| #ifndef _NT_H |
| #define _NT_H |
| |
| #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ |
| { \ |
| sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ |
| sizeof(__SOURCE_STRING__), \ |
| (__SOURCE_STRING__) \ |
| } |
| |
| #define ARRAYSIZE(a) sizeof(a)/sizeof(*a) |
| #define ExitProcess(N) NtTerminateProcess((void *)-1, N) |
| |
| #ifndef NTAPI |
| #define NTAPI __stdcall |
| #endif |
| |
| #define OBJ_INHERIT 2L |
| #define OBJ_PERMANENT 16L |
| #define OBJ_EXCLUSIVE 32L |
| #define OBJ_CASE_INSENSITIVE 64L |
| #define OBJ_OPENIF 128L |
| #define OBJ_OPENLINK 256L |
| #define OBJ_VALID_ATTRIBUTES 498L |
| #define InitializeObjectAttributes(p,n,a,r,s) { \ |
| (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ |
| (p)->RootDirectory = (r); \ |
| (p)->Attributes = (a); \ |
| (p)->ObjectName = (n); \ |
| (p)->SecurityDescriptor = (s); \ |
| (p)->SecurityQualityOfService = NULL; \ |
| } |
| |
| #define RTL_MAX_DRIVE_LETTERS 32 |
| |
| #define SYMBOLIC_LINK_QUERY 0x0001 |
| #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) |
| |
| typedef unsigned long int NTSTATUS; |
| |
| typedef enum _PROCESSINFOCLASS { |
| ProcessBasicInformation, |
| ProcessQuotaLimits, |
| ProcessIoCounters, |
| ProcessVmCounters, |
| ProcessTimes, |
| ProcessBasePriority, |
| ProcessRaisePriority, |
| ProcessDebugPort, |
| ProcessExceptionPort, |
| ProcessAccessToken, |
| ProcessLdtInformation, |
| ProcessLdtSize, |
| ProcessDefaultHardErrorMode, |
| ProcessIoPortHandlers, |
| ProcessPooledUsageAndLimits, |
| ProcessWorkingSetWatch, |
| ProcessUserModeIOPL, |
| ProcessEnableAlignmentFaultFixup, |
| ProcessPriorityClass, |
| ProcessWx86Information, |
| ProcessHandleCount, |
| ProcessAffinityMask, |
| ProcessPriorityBoost, |
| ProcessDeviceMap, |
| ProcessSessionInformation, |
| ProcessForegroundInformation, |
| ProcessWow64Information, |
| ProcessImageFileName, |
| ProcessLUIDDeviceMapsEnabled, |
| ProcessBreakOnTermination, |
| ProcessDebugObjectHandle, |
| ProcessDebugFlags, |
| ProcessHandleTracing, |
| MaxProcessInfoClass |
| } PROCESSINFOCLASS; |
| |
| typedef struct _PEB_LDR_DATA |
| { |
| unsigned long int Length; |
| char Initialized; |
| void *SsHandle; |
| LIST_ENTRY InLoadOrderModuleList; |
| LIST_ENTRY InMemoryOrderModuleList; |
| LIST_ENTRY InInitializationOrderModuleList; |
| void *EntryInProgress; |
| } PEB_LDR_DATA, *PPEB_LDR_DATA; |
| |
| typedef NTSTATUS (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(void); |
| |
| typedef struct _STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; |
| char *Buffer; |
| } STRING, *PSTRING; |
| |
| typedef struct _UNICODE_STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; |
| wchar_t *Buffer; |
| } UNICODE_STRING, *PUNICODE_STRING; |
| |
| /* |
| typedef struct _PEB |
| { |
| unsigned long int InheritedAddressSpace; |
| unsigned long int ReadImageFileExecOptions; |
| unsigned long int BeingDebugged; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| union |
| { |
| struct |
| { |
| unsigned long int ImageUsesLargePages:1; |
| unsigned long int IsProtectedProcess:1; |
| unsigned long int IsLegacyProcess:1; |
| unsigned long int IsImageDynamicallyRelocated:1; |
| unsigned long int SkipPatchingUser32Forwarders:1; |
| unsigned long int SpareBits:3; |
| }; |
| unsigned long int BitField; |
| }; |
| #else |
| char SpareBool; |
| #endif |
| void *Mutant; |
| void *ImageBaseAddress; |
| PEB_LDR_DATA *Ldr; |
| struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; |
| void *SubSystemData; |
| void *ProcessHeap; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *FastPebLock; |
| void *AltThunkSListPtr; |
| void *IFEOKey; |
| union |
| { |
| struct |
| { |
| unsigned long int ProcessInJob:1; |
| unsigned long int ProcessInitializing:1; |
| unsigned long int ProcessUsingVEH:1; |
| unsigned long int ProcessUsingVCH:1; |
| unsigned long int ReservedBits0:28; |
| }; |
| unsigned long int CrossProcessFlags; |
| }; |
| union |
| { |
| void **KernelCallbackTable; |
| void *UserSharedInfoPtr; |
| }; |
| unsigned long int SystemReserved[1]; |
| unsigned long int SpareUlong; |
| unsigned long int SparePebPtr0; |
| #else |
| void *FastPebLock; |
| PEBLOCKROUTINE *FastPebLockRoutine; |
| PEBLOCKROUTINE *FastPebUnlockRoutine; |
| unsigned long int EnvironmentUpdateCount; |
| void **KernelCallbackTable; |
| void *EventLogSection; |
| void *EventLog; |
| PEB_FREE_BLOCK *FreeList; |
| #endif |
| unsigned long int TlsExpansionCounter; |
| void *TlsBitmap; |
| unsigned long int TlsBitmapBits[0x2]; |
| void *ReadOnlySharedMemoryBase; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *HotpatchInformation; |
| #else |
| void *ReadOnlySharedMemoryHeap; |
| #endif |
| void **ReadOnlyStaticServerData; |
| void *AnsiCodePageData; |
| void *OemCodePageData; |
| void *UnicodeCaseTableData; |
| unsigned long int NumberOfProcessors; |
| unsigned long int NtGlobalFlag; |
| LARGE_INTEGER CriticalSectionTimeout; |
| unsigned long int HeapSegmentReserve; |
| unsigned long int HeapSegmentCommit; |
| unsigned long int HeapDeCommitTotalFreeThreshold; |
| unsigned long int HeapDeCommitFreeBlockThreshold; |
| unsigned long int NumberOfHeaps; |
| unsigned long int MaximumNumberOfHeaps; |
| void **ProcessHeaps; |
| void *GdiSharedHandleTable; |
| void *ProcessStarterHelper; |
| unsigned long int GdiDCAttributeList; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *LoaderLock; |
| #else |
| void *LoaderLock; |
| #endif |
| unsigned long int OSMajorVersion; |
| unsigned long int OSMinorVersion; |
| unsigned short int OSBuildNumber; |
| unsigned short int OSCSDVersion; |
| unsigned long int OSPlatformId; |
| unsigned long int ImageSubSystem; |
| unsigned long int ImageSubSystemMajorVersion; |
| unsigned long int ImageSubSystemMinorVersion; |
| unsigned long int ImageProcessAffinityMask; |
| unsigned long int GdiHandleBuffer[0x22]; |
| PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; |
| struct _RTL_BITMAP *TlsExpansionBitmap; |
| unsigned long int TlsExpansionBitmapBits[0x20]; |
| unsigned long int SessionId; |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| ULARGE_INTEGER AppCompatFlags; |
| ULARGE_INTEGER AppCompatFlagsUser; |
| void *pShimData; |
| void *AppCompatInfo; |
| UNICODE_STRING CSDVersion; |
| struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; |
| struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; |
| unsigned long int MinimumStackCommit; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| void **FlsCallback; |
| LIST_ENTRY FlsListHead; |
| struct _RTL_BITMAP *FlsBitmap; |
| unsigned long int FlsBitmapBits[4]; |
| unsigned long int FlsHighIndex; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *WerRegistrationData; |
| void *WerShipAssertPtr; |
| #endif |
| } PEB, *PPEB; |
| */ |
| typedef struct _PEB |
| { |
| UCHAR InheritedAddressSpace; |
| UCHAR ReadImageFileExecOptions; |
| UCHAR BeingDebugged; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| union |
| { |
| struct |
| { |
| UCHAR ImageUsesLargePages:1; |
| UCHAR IsProtectedProcess:1; |
| UCHAR IsLegacyProcess:1; |
| UCHAR IsImageDynamicallyRelocated:1; |
| UCHAR SkipPatchingUser32Forwarders:1; |
| UCHAR SpareBits:3; |
| }; |
| UCHAR BitField; |
| }; |
| #else |
| BOOLEAN SpareBool; |
| #endif |
| HANDLE Mutant; |
| PVOID ImageBaseAddress; |
| PPEB_LDR_DATA Ldr; |
| struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; |
| PVOID SubSystemData; |
| PVOID ProcessHeap; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *FastPebLock; |
| PVOID AltThunkSListPtr; |
| PVOID IFEOKey; |
| union |
| { |
| struct |
| { |
| ULONG ProcessInJob:1; |
| ULONG ProcessInitializing:1; |
| ULONG ProcessUsingVEH:1; |
| ULONG ProcessUsingVCH:1; |
| ULONG ReservedBits0:28; |
| }; |
| ULONG CrossProcessFlags; |
| }; |
| union |
| { |
| PVOID* KernelCallbackTable; |
| PVOID UserSharedInfoPtr; |
| }; |
| ULONG SystemReserved[1]; |
| ULONG SpareUlong; |
| ULONG SparePebPtr0; |
| #else |
| PVOID FastPebLock; |
| PPEBLOCKROUTINE FastPebLockRoutine; |
| PPEBLOCKROUTINE FastPebUnlockRoutine; |
| ULONG EnvironmentUpdateCount; |
| PVOID* KernelCallbackTable; |
| PVOID EventLogSection; |
| PVOID EventLog; |
| PPEB_FREE_BLOCK FreeList; |
| #endif |
| ULONG TlsExpansionCounter; |
| PVOID TlsBitmap; |
| ULONG TlsBitmapBits[0x2]; |
| PVOID ReadOnlySharedMemoryBase; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| PVOID HotpatchInformation; |
| #else |
| PVOID ReadOnlySharedMemoryHeap; |
| #endif |
| PVOID* ReadOnlyStaticServerData; |
| PVOID AnsiCodePageData; |
| PVOID OemCodePageData; |
| PVOID UnicodeCaseTableData; |
| ULONG NumberOfProcessors; |
| ULONG NtGlobalFlag; |
| LARGE_INTEGER CriticalSectionTimeout; |
| ULONG HeapSegmentReserve; |
| ULONG HeapSegmentCommit; |
| ULONG HeapDeCommitTotalFreeThreshold; |
| ULONG HeapDeCommitFreeBlockThreshold; |
| ULONG NumberOfHeaps; |
| ULONG MaximumNumberOfHeaps; |
| PVOID* ProcessHeaps; |
| PVOID GdiSharedHandleTable; |
| PVOID ProcessStarterHelper; |
| ULONG GdiDCAttributeList; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| struct _RTL_CRITICAL_SECTION *LoaderLock; |
| #else |
| PVOID LoaderLock; |
| #endif |
| ULONG OSMajorVersion; |
| ULONG OSMinorVersion; |
| USHORT OSBuildNumber; |
| USHORT OSCSDVersion; |
| ULONG OSPlatformId; |
| ULONG ImageSubSystem; |
| ULONG ImageSubSystemMajorVersion; |
| ULONG ImageSubSystemMinorVersion; |
| ULONG ImageProcessAffinityMask; |
| ULONG GdiHandleBuffer[0x22]; |
| PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; |
| struct _RTL_BITMAP *TlsExpansionBitmap; |
| ULONG TlsExpansionBitmapBits[0x20]; |
| ULONG SessionId; |
| #if (NTDDI_VERSION >= NTDDI_WINXP) |
| ULARGE_INTEGER AppCompatFlags; |
| ULARGE_INTEGER AppCompatFlagsUser; |
| PVOID pShimData; |
| PVOID AppCompatInfo; |
| UNICODE_STRING CSDVersion; |
| struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; |
| struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; |
| ULONG MinimumStackCommit; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| PVOID *FlsCallback; |
| LIST_ENTRY FlsListHead; |
| struct _RTL_BITMAP *FlsBitmap; |
| ULONG FlsBitmapBits[4]; |
| ULONG FlsHighIndex; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| PVOID WerRegistrationData; |
| PVOID WerShipAssertPtr; |
| #endif |
| } PEB, *PPEB; |
| |
| typedef struct _PROCESS_BASIC_INFORMATION { |
| void *Reserved1; |
| PEB *PebBaseAddress; |
| void *Reserved2[2]; |
| unsigned long int *UniqueProcessId; |
| void *Reserved3; |
| } PROCESS_BASIC_INFORMATION; |
| |
| #if !defined(_NTSECAPI_H) |
| typedef struct _OBJECT_ATTRIBUTES { |
| unsigned long int Length; |
| void *RootDirectory; |
| UNICODE_STRING *ObjectName; |
| unsigned long int Attributes; |
| void *SecurityDescriptor; |
| void *SecurityQualityOfService; |
| } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; |
| #endif |
| |
| typedef struct _CURDIR { |
| UNICODE_STRING DosPath; |
| void *Handle; |
| } CURDIR, *PCURDIR; |
| |
| typedef struct _RTL_DRIVE_LETTER_CURDIR { |
| unsigned short int Flags; |
| unsigned short int Length; |
| unsigned long int TimeStamp; |
| STRING DosPath; |
| } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; |
| |
| typedef struct _RTL_USER_PROCESS_PARAMETERS { |
| unsigned long int AllocationSize; |
| unsigned long int Size; |
| unsigned long int Flags; |
| unsigned long int DebugFlags; |
| void *ConsoleHandle; |
| unsigned long int ConsoleFlags; |
| void *StandardInput; |
| void *StandardOutput; |
| void *StandardError; |
| CURDIR CurrentDirectory; |
| UNICODE_STRING DllPath; |
| UNICODE_STRING ImagePathName; |
| UNICODE_STRING CommandLine; |
| wchar_t *Environment; |
| unsigned long int StartingX; |
| unsigned long int StartingY; |
| unsigned long int CountX; |
| unsigned long int CountY; |
| unsigned long int CountCharsX; |
| unsigned long int CountCharsY; |
| unsigned long int FillAttribute; |
| unsigned long int WindowFlags; |
| unsigned long int ShowWindowFlags; |
| UNICODE_STRING WindowTitle; |
| UNICODE_STRING DesktopInfo; |
| UNICODE_STRING ShellInfo; |
| UNICODE_STRING RuntimeData; |
| RTL_DRIVE_LETTER_CURDIR CurrentDirectores[RTL_MAX_DRIVE_LETTERS]; |
| } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; |
| |
| // Custom Heap Commit Routine for RtlCreateHeap |
| typedef NTSTATUS (NTAPI * PRTL_HEAP_COMMIT_ROUTINE)(void *Base, void **CommitAddress, size_t *CommitSize); |
| |
| typedef struct _RTL_HEAP_PARAMETERS |
| { |
| unsigned long int Length; |
| size_t SegmentReserve; |
| size_t SegmentCommit; |
| size_t DeCommitFreeBlockThreshold; |
| size_t DeCommitTotalFreeThreshold; |
| size_t MaximumAllocationSize; |
| size_t VirtualMemoryThreshold; |
| size_t InitialCommit; |
| size_t InitialReserve; |
| PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; |
| size_t Reserved[2]; |
| } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; |
| |
| typedef struct _RTL_OSVERSIONINFO { |
| unsigned long int dwOSVersionInfoSize; |
| unsigned long int dwMajorVersion; |
| unsigned long int dwMinorVersion; |
| unsigned long int dwBuildNumber; |
| unsigned long int dwPlatformId; |
| // WCHAR szCSDVersion[128]; |
| } RTL_OSVERSIONINFO, *PRTL_OSVERSIONINFO; |
| |
| #ifndef __WINDDK_H |
| // |
| // I/O Status Block |
| // |
| typedef struct _IO_STATUS_BLOCK { |
| union { |
| long int Status; |
| void *Pointer; |
| }; |
| ULONG_PTR Information; |
| } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; |
| #endif |
| |
| typedef void NTAPI (*PIO_APC_ROUTINE)(void *, IO_STATUS_BLOCK *, unsigned long int); |
| |
| long int NTAPI NtAdjustPrivilegesToken(void *TokenHandle, char DisableAllPrivileges, TOKEN_PRIVILEGES *NewState, unsigned long int BufferLength, TOKEN_PRIVILEGES *PreviousState, unsigned long int *ReturnLength); |
| long int NTAPI NtClose(void *handle); |
| long int NTAPI NtCreateFile(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, IO_STATUS_BLOCK *io_status, LARGE_INTEGER *, unsigned long int file_attrib, unsigned long int share_access, unsigned long int create_disposition, unsigned long int create_options, void *ea_buffer, unsigned long int ea_length); |
| long int NTAPI NtCreateSymbolicLinkObject(void **sym_link_handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, UNICODE_STRING *); |
| long int NTAPI NtDelayExecution(char, LARGE_INTEGER *); |
| long int NTAPI NtDeleteFile(OBJECT_ATTRIBUTES *o); |
| long int NTAPI NtDisplayString(PUNICODE_STRING DisplayString); |
| long int NTAPI NtOpenProcessToken(void *ProcessHandle, ACCESS_MASK DesiredAccess, void **TokenHandle); |
| long int NTAPI NtQueryInformationProcess(void *ProcessHandle, PROCESSINFOCLASS ProcessInformationClass, void *ProcessInformation, unsigned long int ProcessInformationLength, unsigned long int *ReturnLength); |
| long int NTAPI NtReadFile(void *handle, void *event, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, void *buffer, unsigned long int length, LARGE_INTEGER *offset, unsigned long int *key); |
| long int NTAPI NtTerminateProcess(void *, unsigned long int); |
| long int NTAPI NtWriteFile(void *handle, void *event, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, const void *buffer, unsigned long int length, LARGE_INTEGER *offset, unsigned long int *key); |
| |
| long int NTAPI RtlAdjustPrivilege(unsigned long int Privilege, char NewValue, char ForThread, char *OldValue); |
| void NTAPI RtlAssert(const char *, const char *, unsigned long int, const char *); |
| RTL_USER_PROCESS_PARAMETERS *NTAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS *ProcessParameters); |
| void *NTAPI RtlCreateHeap(unsigned long int Flags, void *BaseAddress, size_t SizeToReserve, size_t SizeToCommit, void *Lock, RTL_HEAP_PARAMETERS *Parameters); |
| void *NTAPI RtlAllocateHeap(void *HeapHandle, unsigned long int Flags, size_t Size); |
| void *NTAPI RtlReAllocateHeap(void *HeapHandle, unsigned long int Flags, void *Ptr, size_t Size); |
| char NTAPI RtlFreeHeap(void *HeapHandle, unsigned long int Flags, void *HeapBase); |
| unsigned long int NTAPI RtlGetCurrentDirectory_U(unsigned long int, wchar_t *); |
| long int NTAPI RtlGetVersion(RTL_OSVERSIONINFO *lpVersionInformation); |
| char NTAPI RtlCreateUnicodeStringFromAsciiz(UNICODE_STRING *target, const char *src); |
| void NTAPI RtlFreeUnicodeString(UNICODE_STRING *); |
| |
| #endif |