845 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1846 ProcessConsoleHostProcess, /**< 49 / 0x31 */
1847 ProcessWindowsInformation, /**< 50 / 0x32 */
1848 ProcessUnknown51,
1849 ProcessUnknown52,
1850 ProcessUnknown53,
1851 ProcessUnknown54,
1852 ProcessUnknown55,
1853 ProcessUnknown56,
1854 ProcessUnknown57,
1855 ProcessUnknown58,
1856 ProcessUnknown59,
1857 ProcessUnknown60,
1858 ProcessUnknown61,
1859 ProcessUnknown62,
1860 ProcessUnknown63,
1861 ProcessUnknown64,
1862 ProcessUnknown65,
1863 ProcessUnknown66,
1864 ProcessMaybe_KeSetCpuSetsProcess, /**< 67 / 0x43 - is correct, then PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10. */
1865 MaxProcessInfoClass /**< 68 / 0x44 */
1866} PROCESSINFOCLASS;
1867NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1868
1869typedef enum _THREADINFOCLASS
1870{
1871 ThreadBasicInformation = 0,
1872 ThreadTimes,
1873 ThreadPriority,
1874 ThreadBasePriority,
1875 ThreadAffinityMask,
1876 ThreadImpersonationToken,
1877 ThreadDescriptorTableEntry,
1878 ThreadEnableAlignmentFaultFixup,
1879 ThreadEventPair_Reusable,
1880 ThreadQuerySetWin32StartAddress,
1881 ThreadZeroTlsCell,
1882 ThreadPerformanceCount,
1883 ThreadAmILastThread,
1884 ThreadIdealProcessor,
1885 ThreadPriorityBoost,
1886 ThreadSetTlsArrayAddress,
1887 ThreadIsIoPending,
1888 ThreadHideFromDebugger,
1889 ThreadBreakOnTermination,
1890 ThreadSwitchLegacyState,
1891 ThreadIsTerminated,
1892 ThreadLastSystemCall,
1893 ThreadIoPriority,
1894 ThreadCycleTime,
1895 ThreadPagePriority,
1896 ThreadActualBasePriority,
1897 ThreadTebInformation,
1898 ThreadCSwitchMon,
1899 ThreadCSwitchPmu,
1900 ThreadWow64Context,
1901 ThreadGroupInformation,
1902 ThreadUmsInformation,
1903 ThreadCounterProfiling,
1904 ThreadIdealProcessorEx,
1905 ThreadCpuAccountingInformation,
1906 MaxThreadInfoClass
1907} THREADINFOCLASS;
1908NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1909
1910NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1911
1912NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1913NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1914NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
1915NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
1916
1917NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
1918NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
1919
1920NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
1921NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
1922NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
1923NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
1924NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
1925NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
1926NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1927NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
1928NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
1929
1930#endif /* IPRT_NT_USE_WINTERNL */
1931
1932typedef enum _OBJECT_INFORMATION_CLASS
1933{
1934 ObjectBasicInformation = 0,
1935 ObjectNameInformation,
1936 ObjectTypeInformation,
1937 ObjectAllInformation,
1938 ObjectDataInformation
1939} OBJECT_INFORMATION_CLASS;
1940typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
1941#ifdef IN_RING0
1942# define NtQueryObject ZwQueryObject
1943#endif
1944NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1945NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
1946NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
1947
1948NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1949
1950typedef struct _OBJECT_DIRECTORY_INFORMATION
1951{
1952 UNICODE_STRING Name;
1953 UNICODE_STRING TypeName;
1954} OBJECT_DIRECTORY_INFORMATION;
1955typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
1956NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
1957
1958NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
1959NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
1960/** @name ProcessDefaultHardErrorMode bit definitions.
1961 * @{ */
1962#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
1963#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
1964#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
1965#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
1966/** @} */
1967NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
1968NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
1969
1970/** Retured by ProcessImageInformation as well as NtQuerySection. */
1971typedef struct _SECTION_IMAGE_INFORMATION
1972{
1973 PVOID TransferAddress;
1974 ULONG ZeroBits;
1975 SIZE_T MaximumStackSize;
1976 SIZE_T CommittedStackSize;
1977 ULONG SubSystemType;
1978 union
1979 {
1980 struct
1981 {
1982 USHORT SubSystemMinorVersion;
1983 USHORT SubSystemMajorVersion;
1984 };
1985 ULONG SubSystemVersion;
1986 };
1987 ULONG GpValue;
1988 USHORT ImageCharacteristics;
1989 USHORT DllCharacteristics;
1990 USHORT Machine;
1991 BOOLEAN ImageContainsCode;
1992 union /**< Since Vista, used to be a spare BOOLEAN. */
1993 {
1994 struct
1995 {
1996 UCHAR ComPlusNativeRead : 1;
1997 UCHAR ComPlusILOnly : 1;
1998 UCHAR ImageDynamicallyRelocated : 1;
1999 UCHAR ImageMAppedFlat : 1;
2000 UCHAR Reserved : 4;
2001 };
2002 UCHAR ImageFlags;
2003 };
2004 ULONG LoaderFlags;
2005 ULONG ImageFileSize; /**< Since XP? */
2006 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2007} SECTION_IMAGE_INFORMATION;
2008typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2009
2010typedef enum _SECTION_INFORMATION_CLASS
2011{
2012 SectionBasicInformation = 0,
2013 SectionImageInformation,
2014 MaxSectionInfoClass
2015} SECTION_INFORMATION_CLASS;
2016NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2017
2018NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2019NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2020NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2021#ifndef SYMBOLIC_LINK_QUERY
2022# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2023#endif
2024#ifndef SYMBOLIC_LINK_ALL_ACCESS
2025# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2026#endif
2027
2028NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2029NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2030NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2031NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2032NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2033NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2034
2035
2036#ifndef SEC_FILE
2037# define SEC_FILE UINT32_C(0x00800000)
2038#endif
2039#ifndef SEC_IMAGE
2040# define SEC_IMAGE UINT32_C(0x01000000)
2041#endif
2042#ifndef SEC_PROTECTED_IMAGE
2043# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2044#endif
2045#ifndef SEC_NOCACHE
2046# define SEC_NOCACHE UINT32_C(0x10000000)
2047#endif
2048#ifndef MEM_ROTATE
2049# define MEM_ROTATE UINT32_C(0x00800000)
2050#endif
2051typedef enum _MEMORY_INFORMATION_CLASS
2052{
2053 MemoryBasicInformation = 0,
2054 MemoryWorkingSetList,
2055 MemorySectionName,
2056 MemoryBasicVlmInformation
2057} MEMORY_INFORMATION_CLASS;
2058#ifdef IN_RING0
2059typedef struct _MEMORY_BASIC_INFORMATION
2060{
2061 PVOID BaseAddress;
2062 PVOID AllocationBase;
2063 ULONG AllocationProtect;
2064 SIZE_T RegionSize;
2065 ULONG State;
2066 ULONG Protect;
2067 ULONG Type;
2068} MEMORY_BASIC_INFORMATION;
2069typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2070# define NtQueryVirtualMemory ZwQueryVirtualMemory
2071#endif
2072NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2073#ifdef IPRT_NT_USE_WINTERNL
2074NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2075#endif
2076NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2077NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2078
2079typedef enum _SYSTEM_INFORMATION_CLASS
2080{
2081 SystemBasicInformation = 0,
2082 SystemCpuInformation,
2083 SystemPerformanceInformation,
2084 SystemTimeOfDayInformation,
2085 SystemInformation_Unknown_4,
2086 SystemProcessInformation,
2087 SystemInformation_Unknown_6,
2088 SystemInformation_Unknown_7,
2089 SystemProcessorPerformanceInformation,
2090 SystemInformation_Unknown_9,
2091 SystemInformation_Unknown_10,
2092 SystemModuleInformation,
2093 SystemInformation_Unknown_12,
2094 SystemInformation_Unknown_13,
2095 SystemInformation_Unknown_14,
2096 SystemInformation_Unknown_15,
2097 SystemHandleInformation,
2098 SystemInformation_Unknown_17,
2099 SystemPageFileInformation,
2100 SystemInformation_Unknown_19,
2101 SystemInformation_Unknown_20,
2102 SystemCacheInformation,
2103 SystemInformation_Unknown_22,
2104 SystemInterruptInformation,
2105 SystemDpcBehaviourInformation,
2106 SystemFullMemoryInformation,
2107 SystemLoadGdiDriverInformation, /* 26 */
2108 SystemUnloadGdiDriverInformation, /* 27 */
2109 SystemTimeAdjustmentInformation,
2110 SystemSummaryMemoryInformation,
2111 SystemInformation_Unknown_30,
2112 SystemInformation_Unknown_31,
2113 SystemInformation_Unknown_32,
2114 SystemExceptionInformation,
2115 SystemCrashDumpStateInformation,
2116 SystemKernelDebuggerInformation,
2117 SystemContextSwitchInformation,
2118 SystemRegistryQuotaInformation,
2119 SystemInformation_Unknown_38,
2120 SystemInformation_Unknown_39,
2121 SystemInformation_Unknown_40,
2122 SystemInformation_Unknown_41,
2123 SystemInformation_Unknown_42,
2124 SystemInformation_Unknown_43,
2125 SystemCurrentTimeZoneInformation,
2126 SystemLookasideInformation,
2127 SystemSetTimeSlipEvent,
2128 SystemCreateSession,
2129 SystemDeleteSession,
2130 SystemInformation_Unknown_49,
2131 SystemRangeStartInformation,
2132 SystemVerifierInformation,
2133 SystemInformation_Unknown_52,
2134 SystemSessionProcessInformation,
2135 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2136 SystemInformation_Unknown_55,
2137 SystemInformation_Unknown_56,
2138 SystemExtendedProcessInformation,
2139 SystemInformation_Unknown_58,
2140 SystemInformation_Unknown_59,
2141 SystemInformation_Unknown_60,
2142 SystemInformation_Unknown_61,
2143 SystemInformation_Unknown_62,
2144 SystemInformation_Unknown_63,
2145 SystemExtendedHandleInformation, /* 64 */
2146 SystemInformation_Unknown_65,
2147 SystemInformation_Unknown_66,
2148 SystemInformation_Unknown_67,
2149 SystemInformation_Unknown_68,
2150 SystemInformation_HotPatchInfo, /* 69 */
2151 SystemInformation_Unknown_70,
2152 SystemInformation_Unknown_71,
2153 SystemInformation_Unknown_72,
2154 SystemInformation_Unknown_73,
2155 SystemInformation_Unknown_74,
2156 SystemInformation_Unknown_75,
2157 SystemInformation_Unknown_76,
2158 SystemInformation_Unknown_77,
2159 SystemInformation_Unknown_78,
2160 SystemInformation_Unknown_79,
2161 SystemInformation_Unknown_80,
2162 SystemInformation_Unknown_81,
2163 SystemInformation_Unknown_82,
2164 SystemInformation_Unknown_83,
2165 SystemInformation_Unknown_84,
2166 SystemInformation_Unknown_85,
2167 SystemInformation_Unknown_86,
2168 SystemInformation_Unknown_87,
2169 SystemInformation_Unknown_88,
2170 SystemInformation_Unknown_89,
2171 SystemInformation_Unknown_90,
2172 SystemInformation_Unknown_91,
2173 SystemInformation_Unknown_92,
2174 SystemInformation_Unknown_93,
2175 SystemInformation_Unknown_94,
2176 SystemInformation_Unknown_95,
2177 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2178 SystemInformation_Unknown_97,
2179 SystemInformation_Unknown_98,
2180 SystemInformation_Unknown_99,
2181 SystemInformation_Unknown_100,
2182 SystemInformation_Unknown_101,
2183 SystemInformation_Unknown_102,
2184 SystemInformation_Unknown_103,
2185 SystemInformation_Unknown_104,
2186 SystemInformation_Unknown_105,
2187 SystemInformation_Unknown_107,
2188 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2189
2190 /** @todo fill gap. they've added a whole bunch of things */
2191 SystemPolicyInformation = 134,
2192 SystemInformationClassMax
2193} SYSTEM_INFORMATION_CLASS;
2194
2195#ifdef IPRT_NT_USE_WINTERNL
2196typedef struct _VM_COUNTERS
2197{
2198 SIZE_T PeakVirtualSize;
2199 SIZE_T VirtualSize;
2200 ULONG PageFaultCount;
2201 SIZE_T PeakWorkingSetSize;
2202 SIZE_T WorkingSetSize;
2203 SIZE_T QuotaPeakPagedPoolUsage;
2204 SIZE_T QuotaPagedPoolUsage;
2205 SIZE_T QuotaPeakNonPagedPoolUsage;
2206 SIZE_T QuotaNonPagedPoolUsage;
2207 SIZE_T PagefileUsage;
2208 SIZE_T PeakPagefileUsage;
2209} VM_COUNTERS;
2210typedef VM_COUNTERS *PVM_COUNTERS;
2211#endif
2212
2213#if 0
2214typedef struct _IO_COUNTERS
2215{
2216 ULONGLONG ReadOperationCount;
2217 ULONGLONG WriteOperationCount;
2218 ULONGLONG OtherOperationCount;
2219 ULONGLONG ReadTransferCount;
2220 ULONGLONG WriteTransferCount;
2221 ULONGLONG OtherTransferCount;
2222} IO_COUNTERS;
2223typedef IO_COUNTERS *PIO_COUNTERS;
2224#endif
2225
2226typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2227{
2228 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2229 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2230 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2231 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2232 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2233 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2234 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2235 int32_t BasePriority; /**< 0x40 / 0x48 */
2236 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2237 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2238 ULONG HandleCount; /**< 0x4c / 0x60 */
2239 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2240 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2241 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2242 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2243 /* After this follows the threads, then the ProcessName.Buffer. */
2244} RTNT_SYSTEM_PROCESS_INFORMATION;
2245typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2246#ifndef IPRT_NT_USE_WINTERNL
2247typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2248typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2249#endif
2250
2251typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2252{
2253 USHORT UniqueProcessId;
2254 USHORT CreatorBackTraceIndex;
2255 UCHAR ObjectTypeIndex;
2256 UCHAR HandleAttributes;
2257 USHORT HandleValue;
2258 PVOID Object;
2259 ULONG GrantedAccess;
2260} SYSTEM_HANDLE_ENTRY_INFO;
2261typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2262
2263/** Returned by SystemHandleInformation */
2264typedef struct _SYSTEM_HANDLE_INFORMATION
2265{
2266 ULONG NumberOfHandles;
2267 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2268} SYSTEM_HANDLE_INFORMATION;
2269typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2270
2271/** Extended handle information entry.
2272 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2273typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2274{
2275 PVOID Object;
2276 HANDLE UniqueProcessId;
2277 HANDLE HandleValue;
2278 ACCESS_MASK GrantedAccess;
2279 USHORT CreatorBackTraceIndex;
2280 USHORT ObjectTypeIndex;
2281 ULONG HandleAttributes;
2282 ULONG Reserved;
2283} SYSTEM_HANDLE_ENTRY_INFO_EX;
2284typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2285
2286/** Returned by SystemExtendedHandleInformation. */
2287typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2288{
2289 ULONG_PTR NumberOfHandles;
2290 ULONG_PTR Reserved;
2291 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2292} SYSTEM_HANDLE_INFORMATION_EX;
2293typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2294
2295/** Returned by SystemSessionProcessInformation. */
2296typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2297{
2298 ULONG SessionId;
2299 ULONG BufferLength;
2300 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2301 PVOID Buffer;
2302} SYSTEM_SESSION_PROCESS_INFORMATION;
2303typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2304
2305typedef struct _RTL_PROCESS_MODULE_INFORMATION
2306{
2307 HANDLE Section; /**< 0x00 / 0x00 */
2308 PVOID MappedBase; /**< 0x04 / 0x08 */
2309 PVOID ImageBase; /**< 0x08 / 0x10 */
2310 ULONG ImageSize; /**< 0x0c / 0x18 */
2311 ULONG Flags; /**< 0x10 / 0x1c */
2312 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
2313 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
2314 USHORT LoadCount; /**< 0x18 / 0x24 */
2315 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
2316 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
2317} RTL_PROCESS_MODULE_INFORMATION;
2318typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
2319
2320/** Returned by SystemModuleInformation. */
2321typedef struct _RTL_PROCESS_MODULES
2322{
2323 ULONG NumberOfModules;
2324 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
2325} RTL_PROCESS_MODULES;
2326typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
2327
2328NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2329#ifndef IPRT_NT_MAP_TO_ZW
2330NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2331#endif
2332
2333NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2334NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2335
2336NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2337NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2338#ifndef IPRT_NT_USE_WINTERNL
2339NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2340#endif
2341typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2342typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2343NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2344
2345NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2346
2347#ifdef IPRT_NT_USE_WINTERNL
2348typedef enum _EVENT_TYPE
2349{
2350 /* Manual reset event. */
2351 NotificationEvent = 0,
2352 /* Automaitc reset event. */
2353 SynchronizationEvent
2354} EVENT_TYPE;
2355#endif
2356NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2357NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2358typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2359NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2360NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2361NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2362typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2363typedef enum _EVENT_INFORMATION_CLASS
2364{
2365 EventBasicInformation = 0
2366} EVENT_INFORMATION_CLASS;
2367/** Data returned by NtQueryEvent + EventBasicInformation. */
2368typedef struct EVENT_BASIC_INFORMATION
2369{
2370 EVENT_TYPE EventType;
2371 ULONG EventState;
2372} EVENT_BASIC_INFORMATION;
2373typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2374NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2375
2376#ifdef IPRT_NT_USE_WINTERNL
2377/** For NtQueryValueKey. */
2378typedef enum _KEY_VALUE_INFORMATION_CLASS
2379{
2380 KeyValueBasicInformation = 0,
2381 KeyValueFullInformation,
2382 KeyValuePartialInformation,
2383 KeyValueFullInformationAlign64,
2384 KeyValuePartialInformationAlign64
2385} KEY_VALUE_INFORMATION_CLASS;
2386
2387/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2388typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2389{
2390 ULONG TitleIndex;
2391 ULONG Type;
2392 ULONG DataLength;
2393 UCHAR Data[1];
2394} KEY_VALUE_PARTIAL_INFORMATION;
2395typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2396#endif
2397NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2398NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2399
2400
2401NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2402
2403
2404typedef struct _CURDIR
2405{
2406 UNICODE_STRING DosPath;
2407 HANDLE Handle;
2408} CURDIR;
2409typedef CURDIR *PCURDIR;
2410
2411typedef struct _RTL_DRIVE_LETTER_CURDIR
2412{
2413 USHORT Flags;
2414 USHORT Length;
2415 ULONG TimeStamp;
2416 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2417} RTL_DRIVE_LETTER_CURDIR;
2418typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2419
2420typedef struct _RTL_USER_PROCESS_PARAMETERS
2421{
2422 ULONG MaximumLength;
2423 ULONG Length;
2424 ULONG Flags;
2425 ULONG DebugFlags;
2426 HANDLE ConsoleHandle;
2427 ULONG ConsoleFlags;
2428 HANDLE StandardInput;
2429 HANDLE StandardOutput;
2430 HANDLE StandardError;
2431 CURDIR CurrentDirectory;
2432 UNICODE_STRING DllPath;
2433 UNICODE_STRING ImagePathName;
2434 UNICODE_STRING CommandLine;
2435 PWSTR Environment;
2436 ULONG StartingX;
2437 ULONG StartingY;
2438 ULONG CountX;
2439 ULONG CountY;
2440 ULONG CountCharsX;
2441 ULONG CountCharsY;
2442 ULONG FillAttribute;
2443 ULONG WindowFlags;
2444 ULONG ShowWindowFlags;
2445 UNICODE_STRING WindowTitle;
2446 UNICODE_STRING DesktopInfo;
2447 UNICODE_STRING ShellInfo;
2448 UNICODE_STRING RuntimeInfo;
2449 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20];
2450 SIZE_T EnvironmentSize; /**< Added in Vista */
2451 SIZE_T EnvironmentVersion; /**< Added in Windows 7. */
2452 PVOID PackageDependencyData; /**< Added Windows 8? */
2453 ULONG ProcessGroupId; /**< Added Windows 8? */
2454} RTL_USER_PROCESS_PARAMETERS;
2455typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2456#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2457
2458typedef struct _RTL_USER_PROCESS_INFORMATION
2459{
2460 ULONG Size;
2461 HANDLE ProcessHandle;
2462 HANDLE ThreadHandle;
2463 CLIENT_ID ClientId;
2464 SECTION_IMAGE_INFORMATION ImageInformation;
2465} RTL_USER_PROCESS_INFORMATION;
2466typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2467
2468
2469NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2470 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2471NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2472 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2473 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2474 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2475 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2476NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2477NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2478 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2479
2480#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2481typedef struct _RTL_CRITICAL_SECTION
2482{
2483 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2484 LONG LockCount;
2485 LONG Recursioncount;
2486 HANDLE OwningThread;
2487 HANDLE LockSemaphore;
2488 ULONG_PTR SpinCount;
2489} RTL_CRITICAL_SECTION;
2490typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2491#endif
2492
2493/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2494
2495/** @def RTL_QUERY_REGISTRY_TYPECHECK
2496 * WDK 8.1+, backported in updates, ignored in older. */
2497#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2498# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2499#endif
2500/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2501 * WDK 8.1+, backported in updates, ignored in older. */
2502#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2503# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2504#endif
2505
2506
2507RT_C_DECLS_END
2508/** @} */
2509
2510
2511#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2512/** @name NT Kernel APIs
2513 * @{ */
2514RT_C_DECLS_BEGIN
2515
2516typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2517
2518NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2519typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2520NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2521typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2522NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2523typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2524NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2525typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2526NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2527typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2528NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2529typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2530NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2531typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2532NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2533typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2534NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2535typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2536NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2537typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2538/** Works like anding the complemented subtrahend with the minuend. */
2539NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2540typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2541NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2542typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2543NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2544typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2545NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2546typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2547NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2548typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2549NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2550typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2551typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2552typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2553typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2554typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2555typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2556typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2557typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2558typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2559typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2560typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2561typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2562 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2563 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2564typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2565typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2566typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2567
2568NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2569 PVOID pvOptionalConditions, PHANDLE phFound);
2570NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2571 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2572 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2573NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2574NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2575NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2576NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2577extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2578extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2579
2580typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2581typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2582
2583RT_C_DECLS_END
2584/** @ */
2585#endif /* IN_RING0 */
2586
2587
2588#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2589/** @name NT Userland APIs
2590 * @{ */
2591RT_C_DECLS_BEGIN
2592
2593#if 0 /** @todo figure this out some time... */
2594typedef struct CSR_MSG_DATA_CREATED_PROCESS
2595{
2596 HANDLE hProcess;
2597 HANDLE hThread;
2598 CLIENT_ID
2599 DWORD idProcess;
2600 DWORD idThread;
2601 DWORD fCreate;
2602
2603} CSR_MSG_DATA_CREATED_PROCESS;
2604
2605#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2606#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2607NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2608#endif
2609
2610NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2611
2612typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2613{
2614 ULONG Flags;
2615 PCUNICODE_STRING FullDllName;
2616 PCUNICODE_STRING BaseDllName;
2617 PVOID DllBase;
2618 ULONG SizeOfImage;
2619} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2620typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2621typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2622
2623typedef union _LDR_DLL_NOTIFICATION_DATA
2624{
2625 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2626 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2627} LDR_DLL_NOTIFICATION_DATA;
2628typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2629typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2630
2631typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2632
2633#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2634#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2635NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2636 PVOID *pvCookie);
2637typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2638NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2639typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2640
2641NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2642 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2643typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2644 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2645NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2646typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2647NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2648 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2649typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2650 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2651#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2652#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2653/** @since Windows XP. */
2654NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2655 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2656/** @since Windows XP. */
2657typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2658 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2659/** @since Windows 7. */
2660NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2661/** @since Windows 7. */
2662typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2663/** @since Windows 7. */
2664NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2665 OUT PHANDLE phDll);
2666/** @since Windows 7. */
2667typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2668 OUT PHANDLE phDll);
2669#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2670NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2671typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2672NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2673 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2674typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2675 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2676#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2677/** @since Windows Vista. */
2678NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2679 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2680/** @since Windows Vista. */
2681typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2682 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2683#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2684#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2685#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2686#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2687#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2688/** @since Windows XP. */
2689NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2690/** @since Windows XP. */
2691typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2692#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2693/** @since Windows XP. */
2694NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2695/** @since Windows XP. */
2696typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2697
2698NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2699NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2700NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2701NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2702 IN PCUNICODE_STRING pOrgName,
2703 IN PUNICODE_STRING pDefaultSuffix,
2704 IN OUT PUNICODE_STRING pStaticString,
2705 IN OUT PUNICODE_STRING pDynamicString,
2706 IN OUT PUNICODE_STRING *ppResultString,
2707 IN PULONG pfNewFlags OPTIONAL,
2708 IN PSIZE_T pcbFilename OPTIONAL,
2709 IN PSIZE_T pcbNeeded OPTIONAL);
2710/** @since Windows 8.
2711 * @note Status code is always zero in windows 10 build 14393. */
2712NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2713/** @copydoc ApiSetQueryApiSetPresence */
2714typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2715
2716
2717# ifdef IPRT_NT_USE_WINTERNL
2718typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2719typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2720typedef struct _RTL_HEAP_PARAMETERS
2721{
2722 ULONG Length;
2723 SIZE_T SegmentReserve;
2724 SIZE_T SegmentCommit;
2725 SIZE_T DeCommitFreeBlockThreshold;
2726 SIZE_T DeCommitTotalFreeThreshold;
2727 SIZE_T MaximumAllocationSize;
2728 SIZE_T VirtualMemoryThreshold;
2729 SIZE_T InitialCommit;
2730 SIZE_T InitialReserve;
2731 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2732 SIZE_T Reserved[2];
2733} RTL_HEAP_PARAMETERS;
2734typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2735NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2736 PRTL_HEAP_PARAMETERS pParameters);
2737/** @name Heap flags (for RtlCreateHeap).
2738 * @{ */
2739/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2740# define HEAP_GROWABLE UINT32_C(0x00000002)
2741# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2742# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2743# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2744# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2745# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2746# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2747# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2748# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2749# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2750# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2751# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2752# define HEAP_CLASS_0 UINT32_C(0x00000000)
2753# define HEAP_CLASS_1 UINT32_C(0x00001000)
2754# define HEAP_CLASS_2 UINT32_C(0x00002000)
2755# define HEAP_CLASS_3 UINT32_C(0x00003000)
2756# define HEAP_CLASS_4 UINT32_C(0x00004000)
2757# define HEAP_CLASS_5 UINT32_C(0x00005000)
2758# define HEAP_CLASS_6 UINT32_C(0x00006000)
2759# define HEAP_CLASS_7 UINT32_C(0x00007000)
2760# define HEAP_CLASS_8 UINT32_C(0x00008000)
2761# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2762# endif
2763# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2764# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2765# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2766# define HEAP_CLASS_GDI HEAP_CLASS_3
2767# define HEAP_CLASS_USER HEAP_CLASS_4
2768# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2769# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2770# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2771# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2772# ifdef IPRT_NT_USE_WINTERNL
2773/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2774# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2775# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2776# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2777# endif /* IPRT_NT_USE_WINTERNL */
2778/** @} */
2779# ifdef IPRT_NT_USE_WINTERNL
2780/** @name Heap tagging constants
2781 * @{ */
2782# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2783/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2784# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2785# define HEAP_TAG_SHIFT 18 */
2786# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2787/** @} */
2788NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2789NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2790NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2791# endif /* IPRT_NT_USE_WINTERNL */
2792NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2793NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2794NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2795NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2796NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2797NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2798NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2799NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2800NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2801NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2802typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2803
2804RT_C_DECLS_END
2805/** @} */
2806#endif /* IN_RING3 */
2807
2808#endif
2809
Note: See TracBrowser for help on using the repository browser.

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette