| /* ntdll.h. Contains ntdll specific stuff not defined elsewhere. |
| |
| This file is part of Cygwin. |
| |
| This software is a copyrighted work licensed under the terms of the |
| Cygwin license. Please consult the file "CYGWIN_LICENSE" for |
| details. */ |
| |
| #pragma once |
| |
| #include <ntstatus.h> |
| |
| /* custom status code: */ |
| #define STATUS_ILLEGAL_DLL_PSEUDO_RELOCATION ((NTSTATUS) 0xe0000269) |
| |
| /* As of March 2013, Mingw doesn't define these status codes yet. */ |
| #ifndef STATUS_NETWORK_OPEN_RESTRICTION |
| #define STATUS_NETWORK_OPEN_RESTRICTION ((NTSTATUS)0xC0000201) |
| #endif |
| #ifndef STATUS_SYMLINK_CLASS_DISABLED |
| #define STATUS_SYMLINK_CLASS_DISABLED ((NTSTATUS)0xC0000715) |
| #endif |
| |
| #define NtCurrentProcess() ((HANDLE) (LONG_PTR) -1) |
| #define NtCurrentThread() ((HANDLE) (LONG_PTR) -2) |
| |
| /* Creation information returned in IO_STATUS_BLOCK. */ |
| #define FILE_SUPERSEDED 0 |
| #define FILE_OPENED 1 |
| #define FILE_CREATED 2 |
| #define FILE_OVERWRITTEN 3 |
| #define FILE_EXISTS 4 |
| #define FILE_DOES_NOT_EXIST 5 |
| |
| /* Relative file position values in NtWriteFile call. */ |
| #define FILE_WRITE_TO_END_OF_FILE (-1LL) |
| #define FILE_USE_FILE_POINTER_POSITION (-2LL) |
| |
| /* Device Characteristics. */ |
| #define FILE_REMOVABLE_MEDIA 0x00000001 |
| #define FILE_READ_ONLY_DEVICE 0x00000002 |
| #define FILE_FLOPPY_DISKETTE 0x00000004 |
| #define FILE_WRITE_ONCE_MEDIA 0x00000008 |
| #define FILE_REMOTE_DEVICE 0x00000010 |
| #define FILE_DEVICE_IS_MOUNTED 0x00000020 |
| #define FILE_VIRTUAL_VOLUME 0x00000040 |
| #define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080 |
| #define FILE_DEVICE_SECURE_OPEN 0x00000100 |
| |
| /* Allocation type values in NtMapViewOfSection call. */ |
| #define AT_EXTENDABLE_FILE 0x00002000 |
| #define AT_ROUND_TO_PAGE 0x40000000 |
| |
| /* Lock type in NtLockVirtualMemory/NtUnlockVirtualMemory call. */ |
| #define MAP_PROCESS 1 |
| #define MAP_SYSTEM 2 |
| |
| /* Directory access rights (only in NT namespace). */ |
| #define DIRECTORY_QUERY 1 |
| #define DIRECTORY_TRAVERSE 2 |
| #define DIRECTORY_CREATE_OBJECT 4 |
| #define DIRECTORY_CREATE_SUBDIRECTORY 8 |
| #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|0x0f) |
| |
| /* Symbolic link access rights (only in NT namespace). */ |
| #define SYMBOLIC_LINK_QUERY 1 |
| |
| /* Transaction access rights. */ |
| #ifndef TRANSACTION_ALL_ACCESS |
| #define TRANSACTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x3F) |
| #endif |
| |
| /* Event object access rights. */ |
| #define EVENT_QUERY_STATE 1 |
| |
| /* Semaphore access rights. */ |
| #define SEMAPHORE_QUERY_STATE 1 |
| |
| /* Specific ACCESS_MASKSs for objects created in Cygwin. */ |
| #define CYG_SHARED_DIR_ACCESS (DIRECTORY_QUERY \ |
| | DIRECTORY_TRAVERSE \ |
| | DIRECTORY_CREATE_SUBDIRECTORY \ |
| | DIRECTORY_CREATE_OBJECT \ |
| | READ_CONTROL) |
| #define CYG_MUTANT_ACCESS (MUTANT_QUERY_STATE \ |
| | SYNCHRONIZE \ |
| | READ_CONTROL) |
| #define CYG_EVENT_ACCESS (EVENT_QUERY_STATE \ |
| | EVENT_MODIFY_STATE \ |
| | SYNCHRONIZE \ |
| | READ_CONTROL) |
| #define CYG_SEMAPHORE_ACCESS (SEMAPHORE_QUERY_STATE \ |
| | SEMAPHORE_MODIFY_STATE \ |
| | SYNCHRONIZE \ |
| | READ_CONTROL) |
| |
| /* Definitions for first parameter of RtlQueryRegistryValues. */ |
| #define RTL_REGISTRY_ABSOLUTE 0 |
| #define RTL_REGISTRY_SERVICES 1 |
| #define RTL_REGISTRY_CONTROL 2 |
| #define RTL_REGISTRY_WINDOWS_NT 3 |
| #define RTL_REGISTRY_DEVICEMAP 4 |
| #define RTL_REGISTRY_USER 5 |
| #define RTL_REGISTRY_HANDLE 0x40000000 |
| #define RTL_REGISTRY_OPTIONAL 0x80000000 |
| |
| /* Flags values for QueryTable parameter of RtlQueryRegistryValues. */ |
| #define RTL_QUERY_REGISTRY_SUBKEY 0x01 |
| #define RTL_QUERY_REGISTRY_TOPKEY 0x02 |
| #define RTL_QUERY_REGISTRY_REQUIRED 0x04 |
| #define RTL_QUERY_REGISTRY_NOVALUE 0x08 |
| #define RTL_QUERY_REGISTRY_NOEXPAND 0x10 |
| #define RTL_QUERY_REGISTRY_DIRECT 0x20 |
| #define RTL_QUERY_REGISTRY_DELETE 0x40 |
| #define RTL_QUERY_REGISTRY_NOSTRING 0x80 |
| |
| /* What RtlQueryProcessDebugInformation shall return. */ |
| #define PDI_MODULES 0x01 |
| #define PDI_HEAPS 0x04 |
| #define PDI_HEAP_BLOCKS 0x10 |
| #define PDI_WOW64_MODULES 0x40 |
| |
| /* VM working set list protection values. Returned by NtQueryVirtualMemory. */ |
| #define WSLE_PAGE_READONLY 0x001 |
| #define WSLE_PAGE_EXECUTE 0x002 |
| #define WSLE_PAGE_EXECUTE_READ 0x003 |
| #define WSLE_PAGE_READWRITE 0x004 |
| #define WSLE_PAGE_WRITECOPY 0x005 |
| #define WSLE_PAGE_EXECUTE_READWRITE 0x006 |
| #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007 |
| #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0 |
| #define WSLE_PAGE_SHAREABLE 0x100 |
| |
| /* Known debug heap flags */ |
| #define HEAP_FLAG_NOSERIALIZE 0x1 |
| #define HEAP_FLAG_GROWABLE 0x2 |
| #define HEAP_FLAG_EXCEPTIONS 0x4 |
| #define HEAP_FLAG_NONDEFAULT 0x1000 |
| #define HEAP_FLAG_SHAREABLE 0x8000 |
| #define HEAP_FLAG_EXECUTABLE 0x40000 |
| #define HEAP_FLAG_DEBUGGED 0x40000000 |
| |
| #define FILE_VC_QUOTA_NONE 0x00000000 |
| #define FILE_VC_QUOTA_TRACK 0x00000001 |
| #define FILE_VC_QUOTA_ENFORCE 0x00000002 |
| #define FILE_VC_QUOTA_MASK 0x00000003 |
| #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008 |
| #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010 |
| #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020 |
| #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040 |
| #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080 |
| #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100 |
| #define FILE_VC_QUOTAS_REBUILDING 0x00000200 |
| #define FILE_VC_VALID_MASK 0x000003ff |
| |
| /* IOCTL code to impersonate client of named pipe. */ |
| #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, \ |
| METHOD_BUFFERED, FILE_ANY_ACCESS) |
| |
| typedef enum _FILE_INFORMATION_CLASS |
| { |
| FileDirectoryInformation = 1, |
| FileFullDirectoryInformation, // 2 |
| FileBothDirectoryInformation, // 3 |
| FileBasicInformation, // 4 wdm |
| FileStandardInformation, // 5 wdm |
| FileInternalInformation, // 6 |
| FileEaInformation, // 7 |
| FileAccessInformation, // 8 |
| FileNameInformation, // 9 |
| FileRenameInformation, // 10 |
| FileLinkInformation, // 11 |
| FileNamesInformation, // 12 |
| FileDispositionInformation, // 13 |
| FilePositionInformation, // 14 wdm |
| FileFullEaInformation, // 15 |
| FileModeInformation, // 16 |
| FileAlignmentInformation, // 17 |
| FileAllInformation, // 18 |
| FileAllocationInformation, // 19 |
| FileEndOfFileInformation, // 20 wdm |
| FileAlternateNameInformation, // 21 |
| FileStreamInformation, // 22 |
| FilePipeInformation, // 23 |
| FilePipeLocalInformation, // 24 |
| FilePipeRemoteInformation, // 25 |
| FileMailslotQueryInformation, // 26 |
| FileMailslotSetInformation, // 27 |
| FileCompressionInformation, // 28 |
| FileObjectIdInformation, // 29 |
| FileCompletionInformation, // 30 |
| FileMoveClusterInformation, // 31 |
| FileQuotaInformation, // 32 |
| FileReparsePointInformation, // 33 |
| FileNetworkOpenInformation, // 34 |
| FileAttributeTagInformation, // 35 |
| FileTrackingInformation, // 36 |
| FileIdBothDirectoryInformation, // 37 |
| FileIdFullDirectoryInformation, // 38 |
| FileValidDataLengthInformation, // 39 |
| FileShortNameInformation, // 40 |
| FileMaximumInformation |
| } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_NAMES_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_DIRECTORY_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_BOTH_DIR_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| CCHAR ShortNameLength; |
| WCHAR ShortName[12]; |
| WCHAR FileName[1]; |
| } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_ID_BOTH_DIR_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| ULONG FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| ULONG FileAttributes; |
| ULONG FileNameLength; |
| ULONG EaSize; |
| CCHAR ShortNameLength; |
| WCHAR ShortName[12]; |
| LARGE_INTEGER FileId; |
| WCHAR FileName[1]; |
| } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION; |
| |
| typedef enum _SYSTEM_INFORMATION_CLASS |
| { |
| SystemBasicInformation = 0, |
| SystemPerformanceInformation = 2, |
| SystemTimeOfDayInformation = 3, |
| SystemProcessInformation = 5, |
| SystemProcessorPerformanceInformation = 8, |
| SystemHandleInformation = 16, |
| SystemPagefileInformation = 18, |
| /* There are a lot more of these... */ |
| } SYSTEM_INFORMATION_CLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_BASIC_INFORMATION |
| { |
| ULONG Unknown; |
| ULONG MaximumIncrement; |
| ULONG PhysicalPageSize; |
| ULONG NumberOfPhysicalPages; |
| ULONG LowestPhysicalPage; |
| ULONG HighestPhysicalPage; |
| ULONG AllocationGranularity; |
| ULONG_PTR LowestUserAddress; |
| ULONG_PTR HighestUserAddress; |
| ULONG_PTR ActiveProcessors; |
| UCHAR NumberProcessors; |
| } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_PAGEFILE_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| ULONG CurrentSize; |
| ULONG TotalUsed; |
| ULONG PeakUsed; |
| UNICODE_STRING FileName; |
| } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION |
| { |
| LARGE_INTEGER IdleTime; |
| LARGE_INTEGER KernelTime; |
| LARGE_INTEGER UserTime; |
| LARGE_INTEGER DpcTime; |
| LARGE_INTEGER InterruptTime; |
| ULONG InterruptCount; |
| } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; |
| |
| typedef LONG KPRIORITY; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _VM_COUNTERS |
| { |
| SIZE_T PeakVirtualSize; |
| SIZE_T VirtualSize; |
| ULONG PageFaultCount; |
| SIZE_T PeakWorkingSetSize; |
| SIZE_T WorkingSetSize; |
| SIZE_T QuotaPeakPagedPoolUsage; |
| SIZE_T QuotaPagedPoolUsage; |
| SIZE_T QuotaPeakNonPagedPoolUsage; |
| SIZE_T QuotaNonPagedPoolUsage; |
| SIZE_T PagefileUsage; |
| SIZE_T PeakPagefileUsage; |
| } VM_COUNTERS, *PVM_COUNTERS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _CLIENT_ID |
| { |
| HANDLE UniqueProcess; |
| HANDLE UniqueThread; |
| } CLIENT_ID, *PCLIENT_ID; |
| |
| typedef enum |
| { |
| StateInitialized, |
| StateReady, |
| StateRunning, |
| StateStandby, |
| StateTerminated, |
| StateWait, |
| StateTransition, |
| StateUnknown, |
| } THREAD_STATE; |
| |
| typedef enum |
| { |
| Executive, |
| FreePage, |
| PageIn, |
| PoolAllocation, |
| DelayExecution, |
| Suspended, |
| UserRequest, |
| WrExecutive, |
| WrFreePage, |
| WrPageIn, |
| WrPoolAllocation, |
| WrDelayExecution, |
| WrSuspended, |
| WrUserRequest, |
| WrEventPair, |
| WrQueue, |
| WrLpcReceive, |
| WrLpcReply, |
| WrVirtualMemory, |
| WrPageOut, |
| WrRendezvous, |
| Spare2, |
| Spare3, |
| Spare4, |
| Spare5, |
| Spare6, |
| WrKernel, |
| MaximumWaitReason |
| } KWAIT_REASON; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_THREADS |
| { |
| LARGE_INTEGER KernelTime; |
| LARGE_INTEGER UserTime; |
| LARGE_INTEGER CreateTime; |
| ULONG WaitTime; |
| PVOID StartAddress; |
| CLIENT_ID ClientId; |
| KPRIORITY Priority; |
| KPRIORITY BasePriority; |
| ULONG ContextSwitchCount; |
| THREAD_STATE State; |
| KWAIT_REASON WaitReason; |
| DWORD Reserved; |
| } SYSTEM_THREADS, *PSYSTEM_THREADS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_PROCESS_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| ULONG NumberOfThreads; |
| ULONG Reserved1[6]; |
| LARGE_INTEGER CreateTime; |
| LARGE_INTEGER UserTime; |
| LARGE_INTEGER KernelTime; |
| UNICODE_STRING ImageName; |
| KPRIORITY BasePriority; |
| HANDLE UniqueProcessId; |
| HANDLE InheritedFromUniqueProcessId; |
| ULONG HandleCount; |
| ULONG SessionId; |
| ULONG PageDirectoryBase; |
| VM_COUNTERS VirtualMemoryCounters; |
| SIZE_T PrivatePageCount; |
| IO_COUNTERS IoCounters; |
| SYSTEM_THREADS Threads[1]; |
| } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _IO_STATUS_BLOCK |
| { |
| union { |
| NTSTATUS Status; |
| PVOID Pointer; |
| }; |
| ULONG_PTR Information; |
| } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_PERFORMANCE_INFORMATION |
| { |
| LARGE_INTEGER IdleTime; |
| LARGE_INTEGER ReadTransferCount; |
| LARGE_INTEGER WriteTransferCount; |
| LARGE_INTEGER OtherTransferCount; |
| ULONG ReadOperationCount; |
| ULONG WriteOperationCount; |
| ULONG OtherOperationCount; |
| ULONG AvailablePages; |
| ULONG TotalCommittedPages; |
| ULONG TotalCommitLimit; |
| ULONG PeakCommitment; |
| ULONG PageFaults; |
| ULONG WriteCopyFaults; |
| ULONG TransitionFaults; |
| ULONG Reserved1; |
| ULONG DemandZeroFaults; |
| ULONG PagesRead; |
| ULONG PageReadIos; |
| ULONG Reserved2[2]; |
| ULONG PagefilePagesWritten; |
| ULONG PagefilePageWriteIos; |
| ULONG MappedFilePagesWritten; |
| ULONG MappedFilePageWriteIos; |
| ULONG PagedPoolUsage; |
| ULONG NonPagedPoolUsage; |
| ULONG PagedPoolAllocs; |
| ULONG PagedPoolFrees; |
| ULONG NonPagedPoolAllocs; |
| ULONG NonPagedPoolFrees; |
| ULONG TotalFreeSystemPtes; |
| ULONG SystemCodePage; |
| ULONG TotalSystemDriverPages; |
| ULONG TotalSystemCodePages; |
| ULONG SmallNonPagedLookasideListAllocateHits; |
| ULONG SmallPagedLookasideListAllocateHits; |
| ULONG Reserved3; |
| ULONG MmSystemCachePage; |
| ULONG PagedPoolPage; |
| ULONG SystemDriverPage; |
| ULONG FastReadNoWait; |
| ULONG FastReadWait; |
| ULONG FastReadResourceMiss; |
| ULONG FastReadNotPossible; |
| ULONG FastMdlReadNoWait; |
| ULONG FastMdlReadWait; |
| ULONG FastMdlReadResourceMiss; |
| ULONG FastMdlReadNotPossible; |
| ULONG MapDataNoWait; |
| ULONG MapDataWait; |
| ULONG MapDataNoWaitMiss; |
| ULONG MapDataWaitMiss; |
| ULONG PinMappedDataCount; |
| ULONG PinReadNoWait; |
| ULONG PinReadWait; |
| ULONG PinReadNoWaitMiss; |
| ULONG PinReadWaitMiss; |
| ULONG CopyReadNoWait; |
| ULONG CopyReadWait; |
| ULONG CopyReadNoWaitMiss; |
| ULONG CopyReadWaitMiss; |
| ULONG MdlReadNoWait; |
| ULONG MdlReadWait; |
| ULONG MdlReadNoWaitMiss; |
| ULONG MdlReadWaitMiss; |
| ULONG ReadAheadIos; |
| ULONG LazyWriteIos; |
| ULONG LazyWritePages; |
| ULONG DataFlushes; |
| ULONG DataPages; |
| ULONG ContextSwitches; |
| ULONG FirstLevelTbFills; |
| ULONG SecondLevelTbFills; |
| ULONG SystemCalls; |
| } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SYSTEM_TIMEOFDAY_INFORMATION |
| { |
| LARGE_INTEGER BootTime; |
| LARGE_INTEGER CurrentTime; |
| LARGE_INTEGER TimeZoneBias; |
| ULONG CurrentTimeZoneId; |
| BYTE Reserved1[20]; /* Per MSDN. Always 0. */ |
| } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; |
| |
| typedef enum _PROCESSINFOCLASS |
| { |
| ProcessBasicInformation = 0, |
| ProcessQuotaLimits = 1, |
| ProcessVmCounters = 3, |
| ProcessTimes = 4, |
| ProcessSessionInformation = 24, |
| ProcessWow64Information = 26, |
| ProcessImageFileName = 27, |
| ProcessDebugFlags = 31 |
| } PROCESSINFOCLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DEBUG_BUFFER |
| { |
| HANDLE SectionHandle; |
| PVOID SectionBase; |
| PVOID RemoteSectionBase; |
| ULONG_PTR SectionBaseDelta; |
| HANDLE EventPairHandle; |
| ULONG_PTR Unknown[2]; |
| HANDLE RemoteThreadHandle; |
| ULONG InfoClassMask; |
| ULONG_PTR SizeOfInfo; |
| ULONG_PTR AllocatedSize; |
| ULONG_PTR SectionSize; |
| PVOID ModuleInformation; |
| PVOID BackTraceInformation; |
| PVOID HeapInformation; |
| PVOID LockInformation; |
| PVOID Reserved[8]; |
| } DEBUG_BUFFER, *PDEBUG_BUFFER; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DEBUG_HEAP_INFORMATION |
| { |
| ULONG_PTR Base; |
| ULONG Flags; |
| USHORT Granularity; |
| USHORT Unknown; |
| ULONG_PTR Allocated; |
| ULONG_PTR Committed; |
| ULONG TagCount; |
| ULONG BlockCount; |
| ULONG Reserved[7]; |
| PVOID Tags; |
| PVOID Blocks; |
| } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DEBUG_HEAP_ARRAY |
| { |
| ULONG Count; |
| DEBUG_HEAP_INFORMATION Heaps[1]; |
| } DEBUG_HEAP_ARRAY, *PDEBUG_HEAP_ARRAY; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DEBUG_HEAP_BLOCK |
| { |
| ULONG_PTR Size; |
| ULONG Flags; |
| ULONG_PTR Committed; |
| ULONG_PTR Address; |
| } DEBUG_HEAP_BLOCK, *PDEBUG_HEAP_BLOCK; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DEBUG_MODULE_INFORMATION |
| { |
| ULONG_PTR Reserved[2]; |
| ULONG_PTR Base; |
| ULONG Size; |
| ULONG Flags; |
| USHORT Index; |
| USHORT Unknown; |
| USHORT LoadCount; |
| USHORT ModuleNameOffset; |
| CHAR ImageName[256]; |
| } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DEBUG_MODULE_ARRAY |
| { |
| ULONG Count; |
| DEBUG_MODULE_INFORMATION Modules[1]; |
| } DEBUG_MODULE_ARRAY, *PDEBUG_MODULE_ARRAY; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _KERNEL_USER_TIMES |
| { |
| LARGE_INTEGER CreateTime; |
| LARGE_INTEGER ExitTime; |
| LARGE_INTEGER KernelTime; |
| LARGE_INTEGER UserTime; |
| } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _LDR_DATA_TABLE_ENTRY |
| { |
| /* Heads up! The pointers within the LIST_ENTRYs don't point to the |
| start of the next LDR_DATA_TABLE_ENTRY, but rather they point to the |
| start of their respective LIST_ENTRY *within* LDR_DATA_TABLE_ENTRY. */ |
| LIST_ENTRY InLoadOrderLinks; |
| LIST_ENTRY InMemoryOrderLinks; |
| LIST_ENTRY InInitializationOrderLinks; |
| PVOID DllBase; |
| PVOID EntryPoint; |
| ULONG SizeOfImage; |
| UNICODE_STRING FullDllName; |
| UNICODE_STRING BaseDllName; |
| ULONG Flags; |
| USHORT LoadCount; |
| /* More follows. Left out since it's just not used. The aforementioned |
| part of the structure is stable from at least NT4 up to Windows 8, |
| including WOW64. */ |
| } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _PEB_LDR_DATA |
| { |
| ULONG Length; |
| BOOLEAN Initialized; |
| PVOID SsHandle; |
| /* Heads up! The pointers within the LIST_ENTRYs don't point to the |
| start of the next LDR_DATA_TABLE_ENTRY, but rather they point to the |
| start of their respective LIST_ENTRY *within* LDR_DATA_TABLE_ENTRY. */ |
| LIST_ENTRY InLoadOrderModuleList; |
| LIST_ENTRY InMemoryOrderModuleList; |
| LIST_ENTRY InInitializationOrderModuleList; |
| PVOID EntryInProgress; |
| } PEB_LDR_DATA, *PPEB_LDR_DATA; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _RTL_USER_PROCESS_PARAMETERS |
| { |
| ULONG AllocationSize; |
| ULONG Size; |
| ULONG Flags; |
| ULONG DebugFlags; |
| HANDLE hConsole; |
| ULONG ProcessGroup; |
| HANDLE hStdInput; |
| HANDLE hStdOutput; |
| HANDLE hStdError; |
| UNICODE_STRING CurrentDirectoryName; |
| HANDLE CurrentDirectoryHandle; |
| UNICODE_STRING DllPath; |
| UNICODE_STRING ImagePathName; |
| UNICODE_STRING CommandLine; |
| PWSTR Environment; |
| ULONG dwX; |
| ULONG dwY; |
| ULONG dwXSize; |
| ULONG dwYSize; |
| ULONG dwXCountChars; |
| ULONG dwYCountChars; |
| ULONG dwFillAttribute; |
| ULONG dwFlags; |
| ULONG wShowWindow; |
| UNICODE_STRING WindowTitle; |
| UNICODE_STRING DesktopInfo; |
| UNICODE_STRING ShellInfo; |
| UNICODE_STRING RuntimeInfo; |
| } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _PEB |
| { |
| BYTE Reserved1[2]; |
| BYTE BeingDebugged; |
| BYTE Reserved2[1]; |
| PVOID Reserved3[2]; |
| PPEB_LDR_DATA Ldr; |
| PRTL_USER_PROCESS_PARAMETERS ProcessParameters; |
| PVOID Reserved4; |
| PVOID ProcessHeap; |
| PRTL_CRITICAL_SECTION FastPebLock; |
| PVOID Reserved5[2]; |
| ULONG EnvironmentUpdateCount; |
| BYTE Reserved6[228]; |
| PVOID Reserved7[49]; |
| ULONG SessionId; |
| /* A lot more follows... */ |
| } PEB, *PPEB; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _GDI_TEB_BATCH |
| { |
| ULONG Offset; |
| HANDLE HDC; |
| ULONG Buffer[0x136]; |
| } GDI_TEB_BATCH, *PGDI_TEB_BATCH; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _TEB |
| { |
| NT_TIB Tib; |
| PVOID EnvironmentPointer; |
| CLIENT_ID ClientId; |
| PVOID ActiveRpcHandle; |
| PVOID ThreadLocalStoragePointer; |
| PPEB Peb; |
| ULONG LastErrorValue; |
| ULONG CountOfOwnedCriticalSections; |
| PVOID CsrClientThread; |
| PVOID Win32ThreadInfo; |
| ULONG User32Reserved[26]; |
| ULONG UserReserved[5]; |
| PVOID WOW32Reserved; |
| LCID CurrentLocale; |
| ULONG FpSoftwareStatusRegister; |
| PVOID SystemReserved1[54]; |
| LONG ExceptionCode; |
| PVOID ActivationContextStackPointer; |
| UCHAR SpareBytes1[0x30 - 3 * sizeof(PVOID)]; |
| ULONG TxFsContext; |
| GDI_TEB_BATCH GdiTebBatch; |
| CLIENT_ID RealClientId; |
| PVOID GdiCachedProcessHandle; |
| ULONG GdiClientPID; |
| ULONG GdiClientTID; |
| PVOID GdiThreadLocalInfo; |
| SIZE_T Win32ClientInfo[62]; |
| PVOID glDispatchTable[233]; |
| SIZE_T glReserved1[29]; |
| PVOID glReserved2; |
| PVOID glSectionInfo; |
| PVOID glSection; |
| PVOID glTable; |
| PVOID glCurrentRC; |
| PVOID glContext; |
| ULONG LastStatusValue; |
| UNICODE_STRING StaticUnicodeString; |
| WCHAR StaticUnicodeBuffer[261]; |
| PVOID DeallocationStack; |
| PVOID TlsSlots[64]; |
| BYTE Reserved3[8]; |
| PVOID Reserved4[26]; |
| PVOID ReservedForOle; |
| PVOID Reserved5[4]; |
| PVOID TlsExpansionSlots; |
| /* A lot more follows... */ |
| } TEB, *PTEB; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _KSYSTEM_TIME |
| { |
| ULONG LowPart; |
| LONG High1Time; |
| LONG High2Time; |
| } KSYSTEM_TIME, *PKSYSTEM_TIME; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _KUSER_SHARED_DATA |
| { |
| BYTE Reserved1[0x08]; |
| KSYSTEM_TIME InterruptTime; |
| BYTE Reserved2[0x2c8]; |
| ULONG DismountCount; |
| /* A lot more follows... */ |
| } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _PROCESS_BASIC_INFORMATION |
| { |
| NTSTATUS ExitStatus; |
| PPEB PebBaseAddress; |
| KAFFINITY AffinityMask; |
| KPRIORITY BasePriority; /* !!!Broken on WOW64!!! */ |
| ULONG_PTR UniqueProcessId; |
| ULONG_PTR InheritedFromUniqueProcessId; |
| } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _PROCESS_SESSION_INFORMATION |
| { |
| ULONG SessionId; |
| } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; |
| |
| typedef enum _MEMORY_INFORMATION_CLASS |
| { |
| MemoryBasicInformation, |
| MemoryWorkingSetList, |
| MemorySectionName, |
| MemoryBasicVlmInformation |
| } MEMORY_INFORMATION_CLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _MEMORY_WORKING_SET_LIST |
| { |
| ULONG NumberOfPages; |
| ULONG_PTR WorkingSetList[1]; |
| } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _MEMORY_SECTION_NAME |
| { |
| UNICODE_STRING SectionFileName; |
| } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_BASIC_INFORMATION |
| { |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| ULONG FileAttributes; |
| } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_STANDARD_INFORMATION |
| { |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER EndOfFile; |
| ULONG NumberOfLinks; |
| BOOLEAN DeletePending; |
| BOOLEAN Directory; |
| } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_NETWORK_OPEN_INFORMATION |
| { |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER EndOfFile; |
| ULONG FileAttributes; |
| } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_INTERNAL_INFORMATION |
| { |
| LARGE_INTEGER IndexNumber; |
| } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_EA_INFORMATION |
| { |
| ULONG EaSize; |
| } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_ACCESS_INFORMATION |
| { |
| ACCESS_MASK AccessFlags; |
| } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_DISPOSITION_INFORMATION |
| { |
| BOOLEAN DeleteFile; |
| } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_POSITION_INFORMATION |
| { |
| LARGE_INTEGER CurrentByteOffset; |
| } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_END_OF_FILE_INFORMATION |
| { |
| LARGE_INTEGER EndOfFile; |
| } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_MODE_INFORMATION |
| { |
| ULONG Mode; |
| } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_ALIGNMENT_INFORMATION |
| { |
| ULONG AlignmentRequirement; |
| } FILE_ALIGNMENT_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_NAME_INFORMATION |
| { |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_LINK_INFORMATION |
| { |
| BOOLEAN ReplaceIfExists; |
| HANDLE RootDirectory; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_RENAME_INFORMATION |
| { |
| BOOLEAN ReplaceIfExists; |
| HANDLE RootDirectory; |
| ULONG FileNameLength; |
| WCHAR FileName[1]; |
| } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_ALL_INFORMATION { |
| FILE_BASIC_INFORMATION BasicInformation; |
| FILE_STANDARD_INFORMATION StandardInformation; |
| FILE_INTERNAL_INFORMATION InternalInformation; |
| FILE_EA_INFORMATION EaInformation; |
| FILE_ACCESS_INFORMATION AccessInformation; |
| FILE_POSITION_INFORMATION PositionInformation; |
| FILE_MODE_INFORMATION ModeInformation; |
| FILE_ALIGNMENT_INFORMATION AlignmentInformation; |
| FILE_NAME_INFORMATION NameInformation; |
| } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION; |
| |
| enum |
| { |
| FILE_PIPE_DISCONNECTED_STATE = 1, |
| FILE_PIPE_LISTENING_STATE = 2, |
| FILE_PIPE_CONNECTED_STATE = 3, |
| FILE_PIPE_CLOSING_STATE = 4 |
| }; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_PIPE_LOCAL_INFORMATION |
| { |
| ULONG NamedPipeType; |
| ULONG NamedPipeConfiguration; |
| ULONG MaximumInstances; |
| ULONG CurrentInstances; |
| ULONG InboundQuota; |
| ULONG ReadDataAvailable; |
| ULONG OutboundQuota; |
| ULONG WriteQuotaAvailable; |
| ULONG NamedPipeState; |
| ULONG NamedPipeEnd; |
| } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_COMPRESSION_INFORMATION |
| { |
| LARGE_INTEGER CompressedFileSize; |
| USHORT CompressionFormat; |
| UCHAR CompressionUnitShift; |
| UCHAR ChunkShift; |
| UCHAR ClusterShift; |
| UCHAR Reserved[3]; |
| } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FS_DEVICE_INFORMATION |
| { |
| ULONG DeviceType; |
| ULONG Characteristics; |
| } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FS_ATTRIBUTE_INFORMATION |
| { |
| ULONG FileSystemAttributes; |
| ULONG MaximumComponentNameLength; |
| ULONG FileSystemNameLength; |
| WCHAR FileSystemName[1]; |
| } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| #pragma pack(push,4) |
| typedef struct _FILE_FS_VOLUME_INFORMATION |
| { |
| LARGE_INTEGER VolumeCreationTime; |
| ULONG VolumeSerialNumber; |
| ULONG VolumeLabelLength; |
| BOOLEAN SupportsObjects; |
| BOOLEAN __dummy; |
| WCHAR VolumeLabel[1]; |
| } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; |
| #pragma pack(pop) |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FS_SIZE_INFORMATION |
| { |
| LARGE_INTEGER TotalAllocationUnits; |
| LARGE_INTEGER AvailableAllocationUnits; |
| ULONG SectorsPerAllocationUnit; |
| ULONG BytesPerSector; |
| } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FS_CONTROL_INFORMATION { |
| LARGE_INTEGER FreeSpaceStartFiltering; |
| LARGE_INTEGER FreeSpaceThreshold; |
| LARGE_INTEGER FreeSpaceStopFiltering; |
| LARGE_INTEGER DefaultQuotaThreshold; |
| LARGE_INTEGER DefaultQuotaLimit; |
| ULONG FileSystemControlFlags; |
| } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FS_FULL_SIZE_INFORMATION |
| { |
| LARGE_INTEGER TotalAllocationUnits; |
| LARGE_INTEGER CallerAvailableAllocationUnits; |
| LARGE_INTEGER ActualAvailableAllocationUnits; |
| ULONG SectorsPerAllocationUnit; |
| ULONG BytesPerSector; |
| } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FS_OBJECTID_INFORMATION |
| { |
| UCHAR ObjectId[16]; |
| UCHAR ExtendedInfo[48]; |
| } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION; |
| |
| typedef enum _FSINFOCLASS { |
| FileFsVolumeInformation = 1, |
| FileFsLabelInformation, |
| FileFsSizeInformation, |
| FileFsDeviceInformation, |
| FileFsAttributeInformation, |
| FileFsControlInformation, |
| FileFsFullSizeInformation, |
| FileFsObjectIdInformation, |
| FileFsDriverPathInformation, |
| FileFsMaximumInformation |
| } FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS; |
| |
| typedef enum _OBJECT_INFORMATION_CLASS |
| { |
| ObjectBasicInformation = 0, |
| ObjectNameInformation = 1, |
| ObjectHandleInformation = 4 |
| // and many more |
| } OBJECT_INFORMATION_CLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _OBJECT_BASIC_INFORMATION |
| { |
| ULONG Attributes; |
| ACCESS_MASK GrantedAccess; |
| ULONG HandleCount; |
| ULONG PointerCount; |
| ULONG PagedPoolUsage; |
| ULONG NonPagedPoolUsage; |
| ULONG Reserved[3]; |
| ULONG NameInformationLength; |
| ULONG TypeInformationLength; |
| ULONG SecurityDescriptorLength; |
| LARGE_INTEGER CreateTime; |
| } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _OBJECT_NAME_INFORMATION |
| { |
| UNICODE_STRING Name; |
| } OBJECT_NAME_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _DIRECTORY_BASIC_INFORMATION |
| { |
| UNICODE_STRING ObjectName; |
| UNICODE_STRING ObjectTypeName; |
| } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_GET_QUOTA_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG SidLength; |
| SID Sid; |
| } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_QUOTA_INFORMATION { |
| ULONG NextEntryOffset; |
| ULONG SidLength; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER QuotaUsed; |
| LARGE_INTEGER QuotaThreshold; |
| LARGE_INTEGER QuotaLimit; |
| SID Sid; |
| } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_GET_EA_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| UCHAR EaNameLength; |
| CHAR EaName[1]; |
| } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_FULL_EA_INFORMATION |
| { |
| ULONG NextEntryOffset; |
| UCHAR Flags; |
| UCHAR EaNameLength; |
| USHORT EaValueLength; |
| CHAR EaName[1]; |
| } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _FILE_MAILSLOT_SET_INFORMATION |
| { |
| LARGE_INTEGER ReadTimeout; |
| } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; |
| |
| typedef VOID NTAPI (*PIO_APC_ROUTINE)(PVOID, PIO_STATUS_BLOCK, ULONG); |
| |
| /* Checked on 64 bit. */ |
| typedef struct _EVENT_BASIC_INFORMATION |
| { |
| EVENT_TYPE EventType; |
| LONG SignalState; |
| } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; |
| |
| typedef enum _EVENT_INFORMATION_CLASS |
| { |
| EventBasicInformation = 0 |
| } EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _SEMAPHORE_BASIC_INFORMATION |
| { |
| LONG CurrentCount; |
| LONG MaximumCount; |
| } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION; |
| |
| typedef enum _SEMAPHORE_INFORMATION_CLASS |
| { |
| SemaphoreBasicInformation = 0 |
| } SEMAPHORE_INFORMATION_CLASS, *PSEMAPHORE_INFORMATION_CLASS; |
| |
| typedef enum _THREADINFOCLASS |
| { |
| ThreadBasicInformation = 0, |
| ThreadTimes = 1, |
| ThreadImpersonationToken = 5, |
| ThreadQuerySetWin32StartAddress = 9 |
| } THREADINFOCLASS, *PTHREADINFOCLASS; |
| |
| /* Checked on 64 bit. */ |
| typedef struct _THREAD_BASIC_INFORMATION |
| { |
| NTSTATUS ExitStatus; |
| PNT_TIB TebBaseAddress; |
| CLIENT_ID ClientId; |
| KAFFINITY AffinityMask; |
| KPRIORITY Priority; |
| KPRIORITY BasePriority; |
| } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; |
| |
| typedef enum _TIMER_INFORMATION_CLASS { |
| TimerBasicInformation = 0 |
| } TIMER_INFORMATION_CLASS, *PTIMER_INFORMATION_CLASS; |
| |
| typedef struct _TIMER_BASIC_INFORMATION { |
| LARGE_INTEGER TimeRemaining; |
| BOOLEAN SignalState; |
| } TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION; |
| |
| typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE) |
| (PWSTR, ULONG, PVOID, ULONG, PVOID, PVOID); |
| |
| typedef struct _RTL_QUERY_REGISTRY_TABLE |
| { |
| PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine; |
| ULONG Flags; |
| PCWSTR Name; |
| PVOID EntryContext; |
| ULONG DefaultType; |
| PVOID DefaultData; |
| ULONG DefaultLength; |
| } RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE; |
| |
| typedef enum _KEY_VALUE_INFORMATION_CLASS |
| { |
| KeyValueBasicInformation = 0, |
| KeyValueFullInformation, |
| KeyValuePartialInformation |
| } KEY_VALUE_INFORMATION_CLASS, *PKEY_VALUE_INFORMATION_CLASS; |
| |
| typedef struct _KEY_VALUE_PARTIAL_INFORMATION |
| { |
| ULONG TitleIndex; |
| ULONG Type; |
| ULONG DataLength; |
| UCHAR Data[1]; |
| } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; |
| |
| typedef enum _SECTION_INHERIT |
| { |
| ViewShare = 1, |
| ViewUnmap = 2 |
| } SECTION_INHERIT; |
| |
| typedef VOID (APIENTRY *PTIMER_APC_ROUTINE)(PVOID, ULONG, ULONG); |
| |
| #ifdef __x86_64__ |
| typedef struct _SCOPE_TABLE |
| { |
| ULONG Count; |
| struct |
| { |
| ULONG BeginAddress; |
| ULONG EndAddress; |
| ULONG HandlerAddress; |
| ULONG JumpTarget; |
| } ScopeRecord[1]; |
| } SCOPE_TABLE, *PSCOPE_TABLE; |
| #endif |
| |
| #ifdef __cplusplus |
| /* This is the mapping of the KUSER_SHARED_DATA structure into the user |
| address space on BOTH architectures, 32 and 64 bit! |
| We need it here to access the current DismountCount and InterruptTime. */ |
| static volatile KUSER_SHARED_DATA &SharedUserData |
| = *(volatile KUSER_SHARED_DATA *) 0x7ffe0000; |
| |
| /* Function declarations for ntdll.dll. These don't appear in any |
| standard Win32 header. */ |
| |
| extern "C" |
| { |
| #endif |
| NTSTATUS NTAPI NtAccessCheck (PSECURITY_DESCRIPTOR, HANDLE, ACCESS_MASK, |
| PGENERIC_MAPPING, PPRIVILEGE_SET, PULONG, |
| PACCESS_MASK, PNTSTATUS); |
| NTSTATUS NTAPI NtAdjustPrivilegesToken (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, |
| ULONG, PTOKEN_PRIVILEGES, PULONG); |
| NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID); |
| NTSTATUS NTAPI NtAllocateUuids (PLARGE_INTEGER, PULONG, PULONG, PUCHAR); |
| NTSTATUS NTAPI NtCancelTimer (HANDLE, PBOOLEAN); |
| NTSTATUS NTAPI NtClose (HANDLE); |
| NTSTATUS NTAPI NtCommitTransaction (HANDLE, BOOLEAN); |
| NTSTATUS NTAPI NtContinue (PCONTEXT, BOOLEAN); |
| NTSTATUS NTAPI NtCreateDirectoryObject (PHANDLE, ACCESS_MASK, |
| POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtCreateKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG, |
| PUNICODE_STRING, ULONG, PULONG); |
| NTSTATUS NTAPI NtCreateEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| EVENT_TYPE, BOOLEAN); |
| NTSTATUS NTAPI NtCreateFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, |
| ULONG, ULONG, PVOID, ULONG); |
| NTSTATUS NTAPI NtCreateMailslotFile(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| PIO_STATUS_BLOCK, ULONG, ULONG, ULONG, |
| PLARGE_INTEGER); |
| NTSTATUS NTAPI NtCreateMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| BOOLEAN); |
| NTSTATUS NTAPI NtCreateSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| PLARGE_INTEGER, ULONG, ULONG, HANDLE); |
| NTSTATUS NTAPI NtCreateSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| LONG, LONG); |
| NTSTATUS NTAPI NtCreateTimer (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| TIMER_TYPE); |
| NTSTATUS NTAPI NtCreateToken (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| TOKEN_TYPE, PLUID, PLARGE_INTEGER, PTOKEN_USER, |
| PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_OWNER, |
| PTOKEN_PRIMARY_GROUP, PTOKEN_DEFAULT_DACL, |
| PTOKEN_SOURCE); |
| NTSTATUS NTAPI NtCreateTransaction (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| LPGUID, HANDLE, ULONG, ULONG, ULONG, |
| PLARGE_INTEGER, PUNICODE_STRING); |
| NTSTATUS NTAPI NtDuplicateToken (HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| BOOLEAN, TOKEN_TYPE, PHANDLE); |
| NTSTATUS NTAPI NtFsControlFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, |
| PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, |
| PVOID, ULONG); |
| NTSTATUS NTAPI NtFlushBuffersFile (HANDLE, PIO_STATUS_BLOCK); |
| NTSTATUS NTAPI NtLoadKey (POBJECT_ATTRIBUTES, POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtLockFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, |
| PIO_STATUS_BLOCK, PLARGE_INTEGER, PLARGE_INTEGER, |
| ULONG, BOOLEAN, BOOLEAN); |
| NTSTATUS NTAPI NtLockVirtualMemory (HANDLE, PVOID *, PSIZE_T, ULONG); |
| NTSTATUS NTAPI NtMapViewOfSection (HANDLE, HANDLE, PVOID *, ULONG_PTR, SIZE_T, |
| PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT, |
| ULONG, ULONG); |
| NTSTATUS NTAPI NtNotifyChangeDirectoryFile (HANDLE, HANDLE, PIO_APC_ROUTINE, |
| PVOID, PIO_STATUS_BLOCK, |
| PFILE_NOTIFY_INFORMATION, ULONG, |
| ULONG, BOOLEAN); |
| NTSTATUS NTAPI NtOpenDirectoryObject (PHANDLE, ACCESS_MASK, |
| POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtOpenEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtOpenFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, |
| PIO_STATUS_BLOCK, ULONG, ULONG); |
| NTSTATUS NTAPI NtOpenKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtOpenMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtOpenProcessToken (HANDLE, ACCESS_MASK, PHANDLE); |
| NTSTATUS NTAPI NtOpenThreadToken (HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE); |
| NTSTATUS NTAPI NtOpenSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtOpenSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES); |
| NTSTATUS NTAPI NtOpenSymbolicLinkObject (PHANDLE, ACCESS_MASK, |
| POBJECT_ATTRIBUTES); |
| /* WARNING! Don't rely on the timestamp information returned by |
| NtQueryAttributesFile. Only the DOS file attribute info is reliable. */ |
| NTSTATUS NTAPI NtPrivilegeCheck (HANDLE, PPRIVILEGE_SET, PBOOLEAN); |
| NTSTATUS NTAPI NtQueryAttributesFile (POBJECT_ATTRIBUTES, |
| PFILE_BASIC_INFORMATION); |
| NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PVOID, PVOID, |
| PIO_STATUS_BLOCK, PVOID, ULONG, |
| FILE_INFORMATION_CLASS, BOOLEAN, |
| PUNICODE_STRING, BOOLEAN); |
| NTSTATUS NTAPI NtQueryDirectoryObject (HANDLE, PVOID, ULONG, BOOLEAN, |
| BOOLEAN, PULONG, PULONG); |
| NTSTATUS NTAPI NtQueryEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, |
| BOOLEAN, PVOID, ULONG, PULONG, BOOLEAN); |
| NTSTATUS NTAPI NtQueryEvent (HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, |
| PULONG); |
| NTSTATUS NTAPI NtQueryFullAttributesFile (POBJECT_ATTRIBUTES, |
| PFILE_NETWORK_OPEN_INFORMATION); |
| NTSTATUS NTAPI NtQueryInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, |
| ULONG, FILE_INFORMATION_CLASS); |
| NTSTATUS NTAPI NtQueryInformationProcess (HANDLE, PROCESSINFOCLASS, |
| PVOID, ULONG, PULONG); |
| NTSTATUS NTAPI NtQueryInformationThread (HANDLE, THREADINFOCLASS, PVOID, |
| ULONG, PULONG); |
| NTSTATUS NTAPI NtQueryInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, |
| PVOID, ULONG, PULONG); |
| NTSTATUS NTAPI NtQueryObject (HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, |
| PULONG); |
| NTSTATUS NTAPI NtQueryQuotaInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, |
| ULONG, BOOLEAN, PVOID, ULONG, |
| PSID, BOOLEAN); |
| NTSTATUS NTAPI NtQuerySemaphore (HANDLE, SEMAPHORE_INFORMATION_CLASS, |
| PVOID, ULONG, PULONG); |
| NTSTATUS NTAPI NtQuerySystemInformation (SYSTEM_INFORMATION_CLASS, |
| PVOID, ULONG, PULONG); |
| NTSTATUS WINAPI NtQuerySystemTime (PLARGE_INTEGER); |
| NTSTATUS NTAPI NtQuerySecurityObject (HANDLE, SECURITY_INFORMATION, |
| PSECURITY_DESCRIPTOR, ULONG, PULONG); |
| NTSTATUS NTAPI NtQuerySymbolicLinkObject (HANDLE, PUNICODE_STRING, PULONG); |
| NTSTATUS NTAPI NtQueryTimer (HANDLE, TIMER_INFORMATION_CLASS, PVOID, |
| ULONG, PULONG); |
| NTSTATUS NTAPI NtQueryTimerResolution (PULONG, PULONG, PULONG); |
| NTSTATUS NTAPI NtQueryValueKey (HANDLE, PUNICODE_STRING, |
| KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, |
| PULONG); |
| NTSTATUS NTAPI NtQueryVirtualMemory (HANDLE, PVOID, MEMORY_INFORMATION_CLASS, |
| PVOID, SIZE_T, PSIZE_T); |
| NTSTATUS NTAPI NtQueryVolumeInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, |
| ULONG, FS_INFORMATION_CLASS); |
| NTSTATUS NTAPI NtReadFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, |
| PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, |
| PULONG); |
| NTSTATUS NTAPI NtRollbackTransaction (HANDLE, BOOLEAN); |
| NTSTATUS NTAPI NtSetEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG); |
| NTSTATUS NTAPI NtSetEvent (HANDLE, PULONG); |
| NTSTATUS NTAPI NtSetInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, |
| FILE_INFORMATION_CLASS); |
| NTSTATUS NTAPI NtSetInformationThread (HANDLE, THREADINFOCLASS, PVOID, ULONG); |
| NTSTATUS NTAPI NtSetInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, PVOID, |
| ULONG); |
| NTSTATUS NTAPI NtSetQuotaInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, |
| ULONG); |
| NTSTATUS NTAPI NtSetSecurityObject (HANDLE, SECURITY_INFORMATION, |
| PSECURITY_DESCRIPTOR); |
| NTSTATUS NTAPI NtSetTimer (HANDLE, PLARGE_INTEGER, PTIMER_APC_ROUTINE, PVOID, |
| BOOLEAN, LONG, PBOOLEAN); |
| NTSTATUS NTAPI NtSetTimerResolution (ULONG, BOOLEAN, PULONG); |
| NTSTATUS NTAPI NtSetValueKey (HANDLE, PUNICODE_STRING, ULONG, ULONG, PVOID, |
| ULONG); |
| NTSTATUS NTAPI NtSetVolumeInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, |
| ULONG, FS_INFORMATION_CLASS); |
| NTSTATUS NTAPI NtUnlockFile (HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER, |
| PLARGE_INTEGER, ULONG); |
| NTSTATUS NTAPI NtUnlockVirtualMemory (HANDLE, PVOID *, PSIZE_T, ULONG); |
| NTSTATUS NTAPI NtUnmapViewOfSection (HANDLE, PVOID); |
| NTSTATUS NTAPI NtWriteFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, |
| PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, |
| PULONG); |
| NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR, |
| PSECURITY_DESCRIPTOR, PULONG); |
| VOID NTAPI RtlAcquirePebLock (); |
| NTSTATUS NTAPI RtlAddAccessAllowedAce (PACL, ULONG, ACCESS_MASK, PSID); |
| NTSTATUS NTAPI RtlAddAccessAllowedAceEx (PACL, ULONG, ULONG, ACCESS_MASK, |
| PSID); |
| NTSTATUS NTAPI RtlAddAccessDeniedAce (PACL, ULONG, ACCESS_MASK, PSID); |
| NTSTATUS NTAPI RtlAddAccessDeniedAceEx (PACL, ULONG, ULONG, ACCESS_MASK, |
| PSID); |
| NTSTATUS NTAPI RtlAddAce (PACL, ULONG, ULONG, PVOID, ULONG); |
| PVOID NTAPI RtlAllocateHeap (PVOID, ULONG, SIZE_T); |
| NTSTATUS NTAPI RtlAppendUnicodeToString (PUNICODE_STRING, PCWSTR); |
| NTSTATUS NTAPI RtlAppendUnicodeStringToString (PUNICODE_STRING, |
| PUNICODE_STRING); |
| NTSTATUS NTAPI RtlAnsiStringToUnicodeString (PUNICODE_STRING, PANSI_STRING, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlCheckRegistryKey (ULONG, PCWSTR); |
| LONG NTAPI RtlCompareUnicodeString (PUNICODE_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlConvertSidToUnicodeString (PUNICODE_STRING, PSID, BOOLEAN); |
| NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject (PSECURITY_DESCRIPTOR, |
| PSECURITY_DESCRIPTOR, |
| PSECURITY_DESCRIPTOR *, |
| GUID *, BOOLEAN, |
| PGENERIC_MAPPING); |
| NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID); |
| VOID NTAPI RtlCopyUnicodeString (PUNICODE_STRING, PUNICODE_STRING); |
| NTSTATUS NTAPI RtlCreateAcl (PACL, ULONG, ULONG); |
| PDEBUG_BUFFER NTAPI RtlCreateQueryDebugBuffer (ULONG, BOOLEAN); |
| NTSTATUS NTAPI RtlCreateRegistryKey (ULONG, PCWSTR); |
| NTSTATUS NTAPI RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR, ULONG); |
| BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz (PUNICODE_STRING, PCSTR); |
| NTSTATUS NTAPI RtlDeleteSecurityObject (PSECURITY_DESCRIPTOR *); |
| NTSTATUS NTAPI RtlDestroyQueryDebugBuffer (PDEBUG_BUFFER); |
| NTSTATUS NTAPI RtlDowncaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlEnterCriticalSection (PRTL_CRITICAL_SECTION); |
| BOOLEAN NTAPI RtlEqualPrefixSid (PSID, PSID); |
| BOOLEAN NTAPI RtlEqualSid (PSID, PSID); |
| BOOLEAN NTAPI RtlEqualUnicodeString (PUNICODE_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| VOID NTAPI RtlFreeAnsiString (PANSI_STRING); |
| BOOLEAN NTAPI RtlFreeHeap (HANDLE, ULONG, PVOID); |
| VOID NTAPI RtlFreeOemString (POEM_STRING); |
| VOID NTAPI RtlFreeUnicodeString (PUNICODE_STRING); |
| BOOLEAN NTAPI RtlFirstFreeAce (PACL, PVOID *); |
| NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID); |
| NTSTATUS NTAPI RtlGetControlSecurityDescriptor (PSECURITY_DESCRIPTOR, |
| PSECURITY_DESCRIPTOR_CONTROL, |
| PULONG); |
| HANDLE NTAPI RtlGetCurrentTransaction (); |
| NTSTATUS NTAPI RtlGetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, PBOOLEAN, |
| PACL *, PBOOLEAN); |
| NTSTATUS NTAPI RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *, |
| PBOOLEAN); |
| NTSTATUS NTAPI RtlGetNtVersionNumbers (LPDWORD, LPDWORD, LPDWORD); |
| NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *, |
| PBOOLEAN); |
| NTSTATUS NTAPI RtlGetVersion (PRTL_OSVERSIONINFOEXW); |
| PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid (PSID); |
| VOID NTAPI RtlInitEmptyUnicodeString (PUNICODE_STRING, PCWSTR, USHORT); |
| VOID NTAPI RtlInitAnsiString (PANSI_STRING, PCSTR); |
| NTSTATUS NTAPI RtlInitializeSid (PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR); |
| VOID NTAPI RtlInitUnicodeString (PUNICODE_STRING, PCWSTR); |
| NTSTATUS NTAPI RtlIntegerToUnicodeString (ULONG, ULONG, PUNICODE_STRING); |
| ULONG NTAPI RtlIsDosDeviceName_U (PCWSTR); |
| NTSTATUS NTAPI RtlLeaveCriticalSection (PRTL_CRITICAL_SECTION); |
| ULONG NTAPI RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR); |
| ULONG NTAPI RtlLengthSid (PSID); |
| ULONG NTAPI RtlNtStatusToDosError (NTSTATUS); |
| NTSTATUS NTAPI RtlOemStringToUnicodeString (PUNICODE_STRING, POEM_STRING, |
| BOOLEAN); |
| BOOLEAN NTAPI RtlPrefixUnicodeString (PUNICODE_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlQueryProcessDebugInformation (ULONG, ULONG, PDEBUG_BUFFER); |
| NTSTATUS NTAPI RtlQueryRegistryValues (ULONG, PCWSTR, |
| PRTL_QUERY_REGISTRY_TABLE, PVOID, |
| PVOID); |
| VOID NTAPI RtlReleasePebLock (); |
| VOID NTAPI RtlSecondsSince1970ToTime (ULONG, PLARGE_INTEGER); |
| NTSTATUS NTAPI RtlSetCurrentDirectory_U (PUNICODE_STRING); |
| BOOLEAN NTAPI RtlSetCurrentTransaction (HANDLE); |
| NTSTATUS NTAPI RtlSetControlSecurityDescriptor (PSECURITY_DESCRIPTOR, |
| SECURITY_DESCRIPTOR_CONTROL, |
| SECURITY_DESCRIPTOR_CONTROL); |
| NTSTATUS NTAPI RtlSetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, BOOLEAN, |
| PACL, BOOLEAN); |
| NTSTATUS NTAPI RtlSetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID, |
| BOOLEAN); |
| PUCHAR NTAPI RtlSubAuthorityCountSid (PSID); |
| PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG); |
| ULONG NTAPI RtlUnicodeStringToAnsiSize (PUNICODE_STRING); |
| NTSTATUS NTAPI RtlUnicodeStringToAnsiString (PANSI_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlUnicodeStringToOemString (PANSI_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| WCHAR NTAPI RtlUpcaseUnicodeChar (WCHAR); |
| NTSTATUS NTAPI RtlUpcaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING, |
| BOOLEAN); |
| NTSTATUS NTAPI RtlWriteRegistryValue (ULONG, PCWSTR, PCWSTR, ULONG, PVOID, |
| ULONG); |
| |
| #ifdef __cplusplus |
| /* A few Rtl functions are either actually macros, or they just don't |
| exist even though they would be a big help. We implement them here, |
| partly as inline functions. */ |
| |
| /* RtlInitEmptyUnicodeString is defined as a macro in wdm.h, but that file |
| is missing entirely in w32api. */ |
| inline |
| VOID NTAPI RtlInitEmptyUnicodeString(PUNICODE_STRING dest, PCWSTR buf, |
| USHORT len) |
| { |
| dest->Length = 0; |
| dest->MaximumLength = len; |
| dest->Buffer = (PWSTR) buf; |
| } |
| /* Like RtlInitEmptyUnicodeString, but initialize Length to len, too. |
| This is for instance useful when creating a UNICODE_STRING from an |
| NtQueryInformationFile info buffer, where the length of the filename |
| is known, but you can't rely on the string being 0-terminated. |
| If you know it's 0-terminated, just use RtlInitUnicodeString(). */ |
| inline |
| VOID NTAPI RtlInitCountedUnicodeString (PUNICODE_STRING dest, PCWSTR buf, |
| USHORT len) |
| { |
| dest->Length = dest->MaximumLength = len; |
| dest->Buffer = (PWSTR) buf; |
| } |
| /* Split path into dirname and basename part. This function does not |
| copy anything! It just initializes the dirname and basename |
| UNICODE_STRINGs so that their Buffer members point to the right spot |
| into path's Buffer, and the Length (and MaximumLength) members are set |
| to match the dirname part and the basename part. |
| Note that dirname's Length is set so that it also includes the trailing |
| backslash. If you don't need it, just subtract sizeof(WCHAR) from |
| dirname.Length. */ |
| inline |
| VOID NTAPI RtlSplitUnicodePath (PUNICODE_STRING path, PUNICODE_STRING dirname, |
| PUNICODE_STRING basename) |
| { |
| USHORT len = path->Length / sizeof (WCHAR); |
| while (len > 0 && path->Buffer[--len] != L'\\') |
| ; |
| ++len; |
| if (dirname) |
| RtlInitCountedUnicodeString (dirname, path->Buffer, len * sizeof (WCHAR)); |
| if (basename) |
| RtlInitCountedUnicodeString (basename, &path->Buffer[len], |
| path->Length - len * sizeof (WCHAR)); |
| } |
| /* Check if prefix is a prefix of path. */ |
| inline |
| BOOLEAN NTAPI RtlEqualUnicodePathPrefix (PUNICODE_STRING path, |
| PUNICODE_STRING prefix, |
| BOOLEAN caseinsensitive) |
| { |
| UNICODE_STRING p; |
| |
| RtlInitCountedUnicodeString (&p, path->Buffer, |
| prefix->Length < path->Length |
| ? prefix->Length : path->Length); |
| return RtlEqualUnicodeString (&p, prefix, caseinsensitive); |
| } |
| /* Check if suffix is a suffix of path. */ |
| inline |
| BOOL NTAPI RtlEqualUnicodePathSuffix (PUNICODE_STRING path, |
| PUNICODE_STRING suffix, |
| BOOLEAN caseinsensitive) |
| { |
| UNICODE_STRING p; |
| |
| if (suffix->Length < path->Length) |
| RtlInitCountedUnicodeString (&p, (PWCHAR) ((PBYTE) path->Buffer |
| + path->Length - suffix->Length), |
| suffix->Length); |
| else |
| RtlInitCountedUnicodeString (&p, path->Buffer, path->Length); |
| return RtlEqualUnicodeString (&p, suffix, caseinsensitive); |
| } |
| /* Implemented in strfuncs.cc. Create a Hex UNICODE_STRING from a given |
| 64 bit integer value. If append is TRUE, append the hex string, |
| otherwise overwrite dest. Returns either STATUS_SUCCESS, or |
| STATUS_BUFFER_OVERFLOW, if the unicode buffer is too small (hasn't |
| room for 16 WCHARs). */ |
| NTSTATUS NTAPI RtlInt64ToHexUnicodeString (ULONGLONG value, |
| PUNICODE_STRING dest, |
| BOOLEAN append); |
| /* Set file attributes. Don't change file times. */ |
| inline |
| NTSTATUS NTAPI NtSetAttributesFile (HANDLE h, ULONG attr) |
| { |
| IO_STATUS_BLOCK io; |
| FILE_BASIC_INFORMATION fbi; |
| fbi.CreationTime.QuadPart = fbi.LastAccessTime.QuadPart = |
| fbi.LastWriteTime.QuadPart = fbi.ChangeTime.QuadPart = 0LL; |
| fbi.FileAttributes = attr ?: FILE_ATTRIBUTE_NORMAL; |
| return NtSetInformationFile(h, &io, &fbi, sizeof fbi, FileBasicInformation); |
| } |
| |
| /* This test for a signalled event is twice as fast as calling |
| WaitForSingleObject (event, 0). */ |
| inline |
| BOOL NTAPI IsEventSignalled (HANDLE event) |
| { |
| EVENT_BASIC_INFORMATION ebi; |
| return NT_SUCCESS (NtQueryEvent (event, EventBasicInformation, |
| &ebi, sizeof ebi, NULL)) |
| && ebi.SignalState != 0; |
| |
| } |
| } |
| #endif |
