Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #ifndef _NTDDK_
- #define _NTDDK_
- #define NT_INCLUDED
- #define _NTDEF_
- #define _CTYPE_DISABLE_MACROS
- #pragma warning(disable : 4200)
- #undef STATUS_WAIT_0
- #undef STATUS_ABANDONED_WAIT_0
- #undef STATUS_USER_APC
- #undef STATUS_TIMEOUT
- #undef STATUS_PENDING
- #undef DBG_CONTINUE
- #undef STATUS_SEGMENT_NOTIFICATION
- #undef DBG_TERMINATE_THREAD
- #undef DBG_TERMINATE_PROCESS
- #undef DBG_CONTROL_C
- #undef DBG_CONTROL_BREAK
- #undef STATUS_GUARD_PAGE_VIOLATION
- #undef STATUS_DATATYPE_MISALIGNMENT
- #undef STATUS_BREAKPOINT
- #undef STATUS_SINGLE_STEP
- #undef DBG_EXCEPTION_NOT_HANDLED
- #undef STATUS_ACCESS_VIOLATION
- #undef STATUS_IN_PAGE_ERROR
- #undef STATUS_INVALID_HANDLE
- #undef STATUS_NO_MEMORY
- #undef STATUS_ILLEGAL_INSTRUCTION
- #undef STATUS_NONCONTINUABLE_EXCEPTION
- #undef STATUS_INVALID_DISPOSITION
- #undef STATUS_ARRAY_BOUNDS_EXCEEDED
- #undef STATUS_FLOAT_DENORMAL_OPERAND
- #undef STATUS_FLOAT_DIVIDE_BY_ZERO
- #undef STATUS_FLOAT_INEXACT_RESULT
- #undef STATUS_FLOAT_INVALID_OPERATION
- #undef STATUS_FLOAT_OVERFLOW
- #undef STATUS_FLOAT_STACK_CHECK
- #undef STATUS_FLOAT_UNDERFLOW
- #undef STATUS_INTEGER_DIVIDE_BY_ZERO
- #undef STATUS_INTEGER_OVERFLOW
- #undef STATUS_PRIVILEGED_INSTRUCTION
- #undef STATUS_STACK_OVERFLOW
- #undef STATUS_CONTROL_C_EXIT
- #undef STATUS_FLOAT_MULTIPLE_FAULTS
- #undef STATUS_FLOAT_MULTIPLE_TRAPS
- #undef STATUS_ILLEGAL_VLM_REFERENCE
- #undef STATUS_REG_NAT_CONSUMPTION
- #undef DBG_EXCEPTION_HANDLED
- #include <ntstatus.h>
- #if (_MSC_VER >= 800) || defined(_STDCALL_SUPPORTED)
- #define NTAPI __stdcall
- #else
- #define _cdecl
- #define NTAPI
- #endif
- #ifdef __cplusplus
- extern "C" {
- #endif
- #define MAXIMUM_FILENAME_LENGTH 256
- #define PORT_MAXIMUM_MESSAGE_LENGTH 256
- #define INITIAL_PRIVILEGE_COUNT 3
- #define FSCTL_GET_VOLUME_INFORMATION 0x90064
- // constants for RtlDetermineDosPathNameType_U
- #define DOS_PATHTYPE_UNC 0x00000001 // \\COMPUTER1
- #define DOS_PATHTYPE_ROOTDRIVE 0x00000002 // C:\
- #define DOS_PATHTYPE_STREAM 0x00000003 // X:X or C:
- #define DOS_PATHTYPE_NT 0x00000004 // \\??\\C:
- #define DOS_PATHTYPE_NAME 0x00000005 // C
- #define DOS_PATHTYPE_DEVICE 0x00000006 // \\.\C:
- #define DOS_PATHTYPE_LOCALUNCROOT 0x00000007 // \\.
- // Define the various device characteristics flags
- #define FILE_REMOVABLE_MEDIA 0x00000001
- #define FILE_READ_ONLY_DEVICE 0x00000002
- #define FILE_FLOPPY_DISKETTE 0x00000004
- #define FILE_WRITE_ONCE_MEDIA 0x00000008
- #define FILE_REMOTE_DEVICE 0x00000010
- #define FILE_DEVICE_IS_MOUNTED 0x00000020
- #define FILE_VIRTUAL_VOLUME 0x00000040
- #define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
- #define FILE_DEVICE_SECURE_OPEN 0x00000100
- #define FILE_SUPERSEDE 0x00000000
- #define FILE_OPEN 0x00000001
- #define FILE_CREATE 0x00000002
- #define FILE_OPEN_IF 0x00000003
- #define FILE_OVERWRITE 0x00000004
- #define FILE_OVERWRITE_IF 0x00000005
- #define FILE_MAXIMUM_DISPOSITION 0x00000005
- #define FILE_DIRECTORY_FILE 0x00000001
- #define FILE_WRITE_THROUGH 0x00000002
- #define FILE_SEQUENTIAL_ONLY 0x00000004
- #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
- #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
- #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
- #define FILE_NON_DIRECTORY_FILE 0x00000040
- #define FILE_CREATE_TREE_CONNECTION 0x00000080
- #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
- #define FILE_NO_EA_KNOWLEDGE 0x00000200
- #define FILE_OPEN_FOR_RECOVERY 0x00000400
- #define FILE_RANDOM_ACCESS 0x00000800
- #define FILE_DELETE_ON_CLOSE 0x00001000
- #define FILE_OPEN_BY_FILE_ID 0x00002000
- #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
- #define FILE_NO_COMPRESSION 0x00008000
- #define FILE_RESERVE_OPFILTER 0x00100000
- #define FILE_OPEN_REPARSE_POINT 0x00200000
- #define FILE_OPEN_NO_RECALL 0x00400000
- #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
- #define FILE_COPY_STRUCTURED_STORAGE 0x00000041
- #define FILE_STRUCTURED_STORAGE 0x00000441
- #define FILE_VALID_OPTION_FLAGS 0x00ffffff
- #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
- #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
- #define FILE_VALID_SET_FLAGS 0x00000036
- // THREAD STATES
- #define THREAD_STATE_INITIALIZED 0
- #define THREAD_STATE_READY 1
- #define THREAD_STATE_RUNNING 2
- #define THREAD_STATE_STANDBY 3
- #define THREAD_STATE_TERMINATED 4
- #define THREAD_STATE_WAIT 5
- #define THREAD_STATE_TRANSITION 6
- #define THREAD_STATE_UNKNOWN 7
- // OBJECT TYPE CODES
- #define OB_TYPE_TYPE 1
- #define OB_TYPE_DIRECTORY 2
- #define OB_TYPE_SYMBOLIC_LINK 3
- #define OB_TYPE_TOKEN 4
- #define OB_TYPE_PROCESS 5
- #define OB_TYPE_THREAD 6
- #define OB_TYPE_EVENT 7
- #define OB_TYPE_EVENT_PAIR 8
- #define OB_TYPE_MUTANT 9
- #define OB_TYPE_SEMAPHORE 10
- #define OB_TYPE_TIMER 11
- #define OB_TYPE_PROFILE 12
- #define OB_TYPE_WINDOW_STATION 13
- #define OB_TYPE_DESKTOP 14
- #define OB_TYPE_SECTION 15
- #define OB_TYPE_KEY 16
- #define OB_TYPE_PORT 17
- #define OB_TYPE_ADAPTER 18
- #define OB_TYPE_CONTROLLER 19
- #define OB_TYPE_DEVICE 20
- #define OB_TYPE_DRIVER 21
- #define OB_TYPE_IO_COMPLETION 22
- #define OB_TYPE_FILE 23
- #define OBJ_INHERIT 0x00000002
- #define OBJ_PERMANENT 0x00000010
- #define OBJ_EXCLUSIVE 0x00000020
- #define OBJ_CASE_INSENSITIVE 0x00000040
- #define OBJ_OPENIF 0x00000080
- #define OBJ_OPENLINK 0x00000100
- #define OBJ_VALID_ATTRIBUTES 0x000001F2
- // Object Manager Directory Specific Access Rights.
- #define DIRECTORY_QUERY 0x0001
- #define DIRECTORY_TRAVERSE 0x0002
- #define DIRECTORY_CREATE_OBJECT 0x0004
- #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
- #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
- // Object Manager Symbolic Link Specific Access Rights.
- #define SYMBOLIC_LINK_QUERY 0x0001
- #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
- #define NT_SUCCESS(Status) ((LONG)(Status) >= 0)
- #define NT_ERROR(Status) ((ULONG)(Status) >> 30 == 3)
- #define DEVICE_TYPE DWORD
- // values for RtlAdjustPrivilege
- #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L)
- #define SE_CREATE_TOKEN_PRIVILEGE (2L)
- #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L)
- #define SE_LOCK_MEMORY_PRIVILEGE (4L)
- #define SE_INCREASE_QUOTA_PRIVILEGE (5L)
- #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) // obsolete and unused
- #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L)
- #define SE_TCB_PRIVILEGE (7L)
- #define SE_SECURITY_PRIVILEGE (8L)
- #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L)
- #define SE_LOAD_DRIVER_PRIVILEGE (10L)
- #define SE_SYSTEM_PROFILE_PRIVILEGE (11L)
- #define SE_SYSTEMTIME_PRIVILEGE (12L)
- #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L)
- #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L)
- #define SE_CREATE_PAGEFILE_PRIVILEGE (15L)
- #define SE_CREATE_PERMANENT_PRIVILEGE (16L)
- #define SE_BACKUP_PRIVILEGE (17L)
- #define SE_RESTORE_PRIVILEGE (18L)
- #define SE_SHUTDOWN_PRIVILEGE (19L)
- #define SE_DEBUG_PRIVILEGE (20L)
- #define SE_AUDIT_PRIVILEGE (21L)
- #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L)
- #define SE_CHANGE_NOTIFY_PRIVILEGE (23L)
- #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L)
- #define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_REMOTE_SHUTDOWN_PRIVILEGE)
- #define InitializeObjectAttributes( p, n, a, r, s ) { \
- (p)->uLength = sizeof( OBJECT_ATTRIBUTES ); \
- (p)->hRootDirectory = r; \
- (p)->uAttributes = a; \
- (p)->pObjectName = n; \
- (p)->pSecurityDescriptor = s; \
- (p)->pSecurityQualityOfService = NULL; \
- }
- typedef LONG NTSTATUS;
- /*lint -e624 */ // Don't complain about different typedefs.
- // winnt
- typedef NTSTATUS *PNTSTATUS;
- /*lint +e624 */ // Resume checking for different typedefs.
- typedef NTSTATUS (NTAPI *NTSYSCALL)();
- typedef NTSYSCALL *PNTSYSCALL;
- typedef ULONG KAFFINITY;
- typedef KAFFINITY *PKAFFINITY;
- typedef LONG KPRIORITY;
- typedef BYTE KPROCESSOR_MODE;
- typedef VOID *POBJECT;
- typedef VOID (*PKNORMAL_ROUTINE) (
- IN PVOID NormalContext,
- IN PVOID SystemArgument1,
- IN PVOID SystemArgument2
- );
- typedef struct _STRING {
- USHORT Length;
- USHORT MaximumLength;
- #ifdef MIDL_PASS
- [size_is(MaximumLength), length_is(Length) ]
- #endif // MIDL_PASS
- PCHAR Buffer;
- } STRING, *PSTRING;
- typedef STRING ANSI_STRING;
- typedef PSTRING PANSI_STRING;
- typedef STRING OEM_STRING;
- typedef PSTRING POEM_STRING;
- /*
- typedef struct _UNICODE_STRING
- {
- USHORT Length;
- USHORT MaximumLength;
- PWSTR Buffer;
- } UNICODE_STRING, *PUNICODE_STRING;
- */
- typedef struct _HARDWARE_PTE
- {
- ULONG Valid : 1;
- ULONG Write : 1;
- ULONG Owner : 1;
- ULONG WriteThrough : 1;
- ULONG CacheDisable : 1;
- ULONG Accessed : 1;
- ULONG Dirty : 1;
- ULONG LargePage : 1;
- ULONG Global : 1;
- ULONG CopyOnWrite : 1;
- ULONG Prototype : 1;
- ULONG reserved : 1;
- ULONG PageFrameNumber : 20;
- } HARDWARE_PTE, *PHARDWARE_PTE;
- typedef struct _OBJECT_ATTRIBUTES
- {
- ULONG uLength;
- HANDLE hRootDirectory;
- PUNICODE_STRING pObjectName;
- ULONG uAttributes;
- PVOID pSecurityDescriptor;
- PVOID pSecurityQualityOfService;
- } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
- typedef struct _CLIENT_ID
- {
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
- } CLIENT_ID, *PCLIENT_ID;
- typedef struct _PEB_FREE_BLOCK
- {
- struct _PEB_FREE_BLOCK *Next;
- ULONG Size;
- } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK;
- typedef struct _CURDIR
- {
- UNICODE_STRING DosPath;
- HANDLE Handle;
- } CURDIR, *PCURDIR;
- typedef struct _RTL_DRIVE_LETTER_CURDIR
- {
- WORD Flags;
- WORD Length;
- DWORD TimeStamp;
- STRING DosPath;
- } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
- #define PROCESS_PARAMETERS_NORMALIZED 1 // pointers in are absolute (not self-relative)
- typedef struct _PROCESS_PARAMETERS
- {
- ULONG MaximumLength;
- ULONG Length;
- ULONG Flags; // PROCESS_PARAMETERS_NORMALIZED
- ULONG DebugFlags;
- HANDLE ConsoleHandle;
- ULONG ConsoleFlags;
- HANDLE StandardInput;
- HANDLE StandardOutput;
- HANDLE StandardError;
- CURDIR CurrentDirectory;
- UNICODE_STRING DllPath;
- UNICODE_STRING ImagePathName;
- UNICODE_STRING CommandLine;
- PWSTR Environment;
- ULONG StartingX;
- ULONG StartingY;
- ULONG CountX;
- ULONG CountY;
- ULONG CountCharsX;
- ULONG CountCharsY;
- ULONG FillAttribute;
- ULONG WindowFlags;
- ULONG ShowWindowFlags;
- UNICODE_STRING WindowTitle;
- UNICODE_STRING Desktop;
- UNICODE_STRING ShellInfo;
- UNICODE_STRING RuntimeInfo;
- RTL_DRIVE_LETTER_CURDIR CurrentDirectores[32];
- } PROCESS_PARAMETERS, *PPROCESS_PARAMETERS;
- typedef struct _RTL_BITMAP
- {
- DWORD SizeOfBitMap;
- PDWORD Buffer;
- } RTL_BITMAP, *PRTL_BITMAP, **PPRTL_BITMAP;
- #define LDR_STATIC_LINK 0x0000002
- #define LDR_IMAGE_DLL 0x0000004
- #define LDR_LOAD_IN_PROGRESS 0x0001000
- #define LDR_UNLOAD_IN_PROGRESS 0x0002000
- #define LDR_ENTRY_PROCESSED 0x0004000
- #define LDR_ENTRY_INSERTED 0x0008000
- #define LDR_CURRENT_LOAD 0x0010000
- #define LDR_FAILED_BUILTIN_LOAD 0x0020000
- #define LDR_DONT_CALL_FOR_THREADS 0x0040000
- #define LDR_PROCESS_ATTACH_CALLED 0x0080000
- #define LDR_DEBUG_SYMBOLS_LOADED 0x0100000
- #define LDR_IMAGE_NOT_AT_BASE 0x0200000
- #define LDR_WX86_IGNORE_MACHINETYPE 0x0400000
- typedef struct _LDR_DATA_TABLE_ENTRY
- {
- LIST_ENTRY InLoadOrderModuleList;
- LIST_ENTRY InMemoryOrderModuleList;
- LIST_ENTRY InInitializationOrderModuleList;
- PVOID DllBase;
- PVOID EntryPoint;
- ULONG SizeOfImage; // in bytes
- UNICODE_STRING FullDllName;
- UNICODE_STRING BaseDllName;
- ULONG Flags; // LDR_*
- USHORT LoadCount;
- USHORT TlsIndex;
- LIST_ENTRY HashLinks;
- PVOID SectionPointer;
- ULONG CheckSum;
- ULONG TimeDateStamp;
- // PVOID LoadedImports; // seems they are exist only on XP !!!
- // PVOID EntryPointActivationContext; // -same-
- } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
- typedef struct _PEB_LDR_DATA {
- ULONG Length;
- BOOLEAN Initialized;
- PVOID SsHandle;
- LIST_ENTRY ModuleListLoadOrder;
- LIST_ENTRY ModuleListMemoryOrder;
- LIST_ENTRY ModuleListInitOrder;
- } PEB_LDR_DATA, *PPEB_LDR_DATA;
- typedef VOID NTSYSAPI (*PPEBLOCKROUTINE)(PVOID);
- typedef struct _SYSTEM_STRINGS
- {
- UNICODE_STRING SystemRoot; // C:\WINNT
- UNICODE_STRING System32Root; // C:\WINNT\System32
- UNICODE_STRING BaseNamedObjects; // \BaseNamedObjects
- }SYSTEM_STRINGS,*PSYSTEM_STRINGS;
- typedef struct _TEXT_INFO
- {
- PVOID Reserved;
- PSYSTEM_STRINGS SystemStrings;
- }TEXT_INFO, *PTEXT_INFO;
- typedef struct _PEB
- {
- UCHAR InheritedAddressSpace; // 0
- UCHAR ReadImageFileExecOptions; // 1
- UCHAR BeingDebugged; // 2
- BYTE b003; // 3
- PVOID Mutant; // 4
- PVOID ImageBaseAddress; // 8
- PPEB_LDR_DATA Ldr; // C
- PPROCESS_PARAMETERS ProcessParameters; // 10
- PVOID SubSystemData; // 14
- PVOID ProcessHeap; // 18
- KSPIN_LOCK FastPebLock; // 1C
- PPEBLOCKROUTINE FastPebLockRoutine; // 20
- PPEBLOCKROUTINE FastPebUnlockRoutine; // 24
- ULONG EnvironmentUpdateCount; // 28
- PVOID *KernelCallbackTable; // 2C
- PVOID EventLogSection; // 30
- PVOID EventLog; // 34
- PPEB_FREE_BLOCK FreeList; // 38
- ULONG TlsExpansionCounter; // 3C
- PRTL_BITMAP TlsBitmap; // 40
- ULONG TlsBitmapData[0x2]; // 44
- PVOID ReadOnlySharedMemoryBase; // 4C
- PVOID ReadOnlySharedMemoryHeap; // 50
- PTEXT_INFO ReadOnlyStaticServerData; // 54
- PVOID InitAnsiCodePageData; // 58
- PVOID InitOemCodePageData; // 5C
- PVOID InitUnicodeCaseTableData; // 60
- ULONG KeNumberProcessors; // 64
- ULONG NtGlobalFlag; // 68
- DWORD d6C; // 6C
- LARGE_INTEGER MmCriticalSectionTimeout; // 70
- ULONG MmHeapSegmentReserve; // 78
- ULONG MmHeapSegmentCommit; // 7C
- ULONG MmHeapDeCommitTotalFreeThreshold; // 80
- ULONG MmHeapDeCommitFreeBlockThreshold; // 84
- ULONG NumberOfHeaps; // 88
- ULONG AvailableHeaps; // 8C
- PHANDLE ProcessHeapsListBuffer; // 90
- PVOID GdiSharedHandleTable; // 94
- PVOID ProcessStarterHelper; // 98
- PVOID GdiDCAttributeList; // 9C
- KSPIN_LOCK LoaderLock; // A0
- ULONG NtMajorVersion; // A4
- ULONG NtMinorVersion; // A8
- USHORT NtBuildNumber; // AC
- USHORT NtCSDVersion; // AE
- ULONG PlatformId; // B0
- ULONG Subsystem; // B4
- ULONG MajorSubsystemVersion; // B8
- ULONG MinorSubsystemVersion; // BC
- KAFFINITY AffinityMask; // C0
- ULONG GdiHandleBuffer[0x22]; // C4
- ULONG PostProcessInitRoutine; // 14C
- ULONG TlsExpansionBitmap; // 150
- UCHAR TlsExpansionBitmapBits[0x80]; // 154
- ULONG SessionId; // 1D4
- ULARGE_INTEGER AppCompatFlags; // 1D8
- PWORD CSDVersion; // 1E0
- /* PVOID AppCompatInfo; // 1E4
- UNICODE_STRING usCSDVersion;
- PVOID ActivationContextData;
- PVOID ProcessAssemblyStorageMap;
- PVOID SystemDefaultActivationContextData;
- PVOID SystemAssemblyStorageMap;
- ULONG MinimumStackCommit; */
- } PEB, *PPEB;
- typedef struct _TEB
- {
- NT_TIB Tib;
- PVOID EnvironmentPointer;
- CLIENT_ID Cid;
- PVOID ActiveRpcInfo;
- PVOID ThreadLocalStoragePointer;
- PPEB Peb;
- ULONG LastErrorValue;
- ULONG CountOfOwnedCriticalSections;
- PVOID CsrClientThread;
- PVOID Win32ThreadInfo;
- ULONG Win32ClientInfo[0x1F];
- PVOID WOW32Reserved;
- ULONG CurrentLocale;
- ULONG FpSoftwareStatusRegister;
- PVOID SystemReserved1[0x36];
- PVOID Spare1;
- LONG ExceptionCode;
- ULONG SpareBytes1[0x28];
- PVOID SystemReserved2[0xA];
- ULONG gdiRgn;
- ULONG gdiPen;
- ULONG gdiBrush;
- CLIENT_ID RealClientId;
- PVOID GdiCachedProcessHandle;
- ULONG GdiClientPID;
- ULONG GdiClientTID;
- PVOID GdiThreadLocaleInfo;
- PVOID UserReserved[5];
- PVOID glDispatchTable[0x118];
- ULONG glReserved1[0x1A];
- PVOID glReserved2;
- PVOID glSectionInfo;
- PVOID glSection;
- PVOID glTable;
- PVOID glCurrentRC;
- PVOID glContext;
- NTSTATUS LastStatusValue;
- UNICODE_STRING StaticUnicodeString;
- WCHAR StaticUnicodeBuffer[0x105];
- PVOID DeallocationStack;
- PVOID TlsSlots[0x40];
- LIST_ENTRY TlsLinks;
- PVOID Vdm;
- PVOID ReservedForNtRpc;
- PVOID DbgSsReserved[0x2];
- ULONG HardErrorDisabled;
- PVOID Instrumentation[0x10];
- PVOID WinSockData;
- ULONG GdiBatchCount;
- ULONG Spare2;
- ULONG Spare3;
- ULONG Spare4;
- PVOID ReservedForOle;
- ULONG WaitingOnLoaderLock;
- PVOID StackCommit;
- PVOID StackCommitMax;
- PVOID StackReserve;
- } TEB, *PTEB;
- typedef enum _POOL_TYPE
- {
- NonPagedPool,
- PagedPool,
- NonPagedPoolMustSucceed,
- DontUseThisType,
- NonPagedPoolCacheAligned,
- PagedPoolCacheAligned,
- NonPagedPoolCacheAlignedMustS,
- MaxPoolType
- } POOL_TYPE, *PPOOL_TYPE;
- typedef enum _KWAIT_REASON
- {
- Executive,
- FreePage,
- PageIn,
- PoolAllocation,
- DelayExecution,
- Suspended,
- UserRequest,
- WrExecutive,
- WrFreePage,
- WrPageIn,
- WrPoolAllocation,
- WrDelayExecution,
- WrSuspended,
- WrUserRequest,
- WrEventPair,
- WrQueue,
- WrLpcReceive,
- WrLpcReply,
- WrVirtualMemory,
- WrPageOut,
- WrRendezvous,
- Spare2,
- Spare3,
- Spare4,
- Spare5,
- Spare6,
- WrKernel,
- MaximumWaitReason
- } KWAIT_REASON, *PKWAIT_REASON;
- typedef struct _DISPATCHER_HEADER
- {
- BYTE uType; //DO_TYPE_*
- BYTE uAbsolute;
- BYTE uSize; // number of DWORDs
- BYTE uInserted;
- LONG lSignalState;
- LIST_ENTRY WaitListHead;
- } DISPATCHER_HEADER, *PDISPATCHER_HEADER;
- typedef struct _KPROCESS
- {
- DISPATCHER_HEADER Header; // DO_TYPE_PROCESS (0x1A)
- LIST_ENTRY le10;
- DWORD d18;
- DWORD d1C;
- DWORD d20;
- DWORD d24;
- DWORD d28;
- DWORD d2C;
- DWORD d30;
- DWORD d34;
- DWORD dKernelTime; // ticks
- DWORD dUserTime; // ticks
- LIST_ENTRY le40;
- LIST_ENTRY OutSwapList;
- LIST_ENTRY ThreadListHead; // KTHREAD.ThreadList
- DWORD d58;
- KAFFINITY AffinityMask;
- WORD w60;
- BYTE bBasePriority;
- BYTE b63;
- WORD w64;
- BYTE b66;
- BOOLEAN fPriorityBoost;
- } KPROCESS, *PKPROCESS;
- typedef struct _PORT_MESSAGE
- {
- USHORT DataSize;
- USHORT MessageSize;
- USHORT MessageType;
- USHORT VirtualRangesOffset;
- CLIENT_ID ClientId;
- ULONG MessageId;
- ULONG SectionSize;
- // UCHAR Data[];
- } PORT_MESSAGE, *PPORT_MESSAGE;
- typedef struct _SERVICE_DESCRIPTOR_TABLE
- {
- PNTSYSCALL ServiceTable; // array of entrypoints
- PULONG puCounterTable; // array of counters
- ULONG uTableSize; // number of table entries
- PBYTE pbArgumentTable; // array of byte counts
- } SERVICE_DESCRIPTOR_TABLE, *PSERVICE_DESCRIPTOR_TABLE;
- typedef struct _KSEMAPHORE
- {
- DISPATCHER_HEADER Header;
- LONG lLimit;
- } KSEMAPHORE, *PKSEMAPHORE;
- typedef struct _KTHREAD
- {
- DISPATCHER_HEADER Header; // DO_TYPE_THREAD (0x6C)
- LIST_ENTRY le010;
- DWORD d018;
- DWORD d01C;
- PTEB pTeb;
- DWORD d024;
- DWORD d028;
- BYTE b02C;
- BYTE bThreadState; // THREAD_STATE_*
- WORD w02E;
- WORD w030;
- BYTE b032;
- BYTE bPriority;
- LIST_ENTRY le034;
- LIST_ENTRY le03C;
- PKPROCESS pProcess;
- DWORD d048;
- DWORD dContextSwitches;
- DWORD d050;
- WORD w054;
- BYTE b056;
- BYTE bWaitReason;
- DWORD d058;
- PLIST_ENTRY ple05C;
- PLIST_ENTRY ple060;
- DWORD d064;
- BYTE bBasePriority;
- BYTE b069;
- WORD w06A;
- DWORD d06C;
- DWORD d070;
- DWORD d074;
- DWORD d078;
- DWORD d07C;
- DWORD d080;
- DWORD d084;
- DWORD d088;
- DWORD d08C;
- DWORD d090;
- DWORD d094;
- DWORD d098;
- DWORD d09C;
- DWORD d0A0;
- DWORD d0A4;
- DWORD d0A8;
- DWORD d0AC;
- DWORD d0B0;
- DWORD d0B4;
- DWORD d0B8;
- DWORD d0BC;
- DWORD d0C0;
- DWORD d0C4;
- DWORD d0C8;
- DWORD d0CC;
- DWORD d0D0;
- DWORD d0D4;
- DWORD d0D8;
- PSERVICE_DESCRIPTOR_TABLE pServiceDescriptorTable;
- DWORD d0E0;
- DWORD d0E4;
- DWORD d0E8;
- DWORD d0EC;
- LIST_ENTRY le0F0;
- DWORD d0F8;
- DWORD d0FC;
- DWORD d100;
- DWORD d104;
- DWORD d108;
- DWORD d10C;
- DWORD d110;
- DWORD d114;
- DWORD d118;
- BYTE b11C;
- BYTE b11D;
- WORD w11E;
- DWORD d120;
- DWORD d124;
- DWORD d128;
- DWORD d12C;
- DWORD d130;
- WORD w134;
- BYTE b136;
- KPROCESSOR_MODE ProcessorMode;
- DWORD dKernelTime; // ticks
- DWORD dUserTime; // ticks
- DWORD d140;
- DWORD d144;
- DWORD d148;
- DWORD d14C;
- DWORD d150;
- DWORD d154;
- DWORD d158;
- DWORD d15C;
- DWORD d160;
- DWORD d164;
- DWORD d168;
- DWORD d16C;
- DWORD d170;
- PROC SuspendNop;
- DWORD d178;
- DWORD d17C;
- DWORD d180;
- DWORD d184;
- DWORD d188;
- DWORD d18C;
- KSEMAPHORE SuspendSemaphore;
- LIST_ENTRY ThreadList; // KPROCESS.ThreadListHead
- DWORD d1AC;
- } KTHREAD, *PKTHREAD;
- typedef struct _ETHREAD
- {
- KTHREAD Tcb;
- LARGE_INTEGER liCreateTime;
- LARGE_INTEGER liExitTime;
- NTSTATUS ExitStatus;
- LIST_ENTRY PostBlockList;
- LIST_ENTRY TerminationPortList;
- ULONG uActiveTimerListLock;
- LIST_ENTRY ActiveTimerListHead;
- CLIENT_ID Cid;
- KSEMAPHORE LpcReplySemaphore;
- ULONG uLpcReplyMessage;
- LARGE_INTEGER liLpcReplyMessageId;
- ULONG uImpersonationInfo;
- LIST_ENTRY IrpList;
- LIST_ENTRY TopLevelIrp;
- ULONG uReadClusterSize;
- BOOLEAN fForwardClusterOnly;
- BOOLEAN fDisablePageFaultClustering;
- BOOLEAN fDeadThread;
- BOOLEAN fHasTerminated;
- ULONG uEventPair;
- ULONG uGrantedAccess;
- ULONG uThreadsProcess;
- PVOID pStartAddress;
- PVOID Win32StartAddress;
- BOOLEAN fLpcExitThreadCalled;
- BOOLEAN fHardErrorsAreDisabled;
- WORD wUknown1;
- DWORD dwUknown2;
- } ETHREAD, *PETHREAD;
- typedef PETHREAD ERESOURCE_THREAD,
- *PERESOURCE_THREAD;
- typedef struct _KEVENT
- {
- DISPATCHER_HEADER Header;
- } KEVENT, *PKEVENT;
- typedef struct _ERESOURCE_OLD
- {
- LIST_ENTRY SystemResourcesList;
- PERESOURCE_THREAD OwnerThreads;
- PBYTE pbOwnerCounts;
- WORD wTableSize;
- WORD wActiveCount;
- WORD wFlag;
- WORD wTableRover;
- BYTE bInitialOwnerCounts[4];
- ERESOURCE_THREAD InitialOwnerThreads[4];
- DWORD dwUknown1;
- ULONG uContentionCount;
- WORD wNumberOfExclusiveWaiters;
- WORD wNumberOfSharedWaiters;
- KSEMAPHORE SharedWaiters;
- KEVENT ExclusiveWaiters;
- KSPIN_LOCK SpinLock;
- ULONG uCreatorBackTraceIndex;
- WORD wDepth;
- WORD wUknown2;
- PVOID pOwnerBackTrace[4];
- } ERESOURCE_OLD, *PERESOURCE_OLD;
- typedef struct _OWNER_ENTRY
- {
- ERESOURCE_THREAD OwnerThread;
- SHORT sOwnerCount;
- WORD wTableSize;
- } OWNER_ENTRY, *POWNER_ENTRY;
- typedef struct _ERESOURCE_LITE
- {
- LIST_ENTRY SystemResourcesList;
- POWNER_ENTRY OwnerTable;
- SHORT sActiveCount;
- WORD wFlag;
- PKSEMAPHORE SharedWaiters;
- PKEVENT ExclusiveWaiters;
- OWNER_ENTRY OwnerThreads[2];
- ULONG uContentionCount;
- WORD wNumberOfSharedWaiters;
- WORD wNumberOfExclusiveWaiters;
- union
- {
- PVOID pAddress;
- ULONG uCreatorBackTraceIndex;
- };
- KSPIN_LOCK SpinLock;
- } ERESOURCE_LITE, *PERESOURCE_LITE;
- typedef ERESOURCE_LITE ERESOURCE,
- *PERESOURCE;
- typedef struct _IO_STATUS_BLOCK
- {
- NTSTATUS Status;
- ULONG uInformation;
- } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
- /* Defined in Winnt.h
- typedef struct _QUOTA_LIMITS {
- SIZE_T PagedPoolLimit;
- SIZE_T NonPagedPoolLimit;
- SIZE_T MinimumWorkingSetSize;
- SIZE_T MaximumWorkingSetSize;
- SIZE_T PagefileLimit;
- LARGE_INTEGER TimeLimit;
- } QUOTA_LIMITS, *PQUOTA_LIMITS;
- */
- typedef struct _IOCOUNTERS
- {
- ULONG uReadOperationCount;
- ULONG uWriteOperationCount;
- ULONG uOtherOperationCount;
- LARGE_INTEGER liReadTransferCount;
- LARGE_INTEGER liWriteTransferCount;
- LARGE_INTEGER liOtherTransferCount;
- } IOCOUNTERS, *PIOCOUNTERS;
- typedef struct _VM_COUNTERS
- {
- ULONG uPeakVirtualSize;
- ULONG uVirtualSize;
- ULONG uPageFaultCount;
- ULONG uPeakWorkingSetSize;
- ULONG uWorkingSetSize;
- ULONG uQuotaPeakPagedPoolUsage;
- ULONG uQuotaPagedPoolUsage;
- ULONG uQuotaPeakNonPagedPoolUsage;
- ULONG uQuotaNonPagedPoolUsage;
- ULONG uPagefileUsage;
- ULONG uPeakPagefileUsage;
- } VM_COUNTERS, *PVM_COUNTERS;
- typedef struct _KERNEL_USER_TIMES
- {
- LARGE_INTEGER liCreateTime;
- LARGE_INTEGER liExitTime;
- LARGE_INTEGER liKernelTime;
- LARGE_INTEGER liUserTime;
- } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
- typedef struct _BASE_PRIORITY_INFORMATION
- {
- KPRIORITY BasePriority;
- } BASE_PRIORITY_INFORMATION, *PBASE_PRIORITY_INFORMATION;
- typedef struct _AFFINITY_MASK
- {
- KAFFINITY AffinityMask;
- } AFFINITY_MASK, *PAFFINITY_MASK;
- typedef struct _TIME_FIELDS
- {
- WORD wYear;
- WORD wMonth;
- WORD wDay;
- WORD wHour;
- WORD wMinute;
- WORD wSecond;
- WORD wMilliseconds;
- WORD wWeekday;
- } TIME_FIELDS, *PTIME_FIELDS;
- typedef void (*PIO_APC_ROUTINE) (PVOID ApcContext,
- PIO_STATUS_BLOCK IoStatusBlock,
- ULONG Reserved);
- #if(_WIN32_WINNT < 0x0400)
- typedef struct _NTFS_VOLUME_DATA_BUFFER
- {
- LARGE_INTEGER liSerialNumber;
- LARGE_INTEGER liNumberOfSectors;
- LARGE_INTEGER liTotalClusters;
- LARGE_INTEGER liFreeClusters;
- LARGE_INTEGER liReserved;
- ULONG uBytesPerSector;
- ULONG uBytesPerCluster;
- ULONG uBytesPerMFTRecord;
- ULONG uClustersPerMFTRecord;
- LARGE_INTEGER liMFTLength;
- LARGE_INTEGER liMFTStart;
- LARGE_INTEGER liMFTMirrorStart;
- LARGE_INTEGER liMFTZoneStart;
- LARGE_INTEGER liMFTZoneEnd;
- } NTFS_VOLUME_DATA_BUFFER, *PNTFS_VOLUME_DATA_BUFFER;
- #endif
- typedef struct _OBJDIR_INFORMATION
- {
- UNICODE_STRING ObjectName;
- UNICODE_STRING ObjectTypeName; // e.g. Directory, Device ...
- UCHAR Data[1]; // variable length
- } OBJDIR_INFORMATION, *POBJDIR_INFORMATION;
- // Define the file system information class values
- typedef enum _FSINFOCLASS {
- FileFsVolumeInformation = 1,
- FileFsLabelInformation, // 2
- FileFsSizeInformation, // 3
- FileFsDeviceInformation, // 4
- FileFsAttributeInformation, // 5
- FileFsControlInformation, // 6
- FileFsFullSizeInformation, // 7
- FileFsObjectIdInformation, // 8
- FileFsMaximumInformation
- } FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
- typedef struct _FILE_FS_VOLUME_INFORMATION {
- LARGE_INTEGER VolumeCreationTime;
- ULONG VolumeSerialNumber;
- ULONG VolumeLabelLength;
- BOOLEAN SupportsObjects;
- WCHAR VolumeLabel[1];
- } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
- typedef struct _FILE_FS_LABEL_INFORMATION {
- ULONG VolumeLabelLength;
- WCHAR VolumeLabel[1];
- } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION;
- typedef struct _FILE_FS_SIZE_INFORMATION {
- LARGE_INTEGER TotalAllocationUnits;
- LARGE_INTEGER AvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
- } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
- typedef struct _FILE_FS_DEVICE_INFORMATION {
- DEVICE_TYPE DeviceType;
- ULONG Characteristics;
- } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
- typedef struct _FILE_FS_ATTRIBUTE_INFORMATION {
- ULONG FileSystemAttributes;
- LONG MaximumComponentNameLength;
- ULONG FileSystemNameLength;
- WCHAR FileSystemName[1];
- } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
- typedef struct _FILE_FS_CONTROL_INFORMATION {
- LARGE_INTEGER FreeSpaceStartFiltering;
- LARGE_INTEGER FreeSpaceThreshold;
- LARGE_INTEGER FreeSpaceStopFiltering;
- LARGE_INTEGER DefaultQuotaThreshold;
- LARGE_INTEGER DefaultQuotaLimit;
- ULONG FileSystemControlFlags;
- } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
- typedef struct _FILE_FS_FULL_SIZE_INFORMATION {
- LARGE_INTEGER TotalQuotaAllocationUnits;
- LARGE_INTEGER AvailableQuotaAllocationUnits;
- LARGE_INTEGER AvailableAllocationUnits;
- ULONG SectorsPerAllocationUnit;
- ULONG BytesPerSector;
- } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
- typedef struct _FILE_FS_OBJECT_ID_INFORMATION {
- GUID VolumeObjectId;
- ULONG VolumeObjectIdExtendedInfo[12];
- } FILE_FS_OBJECT_ID_INFORMATION, *PFILE_FS_OBJECT_ID_INFORMATION;
- typedef enum _SYSTEMINFOCLASS
- {
- SystemBasicInformation, // 0x002C
- SystemProcessorInformation, // 0x000C
- SystemPerformanceInformation, // 0x0138
- SystemTimeInformation, // 0x0020
- SystemPathInformation, // not implemented
- SystemProcessInformation, // 0x00C8+ per process
- SystemCallInformation, // 0x0018 + (n * 0x0004)
- SystemConfigurationInformation, // 0x0018
- SystemProcessorCounters, // 0x0030 per cpu
- SystemGlobalFlag, // 0x0004 (fails if size != 4)
- SystemCallTimeInformation, // not implemented
- SystemModuleInformation, // 0x0004 + (n * 0x011C)
- SystemLockInformation, // 0x0004 + (n * 0x0024)
- SystemStackTraceInformation, // not implemented
- SystemPagedPoolInformation, // checked build only
- SystemNonPagedPoolInformation, // checked build only
- SystemHandleInformation, // 0x0004 + (n * 0x0010)
- SystemObjectTypeInformation, // 0x0038+ + (n * 0x0030+)
- SystemPageFileInformation, // 0x0018+ per page file
- SystemVdmInstemulInformation, // 0x0088
- SystemVdmBopInformation, // invalid info class
- SystemCacheInformation, // 0x0024
- SystemPoolTagInformation, // 0x0004 + (n * 0x001C)
- SystemInterruptInformation, // 0x0000, or 0x0018 per cpu
- SystemDpcInformation, // 0x0014
- SystemFullMemoryInformation, // checked build only
- SystemLoadDriver, // 0x0018, set mode only
- SystemUnloadDriver, // 0x0004, set mode only
- SystemTimeAdjustmentInformation, // 0x000C, 0x0008 writeable
- SystemSummaryMemoryInformation, // checked build only
- SystemNextEventIdInformation, // checked build only
- SystemEventIdsInformation, // checked build only
- SystemCrashDumpInformation, // 0x0004
- SystemExceptionInformation, // 0x0010
- SystemCrashDumpStateInformation, // 0x0004
- SystemDebuggerInformation, // 0x0002
- SystemContextSwitchInformation, // 0x0030
- SystemRegistryQuotaInformation, // 0x000C
- SystemAddDriver, // 0x0008, set mode only
- SystemPrioritySeparationInformation,// 0x0004, set mode only
- SystemPlugPlayBusInformation, // not implemented
- SystemDockInformation, // not implemented
- SystemPowerInfo, // 0x0060 (XP only!)
- SystemProcessorSpeedInformation, // 0x000C (XP only!)
- SystemTimeZoneInformation, // 0x00AC
- SystemLookasideInformation, // n * 0x0020
- SystemSetTimeSlipEvent,
- SystemCreateSession, // set mode only
- SystemDeleteSession, // set mode only
- SystemInvalidInfoClass1, // invalid info class
- SystemRangeStartInformation, // 0x0004 (fails if size != 4)
- SystemVerifierInformation,
- SystemAddVerifier,
- SystemSessionProcessesInformation, // checked build only
- MaxSystemInfoClass
- } SYSTEMINFOCLASS, *PSYSTEMINFOCLASS;
- typedef struct _SYSTEM_BASIC_INFORMATION
- {
- DWORD dwUnknown1; // 0
- ULONG uKeMaximumIncrement; // x86: 0x0002625A or 0x00018730
- ULONG uPageSize; // bytes
- ULONG uMmNumberOfPhysicalPages;
- ULONG uMmLowestPhysicalPage;
- ULONG uMmHighestPhysicalPage;
- ULONG uAllocationGranularity; // bytes
- PVOID pLowestUserAddress;
- PVOID pMmHighestUserAddress;
- KAFFINITY uKeActiveProcessors;
- BYTE bKeNumberProcessors;
- BYTE bUnknown2;
- WORD wUnknown3;
- } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
- typedef struct _SYSTEM_PROCESSOR_INFORMATION
- {
- WORD wKeProcessorArchitecture; // PROCESSOR_ARCHITECTURE_* (PROCESSOR_ARCHITECTURE_INTEL)
- WORD wKeProcessorLevel; // PROCESSOR_* (PROCESSOR_INTEL_PENTIUM)
- WORD wKeProcessorRevision; // Pentium: H=model, L=stepping
- WORD wUnknown1; // 0
- ULONG uKeFeatureBits;
- } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
- typedef struct _MM_INFO_COUNTERS
- {
- ULONG uPageFaults;
- ULONG uWriteCopyFaults;
- ULONG uTransistionFaults;
- ULONG uCacheTransitionCount;
- ULONG uDemandZeroFaults;
- ULONG uPagesRead;
- ULONG uPageReadIos;
- ULONG uCacheReadCount;
- ULONG uCacheIoCount;
- ULONG uPagefilePagesWritten;
- ULONG uPagefilePageWriteIos;
- ULONG uMappedFilePagesWritten;
- ULONG uMappedFilePageWriteIos;
- } MM_INFO_COUNTERS, *PMM_INFO_COUNTERS;
- typedef struct _SYSTEM_PERFORMANCE_INFORMATION
- {
- LARGE_INTEGER liIdleTime; // 100 nsec units
- LARGE_INTEGER liIoReadTransferCount;
- LARGE_INTEGER liIoWriteTransferCount;
- LARGE_INTEGER liIoOtherTransferCount;
- ULONG uIoReadOperationCount;
- ULONG uIoWriteOperationCount;
- ULONG uIoOtherOperationCount;
- ULONG uMmAvailablePages;
- ULONG uMmTotalCommittedPages;
- ULONG uMmTotalCommitLimit; // pages
- ULONG uMmPeakCommitLimit; // pages
- MM_INFO_COUNTERS MmInfoCounters;
- ULONG uPoolPaged; // pages
- ULONG uPoolNonPaged; // pages
- ULONG uPagedPoolAllocs;
- ULONG uPagedPoolFrees;
- ULONG uNonPagedPoolAllocs;
- ULONG uNonPagedPoolFrees;
- ULONG uMmTotalFreeSystemPages;
- ULONG uMmSystemCodePage;
- ULONG uMmTotalSystemDriverPages;
- ULONG uMmTotalSystemCodePages;
- ULONG uSmallNonPagedLookasideListAllocateHits;
- ULONG uSmallPagedLookasideListAllocateHits;
- DWORD dwUnknown1;
- ULONG uMmSystemCachePage;
- ULONG uMmPagedPoolPage;
- ULONG uMmSystemDriverPage;
- ULONG uCcFastReadNoWait;
- ULONG uCcFastReadWait;
- ULONG uCcFastReadResourceMiss;
- ULONG uCcFastReadNotPossible;
- ULONG uCcFastMdlReadNoWait;
- ULONG uCcFastMdlReadWait;
- ULONG uCcFastMdlReadResourceMiss;
- ULONG uCcFastMdlReadNotPossible;
- ULONG uCcMapDataNoWait;
- ULONG uCcMapDataWait;
- ULONG uCcMapDataNoWaitMiss;
- ULONG uCcMapDataWaitMiss;
- ULONG uCcPinMappedDataCount;
- ULONG uCcPinReadNoWait;
- ULONG uCcPinReadWait;
- ULONG uCcPinReadNoWaitMiss;
- ULONG uCcPinReadWaitMiss;
- ULONG uCcCopyReadNoWait;
- ULONG uCcCopyReadWait;
- ULONG uCcCopyReadNoWaitMiss;
- ULONG uCcCopyReadWaitMiss;
- ULONG uCcMdlReadNoWait;
- ULONG uCcMdlReadWait;
- ULONG uCcMdlReadNoWaitMiss;
- ULONG uCcMdlReadWaitMiss;
- ULONG uCcReadAheadIos;
- ULONG uCcLazyWriteIos;
- ULONG uCcLazyWritePages;
- ULONG uCcDataFlushes;
- ULONG uCcDataPages;
- ULONG uTotalContextSwitches; // total across cpus
- ULONG uFirstLevelTbFills;
- ULONG uSecondLevelTbFills;
- ULONG uSystemCalls;
- } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
- typedef struct _SYSTEM_TIME_INFORMATION
- {
- LARGE_INTEGER liKeBootTime; // relative to 01-01-1601
- LARGE_INTEGER liKeSystemTime; // relative to 01-01-1601
- LARGE_INTEGER liExpTimeZoneBias; // utc time = local time + bias
- ULONG uExpCurrentTimeZoneId; // TIME_ZONE_ID_* (TIME_ZONE_ID_UNKNOWN, etc.)
- DWORD dwUnknown1;
- } SYSTEM_TIME_INFORMATION, *PSYSTEM_TIME_INFORMATION;
- typedef enum
- {
- StateInitialized,
- StateReady,
- StateRunning,
- StateStandby,
- StateTerminated,
- StateWait,
- StateTransition,
- StateUnknown
- } THREAD_STATE;
- typedef struct _SYSTEM_THREAD
- {
- LARGE_INTEGER liKernelTime; // 100 nsec units
- LARGE_INTEGER liUserTime; // 100 nsec units
- LARGE_INTEGER liCreateTime; // relative to 01-01-1601
- ULONG WaitTime; // ticks
- PVOID pStartAddress; // EIP
- CLIENT_ID Cid; // process/thread ids
- KPRIORITY Priority;
- KPRIORITY BasePriority;
- ULONG ContextSwitches;
- THREAD_STATE ThreadState;
- KWAIT_REASON WaitReason;
- // DWORD dwUnknown2; // maybe it not exists !!!
- } SYSTEM_THREAD, *PSYSTEM_THREAD;
- typedef struct _SYSTEM_PROCESS_INFORMATION
- {
- ULONG uNext; // relative offset
- ULONG uThreadCount;
- LARGE_INTEGER liUnknown1;
- LARGE_INTEGER liUnknown2;
- LARGE_INTEGER liUnknown3;
- LARGE_INTEGER liCreateTime; // relative to 01-01-1601
- LARGE_INTEGER liUserTime; // 100 nsec units
- LARGE_INTEGER liKernelTime; // 100 nsec units
- UNICODE_STRING usName;
- KPRIORITY BasePriority;
- ULONG uUniqueProcessId;
- ULONG uInheritedFromUniqueProcessId;
- ULONG uHandleCount;
- ULONG uSessionId; // W2K Only!
- DWORD dwUnknown5;
- VM_COUNTERS VmCounters;
- ULONG uCommitCharge; // bytes
- SYSTEM_THREAD aST[];
- } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
- typedef struct _IO_COUNTERSEX
- {
- LARGE_INTEGER ReadOperationCount;
- LARGE_INTEGER WriteOperationCount;
- LARGE_INTEGER OtherOperationCount;
- LARGE_INTEGER ReadTransferCount;
- LARGE_INTEGER WriteTransferCount;
- LARGE_INTEGER OtherTransferCount;
- } IO_COUNTERSEX, *PIO_COUNTERSEX;
- typedef struct _SYSTEM_PROCESS_INFORMATION_2000
- {
- ULONG uNext; // relative offset
- ULONG uThreadCount;
- LARGE_INTEGER liUnknown1;
- LARGE_INTEGER liUnknown2;
- LARGE_INTEGER liUnknown3;
- LARGE_INTEGER liCreateTime; // relative to 01-01-1601
- LARGE_INTEGER liUserTime; // 100 nsec units
- LARGE_INTEGER liKernelTime; // 100 nsec units
- UNICODE_STRING usName;
- KPRIORITY BasePriority;
- ULONG uUniqueProcessId;
- ULONG uInheritedFromUniqueProcessId;
- ULONG uHandleCount;
- ULONG uSessionId; // W2K Only!
- DWORD dwUnknown5;
- VM_COUNTERS VmCounters;
- ULONG uCommitCharge; // bytes
- IO_COUNTERSEX IoCounters;
- SYSTEM_THREAD aST[];
- } SYSTEM_PROCESS_INFORMATION_2000, *PSYSTEM_PROCESS_INFORMATION_2000;
- typedef struct _SYSTEM_CALL_INFORMATION
- {
- ULONG Length;
- ULONG NumberOfTables;
- // ULONG NumberOfEntries[NumberOfTables]
- // ULONG CallCounts[NumberOfTables][NumberOfEntries];
- } SYSTEM_CALL_INFORMATION, *PSYSTEM_CALL_INFORMATION;
- typedef struct _SYSTEM_CONFIGURATION_INFORMATION
- {
- ULONG uDiskCount;
- ULONG uFloppyCount;
- ULONG uCDRomCount;
- ULONG uTapeCount;
- ULONG uSerialCount; // com port with mouse not included
- ULONG uParallelCount;
- } SYSTEM_CONFIGURATION_INFORMATION, *PSYSTEM_CONFIGURATION_INFORMATION;
- typedef struct _SYSTEM_PROCESSOR_COUNTERS
- {
- LARGE_INTEGER liProcessorTime; // 100 nsec units
- LARGE_INTEGER liKernelTime; // 100 nsec units
- LARGE_INTEGER liUserTime; // 100 nsec units
- LARGE_INTEGER liDpcTime; // 100 nsec units
- LARGE_INTEGER liInterruptTime; // 100 nsec units
- ULONG uInterruptCount;
- DWORD dwUnknown1;
- } SYSTEM_PROCESSOR_COUNTERS, *PSYSTEM_PROCESSOR_COUNTERS;
- typedef struct _SYSTEM_GLOBAL_FLAG
- {
- ULONG NtGlobalFlag; // see Q147314, Q102985, Q105677
- } SYSTEM_GLOBAL_FLAG, *PSYSTEM_GLOBAL_FLAG;
- typedef struct _SYSTEM_CALL_TIME_INFORMATION
- {
- ULONG Length;
- ULONG TotalCalls;
- LARGE_INTEGER TimeOfCalls[1];
- } SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION;
- typedef struct _SYSTEM_MODULE
- {
- ULONG Reserved[2];
- ULONG Base;
- ULONG Size;
- ULONG Flags;
- USHORT Index;
- USHORT Unknown;
- USHORT LoadCount;
- USHORT ModuleNameOffset;
- CHAR ImageName[256];
- } SYSTEM_MODULE, *PSYSTEM_MODULE;
- typedef struct _SYSTEM_MODULE_INFORMATION
- {
- ULONG uCount;
- SYSTEM_MODULE aSM[];
- } SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
- typedef struct _SYSTEM_LOCK
- {
- union
- {
- PERESOURCE_OLD pEResourceOld; // old ERESOURCE format
- PERESOURCE_LITE pEResourceLite; // new "lite" format
- PERESOURCE pEResource; // current format
- };
- WORD wUnknown1; // 1
- WORD wUnknown2; // 0
- ULONG ExclusiveOwnerThreadId;
- ULONG uActiveCount;
- ULONG uContentionCount;
- DWORD dwUnknown3;
- DWORD dwUnknown4;
- ULONG uNumberOfSharedWaiters;
- ULONG uNumberOfExclusiveWaiters;
- } SYSTEM_LOCK, *PSYSTEM_LOCK;
- typedef struct _SYSTEM_LOCK_INFORMATION
- {
- ULONG uCount;
- SYSTEM_LOCK aSL[];
- } SYSTEM_LOCK_INFORMATION, *PSYSTEM_LOCK_INFORMATION;
- typedef struct _SYSTEM_HANDLE
- {
- ULONG uIdProcess;
- UCHAR ObjectType; // OB_TYPE_* (OB_TYPE_TYPE, etc.)
- UCHAR Flags; // HANDLE_FLAG_* (HANDLE_FLAG_INHERIT, etc.)
- USHORT Handle;
- POBJECT pObject;
- ACCESS_MASK GrantedAccess;
- } SYSTEM_HANDLE, *PSYSTEM_HANDLE;
- typedef struct _SYSTEM_HANDLE_INFORMATION
- {
- ULONG uCount;
- SYSTEM_HANDLE aSH[];
- } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
- typedef struct _SYSTEM_OBJECTTYPE_INFORMATION
- {
- ULONG NextEntryOffset; // absolute offset
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG TypeIndex; // OB_TYPE_* (OB_TYPE_TYPE, etc.)
- ULONG InvalidAttributes; // OBJ_* (OBJ_INHERIT, etc.)
- GENERIC_MAPPING GenericMapping;
- ACCESS_MASK ValidAccessMask;
- POOL_TYPE PoolType;
- BOOLEAN SecurityRequired;
- BOOLEAN WaitableObject;
- UNICODE_STRING TypeName;
- } SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;
- // follows after SYSTEM_OBJECTTYPE_INFORMATION.TypeName
- typedef struct _SYSTEM_OBJECT_INFORMATION
- {
- ULONG NextEntryOffset; // absolute offset
- POBJECT Object;
- ULONG CreatorProcessId;
- USHORT CreatorBackTraceIndex;
- USHORT Flags; // see "Native API Reference" page 24
- LONG PointerCount;
- LONG HandleCount;
- ULONG PagedPoolCharge;
- ULONG NonPagedPoolCharge;
- ULONG ExclusiveProcessId;
- PSECURITY_DESCRIPTOR SecurityDescriptor;
- UNICODE_STRING ObjectName;
- } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
- typedef struct _SYSTEM_PAGE_FILE_INFORMATION
- {
- ULONG NextEntryOffset; // relative offset
- ULONG CurrentSize; // pages
- ULONG TotalUsed; // pages
- ULONG PeakUsed; // pages
- UNICODE_STRING FileName;
- } SYSTEM_PAGE_FILE_INFORMATION, *PSYSTEM_PAGE_FILE_INFORMATION;
- typedef struct _SYSTEM_VDM_INSTEMUL_INFO
- {
- BOOL fExVdmSegmentNotPresent;
- ULONG uOpcode0FV86;
- ULONG uOpcodeESPrefixV86;
- ULONG uOpcodeCSPrefixV86;
- ULONG uOpcodeSSPrefixV86;
- ULONG uOpcodeDSPrefixV86;
- ULONG uOpcodeFSPrefixV86;
- ULONG uOpcodeGSPrefixV86;
- ULONG uOpcodeOPER32PrefixV86;
- ULONG uOpcodeADDR32PrefixV86;
- ULONG uOpcodeINSBV86;
- ULONG uOpcodeINSWV86;
- ULONG uOpcodeOUTSBV86;
- ULONG uOpcodeOUTSWV86;
- ULONG uOpcodePUSHFV86;
- ULONG uOpcodePOPFV86;
- ULONG uOpcodeINTnnV86;
- ULONG uOpcodeINTOV86;
- ULONG uOpcodeIRETV86;
- ULONG uOpcodeINBimmV86;
- ULONG uOpcodeINWimmV86;
- ULONG uOpcodeOUTBimmV86;
- ULONG uOpcodeOUTWimmV86;
- ULONG uOpcodeINBV86;
- ULONG uOpcodeINWV86;
- ULONG uOpcodeOUTBV86;
- ULONG uOpcodeOUTWV86;
- ULONG uOpcodeLOCKPrefixV86;
- ULONG uOpcodeREPNEPrefixV86;
- ULONG uOpcodeREPPrefixV86;
- ULONG uOpcodeHLTV86;
- ULONG uOpcodeCLIV86;
- ULONG uOpcodeSTIV86;
- ULONG uVdmBopCount;
- } SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;
- typedef struct _SYSTEM_CACHE_INFORMATION
- {
- ULONG uFileCache; // bytes
- ULONG uFileCachePeak; // bytes
- ULONG PageFaultCount;
- ULONG MinimumWorkingSet;
- ULONG MaximumWorkingSet;
- ULONG TransitionSharedPages;
- ULONG TransitionSharedPagesPeak;
- ULONG Reserved[2];
- } SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
- typedef struct _SYSTEM_POOL_ENTRY
- {
- BOOLEAN Allocated;
- BOOLEAN Spare0;
- USHORT AllocatorBackTraceIndex;
- ULONG Size;
- union
- {
- UCHAR Tag[4];
- ULONG TagUlong;
- PVOID ProcessChargedQuota;
- };
- } SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY;
- typedef struct _SYSTEM_POOL_INFORMATION
- {
- ULONG TotalSize;
- PVOID FirstEntry;
- USHORT EntryOverhead;
- BOOLEAN PoolTagPresent;
- BOOLEAN Spare0;
- ULONG NumberOfEntries;
- SYSTEM_POOL_ENTRY Entries[1];
- } SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION;
- typedef struct _SYSTEM_POOL_TAG
- {
- union
- {
- UCHAR Tag[4];
- ULONG TagUlong;
- };
- ULONG PagedPoolAllocs;
- ULONG PagedPoolFrees;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolAllocs;
- ULONG NonPagedPoolFrees;
- ULONG NonPagedPoolUsage;
- } SYSTEM_POOL_TAG, *PSYSTEM_POOL_TAG;
- typedef struct _SYSTEM_POOL_TAG_INFORMATION
- {
- ULONG uCount;
- SYSTEM_POOL_TAG aSPT[];
- } SYSTEM_POOL_TAG_INFORMATION, *PSYSTEM_POOL_TAG_INFORMATION;
- typedef struct _SYSTEM_INTERRUPT_INFORMATION
- {
- ULONG ContextSwitches;
- ULONG DpcCount;
- ULONG DpcRate;
- ULONG TimeIncrement;
- ULONG DpcBypassCount;
- ULONG ApcBypassCount;
- } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
- typedef struct _SYSTEM_DPC_INFORMATION
- {
- DWORD dwUnknown1;
- ULONG MaximumDpcQueueDepth;
- ULONG MinimumDpcRate;
- ULONG AdjustDpcThreshold;
- ULONG IdealDpcRate;
- } SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
- typedef struct _SYSTEM_MEMORY_INFO
- {
- PUCHAR StringOffset;
- USHORT ValidCount;
- USHORT TransitionCount;
- USHORT ModifiedCount;
- USHORT PageTableCount;
- } SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;
- typedef struct _SYSTEM_MEMORY_INFORMATION
- {
- ULONG InfoSize;
- ULONG StringStart;
- SYSTEM_MEMORY_INFO Memory[1];
- } SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION;
- typedef struct _SYSTEM_LOAD_DRIVER
- {
- UNICODE_STRING DriverName; // input
- PVOID BaseAddress; // output
- PVOID SectionPointer; // output
- PVOID EntryPoint; // output
- PIMAGE_EXPORT_DIRECTORY ExportDirectory; // output
- } SYSTEM_LOAD_DRIVER, *PSYSTEM_LOAD_DRIVER;
- typedef struct _SYSTEM_UNLOAD_DRIVER
- {
- PVOID SectionPointer;
- } SYSTEM_UNLOAD_DRIVER, *PSYSTEM_UNLOAD_DRIVER;
- typedef struct _SYSTEM_QUERY_TIME_ADJUSTMENT
- {
- ULONG TimeAdjustment;
- ULONG MaximumIncrement;
- BOOLEAN TimeSynchronization;
- } SYSTEM_QUERY_TIME_ADJUSTMENT, *PSYSTEM_QUERY_TIME_ADJUSTMENT;
- typedef struct _SYSTEM_SET_TIME_ADJUSTMENT
- {
- ULONG TimeAdjustment;
- BOOLEAN TimeSynchronization;
- } SYSTEM_SET_TIME_ADJUSTMENT, *PSYSTEM_SET_TIME_ADJUSTMENT;
- typedef struct _SYSTEM_CRASH_DUMP_INFORMATION
- {
- HANDLE CrashDumpSectionHandle;
- } SYSTEM_CRASH_DUMP_INFORMATION, *PSYSTEM_CRASH_DUMP_INFORMATION;
- typedef struct _SYSTEM_CRASH_DUMP_INFORMATION_2000
- {
- HANDLE CrashDumpSectionHandle;
- HANDLE Unknown; // Windows 2000 only
- } SYSTEM_CRASH_DUMP_INFORMATION_2000, *PSYSTEM_CRASH_DUMP_INFORMATION_2000;
- typedef struct _SYSTEM_EXCEPTION_INFORMATION
- {
- ULONG AlignmentFixupCount;
- ULONG ExceptionDispatchCount;
- ULONG FloatingEmulationCount;
- ULONG ByteWordEmulationCount;
- } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
- typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION
- {
- ULONG ValidCrashDump;
- } SYSTEM_CRASH_DUMP_STATE_INFORMATION, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION;
- typedef struct _SYSTEM_CRASH_DUMP_STATE_INFORMATION_2000
- {
- ULONG ValidCrashDump;
- ULONG Unknown; // Windows 2000 only
- } SYSTEM_CRASH_DUMP_STATE_INFORMATION_2000, *PSYSTEM_CRASH_DUMP_STATE_INFORMATION_2000;
- typedef struct _SYSTEM_DEBUGGER_INFORMATION
- {
- BOOLEAN KernelDebuggerEnabled;
- BOOLEAN KernelDebuggerNotPresent;
- } SYSTEM_DEBUGGER_INFORMATION, *PSYSTEM_DEBUGGER_INFORMATION;
- typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION
- {
- ULONG ContextSwitches;
- ULONG FindAny;
- ULONG FindLast;
- ULONG FindIdeal;
- ULONG IdleAny;
- ULONG IdleCurrent;
- ULONG IdleLast;
- ULONG IdleIdeal;
- ULONG PreemptAny;
- ULONG PreemptCurrent;
- ULONG PreemptLast;
- ULONG SwitchToIdle;
- } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
- typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION
- {
- ULONG RegistryQuotaAllowed; // bytes
- ULONG RegistryQuotaUsed; // bytes
- ULONG PagedPoolSize; // bytes
- } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
- typedef struct _SYSTEM_ADD_DRIVER
- {
- UNICODE_STRING ModuleName;
- } SYSTEM_ADD_DRIVER, *PSYSTEM_ADD_DRIVER;
- typedef struct _SYSTEM_PRIORITY_SEPARATION_INFORMATION
- {
- ULONG PrioritySeparation; // 0..2
- } SYSTEM_PRIORITY_SEPARATION_INFORMATION, *PSYSTEM_PRIORITY_SEPARATION_INFORMATION;
- #define MAX_BUS_NAME 24
- typedef enum _PLUGPLAY_BUS_CLASS
- {
- SystemBus,
- PlugPlayVirtualBus,
- MaxPlugPlayBusClass
- } PLUGPLAY_BUS_CLASS, *PPLUGPLAY_BUS_CLASS;
- typedef enum _PLUGPLAY_VIRTUAL_BUS_TYPE
- {
- Root,
- MaxPlugPlayVirtualBusType
- } PLUGPLAY_VIRTUAL_BUS_TYPE, *PPLUGPLAY_VIRTUAL_BUS_TYPE;
- typedef enum _INTERFACE_TYPE
- {
- InterfaceTypeUndefined = -1,
- Internal,
- Isa,
- Eisa,
- MicroChannel,
- TurboChannel,
- PCIBus,
- VMEBus,
- NuBus,
- PCMCIABus,
- CBus,
- MPIBus,
- MPSABus,
- ProcessorInternal,
- InternalPowerBus,
- PNPISABus,
- PNPBus,
- MaximumInterfaceType
- }INTERFACE_TYPE, *PINTERFACE_TYPE;
- typedef struct _PLUGPLAY_BUS_TYPE
- {
- PLUGPLAY_BUS_CLASS BusClass;
- union
- {
- INTERFACE_TYPE SystemBusType;
- PLUGPLAY_VIRTUAL_BUS_TYPE PlugPlayVirtualBusType;
- };
- } PLUGPLAY_BUS_TYPE, *PPLUGPLAY_BUS_TYPE;
- typedef struct _PLUGPLAY_BUS_INSTANCE
- {
- PLUGPLAY_BUS_TYPE BusType;
- ULONG BusNumber;
- WCHAR BusName[MAX_BUS_NAME];
- } PLUGPLAY_BUS_INSTANCE, *PPLUGPLAY_BUS_INSTANCE;
- typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION
- {
- ULONG BusCount;
- PLUGPLAY_BUS_INSTANCE BusInstance[1];
- } SYSTEM_PLUGPLAY_BUS_INFORMATION, *PSYSTEM_PLUGPLAY_BUS_INFORMATION;
- typedef enum _SYSTEM_DOCK_STATE
- {
- SystemDockStateUnknown,
- SystemUndocked,
- SystemDocked
- } SYSTEM_DOCK_STATE, *PSYSTEM_DOCK_STATE;
- typedef struct _SYSTEM_DOCK_INFORMATION
- {
- SYSTEM_DOCK_STATE DockState;
- INTERFACE_TYPE DeviceBusType;
- ULONG DeviceBusNumber;
- ULONG SlotNumber;
- } SYSTEM_DOCK_INFORMATION, *PSYSTEM_DOCK_INFORMATION;
- typedef struct _SYSTEM_POWER_INFORMATION // not for SystemPowerInfo !
- {
- BOOLEAN SystemSuspendSupported;
- BOOLEAN SystemHibernateSupported;
- BOOLEAN ResumeTimerSupportsSuspend;
- BOOLEAN ResumeTimerSupportsHibernate;
- BOOLEAN LidSupported;
- BOOLEAN TurboSettingSupported;
- BOOLEAN TurboMode;
- BOOLEAN SystemAcOrDc;
- BOOLEAN PowerDownDisabled;
- LARGE_INTEGER SpindownDrives;
- } SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;
- typedef struct _SYSTEM_PROCESSOR_SPEED_INFORMATION // not for SystemProcessorSpeedInformation !
- {
- ULONG MaximumProcessorSpeed;
- ULONG CurrentAvailableSpeed;
- ULONG ConfiguredSpeedLimit;
- BOOLEAN PowerLimit;
- BOOLEAN ThermalLimit;
- BOOLEAN TurboLimit;
- } SYSTEM_PROCESSOR_SPEED_INFORMATION, *PSYSTEM_PROCESSOR_SPEED_INFORMATION;
- typedef struct _SYSTEM_TIME_ZONE_INFORMATION
- {
- LONG Bias;
- WCHAR StandardName[32];
- TIME_FIELDS StandardDate;
- LONG StandardBias;
- WCHAR DaylightName[32];
- TIME_FIELDS DaylightDate;
- LONG DaylightBias;
- } SYSTEM_TIME_ZONE_INFORMATION, *PSYSTEM_TIME_ZONE_INFORMATION;
- typedef struct _SYSTEM_LOOKASIDE
- {
- USHORT Depth;
- USHORT MaximumDepth;
- ULONG TotalAllocates;
- ULONG AllocateMisses;
- ULONG TotalFrees;
- ULONG FreeMisses;
- POOL_TYPE Type;
- ULONG Tag;
- ULONG Size;
- } SYSTEM_LOOKASIDE, *PSYSTEM_LOOKASIDE;
- typedef struct _SYSTEM_LOOKASIDE_INFORMATION
- {
- SYSTEM_LOOKASIDE asl[];
- } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
- typedef struct _SYSTEM_SET_TIME_SLIP_EVENT
- {
- HANDLE TimeSlipEvent;
- } SYSTEM_SET_TIME_SLIP_EVENT, *PSYSTEM_SET_TIME_SLIP_EVENT;
- typedef struct _SYSTEM_CREATE_SESSION
- {
- ULONG Session;
- } SYSTEM_CREATE_SESSION, *PSYSTEM_CREATE_SESSION;
- typedef struct _SYSTEM_DELETE_SESSION
- {
- ULONG Session;
- } SYSTEM_DELETE_SESSION, *PSYSTEM_DELETE_SESSION;
- typedef struct _SYSTEM_RANGE_START_INFORMATION
- {
- PVOID SystemRangeStart;
- } SYSTEM_RANGE_START_INFORMATION, *PSYSTEM_RANGE_START_INFORMATION;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQuerySystemInformation(
- IN SYSTEMINFOCLASS SystemInformationClass,
- OUT PVOID pSystemInformation,
- IN ULONG uSystemInformationLength,
- OUT PULONG puReturnLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetSystemInformation(
- IN SYSTEMINFOCLASS SystemInformationClass,
- IN PVOID pSystemInformation,
- IN ULONG uSystemInformationLength
- );
- // Time functions
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQuerySystemTime(
- OUT PLARGE_INTEGER SystemTime
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetSystemTime(
- IN PLARGE_INTEGER NewTime,
- OUT PLARGE_INTEGER OldTime OPTIONAL
- );
- NTSYSAPI
- VOID
- NTAPI
- RtlTimeToTimeFields(
- IN PLARGE_INTEGER pliTime,
- OUT PTIME_FIELDS pTimeFields
- );
- NTSYSAPI
- BOOLEAN
- NTAPI
- RtlTimeFieldsToTime(
- IN PTIME_FIELDS pTimeFields,
- OUT PLARGE_INTEGER pliTime
- );
- NTSYSAPI
- VOID
- NTAPI
- RtlSecondsSince1970ToTime(
- IN ULONG SecondsSince1970,
- OUT PLARGE_INTEGER Time
- );
- NTSYSAPI
- VOID
- NTAPI
- RtlTimeToSecondsSince1970(
- IN PLARGE_INTEGER Time,
- OUT PULONG SecondsSince1970
- );
- // Event functions
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenEvent(
- PHANDLE phEvent,
- ACCESS_MASK AccessMask,
- POBJECT_ATTRIBUTES pObjectAttributes
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtClearEvent(
- IN HANDLE hEvent
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetEvent(
- IN HANDLE hEvent,
- OUT PLONG plSignaled OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtCreateSemaphore(
- OUT PHANDLE SemaphoreHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN LONG InitialCount,
- IN LONG MaximumCount
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenSemaphore(
- OUT PHANDLE SemaphoreHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtReleaseSemaphore(
- IN HANDLE SemaphoreHandle,
- IN LONG ReleaseCount,
- OUT PLONG PreviousCount OPTIONAL
- );
- typedef enum _SEMAPHORE_INFORMATION_CLASS
- {
- SemaphoreBasicInformation
- } SEMAPHORE_INFORMATION_CLASS;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQuerySemaphore(
- IN HANDLE SemaphoreHandle,
- IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
- OUT PVOID SemaphoreInformation,
- IN ULONG SemaphoreInformationLength,
- OUT PULONG ResultLength OPTIONAL
- );
- typedef struct _SEMAPHORE_BASIC_INFORMATION
- {
- LONG CurrentCount;
- LONG MaximumCount;
- } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
- // Directory and Symbolic Link functions
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtCreateDirectoryObject(
- OUT PHANDLE phDirectory,
- IN ACCESS_MASK AccessMask,
- IN POBJECT_ATTRIBUTES pObjectAttributes
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenDirectoryObject(
- OUT PHANDLE DirectoryHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
- typedef struct _DIRECTORY_CONTENTS
- {
- struct
- {
- UNICODE_STRING Name;
- UNICODE_STRING Type;
- } Entry[ANYSIZE_ARRAY];
- } DIRECTORY_CONTENTS, *PDIRECTORY_CONTENTS;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryDirectoryObject(
- IN HANDLE DirectoryHandle,
- OUT PDIRECTORY_CONTENTS Buffer,
- IN ULONG Length,
- IN BOOLEAN ReturnSingleEntry,
- IN BOOLEAN RestartScan,
- IN OUT PULONG Index,
- OUT PULONG ResultLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenSymbolicLinkObject(
- OUT PHANDLE SymbolicLinkHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQuerySymbolicLinkObject(
- IN HANDLE SymbolicLinkHandle,
- OUT PUNICODE_STRING NameString,
- OUT PULONG ResultLength OPTIONAL
- );
- // File functions
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtCreateFile(
- PHANDLE phFile,
- ACCESS_MASK AccessMask,
- POBJECT_ATTRIBUTES pObjectAttributes,
- PIO_STATUS_BLOCK pIoStatusBlock,
- PLARGE_INTEGER pliAllocationSize,
- ULONG uFileAttributes,
- ULONG uShareAccess,
- ULONG uCreateDisposition,
- ULONG uCreateOptions,
- PVOID pEaBuffer,
- ULONG uEaLength
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenFile(
- PHANDLE phFile,
- ACCESS_MASK AccessMask,
- POBJECT_ATTRIBUTES pObjectAttributes,
- PIO_STATUS_BLOCK pIoStatusBlock,
- ULONG uShareAccess,
- ULONG uOpenOptions
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtDeleteFile(
- IN POBJECT_ATTRIBUTES pObjectAttributes
- );
- typedef enum _FILE_INFORMATION_CLASS
- {
- FileDirectoryInformation = 1,
- FileFullDirectoryInformation, // 2
- FileBothDirectoryInformation, // 3
- FileBasicInformation, // 4
- FileStandardInformation, // 5
- FileInternalInformation, // 6
- FileEaInformation, // 7
- FileAccessInformation, // 8
- FileNameInformation, // 9
- FileRenameInformation, // 10
- FileLinkInformation, // 11
- FileNamesInformation, // 12
- FileDispositionInformation, // 13
- FilePositionInformation, // 14
- FileFullEaInformation, // 15
- FileModeInformation, // 16
- FileAlignmentInformation, // 17
- FileAllInformation, // 18
- FileAllocationInformation, // 19
- FileEndOfFileInformation, // 20
- FileAlternateNameInformation, // 21
- FileStreamInformation, // 22
- FilePipeInformation, // 23
- FilePipeLocalInformation, // 24
- FilePipeRemoteInformation, // 25
- FileMailslotQueryInformation, // 26
- FileMailslotSetInformation, // 27
- FileCompressionInformation, // 28
- FileObjectIdInformation, // 29
- FileCompletionInformation, // 30
- FileMoveClusterInformation, // 31
- FileInformationReserved32, // 32
- FileInformationReserved33, // 33
- FileNetworkOpenInformation, // 34
- FileMaximumInformation
- } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryDirectoryFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG FileInformationLength,
- IN FILE_INFORMATION_CLASS FileInformationClass,
- IN BOOLEAN ReturnSingleEntry,
- IN PUNICODE_STRING FileName OPTIONAL,
- IN BOOLEAN RestartScan
- );
- typedef struct _FILE_DIRECTORY_INFORMATION
- {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- WCHAR FileName[1];
- } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
- typedef struct _FILE_FULL_DIR_INFORMATION
- {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- WCHAR FileName[1];
- } FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
- typedef struct _FILE_BOTH_DIR_INFORMATION
- {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER EndOfFile;
- LARGE_INTEGER AllocationSize;
- ULONG FileAttributes;
- ULONG FileNameLength;
- ULONG EaSize;
- CCHAR ShortNameLength;
- WCHAR ShortName[12];
- WCHAR FileName[1];
- } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
- typedef struct _FILE_BASIC_INFORMATION
- {
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- ULONG FileAttributes;
- } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
- typedef struct _FILE_STANDARD_INFORMATION
- {
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
- } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
- typedef struct _FILE_INTERNAL_INFORMATION
- {
- LARGE_INTEGER IndexNumber;
- } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
- typedef struct _FILE_EA_INFORMATION
- {
- ULONG EaSize;
- } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
- typedef struct _FILE_ACCESS_INFORMATION
- {
- ACCESS_MASK AccessFlags;
- } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
- typedef struct _FILE_NAME_INFORMATION
- {
- ULONG FileNameLength;
- WCHAR FileName[1];
- } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
- typedef struct _FILE_RENAME_INFORMATION
- {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
- } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
- typedef struct _FILE_LINK_INFORMATION
- {
- BOOLEAN ReplaceIfExists;
- HANDLE RootDirectory;
- ULONG FileNameLength;
- WCHAR FileName[1];
- } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
- typedef struct _FILE_NAMES_INFORMATION
- {
- ULONG NextEntryOffset;
- ULONG FileIndex;
- ULONG FileNameLength;
- WCHAR FileName[1];
- } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
- typedef struct _FILE_ALLOCATION_INFORMATION
- {
- LARGE_INTEGER AllocationSize;
- } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
- typedef struct _FILE_COMPRESSION_INFORMATION
- {
- LARGE_INTEGER CompressedFileSize;
- USHORT CompressionFormat;
- UCHAR CompressionUnitShift;
- UCHAR ChunkShift;
- UCHAR ClusterShift;
- UCHAR Reserved[3];
- } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
- typedef struct _FILE_COMPLETION_INFORMATION
- {
- HANDLE Port;
- ULONG Key;
- } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FileInformation,
- IN ULONG Length,
- IN FILE_INFORMATION_CLASS FileInformationClass
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtDeviceIoControlFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG IoControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtFsControlFile(
- IN HANDLE FileHandle,
- IN HANDLE Event OPTIONAL,
- IN PIO_APC_ROUTINE ApcRoutine OPTIONAL,
- IN PVOID ApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG FsControlCode,
- IN PVOID InputBuffer OPTIONAL,
- IN ULONG InputBufferLength,
- OUT PVOID OutputBuffer OPTIONAL,
- IN ULONG OutputBufferLength
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryVolumeInformationFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- OUT PVOID FsInformation,
- IN ULONG Length,
- IN FS_INFORMATION_CLASS FsInformationClass
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtFlushBuffersFile(
- IN HANDLE FileHandle,
- OUT PIO_STATUS_BLOCK IoStatusBlock
- );
- // Process functions
- #define NtCurrentProcess() ((HANDLE) -1)
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenProcess(
- OUT PHANDLE phProcess,
- IN ACCESS_MASK AccessMask,
- IN POBJECT_ATTRIBUTES pObjectAttributes,
- IN PCLIENT_ID pClientId
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtCreateProcess(
- OUT PHANDLE ProcessHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE InheritFromProcessHandle,
- IN BOOLEAN InheritHandles,
- IN HANDLE SectionHandle OPTIONAL,
- IN HANDLE DebugPort OPTIONAL,
- IN HANDLE ExceptionPort OPTIONAL
- );
- typedef enum _PROCESSINFOCLASS
- {
- ProcessBasicInformation,
- ProcessQuotaLimits, // QUOTA_LIMITS
- ProcessIoCounters, // IOCOUNTERS
- ProcessVmCounters, // VM_COUNTERS
- ProcessTimes, // KERNEL_USER_TIMES
- ProcessBasePriority, // BASE_PRIORITY_INFORMATION
- ProcessRaisePriority,
- ProcessDebugPort,
- ProcessExceptionPort,
- ProcessAccessToken,
- ProcessLdtInformation,
- ProcessLdtSize,
- ProcessDefaultHardErrorMode,
- ProcessIoPortHandlers, // Note: this is kernel mode only
- ProcessPooledUsageAndLimits,
- ProcessWorkingSetWatch,
- ProcessUserModeIOPL,
- ProcessEnableAlignmentFaultFixup,
- ProcessPriorityClass,
- ProcessWx86Information,
- ProcessHandleCount,
- ProcessAffinityMask, // AFFINITY_MASK
- ProcessPriorityBoost,
- ProcessDeviceMap,
- ProcessSessionInformation,
- ProcessForegroundInformation,
- ProcessWow64Information,
- MaxProcessInfoClass
- } PROCESSINFOCLASS;
- typedef struct _PROCESS_BASIC_INFORMATION
- {
- NTSTATUS ExitStatus;
- PPEB PebBaseAddress;
- KAFFINITY AffinityMask;
- KPRIORITY BasePriority;
- ULONG uUniqueProcessId;
- ULONG uInheritedFromUniqueProcessId;
- } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
- typedef struct _PROCESS_RAISE_PRIORITY
- {
- KPRIORITY RaisePriority;
- } PROCESS_RAISE_PRIORITY, *PPROCESS_RAISE_PRIORITY;
- typedef struct _PROCESS_DEBUG_PORT_INFORMATION
- {
- HANDLE DebugPort;
- } PROCESS_DEBUG_PORT_INFORMATION, *PPROCESS_DEBUG_PORT_INFORMATION;
- typedef struct _PROCESS_EXCEPTION_PORT
- {
- HANDLE ExceptionPort;
- } PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT;
- typedef struct _PROCESS_ACCESS_TOKEN
- {
- HANDLE Token;
- HANDLE Thread;
- } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
- #ifndef _LDT_ENTRY_DEFINED
- #define _LDT_ENTRY_DEFINED
- typedef struct _LDT_ENTRY
- {
- USHORT LimitLow;
- USHORT BaseLow;
- union
- {
- struct
- {
- UCHAR BaseMid;
- UCHAR Flags1; // Declare as bytes to avoid alignment
- UCHAR Flags2; // Problems.
- UCHAR BaseHi;
- } Bytes;
- struct
- {
- ULONG BaseMid : 8;
- ULONG Type : 5;
- ULONG Dpl : 2;
- ULONG Pres : 1;
- ULONG LimitHi : 4;
- ULONG Sys : 1;
- ULONG Reserved_0 : 1;
- ULONG Default_Big : 1;
- ULONG Granularity : 1;
- ULONG BaseHi : 8;
- } Bits;
- } HighWord;
- } LDT_ENTRY, *PLDT_ENTRY;
- #endif
- #define LDT_TABLE_SIZE (8 * 1024 * sizeof(LDT_ENTRY))
- typedef struct _LDT_INFORMATION
- {
- ULONG Start;
- ULONG Length;
- LDT_ENTRY LdtEntries[1];
- } PROCESS_LDT_INFORMATION, *PPROCESS_LDT_INFORMATION;
- typedef struct _LDT_SIZE
- {
- ULONG Length;
- } PROCESS_LDT_SIZE, *PPROCESS_LDT_SIZE;
- typedef struct _PROCESS_DEFAULT_HARDERROR_MODE_INFORMATION
- {
- ULONG HardErrorMode; // SEM_* (SEM_FAILCRITICALERRORS, etc.)
- } PROCESS_DEFAULT_HARDERROR_MODE_INFORMATION, *PPROCESS_DEFAULT_HARDERROR_MODE_INFORMATION;
- typedef struct _PROCESS_POOLED_USAGE_AND_LIMITS_INFORMATION
- {
- ULONG PeakPagedPoolUsage;
- ULONG PagedPoolUsage;
- ULONG PagedPoolLimit;
- ULONG PeakNonPagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG NonPagedPoolLimit;
- ULONG PeakPagefileUsage;
- ULONG PagefileUsage;
- ULONG PagefileLimit;
- } PROCESS_POOLED_USAGE_AND_LIMITS_INFORMATION, *PPROCESS_POOLED_USAGE_AND_LIMITS_INFORMATION;
- typedef struct _PROCESS_WS_WATCH_INFORMATION
- {
- PVOID FaultingPc;
- PVOID FaultingVa;
- } PROCESS_WS_WATCH_INFORMATION, *PPROCESS_WS_WATCH_INFORMATION;
- typedef struct _PROCESS_IOPL
- {
- ULONG Iopl;
- } PROCESS_IOPL, *PPROCESS_IOPL;
- typedef struct _PROCESS_ALLIGNMENT_FAULT_FIXUP
- {
- BOOLEAN EnableAllignmentFaultFixup;
- } PROCESS_ALLIGNMENT_FAULT_FIXUP, *PPROCESS_ALLIGNMENT_FAULT_FIXUP;
- #define KRNL_NORMAL_PRIORITY_CLASS 0x02
- #define KRNL_IDLE_PRIORITY_CLASS 0x01
- #define KRNL_HIGH_PRIORITY_CLASS 0x03
- #define KRNL_REALTIME_PRIORITY_CLASS 0x04
- typedef struct _PROCESS_PRIORITY_CLASS_INFORMATION
- {
- UCHAR Unknown;
- UCHAR PriorityClass;
- } PROCESS_PRIORITY_CLASS_INFORMATION, *PPROCESS_PRIORITY_CLASS_INFORMATION;
- typedef struct _PROCESS_X86_INFORMATION
- {
- ULONG x86Info;
- } PROCESS_X86_INFORMATION, *PPROCESS_X86_INFORMATION;
- typedef struct _PROCESS_HANDLE_COUNT_INFORMATION
- {
- ULONG HandleCount;
- } PROCESS_HANDLE_COUNT_INFORMATION, *PPROCESS_HANDLE_COUNT_INFORMATION;
- typedef struct _PROCESS_PRIORITY_BOOST_INFORMATION
- {
- ULONG PriorityBoostEnabled;
- } PROCESS_PRIORITY_BOOST_INFORMATION, *PPROCESS_PRIORITY_BOOST_INFORMATION;
- typedef struct _PROCESS_DEVICE_MAP_INFORMATION
- {
- union
- {
- struct
- {
- HANDLE DirectoryHandle;
- } Set;
- struct
- {
- ULONG DriveMap;
- UCHAR DriveType[32];
- } Query;
- };
- } PROCESS_DEVICE_MAP_INFORMATION, *PPROCESS_DEVICE_MAP_INFORMATION;
- typedef struct _PROCESS_SESSION_INFORMATION
- {
- ULONG SessionId;
- } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryInformationProcess(
- IN HANDLE hProcess,
- IN PROCESSINFOCLASS ProcessInformationClass,
- OUT PVOID pProcessInformation,
- IN ULONG uProcessInformationLength,
- OUT PULONG puReturnLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetInformationProcess(
- IN HANDLE hProcess,
- IN PROCESSINFOCLASS ProcessInformationClass,
- OUT PVOID pProcessInformation,
- IN ULONG uProcessInformationLength
- );
- NTSTATUS
- NTAPI
- RtlCreateProcessParameters(
- OUT PPROCESS_PARAMETERS *ProcessParameters,
- IN PUNICODE_STRING ImageFile,
- IN PUNICODE_STRING DllPath OPTIONAL,
- IN PUNICODE_STRING CurrentDirectory OPTIONAL,
- IN PUNICODE_STRING CommandLine OPTIONAL,
- IN ULONG CreationFlags,
- IN PUNICODE_STRING WindowTitle OPTIONAL,
- IN PUNICODE_STRING Desktop OPTIONAL,
- IN PUNICODE_STRING Reserved OPTIONAL,
- IN PUNICODE_STRING Reserved2 OPTIONAL
- );
- NTSTATUS
- NTAPI
- RtlDestroyProcessParameters(
- IN PPROCESS_PARAMETERS ProcessParameters
- );
- // Thread functions
- #define NtCurrentThread() ((HANDLE) -2)
- typedef struct _USER_STACK
- {
- PVOID FixedStackBase;
- PVOID FixedStackLimit;
- PVOID ExpandableStackBase;
- PVOID ExpandableStackLimit;
- PVOID ExpandableStackBottom;
- } USER_STACK, *PUSER_STACK;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtCreateThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE ProcessHandle,
- OUT PCLIENT_ID ClientId,
- IN PCONTEXT ThreadContext,
- IN PUSER_STACK UserStack,
- IN BOOLEAN CreateSuspended
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenThread(
- OUT PHANDLE phThread,
- IN ACCESS_MASK AccessMask,
- IN POBJECT_ATTRIBUTES pObjectAttributes,
- IN PCLIENT_ID pClientId
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtTerminateThread(
- IN HANDLE ThreadHandle OPTIONAL,
- IN NTSTATUS ExitStatus
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSuspendThread(
- IN HANDLE ThreadHandle,
- OUT PULONG PreviousSuspendCount OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtResumeThread(
- IN HANDLE ThreadHandle,
- OUT PULONG PreviousSuspendCount OPTIONAL
- );
- typedef enum _THREADINFOCLASS
- {
- ThreadBasicInformation,
- ThreadTimes, // KERNEL_USER_TIMES
- ThreadPriority,
- ThreadBasePriority, // BASE_PRIORITY_INFORMATION
- ThreadAffinityMask, // AFFINITY_MASK
- ThreadImpersonationToken,
- ThreadDescriptorTableEntry,
- ThreadEnableAlignmentFaultFixup,
- ThreadEventPair,
- ThreadQuerySetWin32StartAddress,
- ThreadZeroTlsCell,
- ThreadPerformanceCount,
- ThreadAmILastThread,
- ThreadIdealProcessor,
- ThreadPriorityBoost,
- ThreadSetTlsArrayAddress,
- ThreadIsIoPending, // W2K
- ThreadHideFromDebugger, // W2K
- MaxThreadInfoClass
- } THREADINFOCLASS;
- typedef struct _THREAD_BASIC_INFORMATION
- {
- NTSTATUS ExitStatus;
- PTEB TebBaseAddress;
- CLIENT_ID ClientId;
- KAFFINITY AffinityMask;
- KPRIORITY Priority;
- KPRIORITY BasePriority;
- } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
- typedef struct _THREAD_PRIORITY
- {
- KPRIORITY Priority;
- } THREAD_PRIORITY, *PTHREAD_PRIORITY;
- typedef struct _THREAD_DESCRIPTOR_TABLE_ENTRY_INFORMATION
- {
- ULONG Selector;
- LDT_ENTRY Descriptor;
- } THREAD_DESCRIPTOR_TABLE_ENTRY_INFORMATION, *PTHREAD_DESCRIPTOR_TABLE_ENTRY_INFORMATION;
- typedef struct _THREAD_EVENTPAIR
- {
- HANDLE EventPair;
- } THREAD_EVENTPAIR, *PTHREAD_EVENTPAIR;
- typedef struct _THREAD_WIN32_START_ADDRESS_INFORMATION
- {
- PVOID Win32StartAddress;
- } THREAD_WIN32_START_ADDRESS_INFORMATION, *PTHREAD_WIN32_START_ADDRESS_INFORMATION;
- typedef struct _THREAD_ZERO_TLSCELL
- {
- ULONG TlsIndex;
- } THREAD_ZERO_TLSCELL, *PTHREAD_ZERO_TLSCELL;
- typedef struct _THREAD_PERFORMANCE_COUNTER_INFORMATION
- {
- ULONG Count1;
- ULONG Count2;
- } THREAD_PERFORMANCE_COUNTER_INFORMATION, *PTHREAD_PERFORMANCE_COUNTER_INFORMATION;
- typedef struct _THREAD_AMI_LAST_THREAD
- {
- ULONG AmILastThread;
- } THREAD_AMI_LAST_THREAD, *PTHREAD_AMI_LAST_THREAD;
- typedef struct _THREAD_IDEAL_PROCESSOR
- {
- ULONG IdealProcessor;
- } THREAD_IDEAL_PROCESSOR, *PTHREAD_IDEAL_PROCESSOR;
- typedef struct _THREAD_TLS_ARRAY
- {
- PULONG TlsArray;
- } THREAD_TLS_ARRAY, *PTHREAD_TLS_ARRAY;
- typedef struct _THREAD_IS_IO_PENDING_INFORMATION
- {
- ULONG IsIOPending;
- } THREAD_IS_IO_PENDING_INFORMATION, *PTHREAD_IS_IO_PENDING_INFORMATION;
- typedef struct _THREAD_HIDE_FROM_DEBUGGER
- {
- ULONG HideFromDebugger;
- } THREAD_HIDE_FROM_DEBUGGER, *PTHREAD_HIDE_FROM_DEBUGGER;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryInformationThread(
- IN HANDLE hThread,
- IN THREADINFOCLASS ThreadInformationClass,
- OUT PVOID pThreadInformation,
- IN ULONG uThreadInformationLength,
- OUT PULONG puReturnLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetInformationThread(
- IN HANDLE hThread,
- IN THREADINFOCLASS ThreadInformationClass,
- OUT PVOID pThreadInformation,
- IN ULONG uthreadInformationLength
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenThreadToken(
- IN HANDLE hThread,
- IN ACCESS_MASK DesiredAccess,
- IN BOOLEAN bOpenAsSelf,
- OUT PHANDLE phToken
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtImpersonateThread(
- IN HANDLE ThreadHandle,
- IN HANDLE TargetThreadHandle,
- IN PSECURITY_QUALITY_OF_SERVICE SecurityQos
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtGetContextThread(
- IN HANDLE ThreadHandle,
- OUT PCONTEXT Context
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetContextThread(
- IN HANDLE ThreadHandle,
- IN PCONTEXT Context
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueueApcThread(
- IN HANDLE ThreadHandle,
- IN PKNORMAL_ROUTINE ApcRoutine,
- IN PVOID ApcContext OPTIONAL,
- IN PVOID Argument1 OPTIONAL,
- IN PVOID Argument2 OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtImpersonateAnonymousToken(
- IN HANDLE hThread
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtCreateSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN PLARGE_INTEGER SectionSize OPTIONAL,
- IN ULONG Protect,
- IN ULONG Attributes,
- IN HANDLE FileHandle
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtOpenSection(
- OUT PHANDLE SectionHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
- typedef enum _SECTION_INFORMATION_CLASS
- {
- SectionBasicInformation,
- SectionImageInformation
- } SECTION_INFORMATION_CLASS;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQuerySection(
- IN HANDLE SectionHandle,
- IN SECTION_INFORMATION_CLASS SectionInformationClass,
- OUT PVOID SectionInformation,
- IN ULONG SectionInformationLength,
- OUT PULONG ResultLength OPTIONAL
- );
- typedef struct _SECTION_BASIC_INFORMATION
- {
- PVOID BaseAddress;
- ULONG Attributes;
- LARGE_INTEGER Size;
- } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
- typedef struct _SECTION_IMAGE_INFORMATION
- {
- PVOID EntryPoint;
- ULONG Unknown1;
- ULONG StackReserve;
- ULONG StackCommit;
- ULONG Subsystem;
- USHORT MinorSubsystemVersion;
- USHORT MajorSubsystemVersion;
- ULONG Unknown2;
- ULONG Characteristics;
- USHORT ImageNumber;
- BOOLEAN Executable;
- UCHAR Unknown3;
- ULONG Unknown4[3];
- } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtExtendSection(
- IN HANDLE SectionHandle,
- IN PLARGE_INTEGER SectionSize
- );
- typedef enum _SECTION_INHERIT
- {
- ViewShare = 1,
- ViewUnmap = 2
- } SECTION_INHERIT;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtMapViewOfSection(
- HANDLE SectionHandle,
- HANDLE ProcessHandle,
- PVOID *BaseAddress,
- ULONG ZeroBits,
- ULONG CommitSize,
- PLARGE_INTEGER SectionOffset,
- PSIZE_T ViewSize,
- SECTION_INHERIT InheritDisposition,
- ULONG AllocationType,
- ULONG Protect
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtUnmapViewOfSection(
- IN HANDLE hProcess,
- IN PVOID pBaseAddress
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtWaitForSingleObject(
- IN HANDLE hObject,
- IN BOOL fAlertable,
- IN PLARGE_INTEGER pliTimeout // NULL = infinite
- );
- // Object functions
- typedef enum _OBJECT_INFORMATION_CLASS
- {
- ObjectBasicInformation, // 0 Y N
- ObjectNameInformation, // 1 Y N
- ObjectTypeInformation, // 2 Y N
- ObjectAllTypesInformation, // 3 Y N
- ObjectHandleInformation // 4 Y Y
- } OBJECT_INFORMATION_CLASS;
- typedef struct _OBJECT_BASIC_INFORMATION
- {
- ULONG Attributes;
- ACCESS_MASK GrantedAccess;
- ULONG HandleCount;
- ULONG PointerCount;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- ULONG Reserved[3];
- ULONG NameInformationLength;
- ULONG TypeInformationLength;
- ULONG SecurityDescriptorLength;
- LARGE_INTEGER CreateTime;
- } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
- typedef struct _OBJECT_NAME_INFORMATION
- {
- UNICODE_STRING Name;
- } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
- typedef struct _OBJECT_TYPE_INFORMATION
- {
- UNICODE_STRING Name;
- ULONG ObjectCount;
- ULONG HandleCount;
- ULONG Reserved1[4];
- ULONG PeakObjectCount;
- ULONG PeakHandleCount;
- ULONG Reserved2[4];
- ULONG InvalidAttributes;
- GENERIC_MAPPING GenericMapping;
- ULONG ValidAccess;
- UCHAR Unknown;
- BOOLEAN MaintainHandleDatabase;
- UCHAR Reserved3[2];
- POOL_TYPE PoolType;
- ULONG PagedPoolUsage;
- ULONG NonPagedPoolUsage;
- } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
- typedef struct _OBJECT_ALL_TYPES_INFORMATION
- {
- ULONG NumberOfTypes;
- OBJECT_TYPE_INFORMATION TypeInformation;
- } OBJECT_ALL_TYPES_INFORMATION, *POBJECT_ALL_TYPES_INFORMATION;
- typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION
- {
- BOOLEAN Inherit;
- BOOLEAN ProtectFromClose;
- } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- OUT PVOID ObjectInformation,
- IN ULONG ObjectInformationLength,
- OUT PULONG ReturnLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetInformationObject(
- IN HANDLE ObjectHandle,
- IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
- IN PVOID ObjectInformation,
- IN ULONG ObjectInformationLength
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtDuplicateObject(
- IN HANDLE SourceProcessHandle,
- IN HANDLE SourceHandle,
- IN HANDLE TargetProcessHandle OPTIONAL,
- OUT PHANDLE TargetHandle OPTIONAL,
- IN ACCESS_MASK DesiredAccess,
- IN ULONG HandleAttributes,
- IN ULONG Options
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQuerySecurityObject(
- IN HANDLE FileHandle,
- IN SECURITY_INFORMATION SecurityInformation,
- OUT PSECURITY_DESCRIPTOR SecurityDescriptor,
- IN ULONG Length,
- OUT PULONG ResultLength
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtSetSecurityObject(
- IN HANDLE FileHandle,
- IN SECURITY_INFORMATION SecurityInformation,
- IN PSECURITY_DESCRIPTOR SecurityDescriptor
- );
- // Memory management functions
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtAllocateVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN ULONG ZeroBits,
- IN OUT PULONG AllocationSize,
- IN ULONG AllocationType,
- IN ULONG Protect
- );
- typedef enum _MEMORY_INFORMATION_CLASS
- {
- MemoryBasicInformation,
- MemoryWorkingSetList,
- MemorySectionName,
- MemoryBasicVlmInformation
- } MEMORY_INFORMATION_CLASS;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtQueryVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
- OUT PVOID MemoryInformation,
- IN ULONG MemoryInformationLength,
- OUT PULONG ReturnLength OPTIONAL
- );
- /* Defined in Winnt.h
- typedef struct _MEMORY_BASIC_INFORMATION
- {
- PVOID BaseAddress;
- PVOID AllocationBase;
- ULONG AllocationProtect;
- ULONG RegionSize;
- ULONG State;
- ULONG Protect;
- ULONG Type;
- } MEMORY_BASIC_INFORMATION, *PMEMORY_BASIC_INFORMATION;
- */
- typedef struct _MEMORY_WORKING_SET_LIST
- {
- ULONG NumberOfPages;
- ULONG WorkingSetList[1];
- } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
- typedef struct _MEMORY_SECTION_NAME
- {
- UNICODE_STRING SectionFileName;
- } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtReadVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- OUT PVOID Buffer,
- IN ULONG BufferLength,
- OUT PULONG ReturnLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtWriteVirtualMemory(
- IN HANDLE ProcessHandle,
- IN PVOID BaseAddress,
- IN PVOID Buffer,
- IN ULONG BufferLength,
- OUT PULONG ReturnLength OPTIONAL
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtProtectVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG ProtectSize,
- IN ULONG NewProtect,
- OUT PULONG OldProtect
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtFlushVirtualMemory(
- IN HANDLE ProcessHandle,
- IN OUT PVOID *BaseAddress,
- IN OUT PULONG FlushSize,
- OUT PIO_STATUS_BLOCK IoStatusBlock
- );
- // Ldr Functions
- NTSYSAPI
- NTSTATUS
- NTAPI
- LdrDisableThreadCalloutsForDll(
- IN HANDLE hModule
- );
- // Rtl String Functions
- NTSYSAPI
- VOID
- NTAPI
- RtlInitUnicodeString (
- OUT PUNICODE_STRING DestinationString,
- IN PCWSTR SourceString
- );
- NTSYSAPI
- VOID
- NTAPI
- RtlCreateUnicodeString(
- OUT PUNICODE_STRING AllocatedString,
- IN PCWSTR SourceString
- );
- NTSYSAPI
- VOID
- NTAPI
- RtlFreeUnicodeString(
- IN PUNICODE_STRING UnicodeString
- );
- NTSYSAPI
- ULONG
- NTAPI
- RtlAnsiStringToUnicodeSize(
- IN PANSI_STRING AnsiString
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlAnsiStringToUnicodeString(
- OUT PUNICODE_STRING DestinationString,
- IN PANSI_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlAppendUnicodeStringToString(
- OUT PUNICODE_STRING Destination,
- IN PUNICODE_STRING Source
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlAppendUnicodeToString(
- OUT PUNICODE_STRING Destination,
- IN PWSTR Source
- );
- NTSYSAPI
- LONG
- NTAPI
- RtlCompareUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
- IN BOOLEAN CaseInSensitive
- );
- NTSYSAPI
- VOID
- NTAPI
- RtlCopyUnicodeString(
- OUT PUNICODE_STRING DestinationString,
- IN PUNICODE_STRING SourceString
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlDowncaseUnicodeString(
- OUT PUNICODE_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
- NTSYSAPI
- BOOLEAN
- NTAPI
- RtlEqualUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
- IN BOOLEAN CaseInSensitive
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlIntegerToUnicodeString(
- IN ULONG Value,
- IN ULONG Base,
- OUT PUNICODE_STRING String
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlUnicodeStringToInteger(
- IN PUNICODE_STRING String,
- IN ULONG Base,
- OUT PULONG Value
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlOemStringToUnicodeString(
- OUT PUNICODE_STRING DestinationString,
- IN POEM_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
- NTSYSAPI
- BOOLEAN
- NTAPI
- RtlPrefixUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
- IN BOOLEAN CaseInSensitive
- );
- NTSYSAPI
- WCHAR
- NTAPI
- RtlUpcaseUnicodeChar(
- IN WCHAR SourceCharacter
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlUpcaseUnicodeString(
- OUT PUNICODE_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
- IN BOOLEAN AllocateDestinationString
- );
- NTSYSAPI
- ULONG
- NTAPI
- RtlxAnsiStringToUnicodeSize(
- IN PANSI_STRING AnsiString
- );
- NTSYSAPI
- ULONG
- NTAPI
- RtlxOemStringToUnicodeSize(
- IN POEM_STRING OemString
- );
- // Rtl Misc Operations
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtReplyPort(
- IN HANDLE hPort,
- OUT PVOID pReply
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtClose(
- IN HANDLE hObject
- );
- NTSYSAPI
- ULONG
- NTAPI
- RtlNtStatusToDosError(
- NTSTATUS status
- );
- NTSYSAPI
- UINT
- NTAPI
- RtlGetLongestNtPathLength();
- NTSYSAPI
- UINT
- NTAPI
- RtlDetermineDosPathNameType_U(
- IN PWSTR Path
- );
- NTSYSAPI
- UINT
- NTAPI
- RtlIsDosDeviceName_U(
- IN PWSTR Path
- );
- NTSYSAPI
- BOOLEAN
- NTAPI
- RtlDosPathNameToNtPathName_U(
- IN PCWSTR DosName,
- OUT PUNICODE_STRING NtName,
- OUT PCWSTR *DosFilePath OPTIONAL,
- OUT PUNICODE_STRING NtFilePath OPTIONAL
- );
- // Rtl Large Integer Operations
- #define RtlLargeIntegerLessThanZero($a) (($a).HighPart < 0)
- #define Li2Double(x) ((double)((x).HighPart) * 4.294967296E9 + (double)((x).LowPart))
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlEnlargedIntegerMultiply(
- IN LONG lMultiplicand,
- IN LONG lMultiplier
- );
- NTSYSAPI
- ULONG
- NTAPI
- RtlEnlargedUnsignedDivide(
- IN LARGE_INTEGER liDividend,
- IN ULONG uDivisor,
- OUT PULONG puRemainder OPTIONAL
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlEnlargedUnsignedMultiply(
- IN ULONG uMultiplicand,
- IN ULONG uMultiplier
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlExtendedIntegerMultiply(
- IN LARGE_INTEGER liMultiplicand,
- IN LONG lMultiplier
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlExtendedLargeIntegerDivide(
- IN LARGE_INTEGER liDividend,
- IN ULONG uDivisor,
- OUT PULONG puRemainder OPTIONAL
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlLargeIntegerAdd(
- IN LARGE_INTEGER liAddend1,
- IN LARGE_INTEGER liAddend2
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlLargeIntegerDivide(
- IN LARGE_INTEGER liDividend,
- IN LARGE_INTEGER liDivisor,
- OUT PLARGE_INTEGER pliRemainder OPTIONAL
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlLargeIntegerNegate(
- IN LARGE_INTEGER liSubtrahend
- );
- NTSYSAPI
- LARGE_INTEGER
- NTAPI
- RtlLargeIntegerSubtract(
- IN LARGE_INTEGER liMinuend,
- IN LARGE_INTEGER liSubtrahend
- );
- // Debug Functions
- typedef struct _DEBUG_BUFFER
- {
- HANDLE SectionHandle;
- PVOID SectionBase;
- PVOID RemoteSectionBase;
- ULONG SectionBaseDelta;
- HANDLE EventPairHandle;
- ULONG Unknown[2];
- HANDLE RemoteThreadHandle;
- ULONG InfoClassMask;
- ULONG SizeOfInfo;
- ULONG AllocatedSize;
- ULONG SectionSize;
- PVOID ModuleInformation;
- PVOID BackTraceInformation;
- PVOID HeapInformation;
- PVOID LockInformation;
- PVOID Reserved[8];
- } DEBUG_BUFFER, *PDEBUG_BUFFER;
- #define PDI_MODULES 0x01
- #define PDI_BACKTRACE 0x02
- #define PDI_HEAPS 0x04
- #define PDI_HEAP_TAGS 0x08
- #define PDI_HEAP_BLOCKS 0x10
- #define PDI_LOCKS 0x20
- typedef struct _DEBUG_MODULE_INFORMATION // c.f. SYSTEM_MODULE_INFORMATION
- {
- ULONG Reserved[2];
- ULONG Base;
- ULONG Size;
- ULONG Flags;
- USHORT Index;
- USHORT Unknown;
- USHORT LoadCount;
- USHORT ModuleNameOffset;
- CHAR ImageName[256];
- } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
- typedef struct _DEBUG_HEAP_INFORMATION
- {
- ULONG Base;
- ULONG Flags;
- USHORT Granularity;
- USHORT Unknown;
- ULONG Allocated;
- ULONG Committed;
- ULONG TagCount;
- ULONG BlockCount;
- ULONG Reserved[7];
- PVOID Tags;
- PVOID Blocks;
- } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
- typedef struct _DEBUG_LOCK_INFORMATION // c.f. SYSTEM_LOCK_INFORMATION
- {
- PVOID Address;
- USHORT Type;
- USHORT CreatorBackTraceIndex;
- ULONG OwnerThreadId;
- ULONG ActiveCount;
- ULONG ContentionCount;
- ULONG EntryCount;
- ULONG RecursionCount;
- ULONG NumberOfSharedWaiters;
- ULONG NumberOfExclusiveWaiters;
- } DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
- NTSYSAPI
- PDEBUG_BUFFER
- NTAPI
- RtlCreateQueryDebugBuffer(
- IN ULONG Size,
- IN BOOLEAN EventPair
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlQueryProcessDebugInformation(
- IN ULONG ProcessId,
- IN ULONG DebugInfoClassMask,
- IN OUT PDEBUG_BUFFER DebugBuffer
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlDestroyQueryDebugBuffer(
- IN PDEBUG_BUFFER DebugBuffer
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtLoadDriver(
- // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
- IN PUNICODE_STRING RegistryPath
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- NtUnloadDriver(
- // "\\Registry\\Machine\\System\\CurrentControlSet\\Services\\<DriverName>"
- IN PUNICODE_STRING RegistryPath
- );
- NTSYSAPI
- NTSTATUS
- NTAPI
- RtlAdjustPrivilege(
- IN ULONG Privilege,
- IN BOOLEAN NewValue,
- IN BOOLEAN ForThread,
- OUT PBOOLEAN OldValue
- );
- #ifdef __cplusplus
- }
- #pragma warning(default : 4200)
- #endif
- #endif
Add Comment
Please, Sign In to add comment