VirtualBox

source: vbox/trunk/include/iprt/nt/nt.h@ 71480

最後變更 在這個檔案從71480是 71480,由 vboxsync 提交於 7 年 前

nt/nt.h: updates to PROCESSINFOCLASS.
  • 屬性 svn:eol-style 設為 native
  • 屬性 svn:keywords 設為 Author Date Id Revision
檔案大小: 137.0 KB
 
1/* $Id: nt.h 71480 2018-03-23 11:06:38Z vboxsync $ */
2/** @file
3 * IPRT - Header for code using the Native NT API.
4 */
5
6/*
7 * Copyright (C) 2010-2017 Oracle Corporation
8 *
9 * This file is part of VirtualBox Open Source Edition (OSE), as
10 * available from http://www.alldomusa.eu.org. This file is free software;
11 * you can redistribute it and/or modify it under the terms of the GNU
12 * General Public License (GPL) as published by the Free Software
13 * Foundation, in version 2 as it comes in the "COPYING" file of the
14 * VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15 * hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16 *
17 * The contents of this file may alternatively be used under the terms
18 * of the Common Development and Distribution License Version 1.0
19 * (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20 * VirtualBox OSE distribution, in which case the provisions of the
21 * CDDL are applicable instead of those of the GPL.
22 *
23 * You may elect to license modified versions of this file under the
24 * terms and conditions of either the GPL or the CDDL or both.
25 */
26
27#ifndef ___iprt_nt_nt_h___
28#define ___iprt_nt_nt_h___
29
30/** @def IPRT_NT_MAP_TO_ZW
31 * Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
32 * to the APIs (takes care of the previous context checks).
33 */
34#ifdef DOXYGEN_RUNNING
35# define IPRT_NT_MAP_TO_ZW
36#endif
37
38#ifdef IPRT_NT_MAP_TO_ZW
39# define NtQueryInformationFile ZwQueryInformationFile
40# define NtQueryInformationProcess ZwQueryInformationProcess
41# define NtQueryInformationThread ZwQueryInformationThread
42# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
43# define NtQuerySystemInformation ZwQuerySystemInformation
44# define NtQuerySecurityObject ZwQuerySecurityObject
45# define NtSetInformationFile ZwSetInformationFile
46# define NtClose ZwClose
47# define NtCreateFile ZwCreateFile
48# define NtReadFile ZwReadFile
49# define NtWriteFile ZwWriteFile
50# define NtFlushBuffersFile ZwFlushBuffersFile
51/** @todo this is very incomplete! */
52#endif
53
54#include <ntstatus.h>
55
56/*
57 * Hacks common to both base header sets.
58 */
59#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
60#define NtQueryObject Incomplete_NtQueryObject
61#define ZwQueryObject Incomplete_ZwQueryObject
62#define NtSetInformationObject Incomplete_NtSetInformationObject
63#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
64#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
65#define ObjectBasicInformation Incomplete_ObjectBasicInformation
66#define ObjectTypeInformation Incomplete_ObjectTypeInformation
67#define _PEB Incomplete__PEB
68#define PEB Incomplete_PEB
69#define PPEB Incomplete_PPEB
70#define _TEB Incomplete__TEB
71#define TEB Incomplete_TEB
72#define PTEB Incomplete_PTEB
73#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
74#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
75#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
76#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
77#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
78#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
79
80
81
82#ifdef IPRT_NT_USE_WINTERNL
83/*
84 * Use Winternl.h.
85 */
86# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
87# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
88# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
89
90# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
91# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
92# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
93# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
94# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
95# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
96# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
97# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
98# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
99# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
100# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
101# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
102
103# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
104# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
105# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
106
107# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
108# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
109# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
110# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
111# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
112
113# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
114# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
115# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
116# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
117# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
118# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
119# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
120# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
121# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
122# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
123# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
124# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
125# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
126# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
127
128
129# pragma warning(push)
130# pragma warning(disable: 4668)
131# define WIN32_NO_STATUS
132# include <windef.h>
133# include <winnt.h>
134# include <winternl.h>
135# undef WIN32_NO_STATUS
136# include <ntstatus.h>
137# pragma warning(pop)
138
139# ifndef OBJ_DONT_REPARSE
140# define RTNT_NEED_CLIENT_ID
141# endif
142
143# undef _FILE_INFORMATION_CLASS
144# undef FILE_INFORMATION_CLASS
145# undef FileDirectoryInformation
146
147# undef NtQueryInformationProcess
148# undef NtSetInformationProcess
149# undef PROCESSINFOCLASS
150# undef _PROCESSINFOCLASS
151# undef PROCESS_BASIC_INFORMATION
152# undef PPROCESS_BASIC_INFORMATION
153# undef _PROCESS_BASIC_INFORMATION
154# undef ProcessBasicInformation
155# undef ProcessDebugPort
156# undef ProcessWow64Information
157# undef ProcessImageFileName
158# undef ProcessBreakOnTermination
159
160# undef RTL_USER_PROCESS_PARAMETERS
161# undef PRTL_USER_PROCESS_PARAMETERS
162# undef _RTL_USER_PROCESS_PARAMETERS
163
164# undef NtQueryInformationThread
165# undef NtSetInformationThread
166# undef THREADINFOCLASS
167# undef _THREADINFOCLASS
168# undef ThreadIsIoPending
169
170# undef NtQuerySystemInformation
171# undef NtSetSystemInformation
172# undef SYSTEM_INFORMATION_CLASS
173# undef _SYSTEM_INFORMATION_CLASS
174# undef SystemBasicInformation
175# undef SystemPerformanceInformation
176# undef SystemTimeOfDayInformation
177# undef SystemProcessInformation
178# undef SystemProcessorPerformanceInformation
179# undef SystemInterruptInformation
180# undef SystemExceptionInformation
181# undef SystemRegistryQuotaInformation
182# undef SystemLookasideInformation
183# undef SystemPolicyInformation
184
185#else
186/*
187 * Use ntifs.h and wdm.h.
188 */
189# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
190# define FORCEINLINE static __forceinline
191# else
192# define FORCEINLINE static __inline
193# endif
194
195# pragma warning(push)
196# ifdef RT_ARCH_X86
197# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
198# pragma warning(disable: 4163)
199# endif
200# pragma warning(disable: 4668)
201# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
202# if _MSC_VER >= 1800 /*RT_MSC_VER_VC120*/
203# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
204# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
205# endif
206
207# include <ntifs.h>
208# include <wdm.h>
209
210# ifdef RT_ARCH_X86
211# undef _InterlockedAddLargeStatistic
212# endif
213# pragma warning(pop)
214
215# define IPRT_NT_NEED_API_GROUP_NTIFS
216#endif
217
218#undef RtlFreeUnicodeString
219#undef NtQueryObject
220#undef ZwQueryObject
221#undef NtSetInformationObject
222#undef _OBJECT_INFORMATION_CLASS
223#undef OBJECT_INFORMATION_CLASS
224#undef ObjectBasicInformation
225#undef ObjectTypeInformation
226#undef _PEB
227#undef PEB
228#undef PPEB
229#undef _TEB
230#undef TEB
231#undef PTEB
232#undef _PEB_LDR_DATA
233#undef PEB_LDR_DATA
234#undef PPEB_LDR_DATA
235#undef _KUSER_SHARED_DATA
236#undef KUSER_SHARED_DATA
237#undef PKUSER_SHARED_DATA
238
239
240#include <iprt/types.h>
241#include <iprt/assert.h>
242
243
244/** @name Useful macros
245 * @{ */
246/** Indicates that we're targeting native NT in the current source. */
247#define RTNT_USE_NATIVE_NT 1
248/** Initializes a IO_STATUS_BLOCK. */
249#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
250/** Reinitializes a IO_STATUS_BLOCK. */
251#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
252 do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
253/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
254#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
255/** Constant UNICODE_STRING initializer. */
256#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
257/** @} */
258
259
260/** @name IPRT helper functions for NT
261 * @{ */
262RT_C_DECLS_BEGIN
263
264RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
265 ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
266 PHANDLE phHandle, PULONG_PTR puDisposition);
267RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
268 ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
269RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
270 ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
271RTDECL(int) RTNtPathClose(HANDLE hHandle);
272
273/**
274 * Converts a windows-style path to NT format and encoding.
275 *
276 * @returns IPRT status code.
277 * @param pNtName Where to return the NT name. Free using
278 * RTNtPathFree.
279 * @param phRootDir Where to return the root handle, if applicable.
280 * @param pszPath The UTF-8 path.
281 */
282RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath);
283
284/**
285 * Converts a UTF-16 windows-style path to NT format.
286 *
287 * @returns IPRT status code.
288 * @param pNtName Where to return the NT name. Free using
289 * RTNtPathFree.
290 * @param phRootDir Where to return the root handle, if applicable.
291 * @param pwszPath The UTF-16 windows-style path.
292 * @param cwcPath The max length of the windows-style path in
293 * RTUTF16 units. Use RTSTR_MAX if unknown and @a
294 * pwszPath is correctly terminated.
295 */
296RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
297
298/**
299 * How to handle ascent ('..' relative to a root handle).
300 */
301typedef enum RTNTPATHRELATIVEASCENT
302{
303 kRTNtPathRelativeAscent_Invalid = 0,
304 kRTNtPathRelativeAscent_Allow,
305 kRTNtPathRelativeAscent_Fail,
306 kRTNtPathRelativeAscent_Ignore,
307 kRTNtPathRelativeAscent_End,
308 kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
309} RTNTPATHRELATIVEASCENT;
310
311/**
312 * Converts a relative windows-style path to relative NT format and encoding.
313 *
314 * @returns IPRT status code.
315 * @param pNtName Where to return the NT name. Free using
316 * rtTNtPathToNative with phRootDir set to NULL.
317 * @param phRootDir On input, the handle to the directory the path
318 * is relative to. On output, the handle to
319 * specify as root directory in the object
320 * attributes when accessing the path. If
321 * enmAscent is kRTNtPathRelativeAscent_Allow, it
322 * may have been set to NULL.
323 * @param pszPath The relative UTF-8 path.
324 * @param enmAscent How to handle ascent.
325 * @param fMustReturnAbsolute Must convert to an absolute path. This
326 * is necessary if the root dir is a NT directory
327 * object (e.g. /Devices) since they cannot parse
328 * relative paths it seems.
329 */
330RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING *pNtName, PHANDLE phRootDir, const char *pszPath,
331 RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
332
333/**
334 * Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
335 * chars plus a terminator.
336 *
337 * The NT string must have been returned by RTNtPathFromWinUtf8 or
338 * RTNtPathFromWinUtf16Ex.
339 *
340 * @returns IPRT status code.
341 * @param pNtName The NT path string.
342 * @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
343 * @sa RTNtPathFree
344 */
345RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
346
347/**
348 * Frees the native path and root handle.
349 *
350 * @param pNtName The NT path after a successful rtNtPathToNative
351 * call or RTNtPathRelativeFromUtf8.
352 * @param phRootDir The root handle variable from rtNtPathToNative,
353 */
354RTDECL(void) RTNtPathFree(struct _UNICODE_STRING *pNtName, HANDLE *phRootDir);
355
356
357/**
358 * Checks whether the path could be containing alternative 8.3 names generated
359 * by NTFS, FAT, or other similar file systems.
360 *
361 * @returns Pointer to the first component that might be an 8.3 name, NULL if
362 * not 8.3 path.
363 * @param pwszPath The path to check.
364 *
365 * @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
366 * however, non-tilde 8.3 aliases are probably rare enough to not be
367 * worth all the extra code necessary to open each path component and
368 * check if we've got the short name or not.
369 */
370RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
371
372/**
373 * Fixes up a path possibly containing one or more alternative 8-dot-3 style
374 * components.
375 *
376 * The path is fixed up in place. Errors are ignored.
377 *
378 * @returns VINF_SUCCESS if it all went smoothly, informational status codes
379 * indicating the nature of last problem we ran into.
380 *
381 * @param pUniStr The path to fix up. MaximumLength is the max buffer
382 * length.
383 * @param fPathOnly Whether to only process the path and leave the filename
384 * as passed in.
385 */
386RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
387
388
389RT_C_DECLS_END
390/** @} */
391
392
393/** @name NT API delcarations.
394 * @{ */
395RT_C_DECLS_BEGIN
396
397/** @name Process access rights missing in ntddk headers
398 * @{ */
399#ifndef PROCESS_TERMINATE
400# define PROCESS_TERMINATE UINT32_C(0x00000001)
401#endif
402#ifndef PROCESS_CREATE_THREAD
403# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
404#endif
405#ifndef PROCESS_SET_SESSIONID
406# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
407#endif
408#ifndef PROCESS_VM_OPERATION
409# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
410#endif
411#ifndef PROCESS_VM_READ
412# define PROCESS_VM_READ UINT32_C(0x00000010)
413#endif
414#ifndef PROCESS_VM_WRITE
415# define PROCESS_VM_WRITE UINT32_C(0x00000020)
416#endif
417#ifndef PROCESS_DUP_HANDLE
418# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
419#endif
420#ifndef PROCESS_CREATE_PROCESS
421# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
422#endif
423#ifndef PROCESS_SET_QUOTA
424# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
425#endif
426#ifndef PROCESS_SET_INFORMATION
427# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
428#endif
429#ifndef PROCESS_QUERY_INFORMATION
430# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
431#endif
432#ifndef PROCESS_SUSPEND_RESUME
433# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
434#endif
435#ifndef PROCESS_QUERY_LIMITED_INFORMATION
436# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
437#endif
438#ifndef PROCESS_SET_LIMITED_INFORMATION
439# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
440#endif
441#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
442#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
443#ifndef PROCESS_ALL_ACCESS
444# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | UINT32_C(0x0000ffff) )
445#endif
446/** @} */
447
448/** @name Thread access rights missing in ntddk headers
449 * @{ */
450#ifndef THREAD_QUERY_INFORMATION
451# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
452#endif
453#ifndef THREAD_SET_THREAD_TOKEN
454# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
455#endif
456#ifndef THREAD_IMPERSONATE
457# define THREAD_IMPERSONATE UINT32_C(0x00000100)
458#endif
459#ifndef THREAD_DIRECT_IMPERSONATION
460# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
461#endif
462#ifndef THREAD_RESUME
463# define THREAD_RESUME UINT32_C(0x00001000)
464#endif
465#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
466#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
467#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
468/** @} */
469
470/** @name Special handle values.
471 * @{ */
472#ifndef NtCurrentProcess
473# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
474#endif
475#ifndef NtCurrentThread
476# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
477#endif
478#ifndef ZwCurrentProcess
479# define ZwCurrentProcess() NtCurrentProcess()
480#endif
481#ifndef ZwCurrentThread
482# define ZwCurrentThread() NtCurrentThread()
483#endif
484/** @} */
485
486
487/** @name Directory object access rights.
488 * @{ */
489#ifndef DIRECTORY_QUERY
490# define DIRECTORY_QUERY UINT32_C(0x00000001)
491#endif
492#ifndef DIRECTORY_TRAVERSE
493# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
494#endif
495#ifndef DIRECTORY_CREATE_OBJECT
496# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
497#endif
498#ifndef DIRECTORY_CREATE_SUBDIRECTORY
499# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
500#endif
501#ifndef DIRECTORY_ALL_ACCESS
502# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED | UINT32_C(0x0000000f) )
503#endif
504/** @} */
505
506
507
508#ifdef RTNT_NEED_CLIENT_ID
509typedef struct _CLIENT_ID
510{
511 HANDLE UniqueProcess;
512 HANDLE UniqueThread;
513} CLIENT_ID;
514#endif
515#ifdef IPRT_NT_USE_WINTERNL
516typedef CLIENT_ID *PCLIENT_ID;
517#endif
518
519/** Extended affinity type, introduced in Windows 7 (?). */
520typedef struct _KAFFINITY_EX
521{
522 /** Count of valid bitmap entries. */
523 uint16_t Count;
524 /** Count of allocated bitmap entries. */
525 uint16_t Size;
526 /** Reserved / aligmment padding. */
527 uint32_t Reserved;
528 /** Bitmap where one bit corresponds to a CPU. */
529 uintptr_t Bitmap[20];
530} KAFFINITY_EX;
531typedef KAFFINITY_EX *PKAFFINITY_EX;
532typedef KAFFINITY_EX const *PCKAFFINITY_EX;
533
534/** @name User Shared Data
535 * @{ */
536
537#ifdef IPRT_NT_USE_WINTERNL
538typedef struct _KSYSTEM_TIME
539{
540 ULONG LowPart;
541 LONG High1Time;
542 LONG High2Time;
543} KSYSTEM_TIME;
544typedef KSYSTEM_TIME *PKSYSTEM_TIME;
545
546typedef enum _NT_PRODUCT_TYPE
547{
548 NtProductWinNt = 1,
549 NtProductLanManNt,
550 NtProductServer
551} NT_PRODUCT_TYPE;
552
553#define PROCESSOR_FEATURE_MAX 64
554
555typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
556{
557 StandardDesign = 0,
558 NEC98x86,
559 EndAlternatives
560} ALTERNATIVE_ARCHITECTURE_TYPE;
561
562# if 0
563typedef struct _XSTATE_FEATURE
564{
565 ULONG Offset;
566 ULONG Size;
567} XSTATE_FEATURE;
568typedef XSTATE_FEATURE *PXSTATE_FEATURE;
569
570#define MAXIMUM_XSTATE_FEATURES 64
571
572typedef struct _XSTATE_CONFIGURATION
573{
574 ULONG64 EnabledFeatures;
575 ULONG Size;
576 ULONG OptimizedSave : 1;
577 XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
578} XSTATE_CONFIGURATION;
579typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
580# endif
581#endif /* IPRT_NT_USE_WINTERNL */
582
583typedef struct _KUSER_SHARED_DATA
584{
585 ULONG TickCountLowDeprecated; /**< 0x000 */
586 ULONG TickCountMultiplier; /**< 0x004 */
587 KSYSTEM_TIME volatile InterruptTime; /**< 0x008 */
588 KSYSTEM_TIME volatile SystemTime; /**< 0x014 */
589 KSYSTEM_TIME volatile TimeZoneBias; /**< 0x020 */
590 USHORT ImageNumberLow; /**< 0x02c */
591 USHORT ImageNumberHigh; /**< 0x02e */
592 WCHAR NtSystemRoot[260]; /**< 0x030 - Seems to be last member in NT 3.51. */
593 ULONG MaxStackTraceDepth; /**< 0x238 */
594 ULONG CryptoExponent; /**< 0x23c */
595 ULONG TimeZoneId; /**< 0x240 */
596 ULONG LargePageMinimum; /**< 0x244 */
597 ULONG AitSamplingValue; /**< 0x248 */
598 ULONG AppCompatFlag; /**< 0x24c */
599 ULONGLONG RNGSeedVersion; /**< 0x250 */
600 ULONG GlobalValidationRunlevel; /**< 0x258 */
601 LONG volatile TimeZoneBiasStamp; /**< 0x25c*/
602 ULONG Reserved2; /**< 0x260 */
603 NT_PRODUCT_TYPE NtProductType; /**< 0x264 */
604 BOOLEAN ProductTypeIsValid; /**< 0x268 */
605 BOOLEAN Reserved0[1]; /**< 0x269 */
606 USHORT NativeProcessorArchitecture; /**< 0x26a */
607 ULONG NtMajorVersion; /**< 0x26c */
608 ULONG NtMinorVersion; /**< 0x270 */
609 BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /**< 0x274 */
610 ULONG Reserved1; /**< 0x2b4 */
611 ULONG Reserved3; /**< 0x2b8 */
612 ULONG volatile TimeSlip; /**< 0x2bc */
613 ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /**< 0x2c0 */
614 ULONG AltArchitecturePad[1]; /**< 0x2c4 */
615 LARGE_INTEGER SystemExpirationDate; /**< 0x2c8 */
616 ULONG SuiteMask; /**< 0x2d0 */
617 BOOLEAN KdDebuggerEnabled; /**< 0x2d4 */
618 union /**< 0x2d5 */
619 {
620 UCHAR MitigationPolicies; /**< 0x2d5 */
621 struct
622 {
623 UCHAR NXSupportPolicy : 2;
624 UCHAR SEHValidationPolicy : 2;
625 UCHAR CurDirDevicesSkippedForDlls : 2;
626 UCHAR Reserved : 2;
627 };
628 };
629 UCHAR Reserved6[2]; /**< 0x2d6 */
630 ULONG volatile ActiveConsoleId; /**< 0x2d8 */
631 ULONG volatile DismountCount; /**< 0x2dc */
632 ULONG ComPlusPackage; /**< 0x2e0 */
633 ULONG LastSystemRITEventTickCount; /**< 0x2e4 */
634 ULONG NumberOfPhysicalPages; /**< 0x2e8 */
635 BOOLEAN SafeBootMode; /**< 0x2ec */
636 UCHAR Reserved12[3]; /**< 0x2ed */
637 union /**< 0x2f0 */
638 {
639 ULONG SharedDataFlags; /**< 0x2f0 */
640 struct
641 {
642 ULONG DbgErrorPortPresent : 1;
643 ULONG DbgElevationEnabled : 1;
644 ULONG DbgVirtEnabled : 1;
645 ULONG DbgInstallerDetectEnabled : 1;
646 ULONG DbgLkgEnabled : 1;
647 ULONG DbgDynProcessorEnabled : 1;
648 ULONG DbgConsoleBrokerEnabled : 1;
649 ULONG DbgSecureBootEnabled : 1;
650 ULONG SpareBits : 24;
651 };
652 };
653 ULONG DataFlagsPad[1]; /**< 0x2f4 */
654 ULONGLONG TestRetInstruction; /**< 0x2f8 */
655 LONGLONG QpcFrequency; /**< 0x300 */
656 ULONGLONG SystemCallPad[3]; /**< 0x308 */
657 union /**< 0x320 */
658 {
659 ULONG64 volatile TickCountQuad; /**< 0x320 */
660 KSYSTEM_TIME volatile TickCount; /**< 0x320 */
661 struct /**< 0x320 */
662 {
663 ULONG ReservedTickCountOverlay[3]; /**< 0x320 */
664 ULONG TickCountPad[1]; /**< 0x32c */
665 };
666 };
667 ULONG Cookie; /**< 0x330 */
668 ULONG CookiePad[1]; /**< 0x334 */
669 LONGLONG ConsoleSessionForegroundProcessId; /**< 0x338 */
670 ULONGLONG TimeUpdateLock; /**< 0x340 */
671 ULONGLONG BaselineSystemTimeQpc; /**< 0x348 */
672 ULONGLONG BaselineInterruptTimeQpc; /**< 0x350 */
673 ULONGLONG QpcSystemTimeIncrement; /**< 0x358 */
674 ULONGLONG QpcInterruptTimeIncrement; /**< 0x360 */
675 ULONG QpcSystemTimeIncrement32; /**< 0x368 */
676 ULONG QpcInterruptTimeIncrement32; /**< 0x36c */
677 UCHAR QpcSystemTimeIncrementShift; /**< 0x370 */
678 UCHAR QpcInterruptTimeIncrementShift; /**< 0x371 */
679 UCHAR Reserved8[14]; /**< 0x372 */
680 USHORT UserModeGlobalLogger[16]; /**< 0x380 */
681 ULONG ImageFileExecutionOptions; /**< 0x3a0 */
682 ULONG LangGenerationCount; /**< 0x3a4 */
683 ULONGLONG Reserved4; /**< 0x3a8 */
684 ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
685 * subtracts from interrupt time. */
686 ULONGLONG volatile QpcBias; /**< 0x3b8 */
687 ULONG volatile ActiveProcessorCount; /**< 0x3c0 */
688 UCHAR volatile ActiveGroupCount; /**< 0x3c4 */
689 UCHAR Reserved9; /**< 0x3c5 */
690 union /**< 0x3c6 */
691 {
692 USHORT QpcData; /**< 0x3c6 */
693 struct /**< 0x3c6 */
694 {
695 BOOLEAN volatile QpcBypassEnabled; /**< 0x3c6 */
696 UCHAR QpcShift; /**< 0x3c7 */
697 };
698 };
699 LARGE_INTEGER TimeZoneBiasEffectiveStart; /**< 0x3c8 */
700 LARGE_INTEGER TimeZoneBiasEffectiveEnd; /**< 0x3d0 */
701 XSTATE_CONFIGURATION XState; /**< 0x3d8 */
702} KUSER_SHARED_DATA;
703typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
704AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
705AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
706AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
707AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
708AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
709AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
710AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
711AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
712AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
713/** @def MM_SHARED_USER_DATA_VA
714 * Read only userland mapping of KUSER_SHARED_DATA. */
715#ifndef MM_SHARED_USER_DATA_VA
716# if ARCH_BITS == 32
717# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
718# elif ARCH_BITS == 64
719# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
720# else
721# error "Unsupported/undefined ARCH_BITS value."
722# endif
723#endif
724/** @def KI_USER_SHARED_DATA
725 * Read write kernel mapping of KUSER_SHARED_DATA. */
726#ifndef KI_USER_SHARED_DATA
727# ifdef RT_ARCH_X86
728# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
729# elif defined(RT_ARCH_AMD64)
730# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
731# else
732# error "PORT ME - KI_USER_SHARED_DATA"
733# endif
734#endif
735/** @} */
736
737
738/** @name Process And Thread Environment Blocks
739 * @{ */
740
741typedef struct _PEB_LDR_DATA
742{
743 uint32_t Length;
744 BOOLEAN Initialized;
745 BOOLEAN Padding[3];
746 HANDLE SsHandle;
747 LIST_ENTRY InLoadOrderModuleList;
748 LIST_ENTRY InMemoryOrderModuleList;
749 LIST_ENTRY InInitializationOrderModuleList;
750 /* End NT4 */
751 LIST_ENTRY *EntryInProgress;
752 BOOLEAN ShutdownInProgress;
753 HANDLE ShutdownThreadId;
754} PEB_LDR_DATA;
755typedef PEB_LDR_DATA *PPEB_LDR_DATA;
756
757typedef struct _PEB_COMMON
758{
759 BOOLEAN InheritedAddressSpace; /**< 0x000 / 0x000 */
760 BOOLEAN ReadImageFileExecOptions; /**< 0x001 / 0x001 */
761 BOOLEAN BeingDebugged; /**< 0x002 / 0x002 */
762 union
763 {
764 uint8_t BitField; /**< 0x003 / 0x003 */
765 struct
766 {
767 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
768 } Common;
769 struct
770 {
771 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
772 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
773 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 */
774 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 */
775 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 */
776 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 */
777 uint8_t IsProtectedProcessLight : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 */
778 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
779 } W81;
780 struct
781 {
782 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
783 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
784 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 */
785 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 */
786 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 */
787 uint8_t IsPackagedProcess : 1; /**< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 */
788 uint8_t IsAppContainer : 1; /**< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 */
789 uint8_t SpareBits : 1; /**< 0x003 / 0x003 : Pos 7, 1 Bit */
790 } W80;
791 struct
792 {
793 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
794 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
795 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. */
796 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. */
797 uint8_t SkipPatchingUser32Forwarders : 1; /**< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. */
798 uint8_t SpareBits : 3; /**< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. */
799 } W7;
800 struct
801 {
802 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
803 uint8_t IsProtectedProcess : 1; /**< 0x003 / 0x003 : Pos 1, 1 Bit */
804 uint8_t IsLegacyProcess : 1; /**< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. */
805 uint8_t IsImageDynamicallyRelocated : 1; /**< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. */
806 uint8_t SpareBits : 4; /**< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. */
807 } W6;
808 struct
809 {
810 uint8_t ImageUsesLargePages : 1; /**< 0x003 / 0x003 : Pos 0, 1 Bit */
811 uint8_t SpareBits : 7; /**< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. */
812 } W52;
813 struct
814 {
815 BOOLEAN SpareBool;
816 } W51;
817 } Diff0;
818#if ARCH_BITS == 64
819 uint32_t Padding0; /**< 0x004 / NA */
820#endif
821 HANDLE Mutant; /**< 0x008 / 0x004 */
822 PVOID ImageBaseAddress; /**< 0x010 / 0x008 */
823 PPEB_LDR_DATA Ldr; /**< 0x018 / 0x00c */
824 struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /**< 0x020 / 0x010 */
825 PVOID SubSystemData; /**< 0x028 / 0x014 */
826 HANDLE ProcessHeap; /**< 0x030 / 0x018 */
827 struct _RTL_CRITICAL_SECTION *FastPebLock; /**< 0x038 / 0x01c */
828 union
829 {
830 struct
831 {
832 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
833 PVOID IFEOKey; /**< 0x048 / 0x024 */
834 union
835 {
836 ULONG CrossProcessFlags; /**< 0x050 / 0x028 */
837 struct
838 {
839 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
840 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
841 uint32_t ProcessUsingVEH : 1; /**< 0x050 / 0x028: Pos 2, 1 Bit */
842 uint32_t ProcessUsingVCH : 1; /**< 0x050 / 0x028: Pos 3, 1 Bit */
843 uint32_t ProcessUsingFTH : 1; /**< 0x050 / 0x028: Pos 4, 1 Bit */
844 uint32_t ReservedBits0 : 1; /**< 0x050 / 0x028: Pos 5, 27 Bits */
845 } W7, W8, W80, W81;
846 struct
847 {
848 uint32_t ProcessInJob : 1; /**< 0x050 / 0x028: Pos 0, 1 Bit */
849 uint32_t ProcessInitializing : 1; /**< 0x050 / 0x028: Pos 1, 1 Bit */
850 uint32_t ReservedBits0 : 30; /**< 0x050 / 0x028: Pos 2, 30 Bits */
851 } W6;
852 };
853#if ARCH_BITS == 64
854 uint32_t Padding1; /**< 0x054 / */
855#endif
856 } W6, W7, W8, W80, W81;
857 struct
858 {
859 PVOID AtlThunkSListPtr; /**< 0x040 / 0x020 */
860 PVOID SparePtr2; /**< 0x048 / 0x024 */
861 uint32_t EnvironmentUpdateCount; /**< 0x050 / 0x028 */
862#if ARCH_BITS == 64
863 uint32_t Padding1; /**< 0x054 / */
864#endif
865 } W52;
866 struct
867 {
868 PVOID FastPebLockRoutine; /**< NA / 0x020 */
869 PVOID FastPebUnlockRoutine; /**< NA / 0x024 */
870 uint32_t EnvironmentUpdateCount; /**< NA / 0x028 */
871 } W51;
872 } Diff1;
873 union
874 {
875 PVOID KernelCallbackTable; /**< 0x058 / 0x02c */
876 PVOID UserSharedInfoPtr; /**< 0x058 / 0x02c - Alternative use in W6.*/
877 };
878 uint32_t SystemReserved; /**< 0x060 / 0x030 */
879 union
880 {
881 struct
882 {
883 uint32_t AtlThunkSListPtr32; /**< 0x064 / 0x034 */
884 } W7, W8, W80, W81;
885 struct
886 {
887 uint32_t SpareUlong; /**< 0x064 / 0x034 */
888 } W52, W6;
889 struct
890 {
891 uint32_t ExecuteOptions : 2; /**< NA / 0x034: Pos 0, 2 Bits */
892 uint32_t SpareBits : 30; /**< NA / 0x034: Pos 2, 30 Bits */
893 } W51;
894 } Diff2;
895 union
896 {
897 struct
898 {
899 PVOID ApiSetMap; /**< 0x068 / 0x038 */
900 } W7, W8, W80, W81;
901 struct
902 {
903 struct _PEB_FREE_BLOCK *FreeList; /**< 0x068 / 0x038 */
904 } W52, W6;
905 struct
906 {
907 struct _PEB_FREE_BLOCK *FreeList; /**< NA / 0x038 */
908 } W51;
909 } Diff3;
910 uint32_t TlsExpansionCounter; /**< 0x070 / 0x03c */
911#if ARCH_BITS == 64
912 uint32_t Padding2; /**< 0x074 / NA */
913#endif
914 struct _RTL_BITMAP *TlsBitmap; /**< 0x078 / 0x040 */
915 uint32_t TlsBitmapBits[2]; /**< 0x080 / 0x044 */
916 PVOID ReadOnlySharedMemoryBase; /**< 0x088 / 0x04c */
917 union
918 {
919 struct
920 {
921 PVOID SparePvoid0; /**< 0x090 / 0x050 - HotpatchInformation before W81. */
922 } W81;
923 struct
924 {
925 PVOID HotpatchInformation; /**< 0x090 / 0x050 - Retired in W81. */
926 } W6, W7, W80;
927 struct
928 {
929 PVOID ReadOnlySharedMemoryHeap;
930 } W52;
931 } Diff4;
932 PVOID *ReadOnlyStaticServerData; /**< 0x098 / 0x054 */
933 PVOID AnsiCodePageData; /**< 0x0a0 / 0x058 */
934 PVOID OemCodePageData; /**< 0x0a8 / 0x05c */
935 PVOID UnicodeCaseTableData; /**< 0x0b0 / 0x060 */
936 uint32_t NumberOfProcessors; /**< 0x0b8 / 0x064 */
937 uint32_t NtGlobalFlag; /**< 0x0bc / 0x068 */
938#if ARCH_BITS == 32
939 uint32_t Padding2b;
940#endif
941 LARGE_INTEGER CriticalSectionTimeout; /**< 0x0c0 / 0x070 */
942 SIZE_T HeapSegmentReserve; /**< 0x0c8 / 0x078 */
943 SIZE_T HeapSegmentCommit; /**< 0x0d0 / 0x07c */
944 SIZE_T HeapDeCommitTotalFreeThreshold; /**< 0x0d8 / 0x080 */
945 SIZE_T HeapDeCommitFreeBlockThreshold; /**< 0x0e0 / 0x084 */
946 uint32_t NumberOfHeaps; /**< 0x0e8 / 0x088 */
947 uint32_t MaximumNumberOfHeaps; /**< 0x0ec / 0x08c */
948 PVOID *ProcessHeaps; /**< 0x0f0 / 0x090 - Last NT 3.51 member. */
949 PVOID GdiSharedHandleTable; /**< 0x0f8 / 0x094 */
950 PVOID ProcessStarterHelper; /**< 0x100 / 0x098 */
951 uint32_t GdiDCAttributeList; /**< 0x108 / 0x09c */
952#if ARCH_BITS == 64
953 uint32_t Padding3; /**< 0x10c / NA */
954#endif
955 struct _RTL_CRITICAL_SECTION *LoaderLock; /**< 0x110 / 0x0a0 */
956 uint32_t OSMajorVersion; /**< 0x118 / 0x0a4 */
957 uint32_t OSMinorVersion; /**< 0x11c / 0x0a8 */
958 uint16_t OSBuildNumber; /**< 0x120 / 0x0ac */
959 uint16_t OSCSDVersion; /**< 0x122 / 0x0ae */
960 uint32_t OSPlatformId; /**< 0x124 / 0x0b0 */
961 uint32_t ImageSubsystem; /**< 0x128 / 0x0b4 */
962 uint32_t ImageSubsystemMajorVersion; /**< 0x12c / 0x0b8 */
963 uint32_t ImageSubsystemMinorVersion; /**< 0x130 / 0x0bc */
964#if ARCH_BITS == 64
965 uint32_t Padding4; /**< 0x134 / NA */
966#endif
967 union
968 {
969 struct
970 {
971 SIZE_T ActiveProcessAffinityMask; /**< 0x138 / 0x0c0 */
972 } W7, W8, W80, W81;
973 struct
974 {
975 SIZE_T ImageProcessAffinityMask; /**< 0x138 / 0x0c0 */
976 } W52, W6;
977 } Diff5;
978 uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /**< 0x140 / 0x0c4 */
979 PVOID PostProcessInitRoutine; /**< 0x230 / 0x14c */
980 PVOID TlsExpansionBitmap; /**< 0x238 / 0x150 */
981 uint32_t TlsExpansionBitmapBits[32]; /**< 0x240 / 0x154 */
982 uint32_t SessionId; /**< 0x2c0 / 0x1d4 */
983#if ARCH_BITS == 64
984 uint32_t Padding5; /**< 0x2c4 / NA */
985#endif
986 ULARGE_INTEGER AppCompatFlags; /**< 0x2c8 / 0x1d8 */
987 ULARGE_INTEGER AppCompatFlagsUser; /**< 0x2d0 / 0x1e0 */
988 PVOID pShimData; /**< 0x2d8 / 0x1e8 */
989 PVOID AppCompatInfo; /**< 0x2e0 / 0x1ec */
990 UNICODE_STRING CSDVersion; /**< 0x2e8 / 0x1f0 */
991 struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; /**< 0x2f8 / 0x1f8 */
992 struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; /**< 0x300 / 0x1fc */
993 struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; /**< 0x308 / 0x200 */
994 struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; /**< 0x310 / 0x204 */
995 SIZE_T MinimumStackCommit; /**< 0x318 / 0x208 */
996 /* End of PEB in W52 (Windows XP (RTM))! */
997 struct _FLS_CALLBACK_INFO *FlsCallback; /**< 0x320 / 0x20c */
998 LIST_ENTRY FlsListHead; /**< 0x328 / 0x210 */
999 PVOID FlsBitmap; /**< 0x338 / 0x218 */
1000 uint32_t FlsBitmapBits[4]; /**< 0x340 / 0x21c */
1001 uint32_t FlsHighIndex; /**< 0x350 / 0x22c */
1002 /* End of PEB in W52 (Windows Server 2003)! */
1003 PVOID WerRegistrationData; /**< 0x358 / 0x230 */
1004 PVOID WerShipAssertPtr; /**< 0x360 / 0x234 */
1005 /* End of PEB in W6 (windows Vista)! */
1006 union
1007 {
1008 struct
1009 {
1010 PVOID pUnused; /**< 0x368 / 0x238 - Was pContextData in W7. */
1011 } W8, W80, W81;
1012 struct
1013 {
1014 PVOID pContextData; /**< 0x368 / 0x238 - Retired in W80. */
1015 } W7;
1016 } Diff6;
1017 PVOID pImageHeaderHash; /**< 0x370 / 0x23c */
1018 union
1019 {
1020 uint32_t TracingFlags; /**< 0x378 / 0x240 */
1021 struct
1022 {
1023 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1024 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1025 uint32_t LibLoaderTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 2, 1 Bit */
1026 uint32_t SpareTracingBits : 29; /**< 0x378 / 0x240 : Pos 3, 29 Bits */
1027 } W8, W80, W81;
1028 struct
1029 {
1030 uint32_t HeapTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 0, 1 Bit */
1031 uint32_t CritSecTracingEnabled : 1; /**< 0x378 / 0x240 : Pos 1, 1 Bit */
1032 uint32_t SpareTracingBits : 30; /**< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 */
1033 } W7;
1034 } Diff7;
1035#if ARCH_BITS == 64
1036 uint32_t Padding6; /**< 0x37c / NA */
1037#endif
1038 uint64_t CsrServerReadOnlySharedMemoryBase; /**< 0x380 / 0x248 */
1039 /* End of PEB in W8, W81. */
1040 uintptr_t TppWorkerpListLock; /**< 0x388 / 0x250 */
1041 LIST_ENTRY TppWorkerpList; /**< 0x390 / 0x254 */
1042 PVOID WaitOnAddressHashTable[128]; /**< 0x3a0 / 0x25c */
1043#if ARCH_BITS == 32
1044 uint32_t ExplicitPadding7; /**< NA NA / 0x45c */
1045#endif
1046} PEB_COMMON;
1047typedef PEB_COMMON *PPEB_COMMON;
1048
1049AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1050AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1051AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1052AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1053AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1054AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1055AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1056AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1057AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1058
1059/** The size of the windows 10 (build 14393) PEB structure. */
1060#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1061/** The size of the windows 8.1 PEB structure. */
1062#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1063/** The size of the windows 8.0 PEB structure. */
1064#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1065/** The size of the windows 7 PEB structure. */
1066#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1067/** The size of the windows vista PEB structure. */
1068#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1069/** The size of the windows server 2003 PEB structure. */
1070#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1071/** The size of the windows XP PEB structure. */
1072#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1073
1074#if 0
1075typedef struct _NT_TIB
1076{
1077 struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1078 PVOID StackBase;
1079 PVOID StackLimit;
1080 PVOID SubSystemTib;
1081 union
1082 {
1083 PVOID FiberData;
1084 ULONG Version;
1085 };
1086 PVOID ArbitraryUserPointer;
1087 struct _NT_TIB *Self;
1088} NT_TIB;
1089typedef NT_TIB *PNT_TIB;
1090#endif
1091
1092typedef struct _ACTIVATION_CONTEXT_STACK
1093{
1094 uint32_t Flags;
1095 uint32_t NextCookieSequenceNumber;
1096 PVOID ActiveFrame;
1097 LIST_ENTRY FrameListCache;
1098} ACTIVATION_CONTEXT_STACK;
1099
1100/* Common TEB. */
1101typedef struct _TEB_COMMON
1102{
1103 NT_TIB NtTib; /**< 0x000 / 0x000 */
1104 PVOID EnvironmentPointer; /**< 0x038 / 0x01c */
1105 CLIENT_ID ClientId; /**< 0x040 / 0x020 */
1106 PVOID ActiveRpcHandle; /**< 0x050 / 0x028 */
1107 PVOID ThreadLocalStoragePointer; /**< 0x058 / 0x02c */
1108 PPEB_COMMON ProcessEnvironmentBlock; /**< 0x060 / 0x030 */
1109 uint32_t LastErrorValue; /**< 0x068 / 0x034 */
1110 uint32_t CountOfOwnedCriticalSections; /**< 0x06c / 0x038 */
1111 PVOID CsrClientThread; /**< 0x070 / 0x03c */
1112 PVOID Win32ThreadInfo; /**< 0x078 / 0x040 */
1113 uint32_t User32Reserved[26]; /**< 0x080 / 0x044 */
1114 uint32_t UserReserved[5]; /**< 0x0e8 / 0x0ac */
1115 PVOID WOW32Reserved; /**< 0x100 / 0x0c0 */
1116 uint32_t CurrentLocale; /**< 0x108 / 0x0c4 */
1117 uint32_t FpSoftwareStatusRegister; /**< 0x10c / 0x0c8 */
1118 PVOID SystemReserved1[54]; /**< 0x110 / 0x0cc */
1119 uint32_t ExceptionCode; /**< 0x2c0 / 0x1a4 */
1120#if ARCH_BITS == 64
1121 uint32_t Padding0; /**< 0x2c4 / NA */
1122#endif
1123 union
1124 {
1125 struct
1126 {
1127 struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer;/**< 0x2c8 / 0x1a8 */
1128 uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /**< 0x2d0 / 0x1ac */
1129 } W52, W6, W7, W8, W80, W81;
1130#if ARCH_BITS == 32
1131 struct
1132 {
1133 ACTIVATION_CONTEXT_STACK ActivationContextStack; /**< NA / 0x1a8 */
1134 uint8_t SpareBytes[20]; /**< NA / 0x1bc */
1135 } W51;
1136#endif
1137 } Diff0;
1138 union
1139 {
1140 struct
1141 {
1142 uint32_t TxFsContext; /**< 0x2e8 / 0x1d0 */
1143 } W6, W7, W8, W80, W81;
1144 struct
1145 {
1146 uint32_t SpareBytesContinues; /**< 0x2e8 / 0x1d0 */
1147 } W52;
1148 } Diff1;
1149#if ARCH_BITS == 64
1150 uint32_t Padding1; /**< 0x2ec / NA */
1151#endif
1152 /*_GDI_TEB_BATCH*/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /**< 0x2f0 / 0x1d4 */
1153 CLIENT_ID RealClientId; /**< 0x7d8 / 0x6b4 */
1154 HANDLE GdiCachedProcessHandle; /**< 0x7e8 / 0x6bc */
1155 uint32_t GdiClientPID; /**< 0x7f0 / 0x6c0 */
1156 uint32_t GdiClientTID; /**< 0x7f4 / 0x6c4 */
1157 PVOID GdiThreadLocalInfo; /**< 0x7f8 / 0x6c8 */
1158 SIZE_T Win32ClientInfo[62]; /**< 0x800 / 0x6cc */
1159 PVOID glDispatchTable[233]; /**< 0x9f0 / 0x7c4 */
1160 SIZE_T glReserved1[29]; /**< 0x1138 / 0xb68 */
1161 PVOID glReserved2; /**< 0x1220 / 0xbdc */
1162 PVOID glSectionInfo; /**< 0x1228 / 0xbe0 */
1163 PVOID glSection; /**< 0x1230 / 0xbe4 */
1164 PVOID glTable; /**< 0x1238 / 0xbe8 */
1165 PVOID glCurrentRC; /**< 0x1240 / 0xbec */
1166 PVOID glContext; /**< 0x1248 / 0xbf0 */
1167 NTSTATUS LastStatusValue; /**< 0x1250 / 0xbf4 */
1168#if ARCH_BITS == 64
1169 uint32_t Padding2; /**< 0x1254 / NA */
1170#endif
1171 UNICODE_STRING StaticUnicodeString; /**< 0x1258 / 0xbf8 */
1172 WCHAR StaticUnicodeBuffer[261]; /**< 0x1268 / 0xc00 */
1173#if ARCH_BITS == 64
1174 WCHAR Padding3[3]; /**< 0x1472 / NA */
1175#endif
1176 PVOID DeallocationStack; /**< 0x1478 / 0xe0c */
1177 PVOID TlsSlots[64]; /**< 0x1480 / 0xe10 */
1178 LIST_ENTRY TlsLinks; /**< 0x1680 / 0xf10 */
1179 PVOID Vdm; /**< 0x1690 / 0xf18 */
1180 PVOID ReservedForNtRpc; /**< 0x1698 / 0xf1c */
1181 PVOID DbgSsReserved[2]; /**< 0x16a0 / 0xf20 */
1182 uint32_t HardErrorMode; /**< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. */
1183#if ARCH_BITS == 64
1184 uint32_t Padding4; /**< 0x16b4 / NA */
1185#endif
1186 PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /**< 0x16b8 / 0xf2c */
1187 union
1188 {
1189 struct
1190 {
1191 GUID ActivityId; /**< 0x1710 / 0xf50 */
1192 PVOID SubProcessTag; /**< 0x1720 / 0xf60 */
1193 } W6, W7, W8, W80, W81;
1194 struct
1195 {
1196 PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /**< 0x1710 / 0xf50 */
1197 } W52;
1198 } Diff2;
1199 union /**< 0x1728 / 0xf64 */
1200 {
1201 struct
1202 {
1203 PVOID PerflibData; /**< 0x1728 / 0xf64 */
1204 } W8, W80, W81;
1205 struct
1206 {
1207 PVOID EtwLocalData; /**< 0x1728 / 0xf64 */
1208 } W7, W6;
1209 struct
1210 {
1211 PVOID SubProcessTag; /**< 0x1728 / 0xf64 */
1212 } W52;
1213 struct
1214 {
1215 PVOID InstrumentationContinues[1]; /**< 0x1728 / 0xf64 */
1216 } W51;
1217 } Diff3;
1218 union
1219 {
1220 struct
1221 {
1222 PVOID EtwTraceData; /**< 0x1730 / 0xf68 */
1223 } W52, W6, W7, W8, W80, W81;
1224 struct
1225 {
1226 PVOID InstrumentationContinues[1]; /**< 0x1730 / 0xf68 */
1227 } W51;
1228 } Diff4;
1229 PVOID WinSockData; /**< 0x1738 / 0xf6c */
1230 uint32_t GdiBatchCount; /**< 0x1740 / 0xf70 */
1231 union
1232 {
1233 union
1234 {
1235 PROCESSOR_NUMBER CurrentIdealProcessor; /**< 0x1744 / 0xf74 - W7+ */
1236 uint32_t IdealProcessorValue; /**< 0x1744 / 0xf74 - W7+ */
1237 struct
1238 {
1239 uint8_t ReservedPad1; /**< 0x1744 / 0xf74 - Called SpareBool0 in W6 */
1240 uint8_t ReservedPad2; /**< 0x1745 / 0xf75 - Called SpareBool0 in W6 */
1241 uint8_t ReservedPad3; /**< 0x1746 / 0xf76 - Called SpareBool0 in W6 */
1242 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1243 };
1244 } W6, W7, W8, W80, W81;
1245 struct
1246 {
1247 BOOLEAN InDbgPrint; /**< 0x1744 / 0xf74 */
1248 BOOLEAN FreeStackOnTermination; /**< 0x1745 / 0xf75 */
1249 BOOLEAN HasFiberData; /**< 0x1746 / 0xf76 */
1250 uint8_t IdealProcessor; /**< 0x1747 / 0xf77 */
1251 } W51, W52;
1252 } Diff5;
1253 uint32_t GuaranteedStackBytes; /**< 0x1748 / 0xf78 */
1254#if ARCH_BITS == 64
1255 uint32_t Padding5; /**< 0x174c / NA */
1256#endif
1257 PVOID ReservedForPerf; /**< 0x1750 / 0xf7c */
1258 PVOID ReservedForOle; /**< 0x1758 / 0xf80 */
1259 uint32_t WaitingOnLoaderLock; /**< 0x1760 / 0xf84 */
1260#if ARCH_BITS == 64
1261 uint32_t Padding6; /**< 0x1764 / NA */
1262#endif
1263 union /**< 0x1770 / 0xf8c */
1264 {
1265 struct
1266 {
1267 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1268 SIZE_T ReservedForCodeCoverage; /**< 0x1770 / 0xf8c */
1269 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1270 } W8, W80, W81;
1271 struct
1272 {
1273 PVOID SavedPriorityState; /**< 0x1768 / 0xf88 */
1274 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1275 PVOID ThreadPoolData; /**< 0x1778 / 0xf90 */
1276 } W6, W7;
1277 struct
1278 {
1279 PVOID SparePointer1; /**< 0x1768 / 0xf88 */
1280 SIZE_T SoftPatchPtr1; /**< 0x1770 / 0xf8c */
1281 PVOID SoftPatchPtr2; /**< 0x1778 / 0xf90 */
1282 } W52;
1283#if ARCH_BITS == 32
1284 struct _Wx86ThreadState
1285 {
1286 PVOID CallBx86Eip; /**< NA / 0xf88 */
1287 PVOID DeallocationCpu; /**< NA / 0xf8c */
1288 BOOLEAN UseKnownWx86Dll; /**< NA / 0xf90 */
1289 int8_t OleStubInvoked; /**< NA / 0xf91 */
1290 } W51;
1291#endif
1292 } Diff6;
1293 PVOID TlsExpansionSlots; /**< 0x1780 / 0xf94 */
1294#if ARCH_BITS == 64
1295 PVOID DallocationBStore; /**< 0x1788 / NA */
1296 PVOID BStoreLimit; /**< 0x1790 / NA */
1297#endif
1298 union
1299 {
1300 struct
1301 {
1302 uint32_t MuiGeneration; /**< 0x1798 / 0xf98 */
1303 } W7, W8, W80, W81;
1304 struct
1305 {
1306 uint32_t ImpersonationLocale;
1307 } W6;
1308 } Diff7;
1309 uint32_t IsImpersonating; /**< 0x179c / 0xf9c */
1310 PVOID NlsCache; /**< 0x17a0 / 0xfa0 */
1311 PVOID pShimData; /**< 0x17a8 / 0xfa4 */
1312 union /**< 0x17b0 / 0xfa8 */
1313 {
1314 struct
1315 {
1316 uint16_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1317 uint16_t LowFragHeapDataSlot; /**< 0x17b2 / 0xfaa */
1318 } W8, W80, W81;
1319 struct
1320 {
1321 uint32_t HeapVirtualAffinity; /**< 0x17b0 / 0xfa8 */
1322 } W7;
1323 } Diff8;
1324#if ARCH_BITS == 64
1325 uint32_t Padding7; /**< 0x17b4 / NA */
1326#endif
1327 HANDLE CurrentTransactionHandle; /**< 0x17b8 / 0xfac */
1328 struct _TEB_ACTIVE_FRAME *ActiveFrame; /**< 0x17c0 / 0xfb0 */
1329 /* End of TEB in W51 (Windows XP)! */
1330 PVOID FlsData; /**< 0x17c8 / 0xfb4 */
1331 union
1332 {
1333 struct
1334 {
1335 PVOID PreferredLanguages; /**< 0x17d0 / 0xfb8 */
1336 } W6, W7, W8, W80, W81;
1337 struct
1338 {
1339 BOOLEAN SafeThunkCall; /**< 0x17d0 / 0xfb8 */
1340 uint8_t BooleanSpare[3]; /**< 0x17d1 / 0xfb9 */
1341 /* End of TEB in W52 (Windows server 2003)! */
1342 } W52;
1343 } Diff9;
1344 PVOID UserPrefLanguages; /**< 0x17d8 / 0xfbc */
1345 PVOID MergedPrefLanguages; /**< 0x17e0 / 0xfc0 */
1346 uint32_t MuiImpersonation; /**< 0x17e8 / 0xfc4 */
1347 union
1348 {
1349 uint16_t CrossTebFlags; /**< 0x17ec / 0xfc8 */
1350 struct
1351 {
1352 uint16_t SpareCrossTebBits : 16; /**< 0x17ec / 0xfc8 : Pos 0, 16 Bits */
1353 };
1354 };
1355 union
1356 {
1357 uint16_t SameTebFlags; /**< 0x17ee / 0xfca */
1358 struct
1359 {
1360 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1361 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1362 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1363 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1364 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1365 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1366 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1367 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1368 } Common;
1369 struct
1370 {
1371 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1372 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1373 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1374 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1375 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1376 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1377 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1378 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1379 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1380 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1381 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1382 uint16_t SessionAware : 1; /**< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. */
1383 uint16_t SpareSameTebBits : 4; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1384 } W8, W80, W81;
1385 struct
1386 {
1387 uint16_t SafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1388 uint16_t InDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1389 uint16_t HasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1390 uint16_t SkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1391 uint16_t WerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1392 uint16_t RanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1393 uint16_t ClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1394 uint16_t SuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1395 uint16_t DisableUserStackWalk : 1; /**< 0x17ee / 0xfca : Pos 8, 1 Bit */
1396 uint16_t RtlExceptionAttached : 1; /**< 0x17ee / 0xfca : Pos 9, 1 Bit */
1397 uint16_t InitialThread : 1; /**< 0x17ee / 0xfca : Pos 10, 1 Bit */
1398 uint16_t SpareSameTebBits : 5; /**< 0x17ee / 0xfca : Pos 12, 4 Bits */
1399 } W7;
1400 struct
1401 {
1402 uint16_t DbgSafeThunkCall : 1; /**< 0x17ee / 0xfca : Pos 0, 1 Bit */
1403 uint16_t DbgInDebugPrint : 1; /**< 0x17ee / 0xfca : Pos 1, 1 Bit */
1404 uint16_t DbgHasFiberData : 1; /**< 0x17ee / 0xfca : Pos 2, 1 Bit */
1405 uint16_t DbgSkipThreadAttach : 1; /**< 0x17ee / 0xfca : Pos 3, 1 Bit */
1406 uint16_t DbgWerInShipAssertCode : 1; /**< 0x17ee / 0xfca : Pos 4, 1 Bit */
1407 uint16_t DbgRanProcessInit : 1; /**< 0x17ee / 0xfca : Pos 5, 1 Bit */
1408 uint16_t DbgClonedThread : 1; /**< 0x17ee / 0xfca : Pos 6, 1 Bit */
1409 uint16_t DbgSuppressDebugMsg : 1; /**< 0x17ee / 0xfca : Pos 7, 1 Bit */
1410 uint16_t SpareSameTebBits : 8; /**< 0x17ee / 0xfca : Pos 8, 8 Bits */
1411 } W6;
1412 } Diff10;
1413 PVOID TxnScopeEnterCallback; /**< 0x17f0 / 0xfcc */
1414 PVOID TxnScopeExitCallback; /**< 0x17f8 / 0xfd0 */
1415 PVOID TxnScopeContext; /**< 0x1800 / 0xfd4 */
1416 uint32_t LockCount; /**< 0x1808 / 0xfd8 */
1417 union
1418 {
1419 struct
1420 {
1421 uint32_t SpareUlong0; /**< 0x180c / 0xfdc */
1422 } W7, W8, W80, W81;
1423 struct
1424 {
1425 uint32_t ProcessRundown;
1426 } W6;
1427 } Diff11;
1428 union
1429 {
1430 struct
1431 {
1432 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1433 /* End of TEB in W7 (windows 7)! */
1434 PVOID ReservedForWdf; /**< 0x1818 / 0xfe4 - New Since W7. */
1435 /* End of TEB in W8 (windows 8.0 & 8.1)! */
1436 PVOID ReservedForCrt; /**< 0x1820 / 0xfe8 - New Since W10. */
1437 RTUUID EffectiveContainerId; /**< 0x1828 / 0xfec - New Since W10. */
1438 /* End of TEB in W10 14393! */
1439 } W8, W80, W81, W10;
1440 struct
1441 {
1442 PVOID ResourceRetValue; /**< 0x1810 / 0xfe0 */
1443 } W7;
1444 struct
1445 {
1446 uint64_t LastSwitchTime; /**< 0x1810 / 0xfe0 */
1447 uint64_t TotalSwitchOutTime; /**< 0x1818 / 0xfe8 */
1448 LARGE_INTEGER WaitReasonBitMap; /**< 0x1820 / 0xff0 */
1449 /* End of TEB in W6 (windows Vista)! */
1450 } W6;
1451 } Diff12;
1452} TEB_COMMON;
1453typedef TEB_COMMON *PTEB_COMMON;
1454AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1455AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1456AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1457AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1458AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1459AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1460AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1461AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1462AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1463AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1464AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1465AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1466AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1467
1468
1469/** The size of the windows 8.1 PEB structure. */
1470#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1471/** The size of the windows 8.1 PEB structure. */
1472#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1473/** The size of the windows 8.0 PEB structure. */
1474#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1475/** The size of the windows 7 PEB structure. */
1476#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1477/** The size of the windows vista PEB structure. */
1478#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1479/** The size of the windows server 2003 PEB structure. */
1480#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1481/** The size of the windows XP PEB structure. */
1482#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1483
1484
1485
1486#define _PEB _PEB_COMMON
1487typedef PEB_COMMON PEB;
1488typedef PPEB_COMMON PPEB;
1489
1490#define _TEB _TEB_COMMON
1491typedef TEB_COMMON TEB;
1492typedef PTEB_COMMON PTEB;
1493
1494#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1495# ifdef RT_ARCH_X86
1496DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1497DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1498DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1499DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_OFFSETOF(TEB_COMMON, LastStatusValue)); }
1500DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_OFFSETOF(TEB_COMMON, LastErrorValue)); }
1501# elif defined(RT_ARCH_AMD64)
1502DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, NtTib.Self)); }
1503DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_OFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1504DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_OFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1505DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_OFFSETOF(TEB_COMMON, LastStatusValue)); }
1506DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_OFFSETOF(TEB_COMMON, LastErrorValue)); }
1507# else
1508# error "Port me"
1509# endif
1510#else
1511# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1512# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1513# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1514# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1515# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1516#endif
1517#define NtCurrentPeb() RTNtCurrentPeb()
1518
1519
1520/** @} */
1521
1522
1523#ifdef IPRT_NT_USE_WINTERNL
1524NTSYSAPI NTSTATUS NTAPI NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1525typedef enum _SECTION_INHERIT
1526{
1527 ViewShare = 1,
1528 ViewUnmap
1529} SECTION_INHERIT;
1530#endif
1531NTSYSAPI NTSTATUS NTAPI NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1532 ULONG, ULONG);
1533NTSYSAPI NTSTATUS NTAPI NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1534NTSYSAPI NTSTATUS NTAPI NtUnmapViewOfSection(HANDLE, PVOID);
1535
1536#ifdef IPRT_NT_USE_WINTERNL
1537typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1538{
1539 ULONG FileSystemAttributes;
1540 LONG MaximumComponentNameLength;
1541 ULONG FileSystemNameLength;
1542 WCHAR FileSystemName[1];
1543} FILE_FS_ATTRIBUTE_INFORMATION;
1544typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1545
1546#endif
1547NTSYSAPI NTSTATUS NTAPI NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1548NTSYSAPI NTSTATUS NTAPI ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1549NTSYSAPI NTSTATUS NTAPI NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1550NTSYSAPI NTSTATUS NTAPI ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1551NTSYSAPI NTSTATUS NTAPI NtAlertThread(HANDLE hThread);
1552#ifdef IPRT_NT_USE_WINTERNL
1553NTSYSAPI NTSTATUS NTAPI ZwAlertThread(HANDLE hThread);
1554#endif
1555
1556#ifdef IPRT_NT_USE_WINTERNL
1557NTSYSAPI NTSTATUS NTAPI NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1558NTSYSAPI NTSTATUS NTAPI NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1559#endif
1560NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1561NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1562
1563#ifdef IPRT_NT_USE_WINTERNL
1564typedef enum _FSINFOCLASS
1565{
1566 FileFsVolumeInformation = 1,
1567 FileFsLabelInformation,
1568 FileFsSizeInformation,
1569 FileFsDeviceInformation,
1570 FileFsAttributeInformation,
1571 FileFsControlInformation,
1572 FileFsFullSizeInformation,
1573 FileFsObjectIdInformation,
1574 FileFsDriverPathInformation,
1575 FileFsVolumeFlagsInformation,
1576 FileFsSectorSizeInformation,
1577 FileFsDataCopyInformation,
1578 FileFsMaximumInformation
1579} FS_INFORMATION_CLASS;
1580typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1581NTSYSAPI NTSTATUS NTAPI NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1582
1583typedef struct _FILE_BOTH_DIR_INFORMATION
1584{
1585 ULONG NextEntryOffset; /**< 0x00: */
1586 ULONG FileIndex; /**< 0x04: */
1587 LARGE_INTEGER CreationTime; /**< 0x08: */
1588 LARGE_INTEGER LastAccessTime; /**< 0x10: */
1589 LARGE_INTEGER LastWriteTime; /**< 0x18: */
1590 LARGE_INTEGER ChangeTime; /**< 0x20: */
1591 LARGE_INTEGER EndOfFile; /**< 0x28: */
1592 LARGE_INTEGER AllocationSize; /**< 0x30: */
1593 ULONG FileAttributes; /**< 0x38: */
1594 ULONG FileNameLength; /**< 0x3c: */
1595 ULONG EaSize; /**< 0x40: */
1596 CCHAR ShortNameLength; /**< 0x44: */
1597 WCHAR ShortName[12]; /**< 0x46: */
1598 WCHAR FileName[1]; /**< 0x5e: */
1599} FILE_BOTH_DIR_INFORMATION;
1600typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1601typedef struct _FILE_BASIC_INFORMATION
1602{
1603 LARGE_INTEGER CreationTime;
1604 LARGE_INTEGER LastAccessTime;
1605 LARGE_INTEGER LastWriteTime;
1606 LARGE_INTEGER ChangeTime;
1607 ULONG FileAttributes;
1608} FILE_BASIC_INFORMATION;
1609typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1610typedef struct _FILE_STANDARD_INFORMATION
1611{
1612 LARGE_INTEGER AllocationSize;
1613 LARGE_INTEGER EndOfFile;
1614 ULONG NumberOfLinks;
1615 BOOLEAN DeletePending;
1616 BOOLEAN Directory;
1617} FILE_STANDARD_INFORMATION;
1618typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1619typedef struct _FILE_NAME_INFORMATION
1620{
1621 ULONG FileNameLength;
1622 WCHAR FileName[1];
1623} FILE_NAME_INFORMATION;
1624typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1625typedef struct _FILE_NETWORK_OPEN_INFORMATION
1626{
1627 LARGE_INTEGER CreationTime;
1628 LARGE_INTEGER LastAccessTime;
1629 LARGE_INTEGER LastWriteTime;
1630 LARGE_INTEGER ChangeTime;
1631 LARGE_INTEGER AllocationSize;
1632 LARGE_INTEGER EndOfFile;
1633 ULONG FileAttributes;
1634} FILE_NETWORK_OPEN_INFORMATION;
1635typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
1636typedef enum _FILE_INFORMATION_CLASS
1637{
1638 FileDirectoryInformation = 1,
1639 FileFullDirectoryInformation,
1640 FileBothDirectoryInformation,
1641 FileBasicInformation,
1642 FileStandardInformation,
1643 FileInternalInformation,
1644 FileEaInformation,
1645 FileAccessInformation,
1646 FileNameInformation,
1647 FileRenameInformation,
1648 FileLinkInformation,
1649 FileNamesInformation,
1650 FileDispositionInformation,
1651 FilePositionInformation,
1652 FileFullEaInformation,
1653 FileModeInformation,
1654 FileAlignmentInformation,
1655 FileAllInformation,
1656 FileAllocationInformation,
1657 FileEndOfFileInformation,
1658 FileAlternateNameInformation,
1659 FileStreamInformation,
1660 FilePipeInformation,
1661 FilePipeLocalInformation,
1662 FilePipeRemoteInformation,
1663 FileMailslotQueryInformation,
1664 FileMailslotSetInformation,
1665 FileCompressionInformation,
1666 FileObjectIdInformation,
1667 FileCompletionInformation,
1668 FileMoveClusterInformation,
1669 FileQuotaInformation,
1670 FileReparsePointInformation,
1671 FileNetworkOpenInformation,
1672 FileAttributeTagInformation,
1673 FileTrackingInformation,
1674 FileIdBothDirectoryInformation,
1675 FileIdFullDirectoryInformation,
1676 FileValidDataLengthInformation,
1677 FileShortNameInformation,
1678 FileIoCompletionNotificationInformation,
1679 FileIoStatusBlockRangeInformation,
1680 FileIoPriorityHintInformation,
1681 FileSfioReserveInformation,
1682 FileSfioVolumeInformation,
1683 FileHardLinkInformation,
1684 FileProcessIdsUsingFileInformation,
1685 FileNormalizedNameInformation,
1686 FileNetworkPhysicalNameInformation,
1687 FileIdGlobalTxDirectoryInformation,
1688 FileIsRemoteDeviceInformation,
1689 FileUnusedInformation,
1690 FileNumaNodeInformation,
1691 FileStandardLinkInformation,
1692 FileRemoteProtocolInformation,
1693 FileRenameInformationBypassAccessCheck,
1694 FileLinkInformationBypassAccessCheck,
1695 FileVolumeNameInformation,
1696 FileIdInformation,
1697 FileIdExtdDirectoryInformation,
1698 FileReplaceCompletionInformation,
1699 FileHardLinkFullIdInformation,
1700 FileMaximumInformation
1701} FILE_INFORMATION_CLASS;
1702typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
1703NTSYSAPI NTSTATUS NTAPI NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1704NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
1705 FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
1706NTSYSAPI NTSTATUS NTAPI NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
1707#endif /* IPRT_NT_USE_WINTERNL */
1708NTSYSAPI NTSTATUS NTAPI NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1709NTSYSAPI NTSTATUS NTAPI NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
1710
1711
1712/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
1713 * @{ */
1714#ifndef SE_GROUP_MANDATORY
1715# define SE_GROUP_MANDATORY UINT32_C(0x01)
1716#endif
1717#ifndef SE_GROUP_ENABLED_BY_DEFAULT
1718# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
1719#endif
1720#ifndef SE_GROUP_ENABLED
1721# define SE_GROUP_ENABLED UINT32_C(0x04)
1722#endif
1723#ifndef SE_GROUP_OWNER
1724# define SE_GROUP_OWNER UINT32_C(0x08)
1725#endif
1726#ifndef SE_GROUP_USE_FOR_DENY_ONLY
1727# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
1728#endif
1729#ifndef SE_GROUP_INTEGRITY
1730# define SE_GROUP_INTEGRITY UINT32_C(0x20)
1731#endif
1732#ifndef SE_GROUP_INTEGRITY_ENABLED
1733# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
1734#endif
1735#ifndef SE_GROUP_RESOURCE
1736# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
1737#endif
1738#ifndef SE_GROUP_LOGON_ID
1739# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
1740#endif
1741/** @} */
1742
1743
1744#ifdef IPRT_NT_USE_WINTERNL
1745
1746/** For use with KeyBasicInformation. */
1747typedef struct _KEY_BASIC_INFORMATION
1748{
1749 LARGE_INTEGER LastWriteTime;
1750 ULONG TitleIndex;
1751 ULONG NameLength;
1752 WCHAR Name[1];
1753} KEY_BASIC_INFORMATION;
1754typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
1755
1756/** For use with KeyNodeInformation. */
1757typedef struct _KEY_NODE_INFORMATION
1758{
1759 LARGE_INTEGER LastWriteTime;
1760 ULONG TitleIndex;
1761 ULONG ClassOffset; /**< Offset from the start of the structure. */
1762 ULONG ClassLength;
1763 ULONG NameLength;
1764 WCHAR Name[1];
1765} KEY_NODE_INFORMATION;
1766typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
1767
1768/** For use with KeyFullInformation. */
1769typedef struct _KEY_FULL_INFORMATION
1770{
1771 LARGE_INTEGER LastWriteTime;
1772 ULONG TitleIndex;
1773 ULONG ClassOffset; /**< Offset of the Class member. */
1774 ULONG ClassLength;
1775 ULONG SubKeys;
1776 ULONG MaxNameLen;
1777 ULONG MaxClassLen;
1778 ULONG Values;
1779 ULONG MaxValueNameLen;
1780 ULONG MaxValueDataLen;
1781 WCHAR Class[1];
1782} KEY_FULL_INFORMATION;
1783typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
1784
1785/** For use with KeyNameInformation. */
1786typedef struct _KEY_NAME_INFORMATION
1787{
1788 ULONG NameLength;
1789 WCHAR Name[1];
1790} KEY_NAME_INFORMATION;
1791typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
1792
1793/** For use with KeyCachedInformation. */
1794typedef struct _KEY_CACHED_INFORMATION
1795{
1796 LARGE_INTEGER LastWriteTime;
1797 ULONG TitleIndex;
1798 ULONG SubKeys;
1799 ULONG MaxNameLen;
1800 ULONG Values;
1801 ULONG MaxValueNameLen;
1802 ULONG MaxValueDataLen;
1803 ULONG NameLength;
1804} KEY_CACHED_INFORMATION;
1805typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
1806
1807/** For use with KeyVirtualizationInformation. */
1808typedef struct _KEY_VIRTUALIZATION_INFORMATION
1809{
1810 ULONG VirtualizationCandidate : 1;
1811 ULONG VirtualizationEnabled : 1;
1812 ULONG VirtualTarget : 1;
1813 ULONG VirtualStore : 1;
1814 ULONG VirtualSource : 1;
1815 ULONG Reserved : 27;
1816} KEY_VIRTUALIZATION_INFORMATION;
1817typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
1818
1819typedef enum _KEY_INFORMATION_CLASS
1820{
1821 KeyBasicInformation = 0,
1822 KeyNodeInformation,
1823 KeyFullInformation,
1824 KeyNameInformation,
1825 KeyCachedInformation,
1826 KeyFlagsInformation,
1827 KeyVirtualizationInformation,
1828 KeyHandleTagsInformation,
1829 MaxKeyInfoClass
1830} KEY_INFORMATION_CLASS;
1831NTSYSAPI NTSTATUS NTAPI NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1832NTSYSAPI NTSTATUS NTAPI NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1833
1834typedef struct _MEMORY_SECTION_NAME
1835{
1836 UNICODE_STRING SectionFileName;
1837 WCHAR NameBuffer[1];
1838} MEMORY_SECTION_NAME;
1839
1840#ifdef IPRT_NT_USE_WINTERNL
1841typedef struct _PROCESS_BASIC_INFORMATION
1842{
1843 NTSTATUS ExitStatus;
1844 PPEB PebBaseAddress;
1845 ULONG_PTR AffinityMask;
1846 int32_t BasePriority;
1847 ULONG_PTR UniqueProcessId;
1848 ULONG_PTR InheritedFromUniqueProcessId;
1849} PROCESS_BASIC_INFORMATION;
1850typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
1851#endif
1852
1853typedef enum _PROCESSINFOCLASS
1854{
1855 ProcessBasicInformation = 0, /**< 0 / 0x00 */
1856 ProcessQuotaLimits, /**< 1 / 0x01 */
1857 ProcessIoCounters, /**< 2 / 0x02 */
1858 ProcessVmCounters, /**< 3 / 0x03 */
1859 ProcessTimes, /**< 4 / 0x04 */
1860 ProcessBasePriority, /**< 5 / 0x05 */
1861 ProcessRaisePriority, /**< 6 / 0x06 */
1862 ProcessDebugPort, /**< 7 / 0x07 */
1863 ProcessExceptionPort, /**< 8 / 0x08 */
1864 ProcessAccessToken, /**< 9 / 0x09 */
1865 ProcessLdtInformation, /**< 10 / 0x0a */
1866 ProcessLdtSize, /**< 11 / 0x0b */
1867 ProcessDefaultHardErrorMode, /**< 12 / 0x0c */
1868 ProcessIoPortHandlers, /**< 13 / 0x0d */
1869 ProcessPooledUsageAndLimits, /**< 14 / 0x0e */
1870 ProcessWorkingSetWatch, /**< 15 / 0x0f */
1871 ProcessUserModeIOPL, /**< 16 / 0x10 */
1872 ProcessEnableAlignmentFaultFixup, /**< 17 / 0x11 */
1873 ProcessPriorityClass, /**< 18 / 0x12 */
1874 ProcessWx86Information, /**< 19 / 0x13 */
1875 ProcessHandleCount, /**< 20 / 0x14 */
1876 ProcessAffinityMask, /**< 21 / 0x15 */
1877 ProcessPriorityBoost, /**< 22 / 0x16 */
1878 ProcessDeviceMap, /**< 23 / 0x17 */
1879 ProcessSessionInformation, /**< 24 / 0x18 */
1880 ProcessForegroundInformation, /**< 25 / 0x19 */
1881 ProcessWow64Information, /**< 26 / 0x1a */
1882 ProcessImageFileName, /**< 27 / 0x1b */
1883 ProcessLUIDDeviceMapsEnabled, /**< 28 / 0x1c */
1884 ProcessBreakOnTermination, /**< 29 / 0x1d */
1885 ProcessDebugObjectHandle, /**< 30 / 0x1e */
1886 ProcessDebugFlags, /**< 31 / 0x1f */
1887 ProcessHandleTracing, /**< 32 / 0x20 */
1888 ProcessIoPriority, /**< 33 / 0x21 */
1889 ProcessExecuteFlags, /**< 34 / 0x22 */
1890 ProcessTlsInformation, /**< 35 / 0x23 */
1891 ProcessCookie, /**< 36 / 0x24 */
1892 ProcessImageInformation, /**< 37 / 0x25 */
1893 ProcessCycleTime, /**< 38 / 0x26 */
1894 ProcessPagePriority, /**< 39 / 0x27 */
1895 ProcessInstrumentationCallbak, /**< 40 / 0x28 */
1896 ProcessThreadStackAllocation, /**< 41 / 0x29 */
1897 ProcessWorkingSetWatchEx, /**< 42 / 0x2a */
1898 ProcessImageFileNameWin32, /**< 43 / 0x2b */
1899 ProcessImageFileMapping, /**< 44 / 0x2c */
1900 ProcessAffinityUpdateMode, /**< 45 / 0x2d */
1901 ProcessMemoryAllocationMode, /**< 46 / 0x2e */
1902 ProcessGroupInformation, /**< 47 / 0x2f */
1903 ProcessTokenVirtualizationEnabled, /**< 48 / 0x30 */
1904 ProcessOwnerInformation, /**< 49 / 0x31 */
1905 ProcessWindowInformation, /**< 50 / 0x32 */
1906 ProcessHandleInformation, /**< 51 / 0x33 */
1907 ProcessMitigationPolicy, /**< 52 / 0x34 */
1908 ProcessDynamicFunctionTableInformation, /**< 53 / 0x35 */
1909 ProcessHandleCheckingMode, /**< 54 / 0x36 */
1910 ProcessKeepAliveCount, /**< 55 / 0x37 */
1911 ProcessRevokeFileHandles, /**< 56 / 0x38 */
1912 ProcessWorkingSetControl, /**< 57 / 0x39 */
1913 ProcessHandleTable, /**< 58 / 0x3a */
1914 ProcessCheckStackExtentsMode, /**< 59 / 0x3b */
1915 ProcessCommandLineInformation, /**< 60 / 0x3c */
1916 ProcessProtectionInformation, /**< 61 / 0x3d */
1917 ProcessMemoryExhaustion, /**< 62 / 0x3e */
1918 ProcessFaultInformation, /**< 63 / 0x3f */
1919 ProcessTelemetryIdInformation, /**< 64 / 0x40 */
1920 ProcessCommitReleaseInformation, /**< 65 / 0x41 */
1921 ProcessDefaultCpuSetsInformation, /**< 66 / 0x42 - aka ProcessReserved1Information */
1922 ProcessAllowedCpuSetsInformation, /**< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 */
1923 ProcessSubsystemProcess, /**< 68 / 0x44 */
1924 ProcessJobMemoryInformation, /**< 69 / 0x45 */
1925 ProcessInPrivate, /**< 70 / 0x46 */
1926 ProcessRaiseUMExceptionOnInvalidHandleClose,/**< 71 / 0x47 */
1927 ProcessIumChallengeResponse, /**< 72 / 0x48 */
1928 ProcessChildProcessInformation, /**< 73 / 0x49 */
1929 ProcessHighGraphicsPriorityInformation, /**< 74 / 0x4a */
1930 ProcessSubsystemInformation, /**< 75 / 0x4b */
1931 ProcessEnergyValues, /**< 76 / 0x4c */
1932 ProcessPowerThrottlingState, /**< 77 / 0x4d */
1933 ProcessReserved3Information, /**< 78 / 0x4e */
1934 ProcessWin32kSyscallFilterInformation, /**< 79 / 0x4f */
1935 ProcessDisableSystemAllowedCpuSets, /**< 80 / 0x50 */
1936 ProcessWakeInformation, /**< 81 / 0x51 */
1937 ProcessEnergyTrackingState, /**< 82 / 0x52 */
1938 ProcessManageWritesToExecutableMemory, /**< 83 / 0x53 */
1939 ProcessCaptureTrustletLiveDump, /**< 84 / 0x54 */
1940 ProcessTelemetryCoverage, /**< 85 / 0x55 */
1941 ProcessEnclaveInformation, /**< 86 / 0x56 */
1942 ProcessEnableReadWriteVmLogging, /**< 87 / 0x57 */
1943 ProcessUptimeInformation, /**< 88 / 0x58 */
1944 ProcessImageSection, /**< 89 / 0x59 */
1945 ProcessDebugAuthInformation, /**< 90 / 0x5a */
1946 ProcessSystemResourceManagement, /**< 92 / 0x5b */
1947 ProcessSequenceNumber, /**< 93 / 0x5c */
1948 MaxProcessInfoClass
1949} PROCESSINFOCLASS;
1950AssertCompile(ProcessSequenceNumber == 0x5c);
1951NTSYSAPI NTSTATUS NTAPI NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
1952
1953typedef enum _THREADINFOCLASS
1954{
1955 ThreadBasicInformation = 0,
1956 ThreadTimes,
1957 ThreadPriority,
1958 ThreadBasePriority,
1959 ThreadAffinityMask,
1960 ThreadImpersonationToken,
1961 ThreadDescriptorTableEntry,
1962 ThreadEnableAlignmentFaultFixup,
1963 ThreadEventPair_Reusable,
1964 ThreadQuerySetWin32StartAddress,
1965 ThreadZeroTlsCell,
1966 ThreadPerformanceCount,
1967 ThreadAmILastThread,
1968 ThreadIdealProcessor,
1969 ThreadPriorityBoost,
1970 ThreadSetTlsArrayAddress,
1971 ThreadIsIoPending,
1972 ThreadHideFromDebugger,
1973 ThreadBreakOnTermination,
1974 ThreadSwitchLegacyState,
1975 ThreadIsTerminated,
1976 ThreadLastSystemCall,
1977 ThreadIoPriority,
1978 ThreadCycleTime,
1979 ThreadPagePriority,
1980 ThreadActualBasePriority,
1981 ThreadTebInformation,
1982 ThreadCSwitchMon,
1983 ThreadCSwitchPmu,
1984 ThreadWow64Context,
1985 ThreadGroupInformation,
1986 ThreadUmsInformation,
1987 ThreadCounterProfiling,
1988 ThreadIdealProcessorEx,
1989 ThreadCpuAccountingInformation,
1990 MaxThreadInfoClass
1991} THREADINFOCLASS;
1992NTSYSAPI NTSTATUS NTAPI NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
1993
1994NTSYSAPI NTSTATUS NTAPI NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1995NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1996
1997NTSYSAPI NTSTATUS NTAPI NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1998NTSYSAPI NTSTATUS NTAPI NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1999NTSYSAPI NTSTATUS NTAPI NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2000NTSYSAPI NTSTATUS NTAPI NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2001
2002NTSYSAPI NTSTATUS NTAPI NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2003NTSYSAPI NTSTATUS NTAPI NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2004
2005NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2006NTSYSAPI NTSTATUS NTAPI RtlCopySid(ULONG, PSID, PSID);
2007NTSYSAPI NTSTATUS NTAPI RtlCreateAcl(PACL, ULONG, ULONG);
2008NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2009NTSYSAPI BOOLEAN NTAPI RtlEqualSid(PSID, PSID);
2010NTSYSAPI NTSTATUS NTAPI RtlGetVersion(PRTL_OSVERSIONINFOW);
2011NTSYSAPI NTSTATUS NTAPI RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2012NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2013NTSYSAPI PULONG NTAPI RtlSubAuthoritySid(PSID, ULONG);
2014
2015#endif /* IPRT_NT_USE_WINTERNL */
2016
2017/** For use with ObjectHandleFlagInformation. */
2018typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2019{
2020 BOOLEAN Inherit;
2021 BOOLEAN ProtectFromClose;
2022} OBJECT_HANDLE_FLAG_INFORMATION;
2023typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2024
2025typedef enum _OBJECT_INFORMATION_CLASS
2026{
2027 ObjectBasicInformation = 0,
2028 ObjectNameInformation,
2029 ObjectTypeInformation,
2030 ObjectAllInformation,
2031 ObjectHandleFlagInformation,
2032 ObjectSessionInformation,
2033 MaxObjectInfoClass
2034} OBJECT_INFORMATION_CLASS;
2035typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2036#ifdef IN_RING0
2037# define NtQueryObject ZwQueryObject
2038#endif
2039NTSYSAPI NTSTATUS NTAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2040NTSYSAPI NTSTATUS NTAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2041NTSYSAPI NTSTATUS NTAPI NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2042
2043NTSYSAPI NTSTATUS NTAPI NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2044
2045typedef struct _OBJECT_DIRECTORY_INFORMATION
2046{
2047 UNICODE_STRING Name;
2048 UNICODE_STRING TypeName;
2049} OBJECT_DIRECTORY_INFORMATION;
2050typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2051NTSYSAPI NTSTATUS NTAPI NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2052
2053NTSYSAPI NTSTATUS NTAPI NtSuspendProcess(HANDLE);
2054NTSYSAPI NTSTATUS NTAPI NtResumeProcess(HANDLE);
2055/** @name ProcessDefaultHardErrorMode bit definitions.
2056 * @{ */
2057#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /**< Inverted from the win32 define. */
2058#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2059#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2060#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2061/** @} */
2062NTSYSAPI NTSTATUS NTAPI NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2063NTSYSAPI NTSTATUS NTAPI NtTerminateProcess(HANDLE, LONG);
2064
2065/** Retured by ProcessImageInformation as well as NtQuerySection. */
2066typedef struct _SECTION_IMAGE_INFORMATION
2067{
2068 PVOID TransferAddress;
2069 ULONG ZeroBits;
2070 SIZE_T MaximumStackSize;
2071 SIZE_T CommittedStackSize;
2072 ULONG SubSystemType;
2073 union
2074 {
2075 struct
2076 {
2077 USHORT SubSystemMinorVersion;
2078 USHORT SubSystemMajorVersion;
2079 };
2080 ULONG SubSystemVersion;
2081 };
2082 ULONG GpValue;
2083 USHORT ImageCharacteristics;
2084 USHORT DllCharacteristics;
2085 USHORT Machine;
2086 BOOLEAN ImageContainsCode;
2087 union /**< Since Vista, used to be a spare BOOLEAN. */
2088 {
2089 struct
2090 {
2091 UCHAR ComPlusNativeRead : 1;
2092 UCHAR ComPlusILOnly : 1;
2093 UCHAR ImageDynamicallyRelocated : 1;
2094 UCHAR ImageMAppedFlat : 1;
2095 UCHAR Reserved : 4;
2096 };
2097 UCHAR ImageFlags;
2098 };
2099 ULONG LoaderFlags;
2100 ULONG ImageFileSize; /**< Since XP? */
2101 ULONG CheckSum; /**< Since Vista, Used to be a reserved/spare ULONG. */
2102} SECTION_IMAGE_INFORMATION;
2103typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2104
2105typedef enum _SECTION_INFORMATION_CLASS
2106{
2107 SectionBasicInformation = 0,
2108 SectionImageInformation,
2109 MaxSectionInfoClass
2110} SECTION_INFORMATION_CLASS;
2111NTSYSAPI NTSTATUS NTAPI NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2112
2113NTSYSAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2114NTSYSAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2115NTSYSAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2116#ifndef SYMBOLIC_LINK_QUERY
2117# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2118#endif
2119#ifndef SYMBOLIC_LINK_ALL_ACCESS
2120# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYMBOLIC_LINK_QUERY)
2121#endif
2122
2123NTSYSAPI NTSTATUS NTAPI NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2124NTSYSAPI NTSTATUS NTAPI NtResumeThread(HANDLE, PULONG);
2125NTSYSAPI NTSTATUS NTAPI NtSuspendThread(HANDLE, PULONG);
2126NTSYSAPI NTSTATUS NTAPI NtTerminateThread(HANDLE, LONG);
2127NTSYSAPI NTSTATUS NTAPI NtGetContextThread(HANDLE, PCONTEXT);
2128NTSYSAPI NTSTATUS NTAPI NtSetContextThread(HANDLE, PCONTEXT);
2129NTSYSAPI NTSTATUS NTAPI ZwYieldExecution(void);
2130
2131
2132#ifndef SEC_FILE
2133# define SEC_FILE UINT32_C(0x00800000)
2134#endif
2135#ifndef SEC_IMAGE
2136# define SEC_IMAGE UINT32_C(0x01000000)
2137#endif
2138#ifndef SEC_PROTECTED_IMAGE
2139# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2140#endif
2141#ifndef SEC_NOCACHE
2142# define SEC_NOCACHE UINT32_C(0x10000000)
2143#endif
2144#ifndef MEM_ROTATE
2145# define MEM_ROTATE UINT32_C(0x00800000)
2146#endif
2147typedef enum _MEMORY_INFORMATION_CLASS
2148{
2149 MemoryBasicInformation = 0,
2150 MemoryWorkingSetList,
2151 MemorySectionName,
2152 MemoryBasicVlmInformation
2153} MEMORY_INFORMATION_CLASS;
2154#ifdef IN_RING0
2155typedef struct _MEMORY_BASIC_INFORMATION
2156{
2157 PVOID BaseAddress;
2158 PVOID AllocationBase;
2159 ULONG AllocationProtect;
2160 SIZE_T RegionSize;
2161 ULONG State;
2162 ULONG Protect;
2163 ULONG Type;
2164} MEMORY_BASIC_INFORMATION;
2165typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2166# define NtQueryVirtualMemory ZwQueryVirtualMemory
2167#endif
2168NTSYSAPI NTSTATUS NTAPI NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2169#ifdef IPRT_NT_USE_WINTERNL
2170NTSYSAPI NTSTATUS NTAPI NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2171#endif
2172NTSYSAPI NTSTATUS NTAPI NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2173NTSYSAPI NTSTATUS NTAPI NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2174
2175typedef enum _SYSTEM_INFORMATION_CLASS
2176{
2177 SystemBasicInformation = 0,
2178 SystemCpuInformation,
2179 SystemPerformanceInformation,
2180 SystemTimeOfDayInformation,
2181 SystemInformation_Unknown_4,
2182 SystemProcessInformation,
2183 SystemInformation_Unknown_6,
2184 SystemInformation_Unknown_7,
2185 SystemProcessorPerformanceInformation,
2186 SystemInformation_Unknown_9,
2187 SystemInformation_Unknown_10,
2188 SystemModuleInformation,
2189 SystemInformation_Unknown_12,
2190 SystemInformation_Unknown_13,
2191 SystemInformation_Unknown_14,
2192 SystemInformation_Unknown_15,
2193 SystemHandleInformation,
2194 SystemInformation_Unknown_17,
2195 SystemPageFileInformation,
2196 SystemInformation_Unknown_19,
2197 SystemInformation_Unknown_20,
2198 SystemCacheInformation,
2199 SystemInformation_Unknown_22,
2200 SystemInterruptInformation,
2201 SystemDpcBehaviourInformation,
2202 SystemFullMemoryInformation,
2203 SystemLoadGdiDriverInformation, /* 26 */
2204 SystemUnloadGdiDriverInformation, /* 27 */
2205 SystemTimeAdjustmentInformation,
2206 SystemSummaryMemoryInformation,
2207 SystemInformation_Unknown_30,
2208 SystemInformation_Unknown_31,
2209 SystemInformation_Unknown_32,
2210 SystemExceptionInformation,
2211 SystemCrashDumpStateInformation,
2212 SystemKernelDebuggerInformation,
2213 SystemContextSwitchInformation,
2214 SystemRegistryQuotaInformation,
2215 SystemInformation_Unknown_38,
2216 SystemInformation_Unknown_39,
2217 SystemInformation_Unknown_40,
2218 SystemInformation_Unknown_41,
2219 SystemInformation_Unknown_42,
2220 SystemInformation_Unknown_43,
2221 SystemCurrentTimeZoneInformation,
2222 SystemLookasideInformation,
2223 SystemSetTimeSlipEvent,
2224 SystemCreateSession,
2225 SystemDeleteSession,
2226 SystemInformation_Unknown_49,
2227 SystemRangeStartInformation,
2228 SystemVerifierInformation,
2229 SystemInformation_Unknown_52,
2230 SystemSessionProcessInformation,
2231 SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
2232 SystemInformation_Unknown_55,
2233 SystemInformation_Unknown_56,
2234 SystemExtendedProcessInformation,
2235 SystemInformation_Unknown_58,
2236 SystemInformation_Unknown_59,
2237 SystemInformation_Unknown_60,
2238 SystemInformation_Unknown_61,
2239 SystemInformation_Unknown_62,
2240 SystemInformation_Unknown_63,
2241 SystemExtendedHandleInformation, /* 64 */
2242 SystemInformation_Unknown_65,
2243 SystemInformation_Unknown_66,
2244 SystemInformation_Unknown_67,
2245 SystemInformation_Unknown_68,
2246 SystemInformation_HotPatchInfo, /* 69 */
2247 SystemInformation_Unknown_70,
2248 SystemInformation_Unknown_71,
2249 SystemInformation_Unknown_72,
2250 SystemInformation_Unknown_73,
2251 SystemInformation_Unknown_74,
2252 SystemInformation_Unknown_75,
2253 SystemInformation_Unknown_76,
2254 SystemInformation_Unknown_77,
2255 SystemInformation_Unknown_78,
2256 SystemInformation_Unknown_79,
2257 SystemInformation_Unknown_80,
2258 SystemInformation_Unknown_81,
2259 SystemInformation_Unknown_82,
2260 SystemInformation_Unknown_83,
2261 SystemInformation_Unknown_84,
2262 SystemInformation_Unknown_85,
2263 SystemInformation_Unknown_86,
2264 SystemInformation_Unknown_87,
2265 SystemInformation_Unknown_88,
2266 SystemInformation_Unknown_89,
2267 SystemInformation_Unknown_90,
2268 SystemInformation_Unknown_91,
2269 SystemInformation_Unknown_92,
2270 SystemInformation_Unknown_93,
2271 SystemInformation_Unknown_94,
2272 SystemInformation_Unknown_95,
2273 SystemInformation_KiOpPrefetchPatchCount, /* 96 */
2274 SystemInformation_Unknown_97,
2275 SystemInformation_Unknown_98,
2276 SystemInformation_Unknown_99,
2277 SystemInformation_Unknown_100,
2278 SystemInformation_Unknown_101,
2279 SystemInformation_Unknown_102,
2280 SystemInformation_Unknown_103,
2281 SystemInformation_Unknown_104,
2282 SystemInformation_Unknown_105,
2283 SystemInformation_Unknown_107,
2284 SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
2285
2286 /** @todo fill gap. they've added a whole bunch of things */
2287 SystemPolicyInformation = 134,
2288 SystemInformationClassMax
2289} SYSTEM_INFORMATION_CLASS;
2290
2291#ifdef IPRT_NT_USE_WINTERNL
2292typedef struct _VM_COUNTERS
2293{
2294 SIZE_T PeakVirtualSize;
2295 SIZE_T VirtualSize;
2296 ULONG PageFaultCount;
2297 SIZE_T PeakWorkingSetSize;
2298 SIZE_T WorkingSetSize;
2299 SIZE_T QuotaPeakPagedPoolUsage;
2300 SIZE_T QuotaPagedPoolUsage;
2301 SIZE_T QuotaPeakNonPagedPoolUsage;
2302 SIZE_T QuotaNonPagedPoolUsage;
2303 SIZE_T PagefileUsage;
2304 SIZE_T PeakPagefileUsage;
2305} VM_COUNTERS;
2306typedef VM_COUNTERS *PVM_COUNTERS;
2307#endif
2308
2309#if 0
2310typedef struct _IO_COUNTERS
2311{
2312 ULONGLONG ReadOperationCount;
2313 ULONGLONG WriteOperationCount;
2314 ULONGLONG OtherOperationCount;
2315 ULONGLONG ReadTransferCount;
2316 ULONGLONG WriteTransferCount;
2317 ULONGLONG OtherTransferCount;
2318} IO_COUNTERS;
2319typedef IO_COUNTERS *PIO_COUNTERS;
2320#endif
2321
2322typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
2323{
2324 ULONG NextEntryOffset; /**< 0x00 / 0x00 */
2325 ULONG NumberOfThreads; /**< 0x04 / 0x04 */
2326 LARGE_INTEGER Reserved1[3]; /**< 0x08 / 0x08 */
2327 LARGE_INTEGER CreationTime; /**< 0x20 / 0x20 */
2328 LARGE_INTEGER UserTime; /**< 0x28 / 0x28 */
2329 LARGE_INTEGER KernelTime; /**< 0x30 / 0x30 */
2330 UNICODE_STRING ProcessName; /**< 0x38 / 0x38 Clean unicode encoding? */
2331 int32_t BasePriority; /**< 0x40 / 0x48 */
2332 HANDLE UniqueProcessId; /**< 0x44 / 0x50 */
2333 HANDLE ParentProcessId; /**< 0x48 / 0x58 */
2334 ULONG HandleCount; /**< 0x4c / 0x60 */
2335 ULONG Reserved2; /**< 0x50 / 0x64 Session ID? */
2336 ULONG_PTR Reserved3; /**< 0x54 / 0x68 */
2337 VM_COUNTERS VmCounters; /**< 0x58 / 0x70 */
2338 IO_COUNTERS IoCounters; /**< 0x88 / 0xd0 Might not be present in earlier windows versions. */
2339 /* After this follows the threads, then the ProcessName.Buffer. */
2340} RTNT_SYSTEM_PROCESS_INFORMATION;
2341typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
2342#ifndef IPRT_NT_USE_WINTERNL
2343typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
2344typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
2345#endif
2346
2347typedef struct _SYSTEM_HANDLE_ENTRY_INFO
2348{
2349 USHORT UniqueProcessId;
2350 USHORT CreatorBackTraceIndex;
2351 UCHAR ObjectTypeIndex;
2352 UCHAR HandleAttributes;
2353 USHORT HandleValue;
2354 PVOID Object;
2355 ULONG GrantedAccess;
2356} SYSTEM_HANDLE_ENTRY_INFO;
2357typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
2358
2359/** Returned by SystemHandleInformation */
2360typedef struct _SYSTEM_HANDLE_INFORMATION
2361{
2362 ULONG NumberOfHandles;
2363 SYSTEM_HANDLE_ENTRY_INFO Handles[1];
2364} SYSTEM_HANDLE_INFORMATION;
2365typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
2366
2367/** Extended handle information entry.
2368 * @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
2369typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
2370{
2371 PVOID Object;
2372 HANDLE UniqueProcessId;
2373 HANDLE HandleValue;
2374 ACCESS_MASK GrantedAccess;
2375 USHORT CreatorBackTraceIndex;
2376 USHORT ObjectTypeIndex;
2377 ULONG HandleAttributes;
2378 ULONG Reserved;
2379} SYSTEM_HANDLE_ENTRY_INFO_EX;
2380typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
2381
2382/** Returned by SystemExtendedHandleInformation. */
2383typedef struct _SYSTEM_HANDLE_INFORMATION_EX
2384{
2385 ULONG_PTR NumberOfHandles;
2386 ULONG_PTR Reserved;
2387 SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
2388} SYSTEM_HANDLE_INFORMATION_EX;
2389typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
2390
2391/** Returned by SystemSessionProcessInformation. */
2392typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
2393{
2394 ULONG SessionId;
2395 ULONG BufferLength;
2396 /** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
2397 PVOID Buffer;
2398} SYSTEM_SESSION_PROCESS_INFORMATION;
2399typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
2400
2401typedef struct _RTL_PROCESS_MODULE_INFORMATION
2402{
2403 HANDLE Section; /**< 0x00 / 0x00 */
2404 PVOID MappedBase; /**< 0x04 / 0x08 */
2405 PVOID ImageBase; /**< 0x08 / 0x10 */
2406 ULONG ImageSize; /**< 0x0c / 0x18 */
2407 ULONG Flags; /**< 0x10 / 0x1c */
2408 USHORT LoadOrderIndex; /**< 0x14 / 0x20 */
2409 USHORT InitOrderIndex; /**< 0x16 / 0x22 */
2410 USHORT LoadCount; /**< 0x18 / 0x24 */
2411 USHORT OffsetToFileName; /**< 0x1a / 0x26 */
2412 UCHAR FullPathName[256]; /**< 0x1c / 0x28 */
2413} RTL_PROCESS_MODULE_INFORMATION;
2414typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
2415
2416/** Returned by SystemModuleInformation. */
2417typedef struct _RTL_PROCESS_MODULES
2418{
2419 ULONG NumberOfModules;
2420 RTL_PROCESS_MODULE_INFORMATION Modules[1]; /**< 0x04 / 0x08 */
2421} RTL_PROCESS_MODULES;
2422typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
2423
2424NTSYSAPI NTSTATUS NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2425#ifndef IPRT_NT_MAP_TO_ZW
2426NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2427#endif
2428
2429NTSYSAPI NTSTATUS NTAPI NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
2430NTSYSAPI NTSTATUS NTAPI NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
2431
2432NTSYSAPI NTSTATUS NTAPI NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
2433NTSYSAPI NTSTATUS NTAPI NtYieldExecution(void);
2434#ifndef IPRT_NT_USE_WINTERNL
2435NTSYSAPI NTSTATUS NTAPI NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
2436#endif
2437typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
2438typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
2439NTSYSAPI NTSTATUS NTAPI NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
2440
2441NTSYSAPI NTSTATUS NTAPI NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
2442
2443#ifdef IPRT_NT_USE_WINTERNL
2444typedef enum _EVENT_TYPE
2445{
2446 /* Manual reset event. */
2447 NotificationEvent = 0,
2448 /* Automaitc reset event. */
2449 SynchronizationEvent
2450} EVENT_TYPE;
2451#endif
2452NTSYSAPI NTSTATUS NTAPI NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
2453NTSYSAPI NTSTATUS NTAPI NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2454typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
2455NTSYSAPI NTSTATUS NTAPI NtClearEvent(HANDLE);
2456NTSYSAPI NTSTATUS NTAPI NtResetEvent(HANDLE, PULONG);
2457NTSYSAPI NTSTATUS NTAPI NtSetEvent(HANDLE, PULONG);
2458typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
2459typedef enum _EVENT_INFORMATION_CLASS
2460{
2461 EventBasicInformation = 0
2462} EVENT_INFORMATION_CLASS;
2463/** Data returned by NtQueryEvent + EventBasicInformation. */
2464typedef struct EVENT_BASIC_INFORMATION
2465{
2466 EVENT_TYPE EventType;
2467 ULONG EventState;
2468} EVENT_BASIC_INFORMATION;
2469typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
2470NTSYSAPI NTSTATUS NTAPI NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2471
2472#ifdef IPRT_NT_USE_WINTERNL
2473/** For NtQueryValueKey. */
2474typedef enum _KEY_VALUE_INFORMATION_CLASS
2475{
2476 KeyValueBasicInformation = 0,
2477 KeyValueFullInformation,
2478 KeyValuePartialInformation,
2479 KeyValueFullInformationAlign64,
2480 KeyValuePartialInformationAlign64
2481} KEY_VALUE_INFORMATION_CLASS;
2482
2483/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
2484typedef struct _KEY_VALUE_PARTIAL_INFORMATION
2485{
2486 ULONG TitleIndex;
2487 ULONG Type;
2488 ULONG DataLength;
2489 UCHAR Data[1];
2490} KEY_VALUE_PARTIAL_INFORMATION;
2491typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
2492#endif
2493NTSYSAPI NTSTATUS NTAPI NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2494NTSYSAPI NTSTATUS NTAPI NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2495
2496
2497NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
2498
2499
2500typedef struct _CURDIR
2501{
2502 UNICODE_STRING DosPath;
2503 HANDLE Handle; /**< 0x10 / 0x08 */
2504} CURDIR;
2505AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
2506typedef CURDIR *PCURDIR;
2507
2508typedef struct _RTL_DRIVE_LETTER_CURDIR
2509{
2510 USHORT Flags;
2511 USHORT Length;
2512 ULONG TimeStamp;
2513 STRING DosPath; /**< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. */
2514} RTL_DRIVE_LETTER_CURDIR;
2515typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
2516
2517typedef struct _RTL_USER_PROCESS_PARAMETERS
2518{
2519 ULONG MaximumLength; /**< 0x00 / 0x00 */
2520 ULONG Length; /**< 0x / 0x04 */
2521 ULONG Flags; /**< 0x / 0x08 */
2522 ULONG DebugFlags; /**< 0x / 0x0c */
2523 HANDLE ConsoleHandle; /**< 0x / 0x10 */
2524 ULONG ConsoleFlags; /**< 0x / 0x14 */
2525 HANDLE StandardInput; /**< 0x / 0x18 */
2526 HANDLE StandardOutput; /**< 0x / 0x1c */
2527 HANDLE StandardError; /**< 0x / 0x20 */
2528 CURDIR CurrentDirectory; /**< 0x / 0x24 */
2529 UNICODE_STRING DllPath; /**< 0x / 0x30 */
2530 UNICODE_STRING ImagePathName; /**< 0x / 0x38 */
2531 UNICODE_STRING CommandLine; /**< 0x / 0x40 */
2532 PWSTR Environment; /**< 0x / 0x48 */
2533 ULONG StartingX; /**< 0x / 0x4c */
2534 ULONG StartingY; /**< 0x / 0x50 */
2535 ULONG CountX; /**< 0x / 0x54 */
2536 ULONG CountY; /**< 0x / 0x58 */
2537 ULONG CountCharsX; /**< 0x / 0x5c */
2538 ULONG CountCharsY; /**< 0x / 0x60 */
2539 ULONG FillAttribute; /**< 0x / 0x64 */
2540 ULONG WindowFlags; /**< 0x / 0x68 */
2541 ULONG ShowWindowFlags; /**< 0x / 0x6c */
2542 UNICODE_STRING WindowTitle; /**< 0x / 0x70 */
2543 UNICODE_STRING DesktopInfo; /**< 0x / 0x78 */
2544 UNICODE_STRING ShellInfo; /**< 0x / 0x80 */
2545 UNICODE_STRING RuntimeInfo; /**< 0x / 0x88 */
2546 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /**< 0x / 0x90 */
2547 SIZE_T EnvironmentSize; /**< 0x / 0x - Added in Vista */
2548 SIZE_T EnvironmentVersion; /**< 0x / 0x - Added in Windows 7. */
2549 PVOID PackageDependencyData; /**< 0x / 0x - Added Windows 8? */
2550 ULONG ProcessGroupId; /**< 0x / 0x - Added Windows 8? */
2551} RTL_USER_PROCESS_PARAMETERS;
2552typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
2553#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
2554
2555typedef struct _RTL_USER_PROCESS_INFORMATION
2556{
2557 ULONG Size;
2558 HANDLE ProcessHandle;
2559 HANDLE ThreadHandle;
2560 CLIENT_ID ClientId;
2561 SECTION_IMAGE_INFORMATION ImageInformation;
2562} RTL_USER_PROCESS_INFORMATION;
2563typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
2564
2565
2566NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
2567 PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
2568NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
2569 PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
2570 PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
2571 PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
2572 PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
2573NTSYSAPI VOID NTAPI RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
2574NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
2575 PFNRT, PVOID, PHANDLE, PCLIENT_ID);
2576
2577#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
2578typedef struct _RTL_CRITICAL_SECTION
2579{
2580 struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
2581 LONG LockCount;
2582 LONG Recursioncount;
2583 HANDLE OwningThread;
2584 HANDLE LockSemaphore;
2585 ULONG_PTR SpinCount;
2586} RTL_CRITICAL_SECTION;
2587typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
2588#endif
2589
2590/*NTSYSAPI ULONG NTAPI RtlNtStatusToDosError(NTSTATUS rcNt);*/
2591
2592/** @def RTL_QUERY_REGISTRY_TYPECHECK
2593 * WDK 8.1+, backported in updates, ignored in older. */
2594#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) || defined(DOXYGEN_RUNNING)
2595# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
2596#endif
2597/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
2598 * WDK 8.1+, backported in updates, ignored in older. */
2599#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) || defined(DOXYGEN_RUNNING)
2600# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
2601#endif
2602
2603
2604RT_C_DECLS_END
2605/** @} */
2606
2607
2608#if defined(IN_RING0) || defined(DOXYGEN_RUNNING)
2609/** @name NT Kernel APIs
2610 * @{ */
2611RT_C_DECLS_BEGIN
2612
2613typedef ULONG KEPROCESSORINDEX; /**< Bitmap indexes != process numbers, apparently. */
2614
2615NTSYSAPI VOID NTAPI KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
2616typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
2617NTSYSAPI VOID NTAPI KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2618typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2619NTSYSAPI VOID NTAPI KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2620typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2621NTSYSAPI BOOLEAN NTAPI KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2622typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2623NTSYSAPI BOOLEAN NTAPI KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2624typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2625NTSYSAPI BOOLEAN NTAPI KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2626typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
2627NTSYSAPI VOID NTAPI KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2628typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
2629NTSYSAPI VOID NTAPI KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2630typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
2631NTSYSAPI BOOLEAN NTAPI KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2632typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2633NTSYSAPI BOOLEAN NTAPI KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2634typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
2635/** Works like anding the complemented subtrahend with the minuend. */
2636NTSYSAPI BOOLEAN NTAPI KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2637typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
2638NTSYSAPI BOOLEAN NTAPI KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2639typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
2640NTSYSAPI BOOLEAN NTAPI KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
2641typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2642NTSYSAPI BOOLEAN NTAPI KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2643typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
2644NTSYSAPI ULONG NTAPI KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
2645typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2646NTSYSAPI KEPROCESSORINDEX NTAPI KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
2647typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
2648typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
2649typedef KEPROCESSORINDEX (NTAPI *PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER *pProcNumber);
2650typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER *pProcNumber);
2651typedef KEPROCESSORINDEX (NTAPI *PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER *pProcNumber);
2652typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
2653typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
2654typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
2655typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
2656typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY *pfActiveProcessors);
2657typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
2658typedef NTSTATUS (NTAPI *PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER *pProcNumber,
2659 LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
2660 SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
2661typedef PVOID (NTAPI *PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void *pvUser, ULONG fFlags);
2662typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
2663typedef NTSTATUS (NTAPI *PFNKESETTARGETPROCESSORDPCEX)(KDPC *pDpc, PROCESSOR_NUMBER *pProcNumber);
2664
2665NTSYSAPI BOOLEAN NTAPI ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
2666 PVOID pvOptionalConditions, PHANDLE phFound);
2667NTSYSAPI NTSTATUS NTAPI ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
2668 ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
2669 KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
2670NTSYSAPI HANDLE NTAPI PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
2671NTSYSAPI UCHAR * NTAPI PsGetProcessImageFileName(PEPROCESS);
2672NTSYSAPI BOOLEAN NTAPI PsIsProcessBeingDebugged(PEPROCESS);
2673NTSYSAPI ULONG NTAPI PsGetProcessSessionId(PEPROCESS);
2674extern DECLIMPORT(POBJECT_TYPE *) LpcPortObjectType; /**< In vista+ this is the ALPC port object type. */
2675extern DECLIMPORT(POBJECT_TYPE *) LpcWaitablePortObjectType; /**< In vista+ this is the ALPC port object type. */
2676
2677typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
2678typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
2679
2680RT_C_DECLS_END
2681/** @ */
2682#endif /* IN_RING0 */
2683
2684
2685#if defined(IN_RING3) || defined(DOXYGEN_RUNNING)
2686/** @name NT Userland APIs
2687 * @{ */
2688RT_C_DECLS_BEGIN
2689
2690#if 0 /** @todo figure this out some time... */
2691typedef struct CSR_MSG_DATA_CREATED_PROCESS
2692{
2693 HANDLE hProcess;
2694 HANDLE hThread;
2695 CLIENT_ID
2696 DWORD idProcess;
2697 DWORD idThread;
2698 DWORD fCreate;
2699
2700} CSR_MSG_DATA_CREATED_PROCESS;
2701
2702#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
2703#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
2704NTSYSAPI NTSTATUS NTAPI CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
2705#endif
2706
2707NTSYSAPI VOID NTAPI LdrInitializeThunk(PVOID, PVOID, PVOID);
2708
2709typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
2710{
2711 ULONG Flags;
2712 PCUNICODE_STRING FullDllName;
2713 PCUNICODE_STRING BaseDllName;
2714 PVOID DllBase;
2715 ULONG SizeOfImage;
2716} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
2717typedef LDR_DLL_LOADED_NOTIFICATION_DATA *PLDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2718typedef LDR_DLL_LOADED_NOTIFICATION_DATA const *PCLDR_DLL_LOADED_NOTIFICATION_DATA, *PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
2719
2720typedef union _LDR_DLL_NOTIFICATION_DATA
2721{
2722 LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
2723 LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
2724} LDR_DLL_NOTIFICATION_DATA;
2725typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
2726typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
2727
2728typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
2729
2730#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
2731#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
2732NTSYSAPI NTSTATUS NTAPI LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
2733 PVOID *pvCookie);
2734typedef NTSTATUS (NTAPI *PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID *);
2735NTSYSAPI NTSTATUS NTAPI LdrUnregisterDllNotification(PVOID pvCookie);
2736typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
2737
2738NTSYSAPI NTSTATUS NTAPI LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2739 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2740typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
2741 IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
2742NTSYSAPI NTSTATUS NTAPI LdrUnloadDll(IN HANDLE hMod);
2743typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
2744NTSYSAPI NTSTATUS NTAPI LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2745 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2746typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2747 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2748#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
2749#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
2750/** @since Windows XP. */
2751NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2752 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2753/** @since Windows XP. */
2754typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
2755 IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
2756/** @since Windows 7. */
2757NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
2758/** @since Windows 7. */
2759typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
2760/** @since Windows 7. */
2761NTSYSAPI NTSTATUS NTAPI LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2762 OUT PHANDLE phDll);
2763/** @since Windows 7. */
2764typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
2765 OUT PHANDLE phDll);
2766#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
2767NTSYSAPI NTSTATUS NTAPI LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
2768typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
2769NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2770 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2771typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
2772 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
2773#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
2774/** @since Windows Vista. */
2775NTSYSAPI NTSTATUS NTAPI LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2776 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2777/** @since Windows Vista. */
2778typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
2779 IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
2780#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2781#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
2782#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
2783#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
2784#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
2785/** @since Windows XP. */
2786NTSYSAPI NTSTATUS NTAPI LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2787/** @since Windows XP. */
2788typedef NTSTATUS (NTAPI *PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
2789#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
2790/** @since Windows XP. */
2791NTSYSAPI NTSTATUS NTAPI LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
2792/** @since Windows XP. */
2793typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
2794
2795NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
2796NTSYSAPI VOID NTAPI RtlExitUserProcess(NTSTATUS rcExitCode); /**< Vista and later. */
2797NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS rcExitCode);
2798NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
2799 IN PCUNICODE_STRING pOrgName,
2800 IN PUNICODE_STRING pDefaultSuffix,
2801 IN OUT PUNICODE_STRING pStaticString,
2802 IN OUT PUNICODE_STRING pDynamicString,
2803 IN OUT PUNICODE_STRING *ppResultString,
2804 IN PULONG pfNewFlags OPTIONAL,
2805 IN PSIZE_T pcbFilename OPTIONAL,
2806 IN PSIZE_T pcbNeeded OPTIONAL);
2807/** @since Windows 8.
2808 * @note Status code is always zero in windows 10 build 14393. */
2809NTSYSAPI NTSTATUS NTAPI ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2810/** @copydoc ApiSetQueryApiSetPresence */
2811typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
2812
2813
2814# ifdef IPRT_NT_USE_WINTERNL
2815typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
2816typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
2817typedef struct _RTL_HEAP_PARAMETERS
2818{
2819 ULONG Length;
2820 SIZE_T SegmentReserve;
2821 SIZE_T SegmentCommit;
2822 SIZE_T DeCommitFreeBlockThreshold;
2823 SIZE_T DeCommitTotalFreeThreshold;
2824 SIZE_T MaximumAllocationSize;
2825 SIZE_T VirtualMemoryThreshold;
2826 SIZE_T InitialCommit;
2827 SIZE_T InitialReserve;
2828 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
2829 SIZE_T Reserved[2];
2830} RTL_HEAP_PARAMETERS;
2831typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
2832NTSYSAPI PVOID NTAPI RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
2833 PRTL_HEAP_PARAMETERS pParameters);
2834/** @name Heap flags (for RtlCreateHeap).
2835 * @{ */
2836/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
2837# define HEAP_GROWABLE UINT32_C(0x00000002)
2838# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
2839# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
2840# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
2841# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
2842# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
2843# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
2844# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
2845# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
2846# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
2847# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
2848# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
2849# define HEAP_CLASS_0 UINT32_C(0x00000000)
2850# define HEAP_CLASS_1 UINT32_C(0x00001000)
2851# define HEAP_CLASS_2 UINT32_C(0x00002000)
2852# define HEAP_CLASS_3 UINT32_C(0x00003000)
2853# define HEAP_CLASS_4 UINT32_C(0x00004000)
2854# define HEAP_CLASS_5 UINT32_C(0x00005000)
2855# define HEAP_CLASS_6 UINT32_C(0x00006000)
2856# define HEAP_CLASS_7 UINT32_C(0x00007000)
2857# define HEAP_CLASS_8 UINT32_C(0x00008000)
2858# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
2859# endif
2860# define HEAP_CLASS_PROCESS HEAP_CLASS_0
2861# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
2862# define HEAP_CLASS_KERNEL HEAP_CLASS_2
2863# define HEAP_CLASS_GDI HEAP_CLASS_3
2864# define HEAP_CLASS_USER HEAP_CLASS_4
2865# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
2866# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
2867# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
2868# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
2869# ifdef IPRT_NT_USE_WINTERNL
2870/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
2871# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
2872# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
2873# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
2874# endif /* IPRT_NT_USE_WINTERNL */
2875/** @} */
2876# ifdef IPRT_NT_USE_WINTERNL
2877/** @name Heap tagging constants
2878 * @{ */
2879# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
2880/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
2881# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
2882# define HEAP_TAG_SHIFT 18 */
2883# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
2884/** @} */
2885NTSYSAPI PVOID NTAPI RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
2886NTSYSAPI PVOID NTAPI RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
2887NTSYSAPI BOOLEAN NTAPI RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2888# endif /* IPRT_NT_USE_WINTERNL */
2889NTSYSAPI SIZE_T NTAPI RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
2890NTSYSAPI VOID NTAPI RtlFreeUnicodeString(PUNICODE_STRING);
2891NTSYSAPI SIZE_T NTAPI RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
2892NTSYSAPI NTSTATUS NTAPI RtlGetLastNtStatus(VOID);
2893NTSYSAPI ULONG NTAPI RtlGetLastWin32Error(VOID);
2894NTSYSAPI VOID NTAPI RtlSetLastWin32Error(ULONG uError);
2895NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
2896NTSYSAPI VOID NTAPI RtlRestoreLastWin32Error(ULONG uError);
2897NTSYSAPI BOOLEAN NTAPI RtlQueryPerformanceCounter(PLARGE_INTEGER);
2898NTSYSAPI uint64_t NTAPI RtlGetSystemTimePrecise(VOID);
2899typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
2900NTSYSAPI uint64_t NTAPI RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
2901typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
2902NTSYSAPI BOOLEAN NTAPI RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
2903typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
2904
2905RT_C_DECLS_END
2906/** @} */
2907#endif /* IN_RING3 */
2908
2909#endif
2910
注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

© 2025 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette