| #ifndef _NT_H |
| #define _NT_H |
| |
| #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ |
| { \ |
| sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ |
| sizeof(__SOURCE_STRING__), \ |
| (__SOURCE_STRING__) \ |
| } |
| |
| #define ARRAYSIZE(a) sizeof(a)/sizeof(*a) |
| #define ExitProcess(N) NtTerminateProcess((void *)-1, N) |
| |
| #ifndef NTAPI |
| #define NTAPI __stdcall |
| #endif |
| |
| #define OBJ_INHERIT 2L |
| #define OBJ_PERMANENT 16L |
| #define OBJ_EXCLUSIVE 32L |
| #define OBJ_CASE_INSENSITIVE 64L |
| #define OBJ_OPENIF 128L |
| #define OBJ_OPENLINK 256L |
| #define OBJ_VALID_ATTRIBUTES 498L |
| #define InitializeObjectAttributes(p,n,a,r,s) { \ |
| (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ |
| (p)->RootDirectory = (r); \ |
| (p)->Attributes = (a); \ |
| (p)->ObjectName = (n); \ |
| (p)->SecurityDescriptor = (s); \ |
| (p)->SecurityQualityOfService = NULL; \ |
| } |
| |
| #define RTL_MAX_DRIVE_LETTERS 32 |
| |
| #define SYMBOLIC_LINK_QUERY 0x0001 |
| #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) |
| |
| typedef unsigned long int NTSTATUS; |
| |
| typedef enum _OBJECT_INFORMATION_CLASS { |
| ObjectBasicInformation, |
| ObjectNameInformation, |
| ObjectTypeInformation, |
| ObjectTypesInformation, |
| ObjectHandleFlagInformation, |
| ObjectSessionInformation, |
| MaxObjectInfoClass |
| } OBJECT_INFORMATION_CLASS; |
| |
| typedef enum _FILE_INFORMATION_CLASS { |
| FileDirectoryInformation = 1, |
| FileFullDirectoryInformation, |
| FileBothDirectoryInformation, |
| FileBasicInformation, |
| FileStandardInformation, |
| FileInternalInformation, |
| FileEaInformation, |
| FileAccessInformation, |
| FileNameInformation, |
| FileRenameInformation, |
| FileLinkInformation, |
| FileNamesInformation, |
| FileDispositionInformation, |
| FilePositionInformation, |
| FileFullEaInformation, |
| FileModeInformation, |
| FileAlignmentInformation, |
| FileAllInformation, |
| FileAllocationInformation, |
| FileEndOfFileInformation, |
| FileAlternateNameInformation, |
| FileStreamInformation, |
| FilePipeInformation, |
| FilePipeLocalInformation, |
| FilePipeRemoteInformation, |
| FileMailslotQueryInformation, |
| FileMailslotSetInformation, |
| FileCompressionInformation, |
| FileObjectIdInformation, |
| FileCompletionInformation, |
| FileMoveClusterInformation, |
| FileQuotaInformation, |
| FileReparsePointInformation, |
| FileNetworkOpenInformation, |
| FileAttributeTagInformation, |
| FileTrackingInformation, |
| FileIdBothDirectoryInformation, |
| FileIdFullDirectoryInformation, |
| FileValidDataLengthInformation, |
| FileShortNameInformation, |
| FileIoCompletionNotificationInformation, |
| FileIoStatusBlockRangeInformation, |
| FileIoPriorityHintInformation, |
| FileSfioReserveInformation, |
| FileSfioVolumeInformation, |
| FileHardLinkInformation, |
| FileProcessIdsUsingFileInformation, |
| FileNormalizedNameInformation, |
| FileNetworkPhysicalNameInformation, |
| FileIdGlobalTxDirectoryInformation, |
| FileMaximumInformation |
| } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; |
| |
| typedef enum _PROCESSINFOCLASS { |
| ProcessBasicInformation, |
| ProcessQuotaLimits, |
| ProcessIoCounters, |
| ProcessVmCounters, |
| ProcessTimes, |
| ProcessBasePriority, |
| ProcessRaisePriority, |
| ProcessDebugPort, |
| ProcessExceptionPort, |
| ProcessAccessToken, |
| ProcessLdtInformation, |
| ProcessLdtSize, |
| ProcessDefaultHardErrorMode, |
| ProcessIoPortHandlers, |
| ProcessPooledUsageAndLimits, |
| ProcessWorkingSetWatch, |
| ProcessUserModeIOPL, |
| ProcessEnableAlignmentFaultFixup, |
| ProcessPriorityClass, |
| ProcessWx86Information, |
| ProcessHandleCount, |
| ProcessAffinityMask, |
| ProcessPriorityBoost, |
| ProcessDeviceMap, |
| ProcessSessionInformation, |
| ProcessForegroundInformation, |
| ProcessWow64Information, |
| ProcessImageFileName, |
| ProcessLUIDDeviceMapsEnabled, |
| ProcessBreakOnTermination, |
| ProcessDebugObjectHandle, |
| ProcessDebugFlags, |
| ProcessHandleTracing, |
| MaxProcessInfoClass |
| } PROCESSINFOCLASS; |
| |
| typedef void (NTAPI *PPEBLOCKROUTINE)(void *); |
| |
| typedef NTSTATUS (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(void); |
| |
| typedef struct _PEB_FREE_BLOCK { |
| struct _PEB_FREE_BLOCK *Next; |
| unsigned long int Size; |
| } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; |
| |
| typedef struct _PEB_LDR_DATA { |
| unsigned long int Length; |
| unsigned char Initialized; |
| void *SsHandle; |
| LIST_ENTRY InLoadOrderModuleList; |
| LIST_ENTRY InMemoryOrderModuleList; |
| LIST_ENTRY InInitializationOrderModuleList; |
| void *EntryInProgress; |
| } PEB_LDR_DATA, *PPEB_LDR_DATA; |
| |
| typedef struct _STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; |
| char *Buffer; |
| } STRING, *PSTRING; |
| |
| typedef struct _UNICODE_STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; |
| wchar_t *Buffer; |
| } UNICODE_STRING, *PUNICODE_STRING; |
| |
| #if !defined(__WINDDK_H) && !defined(_RTLTYPES_H) |
| typedef struct _RTL_BITMAP { |
| unsigned long int SizeOfBitMap; |
| unsigned long int *Buffer; |
| } RTL_BITMAP, *PRTL_BITMAP; |
| #endif |
| |
| typedef struct _CURDIR { |
| UNICODE_STRING DosPath; |
| void *Handle; |
| } CURDIR, *PCURDIR; |
| |
| typedef struct _RTL_DRIVE_LETTER_CURDIR { |
| unsigned short int Flags; |
| unsigned short int Length; |
| unsigned long int TimeStamp; |
| STRING DosPath; |
| } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; |
| |
| typedef struct _RTL_USER_PROCESS_PARAMETERS { |
| unsigned long int AllocationSize; |
| unsigned long int Size; |
| unsigned long int Flags; |
| unsigned long int DebugFlags; |
| void *ConsoleHandle; |
| unsigned long int ConsoleFlags; |
| void *StandardInput; |
| void *StandardOutput; |
| void *StandardError; |
| CURDIR CurrentDirectory; |
| UNICODE_STRING DllPath; |
| UNICODE_STRING ImagePathName; |
| UNICODE_STRING CommandLine; |
| wchar_t *Environment; |
| unsigned long int StartingX; |
| unsigned long int StartingY; |
| unsigned long int CountX; |
| unsigned long int CountY; |
| unsigned long int CountCharsX; |
| unsigned long int CountCharsY; |
| unsigned long int FillAttribute; |
| unsigned long int WindowFlags; |
| unsigned long int ShowWindowFlags; |
| UNICODE_STRING WindowTitle; |
| UNICODE_STRING DesktopInfo; |
| UNICODE_STRING ShellInfo; |
| UNICODE_STRING RuntimeData; |
| RTL_DRIVE_LETTER_CURDIR CurrentDirectores[RTL_MAX_DRIVE_LETTERS]; |
| } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; |
| |
| typedef struct _PEB { |
| unsigned char InheritedAddressSpace; |
| unsigned char ReadImageFileExecOptions; |
| unsigned char BeingDebugged; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| union { |
| struct { |
| unsigned char ImageUsesLargePages:1; |
| unsigned char IsProtectedProcess:1; |
| unsigned char IsLegacyProcess:1; |
| unsigned char IsImageDynamicallyRelocated:1; |
| unsigned char SkipPatchingUser32Forwarders:1; |
| unsigned char SpareBits:3; |
| }; |
| unsigned char BitField; |
| }; |
| #else |
| unsigned char SpareBool; |
| #endif |
| void *Mutant; |
| void *ImageBaseAddress; |
| PEB_LDR_DATA *Ldr; |
| RTL_USER_PROCESS_PARAMETERS *ProcessParameters; |
| void *SubSystemData; |
| void *ProcessHeap; |
| RTL_CRITICAL_SECTION *FastPebLock; |
| /* |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *AltThunkSListPtr; |
| void *IFEOKey; |
| union { |
| struct { |
| unsigned long int ProcessInJob:1; |
| unsigned long int ProcessInitializing:1; |
| unsigned long int ProcessUsingVEH:1; |
| unsigned long int ProcessUsingVCH:1; |
| unsigned long int ReservedBits0:28; |
| }; |
| unsigned long int CrossProcessFlags; |
| }; |
| union { |
| void **KernelCallbackTable; |
| void *UserSharedInfoPtr; |
| }; |
| unsigned long int SystemReserved[1]; |
| unsigned long int SpareUlong; |
| unsigned long int SparePebPtr0; |
| #else*/ |
| PPEBLOCKROUTINE FastPebLockRoutine; |
| PPEBLOCKROUTINE FastPebUnlockRoutine; |
| unsigned long int EnvironmentUpdateCount; |
| void **KernelCallbackTable; |
| void *EventLogSection; |
| void *EventLog; |
| PEB_FREE_BLOCK *FreeList; |
| //#endif |
| unsigned long int TlsExpansionCounter; |
| void *TlsBitmap; |
| unsigned long int TlsBitmapBits[0x2]; |
| void *ReadOnlySharedMemoryBase; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *HotpatchInformation; |
| #else |
| void *ReadOnlySharedMemoryHeap; |
| #endif |
| void **ReadOnlyStaticServerData; |
| void *AnsiCodePageData; |
| void *OemCodePageData; |
| void *UnicodeCaseTableData; |
| unsigned long int NumberOfProcessors; |
| unsigned long int NtGlobalFlag; |
| LARGE_INTEGER CriticalSectionTimeout; |
| unsigned long int HeapSegmentReserve; |
| unsigned long int HeapSegmentCommit; |
| unsigned long int HeapDeCommitTotalFreeThreshold; |
| unsigned long int HeapDeCommitFreeBlockThreshold; |
| unsigned long int NumberOfHeaps; |
| unsigned long int MaximumNumberOfHeaps; |
| void **ProcessHeaps; |
| void *GdiSharedHandleTable; |
| void *ProcessStarterHelper; |
| unsigned long int GdiDCAttributeList; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| RTL_CRITICAL_SECTION *LoaderLock; |
| #else |
| void *LoaderLock; |
| #endif |
| unsigned long int OSMajorVersion; |
| unsigned long int OSMinorVersion; |
| unsigned short int OSBuildNumber; |
| unsigned short int OSCSDVersion; |
| unsigned long int OSPlatformId; |
| unsigned long int ImageSubSystem; |
| unsigned long int ImageSubSystemMajorVersion; |
| unsigned long int ImageSubSystemMinorVersion; |
| unsigned long int ImageProcessAffinityMask; |
| unsigned long int GdiHandleBuffer[0x22]; |
| PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; |
| RTL_BITMAP *TlsExpansionBitmap; |
| unsigned long int TlsExpansionBitmapBits[0x20]; |
| unsigned long int SessionId; |
| //#if (NTDDI_VERSION >= NTDDI_WINXP) |
| ULARGE_INTEGER AppCompatFlags; |
| ULARGE_INTEGER AppCompatFlagsUser; |
| void *pShimData; |
| void *AppCompatInfo; |
| UNICODE_STRING CSDVersion; |
| struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; |
| struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; |
| unsigned long int MinimumStackCommit; |
| //#endif |
| //#if (NTDDI_VERSION >= NTDDI_WS03) |
| void **FlsCallback; |
| LIST_ENTRY FlsListHead; |
| RTL_BITMAP *FlsBitmap; |
| unsigned long int FlsBitmapBits[0x4]; |
| unsigned long int FlsHighIndex; |
| //#endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *WerRegistrationData; |
| void *WerShipAssertPtr; |
| #endif |
| } PEB, *PPEB; |
| |
| // Don't believe MSDN; the UniqueProcessId is not a pointer! |
| typedef struct _PROCESS_BASIC_INFORMATION { |
| long int ExitStatus; |
| PEB *PebBaseAddress; |
| unsigned long int AffinityMask; |
| unsigned long int BasePriority; |
| unsigned long int UniqueProcessId; |
| unsigned long int InheritedFromUniqueProcessId; |
| } PROCESS_BASIC_INFORMATION; |
| |
| #if !defined(_NTSECAPI_H) |
| typedef struct _OBJECT_ATTRIBUTES { |
| unsigned long int Length; |
| void *RootDirectory; |
| UNICODE_STRING *ObjectName; |
| unsigned long int Attributes; |
| void *SecurityDescriptor; |
| void *SecurityQualityOfService; |
| } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; |
| #endif |
| |
| // Custom Heap Commit Routine for RtlCreateHeap |
| typedef NTSTATUS (NTAPI *PRTL_HEAP_COMMIT_ROUTINE)(void *Base, void **CommitAddress, size_t *CommitSize); |
| |
| typedef struct _RTL_HEAP_PARAMETERS |
| { |
| unsigned long int Length; |
| size_t SegmentReserve; |
| size_t SegmentCommit; |
| size_t DeCommitFreeBlockThreshold; |
| size_t DeCommitTotalFreeThreshold; |
| size_t MaximumAllocationSize; |
| size_t VirtualMemoryThreshold; |
| size_t InitialCommit; |
| size_t InitialReserve; |
| PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; |
| size_t Reserved[2]; |
| } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; |
| |
| typedef struct _RTL_OSVERSIONINFO { |
| unsigned long int dwOSVersionInfoSize; |
| unsigned long int dwMajorVersion; |
| unsigned long int dwMinorVersion; |
| unsigned long int dwBuildNumber; |
| unsigned long int dwPlatformId; |
| } RTL_OSVERSIONINFO, *PRTL_OSVERSIONINFO; |
| |
| #ifndef __WINDDK_H |
| // |
| // I/O Status Block |
| // |
| typedef struct _IO_STATUS_BLOCK { |
| union { |
| long int Status; |
| void *Pointer; |
| }; |
| ULONG_PTR Information; |
| } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; |
| |
| // |
| // File Information structures for NtQueryInformationFile |
| // |
| typedef struct _FILE_BASIC_INFORMATION { |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| unsigned long int FileAttributes; |
| } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; |
| |
| typedef struct _FILE_STANDARD_INFORMATION { |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER EndOfFile; |
| unsigned long int NumberOfLinks; |
| unsigned char DeletePending; |
| unsigned char Directory; |
| } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION; |
| |
| typedef struct _FILE_STREAM_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int StreamNameLength; |
| LARGE_INTEGER StreamSize; |
| LARGE_INTEGER StreamAllocationSize; |
| wchar_t StreamName[1]; |
| } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; |
| |
| typedef struct _FILE_NETWORK_OPEN_INFORMATION { |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER EndOfFile; |
| unsigned long int FileAttributes; |
| } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; |
| |
| typedef struct _FILE_EA_INFORMATION { |
| unsigned long int EaSize; |
| } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; |
| |
| typedef struct _FILE_COMPRESSION_INFORMATION { |
| LARGE_INTEGER CompressedFileSize; |
| unsigned short int CompressionFormat; |
| unsigned char CompressionUnitShift; |
| unsigned char ChunkShift; |
| unsigned char ClusterShift; |
| unsigned char Reserved[3]; |
| } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; |
| |
| typedef struct _FILE_POSITION_INFORMATION { |
| LARGE_INTEGER CurrentByteOffset; |
| } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION; |
| |
| typedef struct _FILE_DISPOSITION_INFORMATION { |
| unsigned char DeleteFile; |
| } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION; |
| |
| typedef struct _FILE_FULL_EA_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned char Flags; |
| unsigned char EaNameLength; |
| unsigned short int EaValueLength; |
| char EaName[0]; |
| } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; |
| |
| typedef struct _FILE_QUOTA_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int SidLength; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER QuotaUsed; |
| LARGE_INTEGER QuotaThreshold; |
| LARGE_INTEGER QuotaLimit; |
| SID Sid; |
| } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; |
| |
| typedef struct _FILE_INTERNAL_INFORMATION { |
| LARGE_INTEGER IndexNumber; |
| } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; |
| |
| typedef struct _FILE_RENAME_INFORMATION { |
| unsigned char ReplaceIfExists; |
| void *RootDirectory; |
| unsigned long int FileNameLength; |
| wchar_t FileName[1]; |
| } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; |
| |
| typedef struct _FILE_PIPE_INFORMATION { |
| unsigned long int ReadMode; |
| unsigned long int CompletionMode; |
| } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; |
| |
| typedef struct _FILE_PIPE_LOCAL_INFORMATION { |
| unsigned long int NamedPipeType; |
| unsigned long int NamedPipeConfiguration; |
| unsigned long int MaximumInstances; |
| unsigned long int CurrentInstances; |
| unsigned long int InboundQuota; |
| unsigned long int ReadDataAvailable; |
| unsigned long int OutboundQuota; |
| unsigned long int WriteQuotaAvailable; |
| unsigned long int NamedPipeState; |
| unsigned long int NamedPipeEnd; |
| } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; |
| |
| typedef struct _FILE_PIPE_REMOTE_INFORMATION { |
| LARGE_INTEGER CollectDataTime; |
| unsigned long int MaximumCollectionCount; |
| } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; |
| |
| typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { |
| unsigned long int MaximumMessageSize; |
| unsigned long int MailslotQuota; |
| unsigned long int NextMessageSize; |
| unsigned long int MessagesAvailable; |
| LARGE_INTEGER ReadTimeout; |
| } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; |
| |
| typedef struct _FILE_MAILSLOT_SET_INFORMATION { |
| PLARGE_INTEGER ReadTimeout; |
| } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; |
| |
| typedef struct _FILE_BOTH_DIR_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| unsigned long int FileAttributes; |
| unsigned long int FileNameLength; |
| unsigned long int EaSize; |
| char ShortNameLength; |
| wchar_t ShortName[12]; |
| wchar_t FileName[0]; |
| } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; |
| |
| typedef struct _FILE_COMPLETION_INFORMATION { |
| void *Port; |
| void *Key; |
| } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; |
| |
| typedef struct _FILE_LINK_INFORMATION { |
| unsigned char ReplaceIfExists; |
| void *RootDirectory; |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; |
| |
| typedef struct _FILE_NAME_INFORMATION { |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; |
| |
| typedef struct _FILE_ALLOCATION_INFORMATION { |
| LARGE_INTEGER AllocationSize; |
| } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; |
| |
| typedef struct _FILE_END_OF_FILE_INFORMATION { |
| LARGE_INTEGER EndOfFile; |
| } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION; |
| |
| typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION { |
| LARGE_INTEGER ValidDataLength; |
| } FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION; |
| |
| typedef struct _FILE_DIRECTORY_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| unsigned long int FileAttributes; |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; |
| |
| typedef struct _FILE_IO_COMPLETION_INFORMATION { |
| void *KeyContext; |
| void *ApcContext; |
| IO_STATUS_BLOCK IoStatusBlock; |
| } FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION; |
| |
| typedef struct _FILE_FS_DEVICE_INFORMATION { |
| unsigned long int DeviceType; |
| unsigned long int Characteristics; |
| } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION; |
| |
| typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { |
| unsigned long int FileSystemAttributes; |
| unsigned long int MaximumComponentNameLength; |
| unsigned long int FileSystemNameLength; |
| wchar_t FileSystemName[0]; |
| } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; |
| |
| typedef struct _FILE_FS_SIZE_INFORMATION { |
| LARGE_INTEGER TotalAllocationUnits; |
| LARGE_INTEGER AvailableAllocationUnits; |
| unsigned long int SectorsPerAllocationUnit; |
| unsigned long int BytesPerSector; |
| } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; |
| |
| typedef struct _FILE_FS_FULL_SIZE_INFORMATION { |
| LARGE_INTEGER TotalAllocationUnits; |
| LARGE_INTEGER CallerAvailableAllocationUnits; |
| LARGE_INTEGER ActualAvailableAllocationUnits; |
| unsigned long int SectorsPerAllocationUnit; |
| unsigned long int BytesPerSector; |
| } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; |
| |
| typedef struct _FILE_FS_LABEL_INFORMATION { |
| unsigned long int VolumeLabelLength; |
| wchar_t VolumeLabel[0]; |
| } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; |
| |
| typedef struct _FILE_FS_VOLUME_INFORMATION { |
| LARGE_INTEGER VolumeCreationTime; |
| unsigned long int VolumeSerialNumber; |
| unsigned long int VolumeLabelLength; |
| unsigned char SupportsObjects; |
| wchar_t VolumeLabel[0]; |
| } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; |
| |
| // |
| // Pipe Structures for IOCTL_PIPE_XXX |
| // |
| typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { |
| LARGE_INTEGER Timeout; |
| unsigned long int NameLength; |
| unsigned char TimeoutSpecified; |
| wchar_t Name[0]; |
| } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; |
| |
| typedef struct _FILE_PIPE_PEEK_BUFFER { |
| unsigned long int NamedPipeState; |
| unsigned long int ReadDataAvailable; |
| unsigned long int NumberOfMessages; |
| unsigned long int MessageLength; |
| char Data[0]; |
| } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; |
| #endif |
| |
| typedef struct _OBJECT_BASIC_INFORMATION { |
| unsigned long int Attributes; |
| ACCESS_MASK GrantedAccess; |
| unsigned long int HandleCount; |
| unsigned long int PointerCount; |
| unsigned long int PagedPoolUsage; |
| unsigned long int NonPagedPoolUsage; |
| unsigned long int Reserved[3]; |
| unsigned long int NameInformationLength; |
| unsigned long int TypeInformationLength; |
| unsigned long int SecurityDescriptorLength; |
| LARGE_INTEGER CreateTime; |
| } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; |
| |
| typedef struct _OBJECT_NAME_INFORMATION { |
| UNICODE_STRING Name; |
| wchar_t Buffer[0]; // The Windows NT kernel uses offset to get the buffer address; this member may be no need. |
| } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; |
| |
| typedef void NTAPI (*PIO_APC_ROUTINE)(void *, IO_STATUS_BLOCK *, unsigned long int); |
| |
| long int NTAPI NtAdjustPrivilegesToken(void *TokenHandle, unsigned char DisableAllPrivileges, TOKEN_PRIVILEGES *NewState, unsigned long int BufferLength, TOKEN_PRIVILEGES *PreviousState, unsigned long int *ReturnLength); |
| long int NTAPI NtClose(void *handle); |
| long int NTAPI NtCreateFile(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, IO_STATUS_BLOCK *io_status, LARGE_INTEGER *, unsigned long int file_attrib, unsigned long int share_access, unsigned long int create_disposition, unsigned long int create_options, void *ea_buffer, unsigned long int ea_length); |
| long int NTAPI NtCreateSymbolicLinkObject(void **sym_link_handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, UNICODE_STRING *); |
| long int NTAPI NtDelayExecution(unsigned char, LARGE_INTEGER *); |
| long int NTAPI NtDeleteFile(OBJECT_ATTRIBUTES *o); |
| long int NTAPI NtDisplayString(PUNICODE_STRING DisplayString); |
| long int NTAPI NtDuplicateObject(void *source_process, void *source, void *target_process, void **target, ACCESS_MASK access, unsigned long int attrib, unsigned long int options); |
| long int NTAPI NtOpenFile(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, IO_STATUS_BLOCK *io_status, unsigned long int share_access, unsigned long int open_options); |
| long int NTAPI NtOpenProcessToken(void *ProcessHandle, ACCESS_MASK DesiredAccess, void **TokenHandle); |
| long int NTAPI NtQueryInformationFile(void *handle, IO_STATUS_BLOCK *io_status, void *information, unsigned long int length, FILE_INFORMATION_CLASS info_class); |
| long int NTAPI NtQueryInformationProcess(void *handle, PROCESSINFOCLASS information_class, void *information, unsigned long int length, unsigned long int *result_length); |
| long int NTAPI NtQueryObject(void *handle, OBJECT_INFORMATION_CLASS information_class, void *information, unsigned long int length, unsigned long int *result_length); |
| long int NTAPI NtReadFile(void *handle, void *event, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, void *buffer, unsigned long int length, LARGE_INTEGER *offset, unsigned long int *key); |
| long int NTAPI NtSetInformationFile(void *handle, IO_STATUS_BLOCK *io_status, void *information, unsigned long int length, FILE_INFORMATION_CLASS info_class); |
| long int NTAPI NtSetInformationProcess(void *handle, PROCESSINFOCLASS information_class, void *information, unsigned long int length); |
| long int NTAPI NtTerminateProcess(void *, unsigned long int); |
| long int NTAPI NtWriteFile(void *handle, void *event, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, const void *buffer, unsigned long int length, LARGE_INTEGER *offset, unsigned long int *key); |
| |
| long int NTAPI RtlAdjustPrivilege(unsigned long int Privilege, unsigned char NewValue, unsigned char ForThread, unsigned char *OldValue); |
| void NTAPI RtlAssert(const char *, const char *, unsigned long int, const char *); |
| RTL_USER_PROCESS_PARAMETERS *NTAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS *ProcessParameters); |
| void *NTAPI RtlCreateHeap(unsigned long int Flags, void *BaseAddress, size_t SizeToReserve, size_t SizeToCommit, void *Lock, RTL_HEAP_PARAMETERS *Parameters); |
| void *NTAPI RtlAllocateHeap(void *HeapHandle, unsigned long int Flags, size_t Size); |
| void *NTAPI RtlReAllocateHeap(void *HeapHandle, unsigned long int Flags, void *Ptr, size_t Size); |
| unsigned char NTAPI RtlFreeHeap(void *HeapHandle, unsigned long int Flags, void *HeapBase); |
| unsigned long int NTAPI RtlGetCurrentDirectory_U(unsigned long int, wchar_t *); |
| long int NTAPI RtlGetVersion(RTL_OSVERSIONINFO *lpVersionInformation); |
| unsigned char NTAPI RtlCreateUnicodeStringFromAsciiz(UNICODE_STRING *target, const char *src); |
| void NTAPI RtlFreeUnicodeString(UNICODE_STRING *); |
| unsigned char NTAPI RtlDosPathNameToNtPathName_U(const wchar_t *dospath, UNICODE_STRING *ntpath, const wchar_t *ntfilenamepart, CURDIR *dir_info); |
| |
| #endif |