nt.h@ 92725

最後變更在這個檔案從92725是 91837,由 vboxsync 提交於 3 年前
iprt/nt/nt.h: Moved RtlFreeUnicodeString up so its visible in ring-0 too; added RTNT_NULL_UNISTR() initializer. bugref:10093
屬性 svn:eol-style 設為 `native` 屬性 svn:keywords 設為 `Author Date Id Revision`
檔案大小: 166.5 KB

行
1	/* $Id: nt.h 91837 2021-10-19 08:29:57Z vboxsync $ */
2	/** @file
3	* IPRT - Header for code using the Native NT API.
4	*/
5
6	/*
7	* Copyright (C) 2010-2020 Oracle Corporation
8	*
9	* This file is part of VirtualBox Open Source Edition (OSE), as
10	* available from http://www.alldomusa.eu.org. This file is free software;
11	* you can redistribute it and/or modify it under the terms of the GNU
12	* General Public License (GPL) as published by the Free Software
13	* Foundation, in version 2 as it comes in the "COPYING" file of the
14	* VirtualBox OSE distribution. VirtualBox OSE is distributed in the
15	* hope that it will be useful, but WITHOUT ANY WARRANTY of any kind.
16	*
17	* The contents of this file may alternatively be used under the terms
18	* of the Common Development and Distribution License Version 1.0
19	* (CDDL) only, as it comes in the "COPYING.CDDL" file of the
20	* VirtualBox OSE distribution, in which case the provisions of the
21	* CDDL are applicable instead of those of the GPL.
22	*
23	* You may elect to license modified versions of this file under the
24	* terms and conditions of either the GPL or the CDDL or both.
25	*/
26
27	#ifndef IPRT_INCLUDED_nt_nt_h
28	#define IPRT_INCLUDED_nt_nt_h
29	#ifndef RT_WITHOUT_PRAGMA_ONCE
30	# pragma once
31	#endif
32
33	/** @def IPRT_NT_MAP_TO_ZW
34	* Map Nt calls to Zw calls. In ring-0 the Zw calls let you pass kernel memory
35	* to the APIs (takes care of the previous context checks).
36	*/
37	#ifdef DOXYGEN_RUNNING
38	# define IPRT_NT_MAP_TO_ZW
39	#endif
40
41	#ifdef IPRT_NT_MAP_TO_ZW
42	# define NtQueryDirectoryFile ZwQueryDirectoryFile
43	# define NtQueryInformationFile ZwQueryInformationFile
44	# define NtQueryInformationProcess ZwQueryInformationProcess
45	# define NtQueryInformationThread ZwQueryInformationThread
46	# define NtQueryFullAttributesFile ZwQueryFullAttributesFile
47	# define NtQuerySystemInformation ZwQuerySystemInformation
48	# define NtQuerySecurityObject ZwQuerySecurityObject
49	# define NtSetInformationFile ZwSetInformationFile
50	# define NtClose ZwClose
51	# define NtCreateFile ZwCreateFile
52	# define NtReadFile ZwReadFile
53	# define NtWriteFile ZwWriteFile
54	# define NtFlushBuffersFile ZwFlushBuffersFile
55	/** @todo this is very incomplete! */
56	#endif
57
58	#include <ntstatus.h>
59
60	/*
61	* Hacks common to both base header sets.
62	*/
63	#define RtlFreeUnicodeString WrongLinkage_RtlFreeUnicodeString
64	#define NtQueryObject Incomplete_NtQueryObject
65	#define ZwQueryObject Incomplete_ZwQueryObject
66	#define NtSetInformationObject Incomplete_NtSetInformationObject
67	#define _OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
68	#define OBJECT_INFORMATION_CLASS Incomplete_OBJECT_INFORMATION_CLASS
69	#define ObjectBasicInformation Incomplete_ObjectBasicInformation
70	#define ObjectTypeInformation Incomplete_ObjectTypeInformation
71	#define _PEB Incomplete__PEB
72	#define PEB Incomplete_PEB
73	#define PPEB Incomplete_PPEB
74	#define _TEB Incomplete__TEB
75	#define TEB Incomplete_TEB
76	#define PTEB Incomplete_PTEB
77	#define _PEB_LDR_DATA Incomplete__PEB_LDR_DATA
78	#define PEB_LDR_DATA Incomplete_PEB_LDR_DATA
79	#define PPEB_LDR_DATA Incomplete_PPEB_LDR_DATA
80	#define _KUSER_SHARED_DATA Incomplete__KUSER_SHARED_DATA
81	#define KUSER_SHARED_DATA Incomplete_KUSER_SHARED_DATA
82	#define PKUSER_SHARED_DATA Incomplete_PKUSER_SHARED_DATA
83
84
85
86	#ifdef IPRT_NT_USE_WINTERNL
87	/*
88	* Use Winternl.h.
89	*/
90	# define _FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
91	# define FILE_INFORMATION_CLASS IncompleteWinternl_FILE_INFORMATION_CLASS
92	# define FileDirectoryInformation IncompleteWinternl_FileDirectoryInformation
93
94	# define NtQueryInformationProcess IncompleteWinternl_NtQueryInformationProcess
95	# define NtSetInformationProcess IncompleteWinternl_NtSetInformationProcess
96	# define PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
97	# define _PROCESSINFOCLASS IncompleteWinternl_PROCESSINFOCLASS
98	# define PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
99	# define PPROCESS_BASIC_INFORMATION IncompleteWinternl_PPROCESS_BASIC_INFORMATION
100	# define _PROCESS_BASIC_INFORMATION IncompleteWinternl_PROCESS_BASIC_INFORMATION
101	# define ProcessBasicInformation IncompleteWinternl_ProcessBasicInformation
102	# define ProcessDebugPort IncompleteWinternl_ProcessDebugPort
103	# define ProcessWow64Information IncompleteWinternl_ProcessWow64Information
104	# define ProcessImageFileName IncompleteWinternl_ProcessImageFileName
105	# define ProcessBreakOnTermination IncompleteWinternl_ProcessBreakOnTermination
106
107	# define RTL_USER_PROCESS_PARAMETERS IncompleteWinternl_RTL_USER_PROCESS_PARAMETERS
108	# define PRTL_USER_PROCESS_PARAMETERS IncompleteWinternl_PRTL_USER_PROCESS_PARAMETERS
109	# define _RTL_USER_PROCESS_PARAMETERS IncompleteWinternl__RTL_USER_PROCESS_PARAMETERS
110
111	# define NtQueryInformationThread IncompleteWinternl_NtQueryInformationThread
112	# define NtSetInformationThread IncompleteWinternl_NtSetInformationThread
113	# define THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
114	# define _THREADINFOCLASS IncompleteWinternl_THREADINFOCLASS
115	# define ThreadIsIoPending IncompleteWinternl_ThreadIsIoPending
116
117	# define NtQuerySystemInformation IncompleteWinternl_NtQuerySystemInformation
118	# define NtSetSystemInformation IncompleteWinternl_NtSetSystemInformation
119	# define SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
120	# define _SYSTEM_INFORMATION_CLASS IncompleteWinternl_SYSTEM_INFORMATION_CLASS
121	# define SystemBasicInformation IncompleteWinternl_SystemBasicInformation
122	# define SystemPerformanceInformation IncompleteWinternl_SystemPerformanceInformation
123	# define SystemTimeOfDayInformation IncompleteWinternl_SystemTimeOfDayInformation
124	# define SystemProcessInformation IncompleteWinternl_SystemProcessInformation
125	# define SystemProcessorPerformanceInformation IncompleteWinternl_SystemProcessorPerformanceInformation
126	# define SystemInterruptInformation IncompleteWinternl_SystemInterruptInformation
127	# define SystemExceptionInformation IncompleteWinternl_SystemExceptionInformation
128	# define SystemRegistryQuotaInformation IncompleteWinternl_SystemRegistryQuotaInformation
129	# define SystemLookasideInformation IncompleteWinternl_SystemLookasideInformation
130	# define SystemPolicyInformation IncompleteWinternl_SystemPolicyInformation
131
132
133	# pragma warning(push)
134	# pragma warning(disable: 4668)
135	# define WIN32_NO_STATUS
136	# include <windef.h>
137	# include <winnt.h>
138	# include <winternl.h>
139	# undef WIN32_NO_STATUS
140	# include <ntstatus.h>
141	# pragma warning(pop)
142
143	# ifndef OBJ_DONT_REPARSE
144	# define RTNT_NEED_CLIENT_ID
145	# endif
146
147	# undef _FILE_INFORMATION_CLASS
148	# undef FILE_INFORMATION_CLASS
149	# undef FileDirectoryInformation
150
151	# undef NtQueryInformationProcess
152	# undef NtSetInformationProcess
153	# undef PROCESSINFOCLASS
154	# undef _PROCESSINFOCLASS
155	# undef PROCESS_BASIC_INFORMATION
156	# undef PPROCESS_BASIC_INFORMATION
157	# undef _PROCESS_BASIC_INFORMATION
158	# undef ProcessBasicInformation
159	# undef ProcessDebugPort
160	# undef ProcessWow64Information
161	# undef ProcessImageFileName
162	# undef ProcessBreakOnTermination
163
164	# undef RTL_USER_PROCESS_PARAMETERS
165	# undef PRTL_USER_PROCESS_PARAMETERS
166	# undef _RTL_USER_PROCESS_PARAMETERS
167
168	# undef NtQueryInformationThread
169	# undef NtSetInformationThread
170	# undef THREADINFOCLASS
171	# undef _THREADINFOCLASS
172	# undef ThreadIsIoPending
173
174	# undef NtQuerySystemInformation
175	# undef NtSetSystemInformation
176	# undef SYSTEM_INFORMATION_CLASS
177	# undef _SYSTEM_INFORMATION_CLASS
178	# undef SystemBasicInformation
179	# undef SystemPerformanceInformation
180	# undef SystemTimeOfDayInformation
181	# undef SystemProcessInformation
182	# undef SystemProcessorPerformanceInformation
183	# undef SystemInterruptInformation
184	# undef SystemExceptionInformation
185	# undef SystemRegistryQuotaInformation
186	# undef SystemLookasideInformation
187	# undef SystemPolicyInformation
188
189	#else
190	/*
191	* Use ntifs.h and wdm.h.
192	*/
193	# if _MSC_VER >= 1200 /* Fix/workaround for KeInitializeSpinLock visibility issue on AMD64. */
194	# define FORCEINLINE static __forceinline
195	# else
196	# define FORCEINLINE static __inline
197	# endif
198
199	# define _FSINFOCLASS OutdatedWdm_FSINFOCLASS
200	# define FS_INFORMATION_CLASS OutdatedWdm_FS_INFORMATION_CLASS
201	# define PFS_INFORMATION_CLASS OutdatedWdm_PFS_INFORMATION_CLASS
202	# define FileFsVolumeInformation OutdatedWdm_FileFsVolumeInformation
203	# define FileFsLabelInformation OutdatedWdm_FileFsLabelInformation
204	# define FileFsSizeInformation OutdatedWdm_FileFsSizeInformation
205	# define FileFsDeviceInformation OutdatedWdm_FileFsDeviceInformation
206	# define FileFsAttributeInformation OutdatedWdm_FileFsAttributeInformation
207	# define FileFsControlInformation OutdatedWdm_FileFsControlInformation
208	# define FileFsFullSizeInformation OutdatedWdm_FileFsFullSizeInformation
209	# define FileFsObjectIdInformation OutdatedWdm_FileFsObjectIdInformation
210	# define FileFsDriverPathInformation OutdatedWdm_FileFsDriverPathInformation
211	# define FileFsVolumeFlagsInformation OutdatedWdm_FileFsVolumeFlagsInformation
212	# define FileFsSectorSizeInformation OutdatedWdm_FileFsSectorSizeInformation
213	# define FileFsDataCopyInformation OutdatedWdm_FileFsDataCopyInformation
214	# define FileFsMetadataSizeInformation OutdatedWdm_FileFsMetadataSizeInformation
215	# define FileFsFullSizeInformationEx OutdatedWdm_FileFsFullSizeInformationEx
216	# define FileFsMaximumInformation OutdatedWdm_FileFsMaximumInformation
217	# define NtQueryVolumeInformationFile OutdatedWdm_NtQueryVolumeInformationFile
218	# define NtSetVolumeInformationFile OutdatedWdm_NtSetVolumeInformationFile
219
220	# pragma warning(push)
221	# ifdef RT_ARCH_X86
222	# define _InterlockedAddLargeStatistic _InterlockedAddLargeStatistic_StupidDDKVsCompilerCrap
223	# pragma warning(disable: 4163)
224	# endif
225	# pragma warning(disable: 4668)
226	# pragma warning(disable: 4255) /* warning C4255: 'ObGetFilterVersion' : no function prototype given: converting '()' to '(void)' */
227	# if _MSC_VER >= 1800 /RT_MSC_VER_VC120/
228	# pragma warning(disable:4005) /* sdk/v7.1/include/sal_supp.h(57) : warning C4005: '__useHeader' : macro redefinition */
229	# pragma warning(disable:4471) /* wdm.h(11057) : warning C4471: '_POOL_TYPE' : a forward declaration of an unscoped enumeration must have an underlying type (int assumed) */
230	# endif
231	# if _MSC_VER >= 1900 /RT_MSC_VER_VC140/
232	# ifdef __cplusplus
233	# pragma warning(disable:5039) /* warning C5039: 'KeInitializeDpc': pointer or reference to potentially throwing function passed to 'extern "C"' function under -EHc. Undefined behavior may occur if this function throws an exception. */
234	# endif
235	# endif
236
237	# include <ntifs.h>
238	# include <wdm.h>
239
240	# ifdef RT_ARCH_X86
241	# undef _InterlockedAddLargeStatistic
242	# endif
243	# pragma warning(pop)
244
245	# undef _FSINFOCLASS
246	# undef FS_INFORMATION_CLASS
247	# undef PFS_INFORMATION_CLASS
248	# undef FileFsVolumeInformation
249	# undef FileFsLabelInformation
250	# undef FileFsSizeInformation
251	# undef FileFsDeviceInformation
252	# undef FileFsAttributeInformation
253	# undef FileFsControlInformation
254	# undef FileFsFullSizeInformation
255	# undef FileFsObjectIdInformation
256	# undef FileFsDriverPathInformation
257	# undef FileFsVolumeFlagsInformation
258	# undef FileFsSectorSizeInformation
259	# undef FileFsDataCopyInformation
260	# undef FileFsMetadataSizeInformation
261	# undef FileFsFullSizeInformationEx
262	# undef FileFsMaximumInformation
263	# undef NtQueryVolumeInformationFile
264	# undef NtSetVolumeInformationFile
265
266	# define IPRT_NT_NEED_API_GROUP_NTIFS
267	#endif
268
269	#undef RtlFreeUnicodeString
270	#undef NtQueryObject
271	#undef ZwQueryObject
272	#undef NtSetInformationObject
273	#undef _OBJECT_INFORMATION_CLASS
274	#undef OBJECT_INFORMATION_CLASS
275	#undef ObjectBasicInformation
276	#undef ObjectTypeInformation
277	#undef _PEB
278	#undef PEB
279	#undef PPEB
280	#undef _TEB
281	#undef TEB
282	#undef PTEB
283	#undef _PEB_LDR_DATA
284	#undef PEB_LDR_DATA
285	#undef PPEB_LDR_DATA
286	#undef _KUSER_SHARED_DATA
287	#undef KUSER_SHARED_DATA
288	#undef PKUSER_SHARED_DATA
289
290
291	#include <iprt/types.h>
292	#include <iprt/assert.h>
293
294
295	/** @name Useful macros
296	* @{ */
297	/** Indicates that we're targeting native NT in the current source. */
298	#define RTNT_USE_NATIVE_NT 1
299	/** Initializes a IO_STATUS_BLOCK. */
300	#define RTNT_IO_STATUS_BLOCK_INITIALIZER { STATUS_FAILED_DRIVER_ENTRY, ~(uintptr_t)42 }
301	/** Reinitializes a IO_STATUS_BLOCK. */
302	#define RTNT_IO_STATUS_BLOCK_REINIT(a_pIos) \
303	do { (a_pIos)->Status = STATUS_FAILED_DRIVER_ENTRY; (a_pIos)->Information = ~(uintptr_t)42; } while (0)
304	/** Similar to INVALID_HANDLE_VALUE in the Windows environment. */
305	#define RTNT_INVALID_HANDLE_VALUE ( (HANDLE)~(uintptr_t)0 )
306	/** Constant UNICODE_STRING initializer. */
307	#define RTNT_CONSTANT_UNISTR(a_String) { sizeof(a_String) - sizeof(WCHAR), sizeof(a_String), (WCHAR *)a_String }
308	/** Null UNICODE_STRING initializer. */
309	#define RTNT_NULL_UNISTR() { 0, 0, NULL }
310
311	/** Declaration wrapper for NT apis.
312	* Adds nothrow. Don't use with callbacks. */
313	#define RT_DECL_NTAPI(type) DECL_NOTHROW(NTSYSAPI type NTAPI)
314	/** @} */
315
316
317	/** @name IPRT helper functions for NT
318	* @{ */
319	RT_C_DECLS_BEGIN
320
321	RTDECL(int) RTNtPathOpen(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fFileAttribs, ULONG fShareAccess,
322	ULONG fCreateDisposition, ULONG fCreateOptions, ULONG fObjAttribs,
323	PHANDLE phHandle, PULONG_PTR puDisposition);
324	RTDECL(int) RTNtPathOpenDir(const char *pszPath, ACCESS_MASK fDesiredAccess, ULONG fShareAccess, ULONG fCreateOptions,
325	ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
326	RTDECL(int) RTNtPathOpenDirEx(HANDLE hRootDir, struct _UNICODE_STRING *pNtName, ACCESS_MASK fDesiredAccess,
327	ULONG fShareAccess, ULONG fCreateOptions, ULONG fObjAttribs, PHANDLE phHandle, bool *pfObjDir);
328	RTDECL(int) RTNtPathClose(HANDLE hHandle);
329
330	/**
331	* Converts a windows-style path to NT format and encoding.
332	*
333	* @returns IPRT status code.
334	* @param pNtName Where to return the NT name. Free using
335	* RTNtPathFree.
336	* @param phRootDir Where to return the root handle, if applicable.
337	* @param pszPath The UTF-8 path.
338	*/
339	RTDECL(int) RTNtPathFromWinUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath);
340
341	/**
342	* Converts a UTF-16 windows-style path to NT format.
343	*
344	* @returns IPRT status code.
345	* @param pNtName Where to return the NT name. Free using
346	* RTNtPathFree.
347	* @param phRootDir Where to return the root handle, if applicable.
348	* @param pwszPath The UTF-16 windows-style path.
349	* @param cwcPath The max length of the windows-style path in
350	* RTUTF16 units. Use RTSTR_MAX if unknown and @a
351	* pwszPath is correctly terminated.
352	*/
353	RTDECL(int) RTNtPathFromWinUtf16Ex(struct _UNICODE_STRING pNtName, HANDLE phRootDir, PCRTUTF16 pwszPath, size_t cwcPath);
354
355	/**
356	* How to handle ascent ('..' relative to a root handle).
357	*/
358	typedef enum RTNTPATHRELATIVEASCENT
359	{
360	kRTNtPathRelativeAscent_Invalid = 0,
361	kRTNtPathRelativeAscent_Allow,
362	kRTNtPathRelativeAscent_Fail,
363	kRTNtPathRelativeAscent_Ignore,
364	kRTNtPathRelativeAscent_End,
365	kRTNtPathRelativeAscent_32BitHack = 0x7fffffff
366	} RTNTPATHRELATIVEASCENT;
367
368	/**
369	* Converts a relative windows-style path to relative NT format and encoding.
370	*
371	* @returns IPRT status code.
372	* @param pNtName Where to return the NT name. Free using
373	* rtTNtPathToNative with phRootDir set to NULL.
374	* @param phRootDir On input, the handle to the directory the path
375	* is relative to. On output, the handle to
376	* specify as root directory in the object
377	* attributes when accessing the path. If
378	* enmAscent is kRTNtPathRelativeAscent_Allow, it
379	* may have been set to NULL.
380	* @param pszPath The relative UTF-8 path.
381	* @param enmAscent How to handle ascent.
382	* @param fMustReturnAbsolute Must convert to an absolute path. This
383	* is necessary if the root dir is a NT directory
384	* object (e.g. /Devices) since they cannot parse
385	* relative paths it seems.
386	*/
387	RTDECL(int) RTNtPathRelativeFromUtf8(struct _UNICODE_STRING pNtName, PHANDLE phRootDir, const char pszPath,
388	RTNTPATHRELATIVEASCENT enmAscent, bool fMustReturnAbsolute);
389
390	/**
391	* Ensures that the NT string has sufficient storage to hold @a cwcMin RTUTF16
392	* chars plus a terminator.
393	*
394	* The NT string must have been returned by RTNtPathFromWinUtf8 or
395	* RTNtPathFromWinUtf16Ex.
396	*
397	* @returns IPRT status code.
398	* @param pNtName The NT path string.
399	* @param cwcMin The minimum number of RTUTF16 chars. Max 32767.
400	* @sa RTNtPathFree
401	*/
402	RTDECL(int) RTNtPathEnsureSpace(struct _UNICODE_STRING *pNtName, size_t cwcMin);
403
404	/**
405	* Gets the NT path to the object represented by the given handle.
406	*
407	* @returns IPRT status code.
408	* @param pNtName Where to return the NT path. Free using
409	* RTNtPathFree.
410	* @param hHandle The handle.
411	* @param cwcExtra How much extra space is needed.
412	*/
413	RTDECL(int) RTNtPathFromHandle(struct _UNICODE_STRING *pNtName, HANDLE hHandle, size_t cwcExtra);
414
415	/**
416	* Frees the native path and root handle.
417	*
418	* @param pNtName The NT path after a successful rtNtPathToNative
419	* call or RTNtPathRelativeFromUtf8.
420	* @param phRootDir The root handle variable from rtNtPathToNative,
421	*/
422	RTDECL(void) RTNtPathFree(struct _UNICODE_STRING pNtName, HANDLE phRootDir);
423
424
425	/**
426	* Checks whether the path could be containing alternative 8.3 names generated
427	* by NTFS, FAT, or other similar file systems.
428	*
429	* @returns Pointer to the first component that might be an 8.3 name, NULL if
430	* not 8.3 path.
431	* @param pwszPath The path to check.
432	*
433	* @remarks This is making bad ASSUMPTION wrt to the naming scheme of 8.3 names,
434	* however, non-tilde 8.3 aliases are probably rare enough to not be
435	* worth all the extra code necessary to open each path component and
436	* check if we've got the short name or not.
437	*/
438	RTDECL(PRTUTF16) RTNtPathFindPossible8dot3Name(PCRTUTF16 pwszPath);
439
440	/**
441	* Fixes up a path possibly containing one or more alternative 8-dot-3 style
442	* components.
443	*
444	* The path is fixed up in place. Errors are ignored.
445	*
446	* @returns VINF_SUCCESS if it all went smoothly, informational status codes
447	* indicating the nature of last problem we ran into.
448	*
449	* @param pUniStr The path to fix up. MaximumLength is the max buffer
450	* length.
451	* @param fPathOnly Whether to only process the path and leave the filename
452	* as passed in.
453	*/
454	RTDECL(int) RTNtPathExpand8dot3Path(struct _UNICODE_STRING *pUniStr, bool fPathOnly);
455
456	/**
457	* Wrapper around RTNtPathExpand8dot3Path that allocates a buffer instead of
458	* working on the input buffer.
459	*
460	* @returns IPRT status code, see RTNtPathExpand8dot3Path().
461	* @param pUniStrSrc The path to fix up. MaximumLength is the max buffer
462	* length.
463	* @param fPathOnly Whether to only process the path and leave the filename
464	* as passed in.
465	* @param pUniStrDst Output string. On success, the caller must use
466	* RTUtf16Free to free what the Buffer member points to.
467	* This is all zeros and NULL on failure.
468	*/
469	RTDECL(int) RTNtPathExpand8dot3PathA(struct _UNICODE_STRING const pUniStrSrc, bool fPathOnly, struct _UNICODE_STRING pUniStrDst);
470
471
472	RT_C_DECLS_END
473	/** @} */
474
475
476	/** @name NT API delcarations.
477	* @{ */
478	RT_C_DECLS_BEGIN
479
480	/** @name Process access rights missing in ntddk headers
481	* @{ */
482	#ifndef PROCESS_TERMINATE
483	# define PROCESS_TERMINATE UINT32_C(0x00000001)
484	#endif
485	#ifndef PROCESS_CREATE_THREAD
486	# define PROCESS_CREATE_THREAD UINT32_C(0x00000002)
487	#endif
488	#ifndef PROCESS_SET_SESSIONID
489	# define PROCESS_SET_SESSIONID UINT32_C(0x00000004)
490	#endif
491	#ifndef PROCESS_VM_OPERATION
492	# define PROCESS_VM_OPERATION UINT32_C(0x00000008)
493	#endif
494	#ifndef PROCESS_VM_READ
495	# define PROCESS_VM_READ UINT32_C(0x00000010)
496	#endif
497	#ifndef PROCESS_VM_WRITE
498	# define PROCESS_VM_WRITE UINT32_C(0x00000020)
499	#endif
500	#ifndef PROCESS_DUP_HANDLE
501	# define PROCESS_DUP_HANDLE UINT32_C(0x00000040)
502	#endif
503	#ifndef PROCESS_CREATE_PROCESS
504	# define PROCESS_CREATE_PROCESS UINT32_C(0x00000080)
505	#endif
506	#ifndef PROCESS_SET_QUOTA
507	# define PROCESS_SET_QUOTA UINT32_C(0x00000100)
508	#endif
509	#ifndef PROCESS_SET_INFORMATION
510	# define PROCESS_SET_INFORMATION UINT32_C(0x00000200)
511	#endif
512	#ifndef PROCESS_QUERY_INFORMATION
513	# define PROCESS_QUERY_INFORMATION UINT32_C(0x00000400)
514	#endif
515	#ifndef PROCESS_SUSPEND_RESUME
516	# define PROCESS_SUSPEND_RESUME UINT32_C(0x00000800)
517	#endif
518	#ifndef PROCESS_QUERY_LIMITED_INFORMATION
519	# define PROCESS_QUERY_LIMITED_INFORMATION UINT32_C(0x00001000)
520	#endif
521	#ifndef PROCESS_SET_LIMITED_INFORMATION
522	# define PROCESS_SET_LIMITED_INFORMATION UINT32_C(0x00002000)
523	#endif
524	#define PROCESS_UNKNOWN_4000 UINT32_C(0x00004000)
525	#define PROCESS_UNKNOWN_6000 UINT32_C(0x00008000)
526	#ifndef PROCESS_ALL_ACCESS
527	# define PROCESS_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| SYNCHRONIZE \| UINT32_C(0x0000ffff) )
528	#endif
529	/** @} */
530
531	/** @name Thread access rights missing in ntddk headers
532	* @{ */
533	#ifndef THREAD_QUERY_INFORMATION
534	# define THREAD_QUERY_INFORMATION UINT32_C(0x00000040)
535	#endif
536	#ifndef THREAD_SET_THREAD_TOKEN
537	# define THREAD_SET_THREAD_TOKEN UINT32_C(0x00000080)
538	#endif
539	#ifndef THREAD_IMPERSONATE
540	# define THREAD_IMPERSONATE UINT32_C(0x00000100)
541	#endif
542	#ifndef THREAD_DIRECT_IMPERSONATION
543	# define THREAD_DIRECT_IMPERSONATION UINT32_C(0x00000200)
544	#endif
545	#ifndef THREAD_RESUME
546	# define THREAD_RESUME UINT32_C(0x00001000)
547	#endif
548	#define THREAD_UNKNOWN_2000 UINT32_C(0x00002000)
549	#define THREAD_UNKNOWN_4000 UINT32_C(0x00004000)
550	#define THREAD_UNKNOWN_8000 UINT32_C(0x00008000)
551	/** @} */
552
553	/** @name Special handle values.
554	* @{ */
555	#ifndef NtCurrentProcess
556	# define NtCurrentProcess() ( (HANDLE)-(intptr_t)1 )
557	#endif
558	#ifndef NtCurrentThread
559	# define NtCurrentThread() ( (HANDLE)-(intptr_t)2 )
560	#endif
561	#ifndef ZwCurrentProcess
562	# define ZwCurrentProcess() NtCurrentProcess()
563	#endif
564	#ifndef ZwCurrentThread
565	# define ZwCurrentThread() NtCurrentThread()
566	#endif
567	/** @} */
568
569
570	/** @name Directory object access rights.
571	* @{ */
572	#ifndef DIRECTORY_QUERY
573	# define DIRECTORY_QUERY UINT32_C(0x00000001)
574	#endif
575	#ifndef DIRECTORY_TRAVERSE
576	# define DIRECTORY_TRAVERSE UINT32_C(0x00000002)
577	#endif
578	#ifndef DIRECTORY_CREATE_OBJECT
579	# define DIRECTORY_CREATE_OBJECT UINT32_C(0x00000004)
580	#endif
581	#ifndef DIRECTORY_CREATE_SUBDIRECTORY
582	# define DIRECTORY_CREATE_SUBDIRECTORY UINT32_C(0x00000008)
583	#endif
584	#ifndef DIRECTORY_ALL_ACCESS
585	# define DIRECTORY_ALL_ACCESS ( STANDARD_RIGHTS_REQUIRED \| UINT32_C(0x0000000f) )
586	#endif
587	/** @} */
588
589
590
591	#ifdef RTNT_NEED_CLIENT_ID
592	typedef struct _CLIENT_ID
593	{
594	HANDLE UniqueProcess;
595	HANDLE UniqueThread;
596	} CLIENT_ID;
597	#endif
598	#ifdef IPRT_NT_USE_WINTERNL
599	typedef CLIENT_ID *PCLIENT_ID;
600	#endif
601
602	/** Extended affinity type, introduced in Windows 7 (?). */
603	typedef struct _KAFFINITY_EX
604	{
605	/** Count of valid bitmap entries. */
606	uint16_t Count;
607	/** Count of allocated bitmap entries. */
608	uint16_t Size;
609	/** Reserved / aligmment padding. */
610	uint32_t Reserved;
611	/** Bitmap where one bit corresponds to a CPU.
612	* @note Started at 20 entries. W10 20H2 increased it to 32. Must be
613	* probed by passing a big buffer to KeInitializeAffinityEx and check
614	* the Size afterwards. */
615	uintptr_t Bitmap[RT_FLEXIBLE_ARRAY_IN_NESTED_UNION];
616	} KAFFINITY_EX;
617	typedef KAFFINITY_EX *PKAFFINITY_EX;
618	typedef KAFFINITY_EX const *PCKAFFINITY_EX;
619
620	/** @name User Shared Data
621	* @{ */
622
623	#ifdef IPRT_NT_USE_WINTERNL
624	typedef struct _KSYSTEM_TIME
625	{
626	ULONG LowPart;
627	LONG High1Time;
628	LONG High2Time;
629	} KSYSTEM_TIME;
630	typedef KSYSTEM_TIME *PKSYSTEM_TIME;
631
632	typedef enum _NT_PRODUCT_TYPE
633	{
634	NtProductWinNt = 1,
635	NtProductLanManNt,
636	NtProductServer
637	} NT_PRODUCT_TYPE;
638
639	#define PROCESSOR_FEATURE_MAX 64
640
641	typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
642	{
643	StandardDesign = 0,
644	NEC98x86,
645	EndAlternatives
646	} ALTERNATIVE_ARCHITECTURE_TYPE;
647
648	# if 0
649	typedef struct _XSTATE_FEATURE
650	{
651	ULONG Offset;
652	ULONG Size;
653	} XSTATE_FEATURE;
654	typedef XSTATE_FEATURE *PXSTATE_FEATURE;
655
656	#define MAXIMUM_XSTATE_FEATURES 64
657
658	typedef struct _XSTATE_CONFIGURATION
659	{
660	ULONG64 EnabledFeatures;
661	ULONG Size;
662	ULONG OptimizedSave : 1;
663	XSTATE_FEATURE Features[MAXIMUM_XSTATE_FEATURES];
664	} XSTATE_CONFIGURATION;
665	typedef XSTATE_CONFIGURATION *PXSTATE_CONFIGURATION;
666	# endif
667	#endif /* IPRT_NT_USE_WINTERNL */
668
669	typedef struct _KUSER_SHARED_DATA
670	{
671	ULONG TickCountLowDeprecated; /*< 0x000 /
672	ULONG TickCountMultiplier; /*< 0x004 /
673	KSYSTEM_TIME volatile InterruptTime; /*< 0x008 /
674	KSYSTEM_TIME volatile SystemTime; /*< 0x014 /
675	KSYSTEM_TIME volatile TimeZoneBias; /*< 0x020 /
676	USHORT ImageNumberLow; /*< 0x02c /
677	USHORT ImageNumberHigh; /*< 0x02e /
678	WCHAR NtSystemRoot[260]; /*< 0x030 - Seems to be last member in NT 3.51. /
679	ULONG MaxStackTraceDepth; /*< 0x238 /
680	ULONG CryptoExponent; /*< 0x23c /
681	ULONG TimeZoneId; /*< 0x240 /
682	ULONG LargePageMinimum; /*< 0x244 /
683	ULONG AitSamplingValue; /*< 0x248 /
684	ULONG AppCompatFlag; /*< 0x24c /
685	ULONGLONG RNGSeedVersion; /*< 0x250 /
686	ULONG GlobalValidationRunlevel; /*< 0x258 /
687	LONG volatile TimeZoneBiasStamp; /*< 0x25c/
688	ULONG Reserved2; /*< 0x260 /
689	NT_PRODUCT_TYPE NtProductType; /*< 0x264 /
690	BOOLEAN ProductTypeIsValid; /*< 0x268 /
691	BOOLEAN Reserved0[1]; /*< 0x269 /
692	USHORT NativeProcessorArchitecture; /*< 0x26a /
693	ULONG NtMajorVersion; /*< 0x26c /
694	ULONG NtMinorVersion; /*< 0x270 /
695	BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; /*< 0x274 /
696	ULONG Reserved1; /*< 0x2b4 /
697	ULONG Reserved3; /*< 0x2b8 /
698	ULONG volatile TimeSlip; /*< 0x2bc /
699	ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; /*< 0x2c0 /
700	ULONG AltArchitecturePad[1]; /*< 0x2c4 /
701	LARGE_INTEGER SystemExpirationDate; /*< 0x2c8 /
702	ULONG SuiteMask; /*< 0x2d0 /
703	BOOLEAN KdDebuggerEnabled; /*< 0x2d4 /
704	union /*< 0x2d5 /
705	{
706	UCHAR MitigationPolicies; /*< 0x2d5 /
707	struct
708	{
709	UCHAR NXSupportPolicy : 2;
710	UCHAR SEHValidationPolicy : 2;
711	UCHAR CurDirDevicesSkippedForDlls : 2;
712	UCHAR Reserved : 2;
713	};
714	};
715	UCHAR Reserved6[2]; /*< 0x2d6 /
716	ULONG volatile ActiveConsoleId; /*< 0x2d8 /
717	ULONG volatile DismountCount; /*< 0x2dc /
718	ULONG ComPlusPackage; /*< 0x2e0 /
719	ULONG LastSystemRITEventTickCount; /*< 0x2e4 /
720	ULONG NumberOfPhysicalPages; /*< 0x2e8 /
721	BOOLEAN SafeBootMode; /*< 0x2ec /
722	UCHAR Reserved12[3]; /*< 0x2ed /
723	union /*< 0x2f0 /
724	{
725	ULONG SharedDataFlags; /*< 0x2f0 /
726	struct
727	{
728	ULONG DbgErrorPortPresent : 1;
729	ULONG DbgElevationEnabled : 1;
730	ULONG DbgVirtEnabled : 1;
731	ULONG DbgInstallerDetectEnabled : 1;
732	ULONG DbgLkgEnabled : 1;
733	ULONG DbgDynProcessorEnabled : 1;
734	ULONG DbgConsoleBrokerEnabled : 1;
735	ULONG DbgSecureBootEnabled : 1;
736	ULONG SpareBits : 24;
737	};
738	};
739	ULONG DataFlagsPad[1]; /*< 0x2f4 /
740	ULONGLONG TestRetInstruction; /*< 0x2f8 /
741	LONGLONG QpcFrequency; /*< 0x300 /
742	ULONGLONG SystemCallPad[3]; /*< 0x308 /
743	union /*< 0x320 /
744	{
745	ULONG64 volatile TickCountQuad; /*< 0x320 /
746	KSYSTEM_TIME volatile TickCount; /*< 0x320 /
747	struct /*< 0x320 /
748	{
749	ULONG ReservedTickCountOverlay[3]; /*< 0x320 /
750	ULONG TickCountPad[1]; /*< 0x32c /
751	};
752	};
753	ULONG Cookie; /*< 0x330 /
754	ULONG CookiePad[1]; /*< 0x334 /
755	LONGLONG ConsoleSessionForegroundProcessId; /*< 0x338 /
756	ULONGLONG TimeUpdateLock; /*< 0x340 /
757	ULONGLONG BaselineSystemTimeQpc; /*< 0x348 /
758	ULONGLONG BaselineInterruptTimeQpc; /*< 0x350 /
759	ULONGLONG QpcSystemTimeIncrement; /*< 0x358 /
760	ULONGLONG QpcInterruptTimeIncrement; /*< 0x360 /
761	ULONG QpcSystemTimeIncrement32; /*< 0x368 /
762	ULONG QpcInterruptTimeIncrement32; /*< 0x36c /
763	UCHAR QpcSystemTimeIncrementShift; /*< 0x370 /
764	UCHAR QpcInterruptTimeIncrementShift; /*< 0x371 /
765	UCHAR Reserved8[14]; /*< 0x372 /
766	USHORT UserModeGlobalLogger[16]; /*< 0x380 /
767	ULONG ImageFileExecutionOptions; /*< 0x3a0 /
768	ULONG LangGenerationCount; /*< 0x3a4 /
769	ULONGLONG Reserved4; /*< 0x3a8 /
770	ULONGLONG volatile InterruptTimeBias; /**< 0x3b0 - What QueryUnbiasedInterruptTimePrecise
771	* subtracts from interrupt time. */
772	ULONGLONG volatile QpcBias; /*< 0x3b8 /
773	ULONG volatile ActiveProcessorCount; /*< 0x3c0 /
774	UCHAR volatile ActiveGroupCount; /*< 0x3c4 /
775	UCHAR Reserved9; /*< 0x3c5 /
776	union /*< 0x3c6 /
777	{
778	USHORT QpcData; /*< 0x3c6 /
779	struct /*< 0x3c6 /
780	{
781	BOOLEAN volatile QpcBypassEnabled; /*< 0x3c6 /
782	UCHAR QpcShift; /*< 0x3c7 /
783	};
784	};
785	LARGE_INTEGER TimeZoneBiasEffectiveStart; /*< 0x3c8 /
786	LARGE_INTEGER TimeZoneBiasEffectiveEnd; /*< 0x3d0 /
787	XSTATE_CONFIGURATION XState; /*< 0x3d8 /
788	} KUSER_SHARED_DATA;
789	typedef KUSER_SHARED_DATA *PKUSER_SHARED_DATA;
790	AssertCompileMemberOffset(KUSER_SHARED_DATA, InterruptTime, 0x008);
791	AssertCompileMemberOffset(KUSER_SHARED_DATA, SystemTime, 0x014);
792	AssertCompileMemberOffset(KUSER_SHARED_DATA, NtSystemRoot, 0x030);
793	AssertCompileMemberOffset(KUSER_SHARED_DATA, LargePageMinimum, 0x244);
794	AssertCompileMemberOffset(KUSER_SHARED_DATA, Reserved1, 0x2b4);
795	AssertCompileMemberOffset(KUSER_SHARED_DATA, TestRetInstruction, 0x2f8);
796	AssertCompileMemberOffset(KUSER_SHARED_DATA, Cookie, 0x330);
797	AssertCompileMemberOffset(KUSER_SHARED_DATA, ImageFileExecutionOptions, 0x3a0);
798	AssertCompileMemberOffset(KUSER_SHARED_DATA, XState, 0x3d8);
799	/** @def MM_SHARED_USER_DATA_VA
800	* Read only userland mapping of KUSER_SHARED_DATA. */
801	#ifndef MM_SHARED_USER_DATA_VA
802	# if ARCH_BITS == 32
803	# define MM_SHARED_USER_DATA_VA UINT32_C(0x7ffe0000)
804	# elif ARCH_BITS == 64
805	# define MM_SHARED_USER_DATA_VA UINT64_C(0x7ffe0000)
806	# else
807	# error "Unsupported/undefined ARCH_BITS value."
808	# endif
809	#endif
810	/** @def KI_USER_SHARED_DATA
811	* Read write kernel mapping of KUSER_SHARED_DATA. */
812	#ifndef KI_USER_SHARED_DATA
813	# ifdef RT_ARCH_X86
814	# define KI_USER_SHARED_DATA UINT32_C(0xffdf0000)
815	# elif defined(RT_ARCH_AMD64)
816	# define KI_USER_SHARED_DATA UINT64_C(0xfffff78000000000)
817	# else
818	# error "PORT ME - KI_USER_SHARED_DATA"
819	# endif
820	#endif
821	/** @} */
822
823
824	/** @name Process And Thread Environment Blocks
825	* @{ */
826
827	typedef struct _PEB_LDR_DATA
828	{
829	uint32_t Length;
830	BOOLEAN Initialized;
831	BOOLEAN Padding[3];
832	HANDLE SsHandle;
833	LIST_ENTRY InLoadOrderModuleList;
834	LIST_ENTRY InMemoryOrderModuleList;
835	LIST_ENTRY InInitializationOrderModuleList;
836	/* End NT4 */
837	LIST_ENTRY *EntryInProgress;
838	BOOLEAN ShutdownInProgress;
839	HANDLE ShutdownThreadId;
840	} PEB_LDR_DATA;
841	typedef PEB_LDR_DATA *PPEB_LDR_DATA;
842
843	typedef struct _PEB_COMMON
844	{
845	BOOLEAN InheritedAddressSpace; /*< 0x000 / 0x000 /
846	BOOLEAN ReadImageFileExecOptions; /*< 0x001 / 0x001 /
847	BOOLEAN BeingDebugged; /*< 0x002 / 0x002 /
848	union
849	{
850	uint8_t BitField; /*< 0x003 / 0x003 /
851	struct
852	{
853	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
854	} Common;
855	struct
856	{
857	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
858	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
859	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W80 /
860	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W80 /
861	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W80 /
862	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W80 /
863	uint8_t IsProtectedProcessLight : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W80 /
864	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
865	} W81;
866	struct
867	{
868	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
869	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
870	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81 /
871	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81 /
872	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Differs from W81 /
873	uint8_t IsPackagedProcess : 1; /*< 0x003 / 0x003 : Pos 5, 1 Bit - Differs from W81 /
874	uint8_t IsAppContainer : 1; /*< 0x003 / 0x003 : Pos 6, 1 Bit - Differs from W81 /
875	uint8_t SpareBits : 1; /*< 0x003 / 0x003 : Pos 7, 1 Bit /
876	} W80;
877	struct
878	{
879	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
880	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
881	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W6. /
882	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W6. /
883	uint8_t SkipPatchingUser32Forwarders : 1; /*< 0x003 / 0x003 : Pos 4, 1 Bit - Added in W7; Differs from W81, same as W80. /
884	uint8_t SpareBits : 3; /*< 0x003 / 0x003 : Pos 5, 3 Bit - Differs from W81 & W80, more spare bits. /
885	} W7;
886	struct
887	{
888	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
889	uint8_t IsProtectedProcess : 1; /*< 0x003 / 0x003 : Pos 1, 1 Bit /
890	uint8_t IsLegacyProcess : 1; /*< 0x003 / 0x003 : Pos 2, 1 Bit - Differs from W81, same as W80 & W7. /
891	uint8_t IsImageDynamicallyRelocated : 1; /*< 0x003 / 0x003 : Pos 3, 1 Bit - Differs from W81, same as W80 & W7. /
892	uint8_t SpareBits : 4; /*< 0x003 / 0x003 : Pos 4, 4 Bit - Differs from W81, W80, & W7, more spare bits. /
893	} W6;
894	struct
895	{
896	uint8_t ImageUsesLargePages : 1; /*< 0x003 / 0x003 : Pos 0, 1 Bit /
897	uint8_t SpareBits : 7; /*< 0x003 / 0x003 : Pos 1, 7 Bit - Differs from W81, W80, & W7, more spare bits. /
898	} W52;
899	struct
900	{
901	BOOLEAN SpareBool;
902	} W51;
903	} Diff0;
904	#if ARCH_BITS == 64
905	uint32_t Padding0; /*< 0x004 / NA /
906	#endif
907	HANDLE Mutant; /*< 0x008 / 0x004 /
908	PVOID ImageBaseAddress; /*< 0x010 / 0x008 /
909	PPEB_LDR_DATA Ldr; /*< 0x018 / 0x00c /
910	struct _RTL_USER_PROCESS_PARAMETERS ProcessParameters; /< 0x020 / 0x010 /
911	PVOID SubSystemData; /*< 0x028 / 0x014 /
912	HANDLE ProcessHeap; /*< 0x030 / 0x018 /
913	struct _RTL_CRITICAL_SECTION FastPebLock; /< 0x038 / 0x01c /
914	union
915	{
916	struct
917	{
918	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
919	PVOID IFEOKey; /*< 0x048 / 0x024 /
920	union
921	{
922	ULONG CrossProcessFlags; /*< 0x050 / 0x028 /
923	struct
924	{
925	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
926	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
927	uint32_t ProcessUsingVEH : 1; /*< 0x050 / 0x028: Pos 2, 1 Bit /
928	uint32_t ProcessUsingVCH : 1; /*< 0x050 / 0x028: Pos 3, 1 Bit /
929	uint32_t ProcessUsingFTH : 1; /*< 0x050 / 0x028: Pos 4, 1 Bit /
930	uint32_t ReservedBits0 : 1; /*< 0x050 / 0x028: Pos 5, 27 Bits /
931	} W7, W8, W80, W81;
932	struct
933	{
934	uint32_t ProcessInJob : 1; /*< 0x050 / 0x028: Pos 0, 1 Bit /
935	uint32_t ProcessInitializing : 1; /*< 0x050 / 0x028: Pos 1, 1 Bit /
936	uint32_t ReservedBits0 : 30; /*< 0x050 / 0x028: Pos 2, 30 Bits /
937	} W6;
938	};
939	#if ARCH_BITS == 64
940	uint32_t Padding1; /*< 0x054 / /
941	#endif
942	} W6, W7, W8, W80, W81;
943	struct
944	{
945	PVOID AtlThunkSListPtr; /*< 0x040 / 0x020 /
946	PVOID SparePtr2; /*< 0x048 / 0x024 /
947	uint32_t EnvironmentUpdateCount; /*< 0x050 / 0x028 /
948	#if ARCH_BITS == 64
949	uint32_t Padding1; /*< 0x054 / /
950	#endif
951	} W52;
952	struct
953	{
954	PVOID FastPebLockRoutine; /*< NA / 0x020 /
955	PVOID FastPebUnlockRoutine; /*< NA / 0x024 /
956	uint32_t EnvironmentUpdateCount; /*< NA / 0x028 /
957	} W51;
958	} Diff1;
959	union
960	{
961	PVOID KernelCallbackTable; /*< 0x058 / 0x02c /
962	PVOID UserSharedInfoPtr; /*< 0x058 / 0x02c - Alternative use in W6./
963	};
964	uint32_t SystemReserved; /*< 0x060 / 0x030 /
965	union
966	{
967	struct
968	{
969	uint32_t AtlThunkSListPtr32; /*< 0x064 / 0x034 /
970	} W7, W8, W80, W81;
971	struct
972	{
973	uint32_t SpareUlong; /*< 0x064 / 0x034 /
974	} W52, W6;
975	struct
976	{
977	uint32_t ExecuteOptions : 2; /*< NA / 0x034: Pos 0, 2 Bits /
978	uint32_t SpareBits : 30; /*< NA / 0x034: Pos 2, 30 Bits /
979	} W51;
980	} Diff2;
981	union
982	{
983	struct
984	{
985	PVOID ApiSetMap; /*< 0x068 / 0x038 /
986	} W7, W8, W80, W81;
987	struct
988	{
989	struct _PEB_FREE_BLOCK FreeList; /< 0x068 / 0x038 /
990	} W52, W6;
991	struct
992	{
993	struct _PEB_FREE_BLOCK FreeList; /< NA / 0x038 /
994	} W51;
995	} Diff3;
996	uint32_t TlsExpansionCounter; /*< 0x070 / 0x03c /
997	#if ARCH_BITS == 64
998	uint32_t Padding2; /*< 0x074 / NA /
999	#endif
1000	struct _RTL_BITMAP TlsBitmap; /< 0x078 / 0x040 /
1001	uint32_t TlsBitmapBits[2]; /*< 0x080 / 0x044 /
1002	PVOID ReadOnlySharedMemoryBase; /*< 0x088 / 0x04c /
1003	union
1004	{
1005	struct
1006	{
1007	PVOID SparePvoid0; /*< 0x090 / 0x050 - HotpatchInformation before W81. /
1008	} W81;
1009	struct
1010	{
1011	PVOID HotpatchInformation; /*< 0x090 / 0x050 - Retired in W81. /
1012	} W6, W7, W80;
1013	struct
1014	{
1015	PVOID ReadOnlySharedMemoryHeap;
1016	} W52;
1017	} Diff4;
1018	PVOID ReadOnlyStaticServerData; /< 0x098 / 0x054 /
1019	PVOID AnsiCodePageData; /*< 0x0a0 / 0x058 /
1020	PVOID OemCodePageData; /*< 0x0a8 / 0x05c /
1021	PVOID UnicodeCaseTableData; /*< 0x0b0 / 0x060 /
1022	uint32_t NumberOfProcessors; /*< 0x0b8 / 0x064 /
1023	uint32_t NtGlobalFlag; /*< 0x0bc / 0x068 /
1024	#if ARCH_BITS == 32
1025	uint32_t Padding2b;
1026	#endif
1027	LARGE_INTEGER CriticalSectionTimeout; /*< 0x0c0 / 0x070 /
1028	SIZE_T HeapSegmentReserve; /*< 0x0c8 / 0x078 /
1029	SIZE_T HeapSegmentCommit; /*< 0x0d0 / 0x07c /
1030	SIZE_T HeapDeCommitTotalFreeThreshold; /*< 0x0d8 / 0x080 /
1031	SIZE_T HeapDeCommitFreeBlockThreshold; /*< 0x0e0 / 0x084 /
1032	uint32_t NumberOfHeaps; /*< 0x0e8 / 0x088 /
1033	uint32_t MaximumNumberOfHeaps; /*< 0x0ec / 0x08c /
1034	PVOID ProcessHeaps; /< 0x0f0 / 0x090 - Last NT 3.51 member. /
1035	PVOID GdiSharedHandleTable; /*< 0x0f8 / 0x094 /
1036	PVOID ProcessStarterHelper; /*< 0x100 / 0x098 /
1037	uint32_t GdiDCAttributeList; /*< 0x108 / 0x09c /
1038	#if ARCH_BITS == 64
1039	uint32_t Padding3; /*< 0x10c / NA /
1040	#endif
1041	struct _RTL_CRITICAL_SECTION LoaderLock; /< 0x110 / 0x0a0 /
1042	uint32_t OSMajorVersion; /*< 0x118 / 0x0a4 /
1043	uint32_t OSMinorVersion; /*< 0x11c / 0x0a8 /
1044	uint16_t OSBuildNumber; /*< 0x120 / 0x0ac /
1045	uint16_t OSCSDVersion; /*< 0x122 / 0x0ae /
1046	uint32_t OSPlatformId; /*< 0x124 / 0x0b0 /
1047	uint32_t ImageSubsystem; /*< 0x128 / 0x0b4 /
1048	uint32_t ImageSubsystemMajorVersion; /*< 0x12c / 0x0b8 /
1049	uint32_t ImageSubsystemMinorVersion; /*< 0x130 / 0x0bc /
1050	#if ARCH_BITS == 64
1051	uint32_t Padding4; /*< 0x134 / NA /
1052	#endif
1053	union
1054	{
1055	struct
1056	{
1057	SIZE_T ActiveProcessAffinityMask; /*< 0x138 / 0x0c0 /
1058	} W7, W8, W80, W81;
1059	struct
1060	{
1061	SIZE_T ImageProcessAffinityMask; /*< 0x138 / 0x0c0 /
1062	} W52, W6;
1063	} Diff5;
1064	uint32_t GdiHandleBuffer[ARCH_BITS == 64 ? 60 : 34]; /*< 0x140 / 0x0c4 /
1065	PVOID PostProcessInitRoutine; /*< 0x230 / 0x14c /
1066	PVOID TlsExpansionBitmap; /*< 0x238 / 0x150 /
1067	uint32_t TlsExpansionBitmapBits[32]; /*< 0x240 / 0x154 /
1068	uint32_t SessionId; /*< 0x2c0 / 0x1d4 /
1069	#if ARCH_BITS == 64
1070	uint32_t Padding5; /*< 0x2c4 / NA /
1071	#endif
1072	ULARGE_INTEGER AppCompatFlags; /*< 0x2c8 / 0x1d8 /
1073	ULARGE_INTEGER AppCompatFlagsUser; /*< 0x2d0 / 0x1e0 /
1074	PVOID pShimData; /*< 0x2d8 / 0x1e8 /
1075	PVOID AppCompatInfo; /*< 0x2e0 / 0x1ec /
1076	UNICODE_STRING CSDVersion; /*< 0x2e8 / 0x1f0 /
1077	struct _ACTIVATION_CONTEXT_DATA ActivationContextData; /< 0x2f8 / 0x1f8 /
1078	struct _ASSEMBLY_STORAGE_MAP ProcessAssemblyStorageMap; /< 0x300 / 0x1fc /
1079	struct _ACTIVATION_CONTEXT_DATA SystemDefaultActivationContextData; /< 0x308 / 0x200 /
1080	struct _ASSEMBLY_STORAGE_MAP SystemAssemblyStorageMap; /< 0x310 / 0x204 /
1081	SIZE_T MinimumStackCommit; /*< 0x318 / 0x208 /
1082	/* End of PEB in W52 (Windows XP (RTM))! */
1083	struct _FLS_CALLBACK_INFO FlsCallback; /< 0x320 / 0x20c /
1084	LIST_ENTRY FlsListHead; /*< 0x328 / 0x210 /
1085	PVOID FlsBitmap; /*< 0x338 / 0x218 /
1086	uint32_t FlsBitmapBits[4]; /*< 0x340 / 0x21c /
1087	uint32_t FlsHighIndex; /*< 0x350 / 0x22c /
1088	/* End of PEB in W52 (Windows Server 2003)! */
1089	PVOID WerRegistrationData; /*< 0x358 / 0x230 /
1090	PVOID WerShipAssertPtr; /*< 0x360 / 0x234 /
1091	/* End of PEB in W6 (windows Vista)! */
1092	union
1093	{
1094	struct
1095	{
1096	PVOID pUnused; /*< 0x368 / 0x238 - Was pContextData in W7. /
1097	} W8, W80, W81;
1098	struct
1099	{
1100	PVOID pContextData; /*< 0x368 / 0x238 - Retired in W80. /
1101	} W7;
1102	} Diff6;
1103	PVOID pImageHeaderHash; /*< 0x370 / 0x23c /
1104	union
1105	{
1106	uint32_t TracingFlags; /*< 0x378 / 0x240 /
1107	struct
1108	{
1109	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1110	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1111	uint32_t LibLoaderTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 2, 1 Bit /
1112	uint32_t SpareTracingBits : 29; /*< 0x378 / 0x240 : Pos 3, 29 Bits /
1113	} W8, W80, W81;
1114	struct
1115	{
1116	uint32_t HeapTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 0, 1 Bit /
1117	uint32_t CritSecTracingEnabled : 1; /*< 0x378 / 0x240 : Pos 1, 1 Bit /
1118	uint32_t SpareTracingBits : 30; /*< 0x378 / 0x240 : Pos 3, 30 Bits - One bit more than W80 /
1119	} W7;
1120	} Diff7;
1121	#if ARCH_BITS == 64
1122	uint32_t Padding6; /*< 0x37c / NA /
1123	#endif
1124	uint64_t CsrServerReadOnlySharedMemoryBase; /*< 0x380 / 0x248 /
1125	/* End of PEB in W8, W81. */
1126	uintptr_t TppWorkerpListLock; /*< 0x388 / 0x250 /
1127	LIST_ENTRY TppWorkerpList; /*< 0x390 / 0x254 /
1128	PVOID WaitOnAddressHashTable[128]; /*< 0x3a0 / 0x25c /
1129	#if ARCH_BITS == 32
1130	uint32_t ExplicitPadding7; /*< NA NA / 0x45c /
1131	#endif
1132	} PEB_COMMON;
1133	typedef PEB_COMMON *PPEB_COMMON;
1134
1135	AssertCompileMemberOffset(PEB_COMMON, ProcessHeap, ARCH_BITS == 64 ? 0x30 : 0x18);
1136	AssertCompileMemberOffset(PEB_COMMON, SystemReserved, ARCH_BITS == 64 ? 0x60 : 0x30);
1137	AssertCompileMemberOffset(PEB_COMMON, TlsExpansionCounter, ARCH_BITS == 64 ? 0x70 : 0x3c);
1138	AssertCompileMemberOffset(PEB_COMMON, NtGlobalFlag, ARCH_BITS == 64 ? 0xbc : 0x68);
1139	AssertCompileMemberOffset(PEB_COMMON, LoaderLock, ARCH_BITS == 64 ? 0x110 : 0xa0);
1140	AssertCompileMemberOffset(PEB_COMMON, Diff5.W52.ImageProcessAffinityMask, ARCH_BITS == 64 ? 0x138 : 0xc0);
1141	AssertCompileMemberOffset(PEB_COMMON, PostProcessInitRoutine, ARCH_BITS == 64 ? 0x230 : 0x14c);
1142	AssertCompileMemberOffset(PEB_COMMON, AppCompatFlags, ARCH_BITS == 64 ? 0x2c8 : 0x1d8);
1143	AssertCompileSize(PEB_COMMON, ARCH_BITS == 64 ? 0x7a0 : 0x460);
1144
1145	/** The size of the windows 10 (build 14393) PEB structure. */
1146	#define PEB_SIZE_W10 sizeof(PEB_COMMON)
1147	/** The size of the windows 8.1 PEB structure. */
1148	#define PEB_SIZE_W81 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1149	/** The size of the windows 8.0 PEB structure. */
1150	#define PEB_SIZE_W80 RT_UOFFSETOF(PEB_COMMON, TppWorkerpListLock)
1151	/** The size of the windows 7 PEB structure. */
1152	#define PEB_SIZE_W7 RT_UOFFSETOF(PEB_COMMON, CsrServerReadOnlySharedMemoryBase)
1153	/** The size of the windows vista PEB structure. */
1154	#define PEB_SIZE_W6 RT_UOFFSETOF(PEB_COMMON, Diff3)
1155	/** The size of the windows server 2003 PEB structure. */
1156	#define PEB_SIZE_W52 RT_UOFFSETOF(PEB_COMMON, WerRegistrationData)
1157	/** The size of the windows XP PEB structure. */
1158	#define PEB_SIZE_W51 RT_UOFFSETOF(PEB_COMMON, FlsCallback)
1159
1160	#if 0
1161	typedef struct _NT_TIB
1162	{
1163	struct _EXCEPTION_REGISTRATION_RECORD *ExceptionList;
1164	PVOID StackBase;
1165	PVOID StackLimit;
1166	PVOID SubSystemTib;
1167	union
1168	{
1169	PVOID FiberData;
1170	ULONG Version;
1171	};
1172	PVOID ArbitraryUserPointer;
1173	struct _NT_TIB *Self;
1174	} NT_TIB;
1175	typedef NT_TIB *PNT_TIB;
1176	#endif
1177
1178	typedef struct _ACTIVATION_CONTEXT_STACK
1179	{
1180	uint32_t Flags;
1181	uint32_t NextCookieSequenceNumber;
1182	PVOID ActiveFrame;
1183	LIST_ENTRY FrameListCache;
1184	} ACTIVATION_CONTEXT_STACK;
1185
1186	/* Common TEB. */
1187	typedef struct _TEB_COMMON
1188	{
1189	NT_TIB NtTib; /*< 0x000 / 0x000 /
1190	PVOID EnvironmentPointer; /*< 0x038 / 0x01c /
1191	CLIENT_ID ClientId; /*< 0x040 / 0x020 /
1192	PVOID ActiveRpcHandle; /*< 0x050 / 0x028 /
1193	PVOID ThreadLocalStoragePointer; /*< 0x058 / 0x02c /
1194	PPEB_COMMON ProcessEnvironmentBlock; /*< 0x060 / 0x030 /
1195	uint32_t LastErrorValue; /*< 0x068 / 0x034 /
1196	uint32_t CountOfOwnedCriticalSections; /*< 0x06c / 0x038 /
1197	PVOID CsrClientThread; /*< 0x070 / 0x03c /
1198	PVOID Win32ThreadInfo; /*< 0x078 / 0x040 /
1199	uint32_t User32Reserved[26]; /*< 0x080 / 0x044 /
1200	uint32_t UserReserved[5]; /*< 0x0e8 / 0x0ac /
1201	PVOID WOW32Reserved; /*< 0x100 / 0x0c0 /
1202	uint32_t CurrentLocale; /*< 0x108 / 0x0c4 /
1203	uint32_t FpSoftwareStatusRegister; /*< 0x10c / 0x0c8 /
1204	PVOID SystemReserved1[54]; /*< 0x110 / 0x0cc /
1205	uint32_t ExceptionCode; /*< 0x2c0 / 0x1a4 /
1206	#if ARCH_BITS == 64
1207	uint32_t Padding0; /*< 0x2c4 / NA /
1208	#endif
1209	union
1210	{
1211	struct
1212	{
1213	struct _ACTIVATION_CONTEXT_STACK ActivationContextStackPointer;/< 0x2c8 / 0x1a8 /
1214	uint8_t SpareBytes[ARCH_BITS == 64 ? 24 : 36]; /*< 0x2d0 / 0x1ac /
1215	} W52, W6, W7, W8, W80, W81;
1216	#if ARCH_BITS == 32
1217	struct
1218	{
1219	ACTIVATION_CONTEXT_STACK ActivationContextStack; /*< NA / 0x1a8 /
1220	uint8_t SpareBytes[20]; /*< NA / 0x1bc /
1221	} W51;
1222	#endif
1223	} Diff0;
1224	union
1225	{
1226	struct
1227	{
1228	uint32_t TxFsContext; /*< 0x2e8 / 0x1d0 /
1229	} W6, W7, W8, W80, W81;
1230	struct
1231	{
1232	uint32_t SpareBytesContinues; /*< 0x2e8 / 0x1d0 /
1233	} W52;
1234	} Diff1;
1235	#if ARCH_BITS == 64
1236	uint32_t Padding1; /*< 0x2ec / NA /
1237	#endif
1238	/_GDI_TEB_BATCH/ uint8_t GdiTebBatch[ARCH_BITS == 64 ? 0x4e8 :0x4e0]; /*< 0x2f0 / 0x1d4 /
1239	CLIENT_ID RealClientId; /*< 0x7d8 / 0x6b4 /
1240	HANDLE GdiCachedProcessHandle; /*< 0x7e8 / 0x6bc /
1241	uint32_t GdiClientPID; /*< 0x7f0 / 0x6c0 /
1242	uint32_t GdiClientTID; /*< 0x7f4 / 0x6c4 /
1243	PVOID GdiThreadLocalInfo; /*< 0x7f8 / 0x6c8 /
1244	SIZE_T Win32ClientInfo[62]; /*< 0x800 / 0x6cc /
1245	PVOID glDispatchTable[233]; /*< 0x9f0 / 0x7c4 /
1246	SIZE_T glReserved1[29]; /*< 0x1138 / 0xb68 /
1247	PVOID glReserved2; /*< 0x1220 / 0xbdc /
1248	PVOID glSectionInfo; /*< 0x1228 / 0xbe0 /
1249	PVOID glSection; /*< 0x1230 / 0xbe4 /
1250	PVOID glTable; /*< 0x1238 / 0xbe8 /
1251	PVOID glCurrentRC; /*< 0x1240 / 0xbec /
1252	PVOID glContext; /*< 0x1248 / 0xbf0 /
1253	NTSTATUS LastStatusValue; /*< 0x1250 / 0xbf4 /
1254	#if ARCH_BITS == 64
1255	uint32_t Padding2; /*< 0x1254 / NA /
1256	#endif
1257	UNICODE_STRING StaticUnicodeString; /*< 0x1258 / 0xbf8 /
1258	WCHAR StaticUnicodeBuffer[261]; /*< 0x1268 / 0xc00 /
1259	#if ARCH_BITS == 64
1260	WCHAR Padding3[3]; /*< 0x1472 / NA /
1261	#endif
1262	PVOID DeallocationStack; /*< 0x1478 / 0xe0c /
1263	PVOID TlsSlots[64]; /*< 0x1480 / 0xe10 /
1264	LIST_ENTRY TlsLinks; /*< 0x1680 / 0xf10 /
1265	PVOID Vdm; /*< 0x1690 / 0xf18 /
1266	PVOID ReservedForNtRpc; /*< 0x1698 / 0xf1c /
1267	PVOID DbgSsReserved[2]; /*< 0x16a0 / 0xf20 /
1268	uint32_t HardErrorMode; /*< 0x16b0 / 0xf28 - Called HardErrorsAreDisabled in W51. /
1269	#if ARCH_BITS == 64
1270	uint32_t Padding4; /*< 0x16b4 / NA /
1271	#endif
1272	PVOID Instrumentation[ARCH_BITS == 64 ? 11 : 9]; /*< 0x16b8 / 0xf2c /
1273	union
1274	{
1275	struct
1276	{
1277	GUID ActivityId; /*< 0x1710 / 0xf50 /
1278	PVOID SubProcessTag; /*< 0x1720 / 0xf60 /
1279	} W6, W7, W8, W80, W81;
1280	struct
1281	{
1282	PVOID InstrumentationContinues[ARCH_BITS == 64 ? 3 : 5]; /*< 0x1710 / 0xf50 /
1283	} W52;
1284	} Diff2;
1285	union /*< 0x1728 / 0xf64 /
1286	{
1287	struct
1288	{
1289	PVOID PerflibData; /*< 0x1728 / 0xf64 /
1290	} W8, W80, W81;
1291	struct
1292	{
1293	PVOID EtwLocalData; /*< 0x1728 / 0xf64 /
1294	} W7, W6;
1295	struct
1296	{
1297	PVOID SubProcessTag; /*< 0x1728 / 0xf64 /
1298	} W52;
1299	struct
1300	{
1301	PVOID InstrumentationContinues[1]; /*< 0x1728 / 0xf64 /
1302	} W51;
1303	} Diff3;
1304	union
1305	{
1306	struct
1307	{
1308	PVOID EtwTraceData; /*< 0x1730 / 0xf68 /
1309	} W52, W6, W7, W8, W80, W81;
1310	struct
1311	{
1312	PVOID InstrumentationContinues[1]; /*< 0x1730 / 0xf68 /
1313	} W51;
1314	} Diff4;
1315	PVOID WinSockData; /*< 0x1738 / 0xf6c /
1316	uint32_t GdiBatchCount; /*< 0x1740 / 0xf70 /
1317	union
1318	{
1319	union
1320	{
1321	PROCESSOR_NUMBER CurrentIdealProcessor; /*< 0x1744 / 0xf74 - W7+ /
1322	uint32_t IdealProcessorValue; /*< 0x1744 / 0xf74 - W7+ /
1323	struct
1324	{
1325	uint8_t ReservedPad1; /*< 0x1744 / 0xf74 - Called SpareBool0 in W6 /
1326	uint8_t ReservedPad2; /*< 0x1745 / 0xf75 - Called SpareBool0 in W6 /
1327	uint8_t ReservedPad3; /*< 0x1746 / 0xf76 - Called SpareBool0 in W6 /
1328	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1329	};
1330	} W6, W7, W8, W80, W81;
1331	struct
1332	{
1333	BOOLEAN InDbgPrint; /*< 0x1744 / 0xf74 /
1334	BOOLEAN FreeStackOnTermination; /*< 0x1745 / 0xf75 /
1335	BOOLEAN HasFiberData; /*< 0x1746 / 0xf76 /
1336	uint8_t IdealProcessor; /*< 0x1747 / 0xf77 /
1337	} W51, W52;
1338	} Diff5;
1339	uint32_t GuaranteedStackBytes; /*< 0x1748 / 0xf78 /
1340	#if ARCH_BITS == 64
1341	uint32_t Padding5; /*< 0x174c / NA /
1342	#endif
1343	PVOID ReservedForPerf; /*< 0x1750 / 0xf7c /
1344	PVOID ReservedForOle; /*< 0x1758 / 0xf80 /
1345	uint32_t WaitingOnLoaderLock; /*< 0x1760 / 0xf84 /
1346	#if ARCH_BITS == 64
1347	uint32_t Padding6; /*< 0x1764 / NA /
1348	#endif
1349	union /*< 0x1770 / 0xf8c /
1350	{
1351	struct
1352	{
1353	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1354	SIZE_T ReservedForCodeCoverage; /*< 0x1770 / 0xf8c /
1355	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1356	} W8, W80, W81;
1357	struct
1358	{
1359	PVOID SavedPriorityState; /*< 0x1768 / 0xf88 /
1360	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1361	PVOID ThreadPoolData; /*< 0x1778 / 0xf90 /
1362	} W6, W7;
1363	struct
1364	{
1365	PVOID SparePointer1; /*< 0x1768 / 0xf88 /
1366	SIZE_T SoftPatchPtr1; /*< 0x1770 / 0xf8c /
1367	PVOID SoftPatchPtr2; /*< 0x1778 / 0xf90 /
1368	} W52;
1369	#if ARCH_BITS == 32
1370	struct _Wx86ThreadState
1371	{
1372	PVOID CallBx86Eip; /*< NA / 0xf88 /
1373	PVOID DeallocationCpu; /*< NA / 0xf8c /
1374	BOOLEAN UseKnownWx86Dll; /*< NA / 0xf90 /
1375	int8_t OleStubInvoked; /*< NA / 0xf91 /
1376	} W51;
1377	#endif
1378	} Diff6;
1379	PVOID TlsExpansionSlots; /*< 0x1780 / 0xf94 /
1380	#if ARCH_BITS == 64
1381	PVOID DallocationBStore; /*< 0x1788 / NA /
1382	PVOID BStoreLimit; /*< 0x1790 / NA /
1383	#endif
1384	union
1385	{
1386	struct
1387	{
1388	uint32_t MuiGeneration; /*< 0x1798 / 0xf98 /
1389	} W7, W8, W80, W81;
1390	struct
1391	{
1392	uint32_t ImpersonationLocale;
1393	} W6;
1394	} Diff7;
1395	uint32_t IsImpersonating; /*< 0x179c / 0xf9c /
1396	PVOID NlsCache; /*< 0x17a0 / 0xfa0 /
1397	PVOID pShimData; /*< 0x17a8 / 0xfa4 /
1398	union /*< 0x17b0 / 0xfa8 /
1399	{
1400	struct
1401	{
1402	uint16_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1403	uint16_t LowFragHeapDataSlot; /*< 0x17b2 / 0xfaa /
1404	} W8, W80, W81;
1405	struct
1406	{
1407	uint32_t HeapVirtualAffinity; /*< 0x17b0 / 0xfa8 /
1408	} W7;
1409	} Diff8;
1410	#if ARCH_BITS == 64
1411	uint32_t Padding7; /*< 0x17b4 / NA /
1412	#endif
1413	HANDLE CurrentTransactionHandle; /*< 0x17b8 / 0xfac /
1414	struct _TEB_ACTIVE_FRAME ActiveFrame; /< 0x17c0 / 0xfb0 /
1415	/* End of TEB in W51 (Windows XP)! */
1416	PVOID FlsData; /*< 0x17c8 / 0xfb4 /
1417	union
1418	{
1419	struct
1420	{
1421	PVOID PreferredLanguages; /*< 0x17d0 / 0xfb8 /
1422	} W6, W7, W8, W80, W81;
1423	struct
1424	{
1425	BOOLEAN SafeThunkCall; /*< 0x17d0 / 0xfb8 /
1426	uint8_t BooleanSpare[3]; /*< 0x17d1 / 0xfb9 /
1427	/* End of TEB in W52 (Windows server 2003)! */
1428	} W52;
1429	} Diff9;
1430	PVOID UserPrefLanguages; /*< 0x17d8 / 0xfbc /
1431	PVOID MergedPrefLanguages; /*< 0x17e0 / 0xfc0 /
1432	uint32_t MuiImpersonation; /*< 0x17e8 / 0xfc4 /
1433	union
1434	{
1435	uint16_t CrossTebFlags; /*< 0x17ec / 0xfc8 /
1436	struct
1437	{
1438	uint16_t SpareCrossTebBits : 16; /*< 0x17ec / 0xfc8 : Pos 0, 16 Bits /
1439	};
1440	};
1441	union
1442	{
1443	uint16_t SameTebFlags; /*< 0x17ee / 0xfca /
1444	struct
1445	{
1446	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1447	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1448	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1449	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1450	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1451	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1452	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1453	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1454	} Common;
1455	struct
1456	{
1457	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1458	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1459	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1460	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1461	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1462	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1463	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1464	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1465	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1466	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1467	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1468	uint16_t SessionAware : 1; /*< 0x17ee / 0xfca : Pos 11, 1 Bit - New Since W7. /
1469	uint16_t SpareSameTebBits : 4; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1470	} W8, W80, W81;
1471	struct
1472	{
1473	uint16_t SafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1474	uint16_t InDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1475	uint16_t HasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1476	uint16_t SkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1477	uint16_t WerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1478	uint16_t RanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1479	uint16_t ClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1480	uint16_t SuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1481	uint16_t DisableUserStackWalk : 1; /*< 0x17ee / 0xfca : Pos 8, 1 Bit /
1482	uint16_t RtlExceptionAttached : 1; /*< 0x17ee / 0xfca : Pos 9, 1 Bit /
1483	uint16_t InitialThread : 1; /*< 0x17ee / 0xfca : Pos 10, 1 Bit /
1484	uint16_t SpareSameTebBits : 5; /*< 0x17ee / 0xfca : Pos 12, 4 Bits /
1485	} W7;
1486	struct
1487	{
1488	uint16_t DbgSafeThunkCall : 1; /*< 0x17ee / 0xfca : Pos 0, 1 Bit /
1489	uint16_t DbgInDebugPrint : 1; /*< 0x17ee / 0xfca : Pos 1, 1 Bit /
1490	uint16_t DbgHasFiberData : 1; /*< 0x17ee / 0xfca : Pos 2, 1 Bit /
1491	uint16_t DbgSkipThreadAttach : 1; /*< 0x17ee / 0xfca : Pos 3, 1 Bit /
1492	uint16_t DbgWerInShipAssertCode : 1; /*< 0x17ee / 0xfca : Pos 4, 1 Bit /
1493	uint16_t DbgRanProcessInit : 1; /*< 0x17ee / 0xfca : Pos 5, 1 Bit /
1494	uint16_t DbgClonedThread : 1; /*< 0x17ee / 0xfca : Pos 6, 1 Bit /
1495	uint16_t DbgSuppressDebugMsg : 1; /*< 0x17ee / 0xfca : Pos 7, 1 Bit /
1496	uint16_t SpareSameTebBits : 8; /*< 0x17ee / 0xfca : Pos 8, 8 Bits /
1497	} W6;
1498	} Diff10;
1499	PVOID TxnScopeEnterCallback; /*< 0x17f0 / 0xfcc /
1500	PVOID TxnScopeExitCallback; /*< 0x17f8 / 0xfd0 /
1501	PVOID TxnScopeContext; /*< 0x1800 / 0xfd4 /
1502	uint32_t LockCount; /*< 0x1808 / 0xfd8 /
1503	union
1504	{
1505	struct
1506	{
1507	uint32_t SpareUlong0; /*< 0x180c / 0xfdc /
1508	} W7, W8, W80, W81;
1509	struct
1510	{
1511	uint32_t ProcessRundown;
1512	} W6;
1513	} Diff11;
1514	union
1515	{
1516	struct
1517	{
1518	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1519	/* End of TEB in W7 (windows 7)! */
1520	PVOID ReservedForWdf; /*< 0x1818 / 0xfe4 - New Since W7. /
1521	/* End of TEB in W8 (windows 8.0 & 8.1)! */
1522	PVOID ReservedForCrt; /*< 0x1820 / 0xfe8 - New Since W10. /
1523	RTUUID EffectiveContainerId; /*< 0x1828 / 0xfec - New Since W10. /
1524	/* End of TEB in W10 14393! */
1525	} W8, W80, W81, W10;
1526	struct
1527	{
1528	PVOID ResourceRetValue; /*< 0x1810 / 0xfe0 /
1529	} W7;
1530	struct
1531	{
1532	uint64_t LastSwitchTime; /*< 0x1810 / 0xfe0 /
1533	uint64_t TotalSwitchOutTime; /*< 0x1818 / 0xfe8 /
1534	LARGE_INTEGER WaitReasonBitMap; /*< 0x1820 / 0xff0 /
1535	/* End of TEB in W6 (windows Vista)! */
1536	} W6;
1537	} Diff12;
1538	} TEB_COMMON;
1539	typedef TEB_COMMON *PTEB_COMMON;
1540	AssertCompileMemberOffset(TEB_COMMON, ExceptionCode, ARCH_BITS == 64 ? 0x2c0 : 0x1a4);
1541	AssertCompileMemberOffset(TEB_COMMON, LastStatusValue, ARCH_BITS == 64 ? 0x1250 : 0xbf4);
1542	AssertCompileMemberOffset(TEB_COMMON, DeallocationStack, ARCH_BITS == 64 ? 0x1478 : 0xe0c);
1543	AssertCompileMemberOffset(TEB_COMMON, ReservedForNtRpc, ARCH_BITS == 64 ? 0x1698 : 0xf1c);
1544	AssertCompileMemberOffset(TEB_COMMON, Instrumentation, ARCH_BITS == 64 ? 0x16b8 : 0xf2c);
1545	AssertCompileMemberOffset(TEB_COMMON, Diff2, ARCH_BITS == 64 ? 0x1710 : 0xf50);
1546	AssertCompileMemberOffset(TEB_COMMON, Diff3, ARCH_BITS == 64 ? 0x1728 : 0xf64);
1547	AssertCompileMemberOffset(TEB_COMMON, Diff4, ARCH_BITS == 64 ? 0x1730 : 0xf68);
1548	AssertCompileMemberOffset(TEB_COMMON, WinSockData, ARCH_BITS == 64 ? 0x1738 : 0xf6c);
1549	AssertCompileMemberOffset(TEB_COMMON, GuaranteedStackBytes, ARCH_BITS == 64 ? 0x1748 : 0xf78);
1550	AssertCompileMemberOffset(TEB_COMMON, MuiImpersonation, ARCH_BITS == 64 ? 0x17e8 : 0xfc4);
1551	AssertCompileMemberOffset(TEB_COMMON, LockCount, ARCH_BITS == 64 ? 0x1808 : 0xfd8);
1552	AssertCompileSize(TEB_COMMON, ARCH_BITS == 64 ? 0x1838 : 0x1000);
1553
1554
1555	/** The size of the windows 8.1 PEB structure. */
1556	#define TEB_SIZE_W10 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W10.EffectiveContainerId) + sizeof(RTUUID) )
1557	/** The size of the windows 8.1 PEB structure. */
1558	#define TEB_SIZE_W81 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1559	/** The size of the windows 8.0 PEB structure. */
1560	#define TEB_SIZE_W80 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf) + sizeof(PVOID) )
1561	/** The size of the windows 7 PEB structure. */
1562	#define TEB_SIZE_W7 RT_UOFFSETOF(TEB_COMMON, Diff12.W8.ReservedForWdf)
1563	/** The size of the windows vista PEB structure. */
1564	#define TEB_SIZE_W6 ( RT_UOFFSETOF(TEB_COMMON, Diff12.W6.WaitReasonBitMap) + sizeof(LARGE_INTEGER) )
1565	/** The size of the windows server 2003 PEB structure. */
1566	#define TEB_SIZE_W52 RT_ALIGN_Z(RT_UOFFSETOF(TEB_COMMON, Diff9.W52.BooleanSpare), sizeof(PVOID))
1567	/** The size of the windows XP PEB structure. */
1568	#define TEB_SIZE_W51 RT_UOFFSETOF(TEB_COMMON, FlsData)
1569
1570
1571
1572	#define _PEB _PEB_COMMON
1573	typedef PEB_COMMON PEB;
1574	typedef PPEB_COMMON PPEB;
1575
1576	#define _TEB _TEB_COMMON
1577	typedef TEB_COMMON TEB;
1578	typedef PTEB_COMMON PTEB;
1579
1580	#if !defined(NtCurrentTeb) && !defined(IPRT_NT_HAVE_CURRENT_TEB_MACRO)
1581	# ifdef RT_ARCH_X86
1582	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1583	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readfsdword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1584	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1585	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readfsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1586	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readfsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1587	# elif defined(RT_ARCH_AMD64)
1588	DECL_FORCE_INLINE(PTEB) RTNtCurrentTeb(void) { return (PTEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, NtTib.Self)); }
1589	DECL_FORCE_INLINE(PPEB) RTNtCurrentPeb(void) { return (PPEB)__readgsqword(RT_UOFFSETOF(TEB_COMMON, ProcessEnvironmentBlock)); }
1590	DECL_FORCE_INLINE(uint32_t) RTNtCurrentThreadId(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, ClientId.UniqueThread)); }
1591	DECL_FORCE_INLINE(NTSTATUS) RTNtLastStatusValue(void) { return (NTSTATUS)__readgsdword(RT_UOFFSETOF(TEB_COMMON, LastStatusValue)); }
1592	DECL_FORCE_INLINE(uint32_t) RTNtLastErrorValue(void) { return __readgsdword(RT_UOFFSETOF(TEB_COMMON, LastErrorValue)); }
1593	# else
1594	# error "Port me"
1595	# endif
1596	#else
1597	# define RTNtCurrentTeb() ((PTEB)NtCurrentTeb())
1598	# define RTNtCurrentPeb() (RTNtCurrentTeb()->ProcessEnvironmentBlock)
1599	# define RTNtCurrentThreadId() ((uint32_t)(uintptr_t)RTNtCurrentTeb()->ClientId.UniqueThread)
1600	# define RTNtLastStatusValue() (RTNtCurrentTeb()->LastStatusValue)
1601	# define RTNtLastErrorValue() (RTNtCurrentTeb()->LastErrorValue)
1602	#endif
1603	#define NtCurrentPeb() RTNtCurrentPeb()
1604
1605
1606	/** @} */
1607
1608
1609	#ifdef IPRT_NT_USE_WINTERNL
1610	RT_DECL_NTAPI(NTSTATUS) NtCreateSection(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1611	typedef enum _SECTION_INHERIT
1612	{
1613	ViewShare = 1,
1614	ViewUnmap
1615	} SECTION_INHERIT;
1616	#endif
1617	RT_DECL_NTAPI(NTSTATUS) NtMapViewOfSection(HANDLE, HANDLE, PVOID *, ULONG, SIZE_T, PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT,
1618	ULONG, ULONG);
1619	RT_DECL_NTAPI(NTSTATUS) NtFlushVirtualMemory(HANDLE, PVOID *, PSIZE_T, PIO_STATUS_BLOCK);
1620	RT_DECL_NTAPI(NTSTATUS) NtUnmapViewOfSection(HANDLE, PVOID);
1621
1622	RT_DECL_NTAPI(NTSTATUS) NtOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1623	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcess(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1624	RT_DECL_NTAPI(NTSTATUS) NtOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1625	RT_DECL_NTAPI(NTSTATUS) ZwOpenThread(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PCLIENT_ID);
1626	RT_DECL_NTAPI(NTSTATUS) NtAlertThread(HANDLE hThread);
1627	#ifdef IPRT_NT_USE_WINTERNL
1628	RT_DECL_NTAPI(NTSTATUS) ZwAlertThread(HANDLE hThread);
1629	#endif
1630	RT_DECL_NTAPI(NTSTATUS) NtTestAlert(void);
1631
1632	#ifdef IPRT_NT_USE_WINTERNL
1633	RT_DECL_NTAPI(NTSTATUS) NtOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1634	RT_DECL_NTAPI(NTSTATUS) NtOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1635	#endif
1636	RT_DECL_NTAPI(NTSTATUS) ZwOpenProcessToken(HANDLE, ACCESS_MASK, PHANDLE);
1637	RT_DECL_NTAPI(NTSTATUS) ZwOpenThreadToken(HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1638
1639	#ifdef IPRT_NT_USE_WINTERNL
1640	typedef struct _FILE_FS_VOLUME_INFORMATION
1641	{
1642	LARGE_INTEGER VolumeCreationTime;
1643	ULONG VolumeSerialNumber;
1644	ULONG VolumeLabelLength;
1645	BOOLEAN SupportsObjects;
1646	WCHAR VolumeLabel[1];
1647	} FILE_FS_VOLUME_INFORMATION;
1648	typedef FILE_FS_VOLUME_INFORMATION *PFILE_FS_VOLUME_INFORMATION;
1649	typedef struct _FILE_FS_LABEL_INFORMATION
1650	{
1651	ULONG VolumeLabelLength;
1652	WCHAR VolumeLabel[1];
1653	} FILE_FS_LABEL_INFORMATION;
1654	typedef FILE_FS_LABEL_INFORMATION *PFILE_FS_LABEL_INFORMATION;
1655	typedef struct _FILE_FS_SIZE_INFORMATION
1656	{
1657	LARGE_INTEGER TotalAllocationUnits;
1658	LARGE_INTEGER AvailableAllocationUnits;
1659	ULONG SectorsPerAllocationUnit;
1660	ULONG BytesPerSector;
1661	} FILE_FS_SIZE_INFORMATION;
1662	typedef FILE_FS_SIZE_INFORMATION *PFILE_FS_SIZE_INFORMATION;
1663	typedef struct _FILE_FS_DEVICE_INFORMATION
1664	{
1665	DEVICE_TYPE DeviceType;
1666	ULONG Characteristics;
1667	} FILE_FS_DEVICE_INFORMATION;
1668	typedef FILE_FS_DEVICE_INFORMATION *PFILE_FS_DEVICE_INFORMATION;
1669	typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1670	{
1671	ULONG FileSystemAttributes;
1672	LONG MaximumComponentNameLength;
1673	ULONG FileSystemNameLength;
1674	WCHAR FileSystemName[1];
1675	} FILE_FS_ATTRIBUTE_INFORMATION;
1676	typedef FILE_FS_ATTRIBUTE_INFORMATION *PFILE_FS_ATTRIBUTE_INFORMATION;
1677	typedef struct _FILE_FS_CONTROL_INFORMATION
1678	{
1679	LARGE_INTEGER FreeSpaceStartFiltering;
1680	LARGE_INTEGER FreeSpaceThreshold;
1681	LARGE_INTEGER FreeSpaceStopFiltering;
1682	LARGE_INTEGER DefaultQuotaThreshold;
1683	LARGE_INTEGER DefaultQuotaLimit;
1684	ULONG FileSystemControlFlags;
1685	} FILE_FS_CONTROL_INFORMATION;
1686	typedef FILE_FS_CONTROL_INFORMATION *PFILE_FS_CONTROL_INFORMATION;
1687	typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1688	{
1689	LARGE_INTEGER TotalAllocationUnits;
1690	LARGE_INTEGER CallerAvailableAllocationUnits;
1691	LARGE_INTEGER ActualAvailableAllocationUnits;
1692	ULONG SectorsPerAllocationUnit;
1693	ULONG BytesPerSector;
1694	} FILE_FS_FULL_SIZE_INFORMATION;
1695	typedef FILE_FS_FULL_SIZE_INFORMATION *PFILE_FS_FULL_SIZE_INFORMATION;
1696	typedef struct _FILE_FS_OBJECTID_INFORMATION
1697	{
1698	UCHAR ObjectId[16];
1699	UCHAR ExtendedInfo[48];
1700	} FILE_FS_OBJECTID_INFORMATION;
1701	typedef FILE_FS_OBJECTID_INFORMATION *PFILE_FS_OBJECTID_INFORMATION;
1702	typedef struct _FILE_FS_DRIVER_PATH_INFORMATION
1703	{
1704	BOOLEAN DriverInPath;
1705	ULONG DriverNameLength;
1706	WCHAR DriverName[1];
1707	} FILE_FS_DRIVER_PATH_INFORMATION;
1708	typedef FILE_FS_DRIVER_PATH_INFORMATION *PFILE_FS_DRIVER_PATH_INFORMATION;
1709	typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION
1710	{
1711	ULONG Flags;
1712	} FILE_FS_VOLUME_FLAGS_INFORMATION;
1713	typedef FILE_FS_VOLUME_FLAGS_INFORMATION *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1714	#endif
1715	#if !defined(SSINFO_OFFSET_UNKNOWN) \|\| defined(IPRT_NT_USE_WINTERNL)
1716	typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1717	{
1718	ULONG LogicalBytesPerSector;
1719	ULONG PhysicalBytesPerSectorForAtomicity;
1720	ULONG PhysicalBytesPerSectorForPerformance;
1721	ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1722	ULONG Flags;
1723	ULONG ByteOffsetForSectorAlignment;
1724	ULONG ByteOffsetForPartitionAlignment;
1725	} FILE_FS_SECTOR_SIZE_INFORMATION;
1726	typedef FILE_FS_SECTOR_SIZE_INFORMATION *PFILE_FS_SECTOR_SIZE_INFORMATION;
1727	# ifndef SSINFO_OFFSET_UNKNOWN
1728	# define SSINFO_OFFSET_UNKNOWN 0xffffffffUL
1729	# define SSINFO_FLAGS_ALIGNED_DEVICE 1UL
1730	# define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 2UL
1731	# define SSINFO_FLAGS_NO_SEEK_PENALTY 4UL
1732	# define SSINFO_FLAGS_TRIM_ENABLED 8UL
1733	# define SSINFO_FLAGS_BYTE_ADDRESSABLE 16UL
1734	# endif
1735	#endif
1736	#ifdef IPRT_NT_USE_WINTERNL
1737	typedef struct _FILE_FS_DATA_COPY_INFORMATION
1738	{
1739	ULONG NumberOfCopies;
1740	} FILE_FS_DATA_COPY_INFORMATION;
1741	typedef FILE_FS_DATA_COPY_INFORMATION *PFILE_FS_DATA_COPY_INFORMATION;
1742	typedef struct _FILE_FS_METADATA_SIZE_INFORMATION
1743	{
1744	LARGE_INTEGER TotalMetadataAllocationUnits;
1745	ULONG SectorsPerAllocationUnit;
1746	ULONG BytesPerSector;
1747	} FILE_FS_METADATA_SIZE_INFORMATION;
1748	typedef FILE_FS_METADATA_SIZE_INFORMATION *PFILE_FS_METADATA_SIZE_INFORMATION;
1749	typedef struct _FILE_FS_FULL_SIZE_INFORMATION_EX
1750	{
1751	ULONGLONG ActualTotalAllocationUnits;
1752	ULONGLONG ActualAvailableAllocationUnits;
1753	ULONGLONG ActualPoolUnavailableAllocationUnits;
1754	ULONGLONG CallerTotalAllocationUnits;
1755	ULONGLONG CallerAvailableAllocationUnits;
1756	ULONGLONG CallerPoolUnavailableAllocationUnits;
1757	ULONGLONG UsedAllocationUnits;
1758	ULONGLONG TotalReservedAllocationUnits;
1759	ULONGLONG VolumeStorageReserveAllocationUnits;
1760	ULONGLONG AvailableCommittedAllocationUnits;
1761	ULONGLONG PoolAvailableAllocationUnits;
1762	ULONG SectorsPerAllocationUnit;
1763	ULONG BytesPerSector;
1764	} FILE_FS_FULL_SIZE_INFORMATION_EX;
1765	typedef FILE_FS_FULL_SIZE_INFORMATION_EX *PFILE_FS_FULL_SIZE_INFORMATION_EX;
1766	#endif /* IPRT_NT_USE_WINTERNL */
1767
1768	typedef enum _FSINFOCLASS
1769	{
1770	FileFsVolumeInformation = 1,
1771	FileFsLabelInformation,
1772	FileFsSizeInformation, /*< FILE_FS_SIZE_INFORMATION /
1773	FileFsDeviceInformation,
1774	FileFsAttributeInformation,
1775	FileFsControlInformation,
1776	FileFsFullSizeInformation,
1777	FileFsObjectIdInformation,
1778	FileFsDriverPathInformation,
1779	FileFsVolumeFlagsInformation,
1780	FileFsSectorSizeInformation,
1781	FileFsDataCopyInformation,
1782	FileFsMetadataSizeInformation,
1783	FileFsFullSizeInformationEx,
1784	FileFsMaximumInformation
1785	} FS_INFORMATION_CLASS;
1786	typedef FS_INFORMATION_CLASS *PFS_INFORMATION_CLASS;
1787	RT_DECL_NTAPI(NTSTATUS) NtQueryVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1788	RT_DECL_NTAPI(NTSTATUS) NtSetVolumeInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FS_INFORMATION_CLASS);
1789
1790	#ifdef IPRT_NT_USE_WINTERNL
1791	typedef struct _FILE_DIRECTORY_INFORMATION
1792	{
1793	ULONG NextEntryOffset;
1794	ULONG FileIndex;
1795	LARGE_INTEGER CreationTime;
1796	LARGE_INTEGER LastAccessTime;
1797	LARGE_INTEGER LastWriteTime;
1798	LARGE_INTEGER ChangeTime;
1799	LARGE_INTEGER EndOfFile;
1800	LARGE_INTEGER AllocationSize;
1801	ULONG FileAttributes;
1802	ULONG FileNameLength;
1803	WCHAR FileName[1];
1804	} FILE_DIRECTORY_INFORMATION;
1805	typedef FILE_DIRECTORY_INFORMATION *PFILE_DIRECTORY_INFORMATION;
1806	typedef struct _FILE_FULL_DIR_INFORMATION
1807	{
1808	ULONG NextEntryOffset;
1809	ULONG FileIndex;
1810	LARGE_INTEGER CreationTime;
1811	LARGE_INTEGER LastAccessTime;
1812	LARGE_INTEGER LastWriteTime;
1813	LARGE_INTEGER ChangeTime;
1814	LARGE_INTEGER EndOfFile;
1815	LARGE_INTEGER AllocationSize;
1816	ULONG FileAttributes;
1817	ULONG FileNameLength;
1818	ULONG EaSize;
1819	WCHAR FileName[1];
1820	} FILE_FULL_DIR_INFORMATION;
1821	typedef FILE_FULL_DIR_INFORMATION *PFILE_FULL_DIR_INFORMATION;
1822	typedef struct _FILE_BOTH_DIR_INFORMATION
1823	{
1824	ULONG NextEntryOffset; /*< 0x00: /
1825	ULONG FileIndex; /*< 0x04: /
1826	LARGE_INTEGER CreationTime; /*< 0x08: /
1827	LARGE_INTEGER LastAccessTime; /*< 0x10: /
1828	LARGE_INTEGER LastWriteTime; /*< 0x18: /
1829	LARGE_INTEGER ChangeTime; /*< 0x20: /
1830	LARGE_INTEGER EndOfFile; /*< 0x28: /
1831	LARGE_INTEGER AllocationSize; /*< 0x30: /
1832	ULONG FileAttributes; /*< 0x38: /
1833	ULONG FileNameLength; /*< 0x3c: /
1834	ULONG EaSize; /*< 0x40: /
1835	CCHAR ShortNameLength; /*< 0x44: /
1836	WCHAR ShortName[12]; /*< 0x46: /
1837	WCHAR FileName[1]; /*< 0x5e: /
1838	} FILE_BOTH_DIR_INFORMATION;
1839	typedef FILE_BOTH_DIR_INFORMATION *PFILE_BOTH_DIR_INFORMATION;
1840	typedef struct _FILE_BASIC_INFORMATION
1841	{
1842	LARGE_INTEGER CreationTime;
1843	LARGE_INTEGER LastAccessTime;
1844	LARGE_INTEGER LastWriteTime;
1845	LARGE_INTEGER ChangeTime;
1846	ULONG FileAttributes;
1847	} FILE_BASIC_INFORMATION;
1848	typedef FILE_BASIC_INFORMATION *PFILE_BASIC_INFORMATION;
1849	typedef struct _FILE_STANDARD_INFORMATION
1850	{
1851	LARGE_INTEGER AllocationSize;
1852	LARGE_INTEGER EndOfFile;
1853	ULONG NumberOfLinks;
1854	BOOLEAN DeletePending;
1855	BOOLEAN Directory;
1856	} FILE_STANDARD_INFORMATION;
1857	typedef FILE_STANDARD_INFORMATION *PFILE_STANDARD_INFORMATION;
1858	typedef struct _FILE_NAME_INFORMATION
1859	{
1860	ULONG FileNameLength;
1861	WCHAR FileName[1];
1862	} FILE_NAME_INFORMATION;
1863	typedef FILE_NAME_INFORMATION *PFILE_NAME_INFORMATION;
1864	typedef FILE_NAME_INFORMATION FILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1865	typedef FILE_NETWORK_PHYSICAL_NAME_INFORMATION *PFILE_NETWORK_PHYSICAL_NAME_INFORMATION;
1866	typedef struct _FILE_INTERNAL_INFORMATION
1867	{
1868	LARGE_INTEGER IndexNumber;
1869	} FILE_INTERNAL_INFORMATION;
1870	typedef FILE_INTERNAL_INFORMATION *PFILE_INTERNAL_INFORMATION;
1871	typedef struct _FILE_EA_INFORMATION
1872	{
1873	ULONG EaSize;
1874	} FILE_EA_INFORMATION;
1875	typedef FILE_EA_INFORMATION *PFILE_EA_INFORMATION;
1876	typedef struct _FILE_ACCESS_INFORMATION
1877	{
1878	ACCESS_MASK AccessFlags;
1879	} FILE_ACCESS_INFORMATION;
1880	typedef FILE_ACCESS_INFORMATION *PFILE_ACCESS_INFORMATION;
1881	typedef struct _FILE_RENAME_INFORMATION
1882	{
1883	union
1884	{
1885	BOOLEAN ReplaceIfExists;
1886	ULONG Flags;
1887	};
1888	HANDLE RootDirectory;
1889	ULONG FileNameLength;
1890	WCHAR FileName[1];
1891	} FILE_RENAME_INFORMATION;
1892	typedef FILE_RENAME_INFORMATION *PFILE_RENAME_INFORMATION;
1893	typedef struct _FILE_LINK_INFORMATION
1894	{
1895	union
1896	{
1897	BOOLEAN ReplaceIfExists;
1898	ULONG Flags;
1899	};
1900	HANDLE RootDirectory;
1901	ULONG FileNameLength;
1902	WCHAR FileName[1];
1903	} FILE_LINK_INFORMATION;
1904	typedef FILE_LINK_INFORMATION *PFILE_LINK_INFORMATION;
1905	typedef struct _FILE_NAMES_INFORMATION
1906	{
1907	ULONG NextEntryOffset;
1908	ULONG FileIndex;
1909	ULONG FileNameLength;
1910	WCHAR FileName[1];
1911	} FILE_NAMES_INFORMATION;
1912	typedef FILE_NAMES_INFORMATION *PFILE_NAMES_INFORMATION;
1913	typedef struct _FILE_DISPOSITION_INFORMATION
1914	{
1915	BOOLEAN DeleteFile;
1916	} FILE_DISPOSITION_INFORMATION;
1917	typedef FILE_DISPOSITION_INFORMATION *PFILE_DISPOSITION_INFORMATION;
1918	typedef struct _FILE_POSITION_INFORMATION
1919	{
1920	LARGE_INTEGER CurrentByteOffset;
1921	} FILE_POSITION_INFORMATION;
1922	typedef FILE_POSITION_INFORMATION *PFILE_POSITION_INFORMATION;
1923	typedef struct _FILE_FULL_EA_INFORMATION
1924	{
1925	ULONG NextEntryOffset;
1926	UCHAR Flags;
1927	UCHAR EaNameLength;
1928	USHORT EaValueLength;
1929	CHAR EaName[1];
1930	} FILE_FULL_EA_INFORMATION;
1931	typedef FILE_FULL_EA_INFORMATION *PFILE_FULL_EA_INFORMATION;
1932	typedef struct _FILE_MODE_INFORMATION
1933	{
1934	ULONG Mode;
1935	} FILE_MODE_INFORMATION;
1936	typedef FILE_MODE_INFORMATION *PFILE_MODE_INFORMATION;
1937	typedef struct _FILE_ALIGNMENT_INFORMATION
1938	{
1939	ULONG AlignmentRequirement;
1940	} FILE_ALIGNMENT_INFORMATION;
1941	typedef FILE_ALIGNMENT_INFORMATION *PFILE_ALIGNMENT_INFORMATION;
1942	typedef struct _FILE_ALL_INFORMATION
1943	{
1944	FILE_BASIC_INFORMATION BasicInformation;
1945	FILE_STANDARD_INFORMATION StandardInformation;
1946	FILE_INTERNAL_INFORMATION InternalInformation;
1947	FILE_EA_INFORMATION EaInformation;
1948	FILE_ACCESS_INFORMATION AccessInformation;
1949	FILE_POSITION_INFORMATION PositionInformation;
1950	FILE_MODE_INFORMATION ModeInformation;
1951	FILE_ALIGNMENT_INFORMATION AlignmentInformation;
1952	FILE_NAME_INFORMATION NameInformation;
1953	} FILE_ALL_INFORMATION;
1954	typedef FILE_ALL_INFORMATION *PFILE_ALL_INFORMATION;
1955	typedef struct _FILE_ALLOCATION_INFORMATION
1956	{
1957	LARGE_INTEGER AllocationSize;
1958	} FILE_ALLOCATION_INFORMATION;
1959	typedef FILE_ALLOCATION_INFORMATION *PFILE_ALLOCATION_INFORMATION;
1960	typedef struct _FILE_END_OF_FILE_INFORMATION
1961	{
1962	LARGE_INTEGER EndOfFile;
1963	} FILE_END_OF_FILE_INFORMATION;
1964	typedef FILE_END_OF_FILE_INFORMATION *PFILE_END_OF_FILE_INFORMATION;
1965	typedef struct _FILE_STREAM_INFORMATION
1966	{
1967	ULONG NextEntryOffset;
1968	ULONG StreamNameLength;
1969	LARGE_INTEGER StreamSize;
1970	LARGE_INTEGER StreamAllocationSize;
1971	WCHAR StreamName[1];
1972	} FILE_STREAM_INFORMATION;
1973	typedef FILE_STREAM_INFORMATION *PFILE_STREAM_INFORMATION;
1974	typedef struct _FILE_PIPE_INFORMATION
1975	{
1976	ULONG ReadMode;
1977	ULONG CompletionMode;
1978	} FILE_PIPE_INFORMATION;
1979	typedef FILE_PIPE_INFORMATION *PFILE_PIPE_INFORMATION;
1980
1981	typedef struct _FILE_PIPE_LOCAL_INFORMATION
1982	{
1983	ULONG NamedPipeType;
1984	ULONG NamedPipeConfiguration;
1985	ULONG MaximumInstances;
1986	ULONG CurrentInstances;
1987	ULONG InboundQuota;
1988	ULONG ReadDataAvailable;
1989	ULONG OutboundQuota;
1990	ULONG WriteQuotaAvailable;
1991	ULONG NamedPipeState;
1992	ULONG NamedPipeEnd;
1993	} FILE_PIPE_LOCAL_INFORMATION;
1994	typedef FILE_PIPE_LOCAL_INFORMATION *PFILE_PIPE_LOCAL_INFORMATION;
1995
1996	typedef struct _FILE_PIPE_REMOTE_INFORMATION
1997	{
1998	LARGE_INTEGER CollectDataTime;
1999	ULONG MaximumCollectionCount;
2000	} FILE_PIPE_REMOTE_INFORMATION;
2001	typedef FILE_PIPE_REMOTE_INFORMATION *PFILE_PIPE_REMOTE_INFORMATION;
2002	typedef struct _FILE_MAILSLOT_QUERY_INFORMATION
2003	{
2004	ULONG MaximumMessageSize;
2005	ULONG MailslotQuota;
2006	ULONG NextMessageSize;
2007	ULONG MessagesAvailable;
2008	LARGE_INTEGER ReadTimeout;
2009	} FILE_MAILSLOT_QUERY_INFORMATION;
2010	typedef FILE_MAILSLOT_QUERY_INFORMATION *PFILE_MAILSLOT_QUERY_INFORMATION;
2011	typedef struct _FILE_MAILSLOT_SET_INFORMATION
2012	{
2013	PLARGE_INTEGER ReadTimeout;
2014	} FILE_MAILSLOT_SET_INFORMATION;
2015	typedef FILE_MAILSLOT_SET_INFORMATION *PFILE_MAILSLOT_SET_INFORMATION;
2016	typedef struct _FILE_COMPRESSION_INFORMATION
2017	{
2018	LARGE_INTEGER CompressedFileSize;
2019	USHORT CompressionFormat;
2020	UCHAR CompressionUnitShift;
2021	UCHAR ChunkShift;
2022	UCHAR ClusterShift;
2023	UCHAR Reserved[3];
2024	} FILE_COMPRESSION_INFORMATION;
2025	typedef FILE_COMPRESSION_INFORMATION *PFILE_COMPRESSION_INFORMATION;
2026	typedef struct _FILE_OBJECTID_INFORMATION
2027	{
2028	LONGLONG FileReference;
2029	UCHAR ObjectId[16];
2030	union
2031	{
2032	struct
2033	{
2034	UCHAR BirthVolumeId[16];
2035	UCHAR BirthObjectId[16];
2036	UCHAR DomainId[16];
2037	};
2038	UCHAR ExtendedInfo[48];
2039	};
2040	} FILE_OBJECTID_INFORMATION;
2041	typedef FILE_OBJECTID_INFORMATION *PFILE_OBJECTID_INFORMATION;
2042	typedef struct _FILE_COMPLETION_INFORMATION
2043	{
2044	HANDLE Port;
2045	PVOID Key;
2046	} FILE_COMPLETION_INFORMATION;
2047	typedef FILE_COMPLETION_INFORMATION *PFILE_COMPLETION_INFORMATION;
2048	typedef struct _FILE_MOVE_CLUSTER_INFORMATION
2049	{
2050	ULONG ClusterCount;
2051	HANDLE RootDirectory;
2052	ULONG FileNameLength;
2053	WCHAR FileName[1];
2054	} FILE_MOVE_CLUSTER_INFORMATION;
2055	typedef FILE_MOVE_CLUSTER_INFORMATION *PFILE_MOVE_CLUSTER_INFORMATION;
2056	typedef struct _FILE_QUOTA_INFORMATION
2057	{
2058	ULONG NextEntryOffset;
2059	ULONG SidLength;
2060	LARGE_INTEGER ChangeTime;
2061	LARGE_INTEGER QuotaUsed;
2062	LARGE_INTEGER QuotaThreshold;
2063	LARGE_INTEGER QuotaLimit;
2064	SID Sid;
2065	} FILE_QUOTA_INFORMATION;
2066	typedef FILE_QUOTA_INFORMATION *PFILE_QUOTA_INFORMATION;
2067	typedef struct _FILE_REPARSE_POINT_INFORMATION
2068	{
2069	LONGLONG FileReference;
2070	ULONG Tag;
2071	} FILE_REPARSE_POINT_INFORMATION;
2072	typedef FILE_REPARSE_POINT_INFORMATION *PFILE_REPARSE_POINT_INFORMATION;
2073	typedef struct _FILE_NETWORK_OPEN_INFORMATION
2074	{
2075	LARGE_INTEGER CreationTime;
2076	LARGE_INTEGER LastAccessTime;
2077	LARGE_INTEGER LastWriteTime;
2078	LARGE_INTEGER ChangeTime;
2079	LARGE_INTEGER AllocationSize;
2080	LARGE_INTEGER EndOfFile;
2081	ULONG FileAttributes;
2082	} FILE_NETWORK_OPEN_INFORMATION;
2083	typedef FILE_NETWORK_OPEN_INFORMATION *PFILE_NETWORK_OPEN_INFORMATION;
2084	typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
2085	{
2086	ULONG FileAttributes;
2087	ULONG ReparseTag;
2088	} FILE_ATTRIBUTE_TAG_INFORMATION;
2089	typedef FILE_ATTRIBUTE_TAG_INFORMATION *PFILE_ATTRIBUTE_TAG_INFORMATION;
2090	typedef struct _FILE_TRACKING_INFORMATION
2091	{
2092	HANDLE DestinationFile;
2093	ULONG ObjectInformationLength;
2094	CHAR ObjectInformation[1];
2095	} FILE_TRACKING_INFORMATION;
2096	typedef FILE_TRACKING_INFORMATION *PFILE_TRACKING_INFORMATION;
2097	typedef struct _FILE_ID_BOTH_DIR_INFORMATION
2098	{
2099	ULONG NextEntryOffset;
2100	ULONG FileIndex;
2101	LARGE_INTEGER CreationTime;
2102	LARGE_INTEGER LastAccessTime;
2103	LARGE_INTEGER LastWriteTime;
2104	LARGE_INTEGER ChangeTime;
2105	LARGE_INTEGER EndOfFile;
2106	LARGE_INTEGER AllocationSize;
2107	ULONG FileAttributes;
2108	ULONG FileNameLength;
2109	ULONG EaSize;
2110	CCHAR ShortNameLength;
2111	WCHAR ShortName[12];
2112	LARGE_INTEGER FileId;
2113	WCHAR FileName[1];
2114	} FILE_ID_BOTH_DIR_INFORMATION;
2115	typedef FILE_ID_BOTH_DIR_INFORMATION *PFILE_ID_BOTH_DIR_INFORMATION;
2116	typedef struct _FILE_ID_FULL_DIR_INFORMATION
2117	{
2118	ULONG NextEntryOffset;
2119	ULONG FileIndex;
2120	LARGE_INTEGER CreationTime;
2121	LARGE_INTEGER LastAccessTime;
2122	LARGE_INTEGER LastWriteTime;
2123	LARGE_INTEGER ChangeTime;
2124	LARGE_INTEGER EndOfFile;
2125	LARGE_INTEGER AllocationSize;
2126	ULONG FileAttributes;
2127	ULONG FileNameLength;
2128	ULONG EaSize;
2129	LARGE_INTEGER FileId;
2130	WCHAR FileName[1];
2131	} FILE_ID_FULL_DIR_INFORMATION;
2132	typedef FILE_ID_FULL_DIR_INFORMATION *PFILE_ID_FULL_DIR_INFORMATION;
2133	typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION
2134	{
2135	LARGE_INTEGER ValidDataLength;
2136	} FILE_VALID_DATA_LENGTH_INFORMATION;
2137	typedef FILE_VALID_DATA_LENGTH_INFORMATION *PFILE_VALID_DATA_LENGTH_INFORMATION;
2138	typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION
2139	{
2140	ULONG Flags;
2141	} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2142	typedef FILE_IO_COMPLETION_NOTIFICATION_INFORMATION *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
2143	typedef enum _IO_PRIORITY_HINT
2144	{
2145	IoPriorityVeryLow = 0,
2146	IoPriorityLow,
2147	IoPriorityNormal,
2148	IoPriorityHigh,
2149	IoPriorityCritical,
2150	MaxIoPriorityTypes
2151	} IO_PRIORITY_HINT;
2152	AssertCompileSize(IO_PRIORITY_HINT, sizeof(int));
2153	typedef struct _FILE_IO_PRIORITY_HINT_INFORMATION
2154	{
2155	IO_PRIORITY_HINT PriorityHint;
2156	} FILE_IO_PRIORITY_HINT_INFORMATION;
2157	typedef FILE_IO_PRIORITY_HINT_INFORMATION *PFILE_IO_PRIORITY_HINT_INFORMATION;
2158	typedef struct _FILE_SFIO_RESERVE_INFORMATION
2159	{
2160	ULONG RequestsPerPeriod;
2161	ULONG Period;
2162	BOOLEAN RetryFailures;
2163	BOOLEAN Discardable;
2164	ULONG RequestSize;
2165	ULONG NumOutstandingRequests;
2166	} FILE_SFIO_RESERVE_INFORMATION;
2167	typedef FILE_SFIO_RESERVE_INFORMATION *PFILE_SFIO_RESERVE_INFORMATION;
2168	typedef struct _FILE_SFIO_VOLUME_INFORMATION
2169	{
2170	ULONG MaximumRequestsPerPeriod;
2171	ULONG MinimumPeriod;
2172	ULONG MinimumTransferSize;
2173	} FILE_SFIO_VOLUME_INFORMATION;
2174	typedef FILE_SFIO_VOLUME_INFORMATION *PFILE_SFIO_VOLUME_INFORMATION;
2175	typedef struct _FILE_LINK_ENTRY_INFORMATION
2176	{
2177	ULONG NextEntryOffset;
2178	LONGLONG ParentFileId;
2179	ULONG FileNameLength;
2180	WCHAR FileName[1];
2181	} FILE_LINK_ENTRY_INFORMATION;
2182	typedef FILE_LINK_ENTRY_INFORMATION *PFILE_LINK_ENTRY_INFORMATION;
2183	typedef struct _FILE_LINKS_INFORMATION
2184	{
2185	ULONG BytesNeeded;
2186	ULONG EntriesReturned;
2187	FILE_LINK_ENTRY_INFORMATION Entry;
2188	} FILE_LINKS_INFORMATION;
2189	typedef FILE_LINKS_INFORMATION *PFILE_LINKS_INFORMATION;
2190	typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION
2191	{
2192	ULONG NumberOfProcessIdsInList;
2193	ULONG_PTR ProcessIdList[1];
2194	} FILE_PROCESS_IDS_USING_FILE_INFORMATION;
2195	typedef FILE_PROCESS_IDS_USING_FILE_INFORMATION *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
2196	typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION
2197	{
2198	ULONG NextEntryOffset;
2199	ULONG FileIndex;
2200	LARGE_INTEGER CreationTime;
2201	LARGE_INTEGER LastAccessTime;
2202	LARGE_INTEGER LastWriteTime;
2203	LARGE_INTEGER ChangeTime;
2204	LARGE_INTEGER EndOfFile;
2205	LARGE_INTEGER AllocationSize;
2206	ULONG FileAttributes;
2207	ULONG FileNameLength;
2208	LARGE_INTEGER FileId;
2209	GUID LockingTransactionId;
2210	ULONG TxInfoFlags;
2211	WCHAR FileName[1];
2212	} FILE_ID_GLOBAL_TX_DIR_INFORMATION;
2213	typedef FILE_ID_GLOBAL_TX_DIR_INFORMATION *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
2214	typedef struct _FILE_IS_REMOTE_DEVICE_INFORMATION
2215	{
2216	BOOLEAN IsRemote;
2217	} FILE_IS_REMOTE_DEVICE_INFORMATION;
2218	typedef FILE_IS_REMOTE_DEVICE_INFORMATION *PFILE_IS_REMOTE_DEVICE_INFORMATION;
2219	typedef struct _FILE_NUMA_NODE_INFORMATION
2220	{
2221	USHORT NodeNumber;
2222	} FILE_NUMA_NODE_INFORMATION;
2223	typedef FILE_NUMA_NODE_INFORMATION *PFILE_NUMA_NODE_INFORMATION;
2224	typedef struct _FILE_STANDARD_LINK_INFORMATION
2225	{
2226	ULONG NumberOfAccessibleLinks;
2227	ULONG TotalNumberOfLinks;
2228	BOOLEAN DeletePending;
2229	BOOLEAN Directory;
2230	} FILE_STANDARD_LINK_INFORMATION;
2231	typedef FILE_STANDARD_LINK_INFORMATION *PFILE_STANDARD_LINK_INFORMATION;
2232	typedef struct _FILE_REMOTE_PROTOCOL_INFORMATION
2233	{
2234	USHORT StructureVersion;
2235	USHORT StructureSize;
2236	ULONG Protocol;
2237	USHORT ProtocolMajorVersion;
2238	USHORT ProtocolMinorVersion;
2239	USHORT ProtocolRevision;
2240	USHORT Reserved;
2241	ULONG Flags;
2242	struct
2243	{
2244	ULONG Reserved[8];
2245	} GenericReserved;
2246	struct
2247	{
2248	ULONG Reserved[16];
2249	} ProtocolSpecificReserved;
2250	} FILE_REMOTE_PROTOCOL_INFORMATION;
2251	typedef FILE_REMOTE_PROTOCOL_INFORMATION *PFILE_REMOTE_PROTOCOL_INFORMATION;
2252	typedef struct _FILE_VOLUME_NAME_INFORMATION
2253	{
2254	ULONG DeviceNameLength;
2255	WCHAR DeviceName[1];
2256	} FILE_VOLUME_NAME_INFORMATION;
2257	typedef FILE_VOLUME_NAME_INFORMATION *PFILE_VOLUME_NAME_INFORMATION;
2258	# ifndef FILE_INVALID_FILE_ID
2259	typedef struct _FILE_ID_128
2260	{
2261	BYTE Identifier[16];
2262	} FILE_ID_128;
2263	typedef FILE_ID_128 *PFILE_ID_128;
2264	# endif
2265	typedef struct _FILE_ID_EXTD_DIR_INFORMATION
2266	{
2267	ULONG NextEntryOffset;
2268	ULONG FileIndex;
2269	LARGE_INTEGER CreationTime;
2270	LARGE_INTEGER LastAccessTime;
2271	LARGE_INTEGER LastWriteTime;
2272	LARGE_INTEGER ChangeTime;
2273	LARGE_INTEGER EndOfFile;
2274	LARGE_INTEGER AllocationSize;
2275	ULONG FileAttributes;
2276	ULONG FileNameLength;
2277	ULONG EaSize;
2278	ULONG ReparsePointTag;
2279	FILE_ID_128 FileId;
2280	WCHAR FileName[1];
2281	} FILE_ID_EXTD_DIR_INFORMATION;
2282	typedef FILE_ID_EXTD_DIR_INFORMATION *PFILE_ID_EXTD_DIR_INFORMATION;
2283	typedef struct _FILE_ID_EXTD_BOTH_DIR_INFORMATION
2284	{
2285	ULONG NextEntryOffset;
2286	ULONG FileIndex;
2287	LARGE_INTEGER CreationTime;
2288	LARGE_INTEGER LastAccessTime;
2289	LARGE_INTEGER LastWriteTime;
2290	LARGE_INTEGER ChangeTime;
2291	LARGE_INTEGER EndOfFile;
2292	LARGE_INTEGER AllocationSize;
2293	ULONG FileAttributes;
2294	ULONG FileNameLength;
2295	ULONG EaSize;
2296	ULONG ReparsePointTag;
2297	FILE_ID_128 FileId;
2298	CCHAR ShortNameLength;
2299	WCHAR ShortName[12];
2300	WCHAR FileName[1];
2301	} FILE_ID_EXTD_BOTH_DIR_INFORMATION;
2302	typedef FILE_ID_EXTD_BOTH_DIR_INFORMATION *PFILE_ID_EXTD_BOTH_DIR_INFORMATION;
2303	typedef struct _FILE_ID_INFORMATION
2304	{
2305	ULONGLONG VolumeSerialNumber;
2306	FILE_ID_128 FileId;
2307	} FILE_ID_INFORMATION;
2308	typedef FILE_ID_INFORMATION *PFILE_ID_INFORMATION;
2309	typedef struct _FILE_LINK_ENTRY_FULL_ID_INFORMATION
2310	{
2311	ULONG NextEntryOffset;
2312	FILE_ID_128 ParentFileId;
2313	ULONG FileNameLength;
2314	WCHAR FileName[1];
2315	} FILE_LINK_ENTRY_FULL_ID_INFORMATION;
2316	typedef FILE_LINK_ENTRY_FULL_ID_INFORMATION *PFILE_LINK_ENTRY_FULL_ID_INFORMATION;
2317	typedef struct _FILE_LINKS_FULL_ID_INFORMATION {
2318	ULONG BytesNeeded;
2319	ULONG EntriesReturned;
2320	FILE_LINK_ENTRY_FULL_ID_INFORMATION Entry;
2321	} FILE_LINKS_FULL_ID_INFORMATION;
2322	typedef FILE_LINKS_FULL_ID_INFORMATION *PFILE_LINKS_FULL_ID_INFORMATION;
2323	typedef struct _FILE_DISPOSITION_INFORMATION_EX
2324	{
2325	ULONG Flags;
2326	} FILE_DISPOSITION_INFORMATION_EX;
2327	typedef FILE_DISPOSITION_INFORMATION_EX *PFILE_DISPOSITION_INFORMATION_EX;
2328	# ifndef QUERY_STORAGE_CLASSES_FLAGS_MEASURE_WRITE
2329	typedef struct _FILE_DESIRED_STORAGE_CLASS_INFORMATION
2330	{
2331	/FILE_STORAGE_TIER_CLASS/ ULONG Class;
2332	ULONG Flags;
2333	} FILE_DESIRED_STORAGE_CLASS_INFORMATION;
2334	typedef FILE_DESIRED_STORAGE_CLASS_INFORMATION *PFILE_DESIRED_STORAGE_CLASS_INFORMATION;
2335	# endif
2336	typedef struct _FILE_STAT_INFORMATION
2337	{
2338	LARGE_INTEGER FileId;
2339	LARGE_INTEGER CreationTime;
2340	LARGE_INTEGER LastAccessTime;
2341	LARGE_INTEGER LastWriteTime;
2342	LARGE_INTEGER ChangeTime;
2343	LARGE_INTEGER AllocationSize;
2344	LARGE_INTEGER EndOfFile;
2345	ULONG FileAttributes;
2346	ULONG ReparseTag;
2347	ULONG NumberOfLinks;
2348	ACCESS_MASK EffectiveAccess;
2349	} FILE_STAT_INFORMATION;
2350	typedef FILE_STAT_INFORMATION *PFILE_STAT_INFORMATION;
2351	typedef struct _FILE_STAT_LX_INFORMATION
2352	{
2353	LARGE_INTEGER FileId;
2354	LARGE_INTEGER CreationTime;
2355	LARGE_INTEGER LastAccessTime;
2356	LARGE_INTEGER LastWriteTime;
2357	LARGE_INTEGER ChangeTime;
2358	LARGE_INTEGER AllocationSize;
2359	LARGE_INTEGER EndOfFile;
2360	ULONG FileAttributes;
2361	ULONG ReparseTag;
2362	ULONG NumberOfLinks;
2363	ACCESS_MASK EffectiveAccess;
2364	ULONG LxFlags;
2365	ULONG LxUid;
2366	ULONG LxGid;
2367	ULONG LxMode;
2368	ULONG LxDeviceIdMajor;
2369	ULONG LxDeviceIdMinor;
2370	} FILE_STAT_LX_INFORMATION;
2371	typedef FILE_STAT_LX_INFORMATION *PFILE_STAT_LX_INFORMATION;
2372	typedef struct _FILE_CASE_SENSITIVE_INFORMATION
2373	{
2374	ULONG Flags;
2375	} FILE_CASE_SENSITIVE_INFORMATION;
2376	typedef FILE_CASE_SENSITIVE_INFORMATION *PFILE_CASE_SENSITIVE_INFORMATION;
2377
2378	typedef enum _FILE_INFORMATION_CLASS
2379	{
2380	FileDirectoryInformation = 1,
2381	FileFullDirectoryInformation,
2382	FileBothDirectoryInformation,
2383	FileBasicInformation,
2384	FileStandardInformation,
2385	FileInternalInformation,
2386	FileEaInformation,
2387	FileAccessInformation,
2388	FileNameInformation,
2389	FileRenameInformation,
2390	FileLinkInformation,
2391	FileNamesInformation,
2392	FileDispositionInformation,
2393	FilePositionInformation,
2394	FileFullEaInformation,
2395	FileModeInformation,
2396	FileAlignmentInformation,
2397	FileAllInformation,
2398	FileAllocationInformation,
2399	FileEndOfFileInformation,
2400	FileAlternateNameInformation,
2401	FileStreamInformation,
2402	FilePipeInformation,
2403	FilePipeLocalInformation,
2404	FilePipeRemoteInformation,
2405	FileMailslotQueryInformation,
2406	FileMailslotSetInformation,
2407	FileCompressionInformation,
2408	FileObjectIdInformation,
2409	FileCompletionInformation,
2410	FileMoveClusterInformation,
2411	FileQuotaInformation,
2412	FileReparsePointInformation,
2413	FileNetworkOpenInformation,
2414	FileAttributeTagInformation,
2415	FileTrackingInformation,
2416	FileIdBothDirectoryInformation,
2417	FileIdFullDirectoryInformation,
2418	FileValidDataLengthInformation,
2419	FileShortNameInformation,
2420	FileIoCompletionNotificationInformation,
2421	FileIoStatusBlockRangeInformation,
2422	FileIoPriorityHintInformation,
2423	FileSfioReserveInformation,
2424	FileSfioVolumeInformation,
2425	FileHardLinkInformation,
2426	FileProcessIdsUsingFileInformation,
2427	FileNormalizedNameInformation,
2428	FileNetworkPhysicalNameInformation,
2429	FileIdGlobalTxDirectoryInformation,
2430	FileIsRemoteDeviceInformation,
2431	FileUnusedInformation,
2432	FileNumaNodeInformation,
2433	FileStandardLinkInformation,
2434	FileRemoteProtocolInformation,
2435	/* Defined with Windows 10: */
2436	FileRenameInformationBypassAccessCheck,
2437	FileLinkInformationBypassAccessCheck,
2438	FileVolumeNameInformation,
2439	FileIdInformation,
2440	FileIdExtdDirectoryInformation,
2441	FileReplaceCompletionInformation,
2442	FileHardLinkFullIdInformation,
2443	FileIdExtdBothDirectoryInformation,
2444	FileDispositionInformationEx,
2445	FileRenameInformationEx,
2446	FileRenameInformationExBypassAccessCheck,
2447	FileDesiredStorageClassInformation,
2448	FileStatInformation,
2449	FileMemoryPartitionInformation,
2450	FileStatLxInformation,
2451	FileCaseSensitiveInformation,
2452	FileLinkInformationEx,
2453	FileLinkInformationExBypassAccessCheck,
2454	FileStorageReserveIdInformation,
2455	FileCaseSensitiveInformationForceAccessCheck,
2456	FileMaximumInformation
2457	} FILE_INFORMATION_CLASS;
2458	typedef FILE_INFORMATION_CLASS *PFILE_INFORMATION_CLASS;
2459	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2460	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG,
2461	FILE_INFORMATION_CLASS, BOOLEAN, PUNICODE_STRING, BOOLEAN);
2462	RT_DECL_NTAPI(NTSTATUS) NtSetInformationFile(HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, FILE_INFORMATION_CLASS);
2463	#endif /* IPRT_NT_USE_WINTERNL */
2464	RT_DECL_NTAPI(NTSTATUS) NtQueryAttributesFile(POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
2465	RT_DECL_NTAPI(NTSTATUS) NtQueryFullAttributesFile(POBJECT_ATTRIBUTES, PFILE_NETWORK_OPEN_INFORMATION);
2466
2467
2468	/** @name SE_GROUP_XXX - Attributes returned with TokenGroup and others.
2469	* @{ */
2470	#ifndef SE_GROUP_MANDATORY
2471	# define SE_GROUP_MANDATORY UINT32_C(0x01)
2472	#endif
2473	#ifndef SE_GROUP_ENABLED_BY_DEFAULT
2474	# define SE_GROUP_ENABLED_BY_DEFAULT UINT32_C(0x02)
2475	#endif
2476	#ifndef SE_GROUP_ENABLED
2477	# define SE_GROUP_ENABLED UINT32_C(0x04)
2478	#endif
2479	#ifndef SE_GROUP_OWNER
2480	# define SE_GROUP_OWNER UINT32_C(0x08)
2481	#endif
2482	#ifndef SE_GROUP_USE_FOR_DENY_ONLY
2483	# define SE_GROUP_USE_FOR_DENY_ONLY UINT32_C(0x10)
2484	#endif
2485	#ifndef SE_GROUP_INTEGRITY
2486	# define SE_GROUP_INTEGRITY UINT32_C(0x20)
2487	#endif
2488	#ifndef SE_GROUP_INTEGRITY_ENABLED
2489	# define SE_GROUP_INTEGRITY_ENABLED UINT32_C(0x40)
2490	#endif
2491	#ifndef SE_GROUP_RESOURCE
2492	# define SE_GROUP_RESOURCE UINT32_C(0x20000000)
2493	#endif
2494	#ifndef SE_GROUP_LOGON_ID
2495	# define SE_GROUP_LOGON_ID UINT32_C(0xc0000000)
2496	#endif
2497	/** @} */
2498
2499
2500	#ifdef IPRT_NT_USE_WINTERNL
2501
2502	/** For use with KeyBasicInformation. */
2503	typedef struct _KEY_BASIC_INFORMATION
2504	{
2505	LARGE_INTEGER LastWriteTime;
2506	ULONG TitleIndex;
2507	ULONG NameLength;
2508	WCHAR Name[1];
2509	} KEY_BASIC_INFORMATION;
2510	typedef KEY_BASIC_INFORMATION *PKEY_BASIC_INFORMATION;
2511
2512	/** For use with KeyNodeInformation. */
2513	typedef struct _KEY_NODE_INFORMATION
2514	{
2515	LARGE_INTEGER LastWriteTime;
2516	ULONG TitleIndex;
2517	ULONG ClassOffset; /*< Offset from the start of the structure. /
2518	ULONG ClassLength;
2519	ULONG NameLength;
2520	WCHAR Name[1];
2521	} KEY_NODE_INFORMATION;
2522	typedef KEY_NODE_INFORMATION *PKEY_NODE_INFORMATION;
2523
2524	/** For use with KeyFullInformation. */
2525	typedef struct _KEY_FULL_INFORMATION
2526	{
2527	LARGE_INTEGER LastWriteTime;
2528	ULONG TitleIndex;
2529	ULONG ClassOffset; /*< Offset of the Class member. /
2530	ULONG ClassLength;
2531	ULONG SubKeys;
2532	ULONG MaxNameLen;
2533	ULONG MaxClassLen;
2534	ULONG Values;
2535	ULONG MaxValueNameLen;
2536	ULONG MaxValueDataLen;
2537	WCHAR Class[1];
2538	} KEY_FULL_INFORMATION;
2539	typedef KEY_FULL_INFORMATION *PKEY_FULL_INFORMATION;
2540
2541	/** For use with KeyNameInformation. */
2542	typedef struct _KEY_NAME_INFORMATION
2543	{
2544	ULONG NameLength;
2545	WCHAR Name[1];
2546	} KEY_NAME_INFORMATION;
2547	typedef KEY_NAME_INFORMATION *PKEY_NAME_INFORMATION;
2548
2549	/** For use with KeyCachedInformation. */
2550	typedef struct _KEY_CACHED_INFORMATION
2551	{
2552	LARGE_INTEGER LastWriteTime;
2553	ULONG TitleIndex;
2554	ULONG SubKeys;
2555	ULONG MaxNameLen;
2556	ULONG Values;
2557	ULONG MaxValueNameLen;
2558	ULONG MaxValueDataLen;
2559	ULONG NameLength;
2560	} KEY_CACHED_INFORMATION;
2561	typedef KEY_CACHED_INFORMATION *PKEY_CACHED_INFORMATION;
2562
2563	/** For use with KeyVirtualizationInformation. */
2564	typedef struct _KEY_VIRTUALIZATION_INFORMATION
2565	{
2566	ULONG VirtualizationCandidate : 1;
2567	ULONG VirtualizationEnabled : 1;
2568	ULONG VirtualTarget : 1;
2569	ULONG VirtualStore : 1;
2570	ULONG VirtualSource : 1;
2571	ULONG Reserved : 27;
2572	} KEY_VIRTUALIZATION_INFORMATION;
2573	typedef KEY_VIRTUALIZATION_INFORMATION *PKEY_VIRTUALIZATION_INFORMATION;
2574
2575	typedef enum _KEY_INFORMATION_CLASS
2576	{
2577	KeyBasicInformation = 0,
2578	KeyNodeInformation,
2579	KeyFullInformation,
2580	KeyNameInformation,
2581	KeyCachedInformation,
2582	KeyFlagsInformation,
2583	KeyVirtualizationInformation,
2584	KeyHandleTagsInformation,
2585	MaxKeyInfoClass
2586	} KEY_INFORMATION_CLASS;
2587	RT_DECL_NTAPI(NTSTATUS) NtQueryKey(HANDLE, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2588	RT_DECL_NTAPI(NTSTATUS) NtEnumerateKey(HANDLE, ULONG, KEY_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2589
2590	typedef struct _MEMORY_SECTION_NAME
2591	{
2592	UNICODE_STRING SectionFileName;
2593	WCHAR NameBuffer[1];
2594	} MEMORY_SECTION_NAME;
2595
2596	#ifdef IPRT_NT_USE_WINTERNL
2597	typedef struct _PROCESS_BASIC_INFORMATION
2598	{
2599	NTSTATUS ExitStatus;
2600	PPEB PebBaseAddress;
2601	ULONG_PTR AffinityMask;
2602	int32_t BasePriority;
2603	ULONG_PTR UniqueProcessId;
2604	ULONG_PTR InheritedFromUniqueProcessId;
2605	} PROCESS_BASIC_INFORMATION;
2606	typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
2607	#endif
2608
2609	typedef enum _PROCESSINFOCLASS
2610	{
2611	ProcessBasicInformation = 0, /*< 0 / 0x00 /
2612	ProcessQuotaLimits, /*< 1 / 0x01 /
2613	ProcessIoCounters, /*< 2 / 0x02 /
2614	ProcessVmCounters, /*< 3 / 0x03 /
2615	ProcessTimes, /*< 4 / 0x04 /
2616	ProcessBasePriority, /*< 5 / 0x05 /
2617	ProcessRaisePriority, /*< 6 / 0x06 /
2618	ProcessDebugPort, /*< 7 / 0x07 /
2619	ProcessExceptionPort, /*< 8 / 0x08 /
2620	ProcessAccessToken, /*< 9 / 0x09 /
2621	ProcessLdtInformation, /*< 10 / 0x0a /
2622	ProcessLdtSize, /*< 11 / 0x0b /
2623	ProcessDefaultHardErrorMode, /*< 12 / 0x0c /
2624	ProcessIoPortHandlers, /*< 13 / 0x0d /
2625	ProcessPooledUsageAndLimits, /*< 14 / 0x0e /
2626	ProcessWorkingSetWatch, /*< 15 / 0x0f /
2627	ProcessUserModeIOPL, /*< 16 / 0x10 /
2628	ProcessEnableAlignmentFaultFixup, /*< 17 / 0x11 /
2629	ProcessPriorityClass, /*< 18 / 0x12 /
2630	ProcessWx86Information, /*< 19 / 0x13 /
2631	ProcessHandleCount, /*< 20 / 0x14 /
2632	ProcessAffinityMask, /*< 21 / 0x15 /
2633	ProcessPriorityBoost, /*< 22 / 0x16 /
2634	ProcessDeviceMap, /*< 23 / 0x17 /
2635	ProcessSessionInformation, /*< 24 / 0x18 /
2636	ProcessForegroundInformation, /*< 25 / 0x19 /
2637	ProcessWow64Information, /*< 26 / 0x1a /
2638	ProcessImageFileName, /*< 27 / 0x1b /
2639	ProcessLUIDDeviceMapsEnabled, /*< 28 / 0x1c /
2640	ProcessBreakOnTermination, /*< 29 / 0x1d /
2641	ProcessDebugObjectHandle, /*< 30 / 0x1e /
2642	ProcessDebugFlags, /*< 31 / 0x1f /
2643	ProcessHandleTracing, /*< 32 / 0x20 /
2644	ProcessIoPriority, /*< 33 / 0x21 /
2645	ProcessExecuteFlags, /*< 34 / 0x22 /
2646	ProcessTlsInformation, /*< 35 / 0x23 /
2647	ProcessCookie, /*< 36 / 0x24 /
2648	ProcessImageInformation, /*< 37 / 0x25 /
2649	ProcessCycleTime, /*< 38 / 0x26 /
2650	ProcessPagePriority, /*< 39 / 0x27 /
2651	ProcessInstrumentationCallbak, /*< 40 / 0x28 /
2652	ProcessThreadStackAllocation, /*< 41 / 0x29 /
2653	ProcessWorkingSetWatchEx, /*< 42 / 0x2a /
2654	ProcessImageFileNameWin32, /*< 43 / 0x2b /
2655	ProcessImageFileMapping, /*< 44 / 0x2c /
2656	ProcessAffinityUpdateMode, /*< 45 / 0x2d /
2657	ProcessMemoryAllocationMode, /*< 46 / 0x2e /
2658	ProcessGroupInformation, /*< 47 / 0x2f /
2659	ProcessTokenVirtualizationEnabled, /*< 48 / 0x30 /
2660	ProcessOwnerInformation, /*< 49 / 0x31 /
2661	ProcessWindowInformation, /*< 50 / 0x32 /
2662	ProcessHandleInformation, /*< 51 / 0x33 /
2663	ProcessMitigationPolicy, /*< 52 / 0x34 /
2664	ProcessDynamicFunctionTableInformation, /*< 53 / 0x35 /
2665	ProcessHandleCheckingMode, /*< 54 / 0x36 /
2666	ProcessKeepAliveCount, /*< 55 / 0x37 /
2667	ProcessRevokeFileHandles, /*< 56 / 0x38 /
2668	ProcessWorkingSetControl, /*< 57 / 0x39 /
2669	ProcessHandleTable, /*< 58 / 0x3a /
2670	ProcessCheckStackExtentsMode, /*< 59 / 0x3b /
2671	ProcessCommandLineInformation, /*< 60 / 0x3c /
2672	ProcessProtectionInformation, /*< 61 / 0x3d /
2673	ProcessMemoryExhaustion, /*< 62 / 0x3e /
2674	ProcessFaultInformation, /*< 63 / 0x3f /
2675	ProcessTelemetryIdInformation, /*< 64 / 0x40 /
2676	ProcessCommitReleaseInformation, /*< 65 / 0x41 /
2677	ProcessDefaultCpuSetsInformation, /*< 66 / 0x42 - aka ProcessReserved1Information /
2678	ProcessAllowedCpuSetsInformation, /*< 67 / 0x43 - aka ProcessReserved2Information; PROCESS_SET_LIMITED_INFORMATION & audiog.exe; W10 /
2679	ProcessSubsystemProcess, /*< 68 / 0x44 /
2680	ProcessJobMemoryInformation, /*< 69 / 0x45 /
2681	ProcessInPrivate, /*< 70 / 0x46 /
2682	ProcessRaiseUMExceptionOnInvalidHandleClose,/*< 71 / 0x47 /
2683	ProcessIumChallengeResponse, /*< 72 / 0x48 /
2684	ProcessChildProcessInformation, /*< 73 / 0x49 /
2685	ProcessHighGraphicsPriorityInformation, /*< 74 / 0x4a /
2686	ProcessSubsystemInformation, /*< 75 / 0x4b /
2687	ProcessEnergyValues, /*< 76 / 0x4c /
2688	ProcessPowerThrottlingState, /*< 77 / 0x4d /
2689	ProcessReserved3Information, /*< 78 / 0x4e /
2690	ProcessWin32kSyscallFilterInformation, /*< 79 / 0x4f /
2691	ProcessDisableSystemAllowedCpuSets, /*< 80 / 0x50 /
2692	ProcessWakeInformation, /*< 81 / 0x51 /
2693	ProcessEnergyTrackingState, /*< 82 / 0x52 /
2694	ProcessManageWritesToExecutableMemory, /*< 83 / 0x53 /
2695	ProcessCaptureTrustletLiveDump, /*< 84 / 0x54 /
2696	ProcessTelemetryCoverage, /*< 85 / 0x55 /
2697	ProcessEnclaveInformation, /*< 86 / 0x56 /
2698	ProcessEnableReadWriteVmLogging, /*< 87 / 0x57 /
2699	ProcessUptimeInformation, /*< 88 / 0x58 /
2700	ProcessImageSection, /*< 89 / 0x59 /
2701	ProcessDebugAuthInformation, /*< 90 / 0x5a /
2702	ProcessSystemResourceManagement, /*< 92 / 0x5b /
2703	ProcessSequenceNumber, /*< 93 / 0x5c /
2704	MaxProcessInfoClass
2705	} PROCESSINFOCLASS;
2706	AssertCompile(ProcessSequenceNumber == 0x5c);
2707	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2708	#if ARCH_BITS == 32
2709	/** 64-bit API pass thru to WOW64 processes. */
2710	RT_DECL_NTAPI(NTSTATUS) NtWow64QueryInformationProcess64(HANDLE, PROCESSINFOCLASS, PVOID, ULONG, PULONG);
2711	#endif
2712
2713	typedef enum _THREADINFOCLASS
2714	{
2715	ThreadBasicInformation = 0,
2716	ThreadTimes,
2717	ThreadPriority,
2718	ThreadBasePriority,
2719	ThreadAffinityMask,
2720	ThreadImpersonationToken,
2721	ThreadDescriptorTableEntry,
2722	ThreadEnableAlignmentFaultFixup,
2723	ThreadEventPair_Reusable,
2724	ThreadQuerySetWin32StartAddress,
2725	ThreadZeroTlsCell,
2726	ThreadPerformanceCount,
2727	ThreadAmILastThread,
2728	ThreadIdealProcessor,
2729	ThreadPriorityBoost,
2730	ThreadSetTlsArrayAddress,
2731	ThreadIsIoPending,
2732	ThreadHideFromDebugger,
2733	ThreadBreakOnTermination,
2734	ThreadSwitchLegacyState,
2735	ThreadIsTerminated,
2736	ThreadLastSystemCall,
2737	ThreadIoPriority,
2738	ThreadCycleTime,
2739	ThreadPagePriority,
2740	ThreadActualBasePriority,
2741	ThreadTebInformation,
2742	ThreadCSwitchMon,
2743	ThreadCSwitchPmu,
2744	ThreadWow64Context,
2745	ThreadGroupInformation,
2746	ThreadUmsInformation,
2747	ThreadCounterProfiling,
2748	ThreadIdealProcessorEx,
2749	ThreadCpuAccountingInformation,
2750	MaxThreadInfoClass
2751	} THREADINFOCLASS;
2752	RT_DECL_NTAPI(NTSTATUS) NtSetInformationThread(HANDLE, THREADINFOCLASS, LPCVOID, ULONG);
2753
2754	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2755	RT_DECL_NTAPI(NTSTATUS) ZwQueryInformationToken(HANDLE, TOKEN_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2756
2757	RT_DECL_NTAPI(NTSTATUS) NtReadFile(HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2758	RT_DECL_NTAPI(NTSTATUS) NtWriteFile(HANDLE, HANDLE, PIO_APC_ROUTINE, void const *, PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
2759	RT_DECL_NTAPI(NTSTATUS) NtFlushBuffersFile(HANDLE, PIO_STATUS_BLOCK);
2760	RT_DECL_NTAPI(NTSTATUS) NtCancelIoFile(HANDLE, PIO_STATUS_BLOCK);
2761
2762	RT_DECL_NTAPI(NTSTATUS) NtReadVirtualMemory(HANDLE, PVOID, PVOID, SIZE_T, PSIZE_T);
2763	RT_DECL_NTAPI(NTSTATUS) NtWriteVirtualMemory(HANDLE, PVOID, void const *, SIZE_T, PSIZE_T);
2764
2765	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessAllowedAce(PACL, ULONG, ULONG, PSID);
2766	RT_DECL_NTAPI(NTSTATUS) RtlCopySid(ULONG, PSID, PSID);
2767	RT_DECL_NTAPI(NTSTATUS) RtlCreateAcl(PACL, ULONG, ULONG);
2768	RT_DECL_NTAPI(NTSTATUS) RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR, ULONG);
2769	RT_DECL_NTAPI(BOOLEAN) RtlEqualSid(PSID, PSID);
2770	RT_DECL_NTAPI(NTSTATUS) RtlGetVersion(PRTL_OSVERSIONINFOW);
2771	RT_DECL_NTAPI(NTSTATUS) RtlInitializeSid(PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
2772	RT_DECL_NTAPI(NTSTATUS) RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR, BOOLEAN, PACL, BOOLEAN);
2773	RT_DECL_NTAPI(PULONG) RtlSubAuthoritySid(PSID, ULONG);
2774
2775	#endif /* IPRT_NT_USE_WINTERNL */
2776
2777	/** For use with ObjectBasicInformation.
2778	* A watered down version of this struct appears under the name
2779	* PUBLIC_OBJECT_BASIC_INFORMATION in ntifs.h. It only defines
2780	* the first four members, so don't trust the rest. */
2781	typedef struct _OBJECT_BASIC_INFORMATION
2782	{
2783	ULONG Attributes;
2784	ACCESS_MASK GrantedAccess;
2785	ULONG HandleCount;
2786	ULONG PointerCount;
2787	/* Not in ntifs.h: */
2788	ULONG PagedPoolCharge;
2789	ULONG NonPagedPoolCharge;
2790	ULONG Reserved[3];
2791	ULONG NameInfoSize;
2792	ULONG TypeInfoSize;
2793	ULONG SecurityDescriptorSize;
2794	LARGE_INTEGER CreationTime;
2795	} OBJECT_BASIC_INFORMATION;
2796	typedef OBJECT_BASIC_INFORMATION *POBJECT_BASIC_INFORMATION;
2797
2798	/** For use with ObjectHandleFlagInformation. */
2799	typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
2800	{
2801	BOOLEAN Inherit;
2802	BOOLEAN ProtectFromClose;
2803	} OBJECT_HANDLE_FLAG_INFORMATION;
2804	typedef OBJECT_HANDLE_FLAG_INFORMATION *POBJECT_HANDLE_FLAG_INFORMATION;
2805
2806	typedef enum _OBJECT_INFORMATION_CLASS
2807	{
2808	ObjectBasicInformation = 0,
2809	ObjectNameInformation,
2810	ObjectTypeInformation,
2811	ObjectAllInformation,
2812	ObjectHandleFlagInformation,
2813	ObjectSessionInformation,
2814	MaxObjectInfoClass
2815	} OBJECT_INFORMATION_CLASS;
2816	typedef OBJECT_INFORMATION_CLASS *POBJECT_INFORMATION_CLASS;
2817	#ifdef IN_RING0
2818	# define NtQueryObject ZwQueryObject
2819	#endif
2820	RT_DECL_NTAPI(NTSTATUS) NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
2821	RT_DECL_NTAPI(NTSTATUS) NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
2822	RT_DECL_NTAPI(NTSTATUS) NtDuplicateObject(HANDLE, HANDLE, HANDLE, PHANDLE, ACCESS_MASK, ULONG, ULONG);
2823
2824	RT_DECL_NTAPI(NTSTATUS) NtOpenDirectoryObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2825
2826	typedef struct _OBJECT_DIRECTORY_INFORMATION
2827	{
2828	UNICODE_STRING Name;
2829	UNICODE_STRING TypeName;
2830	} OBJECT_DIRECTORY_INFORMATION;
2831	typedef OBJECT_DIRECTORY_INFORMATION *POBJECT_DIRECTORY_INFORMATION;
2832	RT_DECL_NTAPI(NTSTATUS) NtQueryDirectoryObject(HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN, PULONG, PULONG);
2833
2834	RT_DECL_NTAPI(NTSTATUS) NtSuspendProcess(HANDLE);
2835	RT_DECL_NTAPI(NTSTATUS) NtResumeProcess(HANDLE);
2836	/** @name ProcessDefaultHardErrorMode bit definitions.
2837	* @{ */
2838	#define PROCESS_HARDERR_CRITICAL_ERROR UINT32_C(0x00000001) /*< Inverted from the win32 define. /
2839	#define PROCESS_HARDERR_NO_GP_FAULT_ERROR UINT32_C(0x00000002)
2840	#define PROCESS_HARDERR_NO_ALIGNMENT_FAULT_ERROR UINT32_C(0x00000004)
2841	#define PROCESS_HARDERR_NO_OPEN_FILE_ERROR UINT32_C(0x00008000)
2842	/** @} */
2843	RT_DECL_NTAPI(NTSTATUS) NtSetInformationProcess(HANDLE, PROCESSINFOCLASS, PVOID, ULONG);
2844	RT_DECL_NTAPI(NTSTATUS) NtTerminateProcess(HANDLE, LONG);
2845
2846	/** Returned by NtQUerySection with SectionBasicInformation. */
2847	typedef struct _SECTION_BASIC_INFORMATION
2848	{
2849	PVOID BaseAddress;
2850	ULONG AllocationAttributes;
2851	LARGE_INTEGER MaximumSize;
2852	} SECTION_BASIC_INFORMATION;
2853	typedef SECTION_BASIC_INFORMATION *PSECTION_BASIC_INFORMATION;
2854
2855	/** Retured by ProcessImageInformation as well as NtQuerySection. */
2856	typedef struct _SECTION_IMAGE_INFORMATION
2857	{
2858	PVOID TransferAddress;
2859	ULONG ZeroBits;
2860	SIZE_T MaximumStackSize;
2861	SIZE_T CommittedStackSize;
2862	ULONG SubSystemType;
2863	union
2864	{
2865	struct
2866	{
2867	USHORT SubSystemMinorVersion;
2868	USHORT SubSystemMajorVersion;
2869	};
2870	ULONG SubSystemVersion;
2871	};
2872	ULONG GpValue;
2873	USHORT ImageCharacteristics;
2874	USHORT DllCharacteristics;
2875	USHORT Machine;
2876	BOOLEAN ImageContainsCode;
2877	union /*< Since Vista, used to be a spare BOOLEAN. /
2878	{
2879	struct
2880	{
2881	UCHAR ComPlusNativeRead : 1;
2882	UCHAR ComPlusILOnly : 1;
2883	UCHAR ImageDynamicallyRelocated : 1;
2884	UCHAR ImageMAppedFlat : 1;
2885	UCHAR Reserved : 4;
2886	};
2887	UCHAR ImageFlags;
2888	};
2889	ULONG LoaderFlags;
2890	ULONG ImageFileSize; /*< Since XP? /
2891	ULONG CheckSum; /*< Since Vista, Used to be a reserved/spare ULONG. /
2892	} SECTION_IMAGE_INFORMATION;
2893	typedef SECTION_IMAGE_INFORMATION *PSECTION_IMAGE_INFORMATION;
2894
2895	typedef enum _SECTION_INFORMATION_CLASS
2896	{
2897	SectionBasicInformation = 0,
2898	SectionImageInformation,
2899	MaxSectionInfoClass
2900	} SECTION_INFORMATION_CLASS;
2901	RT_DECL_NTAPI(NTSTATUS) NtQuerySection(HANDLE, SECTION_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2902
2903	RT_DECL_NTAPI(NTSTATUS) NtCreateSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, PUNICODE_STRING pTarget);
2904	RT_DECL_NTAPI(NTSTATUS) NtOpenSymbolicLinkObject(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
2905	RT_DECL_NTAPI(NTSTATUS) NtQuerySymbolicLinkObject(HANDLE, PUNICODE_STRING, PULONG);
2906	#ifndef SYMBOLIC_LINK_QUERY
2907	# define SYMBOLIC_LINK_QUERY UINT32_C(0x00000001)
2908	#endif
2909	#ifndef SYMBOLIC_LINK_ALL_ACCESS
2910	# define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED \| SYMBOLIC_LINK_QUERY)
2911	#endif
2912
2913	RT_DECL_NTAPI(NTSTATUS) NtQueryInformationThread(HANDLE, THREADINFOCLASS, PVOID, ULONG, PULONG);
2914	RT_DECL_NTAPI(NTSTATUS) NtResumeThread(HANDLE, PULONG);
2915	RT_DECL_NTAPI(NTSTATUS) NtSuspendThread(HANDLE, PULONG);
2916	RT_DECL_NTAPI(NTSTATUS) NtTerminateThread(HANDLE, LONG);
2917	RT_DECL_NTAPI(NTSTATUS) NtGetContextThread(HANDLE, PCONTEXT);
2918	RT_DECL_NTAPI(NTSTATUS) NtSetContextThread(HANDLE, PCONTEXT);
2919	RT_DECL_NTAPI(NTSTATUS) ZwYieldExecution(void);
2920
2921
2922	#ifndef SEC_FILE
2923	# define SEC_FILE UINT32_C(0x00800000)
2924	#endif
2925	#ifndef SEC_IMAGE
2926	# define SEC_IMAGE UINT32_C(0x01000000)
2927	#endif
2928	#ifndef SEC_PROTECTED_IMAGE
2929	# define SEC_PROTECTED_IMAGE UINT32_C(0x02000000)
2930	#endif
2931	#ifndef SEC_NOCACHE
2932	# define SEC_NOCACHE UINT32_C(0x10000000)
2933	#endif
2934	#ifndef MEM_ROTATE
2935	# define MEM_ROTATE UINT32_C(0x00800000)
2936	#endif
2937	typedef enum _MEMORY_INFORMATION_CLASS
2938	{
2939	MemoryBasicInformation = 0,
2940	MemoryWorkingSetList,
2941	MemorySectionName,
2942	MemoryBasicVlmInformation
2943	} MEMORY_INFORMATION_CLASS;
2944	#ifdef IN_RING0
2945	typedef struct _MEMORY_BASIC_INFORMATION
2946	{
2947	PVOID BaseAddress;
2948	PVOID AllocationBase;
2949	ULONG AllocationProtect;
2950	SIZE_T RegionSize;
2951	ULONG State;
2952	ULONG Protect;
2953	ULONG Type;
2954	} MEMORY_BASIC_INFORMATION;
2955	typedef MEMORY_BASIC_INFORMATION *PMEMORY_BASIC_INFORMATION;
2956	# define NtQueryVirtualMemory ZwQueryVirtualMemory
2957	#endif
2958	RT_DECL_NTAPI(NTSTATUS) NtQueryVirtualMemory(HANDLE, void const *, MEMORY_INFORMATION_CLASS, PVOID, SIZE_T, PSIZE_T);
2959	#ifdef IPRT_NT_USE_WINTERNL
2960	RT_DECL_NTAPI(NTSTATUS) NtAllocateVirtualMemory(HANDLE, PVOID *, ULONG, PSIZE_T, ULONG, ULONG);
2961	#endif
2962	RT_DECL_NTAPI(NTSTATUS) NtFreeVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG);
2963	RT_DECL_NTAPI(NTSTATUS) NtProtectVirtualMemory(HANDLE, PVOID *, PSIZE_T, ULONG, PULONG);
2964
2965	typedef enum _SYSTEM_INFORMATION_CLASS
2966	{
2967	SystemBasicInformation = 0,
2968	SystemCpuInformation,
2969	SystemPerformanceInformation,
2970	SystemTimeOfDayInformation,
2971	SystemInformation_Unknown_4,
2972	SystemProcessInformation,
2973	SystemInformation_Unknown_6,
2974	SystemInformation_Unknown_7,
2975	SystemProcessorPerformanceInformation,
2976	SystemInformation_Unknown_9,
2977	SystemInformation_Unknown_10,
2978	SystemModuleInformation,
2979	SystemInformation_Unknown_12,
2980	SystemInformation_Unknown_13,
2981	SystemInformation_Unknown_14,
2982	SystemInformation_Unknown_15,
2983	SystemHandleInformation,
2984	SystemInformation_Unknown_17,
2985	SystemPageFileInformation,
2986	SystemInformation_Unknown_19,
2987	SystemInformation_Unknown_20,
2988	SystemCacheInformation,
2989	SystemInformation_Unknown_22,
2990	SystemInterruptInformation,
2991	SystemDpcBehaviourInformation,
2992	SystemFullMemoryInformation,
2993	SystemLoadGdiDriverInformation, /* 26 */
2994	SystemUnloadGdiDriverInformation, /* 27 */
2995	SystemTimeAdjustmentInformation,
2996	SystemSummaryMemoryInformation,
2997	SystemInformation_Unknown_30,
2998	SystemInformation_Unknown_31,
2999	SystemInformation_Unknown_32,
3000	SystemExceptionInformation,
3001	SystemCrashDumpStateInformation,
3002	SystemKernelDebuggerInformation,
3003	SystemContextSwitchInformation,
3004	SystemRegistryQuotaInformation,
3005	SystemInformation_Unknown_38,
3006	SystemInformation_Unknown_39,
3007	SystemInformation_Unknown_40,
3008	SystemInformation_Unknown_41,
3009	SystemInformation_Unknown_42,
3010	SystemInformation_Unknown_43,
3011	SystemCurrentTimeZoneInformation,
3012	SystemLookasideInformation,
3013	SystemSetTimeSlipEvent,
3014	SystemCreateSession,
3015	SystemDeleteSession,
3016	SystemInformation_Unknown_49,
3017	SystemRangeStartInformation,
3018	SystemVerifierInformation,
3019	SystemInformation_Unknown_52,
3020	SystemSessionProcessInformation,
3021	SystemLoadGdiDriverInSystemSpaceInformation, /* 54 */
3022	SystemInformation_Unknown_55,
3023	SystemInformation_Unknown_56,
3024	SystemExtendedProcessInformation,
3025	SystemInformation_Unknown_58,
3026	SystemInformation_Unknown_59,
3027	SystemInformation_Unknown_60,
3028	SystemInformation_Unknown_61,
3029	SystemInformation_Unknown_62,
3030	SystemInformation_Unknown_63,
3031	SystemExtendedHandleInformation, /* 64 */
3032	SystemInformation_Unknown_65,
3033	SystemInformation_Unknown_66,
3034	SystemInformation_Unknown_67, /*< See https://www.geoffchappell.com/studies/windows/km/ntoskrnl/api/ex/sysinfo/codeintegrity.htm /
3035	SystemInformation_Unknown_68,
3036	SystemInformation_HotPatchInfo, /* 69 */
3037	SystemInformation_Unknown_70,
3038	SystemInformation_Unknown_71,
3039	SystemInformation_Unknown_72,
3040	SystemInformation_Unknown_73,
3041	SystemInformation_Unknown_74,
3042	SystemInformation_Unknown_75,
3043	SystemInformation_Unknown_76,
3044	SystemInformation_Unknown_77,
3045	SystemInformation_Unknown_78,
3046	SystemInformation_Unknown_79,
3047	SystemInformation_Unknown_80,
3048	SystemInformation_Unknown_81,
3049	SystemInformation_Unknown_82,
3050	SystemInformation_Unknown_83,
3051	SystemInformation_Unknown_84,
3052	SystemInformation_Unknown_85,
3053	SystemInformation_Unknown_86,
3054	SystemInformation_Unknown_87,
3055	SystemInformation_Unknown_88,
3056	SystemInformation_Unknown_89,
3057	SystemInformation_Unknown_90,
3058	SystemInformation_Unknown_91,
3059	SystemInformation_Unknown_92,
3060	SystemInformation_Unknown_93,
3061	SystemInformation_Unknown_94,
3062	SystemInformation_Unknown_95,
3063	SystemInformation_KiOpPrefetchPatchCount, /* 96 */
3064	SystemInformation_Unknown_97,
3065	SystemInformation_Unknown_98,
3066	SystemInformation_Unknown_99,
3067	SystemInformation_Unknown_100,
3068	SystemInformation_Unknown_101,
3069	SystemInformation_Unknown_102,
3070	SystemInformation_Unknown_103,
3071	SystemInformation_Unknown_104,
3072	SystemInformation_Unknown_105,
3073	SystemInformation_Unknown_107,
3074	SystemInformation_GetLogicalProcessorInformationEx, /* 107 */
3075
3076	/** @todo fill gap. they've added a whole bunch of things */
3077	SystemPolicyInformation = 134,
3078	SystemInformationClassMax
3079	} SYSTEM_INFORMATION_CLASS;
3080
3081	#ifdef IPRT_NT_USE_WINTERNL
3082	typedef struct _VM_COUNTERS
3083	{
3084	SIZE_T PeakVirtualSize;
3085	SIZE_T VirtualSize;
3086	ULONG PageFaultCount;
3087	SIZE_T PeakWorkingSetSize;
3088	SIZE_T WorkingSetSize;
3089	SIZE_T QuotaPeakPagedPoolUsage;
3090	SIZE_T QuotaPagedPoolUsage;
3091	SIZE_T QuotaPeakNonPagedPoolUsage;
3092	SIZE_T QuotaNonPagedPoolUsage;
3093	SIZE_T PagefileUsage;
3094	SIZE_T PeakPagefileUsage;
3095	} VM_COUNTERS;
3096	typedef VM_COUNTERS *PVM_COUNTERS;
3097	#endif
3098
3099	#if 0
3100	typedef struct _IO_COUNTERS
3101	{
3102	ULONGLONG ReadOperationCount;
3103	ULONGLONG WriteOperationCount;
3104	ULONGLONG OtherOperationCount;
3105	ULONGLONG ReadTransferCount;
3106	ULONGLONG WriteTransferCount;
3107	ULONGLONG OtherTransferCount;
3108	} IO_COUNTERS;
3109	typedef IO_COUNTERS *PIO_COUNTERS;
3110	#endif
3111
3112	typedef struct _RTNT_SYSTEM_PROCESS_INFORMATION
3113	{
3114	ULONG NextEntryOffset; /*< 0x00 / 0x00 /
3115	ULONG NumberOfThreads; /*< 0x04 / 0x04 /
3116	LARGE_INTEGER Reserved1[3]; /*< 0x08 / 0x08 /
3117	LARGE_INTEGER CreationTime; /*< 0x20 / 0x20 /
3118	LARGE_INTEGER UserTime; /*< 0x28 / 0x28 /
3119	LARGE_INTEGER KernelTime; /*< 0x30 / 0x30 /
3120	UNICODE_STRING ProcessName; /*< 0x38 / 0x38 Clean unicode encoding? /
3121	int32_t BasePriority; /*< 0x40 / 0x48 /
3122	HANDLE UniqueProcessId; /*< 0x44 / 0x50 /
3123	HANDLE ParentProcessId; /*< 0x48 / 0x58 /
3124	ULONG HandleCount; /*< 0x4c / 0x60 /
3125	ULONG Reserved2; /*< 0x50 / 0x64 Session ID? /
3126	ULONG_PTR Reserved3; /*< 0x54 / 0x68 /
3127	VM_COUNTERS VmCounters; /*< 0x58 / 0x70 /
3128	IO_COUNTERS IoCounters; /*< 0x88 / 0xd0 Might not be present in earlier windows versions. /
3129	/* After this follows the threads, then the ProcessName.Buffer. */
3130	} RTNT_SYSTEM_PROCESS_INFORMATION;
3131	typedef RTNT_SYSTEM_PROCESS_INFORMATION *PRTNT_SYSTEM_PROCESS_INFORMATION;
3132	#ifndef IPRT_NT_USE_WINTERNL
3133	typedef RTNT_SYSTEM_PROCESS_INFORMATION SYSTEM_PROCESS_INFORMATION;
3134	typedef SYSTEM_PROCESS_INFORMATION *PSYSTEM_PROCESS_INFORMATION;
3135	#endif
3136
3137	typedef struct _SYSTEM_HANDLE_ENTRY_INFO
3138	{
3139	USHORT UniqueProcessId;
3140	USHORT CreatorBackTraceIndex;
3141	UCHAR ObjectTypeIndex;
3142	UCHAR HandleAttributes;
3143	USHORT HandleValue;
3144	PVOID Object;
3145	ULONG GrantedAccess;
3146	} SYSTEM_HANDLE_ENTRY_INFO;
3147	typedef SYSTEM_HANDLE_ENTRY_INFO *PSYSTEM_HANDLE_ENTRY_INFO;
3148
3149	/** Returned by SystemHandleInformation */
3150	typedef struct _SYSTEM_HANDLE_INFORMATION
3151	{
3152	ULONG NumberOfHandles;
3153	SYSTEM_HANDLE_ENTRY_INFO Handles[1];
3154	} SYSTEM_HANDLE_INFORMATION;
3155	typedef SYSTEM_HANDLE_INFORMATION *PSYSTEM_HANDLE_INFORMATION;
3156
3157	/** Extended handle information entry.
3158	* @remarks 3 x PVOID + 4 x ULONG = 28 bytes on 32-bit / 40 bytes on 64-bit */
3159	typedef struct _SYSTEM_HANDLE_ENTRY_INFO_EX
3160	{
3161	PVOID Object;
3162	HANDLE UniqueProcessId;
3163	HANDLE HandleValue;
3164	ACCESS_MASK GrantedAccess;
3165	USHORT CreatorBackTraceIndex;
3166	USHORT ObjectTypeIndex;
3167	ULONG HandleAttributes;
3168	ULONG Reserved;
3169	} SYSTEM_HANDLE_ENTRY_INFO_EX;
3170	typedef SYSTEM_HANDLE_ENTRY_INFO_EX *PSYSTEM_HANDLE_ENTRY_INFO_EX;
3171
3172	/** Returned by SystemExtendedHandleInformation. */
3173	typedef struct _SYSTEM_HANDLE_INFORMATION_EX
3174	{
3175	ULONG_PTR NumberOfHandles;
3176	ULONG_PTR Reserved;
3177	SYSTEM_HANDLE_ENTRY_INFO_EX Handles[1];
3178	} SYSTEM_HANDLE_INFORMATION_EX;
3179	typedef SYSTEM_HANDLE_INFORMATION_EX *PSYSTEM_HANDLE_INFORMATION_EX;
3180
3181	/** Returned by SystemSessionProcessInformation. */
3182	typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION
3183	{
3184	ULONG SessionId;
3185	ULONG BufferLength;
3186	/** Return buffer, SYSTEM_PROCESS_INFORMATION entries. */
3187	PVOID Buffer;
3188	} SYSTEM_SESSION_PROCESS_INFORMATION;
3189	typedef SYSTEM_SESSION_PROCESS_INFORMATION *PSYSTEM_SESSION_PROCESS_INFORMATION;
3190
3191	typedef struct _RTL_PROCESS_MODULE_INFORMATION
3192	{
3193	HANDLE Section; /*< 0x00 / 0x00 /
3194	PVOID MappedBase; /*< 0x04 / 0x08 /
3195	PVOID ImageBase; /*< 0x08 / 0x10 /
3196	ULONG ImageSize; /*< 0x0c / 0x18 /
3197	ULONG Flags; /*< 0x10 / 0x1c /
3198	USHORT LoadOrderIndex; /*< 0x14 / 0x20 /
3199	USHORT InitOrderIndex; /*< 0x16 / 0x22 /
3200	USHORT LoadCount; /*< 0x18 / 0x24 /
3201	USHORT OffsetToFileName; /*< 0x1a / 0x26 /
3202	UCHAR FullPathName[256]; /*< 0x1c / 0x28 /
3203	} RTL_PROCESS_MODULE_INFORMATION;
3204	typedef RTL_PROCESS_MODULE_INFORMATION *PRTL_PROCESS_MODULE_INFORMATION;
3205
3206	/** Returned by SystemModuleInformation. */
3207	typedef struct _RTL_PROCESS_MODULES
3208	{
3209	ULONG NumberOfModules;
3210	RTL_PROCESS_MODULE_INFORMATION Modules[1]; /*< 0x04 / 0x08 /
3211	} RTL_PROCESS_MODULES;
3212	typedef RTL_PROCESS_MODULES *PRTL_PROCESS_MODULES;
3213
3214	RT_DECL_NTAPI(NTSTATUS) NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3215	#ifndef IPRT_NT_MAP_TO_ZW
3216	RT_DECL_NTAPI(NTSTATUS) ZwQuerySystemInformation(SYSTEM_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3217	#endif
3218
3219	RT_DECL_NTAPI(NTSTATUS) NtSetTimerResolution(ULONG cNtTicksWanted, BOOLEAN fSetResolution, PULONG pcNtTicksCur);
3220	RT_DECL_NTAPI(NTSTATUS) NtQueryTimerResolution(PULONG pcNtTicksMin, PULONG pcNtTicksMax, PULONG pcNtTicksCur);
3221
3222	RT_DECL_NTAPI(NTSTATUS) NtDelayExecution(BOOLEAN, PLARGE_INTEGER);
3223	RT_DECL_NTAPI(NTSTATUS) NtYieldExecution(void);
3224	#ifndef IPRT_NT_USE_WINTERNL
3225	RT_DECL_NTAPI(NTSTATUS) NtWaitForSingleObject(HANDLE, BOOLEAN PLARGE_INTEGER);
3226	#endif
3227	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTWAITFORSINGLEOBJECT)(HANDLE, BOOLEAN, PLARGE_INTEGER);
3228	typedef enum _OBJECT_WAIT_TYPE { WaitAllObjects = 0, WaitAnyObject = 1, ObjectWaitTypeHack = 0x7fffffff } OBJECT_WAIT_TYPE;
3229	RT_DECL_NTAPI(NTSTATUS) NtWaitForMultipleObjects(ULONG, PHANDLE, OBJECT_WAIT_TYPE, BOOLEAN, PLARGE_INTEGER);
3230
3231	RT_DECL_NTAPI(NTSTATUS) NtQuerySecurityObject(HANDLE, ULONG, PSECURITY_DESCRIPTOR, ULONG, PULONG);
3232
3233	#ifdef IPRT_NT_USE_WINTERNL
3234	typedef enum _EVENT_TYPE
3235	{
3236	/* Manual reset event. */
3237	NotificationEvent = 0,
3238	/* Automaitc reset event. */
3239	SynchronizationEvent
3240	} EVENT_TYPE;
3241	#endif
3242	RT_DECL_NTAPI(NTSTATUS) NtCreateEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE, BOOLEAN);
3243	RT_DECL_NTAPI(NTSTATUS) NtOpenEvent(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3244	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTCLEAREVENT)(HANDLE);
3245	RT_DECL_NTAPI(NTSTATUS) NtClearEvent(HANDLE);
3246	RT_DECL_NTAPI(NTSTATUS) NtResetEvent(HANDLE, PULONG);
3247	RT_DECL_NTAPI(NTSTATUS) NtSetEvent(HANDLE, PULONG);
3248	typedef NTSYSAPI NTSTATUS (NTAPI *PFNNTSETEVENT)(HANDLE, PULONG);
3249	typedef enum _EVENT_INFORMATION_CLASS
3250	{
3251	EventBasicInformation = 0
3252	} EVENT_INFORMATION_CLASS;
3253	/** Data returned by NtQueryEvent + EventBasicInformation. */
3254	typedef struct EVENT_BASIC_INFORMATION
3255	{
3256	EVENT_TYPE EventType;
3257	ULONG EventState;
3258	} EVENT_BASIC_INFORMATION;
3259	typedef EVENT_BASIC_INFORMATION *PEVENT_BASIC_INFORMATION;
3260	RT_DECL_NTAPI(NTSTATUS) NtQueryEvent(HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3261
3262	#ifdef IPRT_NT_USE_WINTERNL
3263	/** For NtQueryValueKey. */
3264	typedef enum _KEY_VALUE_INFORMATION_CLASS
3265	{
3266	KeyValueBasicInformation = 0,
3267	KeyValueFullInformation,
3268	KeyValuePartialInformation,
3269	KeyValueFullInformationAlign64,
3270	KeyValuePartialInformationAlign64
3271	} KEY_VALUE_INFORMATION_CLASS;
3272
3273	/** KeyValuePartialInformation and KeyValuePartialInformationAlign64 struct. */
3274	typedef struct _KEY_VALUE_PARTIAL_INFORMATION
3275	{
3276	ULONG TitleIndex;
3277	ULONG Type;
3278	ULONG DataLength;
3279	UCHAR Data[1];
3280	} KEY_VALUE_PARTIAL_INFORMATION;
3281	typedef KEY_VALUE_PARTIAL_INFORMATION *PKEY_VALUE_PARTIAL_INFORMATION;
3282	#endif
3283	RT_DECL_NTAPI(NTSTATUS) NtOpenKey(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
3284	RT_DECL_NTAPI(NTSTATUS) NtQueryValueKey(HANDLE, PUNICODE_STRING, KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
3285
3286
3287	RT_DECL_NTAPI(NTSTATUS) RtlAddAccessDeniedAce(PACL, ULONG, ULONG, PSID);
3288
3289
3290	typedef struct _CURDIR
3291	{
3292	UNICODE_STRING DosPath;
3293	HANDLE Handle; /*< 0x10 / 0x08 /
3294	} CURDIR;
3295	AssertCompileSize(CURDIR, ARCH_BITS == 32 ? 0x0c : 0x18);
3296	typedef CURDIR *PCURDIR;
3297
3298	typedef struct _RTL_DRIVE_LETTER_CURDIR
3299	{
3300	USHORT Flags;
3301	USHORT Length;
3302	ULONG TimeStamp;
3303	STRING DosPath; /*< Yeah, it's STRING according to dt ntdll!_RTL_DRIVE_LETTER_CURDIR. /
3304	} RTL_DRIVE_LETTER_CURDIR;
3305	typedef RTL_DRIVE_LETTER_CURDIR *PRTL_DRIVE_LETTER_CURDIR;
3306
3307	typedef struct _RTL_USER_PROCESS_PARAMETERS
3308	{
3309	ULONG MaximumLength; /*< 0x000 / 0x000 /
3310	ULONG Length; /*< 0x004 / 0x004 /
3311	ULONG Flags; /*< 0x008 / 0x008 /
3312	ULONG DebugFlags; /*< 0x00c / 0x00c /
3313	HANDLE ConsoleHandle; /*< 0x010 / 0x010 /
3314	ULONG ConsoleFlags; /*< 0x018 / 0x014 /
3315	HANDLE StandardInput; /*< 0x020 / 0x018 /
3316	HANDLE StandardOutput; /*< 0x028 / 0x01c /
3317	HANDLE StandardError; /*< 0x030 / 0x020 /
3318	CURDIR CurrentDirectory; /*< 0x038 / 0x024 /
3319	UNICODE_STRING DllPath; /*< 0x050 / 0x030 /
3320	UNICODE_STRING ImagePathName; /*< 0x060 / 0x038 /
3321	UNICODE_STRING CommandLine; /*< 0x070 / 0x040 /
3322	PWSTR Environment; /*< 0x080 / 0x048 /
3323	ULONG StartingX; /*< 0x088 / 0x04c /
3324	ULONG StartingY; /*< 0x090 / 0x050 /
3325	ULONG CountX; /*< 0x094 / 0x054 /
3326	ULONG CountY; /*< 0x098 / 0x058 /
3327	ULONG CountCharsX; /*< 0x09c / 0x05c /
3328	ULONG CountCharsY; /*< 0x0a0 / 0x060 /
3329	ULONG FillAttribute; /*< 0x0a4 / 0x064 /
3330	ULONG WindowFlags; /*< 0x0a8 / 0x068 /
3331	ULONG ShowWindowFlags; /*< 0x0ac / 0x06c /
3332	UNICODE_STRING WindowTitle; /*< 0x0b0 / 0x070 /
3333	UNICODE_STRING DesktopInfo; /*< 0x0c0 / 0x078 /
3334	UNICODE_STRING ShellInfo; /*< 0x0d0 / 0x080 /
3335	UNICODE_STRING RuntimeInfo; /*< 0x0e0 / 0x088 /
3336	RTL_DRIVE_LETTER_CURDIR CurrentDirectories[0x20]; /*< 0x0f0 / 0x090 /
3337	SIZE_T EnvironmentSize; /*< 0x3f0 / 0x - Added in Vista /
3338	SIZE_T EnvironmentVersion; /*< 0x3f8 / 0x - Added in Windows 7. /
3339	PVOID PackageDependencyData; /*< 0x400 / 0x - Added Windows 8? /
3340	ULONG ProcessGroupId; /*< 0x408 / 0x - Added Windows 8? /
3341	ULONG LoaderThreads; /*< 0x40c / 0x - Added Windows 10? /
3342	} RTL_USER_PROCESS_PARAMETERS;
3343	typedef RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
3344	#define RTL_USER_PROCESS_PARAMS_FLAG_NORMALIZED 1
3345
3346	typedef struct _RTL_USER_PROCESS_INFORMATION
3347	{
3348	ULONG Size;
3349	HANDLE ProcessHandle;
3350	HANDLE ThreadHandle;
3351	CLIENT_ID ClientId;
3352	SECTION_IMAGE_INFORMATION ImageInformation;
3353	} RTL_USER_PROCESS_INFORMATION;
3354	typedef RTL_USER_PROCESS_INFORMATION *PRTL_USER_PROCESS_INFORMATION;
3355
3356
3357	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserProcess(PUNICODE_STRING, ULONG, PRTL_USER_PROCESS_PARAMETERS, PSECURITY_DESCRIPTOR,
3358	PSECURITY_DESCRIPTOR, HANDLE, BOOLEAN, HANDLE, HANDLE, PRTL_USER_PROCESS_INFORMATION);
3359	RT_DECL_NTAPI(NTSTATUS) RtlCreateProcessParameters(PRTL_USER_PROCESS_PARAMETERS *, PUNICODE_STRING ImagePathName,
3360	PUNICODE_STRING DllPath, PUNICODE_STRING CurrentDirectory,
3361	PUNICODE_STRING CommandLine, PUNICODE_STRING Environment,
3362	PUNICODE_STRING WindowTitle, PUNICODE_STRING DesktopInfo,
3363	PUNICODE_STRING ShellInfo, PUNICODE_STRING RuntimeInfo);
3364	RT_DECL_NTAPI(VOID) RtlDestroyProcessParameters(PRTL_USER_PROCESS_PARAMETERS);
3365	RT_DECL_NTAPI(NTSTATUS) RtlCreateUserThread(HANDLE, PSECURITY_DESCRIPTOR, BOOLEAN, ULONG, SIZE_T, SIZE_T,
3366	PFNRT, PVOID, PHANDLE, PCLIENT_ID);
3367
3368	#ifndef RTL_CRITICAL_SECTION_FLAG_NO_DEBUG_INFO
3369	typedef struct _RTL_CRITICAL_SECTION
3370	{
3371	struct _RTL_CRITICAL_SECTION_DEBUG *DebugInfo;
3372	LONG LockCount;
3373	LONG Recursioncount;
3374	HANDLE OwningThread;
3375	HANDLE LockSemaphore;
3376	ULONG_PTR SpinCount;
3377	} RTL_CRITICAL_SECTION;
3378	typedef RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
3379	#endif
3380
3381	/RT_DECL_NTAPI(ULONG) RtlNtStatusToDosError(NTSTATUS rcNt);/
3382
3383	/** @def RTL_QUERY_REGISTRY_TYPECHECK
3384	* WDK 8.1+, backported in updates, ignored in older. */
3385	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK) \|\| defined(DOXYGEN_RUNNING)
3386	# define RTL_QUERY_REGISTRY_TYPECHECK UINT32_C(0x00000100)
3387	#endif
3388	/** @def RTL_QUERY_REGISTRY_TYPECHECK_SHIFT
3389	* WDK 8.1+, backported in updates, ignored in older. */
3390	#if !defined(RTL_QUERY_REGISTRY_TYPECHECK_SHIFT) \|\| defined(DOXYGEN_RUNNING)
3391	# define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
3392	#endif
3393
3394	RT_DECL_NTAPI(VOID) RtlFreeUnicodeString(PUNICODE_STRING);
3395
3396	RT_C_DECLS_END
3397	/** @} */
3398
3399
3400	#if defined(IN_RING0) \|\| defined(DOXYGEN_RUNNING)
3401	/** @name NT Kernel APIs
3402	* @{ */
3403	RT_C_DECLS_BEGIN
3404
3405	typedef ULONG KEPROCESSORINDEX; /*< Bitmap indexes != process numbers, apparently. /
3406
3407	RT_DECL_NTAPI(VOID) KeInitializeAffinityEx(PKAFFINITY_EX pAffinity);
3408	typedef VOID (NTAPI *PFNKEINITIALIZEAFFINITYEX)(PKAFFINITY_EX pAffinity);
3409	RT_DECL_NTAPI(VOID) KeAddProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3410	typedef VOID (NTAPI *PFNKEADDPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3411	RT_DECL_NTAPI(VOID) KeRemoveProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3412	typedef VOID (NTAPI *PFNKEREMOVEPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3413	RT_DECL_NTAPI(BOOLEAN) KeInterlockedSetProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3414	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDSETPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3415	RT_DECL_NTAPI(BOOLEAN) KeInterlockedClearProcessorAffinityEx(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3416	typedef BOOLEAN (NTAPI *PFNKEINTERLOCKEDCLEARPROCESSORAFFINITYEX)(PKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3417	RT_DECL_NTAPI(BOOLEAN) KeCheckProcessorAffinityEx(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3418	typedef BOOLEAN (NTAPI *PFNKECHECKPROCESSORAFFINITYEX)(PCKAFFINITY_EX pAffinity, KEPROCESSORINDEX idxProcessor);
3419	RT_DECL_NTAPI(VOID) KeCopyAffinityEx(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3420	typedef VOID (NTAPI *PFNKECOPYAFFINITYEX)(PKAFFINITY_EX pDst, PCKAFFINITY_EX pSrc);
3421	RT_DECL_NTAPI(VOID) KeComplementAffinityEx(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3422	typedef VOID (NTAPI *PFNKECOMPLEMENTAFFINITYEX)(PKAFFINITY_EX pResult, PCKAFFINITY_EX pIn);
3423	RT_DECL_NTAPI(BOOLEAN) KeAndAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3424	typedef BOOLEAN (NTAPI *PFNKEANDAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3425	RT_DECL_NTAPI(BOOLEAN) KeOrAffinityEx(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3426	typedef BOOLEAN (NTAPI *PFNKEORAFFINITYEX)(PCKAFFINITY_EX pIn1, PCKAFFINITY_EX pIn2, PKAFFINITY_EX pResult OPTIONAL);
3427	/** Works like anding the complemented subtrahend with the minuend. */
3428	RT_DECL_NTAPI(BOOLEAN) KeSubtractAffinityEx(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3429	typedef BOOLEAN (NTAPI *PFNKESUBTRACTAFFINITYEX)(PCKAFFINITY_EX pMinuend, PCKAFFINITY_EX pSubtrahend, PKAFFINITY_EX pResult OPTIONAL);
3430	RT_DECL_NTAPI(BOOLEAN) KeIsEqualAffinityEx(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3431	typedef BOOLEAN (NTAPI *PFNKEISEQUALAFFINITYEX)(PCKAFFINITY_EX pLeft, PCKAFFINITY_EX pRight);
3432	RT_DECL_NTAPI(BOOLEAN) KeIsEmptyAffinityEx(PCKAFFINITY_EX pAffinity);
3433	typedef BOOLEAN (NTAPI *PFNKEISEMPTYAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3434	RT_DECL_NTAPI(BOOLEAN) KeIsSubsetAffinityEx(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3435	typedef BOOLEAN (NTAPI *PFNKEISSUBSETAFFINITYEX)(PCKAFFINITY_EX pSubset, PCKAFFINITY_EX pSuperSet);
3436	RT_DECL_NTAPI(ULONG) KeCountSetBitsAffinityEx(PCKAFFINITY_EX pAffinity);
3437	typedef ULONG (NTAPI *PFNKECOUNTSETAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3438	RT_DECL_NTAPI(KEPROCESSORINDEX) KeFindFirstSetLeftAffinityEx(PCKAFFINITY_EX pAffinity);
3439	typedef KEPROCESSORINDEX (NTAPI *PFNKEFINDFIRSTSETLEFTAFFINITYEX)(PCKAFFINITY_EX pAffinity);
3440	typedef NTSTATUS (NTAPI *PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX idxProcessor, PPROCESSOR_NUMBER pProcNumber);
3441	typedef KEPROCESSORINDEX (NTAPI PFNKEGETPROCESSORINDEXFROMNUMBER)(const PROCESSOR_NUMBER pProcNumber);
3442	typedef NTSTATUS (NTAPI PFNKEGETPROCESSORNUMBERFROMINDEX)(KEPROCESSORINDEX ProcIndex, PROCESSOR_NUMBER pProcNumber);
3443	typedef KEPROCESSORINDEX (NTAPI PFNKEGETCURRENTPROCESSORNUMBEREX)(const PROCESSOR_NUMBER pProcNumber);
3444	typedef KAFFINITY (NTAPI *PFNKEQUERYACTIVEPROCESSORS)(VOID);
3445	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNT)(VOID);
3446	typedef ULONG (NTAPI *PFNKEQUERYMAXIMUMPROCESSORCOUNTEX)(USHORT GroupNumber);
3447	typedef USHORT (NTAPI *PFNKEQUERYMAXIMUMGROUPCOUNT)(VOID);
3448	typedef ULONG (NTAPI PFNKEQUERYACTIVEPROCESSORCOUNT)(KAFFINITY pfActiveProcessors);
3449	typedef ULONG (NTAPI *PFNKEQUERYACTIVEPROCESSORCOUNTEX)(USHORT GroupNumber);
3450	typedef NTSTATUS (NTAPI PFNKEQUERYLOGICALPROCESSORRELATIONSHIP)(PROCESSOR_NUMBER pProcNumber,
3451	LOGICAL_PROCESSOR_RELATIONSHIP RelationShipType,
3452	SYSTEM_LOGICAL_PROCESSOR_INFORMATION_EX *pInfo, PULONG pcbInfo);
3453	typedef PVOID (NTAPI PFNKEREGISTERPROCESSORCHANGECALLBACK)(PPROCESSOR_CALLBACK_FUNCTION pfnCallback, void pvUser, ULONG fFlags);
3454	typedef VOID (NTAPI *PFNKEDEREGISTERPROCESSORCHANGECALLBACK)(PVOID pvCallback);
3455	typedef NTSTATUS (NTAPI PFNKESETTARGETPROCESSORDPCEX)(KDPC pDpc, PROCESSOR_NUMBER *pProcNumber);
3456	typedef LOGICAL (NTAPI *PFNKESHOULDYIELDPROCESSOR)(void);
3457
3458	RT_DECL_NTAPI(BOOLEAN) ObFindHandleForObject(PEPROCESS pProcess, PVOID pvObject, POBJECT_TYPE pObjectType,
3459	PVOID pvOptionalConditions, PHANDLE phFound);
3460	RT_DECL_NTAPI(NTSTATUS) ObReferenceObjectByName(PUNICODE_STRING pObjectPath, ULONG fAttributes, PACCESS_STATE pAccessState,
3461	ACCESS_MASK fDesiredAccess, POBJECT_TYPE pObjectType,
3462	KPROCESSOR_MODE enmAccessMode, PVOID pvParseContext, PVOID *ppvObject);
3463	RT_DECL_NTAPI(HANDLE) PsGetProcessInheritedFromUniqueProcessId(PEPROCESS);
3464	RT_DECL_NTAPI(UCHAR *) PsGetProcessImageFileName(PEPROCESS);
3465	RT_DECL_NTAPI(BOOLEAN) PsIsProcessBeingDebugged(PEPROCESS);
3466	RT_DECL_NTAPI(ULONG) PsGetProcessSessionId(PEPROCESS);
3467	extern DECLIMPORT(POBJECT_TYPE ) LpcPortObjectType; /< In vista+ this is the ALPC port object type. /
3468	extern DECLIMPORT(POBJECT_TYPE ) LpcWaitablePortObjectType; /< In vista+ this is the ALPC port object type. /
3469
3470	typedef VOID (NTAPI *PFNHALREQUESTIPI_PRE_W7)(KAFFINITY TargetSet);
3471	typedef VOID (NTAPI *PFNHALREQUESTIPI_W7PLUS)(ULONG uUsuallyZero, PCKAFFINITY_EX pTargetSet);
3472
3473	RT_C_DECLS_END
3474	/** @ */
3475	#endif /* IN_RING0 */
3476
3477
3478	#if defined(IN_RING3) \|\| defined(DOXYGEN_RUNNING)
3479	/** @name NT Userland APIs
3480	* @{ */
3481	RT_C_DECLS_BEGIN
3482
3483	#if 0 /** @todo figure this out some time... */
3484	typedef struct CSR_MSG_DATA_CREATED_PROCESS
3485	{
3486	HANDLE hProcess;
3487	HANDLE hThread;
3488	CLIENT_ID
3489	DWORD idProcess;
3490	DWORD idThread;
3491	DWORD fCreate;
3492
3493	} CSR_MSG_DATA_CREATED_PROCESS;
3494
3495	#define CSR_MSG_NO_CREATED_PROCESS UINT32_C(0x10000)
3496	#define CSR_MSG_NO_CREATED_THREAD UINT32_C(0x10001)
3497	RT_DECL_NTAPI(NTSTATUS) CsrClientCallServer(PVOID, PVOID, ULONG, SIZE_T);
3498	#endif
3499
3500	RT_DECL_NTAPI(VOID) LdrInitializeThunk(PVOID, PVOID, PVOID);
3501
3502	typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
3503	{
3504	ULONG Flags;
3505	PCUNICODE_STRING FullDllName;
3506	PCUNICODE_STRING BaseDllName;
3507	PVOID DllBase;
3508	ULONG SizeOfImage;
3509	} LDR_DLL_LOADED_NOTIFICATION_DATA, LDR_DLL_UNLOADED_NOTIFICATION_DATA;
3510	typedef LDR_DLL_LOADED_NOTIFICATION_DATA PLDR_DLL_LOADED_NOTIFICATION_DATA, PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3511	typedef LDR_DLL_LOADED_NOTIFICATION_DATA const PCLDR_DLL_LOADED_NOTIFICATION_DATA, PCLDR_DLL_UNLOADED_NOTIFICATION_DATA;
3512
3513	typedef union _LDR_DLL_NOTIFICATION_DATA
3514	{
3515	LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
3516	LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
3517	} LDR_DLL_NOTIFICATION_DATA;
3518	typedef LDR_DLL_NOTIFICATION_DATA *PLDR_DLL_NOTIFICATION_DATA;
3519	typedef LDR_DLL_NOTIFICATION_DATA const *PCLDR_DLL_NOTIFICATION_DATA;
3520
3521	typedef VOID (NTAPI *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG ulReason, PCLDR_DLL_NOTIFICATION_DATA pData, PVOID pvUser);
3522
3523	#define LDR_DLL_NOTIFICATION_REASON_LOADED UINT32_C(1)
3524	#define LDR_DLL_NOTIFICATION_REASON_UNLOADED UINT32_C(2)
3525	RT_DECL_NTAPI(NTSTATUS) LdrRegisterDllNotification(ULONG fFlags, PLDR_DLL_NOTIFICATION_FUNCTION pfnCallback, PVOID pvUser,
3526	PVOID *pvCookie);
3527	typedef NTSTATUS (NTAPI PFNLDRREGISTERDLLNOTIFICATION)(ULONG, PLDR_DLL_NOTIFICATION_FUNCTION, PVOID, PVOID );
3528	RT_DECL_NTAPI(NTSTATUS) LdrUnregisterDllNotification(PVOID pvCookie);
3529	typedef NTSTATUS (NTAPI *PFNLDRUNREGISTERDLLNOTIFICATION)(PVOID);
3530
3531	RT_DECL_NTAPI(NTSTATUS) LdrLoadDll(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3532	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3533	typedef NTSTATUS (NTAPI *PFNLDRLOADDLL)(IN PWSTR pwszSearchPathOrFlags OPTIONAL, IN PULONG pfFlags OPTIONAL,
3534	IN PCUNICODE_STRING pName, OUT PHANDLE phMod);
3535	RT_DECL_NTAPI(NTSTATUS) LdrUnloadDll(IN HANDLE hMod);
3536	typedef NTSTATUS (NTAPI *PFNLDRUNLOADDLL)(IN HANDLE hMod);
3537	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandle(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3538	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3539	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLE)(IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3540	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3541	#define LDRGETDLLHANDLEEX_F_UNCHANGED_REFCOUNT RT_BIT_32(0)
3542	#define LDRGETDLLHANDLEEX_F_PIN RT_BIT_32(1)
3543	/** @since Windows XP. */
3544	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleEx(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3545	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3546	/** @since Windows XP. */
3547	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEEX)(IN ULONG fFlags, IN PCWSTR pwszDllPath OPTIONAL, IN PULONG pfFlags OPTIONAL,
3548	IN PCUNICODE_STRING pName, OUT PHANDLE phDll);
3549	/** @since Windows 7. */
3550	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByMapping(IN PVOID pvBase, OUT PHANDLE phDll);
3551	/** @since Windows 7. */
3552	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYMAPPING)(IN PVOID pvBase, OUT PHANDLE phDll);
3553	/** @since Windows 7. */
3554	RT_DECL_NTAPI(NTSTATUS) LdrGetDllHandleByName(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3555	OUT PHANDLE phDll);
3556	/** @since Windows 7. */
3557	typedef NTSTATUS (NTAPI *PFNLDRGETDLLHANDLEBYNAME)(IN PCUNICODE_STRING pName OPTIONAL, IN PCUNICODE_STRING pFullName OPTIONAL,
3558	OUT PHANDLE phDll);
3559	#define LDRADDREFDLL_F_PIN RT_BIT_32(0)
3560	RT_DECL_NTAPI(NTSTATUS) LdrAddRefDll(IN ULONG fFlags, IN HANDLE hDll);
3561	typedef NTSTATUS (NTAPI *PFNLDRADDREFDLL)(IN ULONG fFlags, IN HANDLE hDll);
3562	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddress(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3563	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3564	typedef NTSTATUS (NTAPI *PFNLDRGETPROCEDUREADDRESS)(IN HANDLE hDll, IN PCANSI_STRING pSymbol OPTIONAL,
3565	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol);
3566	#define LDRGETPROCEDUREADDRESSEX_F_DONT_RECORD_FORWARDER RT_BIT_32(0)
3567	/** @since Windows Vista. */
3568	RT_DECL_NTAPI(NTSTATUS) LdrGetProcedureAddressEx(IN HANDLE hDll, IN ANSI_STRING const *pSymbol OPTIONAL,
3569	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3570	/** @since Windows Vista. */
3571	typedef NTSTATUS (NTAPI PFNLDRGETPROCEDUREADDRESSEX)(IN HANDLE hDll, IN ANSI_STRING const pSymbol OPTIONAL,
3572	IN ULONG uOrdinal OPTIONAL, OUT PVOID *ppvSymbol, ULONG fFlags);
3573	#define LDRLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3574	#define LDRLOCKLOADERLOCK_F_NO_WAIT RT_BIT_32(1)
3575	#define LDRLOCKLOADERLOCK_DISP_INVALID UINT32_C(0)
3576	#define LDRLOCKLOADERLOCK_DISP_ACQUIRED UINT32_C(1)
3577	#define LDRLOCKLOADERLOCK_DISP_NOT_ACQUIRED UINT32_C(2)
3578	/** @since Windows XP. */
3579	RT_DECL_NTAPI(NTSTATUS) LdrLockLoaderLock(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID *ppvCookie);
3580	/** @since Windows XP. */
3581	typedef NTSTATUS (NTAPI PFNLDRLOCKLOADERLOCK)(IN ULONG fFlags, OUT PULONG puDisposition OPTIONAL, OUT PVOID ppvCookie);
3582	#define LDRUNLOCKLOADERLOCK_F_RAISE_ERRORS RT_BIT_32(0)
3583	/** @since Windows XP. */
3584	RT_DECL_NTAPI(NTSTATUS) LdrUnlockLoaderLock(IN ULONG fFlags, OUT PVOID pvCookie);
3585	/** @since Windows XP. */
3586	typedef NTSTATUS (NTAPI *PFNLDRUNLOCKLOADERLOCK)(IN ULONG fFlags, OUT PVOID pvCookie);
3587
3588	RT_DECL_NTAPI(NTSTATUS) RtlExpandEnvironmentStrings_U(PVOID, PUNICODE_STRING, PUNICODE_STRING, PULONG);
3589	RT_DECL_NTAPI(VOID) RtlExitUserProcess(NTSTATUS rcExitCode); /*< Vista and later. /
3590	RT_DECL_NTAPI(VOID) RtlExitUserThread(NTSTATUS rcExitCode);
3591	RT_DECL_NTAPI(NTSTATUS) RtlDosApplyFileIsolationRedirection_Ustr(IN ULONG fFlags,
3592	IN PCUNICODE_STRING pOrgName,
3593	IN PUNICODE_STRING pDefaultSuffix,
3594	IN OUT PUNICODE_STRING pStaticString,
3595	IN OUT PUNICODE_STRING pDynamicString,
3596	IN OUT PUNICODE_STRING *ppResultString,
3597	IN PULONG pfNewFlags OPTIONAL,
3598	IN PSIZE_T pcbFilename OPTIONAL,
3599	IN PSIZE_T pcbNeeded OPTIONAL);
3600	/** @since Windows 8.
3601	* @note Status code is always zero in windows 10 build 14393. */
3602	RT_DECL_NTAPI(NTSTATUS) ApiSetQueryApiSetPresence(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3603	/** @copydoc ApiSetQueryApiSetPresence */
3604	typedef NTSTATUS (NTAPI *PFNAPISETQUERYAPISETPRESENCE)(IN PCUNICODE_STRING pAllegedApiSetDll, OUT PBOOLEAN pfPresent);
3605
3606
3607	# ifdef IPRT_NT_USE_WINTERNL
3608	typedef NTSTATUS NTAPI RTL_HEAP_COMMIT_ROUTINE(PVOID, PVOID *, PSIZE_T);
3609	typedef RTL_HEAP_COMMIT_ROUTINE *PRTL_HEAP_COMMIT_ROUTINE;
3610	typedef struct _RTL_HEAP_PARAMETERS
3611	{
3612	ULONG Length;
3613	SIZE_T SegmentReserve;
3614	SIZE_T SegmentCommit;
3615	SIZE_T DeCommitFreeBlockThreshold;
3616	SIZE_T DeCommitTotalFreeThreshold;
3617	SIZE_T MaximumAllocationSize;
3618	SIZE_T VirtualMemoryThreshold;
3619	SIZE_T InitialCommit;
3620	SIZE_T InitialReserve;
3621	PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
3622	SIZE_T Reserved[2];
3623	} RTL_HEAP_PARAMETERS;
3624	typedef RTL_HEAP_PARAMETERS *PRTL_HEAP_PARAMETERS;
3625	RT_DECL_NTAPI(PVOID) RtlCreateHeap(ULONG fFlags, PVOID pvHeapBase, SIZE_T cbReserve, SIZE_T cbCommit, PVOID pvLock,
3626	PRTL_HEAP_PARAMETERS pParameters);
3627	/** @name Heap flags (for RtlCreateHeap).
3628	* @{ */
3629	/*# define HEAP_NO_SERIALIZE UINT32_C(0x00000001)
3630	# define HEAP_GROWABLE UINT32_C(0x00000002)
3631	# define HEAP_GENERATE_EXCEPTIONS UINT32_C(0x00000004)
3632	# define HEAP_ZERO_MEMORY UINT32_C(0x00000008)
3633	# define HEAP_REALLOC_IN_PLACE_ONLY UINT32_C(0x00000010)
3634	# define HEAP_TAIL_CHECKING_ENABLED UINT32_C(0x00000020)
3635	# define HEAP_FREE_CHECKING_ENABLED UINT32_C(0x00000040)
3636	# define HEAP_DISABLE_COALESCE_ON_FREE UINT32_C(0x00000080)*/
3637	# define HEAP_SETTABLE_USER_VALUE UINT32_C(0x00000100)
3638	# define HEAP_SETTABLE_USER_FLAG1 UINT32_C(0x00000200)
3639	# define HEAP_SETTABLE_USER_FLAG2 UINT32_C(0x00000400)
3640	# define HEAP_SETTABLE_USER_FLAG3 UINT32_C(0x00000800)
3641	# define HEAP_SETTABLE_USER_FLAGS UINT32_C(0x00000e00)
3642	# define HEAP_CLASS_0 UINT32_C(0x00000000)
3643	# define HEAP_CLASS_1 UINT32_C(0x00001000)
3644	# define HEAP_CLASS_2 UINT32_C(0x00002000)
3645	# define HEAP_CLASS_3 UINT32_C(0x00003000)
3646	# define HEAP_CLASS_4 UINT32_C(0x00004000)
3647	# define HEAP_CLASS_5 UINT32_C(0x00005000)
3648	# define HEAP_CLASS_6 UINT32_C(0x00006000)
3649	# define HEAP_CLASS_7 UINT32_C(0x00007000)
3650	# define HEAP_CLASS_8 UINT32_C(0x00008000)
3651	# define HEAP_CLASS_MASK UINT32_C(0x0000f000)
3652	# endif
3653	# define HEAP_CLASS_PROCESS HEAP_CLASS_0
3654	# define HEAP_CLASS_PRIVATE HEAP_CLASS_1
3655	# define HEAP_CLASS_KERNEL HEAP_CLASS_2
3656	# define HEAP_CLASS_GDI HEAP_CLASS_3
3657	# define HEAP_CLASS_USER HEAP_CLASS_4
3658	# define HEAP_CLASS_CONSOLE HEAP_CLASS_5
3659	# define HEAP_CLASS_USER_DESKTOP HEAP_CLASS_6
3660	# define HEAP_CLASS_CSRSS_SHARED HEAP_CLASS_7
3661	# define HEAP_CLASS_CSRSS_PORT HEAP_CLASS_8
3662	# ifdef IPRT_NT_USE_WINTERNL
3663	/*# define HEAP_CREATE_ALIGN_16 UINT32_C(0x00010000)
3664	# define HEAP_CREATE_ENABLE_TRACING UINT32_C(0x00020000)
3665	# define HEAP_CREATE_ENABLE_EXECUTE UINT32_C(0x00040000)*/
3666	# define HEAP_CREATE_VALID_MASK UINT32_C(0x0007f0ff)
3667	# endif /* IPRT_NT_USE_WINTERNL */
3668	/** @} */
3669	# ifdef IPRT_NT_USE_WINTERNL
3670	/** @name Heap tagging constants
3671	* @{ */
3672	# define HEAP_GLOBAL_TAG UINT32_C(0x00000800)
3673	/*# define HEAP_MAXIMUM_TAG UINT32_C(0x00000fff)
3674	# define HEAP_PSEUDO_TAG_FLAG UINT32_C(0x00008000)
3675	# define HEAP_TAG_SHIFT 18 */
3676	# define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
3677	/** @} */
3678	RT_DECL_NTAPI(PVOID) RtlAllocateHeap(HANDLE hHeap, ULONG fFlags, SIZE_T cb);
3679	RT_DECL_NTAPI(PVOID) RtlReAllocateHeap(HANDLE hHeap, ULONG fFlags, PVOID pvOld, SIZE_T cbNew);
3680	RT_DECL_NTAPI(BOOLEAN) RtlFreeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3681	# endif /* IPRT_NT_USE_WINTERNL */
3682	RT_DECL_NTAPI(SIZE_T) RtlCompactHeap(HANDLE hHeap, ULONG fFlags);
3683	RT_DECL_NTAPI(SIZE_T) RtlSizeHeap(HANDLE hHeap, ULONG fFlags, PVOID pvMem);
3684	RT_DECL_NTAPI(NTSTATUS) RtlGetLastNtStatus(VOID);
3685	RT_DECL_NTAPI(ULONG) RtlGetLastWin32Error(VOID);
3686	RT_DECL_NTAPI(VOID) RtlSetLastWin32Error(ULONG uError);
3687	RT_DECL_NTAPI(VOID) RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS rcNt);
3688	RT_DECL_NTAPI(VOID) RtlRestoreLastWin32Error(ULONG uError);
3689	RT_DECL_NTAPI(BOOLEAN) RtlQueryPerformanceCounter(PLARGE_INTEGER);
3690	RT_DECL_NTAPI(uint64_t) RtlGetSystemTimePrecise(VOID);
3691	typedef uint64_t (NTAPI * PFNRTLGETSYSTEMTIMEPRECISE)(VOID);
3692	RT_DECL_NTAPI(uint64_t) RtlGetInterruptTimePrecise(uint64_t *puPerfTime);
3693	typedef uint64_t (NTAPI * PFNRTLGETINTERRUPTTIMEPRECISE)(uint64_t *);
3694	RT_DECL_NTAPI(BOOLEAN) RtlQueryUnbiasedInterruptTime(uint64_t *puInterruptTime);
3695	typedef BOOLEAN (NTAPI * PFNRTLQUERYUNBIASEDINTERRUPTTIME)(uint64_t *);
3696
3697	RT_C_DECLS_END
3698	/** @} */
3699	#endif /* IN_RING3 */
3700
3701	#endif /* !IPRT_INCLUDED_nt_nt_h */
3702

注意: 瀏覽 TracBrowser 來幫助您使用儲存庫瀏覽器

source: vbox/trunk/include/iprt/nt/nt.h@ 92725

以其他格式下載: