| #ifndef _NT_H |
| #define _NT_H |
| |
| #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ |
| { \ |
| sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ |
| sizeof(__SOURCE_STRING__), \ |
| (__SOURCE_STRING__) \ |
| } |
| |
| #ifndef ARRAYSIZE |
| #define ARRAYSIZE(a) sizeof(a)/sizeof(*a) |
| #endif |
| #define ExitProcess(N) NtTerminateProcess((void *)-1, (N)) |
| |
| #ifndef NTAPI |
| #define NTAPI __stdcall |
| #endif |
| |
| #define OBJ_INHERIT 0x2L |
| #define OBJ_PERMANENT 0x10L |
| #define OBJ_EXCLUSIVE 0x20L |
| #define OBJ_CASE_INSENSITIVE 0x40L |
| #define OBJ_OPENIF 0x80L |
| #define OBJ_OPENLINK 0x100L |
| #define OBJ_VALID_ATTRIBUTES 498L |
| #define InitializeObjectAttributes(p,n,a,r,s) \ |
| do { \ |
| (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ |
| (p)->RootDirectory = (r); \ |
| (p)->Attributes = (a); \ |
| (p)->ObjectName = (n); \ |
| (p)->SecurityDescriptor = (s); \ |
| (p)->SecurityQualityOfService = NULL; \ |
| } while(0) |
| |
| #define RTL_MAX_DRIVE_LETTERS 32 |
| |
| #define DIRECTORY_QUERY 0x0001 |
| #define DIRECTORY_TRAVERSE 0x0002 |
| #define DIRECTORY_CREATE_OBJECT 0x0004 |
| #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 |
| #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF) |
| |
| #define SYMBOLIC_LINK_QUERY 0x0001 |
| #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1) |
| |
| #define FILE_DEVICE_BEEP 0x00000001 |
| #define FILE_DEVICE_CD_ROM 0x00000002 |
| #define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003 |
| #define FILE_DEVICE_CONTROLLER 0x00000004 |
| #define FILE_DEVICE_DATALINK 0x00000005 |
| #define FILE_DEVICE_DFS 0x00000006 |
| #define FILE_DEVICE_DISK 0x00000007 |
| #define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008 |
| #define FILE_DEVICE_FILE_SYSTEM 0x00000009 |
| #define FILE_DEVICE_INPORT_PORT 0x0000000a |
| #define FILE_DEVICE_KEYBOARD 0x0000000b |
| #define FILE_DEVICE_MAILSLOT 0x0000000c |
| #define FILE_DEVICE_MIDI_IN 0x0000000d |
| #define FILE_DEVICE_MIDI_OUT 0x0000000e |
| #define FILE_DEVICE_MOUSE 0x0000000f |
| #define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010 |
| #define FILE_DEVICE_NAMED_PIPE 0x00000011 |
| #define FILE_DEVICE_NETWORK 0x00000012 |
| #define FILE_DEVICE_NETWORK_BROWSER 0x00000013 |
| #define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014 |
| #define FILE_DEVICE_NULL 0x00000015 |
| #define FILE_DEVICE_PARALLEL_PORT 0x00000016 |
| #define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017 |
| #define FILE_DEVICE_PRINTER 0x00000018 |
| #define FILE_DEVICE_SCANNER 0x00000019 |
| #define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a |
| #define FILE_DEVICE_SERIAL_PORT 0x0000001b |
| #define FILE_DEVICE_SCREEN 0x0000001c |
| #define FILE_DEVICE_SOUND 0x0000001d |
| #define FILE_DEVICE_STREAMS 0x0000001e |
| #define FILE_DEVICE_TAPE 0x0000001f |
| #define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020 |
| #define FILE_DEVICE_TRANSPORT 0x00000021 |
| #define FILE_DEVICE_UNKNOWN 0x00000022 |
| #define FILE_DEVICE_VIDEO 0x00000023 |
| #define FILE_DEVICE_VIRTUAL_DISK 0x00000024 |
| #define FILE_DEVICE_WAVE_IN 0x00000025 |
| #define FILE_DEVICE_WAVE_OUT 0x00000026 |
| #define FILE_DEVICE_8042_PORT 0x00000027 |
| #define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028 |
| #define FILE_DEVICE_BATTERY 0x00000029 |
| #define FILE_DEVICE_BUS_EXTENDER 0x0000002a |
| #define FILE_DEVICE_MODEM 0x0000002b |
| #define FILE_DEVICE_VDM 0x0000002c |
| #define FILE_DEVICE_MASS_STORAGE 0x0000002d |
| #define FILE_DEVICE_SMB 0x0000002e |
| #define FILE_DEVICE_KS 0x0000002f |
| #define FILE_DEVICE_CHANGER 0x00000030 |
| #define FILE_DEVICE_SMARTCARD 0x00000031 |
| #define FILE_DEVICE_ACPI 0x00000032 |
| #define FILE_DEVICE_DVD 0x00000033 |
| #define FILE_DEVICE_FULLSCREEN_VIDEO 0x00000034 |
| #define FILE_DEVICE_DFS_FILE_SYSTEM 0x00000035 |
| #define FILE_DEVICE_DFS_VOLUME 0x00000036 |
| #define FILE_DEVICE_SERENUM 0x00000037 |
| #define FILE_DEVICE_TERMSRV 0x00000038 |
| #define FILE_DEVICE_KSEC 0x00000039 |
| #define FILE_DEVICE_FIPS 0x0000003a |
| |
| #ifndef DUPLICATE_SAME_ATTRIBUTES |
| #define DUPLICATE_SAME_ATTRIBUTES 0x00000004 |
| #endif |
| |
| #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L) |
| #define SE_CREATE_TOKEN_PRIVILEGE (2L) |
| #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L) |
| #define SE_LOCK_MEMORY_PRIVILEGE (4L) |
| #define SE_INCREASE_QUOTA_PRIVILEGE (5L) |
| #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) |
| #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L) |
| #define SE_TCB_PRIVILEGE (7L) |
| #define SE_SECURITY_PRIVILEGE (8L) |
| #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L) |
| #define SE_LOAD_DRIVER_PRIVILEGE (10L) |
| #define SE_SYSTEM_PROFILE_PRIVILEGE (11L) |
| #define SE_SYSTEMTIME_PRIVILEGE (12L) |
| #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L) |
| #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L) |
| #define SE_CREATE_PAGEFILE_PRIVILEGE (15L) |
| #define SE_CREATE_PERMANENT_PRIVILEGE (16L) |
| #define SE_BACKUP_PRIVILEGE (17L) |
| #define SE_RESTORE_PRIVILEGE (18L) |
| #define SE_SHUTDOWN_PRIVILEGE (19L) |
| #define SE_DEBUG_PRIVILEGE (20L) |
| #define SE_AUDIT_PRIVILEGE (21L) |
| #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L) |
| #define SE_CHANGE_NOTIFY_PRIVILEGE (23L) |
| #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L) |
| #define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_REMOTE_SHUTDOWN_PRIVILEGE) |
| |
| // |
| // Maximum Processor Features supported in KUSER_SHARED_DATA |
| // |
| #define PROCESSOR_FEATURE_MAX 64 |
| |
| // |
| // Maximum WOW64 Entries in KUSER_SHARED_DATA |
| // |
| #define MAX_WOW64_SHARED_ENTRIES 16 |
| |
| typedef long int NTSTATUS; |
| |
| typedef enum _NT_PRODUCT_TYPE { |
| NtProductWinNt = 1, |
| NtProductLanManNt, |
| NtProductServer |
| } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; |
| |
| typedef enum _OBJECT_INFORMATION_CLASS { |
| ObjectBasicInformation, |
| ObjectNameInformation, |
| ObjectTypeInformation, |
| ObjectAllTypesInformation, |
| ObjectHandleFlagInformation, |
| ObjectSessionInformation, |
| MaxObjectInfoClass |
| } OBJECT_INFORMATION_CLASS; |
| |
| typedef enum _FILE_INFORMATION_CLASS { |
| FileDirectoryInformation = 1, |
| FileFullDirectoryInformation, |
| FileBothDirectoryInformation, |
| FileBasicInformation, |
| FileStandardInformation, |
| FileInternalInformation, |
| FileEaInformation, |
| FileAccessInformation, |
| FileNameInformation, |
| FileRenameInformation, |
| FileLinkInformation, |
| FileNamesInformation, |
| FileDispositionInformation, |
| FilePositionInformation, |
| FileFullEaInformation, |
| FileModeInformation, |
| FileAlignmentInformation, |
| FileAllInformation, |
| FileAllocationInformation, |
| FileEndOfFileInformation, |
| FileAlternateNameInformation, |
| FileStreamInformation, |
| FilePipeInformation, |
| FilePipeLocalInformation, |
| FilePipeRemoteInformation, |
| FileMailslotQueryInformation, |
| FileMailslotSetInformation, |
| FileCompressionInformation, |
| FileObjectIdInformation, |
| FileCompletionInformation, |
| FileMoveClusterInformation, |
| FileQuotaInformation, |
| FileReparsePointInformation, |
| FileNetworkOpenInformation, |
| FileAttributeTagInformation, |
| FileTrackingInformation, |
| FileIdBothDirectoryInformation, |
| FileIdFullDirectoryInformation, |
| FileValidDataLengthInformation, |
| FileShortNameInformation, |
| FileIoCompletionNotificationInformation, |
| FileIoStatusBlockRangeInformation, |
| FileIoPriorityHintInformation, |
| FileSfioReserveInformation, |
| FileSfioVolumeInformation, |
| FileHardLinkInformation, |
| FileProcessIdsUsingFileInformation, |
| FileNormalizedNameInformation, |
| FileNetworkPhysicalNameInformation, |
| FileIdGlobalTxDirectoryInformation, |
| FileMaximumInformation |
| } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; |
| |
| typedef enum _FSINFOCLASS { |
| FileFsVolumeInformation = 1, |
| FileFsLabelInformation, |
| FileFsSizeInformation, |
| FileFsDeviceInformation, |
| FileFsAttributeInformation, |
| FileFsControlInformation, |
| FileFsFullSizeInformation, |
| FileFsObjectIdInformation, |
| FileFsDriverPathInformation, |
| FileFsMaximumInformation |
| } FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS; |
| |
| typedef enum _PROCESSINFOCLASS { |
| ProcessBasicInformation, |
| ProcessQuotaLimits, |
| ProcessIoCounters, |
| ProcessVmCounters, |
| ProcessTimes, |
| ProcessBasePriority, |
| ProcessRaisePriority, |
| ProcessDebugPort, |
| ProcessExceptionPort, |
| ProcessAccessToken, |
| ProcessLdtInformation, |
| ProcessLdtSize, |
| ProcessDefaultHardErrorMode, |
| ProcessIoPortHandlers, |
| ProcessPooledUsageAndLimits, |
| ProcessWorkingSetWatch, |
| ProcessUserModeIOPL, |
| ProcessEnableAlignmentFaultFixup, |
| ProcessPriorityClass, |
| ProcessWx86Information, |
| ProcessHandleCount, |
| ProcessAffinityMask, |
| ProcessPriorityBoost, |
| ProcessDeviceMap, |
| ProcessSessionInformation, |
| ProcessForegroundInformation, |
| ProcessWow64Information, |
| ProcessImageFileName, |
| ProcessLUIDDeviceMapsEnabled, |
| ProcessBreakOnTermination, |
| ProcessDebugObjectHandle, |
| ProcessDebugFlags, |
| ProcessHandleTracing, |
| MaxProcessInfoClass |
| } PROCESSINFOCLASS; |
| |
| typedef enum _THREADINFOCLASS { |
| ThreadBasicInformation, |
| ThreadTimes, |
| ThreadPriority, |
| ThreadBasePriority, |
| ThreadAffinityMask, |
| ThreadImpersonationToken, |
| ThreadDescriptorTableEntry, |
| ThreadEnableAlignmentFaultFixup, |
| ThreadEventPair_Reusable, |
| ThreadQuerySetWin32StartAddress, |
| ThreadZeroTlsCell, |
| ThreadPerformanceCount, |
| ThreadAmILastThread, |
| ThreadIdealProcessor, |
| ThreadPriorityBoost, |
| ThreadSetTlsArrayAddress, |
| ThreadIsIoPending, |
| ThreadHideFromDebugger, |
| ThreadBreakOnTermination, |
| ThreadSwitchLegacyState, |
| ThreadIsTerminated, |
| ThreadLastSystemCall, |
| ThreadIoPriority, |
| ThreadCycleTime, |
| ThreadPagePriority, |
| ThreadActualBasePriority, |
| ThreadTebInformation, |
| ThreadCSwitchMon, |
| MaxThreadInfoClass |
| } THREADINFOCLASS; |
| |
| typedef enum _MEMORY_INFORMATION_CLASS { |
| MemoryBasicInformation, |
| MemoryWorkingSetList, |
| MemorySectionName, |
| MemoryBasicVlmInformation |
| } MEMORY_INFORMATION_CLASS; |
| |
| typedef enum _SYSTEM_INFORMATION_CLASS { |
| SystemBasicInformation, |
| SystemProcessorInformation, |
| SystemPerformanceInformation, |
| SystemTimeOfDayInformation, |
| SystemPathInformation, // Obsolete: Use KUSER_SHARED_DATA |
| SystemProcessInformation, |
| SystemCallCountInformation, |
| SystemDeviceInformation, |
| SystemProcessorPerformanceInformation, |
| SystemFlagsInformation, |
| SystemCallTimeInformation, |
| SystemModuleInformation, |
| SystemLocksInformation, |
| SystemStackTraceInformation, |
| SystemPagedPoolInformation, |
| SystemNonPagedPoolInformation, |
| SystemHandleInformation, |
| SystemObjectInformation, |
| SystemPageFileInformation, |
| SystemVdmInstemulInformation, |
| SystemVdmBopInformation, |
| SystemFileCacheInformation, |
| SystemPoolTagInformation, |
| SystemInterruptInformation, |
| SystemDpcBehaviorInformation, |
| SystemFullMemoryInformation, |
| SystemLoadGdiDriverInformation, |
| SystemUnloadGdiDriverInformation, |
| SystemTimeAdjustmentInformation, |
| SystemSummaryMemoryInformation, |
| SystemMirrorMemoryInformation, |
| SystemPerformanceTraceInformation, |
| SystemObsolete0, |
| SystemExceptionInformation, |
| SystemCrashDumpStateInformation, |
| SystemKernelDebuggerInformation, |
| SystemContextSwitchInformation, |
| SystemRegistryQuotaInformation, |
| SystemExtendServiceTableInformation, |
| SystemPrioritySeperation, |
| SystemPlugPlayBusInformation, |
| SystemDockInformation, |
| SystemPowerInformationNative, |
| SystemProcessorSpeedInformation, |
| SystemCurrentTimeZoneInformation, |
| SystemLookasideInformation, |
| SystemTimeSlipNotification, |
| SystemSessionCreate, |
| SystemSessionDetach, |
| SystemSessionInformation, |
| SystemRangeStartInformation, |
| SystemVerifierInformation, |
| SystemAddVerifier, |
| SystemSessionProcessesInformation, |
| SystemLoadGdiDriverInSystemSpaceInformation, |
| SystemNumaProcessorMap, |
| SystemPrefetcherInformation, |
| SystemExtendedProcessInformation, |
| SystemRecommendedSharedDataAlignment, |
| SystemComPlusPackage, |
| SystemNumaAvailableMemory, |
| SystemProcessorPowerInformation, |
| SystemEmulationBasicInformation, |
| SystemEmulationProcessorInformation, |
| SystemExtendedHanfleInformation, |
| SystemLostDelayedWriteInformation, |
| SystemBigPoolInformation, |
| SystemSessionPoolTagInformation, |
| SystemSessionMappedViewInformation, |
| SystemHotpatchInformation, |
| SystemObjectSecurityMode, |
| SystemWatchDogTimerHandler, |
| SystemWatchDogTimerInformation, |
| SystemLogicalProcessorInformation, |
| SystemWo64SharedInformationObosolete, |
| SystemRegisterFirmwareTableInformationHandler, |
| SystemFirmwareTableInformation, |
| SystemModuleInformationEx, |
| SystemVerifierTriageInformation, |
| SystemSuperfetchInformation, |
| SystemMemoryListInformation, |
| SystemFileCacheInformationEx, |
| SystemThreadPriorityClientIdInformation, |
| SystemProcessorIdleCycleTimeInformation, |
| SystemVerifierCancellationInformation, |
| SystemProcessorPowerInformationEx, |
| SystemRefTraceInformation, |
| SystemSpecialPoolInformation, |
| SystemProcessIdInformation, |
| SystemErrorPortInformation, |
| SystemBootEnvironmentInformation, |
| SystemHypervisorInformation, |
| SystemVerifierInformationEx, |
| SystemTimeZoneInformation, |
| SystemImageFileExecutionOptionsInformation, |
| SystemCoverageInformation, |
| SystemPrefetchPathInformation, |
| SystemVerifierFaultsInformation, |
| MaxSystemInfoClass, |
| } SYSTEM_INFORMATION_CLASS; |
| |
| typedef enum _WAIT_TYPE { |
| WaitAll, |
| WaitAny |
| } WAIT_TYPE; |
| |
| typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE { |
| StandardDesign, |
| NEC98x86, |
| EndAlternatives |
| } ALTERNATIVE_ARCHITECTURE_TYPE; |
| |
| typedef enum _SHUTDOWN_ACTION { |
| ShutdownNoReboot, |
| ShutdownReboot, |
| ShutdownPowerOff |
| } SHUTDOWN_ACTION; |
| |
| typedef long int (NTAPI *PPOST_PROCESS_INIT_ROUTINE)(void); |
| typedef long int (NTAPI *PUSER_THREAD_START_ROUTINE)(void *); |
| typedef void (NTAPI *PPEBLOCKROUTINE)(void *); |
| |
| typedef long int KPRIORITY; |
| typedef unsigned long int KAFFINITY, *PKAFFINITY; |
| |
| typedef struct _KSYSTEM_TIME { |
| unsigned long int LowPart; |
| long int High1Time; |
| long int High2Time; |
| } KSYSTEM_TIME, *PKSYSTEM_TIME; |
| |
| typedef struct _KUSER_SHARED_DATA { |
| unsigned long int TickCountLow; |
| unsigned long int TickCountMultiplier; |
| volatile KSYSTEM_TIME InterruptTime; |
| volatile KSYSTEM_TIME SystemTime; |
| volatile KSYSTEM_TIME TimeZoneBias; |
| unsigned short int ImageNumberLow; |
| unsigned short int ImageNumberHigh; |
| wchar_t NtSystemRoot[260]; |
| unsigned long int MaxStackTraceDepth; |
| unsigned long int CryptoExponent; |
| unsigned long int TimeZoneId; |
| unsigned long int LargePageMinimum; |
| unsigned long int Reserved2[7]; |
| NT_PRODUCT_TYPE NtProductType; |
| unsigned char ProductTypeIsValid; |
| unsigned long int NtMajorVersion; |
| unsigned long int NtMinorVersion; |
| unsigned char ProcessorFeatures[PROCESSOR_FEATURE_MAX]; |
| unsigned long int Reserved1; |
| unsigned long int Reserved3; |
| volatile unsigned long int TimeSlip; |
| ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; |
| LARGE_INTEGER SystemExpirationDate; |
| unsigned long int SuiteMask; |
| unsigned char KdDebuggerEnabled; |
| #if (NTDDI_VERSION >= NTDDI_WINXPSP2) |
| UCHAR NXSupportPolicy; |
| #endif |
| volatile unsigned long int ActiveConsoleId; |
| volatile unsigned long int DismountCount; |
| unsigned long int ComPlusPackage; |
| unsigned long int LastSystemRITEventTickCount; |
| unsigned long int NumberOfPhysicalPages; |
| unsigned char SafeBootMode; |
| unsigned long int TraceLogging; |
| unsigned long int Fill0; |
| unsigned long long int TestRetInstruction; |
| unsigned long int SystemCall; |
| unsigned long int SystemCallReturn; |
| unsigned long long int SystemCallPad[3]; |
| union { |
| volatile KSYSTEM_TIME TickCount; |
| volatile unsigned long long int TickCountQuad; |
| }; |
| unsigned long int Cookie; |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| long long int ConsoleSessionForegroundProcessId; |
| unsigned long int Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| unsigned short int UserModeGlobalLogger[8]; |
| unsigned long int HeapTracingPid[2]; |
| unsigned long int CritSecTracingPid[2]; |
| union { |
| unsigned long int SharedDataFlags; |
| struct { |
| unsigned long int DbgErrorPortPresent:1; |
| unsigned long int DbgElevationEnabled:1; |
| unsigned long int DbgVirtEnabled:1; |
| unsigned long int DbgInstallerDetectEnabled:1; |
| unsigned long int SpareBits:28; |
| }; |
| }; |
| unsigned long int ImageFileExecutionOptions; |
| KAFFINITY ActiveProcessorAffinity; |
| #endif |
| } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; |
| |
| #define USER_SHARED_DATA ((KUSER_SHARED_DATA *)0x7FFE0000) |
| |
| typedef enum _SECTION_INFORMATION_CLASS { |
| SectionBasicInformation, |
| SectionImageInformation |
| } SECTION_INFORMATION_CLASS; |
| |
| typedef struct _INITIAL_TEB { |
| void *PreviousStackBase; |
| void *PreviousStackLimit; |
| void *StackBase; |
| void *StackLimit; |
| void *AllocatedStackBase; |
| } INITIAL_TEB, *PINITIAL_TEB; |
| |
| typedef struct _PEB_FREE_BLOCK { |
| struct _PEB_FREE_BLOCK *Next; |
| unsigned long int Size; |
| } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; |
| |
| typedef struct _PEB_LDR_DATA { |
| unsigned long int Length; |
| unsigned char Initialized; |
| void *SsHandle; |
| LIST_ENTRY InLoadOrderModuleList; |
| LIST_ENTRY InMemoryOrderModuleList; |
| LIST_ENTRY InInitializationOrderModuleList; |
| void *EntryInProgress; |
| } PEB_LDR_DATA, *PPEB_LDR_DATA; |
| |
| typedef struct _STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; |
| char *Buffer; |
| } STRING, *PSTRING; |
| |
| typedef struct _UNICODE_STRING { |
| unsigned short int Length; |
| unsigned short int MaximumLength; // This is buffer size not char count |
| wchar_t *Buffer; |
| } UNICODE_STRING, *PUNICODE_STRING; |
| |
| #if !defined(__WINDDK_H) && !defined(_RTLTYPES_H) |
| typedef struct _RTL_BITMAP { |
| unsigned long int SizeOfBitMap; |
| unsigned long int *Buffer; |
| } RTL_BITMAP, *PRTL_BITMAP; |
| #endif |
| |
| typedef struct _TEB_ACTIVE_FRAME_CONTEXT { |
| unsigned long int Flags; |
| char *FrameName; |
| } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; |
| |
| typedef struct _TEB_ACTIVE_FRAME { |
| unsigned long int Flags; |
| struct _TEB_ACTIVE_FRAME *Previous; |
| TEB_ACTIVE_FRAME_CONTEXT *Context; |
| } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; |
| |
| #ifndef __WINDDK_H |
| typedef struct _CLIENT_ID { |
| unsigned long int UniqueProcess; |
| unsigned long int UniqueThread; |
| } CLIENT_ID, *PCLIENT_ID; |
| #endif |
| |
| typedef struct _CURDIR { |
| UNICODE_STRING DosPath; |
| void *Handle; |
| } CURDIR, *PCURDIR; |
| |
| typedef struct _RTL_DRIVE_LETTER_CURDIR { |
| unsigned short int Flags; |
| unsigned short int Length; |
| unsigned long int TimeStamp; |
| STRING DosPath; |
| } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; |
| |
| typedef struct _RTL_USER_PROCESS_PARAMETERS { |
| //unsigned long int AllocationSize; |
| unsigned long int MaximumLength; |
| //unsigned long int Size; |
| unsigned long int Length; |
| unsigned long int Flags; |
| unsigned long int DebugFlags; |
| void *ConsoleHandle; |
| unsigned long int ConsoleFlags; |
| void *StandardInput; |
| void *StandardOutput; |
| void *StandardError; |
| CURDIR CurrentDirectory; |
| UNICODE_STRING DllPath; |
| UNICODE_STRING ImagePathName; |
| UNICODE_STRING CommandLine; |
| wchar_t *Environment; |
| unsigned long int StartingX; |
| unsigned long int StartingY; |
| unsigned long int CountX; |
| unsigned long int CountY; |
| unsigned long int CountCharsX; |
| unsigned long int CountCharsY; |
| unsigned long int FillAttribute; |
| unsigned long int WindowFlags; |
| unsigned long int ShowWindowFlags; |
| UNICODE_STRING WindowTitle; |
| UNICODE_STRING DesktopInfo; |
| UNICODE_STRING ShellInfo; |
| UNICODE_STRING RuntimeData; |
| RTL_DRIVE_LETTER_CURDIR CurrentDirectores[RTL_MAX_DRIVE_LETTERS]; |
| } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; |
| |
| typedef struct _PEB { |
| unsigned char InheritedAddressSpace; |
| unsigned char ReadImageFileExecOptions; |
| unsigned char BeingDebugged; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| union { |
| struct { |
| unsigned char ImageUsesLargePages:1; |
| unsigned char IsProtectedProcess:1; |
| unsigned char IsLegacyProcess:1; |
| unsigned char IsImageDynamicallyRelocated:1; |
| unsigned char SkipPatchingUser32Forwarders:1; |
| unsigned char SpareBits:3; |
| }; |
| unsigned char BitField; |
| }; |
| #else |
| unsigned char SpareBool; |
| #endif |
| void *Mutant; |
| void *ImageBaseAddress; |
| PEB_LDR_DATA *Ldr; |
| RTL_USER_PROCESS_PARAMETERS *ProcessParameters; |
| void *SubSystemData; |
| void *ProcessHeap; |
| RTL_CRITICAL_SECTION *FastPebLock; |
| /* |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *AltThunkSListPtr; |
| void *IFEOKey; |
| union { |
| struct { |
| unsigned long int ProcessInJob:1; |
| unsigned long int ProcessInitializing:1; |
| unsigned long int ProcessUsingVEH:1; |
| unsigned long int ProcessUsingVCH:1; |
| unsigned long int ReservedBits0:28; |
| }; |
| unsigned long int CrossProcessFlags; |
| }; |
| union { |
| void **KernelCallbackTable; |
| void *UserSharedInfoPtr; |
| }; |
| unsigned long int SystemReserved[1]; |
| unsigned long int SpareUlong; |
| unsigned long int SparePebPtr0; |
| #else*/ |
| PPEBLOCKROUTINE FastPebLockRoutine; |
| PPEBLOCKROUTINE FastPebUnlockRoutine; |
| unsigned long int EnvironmentUpdateCount; |
| void **KernelCallbackTable; |
| void *EventLogSection; |
| void *EventLog; |
| PEB_FREE_BLOCK *FreeList; |
| //#endif |
| unsigned long int TlsExpansionCounter; |
| void *TlsBitmap; |
| unsigned long int TlsBitmapBits[0x2]; |
| void *ReadOnlySharedMemoryBase; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *HotpatchInformation; |
| #else |
| void *ReadOnlySharedMemoryHeap; |
| #endif |
| void **ReadOnlyStaticServerData; |
| void *AnsiCodePageData; |
| void *OemCodePageData; |
| void *UnicodeCaseTableData; |
| unsigned long int NumberOfProcessors; |
| unsigned long int NtGlobalFlag; |
| LARGE_INTEGER CriticalSectionTimeout; |
| unsigned long int HeapSegmentReserve; |
| unsigned long int HeapSegmentCommit; |
| unsigned long int HeapDeCommitTotalFreeThreshold; |
| unsigned long int HeapDeCommitFreeBlockThreshold; |
| unsigned long int NumberOfHeaps; |
| unsigned long int MaximumNumberOfHeaps; |
| void **ProcessHeaps; |
| void *GdiSharedHandleTable; |
| void *ProcessStarterHelper; |
| unsigned long int GdiDCAttributeList; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| RTL_CRITICAL_SECTION *LoaderLock; |
| #else |
| void *LoaderLock; |
| #endif |
| unsigned long int OSMajorVersion; |
| unsigned long int OSMinorVersion; |
| unsigned short int OSBuildNumber; |
| unsigned short int OSCSDVersion; |
| unsigned long int OSPlatformId; |
| unsigned long int ImageSubSystem; |
| unsigned long int ImageSubSystemMajorVersion; |
| unsigned long int ImageSubSystemMinorVersion; |
| unsigned long int ImageProcessAffinityMask; |
| unsigned long int GdiHandleBuffer[0x22]; |
| PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; |
| RTL_BITMAP *TlsExpansionBitmap; |
| unsigned long int TlsExpansionBitmapBits[0x20]; |
| unsigned long int SessionId; |
| //#if (NTDDI_VERSION >= NTDDI_WINXP) |
| ULARGE_INTEGER AppCompatFlags; |
| ULARGE_INTEGER AppCompatFlagsUser; |
| void *pShimData; |
| void *AppCompatInfo; |
| UNICODE_STRING CSDVersion; |
| struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; |
| struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; |
| struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; |
| unsigned long int MinimumStackCommit; |
| //#endif |
| //#if (NTDDI_VERSION >= NTDDI_WS03) |
| void **FlsCallback; |
| LIST_ENTRY FlsListHead; |
| RTL_BITMAP *FlsBitmap; |
| unsigned long int FlsBitmapBits[0x4]; |
| unsigned long int FlsHighIndex; |
| //#endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *WerRegistrationData; |
| void *WerShipAssertPtr; |
| #endif |
| } PEB, *PPEB; |
| |
| typedef struct _GDI_TEB_BATCH { |
| unsigned long int Offset; |
| void *HDC; |
| unsigned long int Buffer[0x136]; |
| } GDI_TEB_BATCH, *PGDI_TEB_BATCH; |
| |
| typedef struct _TEB { |
| NT_TIB Tib; |
| void *EnvironmentPointer; |
| CLIENT_ID Cid; |
| void *ActiveRpcHandle; |
| void *ThreadLocalStoragePointer; |
| struct _PEB *ProcessEnvironmentBlock; |
| unsigned long int LastErrorValue; |
| unsigned long int CountOfOwnedCriticalSections; |
| void *CsrClientThread; |
| struct _W32THREAD* Win32ThreadInfo; |
| unsigned long int User32Reserved[0x1A]; |
| unsigned long int UserReserved[5]; |
| void *WOW32Reserved; |
| LCID CurrentLocale; |
| unsigned long int FpSoftwareStatusRegister; |
| void *SystemReserved1[0x36]; |
| long int ExceptionCode; |
| struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; |
| #ifdef _WIN64 |
| unsigned char SpareBytes1[24]; |
| #else |
| unsigned char SpareBytes1[0x24]; |
| #endif |
| unsigned long int TxFsContext; |
| GDI_TEB_BATCH GdiTebBatch; |
| CLIENT_ID RealClientId; |
| void *GdiCachedProcessHandle; |
| unsigned long int GdiClientPID; |
| unsigned long int GdiClientTID; |
| void *GdiThreadLocalInfo; |
| size_t Win32ClientInfo[62]; |
| void *glDispatchTable[0xE9]; |
| size_t glReserved1[0x1D]; |
| void *glReserved2; |
| void *glSectionInfo; |
| void *glSection; |
| void *glTable; |
| void *glCurrentRC; |
| void *glContext; |
| long int LastStatusValue; |
| UNICODE_STRING StaticUnicodeString; |
| wchar_t StaticUnicodeBuffer[0x105]; |
| void *DeallocationStack; |
| void *TlsSlots[0x40]; |
| LIST_ENTRY TlsLinks; |
| void *Vdm; |
| void *ReservedForNtRpc; |
| void *DbgSsReserved[0x2]; |
| unsigned long int HardErrorDisabled; |
| #ifdef _WIN64 |
| void *Instrumentation[11]; |
| #else |
| void *Instrumentation[9]; |
| #endif |
| GUID ActivityId; |
| void *SubProcessTag; |
| void *EtwTraceData; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *EtwLocalData; |
| #endif |
| void *WinSockData; |
| unsigned long int GdiBatchCount; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| unsigned char SpareBool0; |
| unsigned char SpareBool1; |
| unsigned char SpareBool2; |
| #else |
| unsigned char InDbgPrint; |
| unsigned char FreeStackOnTermination; |
| unsigned char HasFiberData; |
| #endif |
| unsigned char IdealProcessor; |
| unsigned long int GuaranteedStackBytes; |
| void *ReservedForPerf; |
| void *ReservedForOle; |
| unsigned long int WaitingOnLoaderLock; |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *SavedPriorityState; |
| #else |
| unsigned long int SparePointer1; |
| #endif |
| unsigned long int SoftPatchPtr1; |
| unsigned long int SoftPatchPtr2; |
| void **TlsExpansionSlots; |
| unsigned long int ImpersonationLocale; |
| unsigned long int IsImpersonating; |
| void *NlsCache; |
| void *pShimData; |
| unsigned long int HeapVirualAffinity; |
| void *CurrentTransactionHandle; |
| TEB_ACTIVE_FRAME *ActiveFrame; |
| #if (NTDDI_VERSION >= NTDDI_WS03) |
| void *FlsData; |
| #endif |
| #if (NTDDI_VERSION >= NTDDI_LONGHORN) |
| void *PreferredLangauges; |
| void *UserPrefLanguages; |
| void *MergedPrefLanguages; |
| unsigned long int MuiImpersonation; |
| union { |
| struct { |
| unsigned short int SpareCrossTebFlags:16; |
| }; |
| unsigned short int CrossTebFlags; |
| }; |
| union { |
| struct { |
| unsigned short int DbgSafeThunkCall:1; |
| unsigned short int DbgInDebugPrint:1; |
| unsigned short int DbgHasFiberData:1; |
| unsigned short int DbgSkipThreadAttach:1; |
| unsigned short int DbgWerInShipAssertCode:1; |
| unsigned short int DbgIssuedInitialBp:1; |
| unsigned short int DbgClonedThread:1; |
| unsigned short int SpareSameTebBits:9; |
| }; |
| unsigned short int SameTebFlags; |
| }; |
| void *TxnScopeEntercallback; |
| void *TxnScopeExitCAllback; |
| void *TxnScopeContext; |
| unsigned long int LockCount; |
| unsigned long int ProcessRundown; |
| unsigned long long int LastSwitchTime; |
| unsigned long long int TotalSwitchOutTime; |
| LARGE_INTEGER WaitReasonBitMap; |
| #else |
| unsigned char SafeThunkCall; |
| unsigned char BooleanSpare[3]; |
| #endif |
| } TEB, *PTEB; |
| |
| typedef struct _SECTION_IMAGE_INFORMATION { |
| void *TransferAddress; |
| unsigned long int ZeroBits; |
| unsigned long int MaximumStackSize; |
| unsigned long int CommittedStackSize; |
| unsigned long int SubSystemType; |
| union { |
| struct { |
| unsigned short int SubSystemMinorVersion; |
| unsigned short int SubSystemMajorVersion; |
| }; |
| unsigned long int SubSystemVersion; |
| }; |
| unsigned long int GpValue; |
| unsigned short int ImageCharacteristics; |
| unsigned short int DllChracteristics; |
| unsigned short int Machine; |
| unsigned char ImageContainsCode; |
| union { |
| struct { |
| unsigned char ComPlusNativeReady:1; |
| unsigned char ComPlusILOnly:1; |
| unsigned char ImageDynamicallyRelocated:1; |
| unsigned char ImageMappedFlat:1; |
| unsigned char Reserved:4; |
| }; |
| unsigned char ImageFlags; |
| }; |
| unsigned long int LoaderFlags; |
| unsigned long int ImageFileSize; |
| unsigned long int CheckSum; |
| } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; |
| |
| // Don't believe MSDN; the UniqueProcessId is not a pointer! |
| typedef struct _PROCESS_BASIC_INFORMATION { |
| long int ExitStatus; |
| PEB *PebBaseAddress; |
| unsigned long int AffinityMask; |
| KPRIORITY BasePriority; |
| unsigned long int UniqueProcessId; |
| unsigned long int InheritedFromUniqueProcessId; |
| } PROCESS_BASIC_INFORMATION; |
| |
| typedef struct _THREAD_BASIC_INFORMATION { |
| long int ExitStatus; |
| TEB *TebBaseAddress; |
| CLIENT_ID ClientId; |
| KAFFINITY AffinityMask; |
| KPRIORITY Priority; |
| KPRIORITY BasePriority; |
| } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; |
| |
| typedef struct _RTL_USER_PROCESS_INFORMATION { |
| unsigned long int Size; |
| void *ProcessHandle; |
| void *ThreadHandle; |
| CLIENT_ID ClientId; |
| SECTION_IMAGE_INFORMATION ImageInformation; |
| } RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; |
| |
| #if !defined(_NTSECAPI_H) |
| typedef struct _OBJECT_ATTRIBUTES { |
| unsigned long int Length; |
| void *RootDirectory; |
| UNICODE_STRING *ObjectName; |
| unsigned long int Attributes; |
| void *SecurityDescriptor; |
| void *SecurityQualityOfService; |
| } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; |
| #endif |
| |
| // Custom Heap Commit Routine for RtlCreateHeap |
| typedef NTSTATUS (NTAPI *PRTL_HEAP_COMMIT_ROUTINE)(void *Base, void **CommitAddress, size_t *CommitSize); |
| |
| typedef struct _RTL_HEAP_PARAMETERS { |
| unsigned long int Length; |
| size_t SegmentReserve; |
| size_t SegmentCommit; |
| size_t DeCommitFreeBlockThreshold; |
| size_t DeCommitTotalFreeThreshold; |
| size_t MaximumAllocationSize; |
| size_t VirtualMemoryThreshold; |
| size_t InitialCommit; |
| size_t InitialReserve; |
| PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; |
| size_t Reserved[2]; |
| } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; |
| |
| typedef struct _RTL_OSVERSIONINFO { |
| unsigned long int dwOSVersionInfoSize; |
| unsigned long int dwMajorVersion; |
| unsigned long int dwMinorVersion; |
| unsigned long int dwBuildNumber; |
| unsigned long int dwPlatformId; |
| } RTL_OSVERSIONINFO, *PRTL_OSVERSIONINFO; |
| |
| #ifndef __WINDDK_H |
| // |
| // I/O Status Block |
| // |
| typedef struct _IO_STATUS_BLOCK { |
| union { |
| long int Status; |
| void *Pointer; |
| }; |
| ULONG_PTR Information; |
| } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; |
| |
| // |
| // File Information structures for NtQueryInformationFile |
| // |
| typedef struct _FILE_BASIC_INFORMATION { |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| unsigned long int FileAttributes; |
| } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; |
| |
| typedef struct _FILE_STANDARD_INFORMATION { |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER EndOfFile; |
| unsigned long int NumberOfLinks; |
| unsigned char DeletePending; |
| unsigned char Directory; |
| } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION; |
| |
| typedef struct _FILE_STREAM_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int StreamNameLength; |
| LARGE_INTEGER StreamSize; |
| LARGE_INTEGER StreamAllocationSize; |
| wchar_t StreamName[0]; |
| } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; |
| |
| typedef struct _FILE_NETWORK_OPEN_INFORMATION { |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER AllocationSize; |
| LARGE_INTEGER EndOfFile; |
| unsigned long int FileAttributes; |
| } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; |
| |
| typedef struct _FILE_EA_INFORMATION { |
| unsigned long int EaSize; |
| } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; |
| |
| typedef struct _FILE_COMPRESSION_INFORMATION { |
| LARGE_INTEGER CompressedFileSize; |
| unsigned short int CompressionFormat; |
| unsigned char CompressionUnitShift; |
| unsigned char ChunkShift; |
| unsigned char ClusterShift; |
| unsigned char Reserved[3]; |
| } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; |
| |
| typedef struct _FILE_POSITION_INFORMATION { |
| LARGE_INTEGER CurrentByteOffset; |
| } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION; |
| |
| typedef struct _FILE_DISPOSITION_INFORMATION { |
| unsigned char DeleteFile; |
| } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION; |
| |
| typedef struct _FILE_FULL_EA_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned char Flags; |
| unsigned char EaNameLength; |
| unsigned short int EaValueLength; |
| char EaName[0]; |
| } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; |
| |
| typedef struct _FILE_QUOTA_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int SidLength; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER QuotaUsed; |
| LARGE_INTEGER QuotaThreshold; |
| LARGE_INTEGER QuotaLimit; |
| SID Sid; |
| } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; |
| |
| typedef struct _FILE_INTERNAL_INFORMATION { |
| LARGE_INTEGER IndexNumber; |
| } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; |
| |
| typedef struct _FILE_RENAME_INFORMATION { |
| unsigned char ReplaceIfExists; |
| void *RootDirectory; |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; |
| |
| typedef struct _FILE_PIPE_INFORMATION { |
| unsigned long int ReadMode; |
| unsigned long int CompletionMode; |
| } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; |
| |
| typedef struct _FILE_PIPE_LOCAL_INFORMATION { |
| unsigned long int NamedPipeType; |
| unsigned long int NamedPipeConfiguration; |
| unsigned long int MaximumInstances; |
| unsigned long int CurrentInstances; |
| unsigned long int InboundQuota; |
| unsigned long int ReadDataAvailable; |
| unsigned long int OutboundQuota; |
| unsigned long int WriteQuotaAvailable; |
| unsigned long int NamedPipeState; |
| unsigned long int NamedPipeEnd; |
| } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; |
| |
| typedef struct _FILE_PIPE_REMOTE_INFORMATION { |
| LARGE_INTEGER CollectDataTime; |
| unsigned long int MaximumCollectionCount; |
| } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; |
| |
| typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { |
| unsigned long int MaximumMessageSize; |
| unsigned long int MailslotQuota; |
| unsigned long int NextMessageSize; |
| unsigned long int MessagesAvailable; |
| LARGE_INTEGER ReadTimeout; |
| } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; |
| |
| typedef struct _FILE_MAILSLOT_SET_INFORMATION { |
| LARGE_INTEGER *ReadTimeout; |
| } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; |
| |
| typedef struct _FILE_ACCESS_INFORMATION { |
| ACCESS_MASK AccessFlags; |
| } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION; |
| |
| typedef struct _FILE_BOTH_DIR_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| unsigned long int FileAttributes; |
| unsigned long int FileNameLength; |
| unsigned long int EaSize; |
| char ShortNameLength; |
| wchar_t ShortName[12]; |
| wchar_t FileName[0]; |
| } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; |
| |
| typedef struct _FILE_COMPLETION_INFORMATION { |
| void *Port; |
| void *Key; |
| } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; |
| |
| typedef struct _FILE_LINK_INFORMATION { |
| unsigned char ReplaceIfExists; |
| void *RootDirectory; |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; |
| |
| typedef struct _FILE_NAME_INFORMATION { |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; |
| |
| typedef struct _FILE_ALLOCATION_INFORMATION { |
| LARGE_INTEGER AllocationSize; |
| } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; |
| |
| typedef struct _FILE_END_OF_FILE_INFORMATION { |
| LARGE_INTEGER EndOfFile; |
| } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION; |
| |
| typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION { |
| LARGE_INTEGER ValidDataLength; |
| } FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION; |
| |
| typedef struct _FILE_DIRECTORY_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| unsigned long int FileAttributes; |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; |
| |
| typedef struct _FILE_FULL_DIR_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| unsigned long int FileAttributes; |
| unsigned long int FileNameLength; |
| unsigned long int EaSize; |
| wchar_t FileName[0]; |
| } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION; |
| |
| typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| LARGE_INTEGER CreationTime; |
| LARGE_INTEGER LastAccessTime; |
| LARGE_INTEGER LastWriteTime; |
| LARGE_INTEGER ChangeTime; |
| LARGE_INTEGER EndOfFile; |
| LARGE_INTEGER AllocationSize; |
| unsigned long int FileAttributes; |
| unsigned long int FileNameLength; |
| unsigned long int EaSize; |
| LARGE_INTEGER FileId; |
| wchar_t FileName[0]; |
| } FILE_ID_FULL_DIRECTORY_INFORMATION, *PFILE_ID_FULL_DIRECTORY_INFORMATION; |
| |
| typedef struct _FILE_NAMES_INFORMATION { |
| unsigned long int NextEntryOffset; |
| unsigned long int FileIndex; |
| unsigned long int FileNameLength; |
| wchar_t FileName[0]; |
| } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION; |
| |
| typedef struct _FILE_IO_COMPLETION_INFORMATION { |
| void *KeyContext; |
| void *ApcContext; |
| IO_STATUS_BLOCK IoStatusBlock; |
| } FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION; |
| |
| typedef struct _FILE_FS_DEVICE_INFORMATION { |
| unsigned long int DeviceType; |
| unsigned long int Characteristics; |
| } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION; |
| |
| typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { |
| unsigned long int FileSystemAttributes; |
| unsigned long int MaximumComponentNameLength; |
| unsigned long int FileSystemNameLength; |
| wchar_t FileSystemName[0]; |
| } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; |
| |
| typedef struct _FILE_FS_SIZE_INFORMATION { |
| LARGE_INTEGER TotalAllocationUnits; |
| LARGE_INTEGER AvailableAllocationUnits; |
| unsigned long int SectorsPerAllocationUnit; |
| unsigned long int BytesPerSector; |
| } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; |
| |
| typedef struct _FILE_FS_FULL_SIZE_INFORMATION { |
| LARGE_INTEGER TotalAllocationUnits; |
| LARGE_INTEGER CallerAvailableAllocationUnits; |
| LARGE_INTEGER ActualAvailableAllocationUnits; |
| unsigned long int SectorsPerAllocationUnit; |
| unsigned long int BytesPerSector; |
| } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; |
| |
| typedef struct _FILE_FS_LABEL_INFORMATION { |
| unsigned long int VolumeLabelLength; |
| wchar_t VolumeLabel[0]; |
| } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; |
| |
| typedef struct _FILE_FS_VOLUME_INFORMATION { |
| LARGE_INTEGER VolumeCreationTime; |
| unsigned long int VolumeSerialNumber; |
| unsigned long int VolumeLabelLength; |
| unsigned char SupportsObjects; |
| wchar_t VolumeLabel[0]; |
| } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; |
| |
| typedef struct _FILE_FS_DRIVER_PATH_INFORMATION { |
| unsigned char DriverInPath; |
| unsigned long int DriverLength; |
| wchar_t DriverName[0]; |
| } FILE_FS_DRIVER_PATH_INFORMATION, *PFILE_FS_DRIVER_PATH_INFORMATION; |
| |
| // |
| // Pipe Structures for IOCTL_PIPE_XXX |
| // |
| typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { |
| LARGE_INTEGER Timeout; |
| unsigned long int NameLength; |
| unsigned char TimeoutSpecified; |
| wchar_t Name[0]; |
| } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; |
| |
| typedef struct _FILE_PIPE_PEEK_BUFFER { |
| unsigned long int NamedPipeState; |
| unsigned long int ReadDataAvailable; |
| unsigned long int NumberOfMessages; |
| unsigned long int MessageLength; |
| char Data[0]; |
| } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; |
| |
| typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION { |
| unsigned long int FileAttributes; |
| unsigned long int ReparseTag; |
| } FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION; |
| |
| #endif |
| |
| typedef struct _OBJECT_BASIC_INFORMATION { |
| unsigned long int Attributes; |
| ACCESS_MASK GrantedAccess; |
| unsigned long int HandleCount; |
| unsigned long int PointerCount; |
| unsigned long int PagedPoolUsage; |
| unsigned long int NonPagedPoolUsage; |
| unsigned long int Reserved[3]; |
| unsigned long int NameInformationLength; |
| unsigned long int TypeInformationLength; |
| unsigned long int SecurityDescriptorLength; |
| LARGE_INTEGER CreateTime; |
| } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; |
| |
| typedef struct _OBJECT_NAME_INFORMATION { |
| UNICODE_STRING Name; |
| wchar_t Buffer[0]; // The Windows NT kernel using offset to get the buffer address; this member may be unnecessary. |
| } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; |
| |
| typedef struct _OBJECT_TYPE_INFORMATION { |
| UNICODE_STRING TypeName; |
| unsigned long int TotalNumberOfObjects; |
| unsigned long int TotalNumberOfHandles; |
| unsigned long int TotalPagedPoolUsage; |
| unsigned long int TotalNonPagedPoolUsage; |
| unsigned long int TotalNamePoolUsage; |
| unsigned long int TotalHandleTableUsage; |
| unsigned long int HighWaterNumberOfObjects; |
| unsigned long int HighWaterNumberOfHandles; |
| unsigned long int HighWaterPagedPoolUsage; |
| unsigned long int HighWaterNonPagedPoolUsage; |
| unsigned long int HighWaterNamePoolUsage; |
| unsigned long int HighWaterHandleTableUsage; |
| unsigned long int InvalidAttributes; |
| GENERIC_MAPPING GenericMapping; |
| unsigned long int ValidAccessMask; |
| unsigned char SecurityRequired; |
| unsigned char MaintainHandleCount; |
| unsigned long int PoolType; |
| unsigned long int DefaultPagedPoolCharge; |
| unsigned long int DefaultNonPagedPoolCharge; |
| } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; |
| |
| typedef struct _OBJECT_DIRECTORY_INFORMATION { |
| UNICODE_STRING Name; |
| UNICODE_STRING TypeName; |
| } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; |
| |
| #ifndef _WINNT_H |
| typedef struct _MEMORY_BASIC_INFORMATION { |
| void *BaseAddress; |
| void *AllocationBase; |
| unsigned long int AllocationProtect; |
| unsigned long int RegionSize; |
| unsigned long int State; |
| unsigned long int Protect; |
| unsigned long int Type; |
| } MEMORY_BASIC_INFORMATION,*PMEMORY_BASIC_INFORMATION; |
| #endif |
| |
| typedef struct _SYSTEM_BASIC_INFORMATION { |
| unsigned long int Reserved; |
| unsigned long int TimerResolution; |
| unsigned long int PageSize; |
| unsigned long int NumberOfPhysicalPages; |
| unsigned long int LowestPhysicalPageNumber; |
| unsigned long int HighestPhysicalPageNumber; |
| unsigned long int AllocationGranularity; |
| unsigned long int MinimumUserModeAddress; |
| unsigned long int MaximumUserModeAddress; |
| unsigned long int ActiveProcessorsAffinityMask; |
| char NumberOfProcessors; |
| } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; |
| |
| typedef void (NTAPI *PIO_APC_ROUTINE)(void *, IO_STATUS_BLOCK *, unsigned long int); |
| |
| long int NTAPI NtAdjustPrivilegesToken(void *handle, unsigned char DisableAllPrivileges, TOKEN_PRIVILEGES *NewState, unsigned long int BufferLength, TOKEN_PRIVILEGES *PreviousState, unsigned long int *ReturnLength); |
| long int NTAPI NtAllocateVirtualMemory(void *process_handle, void *base, unsigned long int set_zero, size_t *region_size, unsigned long int type, unsigned long int protect); |
| long int NTAPI NtClose(void *handle); |
| long int NTAPI NtCreateDirectoryObject(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib); |
| long int NTAPI NtCreateFile(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, IO_STATUS_BLOCK *io_status, LARGE_INTEGER *, unsigned long int file_attrib, unsigned long int share_access, unsigned long int create_disposition, unsigned long int create_options, void *ea_buffer, unsigned long int ea_length); |
| long int NTAPI NtCreateProcess(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, void *parent_process, unsigned char inherit_handles, void *section_handle, void *debug_port, void *exception_port); |
| long int NTAPI NtCreateSection(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, LARGE_INTEGER *max_size, unsigned long int protection, unsigned long int attrib, void *fh); |
| long int NTAPI NtCreateSymbolicLinkObject(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, UNICODE_STRING *); |
| long int NTAPI NtCreateThread(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, void *process_handle, CLIENT_ID *client_id, CONTEXT *context, INITIAL_TEB *user_stack, unsigned char suspend); |
| long int NTAPI NtDelayExecution(unsigned char, LARGE_INTEGER *); |
| long int NTAPI NtDeleteFile(OBJECT_ATTRIBUTES *object_attrib); |
| long int NTAPI NtDeviceIoControlFile(void *file_handle, void *event_handle, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, unsigned long int ioctl_code, void *in_buffer, unsigned long int in_buffer_length, void *out_buffer, unsigned long int out_buffer_length); |
| long int NTAPI NtDisplayString(UNICODE_STRING *s); |
| long int NTAPI NtDuplicateObject(void *source_process, void *source, void *target_process, void **target, ACCESS_MASK access, unsigned long int attrib, unsigned long int options); |
| long int NTAPI NtFlushBuffersFile(void *handle, IO_STATUS_BLOCK *io_status); |
| long int NTAPI NtGetContextThread(void *thread_handle, CONTEXT *context); |
| unsigned long int NTAPI NtGetTickCount(void); |
| long int NTAPI NtMakeTemporaryObject(void *handle); |
| long int NTAPI NtOpenDirectoryObject(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib); |
| long int NTAPI NtOpenFile(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib, IO_STATUS_BLOCK *io_status, unsigned long int share_access, unsigned long int open_options); |
| long int NTAPI NtOpenProcessToken(void *ProcessHandle, ACCESS_MASK DesiredAccess, void **TokenHandle); |
| long int NTAPI NtOpenSymbolicLinkObject(void **handle, ACCESS_MASK access, OBJECT_ATTRIBUTES *object_attrib); |
| long int NTAPI NtProtectVirtualMemory(void *process_handle, void **base, size_t *size, unsigned long int protection, unsigned long int *old_protection); |
| long int NTAPI NtQueryDirectoryFile(void *handle, void *event_handle, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, void *information, unsigned long int length, FILE_INFORMATION_CLASS information_class, unsigned char signal_entry, UNICODE_STRING *file_name, unsigned char restart); |
| long int NTAPI NtQueryDirectoryObject(void *handle, void *buffer, unsigned long int length, unsigned char signal_entry, unsigned char restart, unsigned long int *context, unsigned long int *rlength); |
| long int NTAPI NtQueryInformationFile(void *handle, IO_STATUS_BLOCK *io_status, void *information, unsigned long int length, FILE_INFORMATION_CLASS information_class); |
| long int NTAPI NtQueryInformationProcess(void *handle, PROCESSINFOCLASS information_class, void *information, unsigned long int length, unsigned long int *rlength); |
| long int NTAPI NtQueryInformationThread(void *handle, THREADINFOCLASS information_class, void *information, unsigned long int length, unsigned long int *rlength); |
| long int NTAPI NtQueryObject(void *handle, OBJECT_INFORMATION_CLASS information_class, void *information, unsigned long int length, unsigned long int *result_length); |
| long int NTAPI NtQuerySection(void *handle, SECTION_INFORMATION_CLASS information_class, void *information, unsigned long int length, unsigned long int *rlength); |
| long int NTAPI NtQuerySymbolicLinkObject(void *handle, UNICODE_STRING *link_target, unsigned long int *return_length); |
| long int NTAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS information_class, void *information, unsigned long int length, unsigned long int *rlength); |
| long int NTAPI NtQuerySystemTime(LARGE_INTEGER *time); |
| long int NTAPI NtQueryVirtualMemory(void *process_handle, void *address, MEMORY_INFORMATION_CLASS information_class, void *information, unsigned long int length, size_t *rlength); |
| long int NTAPI NtQueryVolumeInformationFile(void *handle, IO_STATUS_BLOCK *io_status, void *information, unsigned long int length, FS_INFORMATION_CLASS information_class); |
| long int NTAPI NtReadFile(void *handle, void *event_handle, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, void *buffer, unsigned long int length, LARGE_INTEGER *offset, unsigned long int *key); |
| long int NTAPI NtResumeThread(void *handle, unsigned long int *suspend_count); |
| long int NTAPI NtSetInformationFile(void *handle, IO_STATUS_BLOCK *io_status, void *information, unsigned long int length, FILE_INFORMATION_CLASS information_class); |
| long int NTAPI NtSetInformationProcess(void *handle, PROCESSINFOCLASS information_class, void *information, unsigned long int length); |
| long int NTAPI NtSetSystemTime(const LARGE_INTEGER *time, LARGE_INTEGER *orig_time); |
| long int NTAPI NtShutdownSystem(SHUTDOWN_ACTION action); |
| long int NTAPI NtTerminateProcess(void *handle, long int exit_status); |
| long int NTAPI NtWaitForMultipleObjects(unsigned long int count, void **handles, WAIT_TYPE type, unsigned char alertable, LARGE_INTEGER *time); |
| long int NTAPI NtWaitForSingleObject(void *handle, unsigned char alertable, LARGE_INTEGER *time); |
| long int NTAPI NtWriteFile(void *handle, void *event_handle, PIO_APC_ROUTINE apc_routine, void *apc_context, IO_STATUS_BLOCK *io_status, const void *buffer, unsigned long int length, LARGE_INTEGER *offset, unsigned long int *key); |
| long int NTAPI NtWriteVirtualMemory(void *process_handle, void *base, void *buffer, unsigned long int buffer_size, unsigned long int *rsize); |
| |
| long int NTAPI RtlAdjustPrivilege(unsigned long int Privilege, unsigned char NewValue, unsigned char ForThread, unsigned char *OldValue); |
| void NTAPI RtlAssert(const char *, const char *, unsigned long int, const char *); |
| RTL_USER_PROCESS_PARAMETERS *NTAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS *process_parameters); |
| void *NTAPI RtlCreateHeap(unsigned long int Flags, void *BaseAddress, size_t SizeToReserve, size_t SizeToCommit, void *Lock, RTL_HEAP_PARAMETERS *Parameters); |
| void *NTAPI RtlAllocateHeap(void *HeapHandle, unsigned long int Flags, size_t Size); |
| void *NTAPI RtlReAllocateHeap(void *HeapHandle, unsigned long int Flags, void *Ptr, size_t Size); |
| unsigned char NTAPI RtlFreeHeap(void *HeapHandle, unsigned long int Flags, void *HeapBase); |
| unsigned long int NTAPI RtlGetCurrentDirectory_U(unsigned long int, wchar_t *); |
| long int NTAPI RtlGetVersion(RTL_OSVERSIONINFO *lpVersionInformation); |
| unsigned char NTAPI RtlCreateUnicodeString(UNICODE_STRING *target, const wchar_t *src); |
| unsigned char NTAPI RtlCreateUnicodeStringFromAsciiz(UNICODE_STRING *target, const char *src); |
| void NTAPI RtlFreeUnicodeString(UNICODE_STRING *); |
| unsigned char NTAPI RtlDosPathNameToNtPathName_U(const wchar_t *dospath, UNICODE_STRING *ntpath, const wchar_t *ntfilenamepart, CURDIR *dir_info); |
| unsigned char NTAPI RtlTimeToSecondsSince1970(const LARGE_INTEGER *, unsigned long int *); |
| long int NTAPI RtlQueryTimeZoneInformation(TIME_ZONE_INFORMATION *tzinfo); |
| long int NTAPI RtlCreateUserThread(void *process_handle, SECURITY_DESCRIPTOR *sd, unsigned char suspend, unsigned long int zero_bits, size_t max_stack_size, size_t commit_stack_size, PUSER_THREAD_START_ROUTINE start_routine, void *arg, void **thread_handle, CLIENT_ID *client_id); |
| long int NTAPI RtlCreateUserProcess(UNICODE_STRING *filename, unsigned long int attrib, RTL_USER_PROCESS_PARAMETERS *process_parameters, SECURITY_DESCRIPTOR *psd, SECURITY_DESCRIPTOR *tsd, void *parent_process, unsigned char inherit_handles, void *debug_port, void *exception_port, RTL_USER_PROCESS_INFORMATION *rinfo); |
| long int NTAPI RtlCreateProcessParameters(RTL_USER_PROCESS_PARAMETERS **process_parameters, UNICODE_STRING *exe, UNICODE_STRING *dllpath, UNICODE_STRING *cwd, UNICODE_STRING *command_line, wchar_t *env, UNICODE_STRING *, UNICODE_STRING *, UNICODE_STRING *, UNICODE_STRING *); |
| long int NTAPI RtlDestroyProcessParameters(RTL_USER_PROCESS_PARAMETERS *process_parameters); |
| long int NTAPI RtlMultiByteToUnicodeN(wchar_t *us, unsigned long int us_size, unsigned long int *rsize, const char *mbs, unsigned long int mbs_size); |
| long int NTAPI RtlMultiByteToUnicodeSize(unsigned long int *us_size, const char *mbs, unsigned long int mbs_size); |
| long int NTAPI RtlUnicodeToMultiByteN(char *mbs, unsigned long int mbs_size, unsigned long int *rsize, const wchar_t *us, unsigned long int us_size); |
| long int NTAPI RtlUnicodeToMultiByteSize(unsigned long int *mbs_size, const wchar_t *us, unsigned long int us_size); |
| |
| #endif |