VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 96550

Last change on this file since 96550 was 96495, checked in by vboxsync, 2 years ago

IPRT: Switched pipe-win.cpp to use the nt-and-windows.h header and remove duplicate definitions. bugref:10261

  • Property svn:eol-style set to native
  • Property svn:keywords set to Author Date Id Revision
File size: 168.9 KB
Line 
1/* $Id: nt.h 96495 2022-08-25 15:17:52Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2022 Oracle and/or its affiliates.
8 *
9 * This file is part of VirtualBox base platform packages, as
10 * available from https://www.virtualbox.org.
11 *
12 * This program is free software; you can redistribute it and/or
13 * modify it under the terms of the GNU General Public License
14 * as published by the Free Software Foundation, in version 3 of the
15 * License.
16 *
17 * This program is distributed in the hope that it will be useful, but
18 * WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
20 * General Public License for more details.
21 *
22 * You should have received a copy of the GNU General Public License
23 * along with this program; if not, see <https://www.gnu.org/licenses>.
24 *
25 * The contents of this file may alternatively be used under the terms
26 * of the Common Development and Distribution License Version 1.0
27 * (CDDL), a copy of it is provided in the "COPYING.CDDL" file included
28 * in the VirtualBox distribution, in which case the provisions of the
29 * CDDL are applicable instead of those of the GPL.
30 *
31 * You may elect to license modified versions of this file under the
32 * terms and conditions of either the GPL or the CDDL or both.
33 *
34 * SPDX-License-Identifier: GPL-3.0-only OR CDDL-1.0
35 */
36
37#ifndef IPRT_INCLUDED_nt_nt_h
38#define IPRT_INCLUDED_nt_nt_h
39#ifndef RT_WITHOUT_PRAGMA_ONCE
40# pragma once
41#endif
42
43/** @def IPRT_NT_MAP_TO_ZW
44 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
45 * to the APIs (takes care of the previous context checks).
46 */
47#ifdef DOXYGEN_RUNNING
48# define IPRT_NT_MAP_TO_ZW
49#endif
50
51#ifdef IPRT_NT_MAP_TO_ZW
52# define NtQueryDirectoryFile ZwQueryDirectoryFile
53# define NtQueryInformationFile ZwQueryInformationFile
54# define NtQueryInformationProcess ZwQueryInformationProcess
55# define NtQueryInformationThread ZwQueryInformationThread
56# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
57# define NtQuerySystemInformation ZwQuerySystemInformation
58# define NtQuerySecurityObject ZwQuerySecurityObject
59# define NtSetInformationFile ZwSetInformationFile
60# define NtClose ZwClose
61# define NtCreateFile ZwCreateFile
62# define NtReadFile ZwReadFile
63# define NtWriteFile ZwWriteFile
64# define NtFlushBuffersFile ZwFlushBuffersFile
65/** @todo this is very incomplete! */
66#endif
67
68#include <ntstatus.h>
69
70/*
71 * Hacks common to both base header sets.
72 */
73#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
74#define NtQueryObject Incomplete_NtQueryObject
75#define ZwQueryObject Incomplete_ZwQueryObject
76#define NtSetInformationObject Incomplete_NtSetInformationObject
77#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
78#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
79#define ObjectBasicInformation Incomplete_ObjectBasicInformation
80#define ObjectTypeInformation Incomplete_ObjectTypeInformation
81#define _PEB Incomplete__PEB
82#define PEB Incomplete_PEB
83#define PPEB Incomplete_PPEB
84#define _TEB Incomplete__TEB
85#define TEB Incomplete_TEB
86#define PTEB Incomplete_PTEB
87#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
88#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
89#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
90#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
91#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
92#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
93
94
95
96#ifdef IPRT_NT_USE_WINTERNL
97/*
98 * Use Winternl.h.
99 */
100# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
101# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
102# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
103
104# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
105# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
106# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
107# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
108# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
109# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
110# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
111# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
112# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
113# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
114# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
115# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
116
117# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
118# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
119# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
120
121# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
122# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
123# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
124# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
125# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
126
127# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
128# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
129# define NtQueryTimerResolution AddedRecentlyUseOwnPrototype_NtQueryTimerResolution
130# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
131# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
132# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
133# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
134# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
135# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
136# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
137# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
138# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
139# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
140# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
141# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
142
143
144# pragma warning(push)
145# pragma warning(disable: 4668)
146# define WIN32_NO_STATUS
147# include <windef.h>
148# include <winnt.h>
149# include <winternl.h>
150# undef WIN32_NO_STATUS
151# include <ntstatus.h>
152# pragma warning(pop)
153
154# ifndef OBJ_DONT_REPARSE
155# define RTNT_NEED_CLIENT_ID
156# endif
157
158# undef _FILE_INFORMATION_CLASS
159# undef FILE_INFORMATION_CLASS
160# undef FileDirectoryInformation
161
162# undef NtQueryInformationProcess
163# undef NtSetInformationProcess
164# undef PROCESSINFOCLASS
165# undef _PROCESSINFOCLASS
166# undef PROCESS_BASIC_INFORMATION
167# undef PPROCESS_BASIC_INFORMATION
168# undef _PROCESS_BASIC_INFORMATION
169# undef ProcessBasicInformation
170# undef ProcessDebugPort
171# undef ProcessWow64Information
172# undef ProcessImageFileName
173# undef ProcessBreakOnTermination
174
175# undef RTL_USER_PROCESS_PARAMETERS
176# undef PRTL_USER_PROCESS_PARAMETERS
177# undef _RTL_USER_PROCESS_PARAMETERS
178
179# undef NtQueryInformationThread
180# undef NtSetInformationThread
181# undef THREADINFOCLASS
182# undef _THREADINFOCLASS
183# undef ThreadIsIoPending
184
185# undef NtQuerySystemInformation
186# undef NtSetSystemInformation
187# undef NtQueryTimerResolution
188# undef SYSTEM_INFORMATION_CLASS
189# undef _SYSTEM_INFORMATION_CLASS
190# undef SystemBasicInformation
191# undef SystemPerformanceInformation
192# undef SystemTimeOfDayInformation
193# undef SystemProcessInformation
194# undef SystemProcessorPerformanceInformation
195# undef SystemInterruptInformation
196# undef SystemExceptionInformation
197# undef SystemRegistryQuotaInformation
198# undef SystemLookasideInformation
199# undef SystemPolicyInformation
200
201#else
202/*
203 * Use ntifs.h and wdm.h.
204 */
205# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
206# define FORCEINLINE static __forceinline
207# else
208# define FORCEINLINE static __inline
209# endif
210
211# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
212# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
213# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
214# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
215# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
216# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
217# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
218# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
219# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
220# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
221# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
222# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
223# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
224# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
225# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
226# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
227# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
228# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
229# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
230# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
231# define _MEMORY_INFORMATION_CLASS OutdatedWdm__MEMORY_INFORMATION_CLASS
232# define MEMORY_INFORMATION_CLASS OutdatedWdm_MEMORY_INFORMATION_CLASS
233# define MemoryBasicInformation OutdatedWdm_MemoryBasicInformation
234# define NtQueryVirtualMemory OutdatedWdm_NtQueryVirtualMemory
235
236# pragma warning(push)
237# ifdef RT_ARCH_X86
238# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
239# pragma warning(disable: 4163)
240# endif
241# pragma warning(disable: 4668)
242# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
243# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
244# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
245# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
246# endif
247# if _MSC_VER >= 1900 /*RT_MSC_VER_VC140*/
248# ifdef __cplusplus
249# pragma warning(disable:5039) /* warning C5039: 'KeInitializeDpc': pointer or reference to potentially throwing function passed to 'extern "C"' function under -EHc. Undefined behavior may occur if this function throws an exception. */
250# endif
251# endif
252
253# include <ntifs.h>
254# include <wdm.h>
255
256# ifdef RT_ARCH_X86
257# undef _InterlockedAddLargeStatistic
258# endif
259# pragma warning(pop)
260
261# undef _FSINFOCLASS
262# undef FS_INFORMATION_CLASS
263# undef PFS_INFORMATION_CLASS
264# undef FileFsVolumeInformation
265# undef FileFsLabelInformation
266# undef FileFsSizeInformation
267# undef FileFsDeviceInformation
268# undef FileFsAttributeInformation
269# undef FileFsControlInformation
270# undef FileFsFullSizeInformation
271# undef FileFsObjectIdInformation
272# undef FileFsDriverPathInformation
273# undef FileFsVolumeFlagsInformation
274# undef FileFsSectorSizeInformation
275# undef FileFsDataCopyInformation
276# undef FileFsMetadataSizeInformation
277# undef FileFsFullSizeInformationEx
278# undef FileFsMaximumInformation
279# undef NtQueryVolumeInformationFile
280# undef NtSetVolumeInformationFile
281# undef _MEMORY_INFORMATION_CLASS
282# undef MEMORY_INFORMATION_CLASS
283# undef MemoryBasicInformation
284# undef NtQueryVirtualMemory
285
286# define IPRT_NT_NEED_API_GROUP_NTIFS
287#endif
288
289#undef RtlFreeUnicodeString
290#undef NtQueryObject
291#undef ZwQueryObject
292#undef NtSetInformationObject
293#undef _OBJECT_INFORMATION_CLASS
294#undef OBJECT_INFORMATION_CLASS
295#undef ObjectBasicInformation
296#undef ObjectTypeInformation
297#undef _PEB
298#undef PEB
299#undef PPEB
300#undef _TEB
301#undef TEB
302#undef PTEB
303#undef _PEB_LDR_DATA
304#undef PEB_LDR_DATA
305#undef PPEB_LDR_DATA
306#undef _KUSER_SHARED_DATA
307#undef KUSER_SHARED_DATA
308#undef PKUSER_SHARED_DATA
309
310
311#include <iprt/types.h>
312#include <iprt/assert.h>
313
314
315/** @name Useful macros
316 * @{ */
317/** Indicates that we're targeting native NT in the current source. */
318#define RTNT_USE_NATIVE_NT 1
319/** Initializes a IO_STATUS_BLOCK. */
320#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
321/** Reinitializes a IO_STATUS_BLOCK. */
322#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
323 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
324/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
325#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
326/** Constant UNICODE_STRING initializer. */
327#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
328/** Null UNICODE_STRING initializer. */
329#define RTNT_NULL_UNISTR() { 0, 0, NULL }
330
331/** Declaration wrapper for NT apis.
332 * Adds nothrow. Don't use with callbacks. */
333#define RT_DECL_NTAPI(type) DECL_NOTHROW(NTSYSAPI type NTAPI)
334/** @} */
335
336
337/** @name IPRT helper functions for NT
338 * @{ */
339RT_C_DECLS_BEGIN
340
341RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
342 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
343 PHANDLE phHandle, PULONG_PTR puDisposition);
344RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
345 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
346RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
347 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
348RTDECL(int) RTNtPathClose(HANDLE hHandle);
349
350/**
351 * Converts a windows-style path to NT format and encoding.
352 *
353 * @returns IPRT status code.
354 * @param pNtName Where to return the NT name. Free using
355 * RTNtPathFree.
356 * @param phRootDir Where to return the root handle, if applicable.
357 * @param pszPath The UTF-8 path.
358 */
359RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
360
361/**
362 * Converts a UTF-16 windows-style path to NT format.
363 *
364 * @returns IPRT status code.
365 * @param pNtName Where to return the NT name. Free using
366 * RTNtPathFree.
367 * @param phRootDir Where to return the root handle, if applicable.
368 * @param pwszPath The UTF-16 windows-style path.
369 * @param cwcPath The max length of the windows-style path in
370 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
371 * pwszPath is correctly terminated.
372 */
373RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
374
375/**
376 * How to handle ascent ('..' relative to a root handle).
377 */
378typedef enum RTNTPATHRELATIVEASCENT
379{
380 kRTNtPathRelativeAscent_Invalid = 0,
381 kRTNtPathRelativeAscent_Allow,
382 kRTNtPathRelativeAscent_Fail,
383 kRTNtPathRelativeAscent_Ignore,
384 kRTNtPathRelativeAscent_End,
385 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
386} RTNTPATHRELATIVEASCENT;
387
388/**
389 * Converts a relative windows-style path to relative NT format and encoding.
390 *
391 * @returns IPRT status code.
392 * @param pNtName Where to return the NT name. Free using
393 * rtTNtPathToNative with phRootDir set to NULL.
394 * @param phRootDir On input, the handle to the directory the path
395 * is relative to. On output, the handle to
396 * specify as root directory in the object
397 * attributes when accessing the path. If
398 * enmAscent is kRTNtPathRelativeAscent_Allow, it
399 * may have been set to NULL.
400 * @param pszPath The relative UTF-8 path.
401 * @param enmAscent How to handle ascent.
402 * @param fMustReturnAbsolute Must convert to an absolute path. This
403 * is necessary if the root dir is a NT directory
404 * object (e.g. /Devices) since they cannot parse
405 * relative paths it seems.
406 */
407RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
408 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
409
410/**
411 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
412 * chars plus a terminator.
413 *
414 * The NT string must have been returned by RTNtPathFromWinUtf8 or
415 * RTNtPathFromWinUtf16Ex.
416 *
417 * @returns IPRT status code.
418 * @param pNtName The NT path string.
419 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
420 * @sa RTNtPathFree
421 */
422RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
423
424/**
425 * Gets the NT path to the object represented by the given handle.
426 *
427 * @returns IPRT status code.
428 * @param pNtName Where to return the NT path. Free using
429 * RTNtPathFree.
430 * @param hHandle The handle.
431 * @param cwcExtra How much extra space is needed.
432 */
433RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
434
435/**
436 * Frees the native path and root handle.
437 *
438 * @param pNtName The NT path after a successful rtNtPathToNative
439 * call or RTNtPathRelativeFromUtf8.
440 * @param phRootDir The root handle variable from rtNtPathToNative,
441 */
442RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
443
444
445/**
446 * Checks whether the path could be containing alternative 8.3 names generated
447 * by NTFS, FAT, or other similar file systems.
448 *
449 * @returns Pointer to the first component that might be an 8.3 name, NULL if
450 * not 8.3 path.
451 * @param pwszPath The path to check.
452 *
453 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
454 * however, non-tilde 8.3 aliases are probably rare enough to not be
455 * worth all the extra code necessary to open each path component and
456 * check if we've got the short name or not.
457 */
458RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
459
460/**
461 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
462 * components.
463 *
464 * The path is fixed up in place. Errors are ignored.
465 *
466 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
467 * indicating the nature of last problem we ran into.
468 *
469 * @param pUniStr The path to fix up. MaximumLength is the max buffer
470 * length.
471 * @param fPathOnly Whether to only process the path and leave the filename
472 * as passed in.
473 */
474RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
475
476/**
477 * Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
478 * working on the input buffer.
479 *
480 * @returns IPRT status code, see RTNtPathExpand8dot3Path().
481 * @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
482 * length.
483 * @param fPathOnly Whether to only process the path and leave the filename
484 * as passed in.
485 * @param pUniStrDst Output string. On success, the caller must use
486 * RTUtf16Free to free what the Buffer member points to.
487 * This is all zeros and NULL on failure.
488 */
489RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const *pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING *pUniStrDst);
490
491
492RT_C_DECLS_END
493/** @} */
494
495
496/** @name NT API delcarations.
497 * @{ */
498RT_C_DECLS_BEGIN
499
500/** @name Process access rights missing in ntddk headers
501 * @{ */
502#ifndef PROCESS_TERMINATE
503# define PROCESS_TERMINATE UINT32_C(0x00000001)
504#endif
505#ifndef PROCESS_CREATE_THREAD
506# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
507#endif
508#ifndef PROCESS_SET_SESSIONID
509# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
510#endif
511#ifndef PROCESS_VM_OPERATION
512# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
513#endif
514#ifndef PROCESS_VM_READ
515# define PROCESS_VM_READ UINT32_C(0x00000010)
516#endif
517#ifndef PROCESS_VM_WRITE
518# define PROCESS_VM_WRITE UINT32_C(0x00000020)
519#endif
520#ifndef PROCESS_DUP_HANDLE
521# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
522#endif
523#ifndef PROCESS_CREATE_PROCESS
524# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
525#endif
526#ifndef PROCESS_SET_QUOTA
527# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
528#endif
529#ifndef PROCESS_SET_INFORMATION
530# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
531#endif
532#ifndef PROCESS_QUERY_INFORMATION
533# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
534#endif
535#ifndef PROCESS_SUSPEND_RESUME
536# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
537#endif
538#ifndef PROCESS_QUERY_LIMITED_INFORMATION
539# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
540#endif
541#ifndef PROCESS_SET_LIMITED_INFORMATION
542# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
543#endif
544#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
545#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
546#ifndef PROCESS_ALL_ACCESS
547# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
548#endif
549/** @} */
550
551/** @name Thread access rights missing in ntddk headers
552 * @{ */
553#ifndef THREAD_QUERY_INFORMATION
554# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
555#endif
556#ifndef THREAD_SET_THREAD_TOKEN
557# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
558#endif
559#ifndef THREAD_IMPERSONATE
560# define THREAD_IMPERSONATE UINT32_C(0x00000100)
561#endif
562#ifndef THREAD_DIRECT_IMPERSONATION
563# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
564#endif
565#ifndef THREAD_RESUME
566# define THREAD_RESUME UINT32_C(0x00001000)
567#endif
568#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
569#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
570#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
571/** @} */
572
573/** @name Special handle values.
574 * @{ */
575#ifndef NtCurrentProcess
576# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
577#endif
578#ifndef NtCurrentThread
579# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
580#endif
581#ifndef ZwCurrentProcess
582# define ZwCurrentProcess() NtCurrentProcess()
583#endif
584#ifndef ZwCurrentThread
585# define ZwCurrentThread() NtCurrentThread()
586#endif
587/** @} */
588
589
590/** @name Directory object access rights.
591 * @{ */
592#ifndef DIRECTORY_QUERY
593# define DIRECTORY_QUERY UINT32_C(0x00000001)
594#endif
595#ifndef DIRECTORY_TRAVERSE
596# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
597#endif
598#ifndef DIRECTORY_CREATE_OBJECT
599# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
600#endif
601#ifndef DIRECTORY_CREATE_SUBDIRECTORY
602# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
603#endif
604#ifndef DIRECTORY_ALL_ACCESS
605# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
606#endif
607/** @} */
608
609
610
611#ifdef RTNT_NEED_CLIENT_ID
612typedef struct _CLIENT_ID
613{
614 HANDLE UniqueProcess;
615 HANDLE UniqueThread;
616} CLIENT_ID;
617#endif
618#ifdef IPRT_NT_USE_WINTERNL
619typedef CLIENT_ID *PCLIENT_ID;
620#endif
621
622/** Extended affinity type, introduced in Windows 7 (?). */
623typedef struct _KAFFINITY_EX
624{
625 /** Count of valid bitmap entries. */
626 uint16_t Count;
627 /** Count of allocated bitmap entries. */
628 uint16_t Size;
629 /** Reserved / aligmment padding. */
630 uint32_t Reserved;
631 /** Bitmap where one bit corresponds to a CPU.
632 * @note Started at 20 entries. W10 20H2 increased it to 32. Must be
633 * probed by passing a big buffer to KeInitializeAffinityEx and check
634 * the Size afterwards. */
635 uintptr_t Bitmap[RT_FLEXIBLE_ARRAY_IN_NESTED_UNION];
636} KAFFINITY_EX;
637typedef KAFFINITY_EX *PKAFFINITY_EX;
638typedef KAFFINITY_EX const *PCKAFFINITY_EX;
639
640/** @name User Shared Data
641 * @{ */
642
643#ifdef IPRT_NT_USE_WINTERNL
644typedef struct _KSYSTEM_TIME
645{
646 ULONG LowPart;
647 LONG High1Time;
648 LONG High2Time;
649} KSYSTEM_TIME;
650typedef KSYSTEM_TIME *PKSYSTEM_TIME;
651
652typedef enum _NT_PRODUCT_TYPE
653{
654 NtProductWinNt = 1,
655 NtProductLanManNt,
656 NtProductServer
657} NT_PRODUCT_TYPE;
658
659#define PROCESSOR_FEATURE_MAX 64
660
661typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
662{
663 StandardDesign = 0,
664 NEC98x86,
665 EndAlternatives
666} ALTERNATIVE_ARCHITECTURE_TYPE;
667
668# if 0
669typedef struct _XSTATE_FEATURE
670{
671 ULONG Offset;
672 ULONG Size;
673} XSTATE_FEATURE;
674typedef XSTATE_FEATURE *PXSTATE_FEATURE;
675
676#define MAXIMUM_XSTATE_FEATURES 64
677
678typedef struct _XSTATE_CONFIGURATION
679{
680 ULONG64 EnabledFeatures;
681 ULONG Size;
682 ULONG OptimizedSave : 1;
683 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
684} XSTATE_CONFIGURATION;
685typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
686# endif
687#endif /* IPRT_NT_USE_WINTERNL */
688
689typedef struct _KUSER_SHARED_DATA
690{
691 ULONG TickCountLowDeprecated; /**< 0x000 */
692 ULONG TickCountMultiplier; /**< 0x004 */
693 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
694 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
695 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
696 USHORT ImageNumberLow; /**< 0x02c */
697 USHORT ImageNumberHigh; /**< 0x02e */
698 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
699 ULONG MaxStackTraceDepth; /**< 0x238 */
700 ULONG CryptoExponent; /**< 0x23c */
701 ULONG TimeZoneId; /**< 0x240 */
702 ULONG LargePageMinimum; /**< 0x244 */
703 ULONG AitSamplingValue; /**< 0x248 */
704 ULONG AppCompatFlag; /**< 0x24c */
705 ULONGLONG RNGSeedVersion; /**< 0x250 */
706 ULONG GlobalValidationRunlevel; /**< 0x258 */
707 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
708 ULONG Reserved2; /**< 0x260 */
709 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
710 BOOLEAN ProductTypeIsValid; /**< 0x268 */
711 BOOLEAN Reserved0[1]; /**< 0x269 */
712 USHORT NativeProcessorArchitecture; /**< 0x26a */
713 ULONG NtMajorVersion; /**< 0x26c */
714 ULONG NtMinorVersion; /**< 0x270 */
715 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
716 ULONG Reserved1; /**< 0x2b4 */
717 ULONG Reserved3; /**< 0x2b8 */
718 ULONG volatile TimeSlip; /**< 0x2bc */
719 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
720 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
721 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
722 ULONG SuiteMask; /**< 0x2d0 */
723 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
724 union /**< 0x2d5 */
725 {
726 UCHAR MitigationPolicies; /**< 0x2d5 */
727 struct
728 {
729 UCHAR NXSupportPolicy : 2;
730 UCHAR SEHValidationPolicy : 2;
731 UCHAR CurDirDevicesSkippedForDlls : 2;
732 UCHAR Reserved : 2;
733 };
734 };
735 UCHAR Reserved6[2]; /**< 0x2d6 */
736 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
737 ULONG volatile DismountCount; /**< 0x2dc */
738 ULONG ComPlusPackage; /**< 0x2e0 */
739 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
740 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
741 BOOLEAN SafeBootMode; /**< 0x2ec */
742 UCHAR Reserved12[3]; /**< 0x2ed */
743 union /**< 0x2f0 */
744 {
745 ULONG SharedDataFlags; /**< 0x2f0 */
746 struct
747 {
748 ULONG DbgErrorPortPresent : 1;
749 ULONG DbgElevationEnabled : 1;
750 ULONG DbgVirtEnabled : 1;
751 ULONG DbgInstallerDetectEnabled : 1;
752 ULONG DbgLkgEnabled : 1;
753 ULONG DbgDynProcessorEnabled : 1;
754 ULONG DbgConsoleBrokerEnabled : 1;
755 ULONG DbgSecureBootEnabled : 1;
756 ULONG SpareBits : 24;
757 };
758 };
759 ULONG DataFlagsPad[1]; /**< 0x2f4 */
760 ULONGLONG TestRetInstruction; /**< 0x2f8 */
761 LONGLONG QpcFrequency; /**< 0x300 */
762 ULONGLONG SystemCallPad[3]; /**< 0x308 */
763 union /**< 0x320 */
764 {
765 ULONG64 volatile TickCountQuad; /**< 0x320 */
766 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
767 struct /**< 0x320 */
768 {
769 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
770 ULONG TickCountPad[1]; /**< 0x32c */
771 };
772 };
773 ULONG Cookie; /**< 0x330 */
774 ULONG CookiePad[1]; /**< 0x334 */
775 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
776 ULONGLONG TimeUpdateLock; /**< 0x340 */
777 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
778 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
779 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
780 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
781 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
782 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
783 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
784 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
785 UCHAR Reserved8[14]; /**< 0x372 */
786 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
787 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
788 ULONG LangGenerationCount; /**< 0x3a4 */
789 ULONGLONG Reserved4; /**< 0x3a8 */
790 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
791 * subtracts from interrupt time. */
792 ULONGLONG volatile QpcBias; /**< 0x3b8 */
793 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
794 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
795 UCHAR Reserved9; /**< 0x3c5 */
796 union /**< 0x3c6 */
797 {
798 USHORT QpcData; /**< 0x3c6 */
799 struct /**< 0x3c6 */
800 {
801 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
802 UCHAR QpcShift; /**< 0x3c7 */
803 };
804 };
805 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
806 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
807 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
808} KUSER_SHARED_DATA;
809typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
810AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
811AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
812AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
813AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
814AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
815AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
816AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
817AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
818AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
819/** @def MM_SHARED_USER_DATA_VA
820 * Read only userland mapping of KUSER_SHARED_DATA. */
821#ifndef MM_SHARED_USER_DATA_VA
822# if ARCH_BITS == 32
823# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
824# elif ARCH_BITS == 64
825# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
826# else
827# error "Unsupported/undefined ARCH_BITS value."
828# endif
829#endif
830/** @def KI_USER_SHARED_DATA
831 * Read write kernel mapping of KUSER_SHARED_DATA. */
832#ifndef KI_USER_SHARED_DATA
833# ifdef RT_ARCH_X86
834# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
835# elif defined(RT_ARCH_AMD64)
836# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
837# else
838# error "PORT ME - KI_USER_SHARED_DATA"
839# endif
840#endif
841/** @} */
842
843
844/** @name Process And Thread Environment Blocks
845 * @{ */
846
847typedef struct _PEB_LDR_DATA
848{
849 uint32_t Length;
850 BOOLEAN Initialized;
851 BOOLEAN Padding[3];
852 HANDLE SsHandle;
853 LIST_ENTRY InLoadOrderModuleList;
854 LIST_ENTRY InMemoryOrderModuleList;
855 LIST_ENTRY InInitializationOrderModuleList;
856 /* End NT4 */
857 LIST_ENTRY *EntryInProgress;
858 BOOLEAN ShutdownInProgress;
859 HANDLE ShutdownThreadId;
860} PEB_LDR_DATA;
861typedef PEB_LDR_DATA *PPEB_LDR_DATA;
862
863typedef struct _PEB_COMMON
864{
865 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
866 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
867 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
868 union
869 {
870 uint8_t BitField; /**< 0x003 / 0x003 */
871 struct
872 {
873 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
874 } Common;
875 struct
876 {
877 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
878 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
879 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
880 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
881 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
882 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
883 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
884 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
885 } W81;
886 struct
887 {
888 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
889 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
890 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
891 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
892 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
893 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
894 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
895 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
896 } W80;
897 struct
898 {
899 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
900 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
901 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
902 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
903 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
904 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
905 } W7;
906 struct
907 {
908 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
909 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
910 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
911 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
912 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
913 } W6;
914 struct
915 {
916 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
917 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
918 } W52;
919 struct
920 {
921 BOOLEAN SpareBool;
922 } W51;
923 } Diff0;
924#if ARCH_BITS == 64
925 uint32_t Padding0; /**< 0x004 / NA */
926#endif
927 HANDLE Mutant; /**< 0x008 / 0x004 */
928 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
929 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
930 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
931 PVOID SubSystemData; /**< 0x028 / 0x014 */
932 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
933 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
934 union
935 {
936 struct
937 {
938 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
939 PVOID IFEOKey; /**< 0x048 / 0x024 */
940 union
941 {
942 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
943 struct
944 {
945 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
946 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
947 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
948 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
949 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
950 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
951 } W7, W8, W80, W81;
952 struct
953 {
954 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
955 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
956 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
957 } W6;
958 };
959#if ARCH_BITS == 64
960 uint32_t Padding1; /**< 0x054 / */
961#endif
962 } W6, W7, W8, W80, W81;
963 struct
964 {
965 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
966 PVOID SparePtr2; /**< 0x048 / 0x024 */
967 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
968#if ARCH_BITS == 64
969 uint32_t Padding1; /**< 0x054 / */
970#endif
971 } W52;
972 struct
973 {
974 PVOID FastPebLockRoutine; /**< NA / 0x020 */
975 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
976 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
977 } W51;
978 } Diff1;
979 union
980 {
981 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
982 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
983 };
984 uint32_t SystemReserved; /**< 0x060 / 0x030 */
985 union
986 {
987 struct
988 {
989 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
990 } W7, W8, W80, W81;
991 struct
992 {
993 uint32_t SpareUlong; /**< 0x064 / 0x034 */
994 } W52, W6;
995 struct
996 {
997 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
998 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
999 } W51;
1000 } Diff2;
1001 union
1002 {
1003 struct
1004 {
1005 PVOID ApiSetMap; /**< 0x068 / 0x038 */
1006 } W7, W8, W80, W81;
1007 struct
1008 {
1009 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
1010 } W52, W6;
1011 struct
1012 {
1013 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
1014 } W51;
1015 } Diff3;
1016 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
1017#if ARCH_BITS == 64
1018 uint32_t Padding2; /**< 0x074 / NA */
1019#endif
1020 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
1021 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
1022 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
1023 union
1024 {
1025 struct
1026 {
1027 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
1028 } W81;
1029 struct
1030 {
1031 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
1032 } W6, W7, W80;
1033 struct
1034 {
1035 PVOID ReadOnlySharedMemoryHeap;
1036 } W52;
1037 } Diff4;
1038 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
1039 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
1040 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
1041 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
1042 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
1043 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
1044#if ARCH_BITS == 32
1045 uint32_t Padding2b;
1046#endif
1047 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
1048 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
1049 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
1050 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
1051 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
1052 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
1053 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
1054 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
1055 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
1056 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
1057 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
1058#if ARCH_BITS == 64
1059 uint32_t Padding3; /**< 0x10c / NA */
1060#endif
1061 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
1062 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
1063 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
1064 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
1065 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
1066 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
1067 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
1068 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
1069 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
1070#if ARCH_BITS == 64
1071 uint32_t Padding4; /**< 0x134 / NA */
1072#endif
1073 union
1074 {
1075 struct
1076 {
1077 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
1078 } W7, W8, W80, W81;
1079 struct
1080 {
1081 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
1082 } W52, W6;
1083 } Diff5;
1084 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
1085 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
1086 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
1087 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
1088 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
1089#if ARCH_BITS == 64
1090 uint32_t Padding5; /**< 0x2c4 / NA */
1091#endif
1092 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
1093 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
1094 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
1095 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
1096 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
1097 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
1098 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
1099 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
1100 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
1101 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
1102 /* End of PEB in W52 (Windows XP (RTM))! */
1103 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
1104 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
1105 PVOID FlsBitmap; /**< 0x338 / 0x218 */
1106 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
1107 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
1108 /* End of PEB in W52 (Windows Server 2003)! */
1109 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
1110 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
1111 /* End of PEB in W6 (windows Vista)! */
1112 union
1113 {
1114 struct
1115 {
1116 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1117 } W8, W80, W81;
1118 struct
1119 {
1120 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1121 } W7;
1122 } Diff6;
1123 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1124 union
1125 {
1126 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1127 struct
1128 {
1129 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1130 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1131 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1132 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1133 } W8, W80, W81;
1134 struct
1135 {
1136 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1137 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1138 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1139 } W7;
1140 } Diff7;
1141#if ARCH_BITS == 64
1142 uint32_t Padding6; /**< 0x37c / NA */
1143#endif
1144 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1145 /* End of PEB in W8, W81. */
1146 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1147 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1148 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1149#if ARCH_BITS == 32
1150 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1151#endif
1152} PEB_COMMON;
1153typedef PEB_COMMON *PPEB_COMMON;
1154
1155AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1156AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1157AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1158AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1159AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1160AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1161AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1162AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1163AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1164
1165/** The size of the windows 10 (build 14393) PEB structure. */
1166#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1167/** The size of the windows 8.1 PEB structure. */
1168#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1169/** The size of the windows 8.0 PEB structure. */
1170#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1171/** The size of the windows 7 PEB structure. */
1172#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1173/** The size of the windows vista PEB structure. */
1174#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1175/** The size of the windows server 2003 PEB structure. */
1176#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1177/** The size of the windows XP PEB structure. */
1178#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1179
1180#if 0
1181typedef struct _NT_TIB
1182{
1183 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1184 PVOID StackBase;
1185 PVOID StackLimit;
1186 PVOID SubSystemTib;
1187 union
1188 {
1189 PVOID FiberData;
1190 ULONG Version;
1191 };
1192 PVOID ArbitraryUserPointer;
1193 struct _NT_TIB *Self;
1194} NT_TIB;
1195typedef NT_TIB *PNT_TIB;
1196#endif
1197
1198typedef struct _ACTIVATION_CONTEXT_STACK
1199{
1200 uint32_t Flags;
1201 uint32_t NextCookieSequenceNumber;
1202 PVOID ActiveFrame;
1203 LIST_ENTRY FrameListCache;
1204} ACTIVATION_CONTEXT_STACK;
1205
1206/* Common TEB. */
1207typedef struct _TEB_COMMON
1208{
1209 NT_TIB NtTib; /**< 0x000 / 0x000 */
1210 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1211 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1212 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1213 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1214 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1215 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1216 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1217 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1218 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1219 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1220 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1221 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1222 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1223 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1224 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1225 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1226#if ARCH_BITS == 64
1227 uint32_t Padding0; /**< 0x2c4 / NA */
1228#endif
1229 union
1230 {
1231 struct
1232 {
1233 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1234 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1235 } W52, W6, W7, W8, W80, W81;
1236#if ARCH_BITS == 32
1237 struct
1238 {
1239 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1240 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1241 } W51;
1242#endif
1243 } Diff0;
1244 union
1245 {
1246 struct
1247 {
1248 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1249 } W6, W7, W8, W80, W81;
1250 struct
1251 {
1252 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1253 } W52;
1254 } Diff1;
1255#if ARCH_BITS == 64
1256 uint32_t Padding1; /**< 0x2ec / NA */
1257#endif
1258 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1259 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1260 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1261 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1262 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1263 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1264 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1265 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1266 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1267 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1268 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1269 PVOID glSection; /**< 0x1230 / 0xbe4 */
1270 PVOID glTable; /**< 0x1238 / 0xbe8 */
1271 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1272 PVOID glContext; /**< 0x1248 / 0xbf0 */
1273 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1274#if ARCH_BITS == 64
1275 uint32_t Padding2; /**< 0x1254 / NA */
1276#endif
1277 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1278 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1279#if ARCH_BITS == 64
1280 WCHAR Padding3[3]; /**< 0x1472 / NA */
1281#endif
1282 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1283 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1284 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1285 PVOID Vdm; /**< 0x1690 / 0xf18 */
1286 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1287 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1288 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1289#if ARCH_BITS == 64
1290 uint32_t Padding4; /**< 0x16b4 / NA */
1291#endif
1292 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1293 union
1294 {
1295 struct
1296 {
1297 GUID ActivityId; /**< 0x1710 / 0xf50 */
1298 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1299 } W6, W7, W8, W80, W81;
1300 struct
1301 {
1302 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1303 } W52;
1304 } Diff2;
1305 union /**< 0x1728 / 0xf64 */
1306 {
1307 struct
1308 {
1309 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1310 } W8, W80, W81;
1311 struct
1312 {
1313 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1314 } W7, W6;
1315 struct
1316 {
1317 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1318 } W52;
1319 struct
1320 {
1321 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1322 } W51;
1323 } Diff3;
1324 union
1325 {
1326 struct
1327 {
1328 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1329 } W52, W6, W7, W8, W80, W81;
1330 struct
1331 {
1332 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1333 } W51;
1334 } Diff4;
1335 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1336 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1337 union
1338 {
1339 union
1340 {
1341 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1342 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1343 struct
1344 {
1345 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1346 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1347 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1348 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1349 };
1350 } W6, W7, W8, W80, W81;
1351 struct
1352 {
1353 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1354 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1355 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1356 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1357 } W51, W52;
1358 } Diff5;
1359 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1360#if ARCH_BITS == 64
1361 uint32_t Padding5; /**< 0x174c / NA */
1362#endif
1363 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1364 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1365 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1366#if ARCH_BITS == 64
1367 uint32_t Padding6; /**< 0x1764 / NA */
1368#endif
1369 union /**< 0x1770 / 0xf8c */
1370 {
1371 struct
1372 {
1373 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1374 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1375 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1376 } W8, W80, W81;
1377 struct
1378 {
1379 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1380 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1381 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1382 } W6, W7;
1383 struct
1384 {
1385 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1386 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1387 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1388 } W52;
1389#if ARCH_BITS == 32
1390 struct _Wx86ThreadState
1391 {
1392 PVOID CallBx86Eip; /**< NA / 0xf88 */
1393 PVOID DeallocationCpu; /**< NA / 0xf8c */
1394 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1395 int8_t OleStubInvoked; /**< NA / 0xf91 */
1396 } W51;
1397#endif
1398 } Diff6;
1399 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1400#if ARCH_BITS == 64
1401 PVOID DallocationBStore; /**< 0x1788 / NA */
1402 PVOID BStoreLimit; /**< 0x1790 / NA */
1403#endif
1404 union
1405 {
1406 struct
1407 {
1408 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1409 } W7, W8, W80, W81;
1410 struct
1411 {
1412 uint32_t ImpersonationLocale;
1413 } W6;
1414 } Diff7;
1415 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1416 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1417 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1418 union /**< 0x17b0 / 0xfa8 */
1419 {
1420 struct
1421 {
1422 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1423 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1424 } W8, W80, W81;
1425 struct
1426 {
1427 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1428 } W7;
1429 } Diff8;
1430#if ARCH_BITS == 64
1431 uint32_t Padding7; /**< 0x17b4 / NA */
1432#endif
1433 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1434 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1435 /* End of TEB in W51 (Windows XP)! */
1436 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1437 union
1438 {
1439 struct
1440 {
1441 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1442 } W6, W7, W8, W80, W81;
1443 struct
1444 {
1445 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1446 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1447 /* End of TEB in W52 (Windows server 2003)! */
1448 } W52;
1449 } Diff9;
1450 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1451 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1452 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1453 union
1454 {
1455 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1456 struct
1457 {
1458 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1459 };
1460 };
1461 union
1462 {
1463 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1464 struct
1465 {
1466 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1467 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1468 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1469 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1470 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1471 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1472 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1473 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1474 } Common;
1475 struct
1476 {
1477 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1478 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1479 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1480 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1481 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1482 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1483 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1484 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1485 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1486 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1487 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1488 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1489 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1490 } W8, W80, W81;
1491 struct
1492 {
1493 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1494 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1495 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1496 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1497 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1498 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1499 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1500 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1501 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1502 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1503 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1504 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1505 } W7;
1506 struct
1507 {
1508 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1509 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1510 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1511 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1512 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1513 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1514 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1515 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1516 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1517 } W6;
1518 } Diff10;
1519 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1520 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1521 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1522 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1523 union
1524 {
1525 struct
1526 {
1527 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1528 } W7, W8, W80, W81;
1529 struct
1530 {
1531 uint32_t ProcessRundown;
1532 } W6;
1533 } Diff11;
1534 union
1535 {
1536 struct
1537 {
1538 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1539 /* End of TEB in W7 (windows 7)! */
1540 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1541 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1542 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1543 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1544 /* End of TEB in W10 14393! */
1545 } W8, W80, W81, W10;
1546 struct
1547 {
1548 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1549 } W7;
1550 struct
1551 {
1552 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1553 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1554 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1555 /* End of TEB in W6 (windows Vista)! */
1556 } W6;
1557 } Diff12;
1558} TEB_COMMON;
1559typedef TEB_COMMON *PTEB_COMMON;
1560AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1561AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1562AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1563AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1564AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1565AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1566AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1567AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1568AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1569AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1570AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1571AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1572AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1573
1574
1575/** The size of the windows 8.1 PEB structure. */
1576#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1577/** The size of the windows 8.1 PEB structure. */
1578#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1579/** The size of the windows 8.0 PEB structure. */
1580#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1581/** The size of the windows 7 PEB structure. */
1582#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1583/** The size of the windows vista PEB structure. */
1584#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1585/** The size of the windows server 2003 PEB structure. */
1586#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1587/** The size of the windows XP PEB structure. */
1588#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1589
1590
1591
1592#define _PEB _PEB_COMMON
1593typedef PEB_COMMON PEB;
1594typedef PPEB_COMMON PPEB;
1595
1596#define _TEB _TEB_COMMON
1597typedef TEB_COMMON TEB;
1598typedef PTEB_COMMON PTEB;
1599
1600#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1601# ifdef RT_ARCH_X86
1602DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1603DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1604DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1605DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1606DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1607# elif defined(RT_ARCH_AMD64)
1608DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1609DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1610DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1611DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1612DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1613# else
1614# error "Port me"
1615# endif
1616#else
1617# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1618# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1619# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1620# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1621# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1622#endif
1623#define NtCurrentPeb() RTNtCurrentPeb()
1624
1625#ifdef IN_RING3
1626RT_DECL_NTAPI(void) RtlAcquirePebLock(void);
1627RT_DECL_NTAPI(void) RtlReleasePebLock(void);
1628#endif
1629
1630/** @} */
1631
1632
1633#ifdef IPRT_NT_USE_WINTERNL
1634RT_DECL_NTAPI(NTSTATUS) NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1635typedef enum _SECTION_INHERIT
1636{
1637 ViewShare = 1,
1638 ViewUnmap
1639} SECTION_INHERIT;
1640#endif
1641RT_DECL_NTAPI(NTSTATUS) NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1642 ULONG, ULONG);
1643RT_DECL_NTAPI(NTSTATUS) NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1644RT_DECL_NTAPI(NTSTATUS) NtUnmapViewOfSection(HANDLE, PVOID);
1645
1646#ifdef IPRT_NT_USE_WINTERNL
1647RT_DECL_NTAPI(NTSTATUS) NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1648RT_DECL_NTAPI(NTSTATUS) ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1649#endif
1650RT_DECL_NTAPI(NTSTATUS) NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1651RT_DECL_NTAPI(NTSTATUS) ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1652RT_DECL_NTAPI(NTSTATUS) NtAlertThread(HANDLE hThread);
1653#ifdef IPRT_NT_USE_WINTERNL
1654RT_DECL_NTAPI(NTSTATUS) ZwAlertThread(HANDLE hThread);
1655#endif
1656RT_DECL_NTAPI(NTSTATUS) NtTestAlert(void);
1657
1658#ifdef IPRT_NT_USE_WINTERNL
1659RT_DECL_NTAPI(NTSTATUS) NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1660RT_DECL_NTAPI(NTSTATUS) NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1661#endif
1662RT_DECL_NTAPI(NTSTATUS) ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1663RT_DECL_NTAPI(NTSTATUS) ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1664
1665#ifdef IPRT_NT_USE_WINTERNL
1666typedef struct _FILE_FS_VOLUME_INFORMATION
1667{
1668 LARGE_INTEGER VolumeCreationTime;
1669 ULONG VolumeSerialNumber;
1670 ULONG VolumeLabelLength;
1671 BOOLEAN SupportsObjects;
1672 WCHAR VolumeLabel[1];
1673} FILE_FS_VOLUME_INFORMATION;
1674typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1675typedef struct _FILE_FS_LABEL_INFORMATION
1676{
1677 ULONG VolumeLabelLength;
1678 WCHAR VolumeLabel[1];
1679} FILE_FS_LABEL_INFORMATION;
1680typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1681typedef struct _FILE_FS_SIZE_INFORMATION
1682{
1683 LARGE_INTEGER TotalAllocationUnits;
1684 LARGE_INTEGER AvailableAllocationUnits;
1685 ULONG SectorsPerAllocationUnit;
1686 ULONG BytesPerSector;
1687} FILE_FS_SIZE_INFORMATION;
1688typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1689typedef struct _FILE_FS_DEVICE_INFORMATION
1690{
1691 DEVICE_TYPE DeviceType;
1692 ULONG Characteristics;
1693} FILE_FS_DEVICE_INFORMATION;
1694typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1695typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1696{
1697 ULONG FileSystemAttributes;
1698 LONG MaximumComponentNameLength;
1699 ULONG FileSystemNameLength;
1700 WCHAR FileSystemName[1];
1701} FILE_FS_ATTRIBUTE_INFORMATION;
1702typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1703typedef struct _FILE_FS_CONTROL_INFORMATION
1704{
1705 LARGE_INTEGER FreeSpaceStartFiltering;
1706 LARGE_INTEGER FreeSpaceThreshold;
1707 LARGE_INTEGER FreeSpaceStopFiltering;
1708 LARGE_INTEGER DefaultQuotaThreshold;
1709 LARGE_INTEGER DefaultQuotaLimit;
1710 ULONG FileSystemControlFlags;
1711} FILE_FS_CONTROL_INFORMATION;
1712typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1713typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1714{
1715 LARGE_INTEGER TotalAllocationUnits;
1716 LARGE_INTEGER CallerAvailableAllocationUnits;
1717 LARGE_INTEGER ActualAvailableAllocationUnits;
1718 ULONG SectorsPerAllocationUnit;
1719 ULONG BytesPerSector;
1720} FILE_FS_FULL_SIZE_INFORMATION;
1721typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1722typedef struct _FILE_FS_OBJECTID_INFORMATION
1723{
1724 UCHAR ObjectId[16];
1725 UCHAR ExtendedInfo[48];
1726} FILE_FS_OBJECTID_INFORMATION;
1727typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1728typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1729{
1730 BOOLEAN DriverInPath;
1731 ULONG DriverNameLength;
1732 WCHAR DriverName[1];
1733} FILE_FS_DRIVER_PATH_INFORMATION;
1734typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1735typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1736{
1737 ULONG Flags;
1738} FILE_FS_VOLUME_FLAGS_INFORMATION;
1739typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1740#endif
1741#if !defined(SSINFO_OFFSET_UNKNOWN) || defined(IPRT_NT_USE_WINTERNL)
1742typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1743{
1744 ULONG LogicalBytesPerSector;
1745 ULONG PhysicalBytesPerSectorForAtomicity;
1746 ULONG PhysicalBytesPerSectorForPerformance;
1747 ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1748 ULONG Flags;
1749 ULONG ByteOffsetForSectorAlignment;
1750 ULONG ByteOffsetForPartitionAlignment;
1751} FILE_FS_SECTOR_SIZE_INFORMATION;
1752typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1753# ifndef SSINFO_OFFSET_UNKNOWN
1754# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1755# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1756# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1757# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1758# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1759# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1760# endif
1761#endif
1762#ifdef IPRT_NT_USE_WINTERNL
1763typedef struct _FILE_FS_DATA_COPY_INFORMATION
1764{
1765 ULONG NumberOfCopies;
1766} FILE_FS_DATA_COPY_INFORMATION;
1767typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1768typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1769{
1770 LARGE_INTEGER TotalMetadataAllocationUnits;
1771 ULONG SectorsPerAllocationUnit;
1772 ULONG BytesPerSector;
1773} FILE_FS_METADATA_SIZE_INFORMATION;
1774typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1775typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1776{
1777 ULONGLONG ActualTotalAllocationUnits;
1778 ULONGLONG ActualAvailableAllocationUnits;
1779 ULONGLONG ActualPoolUnavailableAllocationUnits;
1780 ULONGLONG CallerTotalAllocationUnits;
1781 ULONGLONG CallerAvailableAllocationUnits;
1782 ULONGLONG CallerPoolUnavailableAllocationUnits;
1783 ULONGLONG UsedAllocationUnits;
1784 ULONGLONG TotalReservedAllocationUnits;
1785 ULONGLONG VolumeStorageReserveAllocationUnits;
1786 ULONGLONG AvailableCommittedAllocationUnits;
1787 ULONGLONG PoolAvailableAllocationUnits;
1788 ULONG SectorsPerAllocationUnit;
1789 ULONG BytesPerSector;
1790} FILE_FS_FULL_SIZE_INFORMATION_EX;
1791typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1792#endif /* IPRT_NT_USE_WINTERNL */
1793
1794typedef enum _FSINFOCLASS
1795{
1796 FileFsVolumeInformation = 1,
1797 FileFsLabelInformation,
1798 FileFsSizeInformation, /**< FILE_FS_SIZE_INFORMATION */
1799 FileFsDeviceInformation,
1800 FileFsAttributeInformation,
1801 FileFsControlInformation,
1802 FileFsFullSizeInformation,
1803 FileFsObjectIdInformation,
1804 FileFsDriverPathInformation,
1805 FileFsVolumeFlagsInformation,
1806 FileFsSectorSizeInformation,
1807 FileFsDataCopyInformation,
1808 FileFsMetadataSizeInformation,
1809 FileFsFullSizeInformationEx,
1810 FileFsMaximumInformation
1811} FS_INFORMATION_CLASS;
1812typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1813RT_DECL_NTAPI(NTSTATUS) NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1814RT_DECL_NTAPI(NTSTATUS) NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1815
1816#ifdef IPRT_NT_USE_WINTERNL
1817typedef struct _FILE_DIRECTORY_INFORMATION
1818{
1819 ULONG NextEntryOffset;
1820 ULONG FileIndex;
1821 LARGE_INTEGER CreationTime;
1822 LARGE_INTEGER LastAccessTime;
1823 LARGE_INTEGER LastWriteTime;
1824 LARGE_INTEGER ChangeTime;
1825 LARGE_INTEGER EndOfFile;
1826 LARGE_INTEGER AllocationSize;
1827 ULONG FileAttributes;
1828 ULONG FileNameLength;
1829 WCHAR FileName[1];
1830} FILE_DIRECTORY_INFORMATION;
1831typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1832typedef struct _FILE_FULL_DIR_INFORMATION
1833{
1834 ULONG NextEntryOffset;
1835 ULONG FileIndex;
1836 LARGE_INTEGER CreationTime;
1837 LARGE_INTEGER LastAccessTime;
1838 LARGE_INTEGER LastWriteTime;
1839 LARGE_INTEGER ChangeTime;
1840 LARGE_INTEGER EndOfFile;
1841 LARGE_INTEGER AllocationSize;
1842 ULONG FileAttributes;
1843 ULONG FileNameLength;
1844 ULONG EaSize;
1845 WCHAR FileName[1];
1846} FILE_FULL_DIR_INFORMATION;
1847typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1848typedef struct _FILE_BOTH_DIR_INFORMATION
1849{
1850 ULONG NextEntryOffset; /**< 0x00: */
1851 ULONG FileIndex; /**< 0x04: */
1852 LARGE_INTEGER CreationTime; /**< 0x08: */
1853 LARGE_INTEGER LastAccessTime; /**< 0x10: */
1854 LARGE_INTEGER LastWriteTime; /**< 0x18: */
1855 LARGE_INTEGER ChangeTime; /**< 0x20: */
1856 LARGE_INTEGER EndOfFile; /**< 0x28: */
1857 LARGE_INTEGER AllocationSize; /**< 0x30: */
1858 ULONG FileAttributes; /**< 0x38: */
1859 ULONG FileNameLength; /**< 0x3c: */
1860 ULONG EaSize; /**< 0x40: */
1861 CCHAR ShortNameLength; /**< 0x44: */
1862 WCHAR ShortName[12]; /**< 0x46: */
1863 WCHAR FileName[1]; /**< 0x5e: */
1864} FILE_BOTH_DIR_INFORMATION;
1865typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1866typedef struct _FILE_BASIC_INFORMATION
1867{
1868 LARGE_INTEGER CreationTime;
1869 LARGE_INTEGER LastAccessTime;
1870 LARGE_INTEGER LastWriteTime;
1871 LARGE_INTEGER ChangeTime;
1872 ULONG FileAttributes;
1873} FILE_BASIC_INFORMATION;
1874typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1875typedef struct _FILE_STANDARD_INFORMATION
1876{
1877 LARGE_INTEGER AllocationSize;
1878 LARGE_INTEGER EndOfFile;
1879 ULONG NumberOfLinks;
1880 BOOLEAN DeletePending;
1881 BOOLEAN Directory;
1882} FILE_STANDARD_INFORMATION;
1883typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1884typedef struct _FILE_NAME_INFORMATION
1885{
1886 ULONG FileNameLength;
1887 WCHAR FileName[1];
1888} FILE_NAME_INFORMATION;
1889typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1890typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1891typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1892typedef struct _FILE_INTERNAL_INFORMATION
1893{
1894 LARGE_INTEGER IndexNumber;
1895} FILE_INTERNAL_INFORMATION;
1896typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1897typedef struct _FILE_EA_INFORMATION
1898{
1899 ULONG EaSize;
1900} FILE_EA_INFORMATION;
1901typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1902typedef struct _FILE_ACCESS_INFORMATION
1903{
1904 ACCESS_MASK AccessFlags;
1905} FILE_ACCESS_INFORMATION;
1906typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1907typedef struct _FILE_RENAME_INFORMATION
1908{
1909 union
1910 {
1911 BOOLEAN ReplaceIfExists;
1912 ULONG Flags;
1913 };
1914 HANDLE RootDirectory;
1915 ULONG FileNameLength;
1916 WCHAR FileName[1];
1917} FILE_RENAME_INFORMATION;
1918typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1919typedef struct _FILE_LINK_INFORMATION
1920{
1921 union
1922 {
1923 BOOLEAN ReplaceIfExists;
1924 ULONG Flags;
1925 };
1926 HANDLE RootDirectory;
1927 ULONG FileNameLength;
1928 WCHAR FileName[1];
1929} FILE_LINK_INFORMATION;
1930typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1931typedef struct _FILE_NAMES_INFORMATION
1932{
1933 ULONG NextEntryOffset;
1934 ULONG FileIndex;
1935 ULONG FileNameLength;
1936 WCHAR FileName[1];
1937} FILE_NAMES_INFORMATION;
1938typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1939typedef struct _FILE_DISPOSITION_INFORMATION
1940{
1941 BOOLEAN DeleteFile;
1942} FILE_DISPOSITION_INFORMATION;
1943typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1944typedef struct _FILE_POSITION_INFORMATION
1945{
1946 LARGE_INTEGER CurrentByteOffset;
1947} FILE_POSITION_INFORMATION;
1948typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1949typedef struct _FILE_FULL_EA_INFORMATION
1950{
1951 ULONG NextEntryOffset;
1952 UCHAR Flags;
1953 UCHAR EaNameLength;
1954 USHORT EaValueLength;
1955 CHAR EaName[1];
1956} FILE_FULL_EA_INFORMATION;
1957typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1958typedef struct _FILE_MODE_INFORMATION
1959{
1960 ULONG Mode;
1961} FILE_MODE_INFORMATION;
1962typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1963typedef struct _FILE_ALIGNMENT_INFORMATION
1964{
1965 ULONG AlignmentRequirement;
1966} FILE_ALIGNMENT_INFORMATION;
1967typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1968typedef struct _FILE_ALL_INFORMATION
1969{
1970 FILE_BASIC_INFORMATION BasicInformation;
1971 FILE_STANDARD_INFORMATION StandardInformation;
1972 FILE_INTERNAL_INFORMATION InternalInformation;
1973 FILE_EA_INFORMATION EaInformation;
1974 FILE_ACCESS_INFORMATION AccessInformation;
1975 FILE_POSITION_INFORMATION PositionInformation;
1976 FILE_MODE_INFORMATION ModeInformation;
1977 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1978 FILE_NAME_INFORMATION NameInformation;
1979} FILE_ALL_INFORMATION;
1980typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1981typedef struct _FILE_ALLOCATION_INFORMATION
1982{
1983 LARGE_INTEGER AllocationSize;
1984} FILE_ALLOCATION_INFORMATION;
1985typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1986typedef struct _FILE_END_OF_FILE_INFORMATION
1987{
1988 LARGE_INTEGER EndOfFile;
1989} FILE_END_OF_FILE_INFORMATION;
1990typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1991typedef struct _FILE_STREAM_INFORMATION
1992{
1993 ULONG NextEntryOffset;
1994 ULONG StreamNameLength;
1995 LARGE_INTEGER StreamSize;
1996 LARGE_INTEGER StreamAllocationSize;
1997 WCHAR StreamName[1];
1998} FILE_STREAM_INFORMATION;
1999typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
2000
2001typedef struct _FILE_PIPE_INFORMATION
2002{
2003 ULONG ReadMode;
2004 ULONG CompletionMode;
2005} FILE_PIPE_INFORMATION;
2006typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
2007
2008typedef struct _FILE_PIPE_LOCAL_INFORMATION
2009{
2010 ULONG NamedPipeType;
2011 ULONG NamedPipeConfiguration;
2012 ULONG MaximumInstances;
2013 ULONG CurrentInstances;
2014 ULONG InboundQuota;
2015 ULONG ReadDataAvailable;
2016 ULONG OutboundQuota;
2017 ULONG WriteQuotaAvailable;
2018 ULONG NamedPipeState;
2019 ULONG NamedPipeEnd;
2020} FILE_PIPE_LOCAL_INFORMATION;
2021typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
2022
2023/** @name Pipe state (FILE_PIPE_LOCAL_INFORMATION::NamedPipeState)
2024 * @{ */
2025#if !defined(FILE_PIPE_DISCONNECTED_STATE) || defined(DOXYGEN_RUNNING)
2026# define FILE_PIPE_DISCONNECTED_STATE 0x00000001U
2027# define FILE_PIPE_LISTENING_STATE 0x00000002U
2028# define FILE_PIPE_CONNECTED_STATE 0x00000003U
2029# define FILE_PIPE_CLOSING_STATE 0x00000004U
2030#endif
2031/** @} */
2032
2033/** @name Pipe config (FILE_PIPE_LOCAL_INFORMATION::NamedPipeConfiguration)
2034 * @{ */
2035#if !defined(FILE_PIPE_INBOUND) || defined(DOXYGEN_RUNNING)
2036# define FILE_PIPE_INBOUND 0x00000000U
2037# define FILE_PIPE_OUTBOUND 0x00000001U
2038# define FILE_PIPE_FULL_DUPLEX 0x00000002U
2039#endif
2040/** @} */
2041
2042/** @name Pipe end (FILE_PIPE_LOCAL_INFORMATION::NamedPipeEnd)
2043 * @{ */
2044#if !defined(FILE_PIPE_CLIENT_END) || defined(DOXYGEN_RUNNING)
2045# define FILE_PIPE_CLIENT_END 0x00000000U
2046# define FILE_PIPE_SERVER_END 0x00000001U
2047#endif
2048/** @} */
2049
2050typedef struct _FILE_PIPE_REMOTE_INFORMATION
2051{
2052 LARGE_INTEGER CollectDataTime;
2053 ULONG MaximumCollectionCount;
2054} FILE_PIPE_REMOTE_INFORMATION;
2055typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
2056typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
2057{
2058 ULONG MaximumMessageSize;
2059 ULONG MailslotQuota;
2060 ULONG NextMessageSize;
2061 ULONG MessagesAvailable;
2062 LARGE_INTEGER ReadTimeout;
2063} FILE_MAILSLOT_QUERY_INFORMATION;
2064typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
2065typedef struct _FILE_MAILSLOT_SET_INFORMATION
2066{
2067 PLARGE_INTEGER ReadTimeout;
2068} FILE_MAILSLOT_SET_INFORMATION;
2069typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2070typedef struct _FILE_COMPRESSION_INFORMATION
2071{
2072 LARGE_INTEGER CompressedFileSize;
2073 USHORT CompressionFormat;
2074 UCHAR CompressionUnitShift;
2075 UCHAR ChunkShift;
2076 UCHAR ClusterShift;
2077 UCHAR Reserved[3];
2078} FILE_COMPRESSION_INFORMATION;
2079typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2080typedef struct _FILE_OBJECTID_INFORMATION
2081{
2082 LONGLONG FileReference;
2083 UCHAR ObjectId[16];
2084 union
2085 {
2086 struct
2087 {
2088 UCHAR BirthVolumeId[16];
2089 UCHAR BirthObjectId[16];
2090 UCHAR DomainId[16];
2091 };
2092 UCHAR ExtendedInfo[48];
2093 };
2094} FILE_OBJECTID_INFORMATION;
2095typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2096typedef struct _FILE_COMPLETION_INFORMATION
2097{
2098 HANDLE Port;
2099 PVOID Key;
2100} FILE_COMPLETION_INFORMATION;
2101typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2102typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2103{
2104 ULONG ClusterCount;
2105 HANDLE RootDirectory;
2106 ULONG FileNameLength;
2107 WCHAR FileName[1];
2108} FILE_MOVE_CLUSTER_INFORMATION;
2109typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2110typedef struct _FILE_QUOTA_INFORMATION
2111{
2112 ULONG NextEntryOffset;
2113 ULONG SidLength;
2114 LARGE_INTEGER ChangeTime;
2115 LARGE_INTEGER QuotaUsed;
2116 LARGE_INTEGER QuotaThreshold;
2117 LARGE_INTEGER QuotaLimit;
2118 SID Sid;
2119} FILE_QUOTA_INFORMATION;
2120typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2121typedef struct _FILE_REPARSE_POINT_INFORMATION
2122{
2123 LONGLONG FileReference;
2124 ULONG Tag;
2125} FILE_REPARSE_POINT_INFORMATION;
2126typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2127typedef struct _FILE_NETWORK_OPEN_INFORMATION
2128{
2129 LARGE_INTEGER CreationTime;
2130 LARGE_INTEGER LastAccessTime;
2131 LARGE_INTEGER LastWriteTime;
2132 LARGE_INTEGER ChangeTime;
2133 LARGE_INTEGER AllocationSize;
2134 LARGE_INTEGER EndOfFile;
2135 ULONG FileAttributes;
2136} FILE_NETWORK_OPEN_INFORMATION;
2137typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2138typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2139{
2140 ULONG FileAttributes;
2141 ULONG ReparseTag;
2142} FILE_ATTRIBUTE_TAG_INFORMATION;
2143typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2144typedef struct _FILE_TRACKING_INFORMATION
2145{
2146 HANDLE DestinationFile;
2147 ULONG ObjectInformationLength;
2148 CHAR ObjectInformation[1];
2149} FILE_TRACKING_INFORMATION;
2150typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2151typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2152{
2153 ULONG NextEntryOffset;
2154 ULONG FileIndex;
2155 LARGE_INTEGER CreationTime;
2156 LARGE_INTEGER LastAccessTime;
2157 LARGE_INTEGER LastWriteTime;
2158 LARGE_INTEGER ChangeTime;
2159 LARGE_INTEGER EndOfFile;
2160 LARGE_INTEGER AllocationSize;
2161 ULONG FileAttributes;
2162 ULONG FileNameLength;
2163 ULONG EaSize;
2164 CCHAR ShortNameLength;
2165 WCHAR ShortName[12];
2166 LARGE_INTEGER FileId;
2167 WCHAR FileName[1];
2168} FILE_ID_BOTH_DIR_INFORMATION;
2169typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2170typedef struct _FILE_ID_FULL_DIR_INFORMATION
2171{
2172 ULONG NextEntryOffset;
2173 ULONG FileIndex;
2174 LARGE_INTEGER CreationTime;
2175 LARGE_INTEGER LastAccessTime;
2176 LARGE_INTEGER LastWriteTime;
2177 LARGE_INTEGER ChangeTime;
2178 LARGE_INTEGER EndOfFile;
2179 LARGE_INTEGER AllocationSize;
2180 ULONG FileAttributes;
2181 ULONG FileNameLength;
2182 ULONG EaSize;
2183 LARGE_INTEGER FileId;
2184 WCHAR FileName[1];
2185} FILE_ID_FULL_DIR_INFORMATION;
2186typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2187typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2188{
2189 LARGE_INTEGER ValidDataLength;
2190} FILE_VALID_DATA_LENGTH_INFORMATION;
2191typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2192typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2193{
2194 ULONG Flags;
2195} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2196typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2197typedef enum _IO_PRIORITY_HINT
2198{
2199 IoPriorityVeryLow = 0,
2200 IoPriorityLow,
2201 IoPriorityNormal,
2202 IoPriorityHigh,
2203 IoPriorityCritical,
2204 MaxIoPriorityTypes
2205} IO_PRIORITY_HINT;
2206AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2207typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2208{
2209 IO_PRIORITY_HINT PriorityHint;
2210} FILE_IO_PRIORITY_HINT_INFORMATION;
2211typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2212typedef struct _FILE_SFIO_RESERVE_INFORMATION
2213{
2214 ULONG RequestsPerPeriod;
2215 ULONG Period;
2216 BOOLEAN RetryFailures;
2217 BOOLEAN Discardable;
2218 ULONG RequestSize;
2219 ULONG NumOutstandingRequests;
2220} FILE_SFIO_RESERVE_INFORMATION;
2221typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2222typedef struct _FILE_SFIO_VOLUME_INFORMATION
2223{
2224 ULONG MaximumRequestsPerPeriod;
2225 ULONG MinimumPeriod;
2226 ULONG MinimumTransferSize;
2227} FILE_SFIO_VOLUME_INFORMATION;
2228typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2229typedef struct _FILE_LINK_ENTRY_INFORMATION
2230{
2231 ULONG NextEntryOffset;
2232 LONGLONG ParentFileId;
2233 ULONG FileNameLength;
2234 WCHAR FileName[1];
2235} FILE_LINK_ENTRY_INFORMATION;
2236typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2237typedef struct _FILE_LINKS_INFORMATION
2238{
2239 ULONG BytesNeeded;
2240 ULONG EntriesReturned;
2241 FILE_LINK_ENTRY_INFORMATION Entry;
2242} FILE_LINKS_INFORMATION;
2243typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2244typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2245{
2246 ULONG NumberOfProcessIdsInList;
2247 ULONG_PTR ProcessIdList[1];
2248} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2249typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2250typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2251{
2252 ULONG NextEntryOffset;
2253 ULONG FileIndex;
2254 LARGE_INTEGER CreationTime;
2255 LARGE_INTEGER LastAccessTime;
2256 LARGE_INTEGER LastWriteTime;
2257 LARGE_INTEGER ChangeTime;
2258 LARGE_INTEGER EndOfFile;
2259 LARGE_INTEGER AllocationSize;
2260 ULONG FileAttributes;
2261 ULONG FileNameLength;
2262 LARGE_INTEGER FileId;
2263 GUID LockingTransactionId;
2264 ULONG TxInfoFlags;
2265 WCHAR FileName[1];
2266} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2267typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2268typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2269{
2270 BOOLEAN IsRemote;
2271} FILE_IS_REMOTE_DEVICE_INFORMATION;
2272typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2273typedef struct _FILE_NUMA_NODE_INFORMATION
2274{
2275 USHORT NodeNumber;
2276} FILE_NUMA_NODE_INFORMATION;
2277typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2278typedef struct _FILE_STANDARD_LINK_INFORMATION
2279{
2280 ULONG NumberOfAccessibleLinks;
2281 ULONG TotalNumberOfLinks;
2282 BOOLEAN DeletePending;
2283 BOOLEAN Directory;
2284} FILE_STANDARD_LINK_INFORMATION;
2285typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2286typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2287{
2288 USHORT StructureVersion;
2289 USHORT StructureSize;
2290 ULONG Protocol;
2291 USHORT ProtocolMajorVersion;
2292 USHORT ProtocolMinorVersion;
2293 USHORT ProtocolRevision;
2294 USHORT Reserved;
2295 ULONG Flags;
2296 struct
2297 {
2298 ULONG Reserved[8];
2299 } GenericReserved;
2300 struct
2301 {
2302 ULONG Reserved[16];
2303 } ProtocolSpecificReserved;
2304} FILE_REMOTE_PROTOCOL_INFORMATION;
2305typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2306typedef struct _FILE_VOLUME_NAME_INFORMATION
2307{
2308 ULONG DeviceNameLength;
2309 WCHAR DeviceName[1];
2310} FILE_VOLUME_NAME_INFORMATION;
2311typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2312# ifndef FILE_INVALID_FILE_ID
2313typedef struct _FILE_ID_128
2314{
2315 BYTE Identifier[16];
2316} FILE_ID_128;
2317typedef FILE_ID_128 *PFILE_ID_128;
2318# endif
2319typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2320{
2321 ULONG NextEntryOffset;
2322 ULONG FileIndex;
2323 LARGE_INTEGER CreationTime;
2324 LARGE_INTEGER LastAccessTime;
2325 LARGE_INTEGER LastWriteTime;
2326 LARGE_INTEGER ChangeTime;
2327 LARGE_INTEGER EndOfFile;
2328 LARGE_INTEGER AllocationSize;
2329 ULONG FileAttributes;
2330 ULONG FileNameLength;
2331 ULONG EaSize;
2332 ULONG ReparsePointTag;
2333 FILE_ID_128 FileId;
2334 WCHAR FileName[1];
2335} FILE_ID_EXTD_DIR_INFORMATION;
2336typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2337typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2338{
2339 ULONG NextEntryOffset;
2340 ULONG FileIndex;
2341 LARGE_INTEGER CreationTime;
2342 LARGE_INTEGER LastAccessTime;
2343 LARGE_INTEGER LastWriteTime;
2344 LARGE_INTEGER ChangeTime;
2345 LARGE_INTEGER EndOfFile;
2346 LARGE_INTEGER AllocationSize;
2347 ULONG FileAttributes;
2348 ULONG FileNameLength;
2349 ULONG EaSize;
2350 ULONG ReparsePointTag;
2351 FILE_ID_128 FileId;
2352 CCHAR ShortNameLength;
2353 WCHAR ShortName[12];
2354 WCHAR FileName[1];
2355} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2356typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2357typedef struct _FILE_ID_INFORMATION
2358{
2359 ULONGLONG VolumeSerialNumber;
2360 FILE_ID_128 FileId;
2361} FILE_ID_INFORMATION;
2362typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2363typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2364{
2365 ULONG NextEntryOffset;
2366 FILE_ID_128 ParentFileId;
2367 ULONG FileNameLength;
2368 WCHAR FileName[1];
2369} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2370typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2371typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2372 ULONG BytesNeeded;
2373 ULONG EntriesReturned;
2374 FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2375} FILE_LINKS_FULL_ID_INFORMATION;
2376typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2377typedef struct _FILE_DISPOSITION_INFORMATION_EX
2378{
2379 ULONG Flags;
2380} FILE_DISPOSITION_INFORMATION_EX;
2381typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2382# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2383typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2384{
2385 /*FILE_STORAGE_TIER_CLASS*/ ULONG Class;
2386 ULONG Flags;
2387} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2388typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2389# endif
2390typedef struct _FILE_STAT_INFORMATION
2391{
2392 LARGE_INTEGER FileId;
2393 LARGE_INTEGER CreationTime;
2394 LARGE_INTEGER LastAccessTime;
2395 LARGE_INTEGER LastWriteTime;
2396 LARGE_INTEGER ChangeTime;
2397 LARGE_INTEGER AllocationSize;
2398 LARGE_INTEGER EndOfFile;
2399 ULONG FileAttributes;
2400 ULONG ReparseTag;
2401 ULONG NumberOfLinks;
2402 ACCESS_MASK EffectiveAccess;
2403} FILE_STAT_INFORMATION;
2404typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2405typedef struct _FILE_STAT_LX_INFORMATION
2406{
2407 LARGE_INTEGER FileId;
2408 LARGE_INTEGER CreationTime;
2409 LARGE_INTEGER LastAccessTime;
2410 LARGE_INTEGER LastWriteTime;
2411 LARGE_INTEGER ChangeTime;
2412 LARGE_INTEGER AllocationSize;
2413 LARGE_INTEGER EndOfFile;
2414 ULONG FileAttributes;
2415 ULONG ReparseTag;
2416 ULONG NumberOfLinks;
2417 ACCESS_MASK EffectiveAccess;
2418 ULONG LxFlags;
2419 ULONG LxUid;
2420 ULONG LxGid;
2421 ULONG LxMode;
2422 ULONG LxDeviceIdMajor;
2423 ULONG LxDeviceIdMinor;
2424} FILE_STAT_LX_INFORMATION;
2425typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2426typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2427{
2428 ULONG Flags;
2429} FILE_CASE_SENSITIVE_INFORMATION;
2430typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2431
2432typedef enum _FILE_INFORMATION_CLASS
2433{
2434 FileDirectoryInformation = 1,
2435 FileFullDirectoryInformation,
2436 FileBothDirectoryInformation,
2437 FileBasicInformation,
2438 FileStandardInformation,
2439 FileInternalInformation,
2440 FileEaInformation,
2441 FileAccessInformation,
2442 FileNameInformation,
2443 FileRenameInformation,
2444 FileLinkInformation,
2445 FileNamesInformation,
2446 FileDispositionInformation,
2447 FilePositionInformation,
2448 FileFullEaInformation,
2449 FileModeInformation,
2450 FileAlignmentInformation,
2451 FileAllInformation,
2452 FileAllocationInformation,
2453 FileEndOfFileInformation,
2454 FileAlternateNameInformation,
2455 FileStreamInformation,
2456 FilePipeInformation,
2457 FilePipeLocalInformation,
2458 FilePipeRemoteInformation,
2459 FileMailslotQueryInformation,
2460 FileMailslotSetInformation,
2461 FileCompressionInformation,
2462 FileObjectIdInformation,
2463 FileCompletionInformation,
2464 FileMoveClusterInformation,
2465 FileQuotaInformation,
2466 FileReparsePointInformation,
2467 FileNetworkOpenInformation,
2468 FileAttributeTagInformation,
2469 FileTrackingInformation,
2470 FileIdBothDirectoryInformation,
2471 FileIdFullDirectoryInformation,
2472 FileValidDataLengthInformation,
2473 FileShortNameInformation,
2474 FileIoCompletionNotificationInformation,
2475 FileIoStatusBlockRangeInformation,
2476 FileIoPriorityHintInformation,
2477 FileSfioReserveInformation,
2478 FileSfioVolumeInformation,
2479 FileHardLinkInformation,
2480 FileProcessIdsUsingFileInformation,
2481 FileNormalizedNameInformation,
2482 FileNetworkPhysicalNameInformation,
2483 FileIdGlobalTxDirectoryInformation,
2484 FileIsRemoteDeviceInformation,
2485 FileUnusedInformation,
2486 FileNumaNodeInformation,
2487 FileStandardLinkInformation,
2488 FileRemoteProtocolInformation,
2489 /* Defined with Windows 10: */
2490 FileRenameInformationBypassAccessCheck,
2491 FileLinkInformationBypassAccessCheck,
2492 FileVolumeNameInformation,
2493 FileIdInformation,
2494 FileIdExtdDirectoryInformation,
2495 FileReplaceCompletionInformation,
2496 FileHardLinkFullIdInformation,
2497 FileIdExtdBothDirectoryInformation,
2498 FileDispositionInformationEx,
2499 FileRenameInformationEx,
2500 FileRenameInformationExBypassAccessCheck,
2501 FileDesiredStorageClassInformation,
2502 FileStatInformation,
2503 FileMemoryPartitionInformation,
2504 FileStatLxInformation,
2505 FileCaseSensitiveInformation,
2506 FileLinkInformationEx,
2507 FileLinkInformationExBypassAccessCheck,
2508 FileStorageReserveIdInformation,
2509 FileCaseSensitiveInformationForceAccessCheck,
2510 FileMaximumInformation
2511} FILE_INFORMATION_CLASS;
2512typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2513RT_DECL_NTAPI(NTSTATUS) NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2514RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2515 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2516RT_DECL_NTAPI(NTSTATUS) NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2517#endif /* IPRT_NT_USE_WINTERNL */
2518RT_DECL_NTAPI(NTSTATUS) NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2519RT_DECL_NTAPI(NTSTATUS) NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2520
2521
2522/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2523 * @{ */
2524#ifndef SE_GROUP_MANDATORY
2525# define SE_GROUP_MANDATORY UINT32_C(0x01)
2526#endif
2527#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2528# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2529#endif
2530#ifndef SE_GROUP_ENABLED
2531# define SE_GROUP_ENABLED UINT32_C(0x04)
2532#endif
2533#ifndef SE_GROUP_OWNER
2534# define SE_GROUP_OWNER UINT32_C(0x08)
2535#endif
2536#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2537# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2538#endif
2539#ifndef SE_GROUP_INTEGRITY
2540# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2541#endif
2542#ifndef SE_GROUP_INTEGRITY_ENABLED
2543# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2544#endif
2545#ifndef SE_GROUP_RESOURCE
2546# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2547#endif
2548#ifndef SE_GROUP_LOGON_ID
2549# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2550#endif
2551/** @} */
2552
2553
2554#ifdef IPRT_NT_USE_WINTERNL
2555
2556/** For use with KeyBasicInformation. */
2557typedef struct _KEY_BASIC_INFORMATION
2558{
2559 LARGE_INTEGER LastWriteTime;
2560 ULONG TitleIndex;
2561 ULONG NameLength;
2562 WCHAR Name[1];
2563} KEY_BASIC_INFORMATION;
2564typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2565
2566/** For use with KeyNodeInformation. */
2567typedef struct _KEY_NODE_INFORMATION
2568{
2569 LARGE_INTEGER LastWriteTime;
2570 ULONG TitleIndex;
2571 ULONG ClassOffset; /**< Offset from the start of the structure. */
2572 ULONG ClassLength;
2573 ULONG NameLength;
2574 WCHAR Name[1];
2575} KEY_NODE_INFORMATION;
2576typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2577
2578/** For use with KeyFullInformation. */
2579typedef struct _KEY_FULL_INFORMATION
2580{
2581 LARGE_INTEGER LastWriteTime;
2582 ULONG TitleIndex;
2583 ULONG ClassOffset; /**< Offset of the Class member. */
2584 ULONG ClassLength;
2585 ULONG SubKeys;
2586 ULONG MaxNameLen;
2587 ULONG MaxClassLen;
2588 ULONG Values;
2589 ULONG MaxValueNameLen;
2590 ULONG MaxValueDataLen;
2591 WCHAR Class[1];
2592} KEY_FULL_INFORMATION;
2593typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2594
2595/** For use with KeyNameInformation. */
2596typedef struct _KEY_NAME_INFORMATION
2597{
2598 ULONG NameLength;
2599 WCHAR Name[1];
2600} KEY_NAME_INFORMATION;
2601typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2602
2603/** For use with KeyCachedInformation. */
2604typedef struct _KEY_CACHED_INFORMATION
2605{
2606 LARGE_INTEGER LastWriteTime;
2607 ULONG TitleIndex;
2608 ULONG SubKeys;
2609 ULONG MaxNameLen;
2610 ULONG Values;
2611 ULONG MaxValueNameLen;
2612 ULONG MaxValueDataLen;
2613 ULONG NameLength;
2614} KEY_CACHED_INFORMATION;
2615typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2616
2617/** For use with KeyVirtualizationInformation. */
2618typedef struct _KEY_VIRTUALIZATION_INFORMATION
2619{
2620 ULONG VirtualizationCandidate : 1;
2621 ULONG VirtualizationEnabled : 1;
2622 ULONG VirtualTarget : 1;
2623 ULONG VirtualStore : 1;
2624 ULONG VirtualSource : 1;
2625 ULONG Reserved : 27;
2626} KEY_VIRTUALIZATION_INFORMATION;
2627typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2628
2629typedef enum _KEY_INFORMATION_CLASS
2630{
2631 KeyBasicInformation = 0,
2632 KeyNodeInformation,
2633 KeyFullInformation,
2634 KeyNameInformation,
2635 KeyCachedInformation,
2636 KeyFlagsInformation,
2637 KeyVirtualizationInformation,
2638 KeyHandleTagsInformation,
2639 MaxKeyInfoClass
2640} KEY_INFORMATION_CLASS;
2641RT_DECL_NTAPI(NTSTATUS) NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2642RT_DECL_NTAPI(NTSTATUS) NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2643
2644typedef struct _MEMORY_SECTION_NAME
2645{
2646 UNICODE_STRING SectionFileName;
2647 WCHAR NameBuffer[1];
2648} MEMORY_SECTION_NAME;
2649
2650#ifdef IPRT_NT_USE_WINTERNL
2651typedef struct _PROCESS_BASIC_INFORMATION
2652{
2653 NTSTATUS ExitStatus;
2654 PPEB PebBaseAddress;
2655 ULONG_PTR AffinityMask;
2656 int32_t BasePriority;
2657 ULONG_PTR UniqueProcessId;
2658 ULONG_PTR InheritedFromUniqueProcessId;
2659} PROCESS_BASIC_INFORMATION;
2660typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2661#endif
2662
2663typedef enum _PROCESSINFOCLASS
2664{
2665 ProcessBasicInformation = 0, /**< 0 / 0x00 */
2666 ProcessQuotaLimits, /**< 1 / 0x01 */
2667 ProcessIoCounters, /**< 2 / 0x02 */
2668 ProcessVmCounters, /**< 3 / 0x03 */
2669 ProcessTimes, /**< 4 / 0x04 */
2670 ProcessBasePriority, /**< 5 / 0x05 */
2671 ProcessRaisePriority, /**< 6 / 0x06 */
2672 ProcessDebugPort, /**< 7 / 0x07 */
2673 ProcessExceptionPort, /**< 8 / 0x08 */
2674 ProcessAccessToken, /**< 9 / 0x09 */
2675 ProcessLdtInformation, /**< 10 / 0x0a */
2676 ProcessLdtSize, /**< 11 / 0x0b */
2677 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
2678 ProcessIoPortHandlers, /**< 13 / 0x0d */
2679 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
2680 ProcessWorkingSetWatch, /**< 15 / 0x0f */
2681 ProcessUserModeIOPL, /**< 16 / 0x10 */
2682 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
2683 ProcessPriorityClass, /**< 18 / 0x12 */
2684 ProcessWx86Information, /**< 19 / 0x13 */
2685 ProcessHandleCount, /**< 20 / 0x14 */
2686 ProcessAffinityMask, /**< 21 / 0x15 */
2687 ProcessPriorityBoost, /**< 22 / 0x16 */
2688 ProcessDeviceMap, /**< 23 / 0x17 */
2689 ProcessSessionInformation, /**< 24 / 0x18 */
2690 ProcessForegroundInformation, /**< 25 / 0x19 */
2691 ProcessWow64Information, /**< 26 / 0x1a */
2692 ProcessImageFileName, /**< 27 / 0x1b */
2693 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
2694 ProcessBreakOnTermination, /**< 29 / 0x1d */
2695 ProcessDebugObjectHandle, /**< 30 / 0x1e */
2696 ProcessDebugFlags, /**< 31 / 0x1f */
2697 ProcessHandleTracing, /**< 32 / 0x20 */
2698 ProcessIoPriority, /**< 33 / 0x21 */
2699 ProcessExecuteFlags, /**< 34 / 0x22 */
2700 ProcessTlsInformation, /**< 35 / 0x23 */
2701 ProcessCookie, /**< 36 / 0x24 */
2702 ProcessImageInformation, /**< 37 / 0x25 */
2703 ProcessCycleTime, /**< 38 / 0x26 */
2704 ProcessPagePriority, /**< 39 / 0x27 */
2705 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
2706 ProcessThreadStackAllocation, /**< 41 / 0x29 */
2707 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
2708 ProcessImageFileNameWin32, /**< 43 / 0x2b */
2709 ProcessImageFileMapping, /**< 44 / 0x2c */
2710 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
2711 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
2712 ProcessGroupInformation, /**< 47 / 0x2f */
2713 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
2714 ProcessOwnerInformation, /**< 49 / 0x31 */
2715 ProcessWindowInformation, /**< 50 / 0x32 */
2716 ProcessHandleInformation, /**< 51 / 0x33 */
2717 ProcessMitigationPolicy, /**< 52 / 0x34 */
2718 ProcessDynamicFunctionTableInformation, /**< 53 / 0x35 */
2719 ProcessHandleCheckingMode, /**< 54 / 0x36 */
2720 ProcessKeepAliveCount, /**< 55 / 0x37 */
2721 ProcessRevokeFileHandles, /**< 56 / 0x38 */
2722 ProcessWorkingSetControl, /**< 57 / 0x39 */
2723 ProcessHandleTable, /**< 58 / 0x3a */
2724 ProcessCheckStackExtentsMode, /**< 59 / 0x3b */
2725 ProcessCommandLineInformation, /**< 60 / 0x3c */
2726 ProcessProtectionInformation, /**< 61 / 0x3d */
2727 ProcessMemoryExhaustion, /**< 62 / 0x3e */
2728 ProcessFaultInformation, /**< 63 / 0x3f */
2729 ProcessTelemetryIdInformation, /**< 64 / 0x40 */
2730 ProcessCommitReleaseInformation, /**< 65 / 0x41 */
2731 ProcessDefaultCpuSetsInformation, /**< 66 / 0x42 - aka ProcessReserved1Information */
2732 ProcessAllowedCpuSetsInformation, /**< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 */
2733 ProcessSubsystemProcess, /**< 68 / 0x44 */
2734 ProcessJobMemoryInformation, /**< 69 / 0x45 */
2735 ProcessInPrivate, /**< 70 / 0x46 */
2736 ProcessRaiseUMExceptionOnInvalidHandleClose,/**< 71 / 0x47 */
2737 ProcessIumChallengeResponse, /**< 72 / 0x48 */
2738 ProcessChildProcessInformation, /**< 73 / 0x49 */
2739 ProcessHighGraphicsPriorityInformation, /**< 74 / 0x4a */
2740 ProcessSubsystemInformation, /**< 75 / 0x4b */
2741 ProcessEnergyValues, /**< 76 / 0x4c */
2742 ProcessPowerThrottlingState, /**< 77 / 0x4d */
2743 ProcessReserved3Information, /**< 78 / 0x4e */
2744 ProcessWin32kSyscallFilterInformation, /**< 79 / 0x4f */
2745 ProcessDisableSystemAllowedCpuSets, /**< 80 / 0x50 */
2746 ProcessWakeInformation, /**< 81 / 0x51 */
2747 ProcessEnergyTrackingState, /**< 82 / 0x52 */
2748 ProcessManageWritesToExecutableMemory, /**< 83 / 0x53 */
2749 ProcessCaptureTrustletLiveDump, /**< 84 / 0x54 */
2750 ProcessTelemetryCoverage, /**< 85 / 0x55 */
2751 ProcessEnclaveInformation, /**< 86 / 0x56 */
2752 ProcessEnableReadWriteVmLogging, /**< 87 / 0x57 */
2753 ProcessUptimeInformation, /**< 88 / 0x58 */
2754 ProcessImageSection, /**< 89 / 0x59 */
2755 ProcessDebugAuthInformation, /**< 90 / 0x5a */
2756 ProcessSystemResourceManagement, /**< 92 / 0x5b */
2757 ProcessSequenceNumber, /**< 93 / 0x5c */
2758 MaxProcessInfoClass
2759} PROCESSINFOCLASS;
2760AssertCompile(ProcessSequenceNumber == 0x5c);
2761#endif
2762#if defined(IPRT_NT_USE_WINTERNL) || defined(WDK_NTDDI_VERSION) /* Present in ntddk.h from 7600.16385.1, but not in W10. */
2763RT_DECL_NTAPI(NTSTATUS) NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2764#endif
2765#ifdef IPRT_NT_USE_WINTERNL
2766#if ARCH_BITS == 32
2767/** 64-bit API pass thru to WOW64 processes. */
2768RT_DECL_NTAPI(NTSTATUS) NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2769#endif
2770
2771typedef enum _THREADINFOCLASS
2772{
2773 ThreadBasicInformation = 0,
2774 ThreadTimes,
2775 ThreadPriority,
2776 ThreadBasePriority,
2777 ThreadAffinityMask,
2778 ThreadImpersonationToken,
2779 ThreadDescriptorTableEntry,
2780 ThreadEnableAlignmentFaultFixup,
2781 ThreadEventPair_Reusable,
2782 ThreadQuerySetWin32StartAddress,
2783 ThreadZeroTlsCell,
2784 ThreadPerformanceCount,
2785 ThreadAmILastThread,
2786 ThreadIdealProcessor,
2787 ThreadPriorityBoost,
2788 ThreadSetTlsArrayAddress,
2789 ThreadIsIoPending,
2790 ThreadHideFromDebugger,
2791 ThreadBreakOnTermination,
2792 ThreadSwitchLegacyState,
2793 ThreadIsTerminated,
2794 ThreadLastSystemCall,
2795 ThreadIoPriority,
2796 ThreadCycleTime,
2797 ThreadPagePriority,
2798 ThreadActualBasePriority,
2799 ThreadTebInformation,
2800 ThreadCSwitchMon,
2801 ThreadCSwitchPmu,
2802 ThreadWow64Context,
2803 ThreadGroupInformation,
2804 ThreadUmsInformation,
2805 ThreadCounterProfiling,
2806 ThreadIdealProcessorEx,
2807 ThreadCpuAccountingInformation,
2808 MaxThreadInfoClass
2809} THREADINFOCLASS;
2810RT_DECL_NTAPI(NTSTATUS) NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2811
2812RT_DECL_NTAPI(NTSTATUS) NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2813RT_DECL_NTAPI(NTSTATUS) ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2814
2815RT_DECL_NTAPI(NTSTATUS) NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2816RT_DECL_NTAPI(NTSTATUS) NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2817RT_DECL_NTAPI(NTSTATUS) NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2818RT_DECL_NTAPI(NTSTATUS) NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2819
2820RT_DECL_NTAPI(NTSTATUS) NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2821RT_DECL_NTAPI(NTSTATUS) NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2822
2823RT_DECL_NTAPI(NTSTATUS) RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2824RT_DECL_NTAPI(NTSTATUS) RtlCopySid(ULONG, PSID, PSID);
2825RT_DECL_NTAPI(NTSTATUS) RtlCreateAcl(PACL, ULONG, ULONG);
2826RT_DECL_NTAPI(NTSTATUS) RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2827RT_DECL_NTAPI(BOOLEAN) RtlEqualSid(PSID, PSID);
2828RT_DECL_NTAPI(NTSTATUS) RtlGetVersion(PRTL_OSVERSIONINFOW);
2829RT_DECL_NTAPI(NTSTATUS) RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2830RT_DECL_NTAPI(NTSTATUS) RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2831RT_DECL_NTAPI(PULONG) RtlSubAuthoritySid(PSID, ULONG);
2832
2833#endif /* IPRT_NT_USE_WINTERNL */
2834
2835/** For use with ObjectBasicInformation.
2836 * A watered down version of this struct appears under the name
2837 * PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2838 * the first four members, so don't trust the rest. */
2839typedef struct _OBJECT_BASIC_INFORMATION
2840{
2841 ULONG Attributes;
2842 ACCESS_MASK GrantedAccess;
2843 ULONG HandleCount;
2844 ULONG PointerCount;
2845 /* Not in ntifs.h: */
2846 ULONG PagedPoolCharge;
2847 ULONG NonPagedPoolCharge;
2848 ULONG Reserved[3];
2849 ULONG NameInfoSize;
2850 ULONG TypeInfoSize;
2851 ULONG SecurityDescriptorSize;
2852 LARGE_INTEGER CreationTime;
2853} OBJECT_BASIC_INFORMATION;
2854typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2855
2856/** For use with ObjectHandleFlagInformation. */
2857typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2858{
2859 BOOLEAN Inherit;
2860 BOOLEAN ProtectFromClose;
2861} OBJECT_HANDLE_FLAG_INFORMATION;
2862typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2863
2864typedef enum _OBJECT_INFORMATION_CLASS
2865{
2866 ObjectBasicInformation = 0,
2867 ObjectNameInformation,
2868 ObjectTypeInformation,
2869 ObjectAllInformation,
2870 ObjectHandleFlagInformation,
2871 ObjectSessionInformation,
2872 MaxObjectInfoClass
2873} OBJECT_INFORMATION_CLASS;
2874typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2875#ifdef IN_RING0
2876# define NtQueryObject ZwQueryObject
2877#endif
2878RT_DECL_NTAPI(NTSTATUS) NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2879RT_DECL_NTAPI(NTSTATUS) NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2880RT_DECL_NTAPI(NTSTATUS) NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2881
2882RT_DECL_NTAPI(NTSTATUS) NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2883
2884typedef struct _OBJECT_DIRECTORY_INFORMATION
2885{
2886 UNICODE_STRING Name;
2887 UNICODE_STRING TypeName;
2888} OBJECT_DIRECTORY_INFORMATION;
2889typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2890RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2891
2892RT_DECL_NTAPI(NTSTATUS) NtSuspendProcess(HANDLE);
2893RT_DECL_NTAPI(NTSTATUS) NtResumeProcess(HANDLE);
2894/** @name ProcessDefaultHardErrorMode bit definitions.
2895 * @{ */
2896#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
2897#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2898#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2899#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2900/** @} */
2901RT_DECL_NTAPI(NTSTATUS) NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2902RT_DECL_NTAPI(NTSTATUS) NtTerminateProcess(HANDLE, LONG);
2903
2904/** Returned by NtQUerySection with SectionBasicInformation. */
2905typedef struct _SECTION_BASIC_INFORMATION
2906{
2907 PVOID BaseAddress;
2908 ULONG AllocationAttributes;
2909 LARGE_INTEGER MaximumSize;
2910} SECTION_BASIC_INFORMATION;
2911typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2912
2913/** Retured by ProcessImageInformation as well as NtQuerySection. */
2914typedef struct _SECTION_IMAGE_INFORMATION
2915{
2916 PVOID TransferAddress;
2917 ULONG ZeroBits;
2918 SIZE_T MaximumStackSize;
2919 SIZE_T CommittedStackSize;
2920 ULONG SubSystemType;
2921 union
2922 {
2923 struct
2924 {
2925 USHORT SubSystemMinorVersion;
2926 USHORT SubSystemMajorVersion;
2927 };
2928 ULONG SubSystemVersion;
2929 };
2930 ULONG GpValue;
2931 USHORT ImageCharacteristics;
2932 USHORT DllCharacteristics;
2933 USHORT Machine;
2934 BOOLEAN ImageContainsCode;
2935 union /**< Since Vista, used to be a spare BOOLEAN. */
2936 {
2937 struct
2938 {
2939 UCHAR ComPlusNativeRead : 1;
2940 UCHAR ComPlusILOnly : 1;
2941 UCHAR ImageDynamicallyRelocated : 1;
2942 UCHAR ImageMAppedFlat : 1;
2943 UCHAR Reserved : 4;
2944 };
2945 UCHAR ImageFlags;
2946 };
2947 ULONG LoaderFlags;
2948 ULONG ImageFileSize; /**< Since XP? */
2949 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2950} SECTION_IMAGE_INFORMATION;
2951typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2952
2953typedef enum _SECTION_INFORMATION_CLASS
2954{
2955 SectionBasicInformation = 0,
2956 SectionImageInformation,
2957 MaxSectionInfoClass
2958} SECTION_INFORMATION_CLASS;
2959RT_DECL_NTAPI(NTSTATUS) NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2960
2961RT_DECL_NTAPI(NTSTATUS) NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2962RT_DECL_NTAPI(NTSTATUS) NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2963RT_DECL_NTAPI(NTSTATUS) NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2964#ifndef SYMBOLIC_LINK_QUERY
2965# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2966#endif
2967#ifndef SYMBOLIC_LINK_ALL_ACCESS
2968# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2969#endif
2970
2971RT_DECL_NTAPI(NTSTATUS) NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2972RT_DECL_NTAPI(NTSTATUS) NtResumeThread(HANDLE, PULONG);
2973RT_DECL_NTAPI(NTSTATUS) NtSuspendThread(HANDLE, PULONG);
2974RT_DECL_NTAPI(NTSTATUS) NtTerminateThread(HANDLE, LONG);
2975RT_DECL_NTAPI(NTSTATUS) NtGetContextThread(HANDLE, PCONTEXT);
2976RT_DECL_NTAPI(NTSTATUS) NtSetContextThread(HANDLE, PCONTEXT);
2977RT_DECL_NTAPI(NTSTATUS) ZwYieldExecution(void);
2978
2979
2980#ifndef SEC_FILE
2981# define SEC_FILE UINT32_C(0x00800000)
2982#endif
2983#ifndef SEC_IMAGE
2984# define SEC_IMAGE UINT32_C(0x01000000)
2985#endif
2986#ifndef SEC_PROTECTED_IMAGE
2987# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2988#endif
2989#ifndef SEC_NOCACHE
2990# define SEC_NOCACHE UINT32_C(0x10000000)
2991#endif
2992#ifndef MEM_ROTATE
2993# define MEM_ROTATE UINT32_C(0x00800000)
2994#endif
2995typedef enum _MEMORY_INFORMATION_CLASS
2996{
2997 MemoryBasicInformation = 0,
2998 MemoryWorkingSetList,
2999 MemorySectionName,
3000 MemoryBasicVlmInformation
3001} MEMORY_INFORMATION_CLASS;
3002#ifndef IPRT_NT_USE_WINTERNL
3003# ifndef WDK_NTDDI_VERSION /* W10 ntifs.h has it, 7600.16385.1 didn't. */
3004typedef struct _MEMORY_BASIC_INFORMATION
3005{
3006 PVOID BaseAddress;
3007 PVOID AllocationBase;
3008 ULONG AllocationProtect;
3009# if ARCH_BITS == 64
3010 USHORT PartitionId;
3011# endif
3012 SIZE_T RegionSize;
3013 ULONG State;
3014 ULONG Protect;
3015 ULONG Type;
3016} MEMORY_BASIC_INFORMATION;
3017typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
3018# endif
3019# define NtQueryVirtualMemory ZwQueryVirtualMemory
3020#endif
3021#if defined(IPRT_NT_USE_WINTERNL) || !defined(WDK_NTDDI_VERSION) /* W10 ntifs.h has it, 7600.16385.1 didn't. */
3022RT_DECL_NTAPI(NTSTATUS) NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
3023#endif
3024#ifdef IPRT_NT_USE_WINTERNL
3025RT_DECL_NTAPI(NTSTATUS) NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
3026RT_DECL_NTAPI(NTSTATUS) NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
3027#endif
3028RT_DECL_NTAPI(NTSTATUS) NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
3029
3030typedef enum _SYSTEM_INFORMATION_CLASS
3031{
3032 SystemBasicInformation = 0,
3033 SystemCpuInformation,
3034 SystemPerformanceInformation,
3035 SystemTimeOfDayInformation,
3036 SystemInformation_Unknown_4,
3037 SystemProcessInformation,
3038 SystemInformation_Unknown_6,
3039 SystemInformation_Unknown_7,
3040 SystemProcessorPerformanceInformation,
3041 SystemInformation_Unknown_9,
3042 SystemInformation_Unknown_10,
3043 SystemModuleInformation,
3044 SystemInformation_Unknown_12,
3045 SystemInformation_Unknown_13,
3046 SystemInformation_Unknown_14,
3047 SystemInformation_Unknown_15,
3048 SystemHandleInformation,
3049 SystemInformation_Unknown_17,
3050 SystemPageFileInformation,
3051 SystemInformation_Unknown_19,
3052 SystemInformation_Unknown_20,
3053 SystemCacheInformation,
3054 SystemInformation_Unknown_22,
3055 SystemInterruptInformation,
3056 SystemDpcBehaviourInformation,
3057 SystemFullMemoryInformation,
3058 SystemLoadGdiDriverInformation, /* 26 */
3059 SystemUnloadGdiDriverInformation, /* 27 */
3060 SystemTimeAdjustmentInformation,
3061 SystemSummaryMemoryInformation,
3062 SystemInformation_Unknown_30,
3063 SystemInformation_Unknown_31,
3064 SystemInformation_Unknown_32,
3065 SystemExceptionInformation,
3066 SystemCrashDumpStateInformation,
3067 SystemKernelDebuggerInformation,
3068 SystemContextSwitchInformation,
3069 SystemRegistryQuotaInformation,
3070 SystemInformation_Unknown_38,
3071 SystemInformation_Unknown_39,
3072 SystemInformation_Unknown_40,
3073 SystemInformation_Unknown_41,
3074 SystemInformation_Unknown_42,
3075 SystemInformation_Unknown_43,
3076 SystemCurrentTimeZoneInformation,
3077 SystemLookasideInformation,
3078 SystemSetTimeSlipEvent,
3079 SystemCreateSession,
3080 SystemDeleteSession,
3081 SystemInformation_Unknown_49,
3082 SystemRangeStartInformation,
3083 SystemVerifierInformation,
3084 SystemInformation_Unknown_52,
3085 SystemSessionProcessInformation,
3086 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3087 SystemInformation_Unknown_55,
3088 SystemInformation_Unknown_56,
3089 SystemExtendedProcessInformation,
3090 SystemInformation_Unknown_58,
3091 SystemInformation_Unknown_59,
3092 SystemInformation_Unknown_60,
3093 SystemInformation_Unknown_61,
3094 SystemInformation_Unknown_62,
3095 SystemInformation_Unknown_63,
3096 SystemExtendedHandleInformation, /* 64 */
3097 SystemInformation_Unknown_65,
3098 SystemInformation_Unknown_66,
3099 SystemInformation_Unknown_67, /**< See https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/codeintegrity.htm */
3100 SystemInformation_Unknown_68,
3101 SystemInformation_HotPatchInfo, /* 69 */
3102 SystemInformation_Unknown_70,
3103 SystemInformation_Unknown_71,
3104 SystemInformation_Unknown_72,
3105 SystemInformation_Unknown_73,
3106 SystemInformation_Unknown_74,
3107 SystemInformation_Unknown_75,
3108 SystemInformation_Unknown_76,
3109 SystemInformation_Unknown_77,
3110 SystemInformation_Unknown_78,
3111 SystemInformation_Unknown_79,
3112 SystemInformation_Unknown_80,
3113 SystemInformation_Unknown_81,
3114 SystemInformation_Unknown_82,
3115 SystemInformation_Unknown_83,
3116 SystemInformation_Unknown_84,
3117 SystemInformation_Unknown_85,
3118 SystemInformation_Unknown_86,
3119 SystemInformation_Unknown_87,
3120 SystemInformation_Unknown_88,
3121 SystemInformation_Unknown_89,
3122 SystemInformation_Unknown_90,
3123 SystemInformation_Unknown_91,
3124 SystemInformation_Unknown_92,
3125 SystemInformation_Unknown_93,
3126 SystemInformation_Unknown_94,
3127 SystemInformation_Unknown_95,
3128 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3129 SystemInformation_Unknown_97,
3130 SystemInformation_Unknown_98,
3131 SystemInformation_Unknown_99,
3132 SystemInformation_Unknown_100,
3133 SystemInformation_Unknown_101,
3134 SystemInformation_Unknown_102,
3135 SystemInformation_Unknown_103,
3136 SystemInformation_Unknown_104,
3137 SystemInformation_Unknown_105,
3138 SystemInformation_Unknown_107,
3139 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3140
3141 /** @todo fill gap. they've added a whole bunch of things */
3142 SystemPolicyInformation = 134,
3143 SystemInformationClassMax
3144} SYSTEM_INFORMATION_CLASS;
3145
3146#ifdef IPRT_NT_USE_WINTERNL
3147typedef struct _VM_COUNTERS
3148{
3149 SIZE_T PeakVirtualSize;
3150 SIZE_T VirtualSize;
3151 ULONG PageFaultCount;
3152 SIZE_T PeakWorkingSetSize;
3153 SIZE_T WorkingSetSize;
3154 SIZE_T QuotaPeakPagedPoolUsage;
3155 SIZE_T QuotaPagedPoolUsage;
3156 SIZE_T QuotaPeakNonPagedPoolUsage;
3157 SIZE_T QuotaNonPagedPoolUsage;
3158 SIZE_T PagefileUsage;
3159 SIZE_T PeakPagefileUsage;
3160} VM_COUNTERS;
3161typedef VM_COUNTERS *PVM_COUNTERS;
3162#endif
3163
3164#if 0
3165typedef struct _IO_COUNTERS
3166{
3167 ULONGLONG ReadOperationCount;
3168 ULONGLONG WriteOperationCount;
3169 ULONGLONG OtherOperationCount;
3170 ULONGLONG ReadTransferCount;
3171 ULONGLONG WriteTransferCount;
3172 ULONGLONG OtherTransferCount;
3173} IO_COUNTERS;
3174typedef IO_COUNTERS *PIO_COUNTERS;
3175#endif
3176
3177typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3178{
3179 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
3180 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
3181 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
3182 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
3183 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
3184 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
3185 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
3186 int32_t BasePriority; /**< 0x40 / 0x48 */
3187 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
3188 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
3189 ULONG HandleCount; /**< 0x4c / 0x60 */
3190 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
3191 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
3192 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
3193 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
3194 /* After this follows the threads, then the ProcessName.Buffer. */
3195} RTNT_SYSTEM_PROCESS_INFORMATION;
3196typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3197#ifndef IPRT_NT_USE_WINTERNL
3198typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3199typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3200#endif
3201
3202typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3203{
3204 USHORT UniqueProcessId;
3205 USHORT CreatorBackTraceIndex;
3206 UCHAR ObjectTypeIndex;
3207 UCHAR HandleAttributes;
3208 USHORT HandleValue;
3209 PVOID Object;
3210 ULONG GrantedAccess;
3211} SYSTEM_HANDLE_ENTRY_INFO;
3212typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3213
3214/** Returned by SystemHandleInformation */
3215typedef struct _SYSTEM_HANDLE_INFORMATION
3216{
3217 ULONG NumberOfHandles;
3218 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3219} SYSTEM_HANDLE_INFORMATION;
3220typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3221
3222/** Extended handle information entry.
3223 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3224typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3225{
3226 PVOID Object;
3227 HANDLE UniqueProcessId;
3228 HANDLE HandleValue;
3229 ACCESS_MASK GrantedAccess;
3230 USHORT CreatorBackTraceIndex;
3231 USHORT ObjectTypeIndex;
3232 ULONG HandleAttributes;
3233 ULONG Reserved;
3234} SYSTEM_HANDLE_ENTRY_INFO_EX;
3235typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3236
3237/** Returned by SystemExtendedHandleInformation. */
3238typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3239{
3240 ULONG_PTR NumberOfHandles;
3241 ULONG_PTR Reserved;
3242 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3243} SYSTEM_HANDLE_INFORMATION_EX;
3244typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3245
3246/** Returned by SystemSessionProcessInformation. */
3247typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3248{
3249 ULONG SessionId;
3250 ULONG BufferLength;
3251 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3252 PVOID Buffer;
3253} SYSTEM_SESSION_PROCESS_INFORMATION;
3254typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3255
3256typedef struct _RTL_PROCESS_MODULE_INFORMATION
3257{
3258 HANDLE Section; /**< 0x00 / 0x00 */
3259 PVOID MappedBase; /**< 0x04 / 0x08 */
3260 PVOID ImageBase; /**< 0x08 / 0x10 */
3261 ULONG ImageSize; /**< 0x0c / 0x18 */
3262 ULONG Flags; /**< 0x10 / 0x1c */
3263 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
3264 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
3265 USHORT LoadCount; /**< 0x18 / 0x24 */
3266 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
3267 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
3268} RTL_PROCESS_MODULE_INFORMATION;
3269typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3270
3271/** Returned by SystemModuleInformation. */
3272typedef struct _RTL_PROCESS_MODULES
3273{
3274 ULONG NumberOfModules;
3275 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
3276} RTL_PROCESS_MODULES;
3277typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3278
3279RT_DECL_NTAPI(NTSTATUS) NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3280#ifndef IPRT_NT_MAP_TO_ZW
3281RT_DECL_NTAPI(NTSTATUS) ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3282#endif
3283
3284RT_DECL_NTAPI(NTSTATUS) NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3285RT_DECL_NTAPI(NTSTATUS) NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3286
3287RT_DECL_NTAPI(NTSTATUS) NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3288RT_DECL_NTAPI(NTSTATUS) NtYieldExecution(void);
3289#ifndef IPRT_NT_USE_WINTERNL
3290RT_DECL_NTAPI(NTSTATUS) NtWaitForSingleObject(HANDLE, BOOLEAN, PLARGE_INTEGER);
3291#endif
3292typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3293typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3294RT_DECL_NTAPI(NTSTATUS) NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3295
3296#ifdef IPRT_NT_USE_WINTERNL
3297RT_DECL_NTAPI(NTSTATUS) NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3298#endif
3299
3300#ifdef IPRT_NT_USE_WINTERNL
3301typedef enum _EVENT_TYPE
3302{
3303 /* Manual reset event. */
3304 NotificationEvent = 0,
3305 /* Automaitc reset event. */
3306 SynchronizationEvent
3307} EVENT_TYPE;
3308#endif
3309RT_DECL_NTAPI(NTSTATUS) NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3310RT_DECL_NTAPI(NTSTATUS) NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3311typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3312RT_DECL_NTAPI(NTSTATUS) NtClearEvent(HANDLE);
3313RT_DECL_NTAPI(NTSTATUS) NtResetEvent(HANDLE, PULONG);
3314RT_DECL_NTAPI(NTSTATUS) NtSetEvent(HANDLE, PULONG);
3315typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3316typedef enum _EVENT_INFORMATION_CLASS
3317{
3318 EventBasicInformation = 0
3319} EVENT_INFORMATION_CLASS;
3320/** Data returned by NtQueryEvent + EventBasicInformation. */
3321typedef struct EVENT_BASIC_INFORMATION
3322{
3323 EVENT_TYPE EventType;
3324 ULONG EventState;
3325} EVENT_BASIC_INFORMATION;
3326typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3327RT_DECL_NTAPI(NTSTATUS) NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3328
3329#ifdef IPRT_NT_USE_WINTERNL
3330/** For NtQueryValueKey. */
3331typedef enum _KEY_VALUE_INFORMATION_CLASS
3332{
3333 KeyValueBasicInformation = 0,
3334 KeyValueFullInformation,
3335 KeyValuePartialInformation,
3336 KeyValueFullInformationAlign64,
3337 KeyValuePartialInformationAlign64
3338} KEY_VALUE_INFORMATION_CLASS;
3339
3340/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3341typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3342{
3343 ULONG TitleIndex;
3344 ULONG Type;
3345 ULONG DataLength;
3346 UCHAR Data[1];
3347} KEY_VALUE_PARTIAL_INFORMATION;
3348typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3349#endif
3350RT_DECL_NTAPI(NTSTATUS) NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3351RT_DECL_NTAPI(NTSTATUS) NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3352
3353
3354RT_DECL_NTAPI(NTSTATUS) RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3355
3356
3357typedef struct _CURDIR
3358{
3359 UNICODE_STRING DosPath;
3360 HANDLE Handle; /**< 0x10 / 0x08 */
3361} CURDIR;
3362AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3363typedef CURDIR *PCURDIR;
3364
3365typedef struct _RTL_DRIVE_LETTER_CURDIR
3366{
3367 USHORT Flags;
3368 USHORT Length;
3369 ULONG TimeStamp;
3370 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
3371} RTL_DRIVE_LETTER_CURDIR;
3372typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3373
3374typedef struct _RTL_USER_PROCESS_PARAMETERS
3375{
3376 ULONG MaximumLength; /**< 0x000 / 0x000 */
3377 ULONG Length; /**< 0x004 / 0x004 */
3378 ULONG Flags; /**< 0x008 / 0x008 */
3379 ULONG DebugFlags; /**< 0x00c / 0x00c */
3380 HANDLE ConsoleHandle; /**< 0x010 / 0x010 */
3381 ULONG ConsoleFlags; /**< 0x018 / 0x014 */
3382 HANDLE StandardInput; /**< 0x020 / 0x018 */
3383 HANDLE StandardOutput; /**< 0x028 / 0x01c */
3384 HANDLE StandardError; /**< 0x030 / 0x020 */
3385 CURDIR CurrentDirectory; /**< 0x038 / 0x024 */
3386 UNICODE_STRING DllPath; /**< 0x050 / 0x030 */
3387 UNICODE_STRING ImagePathName; /**< 0x060 / 0x038 */
3388 UNICODE_STRING CommandLine; /**< 0x070 / 0x040 */
3389 PWSTR Environment; /**< 0x080 / 0x048 */
3390 ULONG StartingX; /**< 0x088 / 0x04c */
3391 ULONG StartingY; /**< 0x090 / 0x050 */
3392 ULONG CountX; /**< 0x094 / 0x054 */
3393 ULONG CountY; /**< 0x098 / 0x058 */
3394 ULONG CountCharsX; /**< 0x09c / 0x05c */
3395 ULONG CountCharsY; /**< 0x0a0 / 0x060 */
3396 ULONG FillAttribute; /**< 0x0a4 / 0x064 */
3397 ULONG WindowFlags; /**< 0x0a8 / 0x068 */
3398 ULONG ShowWindowFlags; /**< 0x0ac / 0x06c */
3399 UNICODE_STRING WindowTitle; /**< 0x0b0 / 0x070 */
3400 UNICODE_STRING DesktopInfo; /**< 0x0c0 / 0x078 */
3401 UNICODE_STRING ShellInfo; /**< 0x0d0 / 0x080 */
3402 UNICODE_STRING RuntimeInfo; /**< 0x0e0 / 0x088 */
3403 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /**< 0x0f0 / 0x090 */
3404 SIZE_T EnvironmentSize; /**< 0x3f0 / 0x - Added in Vista */
3405 SIZE_T EnvironmentVersion; /**< 0x3f8 / 0x - Added in Windows 7. */
3406 PVOID PackageDependencyData; /**< 0x400 / 0x - Added Windows 8? */
3407 ULONG ProcessGroupId; /**< 0x408 / 0x - Added Windows 8? */
3408 ULONG LoaderThreads; /**< 0x40c / 0x - Added Windows 10? */
3409} RTL_USER_PROCESS_PARAMETERS;
3410typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3411#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3412
3413typedef struct _RTL_USER_PROCESS_INFORMATION
3414{
3415 ULONG Size;
3416 HANDLE ProcessHandle;
3417 HANDLE ThreadHandle;
3418 CLIENT_ID ClientId;
3419 SECTION_IMAGE_INFORMATION ImageInformation;
3420} RTL_USER_PROCESS_INFORMATION;
3421typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3422
3423
3424RT_DECL_NTAPI(NTSTATUS) RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3425 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3426RT_DECL_NTAPI(NTSTATUS) RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3427 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3428 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3429 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3430 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3431RT_DECL_NTAPI(VOID) RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3432RT_DECL_NTAPI(NTSTATUS) RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3433 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3434
3435#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3436typedef struct _RTL_CRITICAL_SECTION
3437{
3438 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3439 LONG LockCount;
3440 LONG Recursioncount;
3441 HANDLE OwningThread;
3442 HANDLE LockSemaphore;
3443 ULONG_PTR SpinCount;
3444} RTL_CRITICAL_SECTION;
3445typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3446#endif
3447
3448/*RT_DECL_NTAPI(ULONG) RtlNtStatusToDosError(NTSTATUS rcNt);*/
3449
3450/** @def RTL_QUERY_REGISTRY_TYPECHECK
3451 * WDK 8.1+, backported in updates, ignored in older. */
3452#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
3453# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3454#endif
3455/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3456 * WDK 8.1+, backported in updates, ignored in older. */
3457#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
3458# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3459#endif
3460
3461RT_DECL_NTAPI(VOID) RtlFreeUnicodeString(PUNICODE_STRING);
3462
3463RT_C_DECLS_END
3464/** @} */
3465
3466
3467#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
3468/** @name NT Kernel APIs
3469 * @{ */
3470RT_C_DECLS_BEGIN
3471
3472typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
3473
3474RT_DECL_NTAPI(VOID) KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3475typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3476RT_DECL_NTAPI(VOID) KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3477typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3478RT_DECL_NTAPI(VOID) KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3479typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3480RT_DECL_NTAPI(BOOLEAN) KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3481typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3482RT_DECL_NTAPI(BOOLEAN) KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3483typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3484RT_DECL_NTAPI(BOOLEAN) KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3485typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3486RT_DECL_NTAPI(VOID) KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3487typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3488RT_DECL_NTAPI(VOID) KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3489typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3490RT_DECL_NTAPI(BOOLEAN) KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3491typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3492RT_DECL_NTAPI(BOOLEAN) KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3493typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3494/** Works like anding the complemented subtrahend with the minuend. */
3495RT_DECL_NTAPI(BOOLEAN) KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3496typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3497RT_DECL_NTAPI(BOOLEAN) KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3498typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3499RT_DECL_NTAPI(BOOLEAN) KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3500typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3501RT_DECL_NTAPI(BOOLEAN) KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3502typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3503RT_DECL_NTAPI(ULONG) KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3504typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3505RT_DECL_NTAPI(KEPROCESSORINDEX) KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3506typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3507typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3508typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
3509typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
3510typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
3511typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3512typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3513typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3514typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3515typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
3516typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3517typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
3518 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3519 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3520typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
3521typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3522typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
3523typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3524
3525RT_DECL_NTAPI(BOOLEAN) ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3526 PVOID pvOptionalConditions, PHANDLE phFound);
3527RT_DECL_NTAPI(NTSTATUS) ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3528 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3529 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3530RT_DECL_NTAPI(HANDLE) PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3531RT_DECL_NTAPI(UCHAR *) PsGetProcessImageFileName(PEPROCESS);
3532RT_DECL_NTAPI(BOOLEAN) PsIsProcessBeingDebugged(PEPROCESS);
3533RT_DECL_NTAPI(ULONG) PsGetProcessSessionId(PEPROCESS);
3534extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
3535extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
3536
3537typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3538typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3539
3540RT_C_DECLS_END
3541/** @ */
3542#endif /* IN_RING0 */
3543
3544
3545#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
3546/** @name NT Userland APIs
3547 * @{ */
3548RT_C_DECLS_BEGIN
3549
3550#if 0 /** @todo figure this out some time... */
3551typedef struct CSR_MSG_DATA_CREATED_PROCESS
3552{
3553 HANDLE hProcess;
3554 HANDLE hThread;
3555 CLIENT_ID
3556 DWORD idProcess;
3557 DWORD idThread;
3558 DWORD fCreate;
3559
3560} CSR_MSG_DATA_CREATED_PROCESS;
3561
3562#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3563#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3564RT_DECL_NTAPI(NTSTATUS) CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3565#endif
3566
3567RT_DECL_NTAPI(VOID) LdrInitializeThunk(PVOID, PVOID, PVOID);
3568
3569typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3570{
3571 ULONG Flags;
3572 PCUNICODE_STRING FullDllName;
3573 PCUNICODE_STRING BaseDllName;
3574 PVOID DllBase;
3575 ULONG SizeOfImage;
3576} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3577typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3578typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3579
3580typedef union _LDR_DLL_NOTIFICATION_DATA
3581{
3582 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3583 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3584} LDR_DLL_NOTIFICATION_DATA;
3585typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3586typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3587
3588typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3589
3590#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3591#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3592RT_DECL_NTAPI(NTSTATUS) LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3593 PVOID *pvCookie);
3594typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
3595RT_DECL_NTAPI(NTSTATUS) LdrUnregisterDllNotification(PVOID pvCookie);
3596typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3597
3598RT_DECL_NTAPI(NTSTATUS) LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3599 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3600typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3601 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3602RT_DECL_NTAPI(NTSTATUS) LdrUnloadDll(IN HANDLE hMod);
3603typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3604RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3605 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3606typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3607 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3608#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3609#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3610/** @since Windows XP. */
3611RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3612 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3613/** @since Windows XP. */
3614typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3615 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3616/** @since Windows 7. */
3617RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3618/** @since Windows 7. */
3619typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3620/** @since Windows 7. */
3621RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3622 OUT PHANDLE phDll);
3623/** @since Windows 7. */
3624typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3625 OUT PHANDLE phDll);
3626#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3627RT_DECL_NTAPI(NTSTATUS) LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3628typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3629RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3630 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3631typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3632 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3633#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3634/** @since Windows Vista. */
3635RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3636 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3637/** @since Windows Vista. */
3638typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3639 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3640#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3641#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3642#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3643#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3644#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3645/** @since Windows XP. */
3646RT_DECL_NTAPI(NTSTATUS) LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3647/** @since Windows XP. */
3648typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3649#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3650/** @since Windows XP. */
3651RT_DECL_NTAPI(NTSTATUS) LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3652/** @since Windows XP. */
3653typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3654
3655RT_DECL_NTAPI(NTSTATUS) RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3656RT_DECL_NTAPI(VOID) RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
3657RT_DECL_NTAPI(VOID) RtlExitUserThread(NTSTATUS rcExitCode);
3658RT_DECL_NTAPI(NTSTATUS) RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3659 IN PCUNICODE_STRING pOrgName,
3660 IN PUNICODE_STRING pDefaultSuffix,
3661 IN OUT PUNICODE_STRING pStaticString,
3662 IN OUT PUNICODE_STRING pDynamicString,
3663 IN OUT PUNICODE_STRING *ppResultString,
3664 IN PULONG pfNewFlags OPTIONAL,
3665 IN PSIZE_T pcbFilename OPTIONAL,
3666 IN PSIZE_T pcbNeeded OPTIONAL);
3667/** @since Windows 8.
3668 * @note Status code is always zero in windows 10 build 14393. */
3669RT_DECL_NTAPI(NTSTATUS) ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3670/** @copydoc ApiSetQueryApiSetPresence */
3671typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3672
3673
3674# ifdef IPRT_NT_USE_WINTERNL
3675typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3676typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3677typedef struct _RTL_HEAP_PARAMETERS
3678{
3679 ULONG Length;
3680 SIZE_T SegmentReserve;
3681 SIZE_T SegmentCommit;
3682 SIZE_T DeCommitFreeBlockThreshold;
3683 SIZE_T DeCommitTotalFreeThreshold;
3684 SIZE_T MaximumAllocationSize;
3685 SIZE_T VirtualMemoryThreshold;
3686 SIZE_T InitialCommit;
3687 SIZE_T InitialReserve;
3688 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3689 SIZE_T Reserved[2];
3690} RTL_HEAP_PARAMETERS;
3691typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3692RT_DECL_NTAPI(PVOID) RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3693 PRTL_HEAP_PARAMETERS pParameters);
3694/** @name Heap flags (for RtlCreateHeap).
3695 * @{ */
3696/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3697# define HEAP_GROWABLE UINT32_C(0x00000002)
3698# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3699# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3700# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3701# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3702# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3703# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3704# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3705# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3706# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3707# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3708# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3709# define HEAP_CLASS_0 UINT32_C(0x00000000)
3710# define HEAP_CLASS_1 UINT32_C(0x00001000)
3711# define HEAP_CLASS_2 UINT32_C(0x00002000)
3712# define HEAP_CLASS_3 UINT32_C(0x00003000)
3713# define HEAP_CLASS_4 UINT32_C(0x00004000)
3714# define HEAP_CLASS_5 UINT32_C(0x00005000)
3715# define HEAP_CLASS_6 UINT32_C(0x00006000)
3716# define HEAP_CLASS_7 UINT32_C(0x00007000)
3717# define HEAP_CLASS_8 UINT32_C(0x00008000)
3718# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3719# endif
3720# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3721# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3722# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3723# define HEAP_CLASS_GDI HEAP_CLASS_3
3724# define HEAP_CLASS_USER HEAP_CLASS_4
3725# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3726# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3727# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3728# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3729# ifdef IPRT_NT_USE_WINTERNL
3730/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3731# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3732# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3733# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3734# endif /* IPRT_NT_USE_WINTERNL */
3735/** @} */
3736# ifdef IPRT_NT_USE_WINTERNL
3737/** @name Heap tagging constants
3738 * @{ */
3739# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3740/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3741# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3742# define HEAP_TAG_SHIFT 18 */
3743# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3744/** @} */
3745RT_DECL_NTAPI(PVOID) RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3746RT_DECL_NTAPI(PVOID) RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3747RT_DECL_NTAPI(BOOLEAN) RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3748# endif /* IPRT_NT_USE_WINTERNL */
3749RT_DECL_NTAPI(SIZE_T) RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3750RT_DECL_NTAPI(SIZE_T) RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3751RT_DECL_NTAPI(NTSTATUS) RtlGetLastNtStatus(VOID);
3752RT_DECL_NTAPI(ULONG) RtlGetLastWin32Error(VOID);
3753RT_DECL_NTAPI(VOID) RtlSetLastWin32Error(ULONG uError);
3754RT_DECL_NTAPI(VOID) RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3755RT_DECL_NTAPI(VOID) RtlRestoreLastWin32Error(ULONG uError);
3756RT_DECL_NTAPI(BOOLEAN) RtlQueryPerformanceCounter(PLARGE_INTEGER);
3757RT_DECL_NTAPI(uint64_t) RtlGetSystemTimePrecise(VOID);
3758typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3759RT_DECL_NTAPI(uint64_t) RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3760typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3761RT_DECL_NTAPI(BOOLEAN) RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3762typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3763
3764RT_C_DECLS_END
3765/** @} */
3766#endif /* IN_RING3 */
3767
3768#endif /* !IPRT_INCLUDED_nt_nt_h */
3769
Note: See TracBrowser for help on using the repository browser.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette