Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- C:\Program Files (x86)\Windows Kits\10\Include\10.0.10586.0\km\ntddk.h got some updates:
- typedef struct _SE_ADT_PARAMETER_ARRAY_EX {
- ULONG CategoryId;
- ULONG AuditId;
- ULONG Version;
- ULONG ParameterCount;
- ULONG Length;
- USHORT FlatSubCategoryId;
- USHORT Type;
- ULONG Flags;
- SE_ADT_PARAMETER_ARRAY_ENTRY Parameters[ SE_MAX_AUDIT_PARAMETERS ];
- } SE_ADT_PARAMETER_ARRAY_EX, *PSE_ADT_PARAMETER_ARRAY_EX;
- /////
- not sure why this was added now here:
- //
- // Page/memory priorities.
- //
- #define MEMORY_PRIORITY_LOWEST 0
- #define MEMORY_PRIORITY_VERY_LOW 1
- #define MEMORY_PRIORITY_LOW 2
- #define MEMORY_PRIORITY_MEDIUM 3
- #define MEMORY_PRIORITY_BELOW_NORMAL 4
- #define MEMORY_PRIORITY_NORMAL 5
- /////////////
- //
- // Process mitigation policy information
- // NtSetInformationProcess using ProcessMitigationPolicy
- //
- typedef enum _PROCESS_MITIGATION_POLICY {
- ProcessControlFlowGuardPolicy,
- ProcessImageLoadPolicy
- } PROCESS_MITIGATION_POLICY, *PPROCESS_MITIGATION_POLICY;
- ////////
- //
- // Known extended CPU state feature BITs
- //
- // 8 IPT Supervisor
- #define XSTATE_IPT (8)
- #define XSTATE_MASK_IPT (1ui64 << (XSTATE_IPT))
- //
- // Define legal values for the SystemCall member.
- //
- #define SYSTEM_CALL_SYSCALL 0
- #define SYSTEM_CALL_INT_2E 1
- //////
- //
- // On AMD64, this value is initialized to a nonzero value if the system
- // operates with an altered view of the system service call mechanism.
- //
- ULONG SystemCall;
- //
- // Reserved, available for reuse.
- //
- ULONG SystemCallPad0;
- ULONGLONG SystemCallPad[2];
- //
- // A bitmask of enclave features supported on this system.
- //
- ULONG EnclaveFeatureMask[4];
- //
- // Assembler logic assumes a zero value for syscall and a nonzero value for
- // int 2e, and that no other values exist presently for the SystemCall field.
- //
- C_ASSERT(SYSTEM_CALL_SYSCALL == 0);
- C_ASSERT(SYSTEM_CALL_INT_2E == 1);
- C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCall) == 0x308);
- C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad0) == 0x30c);
- C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, SystemCallPad) == 0x310);
- C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, EnclaveFeatureMask) == 0x36c);
- C_ASSERT(FIELD_OFFSET(KUSER_SHARED_DATA, Reserved8) == 0x37c);
- Silo functions now at DISPATCH_LEVEL not APC_LEVEL:
- _IRQL_requires_max_(DISPATCH_LEVEL)
- NTKERNELAPI
- PESILO
- PsGetCurrentServerSilo(
- VOID
- );
- /////////
- #if (NTDDI_VERSION >= NTDDI_WIN10)
- NTKERNELAPI
- NTSTATUS
- IoVolumeDeviceNameToGuid(
- _In_ PUNICODE_STRING VolumeDeviceName,
- _Out_ GUID *Guid
- );
- #endif
- #if (NTDDI_VERSION >= NTDDI_WIN10)
- _Must_inspect_result_
- NTKERNELAPI
- NTSTATUS
- IoVolumeDeviceNameToGuidPath(
- _In_ PUNICODE_STRING VolumeDeviceName,
- _Out_ _At_(GuidPath->Buffer,
- __drv_allocatesMem(Mem)
- _Post_notnull_)
- PUNICODE_STRING GuidPath
- );
- #endif
- ////
- typedef struct _IO_FOEXT_SILO_PARAMETERS {
- ULONG Length;
- PESILO SiloContext;
- } IO_FOEXT_SILO_PARAMETERS, *PIO_FOEXT_SILO_PARAMETERS;
- #if (NTDDI_VERSION >= NTDDI_WINTHRESHOLD)
- PIO_FOEXT_SILO_PARAMETERS
- IoGetSiloParameters (
- _In_ PFILE_OBJECT FileObject
- );
- #endif
- //////////
- typedef enum _HAL_SET_INFORMATION_CLASS {
- HalSetResetParkDisposition, // Set whether to park processors on reset (LOGICAL)
- } HAL_SET_INFORMATION_CLASS, *PHAL_SET_INFORMATION_CLASS;
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement