| #ifndef _NT_H |
| #define _NT_H |
| |
| #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ |
| { \ |
| sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ |
| sizeof(__SOURCE_STRING__), \ |
| (__SOURCE_STRING__) \ |
| } |
| |
| #define ARRAYSIZE(a) sizeof(a)/sizeof(*a) |
| #define ExitProcess(N) NtTerminateProcess((void *)-1, N) |
| |
| #ifndef NTAPI |
| #define NTAPI __stdcall |
| #endif |
| |
| typedef unsigned long int NTSTATUS; |
| |
| typedef enum _PROCESSINFOCLASS { |
| ProcessBasicInformation, |
| ProcessQuotaLimits, |
| ProcessIoCounters, |
| ProcessVmCounters, |
| ProcessTimes, |
| ProcessBasePriority, |
| ProcessRaisePriority, |
| ProcessDebugPort, |
| ProcessExceptionPort, |
| ProcessAccessToken, |
| ProcessLdtInformation, |
| ProcessLdtSize, |
| ProcessDefaultHardErrorMode, |
| ProcessIoPortHandlers, |
| ProcessPooledUsageAndLimits, |
| ProcessWorkingSetWatch, |
| ProcessUserModeIOPL, |
| ProcessEnableAlignmentFaultFixup, |
| ProcessPriorityClass, |
| ProcessWx86Information, |
| ProcessHandleCount, |
| ProcessAffinityMask, |
| ProcessPriorityBoost, |
| ProcessDeviceMap, |
| ProcessSessionInformation, |
| ProcessForegroundInformation, |
| ProcessWow64Information, |
| ProcessImageFileName, |
| ProcessLUIDDeviceMapsEnabled, |
| ProcessBreakOnTermination, |
| ProcessDebugObjectHandle, |
| ProcessDebugFlags, |
| ProcessHandleTracing, |
| MaxProcessInfoClass |
| } PROCESSINFOCLASS; |
| |
| typedef struct _PEB_LDR_DATA |
| { |
| unsigned long int Length; |
| char Initialized; |
| void *SsHandle; |
| LIST_ENTRY InLoadOrderModuleList; |
| LIST_ENTRY InMemoryOrderModuleList; |
| LIST_ENTRY InInitializationOrderModuleList; |
| void *EntryInProgress; |
| } PEB_LDR_DATA, *PPEB_LDR_DATA; |
| |
| typedef NTSTATUS (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(void); |
| |
| typedef struct _UNICODE_STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; |
| wchar_t *Buffer; |
| } UNICODE_STRING, *PUNICODE_STRING; |
| |
| /* |
| typedef struct _PEB |
| { |
| unsigned long int InheritedAddressSpace; |
| unsigned long int ReadImageFileExecOptions; |
| unsigned long int BeingDebugged; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| union |
| { |
| struct |
| { |
| unsigned long int ImageUsesLargePages:1; |
| unsigned long int IsProtectedProcess:1; |
| unsigned long int IsLegacyProcess:1; |
| unsigned long int IsImageDynamicallyRelocated:1; |
| unsigned long int SkipPatchingUser32Forwarders:1; |
| unsigned long int SpareBits:3; |
| }; |
| unsigned long int BitField; |
| }; |
| #else |
| char SpareBool; |
| #endif |
| void *Mutant; |
| void *ImageBaseAddress; |
| PEB_LDR_DATA *Ldr; |
| struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; |
| void *SubSystemData; |
| void *ProcessHeap; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *FastPebLock; |
| void *AltThunkSListPtr; |
| void *IFEOKey; |
| union |
| { |
| struct |
| { |
| unsigned long int ProcessInJob:1; |
| unsigned long int ProcessInitializing:1; |
| unsigned long int ProcessUsingVEH:1; |
| unsigned long int ProcessUsingVCH:1; |
| unsigned long int ReservedBits0:28; |
| }; |
| unsigned long int CrossProcessFlags; |
| }; |
| union |
| { |
| void **KernelCallbackTable; |
| void *UserSharedInfoPtr; |
| }; |
| unsigned long int SystemReserved[1]; |
| unsigned long int SpareUlong; |
| unsigned long int SparePebPtr0; |
| #else |
| void *FastPebLock; |
| PEBLOCKROUTINE *FastPebLockRoutine; |
| PEBLOCKROUTINE *FastPebUnlockRoutine; |
| unsigned long int EnvironmentUpdateCount; |
| void **KernelCallbackTable; |
| void *EventLogSection; |
| void *EventLog; |
| PEB_FREE_BLOCK *FreeList; |
| #endif |
| unsigned long int TlsExpansionCounter; |
| void *TlsBitmap; |
| unsigned long int TlsBitmapBits[0x2]; |
| void *ReadOnlySharedMemoryBase; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *HotpatchInformation; |
| #else |
| void *ReadOnlySharedMemoryHeap; |
| #endif |
| void **ReadOnlyStaticServerData; |
| void *AnsiCodePageData; |
| void *OemCodePageData; |
| void *UnicodeCaseTableData; |
| unsigned long int NumberOfProcessors; |
| unsigned long int NtGlobalFlag; |
| LARGE_INTEGER CriticalSectionTimeout; |
| unsigned long int HeapSegmentReserve; |
| unsigned long int HeapSegmentCommit; |
| unsigned long int HeapDeCommitTotalFreeThreshold; |
| unsigned long int HeapDeCommitFreeBlockThreshold; |
| unsigned long int NumberOfHeaps; |
| unsigned long int MaximumNumberOfHeaps; |
| void **ProcessHeaps; |
| void *GdiSharedHandleTable; |
| void *ProcessStarterHelper; |
| unsigned long int GdiDCAttributeList; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *LoaderLock; |
| #else |
| void *LoaderLock; |
| #endif |
| unsigned long int OSMajorVersion; |
| unsigned long int OSMinorVersion; |
| unsigned short int OSBuildNumber; |
| unsigned short int OSCSDVersion; |
| unsigned long int OSPlatformId; |
| unsigned long int ImageSubSystem; |
| unsigned long int ImageSubSystemMajorVersion; |
| unsigned long int ImageSubSystemMinorVersion; |
| unsigned long int ImageProcessAffinityMask; |
| unsigned long int GdiHandleBuffer[0x22]; |
| PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; |
| struct _RTL_BITMAP *TlsExpansionBitmap; |
| unsigned long int TlsExpansionBitmapBits[0x20]; |
| unsigned long int SessionId; |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| ULARGE_INTEGER AppCompatFlags; |
| ULARGE_INTEGER AppCompatFlagsUser; |
| void *pShimData; |
| void *AppCompatInfo; |
| UNICODE_STRING CSDVersion; |
| struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; |
| struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; |
| unsigned long int MinimumStackCommit; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| void **FlsCallback; |
| LIST_ENTRY FlsListHead; |
| struct _RTL_BITMAP *FlsBitmap; |
| unsigned long int FlsBitmapBits[4]; |
| unsigned long int FlsHighIndex; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *WerRegistrationData; |
| void *WerShipAssertPtr; |
| #endif |
| } PEB, *PPEB; |
| */ |
| typedef struct _PEB |
| { |
| UCHAR InheritedAddressSpace; |
| UCHAR ReadImageFileExecOptions; |
| UCHAR BeingDebugged; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| union |
| { |
| struct |
| { |
| UCHAR ImageUsesLargePages:1; |
| UCHAR IsProtectedProcess:1; |
| UCHAR IsLegacyProcess:1; |
| UCHAR IsImageDynamicallyRelocated:1; |
| UCHAR SkipPatchingUser32Forwarders:1; |
| UCHAR SpareBits:3; |
| }; |
| UCHAR BitField; |
| }; |
| #else |
| BOOLEAN SpareBool; |
| #endif |
| HANDLE Mutant; |
| PVOID ImageBaseAddress; |
| PPEB_LDR_DATA Ldr; |
| struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; |
| PVOID SubSystemData; |
| PVOID ProcessHeap; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *FastPebLock; |
| PVOID AltThunkSListPtr; |
| PVOID IFEOKey; |
| union |
| { |
| struct |
| { |
| ULONG ProcessInJob:1; |
| ULONG ProcessInitializing:1; |
| ULONG ProcessUsingVEH:1; |
| ULONG ProcessUsingVCH:1; |
| ULONG ReservedBits0:28; |
| }; |
| ULONG CrossProcessFlags; |
| }; |
| union |
| { |
| PVOID* KernelCallbackTable; |
| PVOID UserSharedInfoPtr; |
| }; |
| ULONG SystemReserved[1]; |
| ULONG SpareUlong; |
| ULONG SparePebPtr0; |
| #else |
| PVOID FastPebLock; |
| PPEBLOCKROUTINE FastPebLockRoutine; |
| PPEBLOCKROUTINE FastPebUnlockRoutine; |
| ULONG EnvironmentUpdateCount; |
| PVOID* KernelCallbackTable; |
| PVOID EventLogSection; |
| PVOID EventLog; |
| PPEB_FREE_BLOCK FreeList; |
| #endif |
| ULONG TlsExpansionCounter; |
| PVOID TlsBitmap; |
| ULONG TlsBitmapBits[0x2]; |
| PVOID ReadOnlySharedMemoryBase; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| PVOID HotpatchInformation; |
| #else |
| PVOID ReadOnlySharedMemoryHeap; |
| #endif |
| PVOID* ReadOnlyStaticServerData; |
| PVOID AnsiCodePageData; |
| PVOID OemCodePageData; |
| PVOID UnicodeCaseTableData; |
| ULONG NumberOfProcessors; |
| ULONG NtGlobalFlag; |
| LARGE_INTEGER CriticalSectionTimeout; |
| ULONG HeapSegmentReserve; |
| ULONG HeapSegmentCommit; |
| ULONG HeapDeCommitTotalFreeThreshold; |
| ULONG HeapDeCommitFreeBlockThreshold; |
| ULONG NumberOfHeaps; |
| ULONG MaximumNumberOfHeaps; |
| PVOID* ProcessHeaps; |
| PVOID GdiSharedHandleTable; |
| PVOID ProcessStarterHelper; |
| ULONG GdiDCAttributeList; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *LoaderLock; |
| #else |
| PVOID LoaderLock; |
| #endif |
| ULONG OSMajorVersion; |
| ULONG OSMinorVersion; |
| USHORT OSBuildNumber; |
| USHORT OSCSDVersion; |
| ULONG OSPlatformId; |
| ULONG ImageSubSystem; |
| ULONG ImageSubSystemMajorVersion; |
| ULONG ImageSubSystemMinorVersion; |
| ULONG ImageProcessAffinityMask; |
| ULONG GdiHandleBuffer[0x22]; |
| PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; |
| struct _RTL_BITMAP *TlsExpansionBitmap; |
| ULONG TlsExpansionBitmapBits[0x20]; |
| ULONG SessionId; |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| ULARGE_INTEGER AppCompatFlags; |
| ULARGE_INTEGER AppCompatFlagsUser; |
| PVOID pShimData; |
| PVOID AppCompatInfo; |
| UNICODE_STRING CSDVersion; |
| struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; |
| struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; |
| ULONG MinimumStackCommit; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| PVOID *FlsCallback; |
| LIST_ENTRY FlsListHead; |
| struct _RTL_BITMAP *FlsBitmap; |
| ULONG FlsBitmapBits[4]; |
| ULONG FlsHighIndex; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| PVOID WerRegistrationData; |
| PVOID WerShipAssertPtr; |
| #endif |
| } PEB, *PPEB; |
| |
| typedef struct _PROCESS_BASIC_INFORMATION { |
| void *Reserved1; |
| PEB *PebBaseAddress; |
| void *Reserved2[2]; |
| unsigned long int *UniqueProcessId; |
| void *Reserved3; |
| } PROCESS_BASIC_INFORMATION; |
| |
| typedef struct _RTL_USER_PROCESS_PARAMETERS { |
| unsigned long int AllocationSize; |
| unsigned long int Size; |
| unsigned long int Flags; |
| unsigned long int DebugFlags; |
| void *hConsole; |
| unsigned long int ProcessGroup; |
| void *hStdInput; |
| void *hStdOutput; |
| void *hStdError; |
| UNICODE_STRING CurrentDirectoryName; |
| void *CurrentDirectoryHandle; |
| UNICODE_STRING DllPath; |
| UNICODE_STRING ImagePathName; |
| UNICODE_STRING CommandLine; |
| wchar_t *Environment; |
| unsigned long int dwX; |
| unsigned long int dwY; |
| unsigned long int dwXSize; |
| unsigned long int dwYSize; |
| unsigned long int dwXCountChars; |
| unsigned long int dwYCountChars; |
| unsigned long int dwFillAttribute; |
| unsigned long int dwFlags; |
| unsigned long int wShowWindow; |
| UNICODE_STRING WindowTitle; |
| UNICODE_STRING DesktopInfo; |
| UNICODE_STRING ShellInfo; |
| UNICODE_STRING RuntimeInfo; |
| } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; |
| |
| // Custom Heap Commit Routine for RtlCreateHeap |
| typedef NTSTATUS (NTAPI * PRTL_HEAP_COMMIT_ROUTINE)(void *Base, void **CommitAddress, size_t *CommitSize); |
| |
| typedef struct _RTL_HEAP_PARAMETERS |
| { |
| unsigned long int Length; |
| size_t SegmentReserve; |
| size_t SegmentCommit; |
| size_t DeCommitFreeBlockThreshold; |
| size_t DeCommitTotalFreeThreshold; |
| size_t MaximumAllocationSize; |
| size_t VirtualMemoryThreshold; |
| size_t InitialCommit; |
| size_t InitialReserve; |
| PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; |
| size_t Reserved[2]; |
| } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; |
| |
| typedef struct _RTL_OSVERSIONINFO { |
| unsigned long int dwOSVersionInfoSize; |
| unsigned long int dwMajorVersion; |
| unsigned long int dwMinorVersion; |
| unsigned long int dwBuildNumber; |
| unsigned long int dwPlatformId; |
| // WCHAR szCSDVersion[128]; |
| } RTL_OSVERSIONINFO, *PRTL_OSVERSIONINFO; |
| |
| unsigned long int NTAPI NtAdjustPrivilegesToken(void *TokenHandle, char DisableAllPrivileges, TOKEN_PRIVILEGES *NewState, unsigned long int BufferLength, TOKEN_PRIVILEGES *PreviousState, unsigned long int *ReturnLength); |
| unsigned long int NTAPI NtClose(void *Handle); |
| unsigned long int NTAPI NtDelayExecution(char, PLARGE_INTEGER); |
| unsigned long int NTAPI NtDisplayString(PUNICODE_STRING DisplayString); |
| unsigned long int NTAPI NtOpenProcessToken(void *ProcessHandle, ACCESS_MASK DesiredAccess, void **TokenHandle); |
| unsigned long int NTAPI NtQueryInformationProcess(void *ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, void *ProcessInformation, unsigned long int ProcessInformationLength, unsigned long int *ReturnLength); |
| unsigned long int NTAPI NtTerminateProcess(void *, unsigned long int); |
| |
| unsigned long int NTAPI RtlAdjustPrivilege(unsigned long int Privilege, char NewValue, char ForThread, char *OldValue); |
| void NTAPI RtlAssert(const char *, const char *, unsigned long int, const char *) __attribute__((__noreturn__)); |
| RTL_USER_PROCESS_PARAMETERS *NTAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS *ProcessParameters); |
| void *NTAPI RtlCreateHeap(unsigned long int Flags, void *BaseAddress, size_t SizeToReserve, size_t SizeToCommit, void *Lock, RTL_HEAP_PARAMETERS *Parameters); |
| void *NTAPI RtlAllocateHeap(void *HeapHandle, unsigned long int Flags, size_t Size); |
| void *NTAPI RtlReAllocateHeap(void *HeapHandle, unsigned long int Flags, void *Ptr, size_t Size); |
| char NTAPI RtlFreeHeap(void *HeapHandle, unsigned long int Flags, void *HeapBase); |
| unsigned long int NTAPI RtlGetVersion(RTL_OSVERSIONINFO *lpVersionInformation); |
| |
| #endif |