Sweden-Number/include/winternl.h

4460 lines
201 KiB
C

/*
* Internal NT APIs and data structures
*
* Copyright (C) the Wine project
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Lesser General Public
* License as published by the Free Software Foundation; either
* version 2.1 of the License, or (at your option) any later version.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Lesser General Public License for more details.
*
* You should have received a copy of the GNU Lesser General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
*/
#ifndef __WINE_WINTERNL_H
#define __WINE_WINTERNL_H
#include <ntdef.h>
#include <windef.h>
#ifdef __cplusplus
extern "C" {
#endif /* defined(__cplusplus) */
/**********************************************************************
* Fundamental types and data structures
*/
#ifndef WINE_NTSTATUS_DECLARED
#define WINE_NTSTATUS_DECLARED
typedef LONG NTSTATUS;
#endif
typedef const char *PCSZ;
typedef short CSHORT;
typedef CSHORT *PCSHORT;
#ifndef __STRING_DEFINED__
#define __STRING_DEFINED__
typedef struct _STRING {
USHORT Length;
USHORT MaximumLength;
PCHAR Buffer;
} STRING, *PSTRING;
#endif
typedef STRING ANSI_STRING;
typedef PSTRING PANSI_STRING;
typedef const STRING *PCANSI_STRING;
typedef STRING OEM_STRING;
typedef PSTRING POEM_STRING;
typedef const STRING *PCOEM_STRING;
#ifndef __UNICODE_STRING_DEFINED__
#define __UNICODE_STRING_DEFINED__
typedef struct _UNICODE_STRING {
USHORT Length; /* bytes */
USHORT MaximumLength; /* bytes */
PWSTR Buffer;
} UNICODE_STRING, *PUNICODE_STRING;
#endif
typedef const UNICODE_STRING *PCUNICODE_STRING;
#ifndef _FILETIME_
#define _FILETIME_
/* 64 bit number of 100 nanoseconds intervals since January 1, 1601 */
typedef struct _FILETIME
{
#ifdef WORDS_BIGENDIAN
DWORD dwHighDateTime;
DWORD dwLowDateTime;
#else
DWORD dwLowDateTime;
DWORD dwHighDateTime;
#endif
} FILETIME, *PFILETIME, *LPFILETIME;
#endif /* _FILETIME_ */
/*
* RTL_SYSTEM_TIME and RTL_TIME_ZONE_INFORMATION are the same as
* the SYSTEMTIME and TIME_ZONE_INFORMATION structures defined
* in winbase.h, however we need to define them separately so
* winternl.h doesn't depend on winbase.h. They are used by
* RtlQueryTimeZoneInformation and RtlSetTimeZoneInformation.
* The names are guessed; if anybody knows the real names, let me know.
*/
typedef struct _RTL_SYSTEM_TIME {
WORD wYear;
WORD wMonth;
WORD wDayOfWeek;
WORD wDay;
WORD wHour;
WORD wMinute;
WORD wSecond;
WORD wMilliseconds;
} RTL_SYSTEM_TIME, *PRTL_SYSTEM_TIME;
typedef struct _RTL_TIME_ZONE_INFORMATION {
LONG Bias;
WCHAR StandardName[32];
RTL_SYSTEM_TIME StandardDate;
LONG StandardBias;
WCHAR DaylightName[32];
RTL_SYSTEM_TIME DaylightDate;
LONG DaylightBias;
} RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION;
typedef struct _RTL_TIME_DYNAMIC_ZONE_INFORMATION
{
LONG Bias;
WCHAR StandardName[32];
RTL_SYSTEM_TIME StandardDate;
LONG StandardBias;
WCHAR DaylightName[32];
RTL_SYSTEM_TIME DaylightDate;
LONG DaylightBias;
WCHAR TimeZoneKeyName[128];
BOOLEAN DynamicDaylightTimeDisabled;
} RTL_DYNAMIC_TIME_ZONE_INFORMATION, *PRTL_DYNAMIC_TIME_ZONE_INFORMATION;
typedef struct _CLIENT_ID
{
HANDLE UniqueProcess;
HANDLE UniqueThread;
} CLIENT_ID, *PCLIENT_ID;
typedef struct _CURDIR
{
UNICODE_STRING DosPath;
PVOID Handle;
} CURDIR, *PCURDIR;
typedef struct RTL_DRIVE_LETTER_CURDIR
{
USHORT Flags;
USHORT Length;
ULONG TimeStamp;
UNICODE_STRING DosPath;
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
typedef struct _RTL_RELATIVE_NAME
{
UNICODE_STRING RelativeName;
HANDLE ContainerDirectory;
void *CurDirRef;
} RTL_RELATIVE_NAME, *PRTL_RELATIVE_NAME;
typedef struct tagRTL_BITMAP {
ULONG SizeOfBitMap; /* Number of bits in the bitmap */
PULONG Buffer; /* Bitmap data, assumed sized to a DWORD boundary */
} RTL_BITMAP, *PRTL_BITMAP;
typedef const RTL_BITMAP *PCRTL_BITMAP;
typedef struct tagRTL_BITMAP_RUN {
ULONG StartingIndex; /* Bit position at which run starts */
ULONG NumberOfBits; /* Size of the run in bits */
} RTL_BITMAP_RUN, *PRTL_BITMAP_RUN;
typedef const RTL_BITMAP_RUN *PCRTL_BITMAP_RUN;
typedef struct _RTL_USER_PROCESS_PARAMETERS
{
ULONG AllocationSize;
ULONG Size;
ULONG Flags;
ULONG DebugFlags;
HANDLE ConsoleHandle;
ULONG ConsoleFlags;
HANDLE hStdInput;
HANDLE hStdOutput;
HANDLE hStdError;
CURDIR CurrentDirectory;
UNICODE_STRING DllPath;
UNICODE_STRING ImagePathName;
UNICODE_STRING CommandLine;
PWSTR Environment;
ULONG dwX;
ULONG dwY;
ULONG dwXSize;
ULONG dwYSize;
ULONG dwXCountChars;
ULONG dwYCountChars;
ULONG dwFillAttribute;
ULONG dwFlags;
ULONG wShowWindow;
UNICODE_STRING WindowTitle;
UNICODE_STRING Desktop;
UNICODE_STRING ShellInfo;
UNICODE_STRING RuntimeInfo;
RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20];
ULONG EnvironmentSize;
ULONG EnvironmentVersion;
PVOID PackageDependencyData;
ULONG ProcessGroupId;
ULONG LoaderThreads;
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
/* value for Flags field (FIXME: not the correct name) */
#define PROCESS_PARAMS_FLAG_NORMALIZED 1
typedef struct _PEB_LDR_DATA
{
ULONG Length;
BOOLEAN Initialized;
PVOID SsHandle;
LIST_ENTRY InLoadOrderModuleList;
LIST_ENTRY InMemoryOrderModuleList;
LIST_ENTRY InInitializationOrderModuleList;
PVOID EntryInProgress;
BOOLEAN ShutdownInProgress;
HANDLE ShutdownThreadId;
} PEB_LDR_DATA, *PPEB_LDR_DATA;
typedef struct _GDI_TEB_BATCH
{
ULONG Offset;
HANDLE HDC;
ULONG Buffer[0x136];
} GDI_TEB_BATCH;
typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME
{
struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous;
struct _ACTIVATION_CONTEXT *ActivationContext;
ULONG Flags;
} RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
typedef struct _ACTIVATION_CONTEXT_STACK
{
RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame;
LIST_ENTRY FrameListCache;
ULONG Flags;
ULONG NextCookieSequenceNumber;
ULONG_PTR StackId;
} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
typedef struct _TEB_ACTIVE_FRAME_CONTEXT
{
ULONG Flags;
const char *FrameName;
} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
{
TEB_ACTIVE_FRAME_CONTEXT BasicContext;
const char *SourceLocation;
} TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
typedef struct _TEB_ACTIVE_FRAME
{
ULONG Flags;
struct _TEB_ACTIVE_FRAME *Previous;
TEB_ACTIVE_FRAME_CONTEXT *Context;
} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
typedef struct _TEB_ACTIVE_FRAME_EX
{
TEB_ACTIVE_FRAME BasicFrame;
void *ExtensionIdentifier;
} TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
typedef struct _FLS_CALLBACK
{
void *unknown;
PFLS_CALLBACK_FUNCTION callback; /* ~0 if NULL callback is set, NULL if FLS index is free. */
} FLS_CALLBACK, *PFLS_CALLBACK;
typedef struct _FLS_INFO_CHUNK
{
ULONG count; /* number of allocated FLS indexes in the chunk. */
FLS_CALLBACK callbacks[1]; /* the size is 0x10 for chunk 0 and is twice as
* the previous chunk size for the rest. */
} FLS_INFO_CHUNK, *PFLS_INFO_CHUNK;
typedef struct _GLOBAL_FLS_DATA
{
FLS_INFO_CHUNK *fls_callback_chunks[8];
LIST_ENTRY fls_list_head;
ULONG fls_high_index;
} GLOBAL_FLS_DATA, *PGLOBAL_FLS_DATA;
typedef struct _TEB_FLS_DATA
{
LIST_ENTRY fls_list_entry;
void **fls_data_chunks[8];
} TEB_FLS_DATA, *PTEB_FLS_DATA;
#define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x00000001
#define TEB_ACTIVE_FRAME_FLAG_EXTENDED 0x00000001
/***********************************************************************
* PEB data structure
*/
typedef struct _PEB
{ /* win32/win64 */
BOOLEAN InheritedAddressSpace; /* 000/000 */
BOOLEAN ReadImageFileExecOptions; /* 001/001 */
BOOLEAN BeingDebugged; /* 002/002 */
BOOLEAN SpareBool; /* 003/003 */
HANDLE Mutant; /* 004/008 */
HMODULE ImageBaseAddress; /* 008/010 */
PPEB_LDR_DATA LdrData; /* 00c/018 */
RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /* 010/020 */
PVOID SubSystemData; /* 014/028 */
HANDLE ProcessHeap; /* 018/030 */
PRTL_CRITICAL_SECTION FastPebLock; /* 01c/038 */
PVOID /*PPEBLOCKROUTINE*/ FastPebLockRoutine; /* 020/040 */
PVOID /*PPEBLOCKROUTINE*/ FastPebUnlockRoutine; /* 024/048 */
ULONG EnvironmentUpdateCount; /* 028/050 */
PVOID KernelCallbackTable; /* 02c/058 */
ULONG Reserved; /* 030/060 */
ULONG AtlThunkSListPtr32; /* 034/064 */
PVOID /*PPEB_FREE_BLOCK*/ FreeList; /* 038/068 */
ULONG TlsExpansionCounter; /* 03c/070 */
PRTL_BITMAP TlsBitmap; /* 040/078 */
ULONG TlsBitmapBits[2]; /* 044/080 */
PVOID ReadOnlySharedMemoryBase; /* 04c/088 */
PVOID ReadOnlySharedMemoryHeap; /* 050/090 */
PVOID *ReadOnlyStaticServerData; /* 054/098 */
PVOID AnsiCodePageData; /* 058/0a0 */
PVOID OemCodePageData; /* 05c/0a8 */
PVOID UnicodeCaseTableData; /* 060/0b0 */
ULONG NumberOfProcessors; /* 064/0b8 */
ULONG NtGlobalFlag; /* 068/0bc */
LARGE_INTEGER CriticalSectionTimeout; /* 070/0c0 */
SIZE_T HeapSegmentReserve; /* 078/0c8 */
SIZE_T HeapSegmentCommit; /* 07c/0d0 */
SIZE_T HeapDeCommitTotalFreeThreshold; /* 080/0d8 */
SIZE_T HeapDeCommitFreeBlockThreshold; /* 084/0e0 */
ULONG NumberOfHeaps; /* 088/0e8 */
ULONG MaximumNumberOfHeaps; /* 08c/0ec */
PVOID *ProcessHeaps; /* 090/0f0 */
PVOID GdiSharedHandleTable; /* 094/0f8 */
PVOID ProcessStarterHelper; /* 098/100 */
PVOID GdiDCAttributeList; /* 09c/108 */
PVOID LoaderLock; /* 0a0/110 */
ULONG OSMajorVersion; /* 0a4/118 */
ULONG OSMinorVersion; /* 0a8/11c */
ULONG OSBuildNumber; /* 0ac/120 */
ULONG OSPlatformId; /* 0b0/124 */
ULONG ImageSubSystem; /* 0b4/128 */
ULONG ImageSubSystemMajorVersion; /* 0b8/12c */
ULONG ImageSubSystemMinorVersion; /* 0bc/130 */
ULONG ImageProcessAffinityMask; /* 0c0/134 */
HANDLE GdiHandleBuffer[28]; /* 0c4/138 */
ULONG unknown[6]; /* 134/218 */
PVOID PostProcessInitRoutine; /* 14c/230 */
PRTL_BITMAP TlsExpansionBitmap; /* 150/238 */
ULONG TlsExpansionBitmapBits[32]; /* 154/240 */
ULONG SessionId; /* 1d4/2c0 */
ULARGE_INTEGER AppCompatFlags; /* 1d8/2c8 */
ULARGE_INTEGER AppCompatFlagsUser; /* 1e0/2d0 */
PVOID ShimData; /* 1e8/2d8 */
PVOID AppCompatInfo; /* 1ec/2e0 */
UNICODE_STRING CSDVersion; /* 1f0/2e8 */
PVOID ActivationContextData; /* 1f8/2f8 */
PVOID ProcessAssemblyStorageMap; /* 1fc/300 */
PVOID SystemDefaultActivationData; /* 200/308 */
PVOID SystemAssemblyStorageMap; /* 204/310 */
SIZE_T MinimumStackCommit; /* 208/318 */
PVOID *FlsCallback; /* 20c/320 */
LIST_ENTRY FlsListHead; /* 210/328 */
PRTL_BITMAP FlsBitmap; /* 218/338 */
ULONG FlsBitmapBits[4]; /* 21c/340 */
ULONG FlsHighIndex; /* 22c/350 */
PVOID WerRegistrationData; /* 230/358 */
PVOID WerShipAssertPtr; /* 234/360 */
PVOID pUnused; /* 238/368 */
PVOID pImageHeaderHash; /* 23c/370 */
ULONG TracingFlags; /* 240/378 */
ULONGLONG CsrServerReadOnlySharedMemoryBase; /* 248/380 */
ULONG TppWorkerpListLock; /* 250/388 */
LIST_ENTRY TppWorkerpList; /* 254/390 */
PVOID WaitOnAddressHashTable [0x80]; /* 25c/3a0 */
PVOID TelemetryCoverageHeader; /* 45c/7a0 */
ULONG CloudFileFlags; /* 460/7a8 */
ULONG CloudFileDiagFlags; /* 464/7ac */
CHAR PlaceholderCompatibilityMode; /* 468/7b0 */
CHAR PlaceholderCompatibilityModeReserved[7]; /* 469/7b1 */
PVOID LeapSecondData; /* 470/7b8 */
ULONG LeapSecondFlags; /* 474/7c0 */
ULONG NtGlobalFlag2; /* 478/7c4 */
} PEB, *PPEB;
/***********************************************************************
* TEB data structure
*/
typedef struct _TEB
{ /* win32/win64 */
NT_TIB Tib; /* 000/0000 */
PVOID EnvironmentPointer; /* 01c/0038 */
CLIENT_ID ClientId; /* 020/0040 */
PVOID ActiveRpcHandle; /* 028/0050 */
PVOID ThreadLocalStoragePointer; /* 02c/0058 */
PPEB Peb; /* 030/0060 */
ULONG LastErrorValue; /* 034/0068 */
ULONG CountOfOwnedCriticalSections; /* 038/006c */
PVOID CsrClientThread; /* 03c/0070 */
PVOID Win32ThreadInfo; /* 040/0078 */
ULONG User32Reserved[26]; /* 044/0080 */
ULONG UserReserved[5]; /* 0ac/00e8 */
PVOID WOW32Reserved; /* 0c0/0100 */
ULONG CurrentLocale; /* 0c4/0108 */
ULONG FpSoftwareStatusRegister; /* 0c8/010c */
PVOID ReservedForDebuggerInstrumentation[16]; /* 0cc/0110 */
#ifdef _WIN64
PVOID SystemReserved1[30]; /* /0190 */
#else
PVOID SystemReserved1[26]; /* 10c/ used for krnl386 private data in Wine */
#endif
char PlaceholderCompatibilityMode; /* 174/0280 */
char PlaceholderReserved[11]; /* 175/0281 */
DWORD ProxiedProcessId; /* 180/028c */
ACTIVATION_CONTEXT_STACK ActivationContextStack; /* 184/0290 */
UCHAR WorkingOnBehalfOfTicket[8]; /* 19c/02b8 */
LONG ExceptionCode; /* 1a4/02c0 */
ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 1a8/02c8 */
ULONG_PTR InstrumentationCallbackSp; /* 1ac/02d0 */
ULONG_PTR InstrumentationCallbackPreviousPc; /* 1b0/02d8 */
ULONG_PTR InstrumentationCallbackPreviousSp; /* 1b4/02e0 */
#ifdef _WIN64
ULONG TxFsContext; /* /02e8 */
BOOLEAN InstrumentationCallbackDisabled; /* /02ec */
#else
BOOLEAN InstrumentationCallbackDisabled; /* 1b8/ */
BYTE SpareBytes1[23]; /* 1b9/ */
ULONG TxFsContext; /* 1d0/ */
#endif
GDI_TEB_BATCH GdiTebBatch; /* 1d4/02f0 used for ntdll private data in Wine */
CLIENT_ID RealClientId; /* 6b4/07d8 */
HANDLE GdiCachedProcessHandle; /* 6bc/07e8 */
ULONG GdiClientPID; /* 6c0/07f0 */
ULONG GdiClientTID; /* 6c4/07f4 */
PVOID GdiThreadLocaleInfo; /* 6c8/07f8 */
ULONG_PTR Win32ClientInfo[62]; /* 6cc/0800 used for user32 private data in Wine */
PVOID glDispatchTable[233]; /* 7c4/09f0 */
PVOID glReserved1[29]; /* b68/1138 */
PVOID glReserved2; /* bdc/1220 */
PVOID glSectionInfo; /* be0/1228 */
PVOID glSection; /* be4/1230 */
PVOID glTable; /* be8/1238 */
PVOID glCurrentRC; /* bec/1240 */
PVOID glContext; /* bf0/1248 */
ULONG LastStatusValue; /* bf4/1250 */
UNICODE_STRING StaticUnicodeString; /* bf8/1258 */
WCHAR StaticUnicodeBuffer[261]; /* c00/1268 */
PVOID DeallocationStack; /* e0c/1478 */
PVOID TlsSlots[64]; /* e10/1480 */
LIST_ENTRY TlsLinks; /* f10/1680 */
PVOID Vdm; /* f18/1690 */
PVOID ReservedForNtRpc; /* f1c/1698 */
PVOID DbgSsReserved[2]; /* f20/16a0 */
ULONG HardErrorDisabled; /* f28/16b0 */
PVOID Instrumentation[16]; /* f2c/16b8 */
PVOID WinSockData; /* f6c/1738 */
ULONG GdiBatchCount; /* f70/1740 */
ULONG Spare2; /* f74/1744 */
ULONG GuaranteedStackBytes; /* f78/1748 */
PVOID ReservedForPerf; /* f7c/1750 */
PVOID ReservedForOle; /* f80/1758 */
ULONG WaitingOnLoaderLock; /* f84/1760 */
PVOID Reserved5[3]; /* f88/1768 */
PVOID *TlsExpansionSlots; /* f94/1780 */
#ifdef _WIN64
PVOID DeallocationBStore; /* /1788 */
PVOID BStoreLimit; /* /1790 */
#endif
ULONG ImpersonationLocale; /* f98/1798 */
ULONG IsImpersonating; /* f9c/179c */
PVOID NlsCache; /* fa0/17a0 */
PVOID ShimData; /* fa4/17a8 */
ULONG HeapVirtualAffinity; /* fa8/17b0 */
PVOID CurrentTransactionHandle; /* fac/17b8 */
TEB_ACTIVE_FRAME *ActiveFrame; /* fb0/17c0 */
TEB_FLS_DATA *FlsSlots; /* fb4/17c8 */
PVOID PreferredLanguages; /* fb8/17d0 */
PVOID UserPrefLanguages; /* fbc/17d8 */
PVOID MergedPrefLanguages; /* fc0/17e0 */
ULONG MuiImpersonation; /* fc4/17e8 */
USHORT CrossTebFlags; /* fc8/17ec */
USHORT SameTebFlags; /* fca/17ee */
PVOID TxnScopeEnterCallback; /* fcc/17f0 */
PVOID TxnScopeExitCallback; /* fd0/17f8 */
PVOID TxnScopeContext; /* fd4/1800 */
ULONG LockCount; /* fd8/1808 */
LONG WowTebOffset; /* fdc/180c */
PVOID ResourceRetValue; /* fe0/1810 */
PVOID ReservedForWdf; /* fe4/1818 */
ULONGLONG ReservedForCrt; /* fe8/1820 */
GUID EffectiveContainerId; /* ff0/1828 */
} TEB, *PTEB;
/***********************************************************************
* The 32-bit/64-bit version of the PEB and TEB for WoW64
*/
typedef struct _NT_TIB32
{
ULONG ExceptionList; /* 0000 */
ULONG StackBase; /* 0004 */
ULONG StackLimit; /* 0008 */
ULONG SubSystemTib; /* 000c */
ULONG FiberData; /* 0010 */
ULONG ArbitraryUserPointer; /* 0014 */
ULONG Self; /* 0018 */
} NT_TIB32;
typedef struct _NT_TIB64
{
ULONG64 ExceptionList; /* 0000 */
ULONG64 StackBase; /* 0008 */
ULONG64 StackLimit; /* 0010 */
ULONG64 SubSystemTib; /* 0018 */
ULONG64 FiberData; /* 0020 */
ULONG64 ArbitraryUserPointer; /* 0028 */
ULONG64 Self; /* 0030 */
} NT_TIB64;
typedef struct _CLIENT_ID32
{
ULONG UniqueProcess;
ULONG UniqueThread;
} CLIENT_ID32;
typedef struct _CLIENT_ID64
{
ULONG64 UniqueProcess;
ULONG64 UniqueThread;
} CLIENT_ID64;
typedef struct _LIST_ENTRY32
{
ULONG Flink;
ULONG Blink;
} LIST_ENTRY32;
typedef struct _LIST_ENTRY64
{
ULONG64 Flink;
ULONG64 Blink;
} LIST_ENTRY64;
typedef struct _UNICODE_STRING32
{
USHORT Length;
USHORT MaximumLength;
ULONG Buffer;
} UNICODE_STRING32;
typedef struct _UNICODE_STRING64
{
USHORT Length;
USHORT MaximumLength;
ULONG64 Buffer;
} UNICODE_STRING64;
typedef struct _ACTIVATION_CONTEXT_STACK32
{
ULONG ActiveFrame;
LIST_ENTRY32 FrameListCache;
ULONG Flags;
ULONG NextCookieSequenceNumber;
ULONG32 StackId;
} ACTIVATION_CONTEXT_STACK32;
typedef struct _ACTIVATION_CONTEXT_STACK64
{
ULONG64 ActiveFrame;
LIST_ENTRY64 FrameListCache;
ULONG Flags;
ULONG NextCookieSequenceNumber;
ULONG64 StackId;
} ACTIVATION_CONTEXT_STACK64;
typedef struct _PEB_LDR_DATA32
{
ULONG Length;
BOOLEAN Initialized;
ULONG SsHandle;
LIST_ENTRY32 InLoadOrderModuleList;
LIST_ENTRY32 InMemoryOrderModuleList;
LIST_ENTRY32 InInitializationOrderModuleList;
ULONG EntryInProgress;
BOOLEAN ShutdownInProgress;
ULONG ShutdownThreadId;
} PEB_LDR_DATA32, *PPEB_LDR_DATA32;
typedef struct _PEB_LDR_DATA64
{
ULONG Length;
BOOLEAN Initialized;
ULONG64 SsHandle;
LIST_ENTRY64 InLoadOrderModuleList;
LIST_ENTRY64 InMemoryOrderModuleList;
LIST_ENTRY64 InInitializationOrderModuleList;
ULONG64 EntryInProgress;
BOOLEAN ShutdownInProgress;
ULONG64 ShutdownThreadId;
} PEB_LDR_DATA64, *PPEB_LDR_DATA64;
typedef struct _PEB32
{
BOOLEAN InheritedAddressSpace; /* 0000 */
BOOLEAN ReadImageFileExecOptions; /* 0001 */
BOOLEAN BeingDebugged; /* 0002 */
BOOLEAN SpareBool; /* 0003 */
ULONG Mutant; /* 0004 */
ULONG ImageBaseAddress; /* 0008 */
ULONG LdrData; /* 000c */
ULONG ProcessParameters; /* 0010 */
ULONG SubSystemData; /* 0014 */
ULONG ProcessHeap; /* 0018 */
ULONG FastPebLock; /* 001c */
ULONG FastPebLockRoutine; /* 0020 */
ULONG FastPebUnlockRoutine; /* 0024 */
ULONG EnvironmentUpdateCount; /* 0028 */
ULONG KernelCallbackTable; /* 002c */
ULONG Reserved; /* 0030 */
ULONG AtlThunkSListPtr32; /* 0034 */
ULONG FreeList; /* 0038 */
ULONG TlsExpansionCounter; /* 003c */
ULONG TlsBitmap; /* 0040 */
ULONG TlsBitmapBits[2]; /* 0044 */
ULONG ReadOnlySharedMemoryBase; /* 004c */
ULONG ReadOnlySharedMemoryHeap; /* 0050 */
ULONG ReadOnlyStaticServerData; /* 0054 */
ULONG AnsiCodePageData; /* 0058 */
ULONG OemCodePageData; /* 005c */
ULONG UnicodeCaseTableData; /* 0060 */
ULONG NumberOfProcessors; /* 0064 */
ULONG NtGlobalFlag; /* 0068 */
LARGE_INTEGER CriticalSectionTimeout; /* 0070 */
ULONG HeapSegmentReserve; /* 0078 */
ULONG HeapSegmentCommit; /* 007c */
ULONG HeapDeCommitTotalFreeThreshold; /* 0080 */
ULONG HeapDeCommitFreeBlockThreshold; /* 0084 */
ULONG NumberOfHeaps; /* 0088 */
ULONG MaximumNumberOfHeaps; /* 008c */
ULONG ProcessHeaps; /* 0090 */
ULONG GdiSharedHandleTable; /* 0094 */
ULONG ProcessStarterHelper; /* 0098 */
ULONG GdiDCAttributeList; /* 009c */
ULONG LoaderLock; /* 00a0 */
ULONG OSMajorVersion; /* 00a4 */
ULONG OSMinorVersion; /* 00a8 */
ULONG OSBuildNumber; /* 00ac */
ULONG OSPlatformId; /* 00b0 */
ULONG ImageSubSystem; /* 00b4 */
ULONG ImageSubSystemMajorVersion; /* 00b8 */
ULONG ImageSubSystemMinorVersion; /* 00bc */
ULONG ImageProcessAffinityMask; /* 00c0 */
ULONG GdiHandleBuffer[28]; /* 00c4 */
ULONG unknown[6]; /* 0134 */
ULONG PostProcessInitRoutine; /* 014c */
ULONG TlsExpansionBitmap; /* 0150 */
ULONG TlsExpansionBitmapBits[32]; /* 0154 */
ULONG SessionId; /* 01d4 */
ULARGE_INTEGER AppCompatFlags; /* 01d8 */
ULARGE_INTEGER AppCompatFlagsUser; /* 01e0 */
ULONG ShimData; /* 01e8 */
ULONG AppCompatInfo; /* 01ec */
UNICODE_STRING CSDVersion; /* 01f0 */
ULONG ActivationContextData; /* 01f8 */
ULONG ProcessAssemblyStorageMap; /* 01fc */
ULONG SystemDefaultActivationData; /* 0200 */
ULONG SystemAssemblyStorageMap; /* 0204 */
ULONG MinimumStackCommit; /* 0208 */
ULONG FlsCallback; /* 020c */
LIST_ENTRY FlsListHead; /* 0210 */
ULONG FlsBitmap; /* 0218 */
ULONG FlsBitmapBits[4]; /* 021c */
ULONG FlsHighIndex; /* 022c */
ULONG WerRegistrationData; /* 0230 */
ULONG WerShipAssertPtr; /* 0234 */
ULONG pUnused; /* 0238 */
ULONG pImageHeaderHash; /* 023c */
ULONG TracingFlags; /* 0240 */
ULONGLONG CsrServerReadOnlySharedMemoryBase; /* 0248 */
ULONG TppWorkerpListLock; /* 0250 */
LIST_ENTRY TppWorkerpList; /* 0254 */
ULONG WaitOnAddressHashTable [0x80]; /* 025c */
ULONG TelemetryCoverageHeader; /* 045c */
ULONG CloudFileFlags; /* 0460 */
ULONG CloudFileDiagFlags; /* 0464 */
CHAR PlaceholderCompatibilityMode; /* 0468 */
CHAR PlaceholderCompatibilityModeReserved[7]; /* 0469 */
ULONG LeapSecondData; /* 0470 */
ULONG LeapSecondFlags; /* 0474 */
ULONG NtGlobalFlag2; /* 0478 */
} PEB32;
typedef struct _PEB64
{
BOOLEAN InheritedAddressSpace; /* 0000 */
BOOLEAN ReadImageFileExecOptions; /* 0001 */
BOOLEAN BeingDebugged; /* 0002 */
BOOLEAN SpareBool; /* 0003 */
ULONG64 Mutant; /* 0008 */
ULONG64 ImageBaseAddress; /* 0010 */
ULONG64 LdrData; /* 0018 */
ULONG64 ProcessParameters; /* 0020 */
ULONG64 SubSystemData; /* 0028 */
ULONG64 ProcessHeap; /* 0030 */
ULONG64 FastPebLock; /* 0038 */
ULONG64 FastPebLockRoutine; /* 0040 */
ULONG64 FastPebUnlockRoutine; /* 0048 */
ULONG EnvironmentUpdateCount; /* 0050 */
ULONG64 KernelCallbackTable; /* 0058 */
ULONG Reserved; /* 0060 */
ULONG AtlThunkSListPtr32; /* 0064 */
ULONG64 FreeList; /* 0068 */
ULONG TlsExpansionCounter; /* 0070 */
ULONG64 TlsBitmap; /* 0078 */
ULONG TlsBitmapBits[2]; /* 0080 */
ULONG64 ReadOnlySharedMemoryBase; /* 0088 */
ULONG64 ReadOnlySharedMemoryHeap; /* 0090 */
ULONG64 ReadOnlyStaticServerData; /* 0098 */
ULONG64 AnsiCodePageData; /* 00a0 */
ULONG64 OemCodePageData; /* 00a8 */
ULONG64 UnicodeCaseTableData; /* 00b0 */
ULONG NumberOfProcessors; /* 00b8 */
ULONG NtGlobalFlag; /* 00bc */
LARGE_INTEGER CriticalSectionTimeout; /* 00c0 */
ULONG64 HeapSegmentReserve; /* 00c8 */
ULONG64 HeapSegmentCommit; /* 00d0 */
ULONG64 HeapDeCommitTotalFreeThreshold; /* 00d8 */
ULONG64 HeapDeCommitFreeBlockThreshold; /* 00e0 */
ULONG NumberOfHeaps; /* 00e8 */
ULONG MaximumNumberOfHeaps; /* 00ec */
ULONG64 ProcessHeaps; /* 00f0 */
ULONG64 GdiSharedHandleTable; /* 00f8 */
ULONG64 ProcessStarterHelper; /* 0100 */
ULONG64 GdiDCAttributeList; /* 0108 */
ULONG64 LoaderLock; /* 0110 */
ULONG OSMajorVersion; /* 0118 */
ULONG OSMinorVersion; /* 011c */
ULONG OSBuildNumber; /* 0120 */
ULONG OSPlatformId; /* 0124 */
ULONG ImageSubSystem; /* 0128 */
ULONG ImageSubSystemMajorVersion; /* 012c */
ULONG ImageSubSystemMinorVersion; /* 0130 */
ULONG ImageProcessAffinityMask; /* 0134 */
ULONG64 GdiHandleBuffer[28]; /* 0138 */
ULONG unknown[6]; /* 0218 */
ULONG64 PostProcessInitRoutine; /* 0230 */
ULONG64 TlsExpansionBitmap; /* 0238 */
ULONG TlsExpansionBitmapBits[32]; /* 0240 */
ULONG SessionId; /* 02c0 */
ULARGE_INTEGER AppCompatFlags; /* 02c8 */
ULARGE_INTEGER AppCompatFlagsUser; /* 02d0 */
ULONG64 ShimData; /* 02d8 */
ULONG64 AppCompatInfo; /* 02e0 */
UNICODE_STRING64 CSDVersion; /* 02e8 */
ULONG64 ActivationContextData; /* 02f8 */
ULONG64 ProcessAssemblyStorageMap; /* 0300 */
ULONG64 SystemDefaultActivationData; /* 0308 */
ULONG64 SystemAssemblyStorageMap; /* 0310 */
ULONG64 MinimumStackCommit; /* 0318 */
ULONG64 FlsCallback; /* 0320 */
LIST_ENTRY64 FlsListHead; /* 0328 */
ULONG64 FlsBitmap; /* 0338 */
ULONG FlsBitmapBits[4]; /* 0340 */
ULONG FlsHighIndex; /* 0350 */
ULONG64 WerRegistrationData; /* 0358 */
ULONG64 WerShipAssertPtr; /* 0360 */
ULONG64 pUnused; /* 0368 */
ULONG64 pImageHeaderHash; /* 0370 */
ULONG TracingFlags; /* 0378 */
ULONGLONG CsrServerReadOnlySharedMemoryBase; /* 0380 */
ULONG TppWorkerpListLock; /* 0388 */
LIST_ENTRY64 TppWorkerpList; /* 0390 */
ULONG64 WaitOnAddressHashTable [0x80]; /* 03a0 */
ULONG64 TelemetryCoverageHeader; /* 07a0 */
ULONG CloudFileFlags; /* 07a8 */
ULONG CloudFileDiagFlags; /* 07ac */
CHAR PlaceholderCompatibilityMode; /* 07b0 */
CHAR PlaceholderCompatibilityModeReserved[7]; /* 07b1 */
ULONG64 LeapSecondData; /* 07b8 */
ULONG LeapSecondFlags; /* 07c0 */
ULONG NtGlobalFlag2; /* 07c4 */
} PEB64;
typedef struct _TEB32
{
NT_TIB32 Tib; /* 0000 */
ULONG EnvironmentPointer; /* 001c */
CLIENT_ID32 ClientId; /* 0020 */
ULONG ActiveRpcHandle; /* 0028 */
ULONG ThreadLocalStoragePointer; /* 002c */
ULONG Peb; /* 0030 */
ULONG LastErrorValue; /* 0034 */
ULONG CountOfOwnedCriticalSections; /* 0038 */
ULONG CsrClientThread; /* 003c */
ULONG Win32ThreadInfo; /* 0040 */
ULONG User32Reserved[26]; /* 0044 */
ULONG UserReserved[5]; /* 00ac */
ULONG WOW32Reserved; /* 00c0 */
ULONG CurrentLocale; /* 00c4 */
ULONG FpSoftwareStatusRegister; /* 00c8 */
ULONG ReservedForDebuggerInstrumentation[16]; /* 00cc */
ULONG SystemReserved1[26]; /* 010c */
char PlaceholderCompatibilityMode; /* 0174 */
char PlaceholderReserved[11]; /* 0175 */
DWORD ProxiedProcessId; /* 0180 */
ACTIVATION_CONTEXT_STACK32 ActivationContextStack; /* 0184 */
UCHAR WorkingOnBehalfOfTicket[8]; /* 019c */
LONG ExceptionCode; /* 01a4 */
ULONG ActivationContextStackPointer; /* 01a8 */
ULONG InstrumentationCallbackSp; /* 01ac */
ULONG InstrumentationCallbackPreviousPc; /* 01b0 */
ULONG InstrumentationCallbackPreviousSp; /* 01b4 */
BOOLEAN InstrumentationCallbackDisabled; /* 01b8 */
BYTE SpareBytes1[23]; /* 01b9 */
ULONG TxFsContext; /* 01d0 */
ULONG GdiTebBatch[0x138]; /* 01d4 */
CLIENT_ID32 RealClientId; /* 06b4 */
ULONG GdiCachedProcessHandle; /* 06bc */
ULONG GdiClientPID; /* 06c0 */
ULONG GdiClientTID; /* 06c4 */
ULONG GdiThreadLocaleInfo; /* 06c8 */
ULONG Win32ClientInfo[62]; /* 06cc */
ULONG glDispatchTable[233]; /* 07c4 */
ULONG glReserved1[29]; /* 0b68 */
ULONG glReserved2; /* 0bdc */
ULONG glSectionInfo; /* 0be0 */
ULONG glSection; /* 0be4 */
ULONG glTable; /* 0be8 */
ULONG glCurrentRC; /* 0bec */
ULONG glContext; /* 0bf0 */
ULONG LastStatusValue; /* 0bf4 */
UNICODE_STRING32 StaticUnicodeString; /* 0bf8 */
WCHAR StaticUnicodeBuffer[261]; /* 0c00 */
ULONG DeallocationStack; /* 0e0c */
ULONG TlsSlots[64]; /* 0e10 */
LIST_ENTRY32 TlsLinks; /* 0f10 */
ULONG Vdm; /* 0f18 */
ULONG ReservedForNtRpc; /* 0f1c */
ULONG DbgSsReserved[2]; /* 0f20 */
ULONG HardErrorDisabled; /* 0f28 */
ULONG Instrumentation[16]; /* 0f2c */
ULONG WinSockData; /* 0f6c */
ULONG GdiBatchCount; /* 0f70 */
ULONG Spare2; /* 0f74 */
ULONG GuaranteedStackBytes; /* 0f78 */
ULONG ReservedForPerf; /* 0f7c */
ULONG ReservedForOle; /* 0f80 */
ULONG WaitingOnLoaderLock; /* 0f84 */
ULONG Reserved5[3]; /* 0f88 */
ULONG TlsExpansionSlots; /* 0f94 */
ULONG ImpersonationLocale; /* 0f98 */
ULONG IsImpersonating; /* 0f9c */
ULONG NlsCache; /* 0fa0 */
ULONG ShimData; /* 0fa4 */
ULONG HeapVirtualAffinity; /* 0fa8 */
ULONG CurrentTransactionHandle; /* 0fac */
ULONG ActiveFrame; /* 0fb0 */
ULONG FlsSlots; /* 0fb4 */
ULONG PreferredLanguages; /* 0fb8 */
ULONG UserPrefLanguages; /* 0fbc */
ULONG MergedPrefLanguages; /* 0fc0 */
ULONG MuiImpersonation; /* 0fc4 */
USHORT CrossTebFlags; /* 0fc8 */
USHORT SameTebFlags; /* 0fca */
ULONG TxnScopeEnterCallback; /* 0fcc */
ULONG TxnScopeExitCallback; /* 0fd0 */
ULONG TxnScopeContext; /* 0fd4 */
ULONG LockCount; /* 0fd8 */
LONG WowTebOffset; /* 0fdc */
ULONG ResourceRetValue; /* 0fe0 */
ULONG ReservedForWdf; /* 0fe4 */
ULONGLONG ReservedForCrt; /* 0fe8 */
GUID EffectiveContainerId; /* 0ff0 */
} TEB32;
typedef struct _TEB64
{
NT_TIB64 Tib; /* 0000 */
ULONG64 EnvironmentPointer; /* 0038 */
CLIENT_ID64 ClientId; /* 0040 */
ULONG64 ActiveRpcHandle; /* 0050 */
ULONG64 ThreadLocalStoragePointer; /* 0058 */
ULONG64 Peb; /* 0060 */
ULONG LastErrorValue; /* 0068 */
ULONG CountOfOwnedCriticalSections; /* 006c */
ULONG64 CsrClientThread; /* 0070 */
ULONG64 Win32ThreadInfo; /* 0078 */
ULONG User32Reserved[26]; /* 0080 */
ULONG UserReserved[5]; /* 00e8 */
ULONG64 WOW32Reserved; /* 0100 */
ULONG CurrentLocale; /* 0108 */
ULONG FpSoftwareStatusRegister; /* 010c */
ULONG64 ReservedForDebuggerInstrumentation[16]; /* 0110 */
ULONG64 SystemReserved1[30]; /* 0190 */
char PlaceholderCompatibilityMode; /* 0280 */
char PlaceholderReserved[11]; /* 0281 */
DWORD ProxiedProcessId; /* 028c */
ACTIVATION_CONTEXT_STACK64 ActivationContextStack; /* 0290 */
UCHAR WorkingOnBehalfOfTicket[8]; /* 02b8 */
LONG ExceptionCode; /* 02c0 */
ULONG64 ActivationContextStackPointer; /* 02c8 */
ULONG64 InstrumentationCallbackSp; /* 02d0 */
ULONG64 InstrumentationCallbackPreviousPc; /* 02d8 */
ULONG64 InstrumentationCallbackPreviousSp; /* 02e0 */
ULONG TxFsContext; /* 02e8 */
BOOLEAN InstrumentationCallbackDisabled; /* 02ec */
ULONG64 GdiTebBatch[0x9d]; /* 02f0 */
CLIENT_ID64 RealClientId; /* 07d8 */
ULONG64 GdiCachedProcessHandle; /* 07e8 */
ULONG GdiClientPID; /* 07f0 */
ULONG GdiClientTID; /* 07f4 */
ULONG64 GdiThreadLocaleInfo; /* 07f8 */
ULONG64 Win32ClientInfo[62]; /* 0800 */
ULONG64 glDispatchTable[233]; /* 09f0 */
ULONG64 glReserved1[29]; /* 1138 */
ULONG64 glReserved2; /* 1220 */
ULONG64 glSectionInfo; /* 1228 */
ULONG64 glSection; /* 1230 */
ULONG64 glTable; /* 1238 */
ULONG64 glCurrentRC; /* 1240 */
ULONG64 glContext; /* 1248 */
ULONG LastStatusValue; /* 1250 */
UNICODE_STRING64 StaticUnicodeString; /* 1258 */
WCHAR StaticUnicodeBuffer[261]; /* 1268 */
ULONG64 DeallocationStack; /* 1478 */
ULONG64 TlsSlots[64]; /* 1480 */
LIST_ENTRY64 TlsLinks; /* 1680 */
ULONG64 Vdm; /* 1690 */
ULONG64 ReservedForNtRpc; /* 1698 */
ULONG64 DbgSsReserved[2]; /* 16a0 */
ULONG HardErrorDisabled; /* 16b0 */
ULONG64 Instrumentation[16]; /* 16b8 */
ULONG64 WinSockData; /* 1738 */
ULONG GdiBatchCount; /* 1740 */
ULONG Spare2; /* 1744 */
ULONG GuaranteedStackBytes; /* 1748 */
ULONG64 ReservedForPerf; /* 1750 */
ULONG64 ReservedForOle; /* 1758 */
ULONG WaitingOnLoaderLock; /* 1760 */
ULONG64 Reserved5[3]; /* 1768 */
ULONG64 TlsExpansionSlots; /* 1780 */
ULONG64 DeallocationBStore; /* 1788 */
ULONG64 BStoreLimit; /* 1790 */
ULONG ImpersonationLocale; /* 1798 */
ULONG IsImpersonating; /* 179c */
ULONG64 NlsCache; /* 17a0 */
ULONG64 ShimData; /* 17a8 */
ULONG HeapVirtualAffinity; /* 17b0 */
ULONG64 CurrentTransactionHandle; /* 17b8 */
ULONG64 ActiveFrame; /* 17c0 */
ULONG64 FlsSlots; /* 17c8 */
ULONG64 PreferredLanguages; /* 17d0 */
ULONG64 UserPrefLanguages; /* 17d8 */
ULONG64 MergedPrefLanguages; /* 17e0 */
ULONG MuiImpersonation; /* 17e8 */
USHORT CrossTebFlags; /* 17ec */
USHORT SameTebFlags; /* 17ee */
ULONG64 TxnScopeEnterCallback; /* 17f0 */
ULONG64 TxnScopeExitCallback; /* 17f8 */
ULONG64 TxnScopeContext; /* 1800 */
ULONG LockCount; /* 1808 */
LONG WowTebOffset; /* 180c */
ULONG64 ResourceRetValue; /* 1810 */
ULONG64 ReservedForWdf; /* 1818 */
ULONGLONG ReservedForCrt; /* 1820 */
GUID EffectiveContainerId; /* 1828 */
} TEB64;
/* reserved TEB64 TLS slots for Wow64 */
#define WOW64_TLS_FILESYSREDIR 8
/***********************************************************************
* Enums
*/
typedef enum _FILE_INFORMATION_CLASS {
FileDirectoryInformation = 1,
FileFullDirectoryInformation,
FileBothDirectoryInformation,
FileBasicInformation,
FileStandardInformation,
FileInternalInformation,
FileEaInformation,
FileAccessInformation,
FileNameInformation,
FileRenameInformation,
FileLinkInformation,
FileNamesInformation,
FileDispositionInformation,
FilePositionInformation,
FileFullEaInformation,
FileModeInformation,
FileAlignmentInformation,
FileAllInformation,
FileAllocationInformation,
FileEndOfFileInformation,
FileAlternateNameInformation,
FileStreamInformation,
FilePipeInformation,
FilePipeLocalInformation,
FilePipeRemoteInformation,
FileMailslotQueryInformation,
FileMailslotSetInformation,
FileCompressionInformation,
FileObjectIdInformation,
FileCompletionInformation,
FileMoveClusterInformation,
FileQuotaInformation,
FileReparsePointInformation,
FileNetworkOpenInformation,
FileAttributeTagInformation,
FileTrackingInformation,
FileIdBothDirectoryInformation,
FileIdFullDirectoryInformation,
FileValidDataLengthInformation,
FileShortNameInformation,
FileIoCompletionNotificationInformation,
FileIoStatusBlockRangeInformation,
FileIoPriorityHintInformation,
FileSfioReserveInformation,
FileSfioVolumeInformation,
FileHardLinkInformation,
FileProcessIdsUsingFileInformation,
FileNormalizedNameInformation,
FileNetworkPhysicalNameInformation,
FileIdGlobalTxDirectoryInformation,
FileIsRemoteDeviceInformation,
FileAttributeCacheInformation,
FileNumaNodeInformation,
FileStandardLinkInformation,
FileRemoteProtocolInformation,
FileRenameInformationBypassAccessCheck,
FileLinkInformationBypassAccessCheck,
FileVolumeNameInformation,
FileIdInformation,
FileIdExtdDirectoryInformation,
FileReplaceCompletionInformation,
FileHardLinkFullIdInformation,
FileIdExtdBothDirectoryInformation,
FileMaximumInformation
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
typedef struct _FILE_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
WCHAR FileName[ANYSIZE_ARRAY];
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
WCHAR FileName[ANYSIZE_ARRAY];
} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION,
FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
LARGE_INTEGER FileId;
WCHAR FileName[ANYSIZE_ARRAY];
} FILE_ID_FULL_DIRECTORY_INFORMATION, *PFILE_ID_FULL_DIRECTORY_INFORMATION;
typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CHAR ShortNameLength;
WCHAR ShortName[12];
WCHAR FileName[ANYSIZE_ARRAY];
} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION,
FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
typedef struct _FILE_ID_BOTH_DIRECTORY_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
ULONG EaSize;
CHAR ShortNameLength;
WCHAR ShortName[12];
LARGE_INTEGER FileId;
WCHAR FileName[ANYSIZE_ARRAY];
} FILE_ID_BOTH_DIRECTORY_INFORMATION, *PFILE_ID_BOTH_DIRECTORY_INFORMATION;
typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER EndOfFile;
LARGE_INTEGER AllocationSize;
ULONG FileAttributes;
ULONG FileNameLength;
LARGE_INTEGER FileId;
GUID LockingTransactionId;
ULONG TxInfoFlags;
WCHAR FileName[ANYSIZE_ARRAY];
} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
typedef struct _FILE_BASIC_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
ULONG FileAttributes;
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
typedef struct _FILE_STANDARD_INFORMATION {
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG NumberOfLinks;
BOOLEAN DeletePending;
BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
typedef struct _FILE_INTERNAL_INFORMATION {
LARGE_INTEGER IndexNumber;
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
typedef struct _FILE_ID_128 {
UCHAR Identifier[16];
} FILE_ID_128, *PFILE_ID_128;
typedef struct _FILE_ID_INFORMATION {
ULONGLONG VolumeSerialNumber;
FILE_ID_128 FileId;
} FILE_ID_INFORMATION, *PFILE_ID_INFORMATION;
typedef struct _FILE_EA_INFORMATION {
ULONG EaSize;
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
typedef struct _FILE_ACCESS_INFORMATION {
ACCESS_MASK AccessFlags;
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
typedef struct _FILE_NAME_INFORMATION {
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
typedef struct _FILE_LINK_INFORMATION {
BOOLEAN ReplaceIfExists;
HANDLE RootDirectory;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
typedef struct _FILE_NAMES_INFORMATION {
ULONG NextEntryOffset;
ULONG FileIndex;
ULONG FileNameLength;
WCHAR FileName[1];
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
typedef struct _FILE_DISPOSITION_INFORMATION {
BOOLEAN DoDeleteFile;
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
typedef struct _FILE_POSITION_INFORMATION {
LARGE_INTEGER CurrentByteOffset;
} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
typedef struct _FILE_ALIGNMENT_INFORMATION {
ULONG AlignmentRequirement;
} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
typedef struct _FILE_ALLOCATION_INFORMATION {
LARGE_INTEGER AllocationSize;
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
typedef struct _FILE_END_OF_FILE_INFORMATION {
LARGE_INTEGER EndOfFile;
} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
typedef struct _FILE_NETWORK_OPEN_INFORMATION {
LARGE_INTEGER CreationTime;
LARGE_INTEGER LastAccessTime;
LARGE_INTEGER LastWriteTime;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER AllocationSize;
LARGE_INTEGER EndOfFile;
ULONG FileAttributes;
} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
typedef struct _FILE_FULL_EA_INFORMATION {
ULONG NextEntryOffset;
UCHAR Flags;
UCHAR EaNameLength;
USHORT EaValueLength;
CHAR EaName[1];
} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
typedef struct _FILE_MODE_INFORMATION {
ULONG Mode;
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
typedef struct _FILE_STREAM_INFORMATION
{
ULONG NextEntryOffset;
ULONG StreamNameLength;
LARGE_INTEGER StreamSize;
LARGE_INTEGER StreamAllocationSize;
WCHAR StreamName[1];
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
{
ULONG FileAttributes;
ULONG ReparseTag;
} FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION;
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
ULONG MaximumMessageSize;
ULONG MailslotQuota;
ULONG NextMessageSize;
ULONG MessagesAvailable;
LARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
LARGE_INTEGER ReadTimeout;
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
typedef struct _FILE_PIPE_INFORMATION {
ULONG ReadMode;
ULONG CompletionMode;
} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
typedef struct _FILE_PIPE_LOCAL_INFORMATION {
ULONG NamedPipeType;
ULONG NamedPipeConfiguration;
ULONG MaximumInstances;
ULONG CurrentInstances;
ULONG InboundQuota;
ULONG ReadDataAvailable;
ULONG OutboundQuota;
ULONG WriteQuotaAvailable;
ULONG NamedPipeState;
ULONG NamedPipeEnd;
} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
#define FILE_PIPE_LISTENING_STATE 0x00000002
#define FILE_PIPE_CONNECTED_STATE 0x00000003
#define FILE_PIPE_CLOSING_STATE 0x00000004
typedef struct _FILE_OBJECTID_BUFFER
{
BYTE ObjectId[16];
union
{
struct
{
BYTE BirthVolumeId[16];
BYTE BirthObjectId[16];
BYTE DomainId[16];
} DUMMYSTRUCTNAME;
BYTE ExtendedInfo[48];
} DUMMYUNIONNAME;
} FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER;
typedef struct _FILE_OBJECTID_INFORMATION {
LONGLONG FileReference;
UCHAR ObjectId[16];
union {
struct {
UCHAR BirthVolumeId[16];
UCHAR BirthObjectId[16];
UCHAR DomainId[16];
} DUMMYSTRUCTNAME;
UCHAR ExtendedInfo[48];
} DUMMYUNIONNAME;
} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
typedef struct _FILE_QUOTA_INFORMATION {
ULONG NextEntryOffset;
ULONG SidLength;
LARGE_INTEGER ChangeTime;
LARGE_INTEGER QuotaUsed;
LARGE_INTEGER QuotaThreshold;
LARGE_INTEGER QuotaLimit;
SID Sid;
} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
typedef struct _FILE_REPARSE_POINT_INFORMATION {
LONGLONG FileReference;
ULONG Tag;
} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
typedef struct _FILE_ALL_INFORMATION {
FILE_BASIC_INFORMATION BasicInformation;
FILE_STANDARD_INFORMATION StandardInformation;
FILE_INTERNAL_INFORMATION InternalInformation;
FILE_EA_INFORMATION EaInformation;
FILE_ACCESS_INFORMATION AccessInformation;
FILE_POSITION_INFORMATION PositionInformation;
FILE_MODE_INFORMATION ModeInformation;
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
FILE_NAME_INFORMATION NameInformation;
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION {
ULONG Flags;
} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION, *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
#define FILE_SKIP_COMPLETION_PORT_ON_SUCCESS 0x1
#define FILE_SKIP_SET_EVENT_ON_HANDLE 0x2
#define FILE_SKIP_SET_USER_EVENT_ON_FAST_IO 0x4
typedef enum _FSINFOCLASS {
FileFsVolumeInformation = 1,
FileFsLabelInformation,
FileFsSizeInformation,
FileFsDeviceInformation,
FileFsAttributeInformation,
FileFsControlInformation,
FileFsFullSizeInformation,
FileFsObjectIdInformation,
FileFsMaximumInformation
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation,
KeyNodeInformation,
KeyFullInformation,
KeyNameInformation,
KeyCachedInformation,
KeyFlagsInformation,
KeyVirtualizationInformation,
KeyHandleTagsInformation,
MaxKeyInfoClass
} KEY_INFORMATION_CLASS;
typedef enum _KEY_VALUE_INFORMATION_CLASS {
KeyValueBasicInformation,
KeyValueFullInformation,
KeyValuePartialInformation,
KeyValueFullInformationAlign64,
KeyValuePartialInformationAlign64
} KEY_VALUE_INFORMATION_CLASS;
typedef enum _OBJECT_INFORMATION_CLASS {
ObjectBasicInformation,
ObjectNameInformation,
ObjectTypeInformation,
ObjectTypesInformation,
ObjectDataInformation
} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
typedef enum _PROCESSINFOCLASS {
ProcessBasicInformation = 0,
ProcessQuotaLimits = 1,
ProcessIoCounters = 2,
ProcessVmCounters = 3,
ProcessTimes = 4,
ProcessBasePriority = 5,
ProcessRaisePriority = 6,
ProcessDebugPort = 7,
ProcessExceptionPort = 8,
ProcessAccessToken = 9,
ProcessLdtInformation = 10,
ProcessLdtSize = 11,
ProcessDefaultHardErrorMode = 12,
ProcessIoPortHandlers = 13,
ProcessPooledUsageAndLimits = 14,
ProcessWorkingSetWatch = 15,
ProcessUserModeIOPL = 16,
ProcessEnableAlignmentFaultFixup = 17,
ProcessPriorityClass = 18,
ProcessWx86Information = 19,
ProcessHandleCount = 20,
ProcessAffinityMask = 21,
ProcessPriorityBoost = 22,
ProcessDeviceMap = 23,
ProcessSessionInformation = 24,
ProcessForegroundInformation = 25,
ProcessWow64Information = 26,
ProcessImageFileName = 27,
ProcessLUIDDeviceMapsEnabled = 28,
ProcessBreakOnTermination = 29,
ProcessDebugObjectHandle = 30,
ProcessDebugFlags = 31,
ProcessHandleTracing = 32,
ProcessIoPriority = 33,
ProcessExecuteFlags = 34,
ProcessTlsInformation = 35,
ProcessCookie = 36,
ProcessImageInformation = 37,
ProcessCycleTime = 38,
ProcessPagePriority = 39,
ProcessInstrumentationCallback = 40,
ProcessThreadStackAllocation = 41,
ProcessWorkingSetWatchEx = 42,
ProcessImageFileNameWin32 = 43,
MaxProcessInfoClass
} PROCESSINFOCLASS, PROCESS_INFORMATION_CLASS;
#define MEM_EXECUTE_OPTION_DISABLE 0x01
#define MEM_EXECUTE_OPTION_ENABLE 0x02
#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x04
#define MEM_EXECUTE_OPTION_PERMANENT 0x08
typedef enum _SECTION_INHERIT {
ViewShare = 1,
ViewUnmap = 2
} SECTION_INHERIT;
typedef enum _SYSTEM_INFORMATION_CLASS {
SystemBasicInformation = 0,
SystemCpuInformation = 1,
SystemPerformanceInformation = 2,
SystemTimeOfDayInformation = 3, /* was SystemTimeInformation */
SystemPathInformation = 4,
SystemProcessInformation = 5,
SystemCallCountInformation = 6,
SystemDeviceInformation = 7,
SystemProcessorPerformanceInformation = 8,
SystemFlagsInformation = 9,
SystemCallTimeInformation = 10,
SystemModuleInformation = 11,
SystemLocksInformation = 12,
SystemStackTraceInformation = 13,
SystemPagedPoolInformation = 14,
SystemNonPagedPoolInformation = 15,
SystemHandleInformation = 16,
SystemObjectInformation = 17,
SystemPageFileInformation = 18,
SystemVdmInstemulInformation = 19,
SystemVdmBopInformation = 20,
SystemFileCacheInformation = 21,
SystemPoolTagInformation = 22,
SystemInterruptInformation = 23,
SystemDpcBehaviorInformation = 24,
SystemFullMemoryInformation = 25,
SystemNotImplemented6 = 25,
SystemLoadGdiDriverInformation = 26,
SystemUnloadGdiDriverInformation = 27,
SystemTimeAdjustmentInformation = 28,
SystemTimeAdjustment = 28,
SystemSummaryMemoryInformation = 29,
SystemMirrorMemoryInformation = 30,
SystemPerformanceTraceInformation = 31,
SystemObsolete0 = 32,
SystemExceptionInformation = 33,
SystemCrashDumpStateInformation = 34,
SystemKernelDebuggerInformation = 35,
SystemContextSwitchInformation = 36,
SystemRegistryQuotaInformation = 37,
SystemExtendServiceTableInformation = 38,
SystemPrioritySeperation = 39,
SystemVerifierAddDriverInformation = 40,
SystemVerifierRemoveDriverInformation = 41,
SystemProcessorIdleInformation = 42,
SystemLegacyDriverInformation = 43,
SystemCurrentTimeZoneInformation = 44,
SystemLookasideInformation = 45,
SystemTimeSlipNotification = 46,
SystemSessionCreate = 47,
SystemSessionDetach = 48,
SystemSessionInformation = 49,
SystemRangeStartInformation = 50,
SystemVerifierInformation = 51,
SystemVerifierThunkExtend = 52,
SystemSessionProcessesInformation = 53,
SystemLoadGdiDriverInSystemSpace = 54,
SystemNumaProcessorMap = 55,
SystemPrefetcherInformation = 56,
SystemExtendedProcessInformation = 57,
SystemRecommendedSharedDataAlignment = 58,
SystemComPlusPackage = 59,
SystemNumaAvailableMemory = 60,
SystemProcessorPowerInformation = 61,
SystemEmulationBasicInformation = 62,
SystemEmulationProcessorInformation = 63,
SystemExtendedHandleInformation = 64,
SystemLostDelayedWriteInformation = 65,
SystemBigPoolInformation = 66,
SystemSessionPoolTagInformation = 67,
SystemSessionMappedViewInformation = 68,
SystemHotpatchInformation = 69,
SystemObjectSecurityMode = 70,
SystemWatchdogTimerHandler = 71,
SystemWatchdogTimerInformation = 72,
SystemLogicalProcessorInformation = 73,
SystemWow64SharedInformationObsolete = 74,
SystemRegisterFirmwareTableInformationHandler = 75,
SystemFirmwareTableInformation = 76,
SystemModuleInformationEx = 77,
SystemVerifierTriageInformation = 78,
SystemSuperfetchInformation = 79,
SystemMemoryListInformation = 80,
SystemFileCacheInformationEx = 81,
SystemThreadPriorityClientIdInformation = 82,
SystemProcessorIdleCycleTimeInformation = 83,
SystemVerifierCancellationInformation = 84,
SystemProcessorPowerInformationEx = 85,
SystemRefTraceInformation = 86,
SystemSpecialPoolInformation = 87,
SystemProcessIdInformation = 88,
SystemErrorPortInformation = 89,
SystemBootEnvironmentInformation = 90,
SystemHypervisorInformation = 91,
SystemVerifierInformationEx = 92,
SystemTimeZoneInformation = 93,
SystemImageFileExecutionOptionsInformation = 94,
SystemCoverageInformation = 95,
SystemPrefetchPatchInformation = 96,
SystemVerifierFaultsInformation = 97,
SystemSystemPartitionInformation = 98,
SystemSystemDiskInformation = 99,
SystemProcessorPerformanceDistribution = 100,
SystemNumaProximityNodeInformation = 101,
SystemDynamicTimeZoneInformation = 102,
SystemCodeIntegrityInformation = 103,
SystemProcessorMicrocodeUpdateInformation = 104,
SystemProcessorBrandString = 105,
SystemVirtualAddressInformation = 106,
SystemLogicalProcessorInformationEx = 107,
SystemProcessorCycleTimeInformation = 108,
SystemStoreInformation = 109,
SystemRegistryAppendString = 110,
SystemAitSamplingValue = 111,
SystemVhdBootInformation = 112,
SystemCpuQuotaInformation = 113,
SystemNativeBasicInformation = 114,
SystemErrorPortTimeouts = 115,
SystemLowPriorityIoInformation = 116,
SystemTpmBootEntropyInformation = 117,
SystemVerifierCountersInformation = 118,
SystemPagedPoolInformationEx = 119,
SystemSystemPtesInformationEx = 120,
SystemNodeDistanceInformation = 121,
SystemAcpiAuditInformation = 122,
SystemBasicPerformanceInformation = 123,
SystemQueryPerformanceCounterInformation = 124,
SystemSessionBigPoolInformation = 125,
SystemBootGraphicsInformation = 126,
SystemScrubPhysicalMemoryInformation = 127,
SystemBadPageInformation = 128,
SystemProcessorProfileControlArea = 129,
SystemCombinePhysicalMemoryInformation = 130,
SystemEntropyInterruptTimingInformation = 131,
SystemConsoleInformation = 132,
SystemPlatformBinaryInformation = 133,
SystemPolicyInformation = 134,
SystemHypervisorProcessorCountInformation = 135,
SystemDeviceDataInformation = 136,
SystemDeviceDataEnumerationInformation = 137,
SystemMemoryTopologyInformation = 138,
SystemMemoryChannelInformation = 139,
SystemBootLogoInformation = 140,
SystemProcessorPerformanceInformationEx = 141,
SystemCriticalProcessErrorLogInformation = 142,
SystemSecureBootPolicyInformation = 143,
SystemPageFileInformationEx = 144,
SystemSecureBootInformation = 145,
SystemEntropyInterruptTimingRawInformation = 146,
SystemPortableWorkspaceEfiLauncherInformation = 147,
SystemFullProcessInformation = 148,
SystemKernelDebuggerInformationEx = 149,
SystemBootMetadataInformation = 150,
SystemSoftRebootInformation = 151,
SystemElamCertificateInformation = 152,
SystemOfflineDumpConfigInformation = 153,
SystemProcessorFeaturesInformation = 154,
SystemRegistryReconciliationInformation = 155,
SystemEdidInformation = 156,
SystemManufacturingInformation = 157,
SystemEnergyEstimationConfigInformation = 158,
SystemHypervisorDetailInformation = 159,
SystemProcessorCycleStatsInformation = 160,
SystemVmGenerationCountInformation = 161,
SystemTrustedPlatformModuleInformation = 162,
SystemKernelDebuggerFlags = 163,
SystemCodeIntegrityPolicyInformation = 164,
SystemIsolatedUserModeInformation = 165,
SystemHardwareSecurityTestInterfaceResultsInformation = 166,
SystemSingleModuleInformation = 167,
SystemAllowedCpuSetsInformation = 168,
SystemVsmProtectionInformation = 169,
SystemInterruptCpuSetsInformation = 170,
SystemSecureBootPolicyFullInformation = 171,
SystemCodeIntegrityPolicyFullInformation = 172,
SystemAffinitizedInterruptProcessorInformation = 173,
SystemRootSiloInformation = 174,
SystemCpuSetInformation = 175,
SystemCpuSetTagInformation = 176,
SystemWin32WerStartCallout = 177,
SystemSecureKernelProfileInformation = 178,
SystemCodeIntegrityPlatformManifestInformation = 179,
SystemInterruptSteeringInformation = 180,
SystemSupportedProcessorArchitectures = 181,
SystemMemoryUsageInformation = 182,
SystemCodeIntegrityCertificateInformation = 183,
SystemPhysicalMemoryInformation = 184,
SystemControlFlowTransition = 185,
SystemKernelDebuggingAllowed = 186,
SystemActivityModerationExeState = 187,
SystemActivityModerationUserSettings = 188,
SystemCodeIntegrityPoliciesFullInformation = 189,
SystemCodeIntegrityUnlockInformation = 190,
SystemIntegrityQuotaInformation = 191,
SystemFlushInformation = 192,
SystemProcessorIdleMaskInformation = 193,
SystemSecureDumpEncryptionInformation = 194,
SystemWriteConstraintInformation = 195,
SystemKernelVaShadowInformation = 196,
SystemHypervisorSharedPageInformation = 197,
SystemFirmwareBootPerformanceInformation = 198,
SystemCodeIntegrityVerificationInformation = 199,
SystemFirmwarePartitionInformation = 200,
SystemSpeculationControlInformation = 201,
SystemDmaGuardPolicyInformation = 202,
SystemEnclaveLaunchControlInformation = 203,
SystemWorkloadAllowedCpuSetsInformation = 204,
SystemCodeIntegrityUnlockModeInformation = 205,
SystemLeapSecondInformation = 206,
SystemFlags2Information = 207,
SystemSecurityModelInformation = 208,
SystemCodeIntegritySyntheticCacheInformation = 209,
SystemFeatureConfigurationInformation = 210,
SystemFeatureConfigurationSectionInformation = 211,
SystemFeatureUsageSubscriptionInformation = 212,
SystemSecureSpeculationControlInformation = 213,
SystemSpacesBootInformation = 214,
SystemFwRamdiskInformation = 215,
SystemWheaIpmiHardwareInformation = 216,
SystemDifSetRuleClassInformation = 217,
SystemDifClearRuleClassInformation = 218,
SystemDifApplyPluginVerificationOnDriver = 219,
SystemDifRemovePluginVerificationOnDriver = 220,
SystemShadowStackInformation = 221,
SystemBuildVersionInformation = 222,
#ifdef __WINESRC__
SystemWineVersionInformation = 1000,
#endif
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
typedef struct _SYSTEM_CODEINTEGRITY_INFORMATION
{
ULONG Length;
ULONG CodeIntegrityOptions;
} SYSTEM_CODEINTEGRITY_INFORMATION, *PSYSTEM_CODEINTEGRITY_INFORMATION;
#define CODEINTEGRITY_OPTION_ENABLED 0x0001
#define CODEINTEGRITY_OPTION_TESTSIGN 0x0002
#define CODEINTEGRITY_OPTION_UMCI_ENABLED 0x0004
#define CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED 0x0008
#define CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED 0x0010
#define CODEINTEGRITY_OPTION_TEST_BUILD 0x0020
#define CODEINTEGRITY_OPTION_PREPRODUCTION_BUILD 0x0040
#define CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED 0x0080
#define CODEINTEGRITY_OPTION_FLIGHT_BUILD 0x0100
#define CODEINTEGRITY_OPTION_FLIGHTING_ENABLED 0x0200
#define CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED 0x0400
#define CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED 0x0800
#define CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED 0x1000
#define CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED 0x2000
typedef enum _THREADINFOCLASS {
ThreadBasicInformation = 0,
ThreadTimes,
ThreadPriority,
ThreadBasePriority,
ThreadAffinityMask,
ThreadImpersonationToken,
ThreadDescriptorTableEntry,
ThreadEnableAlignmentFaultFixup,
ThreadEventPair_Reusable,
ThreadQuerySetWin32StartAddress,
ThreadZeroTlsCell,
ThreadPerformanceCount,
ThreadAmILastThread,
ThreadIdealProcessor,
ThreadPriorityBoost,
ThreadSetTlsArrayAddress,
ThreadIsIoPending,
ThreadHideFromDebugger,
ThreadBreakOnTermination,
ThreadSwitchLegacyState,
ThreadIsTerminated,
ThreadLastSystemCall,
ThreadIoPriority,
ThreadCycleTime,
ThreadPagePriority,
ThreadActualBasePriority,
ThreadTebInformation,
ThreadCSwitchMon,
ThreadCSwitchPmu,
ThreadWow64Context,
ThreadGroupInformation,
ThreadUmsInformation,
ThreadCounterProfiling,
ThreadIdealProcessorEx,
ThreadSuspendCount = 35,
ThreadDescription = 38,
MaxThreadInfoClass
} THREADINFOCLASS;
typedef struct _THREAD_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
PVOID TebBaseAddress;
CLIENT_ID ClientId;
ULONG_PTR AffinityMask;
LONG Priority;
LONG BasePriority;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
typedef struct _THREAD_DESCRIPTOR_INFORMATION
{
DWORD Selector;
LDT_ENTRY Entry;
} THREAD_DESCRIPTOR_INFORMATION, *PTHREAD_DESCRIPTOR_INFORMATION;
typedef struct _THREAD_DESCRIPTION_INFORMATION
{
UNICODE_STRING Description;
} THREAD_DESCRIPTION_INFORMATION, *PTHREAD_DESCRIPTION_INFORMATION;
typedef struct _KERNEL_USER_TIMES {
LARGE_INTEGER CreateTime;
LARGE_INTEGER ExitTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
typedef enum _WINSTATIONINFOCLASS {
WinStationInformation = 8
} WINSTATIONINFOCLASS;
typedef enum _MEMORY_INFORMATION_CLASS {
MemoryBasicInformation,
MemoryWorkingSetList,
MemorySectionName,
MemoryBasicVlmInformation,
MemoryWorkingSetExInformation
} MEMORY_INFORMATION_CLASS;
typedef struct _MEMORY_SECTION_NAME
{
UNICODE_STRING SectionFileName;
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
typedef union _MEMORY_WORKING_SET_EX_BLOCK {
ULONG_PTR Flags;
struct {
ULONG_PTR Valid : 1;
ULONG_PTR ShareCount : 3;
ULONG_PTR Win32Protection : 11;
ULONG_PTR Shared : 1;
ULONG_PTR Node : 6;
ULONG_PTR Locked : 1;
ULONG_PTR LargePage : 1;
} DUMMYSTRUCTNAME;
} MEMORY_WORKING_SET_EX_BLOCK, *PMEMORY_WORKING_SET_EX_BLOCK;
typedef struct _MEMORY_WORKING_SET_EX_INFORMATION {
PVOID VirtualAddress;
MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes;
} MEMORY_WORKING_SET_EX_INFORMATION, *PMEMORY_WORKING_SET_EX_INFORMATION;
typedef enum _MUTANT_INFORMATION_CLASS
{
MutantBasicInformation
} MUTANT_INFORMATION_CLASS, *PMUTANT_INFORMATION_CLASS;
typedef struct _MUTANT_BASIC_INFORMATION {
LONG CurrentCount;
BOOLEAN OwnedByCaller;
BOOLEAN AbandonedState;
} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;
typedef enum _TIMER_INFORMATION_CLASS
{
TimerBasicInformation = 0
} TIMER_INFORMATION_CLASS;
typedef struct _TIMER_BASIC_INFORMATION
{
LARGE_INTEGER RemainingTime;
BOOLEAN TimerState;
} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
/* return type of RtlDetermineDosPathNameType_U (FIXME: not the correct names) */
typedef enum
{
INVALID_PATH = 0,
UNC_PATH, /* "//foo" */
ABSOLUTE_DRIVE_PATH, /* "c:/foo" */
RELATIVE_DRIVE_PATH, /* "c:foo" */
ABSOLUTE_PATH, /* "/foo" */
RELATIVE_PATH, /* "foo" */
DEVICE_PATH, /* "//./foo" */
UNC_DOT_PATH /* "//." */
} DOS_PATHNAME_TYPE;
/***********************************************************************
* Types and data structures
*/
/* This is used by NtQuerySystemInformation */
typedef struct _SYSTEM_THREAD_INFORMATION
{ /* win32/win64 */
LARGE_INTEGER KernelTime; /* 00/00 */
LARGE_INTEGER UserTime; /* 08/08 */
LARGE_INTEGER CreateTime; /* 10/10 */
DWORD dwTickCount; /* 18/18 */
LPVOID StartAddress; /* 1c/20 */
CLIENT_ID ClientId; /* 20/28 */
DWORD dwCurrentPriority; /* 28/38 */
DWORD dwBasePriority; /* 2c/3c */
DWORD dwContextSwitches; /* 30/40 */
DWORD dwThreadState; /* 34/44 */
DWORD dwWaitReason; /* 38/48 */
DWORD dwUnknown; /* 3c/4c */
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
typedef struct _IO_STATUS_BLOCK {
union {
NTSTATUS Status;
PVOID Pointer;
} DUMMYUNIONNAME;
ULONG_PTR Information;
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef void (WINAPI * PIO_APC_ROUTINE)(PVOID,PIO_STATUS_BLOCK,ULONG);
typedef struct _KEY_BASIC_INFORMATION {
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG NameLength;
WCHAR Name[1];
} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
typedef struct _KEY_NODE_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG NameLength;
WCHAR Name[1];
/* Class[1]; */
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
typedef struct _KEY_FULL_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG ClassOffset;
ULONG ClassLength;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG MaxClassLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
WCHAR Class[1];
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
typedef struct _KEY_NAME_INFORMATION {
ULONG NameLength;
WCHAR Name[1];
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
typedef struct _KEY_CACHED_INFORMATION
{
LARGE_INTEGER LastWriteTime;
ULONG TitleIndex;
ULONG SubKeys;
ULONG MaxNameLen;
ULONG Values;
ULONG MaxValueNameLen;
ULONG MaxValueDataLen;
ULONG NameLength;
} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION;
typedef struct _KEY_VALUE_ENTRY
{
PUNICODE_STRING ValueName;
ULONG DataLength;
ULONG DataOffset;
ULONG Type;
} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
typedef struct _KEY_VALUE_BASIC_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG NameLength;
WCHAR Name[1];
} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
typedef struct _KEY_VALUE_FULL_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG DataOffset;
ULONG DataLength;
ULONG NameLength;
WCHAR Name[1];
} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
typedef struct _KEY_VALUE_PARTIAL_INFORMATION {
ULONG TitleIndex;
ULONG Type;
ULONG DataLength;
UCHAR Data[1];
} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
#ifndef __OBJECT_ATTRIBUTES_DEFINED__
#define __OBJECT_ATTRIBUTES_DEFINED__
typedef struct _OBJECT_ATTRIBUTES {
ULONG Length;
HANDLE RootDirectory;
PUNICODE_STRING ObjectName;
ULONG Attributes;
PVOID SecurityDescriptor; /* type SECURITY_DESCRIPTOR */
PVOID SecurityQualityOfService; /* type SECURITY_QUALITY_OF_SERVICE */
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
#endif
typedef struct _OBJECT_DATA_INFORMATION {
BOOLEAN InheritHandle;
BOOLEAN ProtectFromClose;
} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
typedef struct _OBJECT_BASIC_INFORMATION {
ULONG Attributes;
ACCESS_MASK GrantedAccess;
ULONG HandleCount;
ULONG PointerCount;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG Reserved[3];
ULONG NameInformationLength;
ULONG TypeInformationLength;
ULONG SecurityDescriptorLength;
LARGE_INTEGER CreateTime;
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
typedef struct _OBJECT_NAME_INFORMATION {
UNICODE_STRING Name;
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
typedef struct __OBJECT_TYPE_INFORMATION {
UNICODE_STRING TypeName;
ULONG TotalNumberOfObjects;
ULONG TotalNumberOfHandles;
ULONG TotalPagedPoolUsage;
ULONG TotalNonPagedPoolUsage;
ULONG TotalNamePoolUsage;
ULONG TotalHandleTableUsage;
ULONG HighWaterNumberOfObjects;
ULONG HighWaterNumberOfHandles;
ULONG HighWaterPagedPoolUsage;
ULONG HighWaterNonPagedPoolUsage;
ULONG HighWaterNamePoolUsage;
ULONG HighWaterHandleTableUsage;
ULONG InvalidAttributes;
GENERIC_MAPPING GenericMapping;
ULONG ValidAccessMask;
BOOLEAN SecurityRequired;
BOOLEAN MaintainHandleCount;
UCHAR TypeIndex;
CHAR ReservedByte;
ULONG PoolType;
ULONG DefaultPagedPoolCharge;
ULONG DefaultNonPagedPoolCharge;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
typedef struct _OBJECT_TYPES_INFORMATION
{
ULONG NumberOfTypes;
} OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
typedef struct _PROCESS_BASIC_INFORMATION {
#ifdef __WINESRC__
NTSTATUS ExitStatus;
PEB *PebBaseAddress;
ULONG_PTR AffinityMask;
LONG BasePriority;
ULONG_PTR UniqueProcessId;
ULONG_PTR InheritedFromUniqueProcessId;
#else
PVOID Reserved1;
PPEB PebBaseAddress;
PVOID Reserved2[2];
ULONG_PTR UniqueProcessId;
PVOID Reserved3;
#endif
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
#define PROCESS_PRIOCLASS_IDLE 1
#define PROCESS_PRIOCLASS_NORMAL 2
#define PROCESS_PRIOCLASS_HIGH 3
#define PROCESS_PRIOCLASS_REALTIME 4
#define PROCESS_PRIOCLASS_BELOW_NORMAL 5
#define PROCESS_PRIOCLASS_ABOVE_NORMAL 6
typedef struct _PROCESS_PRIORITY_CLASS {
BOOLEAN Foreground;
UCHAR PriorityClass;
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION
{
SIZE_T ReserveSize;
SIZE_T ZeroBits;
PVOID StackBase;
} PROCESS_STACK_ALLOCATION_INFORMATION, *PPROCESS_STACK_ALLOCATION_INFORMATION;
typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX
{
ULONG PreferredNode;
ULONG Reserved0;
ULONG Reserved1;
ULONG Reserved2;
PROCESS_STACK_ALLOCATION_INFORMATION AllocInfo;
} PROCESS_STACK_ALLOCATION_INFORMATION_EX, *PPROCESS_STACK_ALLOCATION_INFORMATION_EX;
typedef struct _RTL_HEAP_DEFINITION {
ULONG Length; /* = sizeof(RTL_HEAP_DEFINITION) */
ULONG Unknown[11];
} RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION;
typedef struct _RTL_RWLOCK {
RTL_CRITICAL_SECTION rtlCS;
HANDLE hSharedReleaseSemaphore;
UINT uSharedWaiters;
HANDLE hExclusiveReleaseSemaphore;
UINT uExclusiveWaiters;
INT iNumberActive;
HANDLE hOwningThreadId;
DWORD dwTimeoutBoost;
PVOID pDebugInfo;
} RTL_RWLOCK, *LPRTL_RWLOCK;
/* System Information Class 0x00 */
typedef struct _SYSTEM_BASIC_INFORMATION {
#ifdef __WINESRC__
DWORD unknown;
ULONG KeMaximumIncrement;
ULONG PageSize;
ULONG MmNumberOfPhysicalPages;
ULONG MmLowestPhysicalPage;
ULONG MmHighestPhysicalPage;
ULONG_PTR AllocationGranularity;
PVOID LowestUserAddress;
PVOID HighestUserAddress;
ULONG_PTR ActiveProcessorsAffinityMask;
BYTE NumberOfProcessors;
#else
BYTE Reserved1[24];
PVOID Reserved2[4];
CCHAR NumberOfProcessors;
#endif
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
/* System Information Class 0x01 */
typedef struct _SYSTEM_CPU_INFORMATION {
WORD Architecture;
WORD Level;
WORD Revision; /* combination of CPU model and stepping */
WORD Reserved; /* always zero */
DWORD FeatureSet; /* see bit flags below */
} SYSTEM_CPU_INFORMATION, *PSYSTEM_CPU_INFORMATION;
/* definitions of bits in the Feature set for the x86 processors */
#define CPU_FEATURE_VME 0x00000005 /* Virtual 86 Mode Extensions */
#define CPU_FEATURE_TSC 0x00000002 /* Time Stamp Counter available */
#define CPU_FEATURE_CMOV 0x00000008 /* Conditional Move instruction*/
#define CPU_FEATURE_PGE 0x00000014 /* Page table Entry Global bit */
#define CPU_FEATURE_PSE 0x00000024 /* Page Size Extension */
#define CPU_FEATURE_MTRR 0x00000040 /* Memory Type Range Registers */
#define CPU_FEATURE_CX8 0x00000080 /* Compare and eXchange 8 byte instr. */
#define CPU_FEATURE_MMX 0x00000100 /* Multi Media eXtensions */
#define CPU_FEATURE_X86 0x00000200 /* seems to be always ON, on the '86 */
#define CPU_FEATURE_PAT 0x00000400 /* Page Attribute Table */
#define CPU_FEATURE_FXSR 0x00000800 /* FXSAVE and FXSTORE instructions */
#define CPU_FEATURE_SEP 0x00001000 /* SYSENTER and SYSEXIT instructions */
#define CPU_FEATURE_SSE 0x00002000 /* SSE extensions (ext. MMX) */
#define CPU_FEATURE_3DNOW 0x00004000 /* 3DNOW instructions available */
#define CPU_FEATURE_SSE2 0x00010000 /* SSE2 extensions (XMMI64) */
#define CPU_FEATURE_DS 0x00020000 /* Debug Store */
#define CPU_FEATURE_HTT 0x00040000 /* Hyper Threading Technology */
#define CPU_FEATURE_SSE3 0x00080000 /* SSE3 extensions */
#define CPU_FEATURE_CX128 0x00100000 /* cmpxchg16b instruction */
#define CPU_FEATURE_XSAVE 0x00800000 /* XSAVE instructions */
#define CPU_FEATURE_2NDLEV 0x04000000 /* Second-level address translation */
#define CPU_FEATURE_VIRT 0x08000000 /* Virtualization support */
#define CPU_FEATURE_RDFS 0x10000000 /* RDFSBASE etc. instructions */
#define CPU_FEATURE_NX 0x20000000 /* Data execution prevention */
/* FIXME: following values are made up, actual flags are unknown */
#define CPU_FEATURE_SSSE3 0x00008000 /* SSSE3 instructions */
#define CPU_FEATURE_SSE41 0x01000000 /* SSE41 instructions */
#define CPU_FEATURE_SSE42 0x02000000 /* SSE42 instructions */
#define CPU_FEATURE_AVX 0x40000000 /* AVX instructions */
#define CPU_FEATURE_AVX2 0x80000000 /* AVX2 instructions */
#define CPU_FEATURE_PAE 0x00200000
#define CPU_FEATURE_DAZ 0x00400000
#define CPU_FEATURE_ARM_VFP_32 0x00000001
#define CPU_FEATURE_ARM_NEON 0x00000002
#define CPU_FEATURE_ARM_V8_CRC32 0x00000004
#define CPU_FEATURE_ARM_V8_CRYPTO 0x00000008
/* System Information Class 0x02 */
/* Documented in "Windows NT/2000 Native API Reference" by Gary Nebbett. */
typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
LARGE_INTEGER IdleTime;
LARGE_INTEGER ReadTransferCount;
LARGE_INTEGER WriteTransferCount;
LARGE_INTEGER OtherTransferCount;
ULONG ReadOperationCount;
ULONG WriteOperationCount;
ULONG OtherOperationCount;
ULONG AvailablePages;
ULONG TotalCommittedPages;
ULONG TotalCommitLimit;
ULONG PeakCommitment;
ULONG PageFaults;
ULONG WriteCopyFaults;
ULONG TransitionFaults;
ULONG Reserved1;
ULONG DemandZeroFaults;
ULONG PagesRead;
ULONG PageReadIos;
ULONG Reserved2[2];
ULONG PagefilePagesWritten;
ULONG PagefilePageWriteIos;
ULONG MappedFilePagesWritten;
ULONG MappedFilePageWriteIos;
ULONG PagedPoolUsage;
ULONG NonPagedPoolUsage;
ULONG PagedPoolAllocs;
ULONG PagedPoolFrees;
ULONG NonPagedPoolAllocs;
ULONG NonPagedPoolFrees;
ULONG TotalFreeSystemPtes;
ULONG SystemCodePage;
ULONG TotalSystemDriverPages;
ULONG TotalSystemCodePages;
ULONG SmallNonPagedLookasideListAllocateHits;
ULONG SmallPagedLookasideListAllocateHits;
ULONG Reserved3;
ULONG MmSystemCachePage;
ULONG PagedPoolPage;
ULONG SystemDriverPage;
ULONG FastReadNoWait;
ULONG FastReadWait;
ULONG FastReadResourceMiss;
ULONG FastReadNotPossible;
ULONG FastMdlReadNoWait;
ULONG FastMdlReadWait;
ULONG FastMdlReadResourceMiss;
ULONG FastMdlReadNotPossible;
ULONG MapDataNoWait;
ULONG MapDataWait;
ULONG MapDataNoWaitMiss;
ULONG MapDataWaitMiss;
ULONG PinMappedDataCount;
ULONG PinReadNoWait;
ULONG PinReadWait;
ULONG PinReadNoWaitMiss;
ULONG PinReadWaitMiss;
ULONG CopyReadNoWait;
ULONG CopyReadWait;
ULONG CopyReadNoWaitMiss;
ULONG CopyReadWaitMiss;
ULONG MdlReadNoWait;
ULONG MdlReadWait;
ULONG MdlReadNoWaitMiss;
ULONG MdlReadWaitMiss;
ULONG ReadAheadIos;
ULONG LazyWriteIos;
ULONG LazyWritePages;
ULONG DataFlushes;
ULONG DataPages;
ULONG ContextSwitches;
ULONG FirstLevelTbFills;
ULONG SecondLevelTbFills;
ULONG SystemCalls;
} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
/* System Information Class 0x03 */
typedef struct _SYSTEM_TIMEOFDAY_INFORMATION {
#ifdef __WINESRC__
LARGE_INTEGER BootTime;
LARGE_INTEGER SystemTime;
LARGE_INTEGER TimeZoneBias;
ULONG TimeZoneId;
ULONG Reserved;
ULONGLONG BootTimeBias;
ULONGLONG SleepTimeBias;
#else
BYTE Reserved1[48];
#endif
} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; /* was SYSTEM_TIME_INFORMATION */
/* System Information Class 0x08 */
typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
LARGE_INTEGER IdleTime;
LARGE_INTEGER KernelTime;
LARGE_INTEGER UserTime;
LARGE_INTEGER Reserved1[2];
ULONG Reserved2;
} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
/* System Information Class 0x0b */
typedef struct _SYSTEM_DRIVER_INFORMATION {
PVOID pvAddress;
DWORD dwUnknown1;
DWORD dwUnknown2;
DWORD dwEntryIndex;
DWORD dwUnknown3;
char szName[MAX_PATH + 1];
} SYSTEM_DRIVER_INFORMATION, *PSYSTEM_DRIVER_INFORMATION;
/* System Information Class 0x10 */
typedef struct _SYSTEM_HANDLE_ENTRY {
ULONG OwnerPid;
BYTE ObjectType;
BYTE HandleFlags;
USHORT HandleValue;
PVOID ObjectPointer;
ULONG AccessMask;
} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;
typedef struct _SYSTEM_HANDLE_INFORMATION {
ULONG Count;
SYSTEM_HANDLE_ENTRY Handle[1];
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
{
void *Object;
ULONG_PTR UniqueProcessId;
ULONG_PTR HandleValue;
ULONG GrantedAccess;
USHORT CreatorBackTraceIndex;
USHORT ObjectTypeIndex;
ULONG HandleAttributes;
ULONG Reserved;
} SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
typedef struct _SYSTEM_HANDLE_INFORMATION_EX
{
ULONG_PTR NumberOfHandles;
ULONG_PTR Reserved;
SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];
} SYSTEM_HANDLE_INFORMATION_EX;
/* System Information Class 0x15 */
typedef struct _SYSTEM_CACHE_INFORMATION {
ULONG CurrentSize;
ULONG PeakSize;
ULONG PageFaultCount;
ULONG MinimumWorkingSet;
ULONG MaximumWorkingSet;
ULONG unused[4];
#ifdef _WIN64
ULONG unknown64[7];
#endif
} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
/* System Information Class 0x17 */
typedef struct _SYSTEM_INTERRUPT_INFORMATION {
BYTE Reserved1[24];
} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
typedef struct _SYSTEM_CONFIGURATION_INFO {
union {
ULONG OemId;
struct {
WORD ProcessorArchitecture;
WORD Reserved;
} tag1;
} tag2;
ULONG PageSize;
PVOID MinimumApplicationAddress;
PVOID MaximumApplicationAddress;
ULONG ActiveProcessorMask;
ULONG NumberOfProcessors;
ULONG ProcessorType;
ULONG AllocationGranularity;
WORD ProcessorLevel;
WORD ProcessorRevision;
} SYSTEM_CONFIGURATION_INFO, *PSYSTEM_CONFIGURATION_INFO;
typedef struct _SYSTEM_EXCEPTION_INFORMATION {
BYTE Reserved1[16];
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
BYTE Reserved1[32];
} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
BOOLEAN DebuggerEnabled;
BOOLEAN DebuggerNotPresent;
} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
typedef struct _VM_COUNTERS
{
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
} VM_COUNTERS, *PVM_COUNTERS;
typedef struct _VM_COUNTERS_EX
{
SIZE_T PeakVirtualSize;
SIZE_T VirtualSize;
ULONG PageFaultCount;
SIZE_T PeakWorkingSetSize;
SIZE_T WorkingSetSize;
SIZE_T QuotaPeakPagedPoolUsage;
SIZE_T QuotaPagedPoolUsage;
SIZE_T QuotaPeakNonPagedPoolUsage;
SIZE_T QuotaNonPagedPoolUsage;
SIZE_T PagefileUsage;
SIZE_T PeakPagefileUsage;
SIZE_T PrivateUsage;
} VM_COUNTERS_EX, *PVM_COUNTERS_EX;
typedef struct _SYSTEM_PROCESS_INFORMATION {
#ifdef __WINESRC__ /* win32/win64 */
ULONG NextEntryOffset; /* 00/00 */
DWORD dwThreadCount; /* 04/04 */
DWORD dwUnknown1[6]; /* 08/08 */
LARGE_INTEGER CreationTime; /* 20/20 */
LARGE_INTEGER UserTime; /* 28/28 */
LARGE_INTEGER KernelTime; /* 30/30 */
UNICODE_STRING ProcessName; /* 38/38 */
DWORD dwBasePriority; /* 40/48 */
HANDLE UniqueProcessId; /* 44/50 */
HANDLE ParentProcessId; /* 48/58 */
ULONG HandleCount; /* 4c/60 */
ULONG SessionId; /* 50/64 */
DWORD dwUnknown4; /* 54/68 */
VM_COUNTERS_EX vmCounters; /* 58/70 */
IO_COUNTERS ioCounters; /* 88/d0 */
SYSTEM_THREAD_INFORMATION ti[1]; /* b8/100 */
#else
ULONG NextEntryOffset; /* 00/00 */
BYTE Reserved1[52]; /* 04/04 */
PVOID Reserved2[3]; /* 38/38 */
HANDLE UniqueProcessId; /* 44/50 */
PVOID Reserved3; /* 48/58 */
ULONG HandleCount; /* 4c/60 */
BYTE Reserved4[4]; /* 50/64 */
PVOID Reserved5[11]; /* 54/68 */
SIZE_T PeakPagefileUsage; /* 80/c0 */
SIZE_T PrivatePageCount; /* 84/c8 */
LARGE_INTEGER Reserved6[6]; /* 88/d0 */
#endif
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
ULONG RegistryQuotaAllowed;
ULONG RegistryQuotaUsed;
PVOID Reserved1;
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
typedef struct _SYSTEM_TIME_ADJUSTMENT_QUERY {
ULONG TimeAdjustment;
ULONG TimeIncrement;
BOOLEAN TimeAdjustmentDisabled;
} SYSTEM_TIME_ADJUSTMENT_QUERY, *PSYSTEM_TIME_ADJUSTMENT_QUERY;
typedef struct _SYSTEM_TIME_ADJUSTMENT {
ULONG TimeAdjustment;
BOOLEAN TimeAdjustmentDisabled;
} SYSTEM_TIME_ADJUSTMENT, *PSYSTEM_TIME_ADJUSTMENT;
typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
{
SystemFirmwareTable_Enumerate = 0,
SystemFirmwareTable_Get = 1
} SYSTEM_FIRMWARE_TABLE_ACTION, *PSYSTEM_FIRMWARE_TABLE_ACTION;
/* System Information Class 0x4C */
typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
{
ULONG ProviderSignature;
SYSTEM_FIRMWARE_TABLE_ACTION Action;
ULONG TableID;
ULONG TableBufferLength;
UCHAR TableBuffer[1];
} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;
typedef struct _TIME_FIELDS
{ CSHORT Year;
CSHORT Month;
CSHORT Day;
CSHORT Hour;
CSHORT Minute;
CSHORT Second;
CSHORT Milliseconds;
CSHORT Weekday;
} TIME_FIELDS, *PTIME_FIELDS;
typedef struct _WINSTATIONINFORMATIONW {
BYTE Reserved2[70];
ULONG LogonId;
BYTE Reserved3[1140];
} WINSTATIONINFORMATIONW, *PWINSTATIONINFORMATIONW;
typedef BOOLEAN (WINAPI * PWINSTATIONQUERYINFORMATIONW)(HANDLE,ULONG,WINSTATIONINFOCLASS,PVOID,ULONG,PULONG);
typedef struct _LDR_RESOURCE_INFO
{
ULONG_PTR Type;
ULONG_PTR Name;
ULONG Language;
} LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO;
/* debug buffer definitions */
typedef struct _DEBUG_BUFFER {
HANDLE SectionHandle;
PVOID SectionBase;
PVOID RemoteSectionBase;
ULONG SectionBaseDelta;
HANDLE EventPairHandle;
ULONG Unknown[2];
HANDLE RemoteThreadHandle;
ULONG InfoClassMask;
ULONG SizeOfInfo;
ULONG AllocatedSize;
ULONG SectionSize;
PVOID ModuleInformation;
PVOID BackTraceInformation;
PVOID HeapInformation;
PVOID LockInformation;
PVOID Reserved[8];
} DEBUG_BUFFER, *PDEBUG_BUFFER;
#define PDI_MODULES 0x01
#define PDI_BACKTRACE 0x02
#define PDI_HEAPS 0x04
#define PDI_HEAP_TAGS 0x08
#define PDI_HEAP_BLOCKS 0x10
#define PDI_LOCKS 0x20
typedef struct _DEBUG_MODULE_INFORMATION {
ULONG Reserved[2];
ULONG Base;
ULONG Size;
ULONG Flags;
USHORT Index;
USHORT Unknown;
USHORT LoadCount;
USHORT ModuleNameOffset;
CHAR ImageName[256];
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
typedef struct _DEBUG_HEAP_INFORMATION {
ULONG Base;
ULONG Flags;
USHORT Granularity;
USHORT Unknown;
ULONG Allocated;
ULONG Committed;
ULONG TagCount;
ULONG BlockCount;
ULONG Reserved[7];
PVOID Tags;
PVOID Blocks;
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
typedef struct _DEBUG_LOCK_INFORMATION {
PVOID Address;
USHORT Type;
USHORT CreatorBackTraceIndex;
ULONG OwnerThreadId;
ULONG ActiveCount;
ULONG ContentionCount;
ULONG EntryCount;
ULONG RecursionCount;
ULONG NumberOfSharedWaiters;
ULONG NumberOfExclusiveWaiters;
} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
typedef struct _PORT_MESSAGE_HEADER {
USHORT DataSize;
USHORT MessageSize;
USHORT MessageType;
USHORT VirtualRangesOffset;
CLIENT_ID ClientId;
ULONG MessageId;
ULONG SectionSize;
} PORT_MESSAGE_HEADER, *PPORT_MESSAGE_HEADER, PORT_MESSAGE, *PPORT_MESSAGE;
typedef unsigned short RTL_ATOM, *PRTL_ATOM;
typedef enum _ATOM_INFORMATION_CLASS {
AtomBasicInformation = 0,
AtomTableInformation = 1,
} ATOM_INFORMATION_CLASS;
typedef struct _ATOM_BASIC_INFORMATION {
USHORT ReferenceCount;
USHORT Pinned;
USHORT NameLength;
WCHAR Name[1];
} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
/* FIXME: names probably not correct */
typedef struct _RTL_HANDLE
{
struct _RTL_HANDLE * Next;
} RTL_HANDLE;
/* FIXME: names probably not correct */
typedef struct _RTL_HANDLE_TABLE
{
ULONG MaxHandleCount; /* 0x00 */
ULONG HandleSize; /* 0x04 */
ULONG Unused[2]; /* 0x08-0x0c */
PVOID NextFree; /* 0x10 */
PVOID FirstHandle; /* 0x14 */
PVOID ReservedMemory; /* 0x18 */
PVOID MaxHandle; /* 0x1c */
} RTL_HANDLE_TABLE;
typedef struct _RTL_ATOM_TABLE_ENTRY
{
struct _RTL_ATOM_TABLE_ENTRY *HashLink;
WORD HandleIndex;
WORD Atom;
WORD ReferenceCount;
UCHAR Flags;
UCHAR NameLength;
WCHAR Name[1];
} RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY;
typedef struct _RTL_ATOM_TABLE
{
ULONG Signature;
RTL_CRITICAL_SECTION CriticalSection;
RTL_HANDLE_TABLE HandleTable;
ULONG NumberOfBuckets;
RTL_ATOM_TABLE_ENTRY *Buckets[1];
} *RTL_ATOM_TABLE, **PRTL_ATOM_TABLE;
/***********************************************************************
* Defines
*/
/* flags for NtCreateFile and NtOpenFile */
#define FILE_DIRECTORY_FILE 0x00000001
#define FILE_WRITE_THROUGH 0x00000002
#define FILE_SEQUENTIAL_ONLY 0x00000004
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
#define FILE_NON_DIRECTORY_FILE 0x00000040
#define FILE_CREATE_TREE_CONNECTION 0x00000080
#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
#define FILE_NO_EA_KNOWLEDGE 0x00000200
#define FILE_OPEN_FOR_RECOVERY 0x00000400
#define FILE_RANDOM_ACCESS 0x00000800
#define FILE_DELETE_ON_CLOSE 0x00001000
#define FILE_OPEN_BY_FILE_ID 0x00002000
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
#define FILE_NO_COMPRESSION 0x00008000
#define FILE_RESERVE_OPFILTER 0x00100000
#define FILE_OPEN_REPARSE_POINT 0x00200000
#define FILE_OPEN_OFFLINE_FILE 0x00400000
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
#define FILE_ATTRIBUTE_VALID_FLAGS 0x00007fb7
#define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x000031a7
/* status for NtCreateFile or NtOpenFile */
#define FILE_SUPERSEDED 0
#define FILE_OPENED 1
#define FILE_CREATED 2
#define FILE_OVERWRITTEN 3
#define FILE_EXISTS 4
#define FILE_DOES_NOT_EXIST 5
/* disposition for NtCreateFile */
#define FILE_SUPERSEDE 0
#define FILE_OPEN 1
#define FILE_CREATE 2
#define FILE_OPEN_IF 3
#define FILE_OVERWRITE 4
#define FILE_OVERWRITE_IF 5
#define FILE_MAXIMUM_DISPOSITION 5
/* Characteristics of a File System */
#define FILE_REMOVABLE_MEDIA 0x00000001
#define FILE_READ_ONLY_DEVICE 0x00000002
#define FILE_FLOPPY_DISKETTE 0x00000004
#define FILE_WRITE_ONE_MEDIA 0x00000008
#define FILE_REMOTE_DEVICE 0x00000010
#define FILE_DEVICE_IS_MOUNTED 0x00000020
#define FILE_VIRTUAL_VOLUME 0x00000040
#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
#define FILE_DEVICE_SECURE_OPEN 0x00000100
#define FILE_CHARACTERISTIC_PNP_DEVICE 0x00000800
#define FILE_CHARACTERISTIC_TS_DEVICE 0x00001000
#define FILE_CHARACTERISTIC_WEBDAV_DEVICE 0x00002000
#define FILE_CHARACTERISTIC_CSV 0x00010000
#define FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL 0x00020000
#define FILE_PORTABLE_DEVICE 0x00040000
/* options for NtCreateNamedPipeFile */
#define FILE_PIPE_INBOUND 0x00000000
#define FILE_PIPE_OUTBOUND 0x00000001
#define FILE_PIPE_FULL_DUPLEX 0x00000002
/* options for pipe's type */
#define FILE_PIPE_TYPE_MESSAGE 0x00000001
#define FILE_PIPE_TYPE_BYTE 0x00000000
/* options for pipe's message mode */
#define FILE_PIPE_MESSAGE_MODE 0x00000001
#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
/* options for pipe's blocking mode */
#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
#define FILE_PIPE_QUEUE_OPERATION 0x00000000
/* and client / server end */
#define FILE_PIPE_SERVER_END 0x00000001
#define FILE_PIPE_CLIENT_END 0x00000000
#define INTERNAL_TS_ACTIVE_CONSOLE_ID ( *((volatile ULONG*)(0x7ffe02d8)) )
#define LOGONID_CURRENT ((ULONG)-1)
#define OBJ_PROTECT_CLOSE 0x00000001
#define OBJ_INHERIT 0x00000002
#define OBJ_PERMANENT 0x00000010
#define OBJ_EXCLUSIVE 0x00000020
#define OBJ_CASE_INSENSITIVE 0x00000040
#define OBJ_OPENIF 0x00000080
#define OBJ_OPENLINK 0x00000100
#define OBJ_KERNEL_HANDLE 0x00000200
#define OBJ_VALID_ATTRIBUTES 0x000003F2
#define SERVERNAME_CURRENT ((HANDLE)NULL)
typedef void (CALLBACK *PNTAPCFUNC)(ULONG_PTR,ULONG_PTR,ULONG_PTR); /* FIXME: not the right name */
typedef void (CALLBACK *PRTL_THREAD_START_ROUTINE)(LPVOID); /* FIXME: not the right name */
typedef DWORD (CALLBACK *PRTL_WORK_ITEM_ROUTINE)(LPVOID); /* FIXME: not the right name */
typedef void (NTAPI *RTL_WAITORTIMERCALLBACKFUNC)(PVOID,BOOLEAN); /* FIXME: not the right name */
/* DbgPrintEx default levels */
#define DPFLTR_ERROR_LEVEL 0
#define DPFLTR_WARNING_LEVEL 1
#define DPFLTR_TRACE_LEVEL 2
#define DPFLTR_INFO_LEVEL 3
#define DPFLTR_MASK 0x8000000
/* Well-known LUID values */
#define SE_MIN_WELL_KNOWN_PRIVILEGE 2
#define SE_CREATE_TOKEN_PRIVILEGE 2
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
#define SE_LOCK_MEMORY_PRIVILEGE 4
#define SE_INCREASE_QUOTA_PRIVILEGE 5
#define SE_UNSOLICITED_INPUT_PRIVILEGE 6 /* obsolete */
#define SE_MACHINE_ACCOUNT_PRIVILEGE 6
#define SE_TCB_PRIVILEGE 7
#define SE_SECURITY_PRIVILEGE 8
#define SE_TAKE_OWNERSHIP_PRIVILEGE 9
#define SE_LOAD_DRIVER_PRIVILEGE 10
#define SE_SYSTEM_PROFILE_PRIVILEGE 11
#define SE_SYSTEMTIME_PRIVILEGE 12
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
#define SE_INC_BASE_PRIORITY_PRIVILEGE 14
#define SE_CREATE_PAGEFILE_PRIVILEGE 15
#define SE_CREATE_PERMANENT_PRIVILEGE 16
#define SE_BACKUP_PRIVILEGE 17
#define SE_RESTORE_PRIVILEGE 18
#define SE_SHUTDOWN_PRIVILEGE 19
#define SE_DEBUG_PRIVILEGE 20
#define SE_AUDIT_PRIVILEGE 21
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
#define SE_CHANGE_NOTIFY_PRIVILEGE 23
#define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
#define SE_UNDOCK_PRIVILEGE 25
#define SE_SYNC_AGENT_PRIVILEGE 26
#define SE_ENABLE_DELEGATION_PRIVILEGE 27
#define SE_MANAGE_VOLUME_PRIVILEGE 28
#define SE_IMPERSONATE_PRIVILEGE 29
#define SE_CREATE_GLOBAL_PRIVILEGE 30
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE
/* NtGlobalFlag bits */
#define FLG_STOP_ON_EXCEPTION 0x00000001
#define FLG_SHOW_LDR_SNAPS 0x00000002
#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
#define FLG_STOP_ON_HUNG_GUI 0x00000008
#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
#define FLG_HEAP_VALIDATE_ALL 0x00000080
#define FLG_APPLICATION_VERIFIER 0x00000100
#define FLG_POOL_ENABLE_TAGGING 0x00000400
#define FLG_HEAP_ENABLE_TAGGING 0x00000800
#define FLG_USER_STACK_TRACE_DB 0x00001000
#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
#define FLG_DISABLE_STACK_EXTENSION 0x00010000
#define FLG_ENABLE_CSRDEBUG 0x00020000
#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
#define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
#define FLG_HEAP_DISABLE_COALESCING 0x00200000
#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
#define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
#define FLG_HEAP_PAGE_ALLOCS 0x02000000
#define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
#define FLG_DISABLE_DBGPRINT 0x08000000
#define FLG_CRITSEC_EVENT_CREATION 0x10000000
#define FLG_LDR_TOP_DOWN 0x20000000
#define FLG_ENABLE_HANDLE_EXCEPTIONS 0x40000000
#define FLG_DISABLE_PROTDLLS 0x80000000
/* Rtl*Registry* functions structs and defines */
#define RTL_REGISTRY_ABSOLUTE 0
#define RTL_REGISTRY_SERVICES 1
#define RTL_REGISTRY_CONTROL 2
#define RTL_REGISTRY_WINDOWS_NT 3
#define RTL_REGISTRY_DEVICEMAP 4
#define RTL_REGISTRY_USER 5
#define RTL_REGISTRY_HANDLE 0x40000000
#define RTL_REGISTRY_OPTIONAL 0x80000000
#define RTL_QUERY_REGISTRY_SUBKEY 0x00000001
#define RTL_QUERY_REGISTRY_TOPKEY 0x00000002
#define RTL_QUERY_REGISTRY_REQUIRED 0x00000004
#define RTL_QUERY_REGISTRY_NOVALUE 0x00000008
#define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010
#define RTL_QUERY_REGISTRY_DIRECT 0x00000020
#define RTL_QUERY_REGISTRY_DELETE 0x00000040
#define RTL_QUERY_REGISTRY_TYPECHECK 0x00000100
#define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
typedef NTSTATUS (WINAPI *PRTL_QUERY_REGISTRY_ROUTINE)( PCWSTR ValueName,
ULONG ValueType,
PVOID ValueData,
ULONG ValueLength,
PVOID Context,
PVOID EntryContext);
typedef struct _RTL_QUERY_REGISTRY_TABLE
{
PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
ULONG Flags;
PWSTR Name;
PVOID EntryContext;
ULONG DefaultType;
PVOID DefaultData;
ULONG DefaultLength;
} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
typedef struct _KEY_MULTIPLE_VALUE_INFORMATION
{
PUNICODE_STRING ValueName;
ULONG DataLength;
ULONG DataOffset;
ULONG Type;
} KEY_MULTIPLE_VALUE_INFORMATION, *PKEY_MULTIPLE_VALUE_INFORMATION;
typedef VOID (CALLBACK *PRTL_OVERLAPPED_COMPLETION_ROUTINE)(DWORD,DWORD,LPVOID);
typedef VOID (CALLBACK *PTIMER_APC_ROUTINE) ( PVOID, ULONG, LONG );
typedef enum _EVENT_INFORMATION_CLASS {
EventBasicInformation
} EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS;
typedef struct _EVENT_BASIC_INFORMATION {
EVENT_TYPE EventType;
LONG EventState;
} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
typedef enum _SEMAPHORE_INFORMATION_CLASS {
SemaphoreBasicInformation
} SEMAPHORE_INFORMATION_CLASS, *PSEMAPHORE_INFORMATION_CLASS;
typedef struct _SEMAPHORE_BASIC_INFORMATION {
ULONG CurrentCount;
ULONG MaximumCount;
} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
typedef enum _SECTION_INFORMATION_CLASS
{
SectionBasicInformation,
SectionImageInformation,
SectionRelocationInformation,
SectionOriginalBaseInformation,
SectionInternalImageInformation
} SECTION_INFORMATION_CLASS;
typedef struct _SECTION_BASIC_INFORMATION {
PVOID BaseAddress;
ULONG Attributes;
LARGE_INTEGER Size;
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
typedef struct _SECTION_IMAGE_INFORMATION {
PVOID TransferAddress;
ULONG ZeroBits;
SIZE_T MaximumStackSize;
SIZE_T CommittedStackSize;
ULONG SubSystemType;
USHORT MinorSubsystemVersion;
USHORT MajorSubsystemVersion;
USHORT MajorOperatingSystemVersion;
USHORT MinorOperatingSystemVersion;
USHORT ImageCharacteristics;
USHORT DllCharacteristics;
USHORT Machine;
BOOLEAN ImageContainsCode;
union
{
UCHAR ImageFlags;
struct
{
UCHAR ComPlusNativeReady : 1;
UCHAR ComPlusILOnly : 1;
UCHAR ImageDynamicallyRelocated : 1;
UCHAR ImageMappedFlat : 1;
UCHAR BaseBelow4gb : 1;
UCHAR ComPlusPrefer32bit : 1;
#ifdef __WINESRC__ /* Wine extensions */
UCHAR WineBuiltin : 1;
UCHAR WineFakeDll : 1;
#else
UCHAR Reserved : 2;
#endif
} DUMMYSTRUCTNAME;
} DUMMYUNIONNAME;
ULONG LoaderFlags;
ULONG ImageFileSize;
ULONG CheckSum;
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
typedef struct _LPC_SECTION_WRITE {
ULONG Length;
HANDLE SectionHandle;
ULONG SectionOffset;
ULONG ViewSize;
PVOID ViewBase;
PVOID TargetViewBase;
} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
typedef struct _LPC_SECTION_READ {
ULONG Length;
ULONG ViewSize;
PVOID ViewBase;
} LPC_SECTION_READ, *PLPC_SECTION_READ;
typedef struct _LPC_MESSAGE {
USHORT DataSize;
USHORT MessageSize;
USHORT MessageType;
USHORT VirtualRangesOffset;
CLIENT_ID ClientId;
ULONG_PTR MessageId;
ULONG_PTR SectionSize;
UCHAR Data[ANYSIZE_ARRAY];
} LPC_MESSAGE, *PLPC_MESSAGE;
typedef struct _RTL_USER_PROCESS_INFORMATION
{
ULONG Length;
HANDLE Process;
HANDLE Thread;
CLIENT_ID ClientId;
SECTION_IMAGE_INFORMATION ImageInformation;
} RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION;
typedef enum _SHUTDOWN_ACTION {
ShutdownNoReboot,
ShutdownReboot,
ShutdownPowerOff
} SHUTDOWN_ACTION, *PSHUTDOWN_ACTION;
typedef struct _COUNTED_REASON_CONTEXT
{
ULONG Version;
ULONG Flags;
union
{
struct
{
UNICODE_STRING ResourceFileName;
USHORT ResourceReasonId;
ULONG StringCount;
UNICODE_STRING *ReasonStrings;
} DUMMYSTRUCTNAME;
UNICODE_STRING SimpleString;
} DUMMYUNIONNAME;
} COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT;
typedef enum _KPROFILE_SOURCE {
ProfileTime,
ProfileAlignmentFixup,
ProfileTotalIssues,
ProfilePipelineDry,
ProfileLoadInstructions,
ProfilePipelineFrozen,
ProfileBranchInstructions,
ProfileTotalNonissues,
ProfileDcacheMisses,
ProfileIcacheMisses,
ProfileCacheMisses,
ProfileBranchMispredictions,
ProfileStoreInstructions,
ProfileFpInstructions,
ProfileIntegerInstructions,
Profile2Issue,
Profile3Issue,
Profile4Issue,
ProfileSpecialInstructions,
ProfileTotalCycles,
ProfileIcacheIssues,
ProfileDcacheAccesses,
ProfileMemoryBarrierCycles,
ProfileLoadLinkedIssues,
ProfileMaximum
} KPROFILE_SOURCE, *PKPROFILE_SOURCE;
typedef struct _DIRECTORY_BASIC_INFORMATION {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName;
} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
typedef struct _INITIAL_TEB {
void *OldStackBase;
void *OldStackLimit;
void *StackBase;
void *StackLimit;
void *DeallocationStack;
} INITIAL_TEB, *PINITIAL_TEB;
typedef enum _PORT_INFORMATION_CLASS {
PortNoInformation
} PORT_INFORMATION_CLASS, *PPORT_INFORMATION_CLASS;
typedef enum _IO_COMPLETION_INFORMATION_CLASS {
IoCompletionBasicInformation
} IO_COMPLETION_INFORMATION_CLASS, *PIO_COMPLETION_INFORMATION_CLASS;
typedef struct _FILE_COMPLETION_INFORMATION {
HANDLE CompletionPort;
ULONG_PTR CompletionKey;
} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
#define IO_COMPLETION_QUERY_STATE 0x0001
#define IO_COMPLETION_MODIFY_STATE 0x0002
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
typedef struct _FILE_IO_COMPLETION_INFORMATION {
ULONG_PTR CompletionKey;
ULONG_PTR CompletionValue;
IO_STATUS_BLOCK IoStatusBlock;
} FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION;
typedef enum _HARDERROR_RESPONSE_OPTION {
OptionAbortRetryIgnore,
OptionOk,
OptionOkCancel,
OptionRetryCancel,
OptionYesNo,
OptionYesNoCancel,
OptionShutdownSystem
} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
typedef enum _HARDERROR_RESPONSE {
ResponseReturnToCaller,
ResponseNotHandled,
ResponseAbort,
ResponseCancel,
ResponseIgnore,
ResponseNo,
ResponseOk,
ResponseRetry,
ResponseYes
} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
typedef enum _SYSDBG_COMMAND {
SysDbgQueryModuleInformation,
SysDbgQueryTraceInformation,
SysDbgSetTracepoint,
SysDbgSetSpecialCall,
SysDbgClearSpecialCalls,
SysDbgQuerySpecialCalls,
SysDbgBreakPoint,
SysDbgQueryVersion,
SysDbgReadVirtual,
SysDbgWriteVirtual,
SysDbgReadPhysical,
SysDbgWritePhysical,
SysDbgReadControlSpace,
SysDbgWriteControlSpace,
SysDbgReadIoSpace,
SysDbgWriteIoSpace,
SysDbgReadMsr,
SysDbgWriteMsr,
SysDbgReadBusData,
SysDbgWriteBusData
} SYSDBG_COMMAND, *PSYSDBG_COMMAND;
typedef struct _CPTABLEINFO
{
USHORT CodePage;
USHORT MaximumCharacterSize;
USHORT DefaultChar;
USHORT UniDefaultChar;
USHORT TransDefaultChar;
USHORT TransUniDefaultChar;
USHORT DBCSCodePage;
UCHAR LeadByte[12];
USHORT *MultiByteTable;
void *WideCharTable;
USHORT *DBCSRanges;
USHORT *DBCSOffsets;
} CPTABLEINFO, *PCPTABLEINFO;
typedef struct _NLSTABLEINFO
{
CPTABLEINFO OemTableInfo;
CPTABLEINFO AnsiTableInfo;
USHORT *UpperCaseTable;
USHORT *LowerCaseTable;
} NLSTABLEINFO, *PNLSTABLEINFO;
/*************************************************************************
* Loader structures
*
* Those are not part of standard Winternl.h
*/
typedef struct _LDR_SERVICE_TAG_RECORD
{
struct _LDR_SERVICE_TAG_RECORD *Next;
ULONG ServiceTag;
} LDR_SERVICE_TAG_RECORD, *PLDR_SERVICE_TAG_RECORD;
typedef struct _LDRP_CSLIST
{
SINGLE_LIST_ENTRY *Tail;
} LDRP_CSLIST, *PLDRP_CSLIST;
typedef enum _LDR_DDAG_STATE
{
LdrModulesMerged = -5,
LdrModulesInitError = -4,
LdrModulesSnapError = -3,
LdrModulesUnloaded = -2,
LdrModulesUnloading = -1,
LdrModulesPlaceHolder = 0,
LdrModulesMapping = 1,
LdrModulesMapped = 2,
LdrModulesWaitingForDependencies = 3,
LdrModulesSnapping = 4,
LdrModulesSnapped = 5,
LdrModulesCondensed = 6,
LdrModulesReadyToInit = 7,
LdrModulesInitializing = 8,
LdrModulesReadyToRun = 9,
} LDR_DDAG_STATE;
typedef struct _LDR_DDAG_NODE
{
LIST_ENTRY Modules;
LDR_SERVICE_TAG_RECORD *ServiceTagList;
ULONG LoadCount;
ULONG ReferenceCount;
ULONG DependencyCount;
union
{
LDRP_CSLIST Dependencies;
SINGLE_LIST_ENTRY RemovalLink;
};
LDRP_CSLIST IncomingDependencies;
LDR_DDAG_STATE State;
SINGLE_LIST_ENTRY CondenseLink;
ULONG PreorderNumber;
ULONG LowestLink;
} LDR_DDAG_NODE, *PLDR_DDAG_NODE;
typedef enum _LDR_DLL_LOAD_REASON
{
LoadReasonStaticDependency,
LoadReasonStaticForwarderDependency,
LoadReasonDynamicForwarderDependency,
LoadReasonDelayloadDependency,
LoadReasonDynamicLoad,
LoadReasonAsImageLoad,
LoadReasonAsDataLoad,
LoadReasonUnknown = -1
} LDR_DLL_LOAD_REASON, *PLDR_DLL_LOAD_REASON;
typedef struct _LDR_DATA_TABLE_ENTRY
{
LIST_ENTRY InLoadOrderLinks;
LIST_ENTRY InMemoryOrderLinks;
LIST_ENTRY InInitializationOrderLinks;
void* DllBase;
void* EntryPoint;
ULONG SizeOfImage;
UNICODE_STRING FullDllName;
UNICODE_STRING BaseDllName;
ULONG Flags;
SHORT LoadCount;
SHORT TlsIndex;
HANDLE SectionHandle;
ULONG CheckSum;
ULONG TimeDateStamp;
HANDLE ActivationContext;
void* Lock;
LDR_DDAG_NODE* DdagNode;
LIST_ENTRY NodeModuleLink;
struct _LDRP_LOAD_CONTEXT *LoadContext;
void* ParentDllBase;
void* SwitchBackContext;
RTL_BALANCED_NODE BaseAddressIndexNode;
RTL_BALANCED_NODE MappingInfoIndexNode;
ULONG_PTR OriginalBase;
LARGE_INTEGER LoadTime;
ULONG BaseNameHashValue;
LDR_DLL_LOAD_REASON LoadReason;
ULONG ImplicitPathOptions;
ULONG ReferenceCount;
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
{
ULONG Flags;
const UNICODE_STRING *FullDllName;
const UNICODE_STRING *BaseDllName;
void *DllBase;
ULONG SizeOfImage;
} LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA;
typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA
{
ULONG Flags;
const UNICODE_STRING *FullDllName;
const UNICODE_STRING *BaseDllName;
void *DllBase;
ULONG SizeOfImage;
} LDR_DLL_UNLOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
typedef union _LDR_DLL_NOTIFICATION_DATA
{
LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
} LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA;
typedef void (CALLBACK *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG, LDR_DLL_NOTIFICATION_DATA*, void*);
/* those defines are (some of the) regular LDR_DATA_TABLE_ENTRY.Flags values */
#define LDR_IMAGE_IS_DLL 0x00000004
#define LDR_LOAD_IN_PROGRESS 0x00001000
#define LDR_UNLOAD_IN_PROGRESS 0x00002000
#define LDR_NO_DLL_CALLS 0x00040000
#define LDR_PROCESS_ATTACHED 0x00080000
#define LDR_COR_IMAGE 0x00400000
#define LDR_COR_ILONLY 0x01000000
/* these ones is Wine specific */
#define LDR_DONT_RESOLVE_REFS 0x40000000
#define LDR_WINE_INTERNAL 0x80000000
/* flag for LdrAddRefDll */
#define LDR_ADDREF_DLL_PIN 0x00000001
#define LDR_DLL_NOTIFICATION_REASON_LOADED 1
#define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2
/* FIXME: to be checked */
#define MAXIMUM_FILENAME_LENGTH 256
typedef struct _SYSTEM_MODULE
{
PVOID Section; /* 00/00 */
PVOID MappedBaseAddress; /* 04/08 */
PVOID ImageBaseAddress; /* 08/10 */
ULONG ImageSize; /* 0c/18 */
ULONG Flags; /* 10/1c */
WORD LoadOrderIndex; /* 14/20 */
WORD InitOrderIndex; /* 16/22 */
WORD LoadCount; /* 18/24 */
WORD NameOffset; /* 1a/26 */
BYTE Name[MAXIMUM_FILENAME_LENGTH]; /* 1c/28 */
} SYSTEM_MODULE, *PSYSTEM_MODULE;
typedef struct _SYSTEM_MODULE_INFORMATION
{
ULONG ModulesCount;
SYSTEM_MODULE Modules[1]; /* FIXME: should be Modules[0] */
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020
#define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040
#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080
#define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100
#define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200
#define PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN 0x00000400
typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX
{
USHORT NextOffset;
SYSTEM_MODULE BaseInfo;
ULONG ImageCheckSum;
ULONG TimeDateStamp;
void *DefaultBase;
} RTL_PROCESS_MODULE_INFORMATION_EX;
#define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001
#define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002
#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004
#define THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR 0x00000010
#define THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET 0x00000020
#define THREAD_CREATE_FLAGS_INITIAL_THREAD 0x00000080
typedef LONG (CALLBACK *PRTL_EXCEPTION_FILTER)(PEXCEPTION_POINTERS);
typedef void (CALLBACK *PTP_IO_CALLBACK)(PTP_CALLBACK_INSTANCE,void*,void*,IO_STATUS_BLOCK*,PTP_IO);
#define PS_ATTRIBUTE_THREAD 0x00010000
#define PS_ATTRIBUTE_INPUT 0x00020000
#define PS_ATTRIBUTE_ADDITIVE 0x00040000
typedef enum _PS_ATTRIBUTE_NUM
{
PsAttributeParentProcess,
PsAttributeDebugPort,
PsAttributeToken,
PsAttributeClientId,
PsAttributeTebAddress,
PsAttributeImageName,
PsAttributeImageInfo,
PsAttributeMemoryReserve,
PsAttributePriorityClass,
PsAttributeErrorMode,
PsAttributeStdHandleInfo,
PsAttributeHandleList,
PsAttributeGroupAffinity,
PsAttributePreferredNode,
PsAttributeIdealProcessor,
PsAttributeUmsThread,
PsAttributeMitigationOptions,
PsAttributeProtectionLevel,
PsAttributeSecureProcess,
PsAttributeJobList,
PsAttributeChildProcessPolicy,
PsAttributeAllApplicationPackagesPolicy,
PsAttributeWin32kFilter,
PsAttributeSafeOpenPromptOriginClaim,
PsAttributeBnoIsolation,
PsAttributeDesktopAppPolicy,
PsAttributeChpe,
PsAttributeMax
} PS_ATTRIBUTE_NUM;
#define PS_ATTRIBUTE_PARENT_PROCESS (PsAttributeParentProcess | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_ADDITIVE)
#define PS_ATTRIBUTE_DEBUG_PORT (PsAttributeDebugPort | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_ADDITIVE)
#define PS_ATTRIBUTE_TOKEN (PsAttributeToken | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_ADDITIVE)
#define PS_ATTRIBUTE_CLIENT_ID (PsAttributeClientId | PS_ATTRIBUTE_THREAD)
#define PS_ATTRIBUTE_TEB_ADDRESS (PsAttributeTebAddress | PS_ATTRIBUTE_THREAD)
#define PS_ATTRIBUTE_IMAGE_NAME (PsAttributeImageName | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_IMAGE_INFO (PsAttributeImageInfo)
#define PS_ATTRIBUTE_MEMORY_RESERVE (PsAttributeMemoryReserve | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_PRIORITY_CLASS (PsAttributePriorityClass | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_ERROR_MODE (PsAttributeErrorMode | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_STD_HANDLE_INFO (PsAttributeStdHandleInfo | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_HANDLE_LIST (PsAttributeHandleList | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_GROUP_AFFINITY (PsAttributeGroupAffinity | PS_ATTRIBUTE_THREAD | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_PREFERRED_NODE (PsAttributePreferredNode | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_IDEAL_PROCESSOR (PsAttributeIdealProcessor | PS_ATTRIBUTE_THREAD | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_MITIGATION_OPTIONS (PsAttributeMitigationOptions | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_UNKNOWN)
#define PS_ATTRIBUTE_PROTECTION_LEVEL (PsAttributeProtectionLevel | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_UNKNOWN)
#define PS_ATTRIBUTE_SECURE_PROCESS (PsAttributeSecureProcess | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_JOB_LIST (PsAttributeJobList | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_CHILD_PROCESS_POLICY (PsAttributeChildProcessPolicy | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY (PsAttributeAllApplicationPackagesPolicy | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_WIN32K_FILTER (PsAttributeWin32kFilter | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM (PsAttributeSafeOpenPromptOriginClaim | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_BNO_ISOLATION (PsAttributeBnoIsolation | PS_ATTRIBUTE_INPUT)
#define PS_ATTRIBUTE_DESKTOP_APP_POLICY (PsAttributeDesktopAppPolicy | PS_ATTRIBUTE_INPUT)
typedef struct _PS_ATTRIBUTE
{
ULONG_PTR Attribute;
SIZE_T Size;
union
{
ULONG_PTR Value;
void *ValuePtr;
};
SIZE_T *ReturnLength;
} PS_ATTRIBUTE;
typedef struct _PS_ATTRIBUTE_LIST
{
SIZE_T TotalLength;
PS_ATTRIBUTE Attributes[1];
} PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST;
typedef enum _PS_CREATE_STATE
{
PsCreateInitialState,
PsCreateFailOnFileOpen,
PsCreateFailOnSectionCreate,
PsCreateFailExeFormat,
PsCreateFailMachineMismatch,
PsCreateFailExeName,
PsCreateSuccess,
PsCreateMaximumStates
} PS_CREATE_STATE;
typedef struct _PS_CREATE_INFO
{
SIZE_T Size;
PS_CREATE_STATE State;
union
{
struct
{
union
{
ULONG InitFlags;
struct
{
UCHAR WriteOutputOnExit : 1;
UCHAR DetectManifest : 1;
UCHAR IFEOSkipDebugger : 1;
UCHAR IFEODoNotPropagateKeyState : 1;
UCHAR SpareBits1 : 4;
UCHAR SpareBits2 : 8;
USHORT ProhibitedImageCharacteristics : 16;
};
};
ACCESS_MASK AdditionalFileAccess;
} InitState;
struct
{
HANDLE FileHandle;
} FailSection;
struct
{
USHORT DllCharacteristics;
} ExeFormat;
struct
{
HANDLE IFEOKey;
} ExeName;
struct
{
union
{
ULONG OutputFlags;
struct
{
UCHAR ProtectedProcess : 1;
UCHAR AddressSpaceOverride : 1;
UCHAR DevOverrideEnabled : 1;
UCHAR ManifestDetected : 1;
UCHAR ProtectedProcessLight : 1;
UCHAR SpareBits1 : 3;
UCHAR SpareBits2 : 8;
USHORT SpareBits3 : 16;
};
};
HANDLE FileHandle;
HANDLE SectionHandle;
ULONGLONG UserProcessParametersNative;
ULONG UserProcessParametersWow64;
ULONG CurrentParameterFlags;
ULONGLONG PebAddressNative;
ULONG PebAddressWow64;
ULONGLONG ManifestAddress;
ULONG ManifestSize;
} SuccessState;
};
} PS_CREATE_INFO, *PPS_CREATE_INFO;
typedef struct _DBGKM_EXCEPTION
{
EXCEPTION_RECORD ExceptionRecord;
ULONG FirstChance;
} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
typedef struct _DBGKM_CREATE_THREAD
{
ULONG SubSystemKey;
PVOID StartAddress;
} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
typedef struct _DBGKM_CREATE_PROCESS
{
ULONG SubSystemKey;
HANDLE FileHandle;
PVOID BaseOfImage;
ULONG DebugInfoFileOffset;
ULONG DebugInfoSize;
DBGKM_CREATE_THREAD InitialThread;
} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
typedef struct _DBGKM_EXIT_THREAD
{
NTSTATUS ExitStatus;
} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
typedef struct _DBGKM_EXIT_PROCESS
{
NTSTATUS ExitStatus;
} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
typedef struct _DBGKM_LOAD_DLL
{
HANDLE FileHandle;
PVOID BaseOfDll;
ULONG DebugInfoFileOffset;
ULONG DebugInfoSize;
PVOID NamePointer;
} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
typedef struct _DBGKM_UNLOAD_DLL
{
PVOID BaseAddress;
} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
typedef enum _DBG_STATE
{
DbgIdle,
DbgReplyPending,
DbgCreateThreadStateChange,
DbgCreateProcessStateChange,
DbgExitThreadStateChange,
DbgExitProcessStateChange,
DbgExceptionStateChange,
DbgBreakpointStateChange,
DbgSingleStepStateChange,
DbgLoadDllStateChange,
DbgUnloadDllStateChange
} DBG_STATE, *PDBG_STATE;
typedef struct _DBGUI_CREATE_THREAD
{
HANDLE HandleToThread;
DBGKM_CREATE_THREAD NewThread;
} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
typedef struct _DBGUI_CREATE_PROCESS
{
HANDLE HandleToProcess;
HANDLE HandleToThread;
DBGKM_CREATE_PROCESS NewProcess;
} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
typedef struct _DBGUI_WAIT_STATE_CHANGE
{
DBG_STATE NewState;
CLIENT_ID AppClientId;
union
{
DBGKM_EXCEPTION Exception;
DBGUI_CREATE_THREAD CreateThread;
DBGUI_CREATE_PROCESS CreateProcessInfo;
DBGKM_EXIT_THREAD ExitThread;
DBGKM_EXIT_PROCESS ExitProcess;
DBGKM_LOAD_DLL LoadDll;
DBGKM_UNLOAD_DLL UnloadDll;
} StateInfo;
} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
struct _DEBUG_EVENT;
#define DEBUG_READ_EVENT 0x0001
#define DEBUG_PROCESS_ASSIGN 0x0002
#define DEBUG_SET_INFORMATION 0x0004
#define DEBUG_QUERY_INFORMATION 0x0008
#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x0f)
#define DEBUG_KILL_ON_CLOSE 0x1
typedef enum _DEBUGOBJECTINFOCLASS
{
DebugObjectKillProcessOnExitInformation = 1,
MaxDebugObjectInfoClass
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
/***********************************************************************
* Function declarations
*/
NTSYSAPI void WINAPI DbgBreakPoint(void);
NTSYSAPI NTSTATUS WINAPIV DbgPrint(LPCSTR fmt, ...);
NTSYSAPI NTSTATUS WINAPIV DbgPrintEx(ULONG iComponentId, ULONG Level, LPCSTR fmt, ...);
NTSYSAPI NTSTATUS WINAPI DbgUiConnectToDbg(void);
NTSYSAPI NTSTATUS WINAPI DbgUiContinue(CLIENT_ID*,NTSTATUS);
NTSYSAPI NTSTATUS WINAPI DbgUiConvertStateChangeStructure(DBGUI_WAIT_STATE_CHANGE*,struct _DEBUG_EVENT*);
NTSYSAPI NTSTATUS WINAPI DbgUiDebugActiveProcess(HANDLE);
NTSYSAPI HANDLE WINAPI DbgUiGetThreadDebugObject(void);
NTSYSAPI NTSTATUS WINAPI DbgUiIssueRemoteBreakin(HANDLE);
NTSYSAPI void WINAPI DbgUiRemoteBreakin(void*);
NTSYSAPI void WINAPI DbgUiSetThreadDebugObject(HANDLE);
NTSYSAPI NTSTATUS WINAPI DbgUiStopDebugging(HANDLE);
NTSYSAPI NTSTATUS WINAPI DbgUiWaitStateChange(DBGUI_WAIT_STATE_CHANGE*,LARGE_INTEGER*);
NTSYSAPI void WINAPI DbgUserBreakPoint(void);
NTSYSAPI NTSTATUS WINAPI LdrAccessResource(HMODULE,const IMAGE_RESOURCE_DATA_ENTRY*,void**,PULONG);
NTSYSAPI NTSTATUS WINAPI LdrAddDllDirectory(const UNICODE_STRING*,void**);
NTSYSAPI NTSTATUS WINAPI LdrAddRefDll(ULONG,HMODULE);
NTSYSAPI NTSTATUS WINAPI LdrDisableThreadCalloutsForDll(HMODULE);
NTSYSAPI NTSTATUS WINAPI LdrFindEntryForAddress(const void*, PLDR_DATA_TABLE_ENTRY*);
NTSYSAPI NTSTATUS WINAPI LdrFindResourceDirectory_U(HMODULE,const LDR_RESOURCE_INFO*,ULONG,const IMAGE_RESOURCE_DIRECTORY**);
NTSYSAPI NTSTATUS WINAPI LdrFindResource_U(HMODULE,const LDR_RESOURCE_INFO*,ULONG,const IMAGE_RESOURCE_DATA_ENTRY**);
NTSYSAPI NTSTATUS WINAPI LdrGetDllDirectory(UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI LdrGetDllHandle(LPCWSTR, ULONG, const UNICODE_STRING*, HMODULE*);
NTSYSAPI NTSTATUS WINAPI LdrGetDllPath(PCWSTR,ULONG,PWSTR*,PWSTR*);
NTSYSAPI NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE, const ANSI_STRING*, ULONG, void**);
NTSYSAPI NTSTATUS WINAPI LdrLoadDll(LPCWSTR, DWORD, const UNICODE_STRING*, HMODULE*);
NTSYSAPI NTSTATUS WINAPI LdrLockLoaderLock(ULONG,ULONG*,ULONG_PTR*);
IMAGE_BASE_RELOCATION * WINAPI LdrProcessRelocationBlock(void*,UINT,USHORT*,INT_PTR);
NTSYSAPI NTSTATUS WINAPI LdrQueryImageFileExecutionOptions(const UNICODE_STRING*,LPCWSTR,ULONG,void*,ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI LdrQueryProcessModuleInformation(SYSTEM_MODULE_INFORMATION*, ULONG, ULONG*);
NTSYSAPI NTSTATUS WINAPI LdrRegisterDllNotification(ULONG,PLDR_DLL_NOTIFICATION_FUNCTION,void*,void**);
NTSYSAPI NTSTATUS WINAPI LdrRemoveDllDirectory(void*);
NTSYSAPI NTSTATUS WINAPI LdrSetDefaultDllDirectories(ULONG);
NTSYSAPI NTSTATUS WINAPI LdrSetDllDirectory(const UNICODE_STRING*);
NTSYSAPI void WINAPI LdrShutdownProcess(void);
NTSYSAPI void WINAPI LdrShutdownThread(void);
NTSYSAPI NTSTATUS WINAPI LdrUnloadDll(HMODULE);
NTSYSAPI NTSTATUS WINAPI LdrUnlockLoaderLock(ULONG,ULONG_PTR);
NTSYSAPI NTSTATUS WINAPI LdrUnregisterDllNotification(void*);
NTSYSAPI NTSTATUS WINAPI NtAcceptConnectPort(PHANDLE,ULONG,PLPC_MESSAGE,BOOLEAN,PLPC_SECTION_WRITE,PLPC_SECTION_READ);
NTSYSAPI NTSTATUS WINAPI NtAccessCheck(PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,PGENERIC_MAPPING,PPRIVILEGE_SET,PULONG,PULONG,NTSTATUS*);
NTSYSAPI NTSTATUS WINAPI NtAccessCheckAndAuditAlarm(PUNICODE_STRING,HANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,ACCESS_MASK,PGENERIC_MAPPING,BOOLEAN,PACCESS_MASK,PBOOLEAN,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtAddAtom(const WCHAR*,ULONG,RTL_ATOM*);
NTSYSAPI NTSTATUS WINAPI NtAdjustGroupsToken(HANDLE,BOOLEAN,PTOKEN_GROUPS,ULONG,PTOKEN_GROUPS,PULONG);
NTSYSAPI NTSTATUS WINAPI NtAdjustPrivilegesToken(HANDLE,BOOLEAN,PTOKEN_PRIVILEGES,DWORD,PTOKEN_PRIVILEGES,PDWORD);
NTSYSAPI NTSTATUS WINAPI NtAlertResumeThread(HANDLE,PULONG);
NTSYSAPI NTSTATUS WINAPI NtAlertThread(HANDLE ThreadHandle);
NTSYSAPI NTSTATUS WINAPI NtAllocateLocallyUniqueId(PLUID lpLuid);
NTSYSAPI NTSTATUS WINAPI NtAllocateUuids(PULARGE_INTEGER,PULONG,PULONG,PUCHAR);
NTSYSAPI NTSTATUS WINAPI NtAllocateVirtualMemory(HANDLE,PVOID*,ULONG_PTR,SIZE_T*,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI NtAllocateVirtualMemoryEx(HANDLE,PVOID*,SIZE_T*,ULONG,ULONG,MEM_EXTENDED_PARAMETER*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtAreMappedFilesTheSame(PVOID,PVOID);
NTSYSAPI NTSTATUS WINAPI NtAssignProcessToJobObject(HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtCallbackReturn(PVOID,ULONG,NTSTATUS);
NTSYSAPI NTSTATUS WINAPI NtCancelIoFile(HANDLE,PIO_STATUS_BLOCK);
NTSYSAPI NTSTATUS WINAPI NtCancelIoFileEx(HANDLE,PIO_STATUS_BLOCK,PIO_STATUS_BLOCK);
NTSYSAPI NTSTATUS WINAPI NtCancelTimer(HANDLE, BOOLEAN*);
NTSYSAPI NTSTATUS WINAPI NtClearEvent(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtClearPowerRequest(HANDLE,POWER_REQUEST_TYPE);
NTSYSAPI NTSTATUS WINAPI NtClose(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtCloseObjectAuditAlarm(PUNICODE_STRING,HANDLE,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtCompleteConnectPort(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PLPC_SECTION_READ,PULONG,PVOID,PULONG);
NTSYSAPI NTSTATUS WINAPI NtContinue(PCONTEXT,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtCreateDebugObject(HANDLE*,ACCESS_MASK,OBJECT_ATTRIBUTES*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtCreateDirectoryObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
NTSYSAPI NTSTATUS WINAPI NtCreateEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *,EVENT_TYPE,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtCreateEventPair(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
NTSYSAPI NTSTATUS WINAPI NtCreateFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtCreateIoCompletion(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,ULONG);
NTSYSAPI NTSTATUS WINAPI NtCreateJobObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtCreateKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtCreateKeyTransacted(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,HANDLE,ULONG*);
NTSYSAPI NTSTATUS WINAPI NtCreateKeyedEvent(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtCreateMailslotFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG,ULONG,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtCreateMutant(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtCreateNamedPipeFile(PHANDLE,ULONG,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtCreatePagingFile(PUNICODE_STRING,PLARGE_INTEGER,PLARGE_INTEGER,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtCreatePort(PHANDLE,POBJECT_ATTRIBUTES,ULONG,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtCreatePowerRequest(HANDLE*,COUNTED_REASON_CONTEXT*);
NTSYSAPI NTSTATUS WINAPI NtCreateProcess(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,HANDLE,BOOLEAN,HANDLE,HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtCreateProfile(PHANDLE,HANDLE,PVOID,ULONG,ULONG,PVOID,ULONG,KPROFILE_SOURCE,KAFFINITY);
NTSYSAPI NTSTATUS WINAPI NtCreateSection(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const LARGE_INTEGER*,ULONG,ULONG,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtCreateSemaphore(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,LONG,LONG);
NTSYSAPI NTSTATUS WINAPI NtCreateSymbolicLinkObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI NtCreateThread(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,HANDLE,PCLIENT_ID,PCONTEXT,PINITIAL_TEB,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtCreateThreadEx(HANDLE*,ACCESS_MASK,OBJECT_ATTRIBUTES*,HANDLE,PRTL_THREAD_START_ROUTINE,void*,ULONG,SIZE_T,SIZE_T,SIZE_T,PS_ATTRIBUTE_LIST*);
NTSYSAPI NTSTATUS WINAPI NtCreateTimer(HANDLE*, ACCESS_MASK, const OBJECT_ATTRIBUTES*, TIMER_TYPE);
NTSYSAPI NTSTATUS WINAPI NtCreateToken(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,TOKEN_TYPE,PLUID,PLARGE_INTEGER,PTOKEN_USER,PTOKEN_GROUPS,PTOKEN_PRIVILEGES,PTOKEN_OWNER,PTOKEN_PRIMARY_GROUP,PTOKEN_DEFAULT_DACL,PTOKEN_SOURCE);
NTSYSAPI NTSTATUS WINAPI NtCreateUserProcess(HANDLE*,HANDLE*,ACCESS_MASK,ACCESS_MASK,OBJECT_ATTRIBUTES*,OBJECT_ATTRIBUTES*,ULONG,ULONG,RTL_USER_PROCESS_PARAMETERS*,PS_CREATE_INFO*,PS_ATTRIBUTE_LIST*);
NTSYSAPI NTSTATUS WINAPI NtDebugActiveProcess(HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtDebugContinue(HANDLE,CLIENT_ID*,NTSTATUS);
NTSYSAPI NTSTATUS WINAPI NtDelayExecution(BOOLEAN,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtDeleteAtom(RTL_ATOM);
NTSYSAPI NTSTATUS WINAPI NtDeleteFile(POBJECT_ATTRIBUTES);
NTSYSAPI NTSTATUS WINAPI NtDeleteKey(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtDeleteValueKey(HANDLE,const UNICODE_STRING *);
NTSYSAPI NTSTATUS WINAPI NtDeviceIoControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtDisplayString(PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI NtDuplicateObject(HANDLE,HANDLE,HANDLE,PHANDLE,ACCESS_MASK,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,PHANDLE);
NTSYSAPI NTSTATUS WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
NTSYSAPI NTSTATUS WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtFilterToken(HANDLE,ULONG,TOKEN_GROUPS*,TOKEN_PRIVILEGES*,TOKEN_GROUPS*,HANDLE*);
NTSYSAPI NTSTATUS WINAPI NtFindAtom(const WCHAR*,ULONG,RTL_ATOM*);
NTSYSAPI NTSTATUS WINAPI NtFlushBuffersFile(HANDLE,IO_STATUS_BLOCK*);
NTSYSAPI NTSTATUS WINAPI NtFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
NTSYSAPI NTSTATUS WINAPI NtFlushKey(HANDLE);
NTSYSAPI void WINAPI NtFlushProcessWriteBuffers(void);
NTSYSAPI NTSTATUS WINAPI NtFlushVirtualMemory(HANDLE,LPCVOID*,SIZE_T*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtFlushWriteBuffer(VOID);
NTSYSAPI NTSTATUS WINAPI NtFreeVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtFsControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtGetContextThread(HANDLE,CONTEXT*);
NTSYSAPI ULONG WINAPI NtGetCurrentProcessorNumber(void);
NTSYSAPI NTSTATUS WINAPI NtGetNlsSectionPtr(ULONG,ULONG,void*,void**,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI NtGetPlugPlayEvent(ULONG,ULONG,PVOID,ULONG);
NTSYSAPI ULONG WINAPI NtGetTickCount(VOID);
NTSYSAPI NTSTATUS WINAPI NtGetWriteWatch(HANDLE,ULONG,PVOID,SIZE_T,PVOID*,ULONG_PTR*,ULONG*);
NTSYSAPI NTSTATUS WINAPI NtImpersonateAnonymousToken(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtImpersonateClientOfPort(HANDLE,PPORT_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtImpersonateThread(HANDLE,HANDLE,PSECURITY_QUALITY_OF_SERVICE);
NTSYSAPI NTSTATUS WINAPI NtInitializeRegistry(BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtInitiatePowerAction(POWER_ACTION,SYSTEM_POWER_STATE,ULONG,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtIsProcessInJob(HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtListenPort(HANDLE,PLPC_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtLoadDriver(const UNICODE_STRING *);
NTSYSAPI NTSTATUS WINAPI NtLoadKey(const OBJECT_ATTRIBUTES *,OBJECT_ATTRIBUTES *);
NTSYSAPI NTSTATUS WINAPI NtLockFile(HANDLE,HANDLE,PIO_APC_ROUTINE,void*,PIO_STATUS_BLOCK,PLARGE_INTEGER,PLARGE_INTEGER,ULONG*,BOOLEAN,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtLockVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtMakeTemporaryObject(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtMapViewOfSection(HANDLE,HANDLE,PVOID*,ULONG_PTR,SIZE_T,const LARGE_INTEGER*,SIZE_T*,SECTION_INHERIT,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI NtNotifyChangeDirectoryFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,ULONG,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtNotifyChangeKey(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,BOOLEAN,PVOID,ULONG,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtNotifyChangeMultipleKeys(HANDLE,ULONG,OBJECT_ATTRIBUTES*,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,BOOLEAN,PVOID,ULONG,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtOpenDirectoryObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
NTSYSAPI NTSTATUS WINAPI NtOpenEventPair(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI NtOpenIoCompletion(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenJobObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
NTSYSAPI NTSTATUS WINAPI NtOpenKeyEx(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtOpenKeyTransacted(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtOpenKeyTransactedEx(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtOpenKeyedEvent(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenMutant(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenObjectAuditAlarm(PUNICODE_STRING,PHANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,ACCESS_MASK,PPRIVILEGE_SET,BOOLEAN,BOOLEAN,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtOpenProcess(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
NTSYSAPI NTSTATUS WINAPI NtOpenProcessToken(HANDLE,DWORD,HANDLE *);
NTSYSAPI NTSTATUS WINAPI NtOpenProcessTokenEx(HANDLE,DWORD,DWORD,HANDLE *);
NTSYSAPI NTSTATUS WINAPI NtOpenSection(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenSemaphore(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenSymbolicLinkObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtOpenThread(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
NTSYSAPI NTSTATUS WINAPI NtOpenThreadToken(HANDLE,DWORD,BOOLEAN,HANDLE *);
NTSYSAPI NTSTATUS WINAPI NtOpenThreadTokenEx(HANDLE,DWORD,BOOLEAN,DWORD,HANDLE *);
NTSYSAPI NTSTATUS WINAPI NtOpenTimer(HANDLE*, ACCESS_MASK, const OBJECT_ATTRIBUTES*);
NTSYSAPI NTSTATUS WINAPI NtPowerInformation(POWER_INFORMATION_LEVEL,PVOID,ULONG,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtPrivilegeCheck(HANDLE,PPRIVILEGE_SET,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtPrivilegeObjectAuditAlarm(PUNICODE_STRING,HANDLE,HANDLE,ULONG,PPRIVILEGE_SET,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtPrivilegedServiceAuditAlarm(PUNICODE_STRING,PUNICODE_STRING,HANDLE,PPRIVILEGE_SET,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtProtectVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI NtPulseEvent(HANDLE,LONG*);
NTSYSAPI NTSTATUS WINAPI NtQueueApcThread(HANDLE,PNTAPCFUNC,ULONG_PTR,ULONG_PTR,ULONG_PTR);
NTSYSAPI NTSTATUS WINAPI NtQueryAttributesFile(const OBJECT_ATTRIBUTES*,FILE_BASIC_INFORMATION*);
NTSYSAPI NTSTATUS WINAPI NtQueryDefaultLocale(BOOLEAN,LCID*);
NTSYSAPI NTSTATUS WINAPI NtQueryDefaultUILanguage(LANGID*);
NTSYSAPI NTSTATUS WINAPI NtQueryDirectoryFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,FILE_INFORMATION_CLASS,BOOLEAN,PUNICODE_STRING,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtQueryDirectoryObject(HANDLE,PDIRECTORY_BASIC_INFORMATION,ULONG,BOOLEAN,BOOLEAN,PULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryEaFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,BOOLEAN,PVOID,ULONG,PULONG,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtQueryEvent(HANDLE,EVENT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryFullAttributesFile(const OBJECT_ATTRIBUTES*,FILE_NETWORK_OPEN_INFORMATION*);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationAtom(RTL_ATOM,ATOM_INFORMATION_CLASS,PVOID,ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,LONG,FILE_INFORMATION_CLASS);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationJobObject(HANDLE,JOBOBJECTINFOCLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationPort(HANDLE,PORT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationProcess(HANDLE,PROCESSINFOCLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationThread(HANDLE,THREADINFOCLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryInformationToken(HANDLE,TOKEN_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryInstallUILanguage(LANGID*);
NTSYSAPI NTSTATUS WINAPI NtQueryIntervalProfile(KPROFILE_SOURCE,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryIoCompletion(HANDLE,IO_COMPLETION_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryKey(HANDLE,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
NTSYSAPI NTSTATUS WINAPI NtQueryMultipleValueKey(HANDLE,PKEY_MULTIPLE_VALUE_INFORMATION,ULONG,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryMutant(HANDLE,MUTANT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryOpenSubKeys(POBJECT_ATTRIBUTES,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryPerformanceCounter(PLARGE_INTEGER, PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtQuerySecurityObject(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQuerySection(HANDLE,SECTION_INFORMATION_CLASS,PVOID,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI NtQuerySemaphore(HANDLE,SEMAPHORE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQuerySymbolicLinkObject(HANDLE,PUNICODE_STRING,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQuerySystemEnvironmentValue(PUNICODE_STRING,PWCHAR,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQuerySystemInformationEx(SYSTEM_INFORMATION_CLASS,void*,ULONG,void*,ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI NtQuerySystemTime(PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtQueryTimer(HANDLE,TIMER_INFORMATION_CLASS,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryTimerResolution(PULONG,PULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtQueryValueKey(HANDLE,const UNICODE_STRING *,KEY_VALUE_INFORMATION_CLASS,void *,DWORD,DWORD *);
NTSYSAPI NTSTATUS WINAPI NtQueryLicenseValue(const UNICODE_STRING *,ULONG *,PVOID,ULONG,ULONG *);
NTSYSAPI NTSTATUS WINAPI NtQueryVirtualMemory(HANDLE,LPCVOID,MEMORY_INFORMATION_CLASS,PVOID,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI NtQueryVolumeInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FS_INFORMATION_CLASS);
NTSYSAPI NTSTATUS WINAPI NtRaiseException(PEXCEPTION_RECORD,PCONTEXT,BOOL);
NTSYSAPI NTSTATUS WINAPI NtRaiseHardError(NTSTATUS,ULONG,PUNICODE_STRING,PVOID*,HARDERROR_RESPONSE_OPTION,PHARDERROR_RESPONSE);
NTSYSAPI NTSTATUS WINAPI NtReadFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,PLARGE_INTEGER,PULONG);
NTSYSAPI NTSTATUS WINAPI NtReadFileScatter(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,FILE_SEGMENT_ELEMENT*,ULONG,PLARGE_INTEGER,PULONG);
NTSYSAPI NTSTATUS WINAPI NtReadRequestData(HANDLE,PLPC_MESSAGE,ULONG,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtReadVirtualMemory(HANDLE,const void*,void*,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI NtRegisterThreadTerminatePort(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtReleaseKeyedEvent(HANDLE,const void*,BOOLEAN,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtReleaseMutant(HANDLE,PLONG);
NTSYSAPI NTSTATUS WINAPI NtReleaseSemaphore(HANDLE,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtRemoveIoCompletion(HANDLE,PULONG_PTR,PULONG_PTR,PIO_STATUS_BLOCK,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtRemoveIoCompletionEx(HANDLE,FILE_IO_COMPLETION_INFORMATION*,ULONG,ULONG*,LARGE_INTEGER*,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI NtRemoveProcessDebug(HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtRenameKey(HANDLE,UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI NtReplaceKey(POBJECT_ATTRIBUTES,HANDLE,POBJECT_ATTRIBUTES);
NTSYSAPI NTSTATUS WINAPI NtReplyPort(HANDLE,PLPC_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtReplyWaitReceivePort(HANDLE,PULONG,PLPC_MESSAGE,PLPC_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtReplyWaitReceivePortEx(HANDLE,PVOID*,PPORT_MESSAGE,PPORT_MESSAGE,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI NtReplyWaitReplyPort(HANDLE,PLPC_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtRequestPort(HANDLE,PLPC_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtRequestWaitReplyPort(HANDLE,PLPC_MESSAGE,PLPC_MESSAGE);
NTSYSAPI NTSTATUS WINAPI NtResetEvent(HANDLE,LONG*);
NTSYSAPI NTSTATUS WINAPI NtResetWriteWatch(HANDLE,PVOID,SIZE_T);
NTSYSAPI NTSTATUS WINAPI NtRestoreKey(HANDLE,HANDLE,ULONG);
NTSYSAPI NTSTATUS WINAPI NtResumeProcess(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtResumeThread(HANDLE,PULONG);
NTSYSAPI NTSTATUS WINAPI NtSaveKey(HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSecureConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PSID,PLPC_SECTION_READ,PULONG,PVOID,PULONG);
NTSYSAPI NTSTATUS WINAPI NtSetContextThread(HANDLE,const CONTEXT*);
NTSYSAPI NTSTATUS WINAPI NtSetDefaultHardErrorPort(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSetDefaultLocale(BOOLEAN,LCID);
NTSYSAPI NTSTATUS WINAPI NtSetDefaultUILanguage(LANGID);
NTSYSAPI NTSTATUS WINAPI NtSetEaFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetEvent(HANDLE,LONG*);
NTSYSAPI NTSTATUS WINAPI NtSetHighEventPair(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSetHighWaitLowEventPair(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSetHighWaitLowThread(VOID);
NTSYSAPI NTSTATUS WINAPI NtSetInformationDebugObject(HANDLE,DEBUGOBJECTINFOCLASS,PVOID,ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI NtSetInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FILE_INFORMATION_CLASS);
NTSYSAPI NTSTATUS WINAPI NtSetInformationJobObject(HANDLE,JOBOBJECTINFOCLASS,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetInformationKey(HANDLE,const int,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetInformationProcess(HANDLE,PROCESS_INFORMATION_CLASS,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetInformationThread(HANDLE,THREADINFOCLASS,LPCVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetInformationToken(HANDLE,TOKEN_INFORMATION_CLASS,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetIntervalProfile(ULONG,KPROFILE_SOURCE);
NTSYSAPI NTSTATUS WINAPI NtSetIoCompletion(HANDLE,ULONG_PTR,ULONG_PTR,NTSTATUS,SIZE_T);
NTSYSAPI NTSTATUS WINAPI NtSetLdtEntries(ULONG,LDT_ENTRY,ULONG,LDT_ENTRY);
NTSYSAPI NTSTATUS WINAPI NtSetLowEventPair(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSetLowWaitHighEventPair(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSetLowWaitHighThread(VOID);
NTSYSAPI NTSTATUS WINAPI NtSetPowerRequest(HANDLE,POWER_REQUEST_TYPE);
NTSYSAPI NTSTATUS WINAPI NtSetSecurityObject(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
NTSYSAPI NTSTATUS WINAPI NtSetSystemEnvironmentValue(PUNICODE_STRING,PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI NtSetSystemInformation(SYSTEM_INFORMATION_CLASS,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetSystemPowerState(POWER_ACTION,SYSTEM_POWER_STATE,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetSystemTime(const LARGE_INTEGER*,LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtSetThreadExecutionState(EXECUTION_STATE,EXECUTION_STATE*);
NTSYSAPI NTSTATUS WINAPI NtSetTimer(HANDLE, const LARGE_INTEGER*, PTIMER_APC_ROUTINE, PVOID, BOOLEAN, ULONG, BOOLEAN*);
NTSYSAPI NTSTATUS WINAPI NtSetTimerResolution(ULONG,BOOLEAN,PULONG);
NTSYSAPI NTSTATUS WINAPI NtSetValueKey(HANDLE,const UNICODE_STRING *,ULONG,ULONG,const void *,ULONG);
NTSYSAPI NTSTATUS WINAPI NtSetVolumeInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FS_INFORMATION_CLASS);
NTSYSAPI NTSTATUS WINAPI NtSignalAndWaitForSingleObject(HANDLE,HANDLE,BOOLEAN,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtShutdownSystem(SHUTDOWN_ACTION);
NTSYSAPI NTSTATUS WINAPI NtStartProfile(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtStopProfile(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSuspendProcess(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtSuspendThread(HANDLE,PULONG);
NTSYSAPI NTSTATUS WINAPI NtSystemDebugControl(SYSDBG_COMMAND,PVOID,ULONG,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtTerminateJobObject(HANDLE,NTSTATUS);
NTSYSAPI NTSTATUS WINAPI NtTerminateProcess(HANDLE,LONG);
NTSYSAPI NTSTATUS WINAPI NtTerminateThread(HANDLE,LONG);
NTSYSAPI NTSTATUS WINAPI NtTestAlert(VOID);
NTSYSAPI NTSTATUS WINAPI NtUnloadDriver(const UNICODE_STRING *);
NTSYSAPI NTSTATUS WINAPI NtUnloadKey(POBJECT_ATTRIBUTES);
NTSYSAPI NTSTATUS WINAPI NtUnloadKeyEx(POBJECT_ATTRIBUTES,HANDLE);
NTSYSAPI NTSTATUS WINAPI NtUnlockFile(HANDLE,PIO_STATUS_BLOCK,PLARGE_INTEGER,PLARGE_INTEGER,PULONG);
NTSYSAPI NTSTATUS WINAPI NtUnlockVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
NTSYSAPI NTSTATUS WINAPI NtUnmapViewOfSection(HANDLE,PVOID);
NTSYSAPI NTSTATUS WINAPI NtVdmControl(ULONG,PVOID);
NTSYSAPI NTSTATUS WINAPI NtWaitForDebugEvent(HANDLE,BOOLEAN,LARGE_INTEGER*,DBGUI_WAIT_STATE_CHANGE*);
NTSYSAPI NTSTATUS WINAPI NtWaitForKeyedEvent(HANDLE,const void*,BOOLEAN,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtWaitForSingleObject(HANDLE,BOOLEAN,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtWaitForMultipleObjects(ULONG,const HANDLE*,BOOLEAN,BOOLEAN,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI NtWaitHighEventPair(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtWaitLowEventPair(HANDLE);
NTSYSAPI NTSTATUS WINAPI NtWriteFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,const void*,ULONG,PLARGE_INTEGER,PULONG);
NTSYSAPI NTSTATUS WINAPI NtWriteFileGather(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,FILE_SEGMENT_ELEMENT*,ULONG,PLARGE_INTEGER,PULONG);
NTSYSAPI NTSTATUS WINAPI NtWriteRequestData(HANDLE,PLPC_MESSAGE,ULONG,PVOID,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI NtWriteVirtualMemory(HANDLE,void*,const void*,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI NtYieldExecution(void);
NTSYSAPI NTSTATUS WINAPI RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PULONG);
NTSYSAPI void WINAPI RtlAcquirePebLock(void);
NTSYSAPI BYTE WINAPI RtlAcquireResourceExclusive(LPRTL_RWLOCK,BYTE);
NTSYSAPI BYTE WINAPI RtlAcquireResourceShared(LPRTL_RWLOCK,BYTE);
NTSYSAPI void WINAPI RtlAcquireSRWLockExclusive(RTL_SRWLOCK*);
NTSYSAPI void WINAPI RtlAcquireSRWLockShared(RTL_SRWLOCK*);
NTSYSAPI NTSTATUS WINAPI RtlActivateActivationContext(DWORD,HANDLE,ULONG_PTR*);
NTSYSAPI NTSTATUS WINAPI RtlActivateActivationContextEx(ULONG,TEB*,HANDLE,ULONG_PTR*);
NTSYSAPI NTSTATUS WINAPI RtlAddAce(PACL,DWORD,DWORD,PACE_HEADER,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL,DWORD,DWORD,PSID);
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL,DWORD,DWORD,DWORD,PSID);
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID);
NTSYSAPI NTSTATUS WINAPI RtlAddAccessDeniedAce(PACL,DWORD,DWORD,PSID);
NTSYSAPI NTSTATUS WINAPI RtlAddAccessDeniedAceEx(PACL,DWORD,DWORD,DWORD,PSID);
NTSYSAPI NTSTATUS WINAPI RtlAddAccessDeniedObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID);
NTSYSAPI NTSTATUS WINAPI RtlAddAtomToAtomTable(RTL_ATOM_TABLE,const WCHAR*,RTL_ATOM*);
NTSYSAPI NTSTATUS WINAPI RtlAddAuditAccessAce(PACL,DWORD,DWORD,PSID,BOOL,BOOL);
NTSYSAPI NTSTATUS WINAPI RtlAddAuditAccessAceEx(PACL,DWORD,DWORD,DWORD,PSID,BOOL,BOOL);
NTSYSAPI NTSTATUS WINAPI RtlAddAuditAccessObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID,BOOL,BOOL);
NTSYSAPI NTSTATUS WINAPI RtlAddMandatoryAce(PACL,DWORD,DWORD,DWORD,DWORD,PSID);
NTSYSAPI void WINAPI RtlAddRefActivationContext(HANDLE);
NTSYSAPI PVOID WINAPI RtlAddVectoredExceptionHandler(ULONG,PVECTORED_EXCEPTION_HANDLER);
NTSYSAPI NTSTATUS WINAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlAllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY,BYTE,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,PSID *);
NTSYSAPI RTL_HANDLE * WINAPI RtlAllocateHandle(RTL_HANDLE_TABLE *,ULONG *);
NTSYSAPI PVOID WINAPI RtlAllocateHeap(HANDLE,ULONG,SIZE_T) __WINE_ALLOC_SIZE(3);
NTSYSAPI WCHAR WINAPI RtlAnsiCharToUnicodeChar(LPSTR *);
NTSYSAPI DWORD WINAPI RtlAnsiStringToUnicodeSize(const STRING *);
NTSYSAPI NTSTATUS WINAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlAppendAsciizToString(STRING *,LPCSTR);
NTSYSAPI NTSTATUS WINAPI RtlAppendStringToString(STRING *,const STRING *);
NTSYSAPI NTSTATUS WINAPI RtlAppendUnicodeStringToString(UNICODE_STRING *,const UNICODE_STRING *);
NTSYSAPI NTSTATUS WINAPI RtlAppendUnicodeToString(UNICODE_STRING *,LPCWSTR);
NTSYSAPI BOOLEAN WINAPI RtlAreAllAccessesGranted(ACCESS_MASK,ACCESS_MASK);
NTSYSAPI BOOLEAN WINAPI RtlAreAnyAccessesGranted(ACCESS_MASK,ACCESS_MASK);
NTSYSAPI BOOLEAN WINAPI RtlAreBitsSet(PCRTL_BITMAP,ULONG,ULONG);
NTSYSAPI BOOLEAN WINAPI RtlAreBitsClear(PCRTL_BITMAP,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlCharToInteger(PCSZ,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI RtlCheckRegistryKey(ULONG, PWSTR);
NTSYSAPI void WINAPI RtlClearAllBits(PRTL_BITMAP);
NTSYSAPI void WINAPI RtlClearBits(PRTL_BITMAP,ULONG,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlCreateActivationContext(HANDLE*,const void*);
NTSYSAPI PDEBUG_BUFFER WINAPI RtlCreateQueryDebugBuffer(ULONG,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlCreateRegistryKey(ULONG,PWSTR);
NTSYSAPI ULONG WINAPI RtlCompactHeap(HANDLE,ULONG);
NTSYSAPI LONG WINAPI RtlCompareString(const STRING*,const STRING*,BOOLEAN);
NTSYSAPI LONG WINAPI RtlCompareUnicodeString(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI LONG WINAPI RtlCompareUnicodeStrings(const WCHAR*,SIZE_T,const WCHAR*,SIZE_T,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlCompressBuffer(USHORT,PUCHAR,ULONG,PUCHAR,ULONG,ULONG,PULONG,PVOID);
NTSYSAPI DWORD WINAPI RtlComputeCrc32(DWORD,const BYTE*,INT);
NTSYSAPI NTSTATUS WINAPI RtlConvertSidToUnicodeString(PUNICODE_STRING,PSID,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlConvertToAutoInheritSecurityObject(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*,GUID*,BOOL,PGENERIC_MAPPING);
NTSYSAPI void WINAPI RtlCopyLuid(PLUID,const LUID*);
NTSYSAPI void WINAPI RtlCopyLuidAndAttributesArray(ULONG,const LUID_AND_ATTRIBUTES*,PLUID_AND_ATTRIBUTES);
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD,PSID,PSID);
NTSYSAPI NTSTATUS WINAPI RtlCopySecurityDescriptor(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR);
NTSYSAPI void WINAPI RtlCopyString(STRING*,const STRING*);
NTSYSAPI void WINAPI RtlCopyUnicodeString(UNICODE_STRING*,const UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlCreateAcl(PACL,DWORD,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlCreateAtomTable(ULONG,RTL_ATOM_TABLE*);
NTSYSAPI NTSTATUS WINAPI RtlCreateEnvironment(BOOLEAN, PWSTR*);
NTSYSAPI HANDLE WINAPI RtlCreateHeap(ULONG,PVOID,SIZE_T,SIZE_T,PVOID,PRTL_HEAP_DEFINITION);
NTSYSAPI NTSTATUS WINAPI RtlCreateProcessParameters(RTL_USER_PROCESS_PARAMETERS**,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,PWSTR,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlCreateProcessParametersEx(RTL_USER_PROCESS_PARAMETERS**,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,PWSTR,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlCreateTimerQueue(PHANDLE);
NTSYSAPI NTSTATUS WINAPI RtlCreateTimer(PHANDLE, HANDLE, RTL_WAITORTIMERCALLBACKFUNC, PVOID, DWORD, DWORD, ULONG);
NTSYSAPI BOOLEAN WINAPI RtlCreateUnicodeString(PUNICODE_STRING,LPCWSTR);
NTSYSAPI BOOLEAN WINAPI RtlCreateUnicodeStringFromAsciiz(PUNICODE_STRING,LPCSTR);
NTSYSAPI NTSTATUS WINAPI RtlCreateUserProcess(UNICODE_STRING*,ULONG,RTL_USER_PROCESS_PARAMETERS*,SECURITY_DESCRIPTOR*,SECURITY_DESCRIPTOR*,HANDLE,BOOLEAN,HANDLE,HANDLE,RTL_USER_PROCESS_INFORMATION*);
NTSYSAPI NTSTATUS WINAPI RtlCreateUserThread(HANDLE,SECURITY_DESCRIPTOR*,BOOLEAN,PVOID,SIZE_T,SIZE_T,PRTL_THREAD_START_ROUTINE,void*,HANDLE*,CLIENT_ID*);
NTSYSAPI NTSTATUS WINAPI RtlCreateUserStack(SIZE_T,SIZE_T,ULONG,SIZE_T,SIZE_T,INITIAL_TEB*);
NTSYSAPI NTSTATUS WINAPI RtlCustomCPToUnicodeN(CPTABLEINFO*,WCHAR*,DWORD,DWORD*,const char*,DWORD);
NTSYSAPI void WINAPI RtlDeactivateActivationContext(DWORD,ULONG_PTR);
NTSYSAPI PVOID WINAPI RtlDecodePointer(PVOID);
NTSYSAPI NTSTATUS WINAPI RtlDecompressBuffer(USHORT,PUCHAR,ULONG,PUCHAR,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI RtlDecompressFragment(USHORT,PUCHAR,ULONG,PUCHAR,ULONG,ULONG,PULONG,PVOID);
NTSYSAPI NTSTATUS WINAPI RtlDeleteAce(PACL,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlDeleteAtomFromAtomTable(RTL_ATOM_TABLE,RTL_ATOM);
NTSYSAPI NTSTATUS WINAPI RtlDeleteCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI NTSTATUS WINAPI RtlDeleteRegistryValue(ULONG, PCWSTR, PCWSTR);
NTSYSAPI void WINAPI RtlDeleteResource(LPRTL_RWLOCK);
NTSYSAPI NTSTATUS WINAPI RtlDeleteSecurityObject(PSECURITY_DESCRIPTOR*);
NTSYSAPI NTSTATUS WINAPI RtlDeleteTimer(HANDLE, HANDLE, HANDLE);
NTSYSAPI NTSTATUS WINAPI RtlDeleteTimerQueueEx(HANDLE, HANDLE);
NTSYSAPI PRTL_USER_PROCESS_PARAMETERS WINAPI RtlDeNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS*);
NTSYSAPI NTSTATUS WINAPI RtlDeregisterWait(HANDLE);
NTSYSAPI NTSTATUS WINAPI RtlDeregisterWaitEx(HANDLE,HANDLE);
NTSYSAPI NTSTATUS WINAPI RtlDestroyAtomTable(RTL_ATOM_TABLE);
NTSYSAPI NTSTATUS WINAPI RtlDestroyEnvironment(PWSTR);
NTSYSAPI NTSTATUS WINAPI RtlDestroyHandleTable(RTL_HANDLE_TABLE *);
NTSYSAPI HANDLE WINAPI RtlDestroyHeap(HANDLE);
NTSYSAPI void WINAPI RtlDestroyProcessParameters(RTL_USER_PROCESS_PARAMETERS*);
NTSYSAPI NTSTATUS WINAPI RtlDestroyQueryDebugBuffer(PDEBUG_BUFFER);
NTSYSAPI DOS_PATHNAME_TYPE WINAPI RtlDetermineDosPathNameType_U(PCWSTR);
NTSYSAPI BOOLEAN WINAPI RtlDllShutdownInProgress(void);
NTSYSAPI BOOLEAN WINAPI RtlDoesFileExists_U(LPCWSTR);
NTSYSAPI BOOLEAN WINAPI RtlDosPathNameToNtPathName_U(PCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
NTSYSAPI NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(PCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
NTSYSAPI ULONG WINAPI RtlDosSearchPath_U(LPCWSTR, LPCWSTR, LPCWSTR, ULONG, LPWSTR, LPWSTR*);
NTSYSAPI WCHAR WINAPI RtlDowncaseUnicodeChar(WCHAR);
NTSYSAPI NTSTATUS WINAPI RtlDowncaseUnicodeString(UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI void WINAPI RtlDumpResource(LPRTL_RWLOCK);
NTSYSAPI NTSTATUS WINAPI RtlDuplicateUnicodeString(int,const UNICODE_STRING*,UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlEmptyAtomTable(RTL_ATOM_TABLE,BOOLEAN);
NTSYSAPI PVOID WINAPI RtlEncodePointer(PVOID);
NTSYSAPI NTSTATUS WINAPI RtlEnterCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI void WINAPI RtlEraseUnicodeString(UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlEqualComputerName(const UNICODE_STRING*,const UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlEqualDomainName(const UNICODE_STRING*,const UNICODE_STRING*);
NTSYSAPI BOOLEAN WINAPI RtlEqualLuid(const LUID*,const LUID*);
NTSYSAPI BOOL WINAPI RtlEqualPrefixSid(PSID,PSID);
NTSYSAPI BOOL WINAPI RtlEqualSid(PSID,PSID);
NTSYSAPI BOOLEAN WINAPI RtlEqualString(const STRING*,const STRING*,BOOLEAN);
NTSYSAPI BOOLEAN WINAPI RtlEqualUnicodeString(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI void DECLSPEC_NORETURN WINAPI RtlExitUserProcess(ULONG);
NTSYSAPI void DECLSPEC_NORETURN WINAPI RtlExitUserThread(ULONG);
NTSYSAPI NTSTATUS WINAPI RtlExpandEnvironmentStrings(const WCHAR*,WCHAR*,SIZE_T,WCHAR*,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI RtlExpandEnvironmentStrings_U(PCWSTR, const UNICODE_STRING*, UNICODE_STRING*, ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlFindActivationContextSectionString(ULONG,const GUID*,ULONG,const UNICODE_STRING*,PVOID);
NTSYSAPI NTSTATUS WINAPI RtlFindActivationContextSectionGuid(ULONG,const GUID*,ULONG,const GUID*,PVOID);
NTSYSAPI NTSTATUS WINAPI RtlFindCharInUnicodeString(int,const UNICODE_STRING*,const UNICODE_STRING*,USHORT*);
NTSYSAPI ULONG WINAPI RtlFindClearBits(PCRTL_BITMAP,ULONG,ULONG);
NTSYSAPI ULONG WINAPI RtlFindClearBitsAndSet(PRTL_BITMAP,ULONG,ULONG);
NTSYSAPI ULONG WINAPI RtlFindClearRuns(PCRTL_BITMAP,PRTL_BITMAP_RUN,ULONG,BOOLEAN);
NTSYSAPI ULONG WINAPI RtlFindLastBackwardRunSet(PCRTL_BITMAP,ULONG,PULONG);
NTSYSAPI ULONG WINAPI RtlFindLastBackwardRunClear(PCRTL_BITMAP,ULONG,PULONG);
NTSYSAPI CCHAR WINAPI RtlFindLeastSignificantBit(ULONGLONG);
NTSYSAPI ULONG WINAPI RtlFindLongestRunSet(PCRTL_BITMAP,PULONG);
NTSYSAPI ULONG WINAPI RtlFindLongestRunClear(PCRTL_BITMAP,PULONG);
NTSYSAPI NTSTATUS WINAPI RtlFindMessage(HMODULE,ULONG,ULONG,ULONG,const MESSAGE_RESOURCE_ENTRY**);
NTSYSAPI CCHAR WINAPI RtlFindMostSignificantBit(ULONGLONG);
NTSYSAPI ULONG WINAPI RtlFindNextForwardRunSet(PCRTL_BITMAP,ULONG,PULONG);
NTSYSAPI ULONG WINAPI RtlFindNextForwardRunClear(PCRTL_BITMAP,ULONG,PULONG);
NTSYSAPI ULONG WINAPI RtlFindSetBits(PCRTL_BITMAP,ULONG,ULONG);
NTSYSAPI ULONG WINAPI RtlFindSetBitsAndClear(PRTL_BITMAP,ULONG,ULONG);
NTSYSAPI ULONG WINAPI RtlFindSetRuns(PCRTL_BITMAP,PRTL_BITMAP_RUN,ULONG,BOOLEAN);
NTSYSAPI BOOLEAN WINAPI RtlFirstFreeAce(PACL,PACE_HEADER *);
NTSYSAPI NTSTATUS WINAPI RtlFlsAlloc(PFLS_CALLBACK_FUNCTION,ULONG *);
NTSYSAPI NTSTATUS WINAPI RtlFlsFree(ULONG);
NTSYSAPI NTSTATUS WINAPI RtlFlsGetValue(ULONG,void **);
NTSYSAPI NTSTATUS WINAPI RtlFlsSetValue(ULONG,void *);
NTSYSAPI NTSTATUS WINAPI RtlFormatCurrentUserKeyPath(PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI RtlFormatMessage(LPCWSTR,ULONG,BOOLEAN,BOOLEAN,BOOLEAN,__ms_va_list *,LPWSTR,ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlFormatMessageEx(LPCWSTR,ULONG,BOOLEAN,BOOLEAN,BOOLEAN,__ms_va_list *,LPWSTR,ULONG,ULONG*,ULONG);
NTSYSAPI void WINAPI RtlFreeAnsiString(PANSI_STRING);
NTSYSAPI BOOLEAN WINAPI RtlFreeHandle(RTL_HANDLE_TABLE *,RTL_HANDLE *);
NTSYSAPI BOOLEAN WINAPI RtlFreeHeap(HANDLE,ULONG,PVOID);
NTSYSAPI void WINAPI RtlFreeOemString(POEM_STRING);
NTSYSAPI DWORD WINAPI RtlFreeSid(PSID);
NTSYSAPI void WINAPI RtlFreeThreadActivationContextStack(void);
NTSYSAPI void WINAPI RtlFreeUnicodeString(PUNICODE_STRING);
NTSYSAPI void WINAPI RtlFreeUserStack(void*);
NTSYSAPI NTSTATUS WINAPI RtlGetAce(PACL,DWORD,LPVOID *);
NTSYSAPI NTSTATUS WINAPI RtlGetActiveActivationContext(HANDLE*);
NTSYSAPI NTSTATUS WINAPI RtlGetCompressionWorkSpaceSize(USHORT,PULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI RtlGetControlSecurityDescriptor(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL,LPDWORD);
NTSYSAPI ULONG WINAPI RtlGetCurrentDirectory_U(ULONG, LPWSTR);
NTSYSAPI PEB * WINAPI RtlGetCurrentPeb(void);
NTSYSAPI NTSTATUS WINAPI RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR,PBOOLEAN,PACL *,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlGetExePath(PCWSTR,PWSTR*);
NTSYSAPI TEB_ACTIVE_FRAME * WINAPI RtlGetFrame(void);
NTSYSAPI ULONG WINAPI RtlGetFullPathName_U(PCWSTR,ULONG,PWSTR,PWSTR*);
NTSYSAPI NTSTATUS WINAPI RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID *,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlGetLastNtStatus(void);
NTSYSAPI DWORD WINAPI RtlGetLastWin32Error(void);
NTSYSAPI DWORD WINAPI RtlGetLongestNtPathLength(void);
NTSYSAPI ULONG WINAPI RtlGetNtGlobalFlags(void);
NTSYSAPI BOOLEAN WINAPI RtlGetNtProductType(LPDWORD);
NTSYSAPI NTSTATUS WINAPI RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID *,PBOOLEAN);
NTSYSAPI ULONG WINAPI RtlGetProcessHeaps(ULONG,HANDLE*);
NTSYSAPI NTSTATUS WINAPI RtlGetProcessPreferredUILanguages(DWORD,ULONG*,WCHAR*,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR,PBOOLEAN,PACL *,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlGetSearchPath(PWSTR*);
NTSYSAPI NTSTATUS WINAPI RtlGetSystemPreferredUILanguages(DWORD,ULONG,ULONG*,WCHAR*,ULONG*);
NTSYSAPI LONGLONG WINAPI RtlGetSystemTimePrecise(void);
NTSYSAPI DWORD WINAPI RtlGetThreadErrorMode(void);
NTSYSAPI NTSTATUS WINAPI RtlGetThreadPreferredUILanguages(DWORD,ULONG*,WCHAR*,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlGetUserPreferredUILanguages(DWORD,ULONG,ULONG*,WCHAR*,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlGetVersion(RTL_OSVERSIONINFOEXW*);
NTSYSAPI NTSTATUS WINAPI RtlGUIDFromString(PUNICODE_STRING,GUID*);
NTSYSAPI PSID_IDENTIFIER_AUTHORITY WINAPI RtlIdentifierAuthoritySid(PSID);
NTSYSAPI NTSTATUS WINAPI RtlIdnToAscii(DWORD,const WCHAR*,INT,WCHAR*,INT*);
NTSYSAPI NTSTATUS WINAPI RtlIdnToNameprepUnicode(DWORD,const WCHAR*,INT,WCHAR*,INT*);
NTSYSAPI NTSTATUS WINAPI RtlIdnToUnicode(DWORD,const WCHAR*,INT,WCHAR*,INT*);
NTSYSAPI PVOID WINAPI RtlImageDirectoryEntryToData(HMODULE,BOOL,WORD,ULONG *);
NTSYSAPI PIMAGE_NT_HEADERS WINAPI RtlImageNtHeader(HMODULE);
NTSYSAPI PIMAGE_SECTION_HEADER WINAPI RtlImageRvaToSection(const IMAGE_NT_HEADERS *,HMODULE,DWORD);
NTSYSAPI PVOID WINAPI RtlImageRvaToVa(const IMAGE_NT_HEADERS *,HMODULE,DWORD,IMAGE_SECTION_HEADER **);
NTSYSAPI NTSTATUS WINAPI RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL);
NTSYSAPI void WINAPI RtlInitString(PSTRING,PCSZ);
NTSYSAPI void WINAPI RtlInitAnsiString(PANSI_STRING,PCSZ);
NTSYSAPI NTSTATUS WINAPI RtlInitAnsiStringEx(PANSI_STRING,PCSZ);
NTSYSAPI void WINAPI RtlInitCodePageTable(USHORT*,CPTABLEINFO*);
NTSYSAPI void WINAPI RtlInitNlsTables(USHORT*,USHORT*,USHORT*,NLSTABLEINFO*);
NTSYSAPI void WINAPI RtlInitUnicodeString(PUNICODE_STRING,PCWSTR);
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING,PCWSTR);
NTSYSAPI void WINAPI RtlInitializeBitMap(PRTL_BITMAP,PULONG,ULONG);
NTSYSAPI void WINAPI RtlInitializeConditionVariable(RTL_CONDITION_VARIABLE *);
NTSYSAPI NTSTATUS WINAPI RtlInitializeCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI NTSTATUS WINAPI RtlInitializeCriticalSectionAndSpinCount(RTL_CRITICAL_SECTION *,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlInitializeCriticalSectionEx(RTL_CRITICAL_SECTION *,ULONG,ULONG);
NTSYSAPI void WINAPI RtlInitializeHandleTable(ULONG,ULONG,RTL_HANDLE_TABLE *);
NTSYSAPI void WINAPI RtlInitializeResource(LPRTL_RWLOCK);
NTSYSAPI void WINAPI RtlInitializeSRWLock(RTL_SRWLOCK*);
NTSYSAPI BOOL WINAPI RtlInitializeSid(PSID,PSID_IDENTIFIER_AUTHORITY,BYTE);
NTSYSAPI NTSTATUS WINAPI RtlInt64ToUnicodeString(ULONGLONG,ULONG,UNICODE_STRING *);
NTSYSAPI NTSTATUS WINAPI RtlIntegerToChar(ULONG,ULONG,ULONG,PCHAR);
NTSYSAPI NTSTATUS WINAPI RtlIntegerToUnicodeString(ULONG,ULONG,UNICODE_STRING *);
NTSYSAPI BOOLEAN WINAPI RtlIsActivationContextActive(HANDLE);
NTSYSAPI BOOL WINAPI RtlIsCriticalSectionLocked(RTL_CRITICAL_SECTION *);
NTSYSAPI BOOL WINAPI RtlIsCriticalSectionLockedByThread(RTL_CRITICAL_SECTION *);
NTSYSAPI ULONG WINAPI RtlIsDosDeviceName_U(PCWSTR);
NTSYSAPI BOOLEAN WINAPI RtlIsNameLegalDOS8Dot3(const UNICODE_STRING*,POEM_STRING,PBOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlIsNormalizedString(ULONG,const WCHAR*,INT,BOOLEAN*);
NTSYSAPI BOOLEAN WINAPI RtlIsProcessorFeaturePresent(UINT);
NTSYSAPI BOOLEAN WINAPI RtlIsTextUnicode(LPCVOID,INT,INT *);
NTSYSAPI BOOLEAN WINAPI RtlIsValidHandle(const RTL_HANDLE_TABLE *, const RTL_HANDLE *);
NTSYSAPI BOOLEAN WINAPI RtlIsValidIndexHandle(const RTL_HANDLE_TABLE *, ULONG Index, RTL_HANDLE **);
NTSYSAPI NTSTATUS WINAPI RtlLeaveCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI DWORD WINAPI RtlLengthRequiredSid(DWORD);
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR);
NTSYSAPI DWORD WINAPI RtlLengthSid(PSID);
NTSYSAPI NTSTATUS WINAPI RtlLocalTimeToSystemTime(const LARGE_INTEGER*,PLARGE_INTEGER);
NTSYSAPI NTSTATUS WINAPI RtlLocaleNameToLcid(const WCHAR*,LCID*,ULONG);
NTSYSAPI BOOLEAN WINAPI RtlLockHeap(HANDLE);
NTSYSAPI NTSTATUS WINAPI RtlLookupAtomInAtomTable(RTL_ATOM_TABLE,const WCHAR*,RTL_ATOM*);
NTSYSAPI NTSTATUS WINAPI RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,LPDWORD);
NTSYSAPI void WINAPI RtlMapGenericMask(PACCESS_MASK,const GENERIC_MAPPING*);
NTSYSAPI NTSTATUS WINAPI RtlMultiByteToUnicodeN(LPWSTR,DWORD,LPDWORD,LPCSTR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlMultiByteToUnicodeSize(DWORD*,LPCSTR,UINT);
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObject(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*,BOOLEAN,HANDLE,PGENERIC_MAPPING);
NTSYSAPI PRTL_USER_PROCESS_PARAMETERS WINAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS*);
NTSYSAPI NTSTATUS WINAPI RtlNormalizeString(ULONG,const WCHAR*,INT,WCHAR*,INT*);
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS);
NTSYSAPI ULONG WINAPI RtlNtStatusToDosErrorNoTeb(NTSTATUS);
NTSYSAPI ULONG WINAPI RtlNumberOfSetBits(PCRTL_BITMAP);
NTSYSAPI ULONG WINAPI RtlNumberOfClearBits(PCRTL_BITMAP);
NTSYSAPI UINT WINAPI RtlOemStringToUnicodeSize(const STRING*);
NTSYSAPI NTSTATUS WINAPI RtlOemStringToUnicodeString(UNICODE_STRING*,const STRING*,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlOemToUnicodeN(LPWSTR,DWORD,LPDWORD,LPCSTR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlOpenCurrentUser(ACCESS_MASK,PHANDLE);
NTSYSAPI PVOID WINAPI RtlPcToFileHeader(PVOID,PVOID*);
NTSYSAPI NTSTATUS WINAPI RtlPinAtomInAtomTable(RTL_ATOM_TABLE,RTL_ATOM);
NTSYSAPI void WINAPI RtlPopFrame(TEB_ACTIVE_FRAME*);
NTSYSAPI BOOLEAN WINAPI RtlPrefixString(const STRING*,const STRING*,BOOLEAN);
NTSYSAPI BOOLEAN WINAPI RtlPrefixUnicodeString(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI void WINAPI RtlProcessFlsData(void*,ULONG);
NTSYSAPI void WINAPI RtlPushFrame(TEB_ACTIVE_FRAME*);
NTSYSAPI NTSTATUS WINAPI RtlQueryActivationContextApplicationSettings(DWORD,HANDLE,const WCHAR*,const WCHAR*,WCHAR*,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI RtlQueryAtomInAtomTable(RTL_ATOM_TABLE,RTL_ATOM,ULONG*,ULONG*,WCHAR*,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlQueryDynamicTimeZoneInformation(RTL_DYNAMIC_TIME_ZONE_INFORMATION*);
NTSYSAPI NTSTATUS WINAPI RtlQueryEnvironmentVariable(WCHAR*,const WCHAR*,SIZE_T,WCHAR*,SIZE_T,SIZE_T*);
NTSYSAPI NTSTATUS WINAPI RtlQueryEnvironmentVariable_U(PWSTR,PUNICODE_STRING,PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI RtlQueryHeapInformation(HANDLE,HEAP_INFORMATION_CLASS,PVOID,SIZE_T,PSIZE_T);
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationActivationContext(ULONG,HANDLE,PVOID,ULONG,PVOID,SIZE_T,SIZE_T*);
NTSYSAPI BOOL WINAPI RtlQueryPerformanceCounter(LARGE_INTEGER*);
NTSYSAPI BOOL WINAPI RtlQueryPerformanceFrequency(LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI RtlQueryProcessDebugInformation(ULONG,ULONG,PDEBUG_BUFFER);
NTSYSAPI NTSTATUS WINAPI RtlQueryRegistryValues(ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE, PVOID, PVOID);
NTSYSAPI NTSTATUS WINAPI RtlQueryTimeZoneInformation(RTL_TIME_ZONE_INFORMATION*);
NTSYSAPI BOOL WINAPI RtlQueryUnbiasedInterruptTime(ULONGLONG*);
NTSYSAPI NTSTATUS WINAPI RtlQueueWorkItem(PRTL_WORK_ITEM_ROUTINE,PVOID,ULONG);
NTSYSAPI void WINAPI RtlRaiseException(PEXCEPTION_RECORD);
NTSYSAPI void WINAPI RtlRaiseStatus(NTSTATUS);
NTSYSAPI ULONG WINAPI RtlRandom(PULONG);
NTSYSAPI PVOID WINAPI RtlReAllocateHeap(HANDLE,ULONG,PVOID,SIZE_T);
NTSYSAPI NTSTATUS WINAPI RtlRegisterWait(PHANDLE,HANDLE,RTL_WAITORTIMERCALLBACKFUNC,PVOID,ULONG,ULONG);
NTSYSAPI void WINAPI RtlReleaseActivationContext(HANDLE);
NTSYSAPI void WINAPI RtlReleasePath(PWSTR);
NTSYSAPI void WINAPI RtlReleasePebLock(void);
NTSYSAPI void WINAPI RtlReleaseResource(LPRTL_RWLOCK);
NTSYSAPI void WINAPI RtlReleaseSRWLockExclusive(RTL_SRWLOCK*);
NTSYSAPI void WINAPI RtlReleaseSRWLockShared(RTL_SRWLOCK*);
NTSYSAPI ULONG WINAPI RtlRemoveVectoredExceptionHandler(PVOID);
NTSYSAPI void WINAPI RtlResetRtlTranslations(const NLSTABLEINFO*);
NTSYSAPI void WINAPI RtlRestoreLastWin32Error(DWORD);
NTSYSAPI void WINAPI RtlSecondsSince1970ToTime(DWORD,LARGE_INTEGER *);
NTSYSAPI void WINAPI RtlSecondsSince1980ToTime(DWORD,LARGE_INTEGER *);
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PDWORD,PACL,PDWORD,PACL,PDWORD,PSID,PDWORD,PSID,PDWORD);
NTSYSAPI void WINAPI RtlSetAllBits(PRTL_BITMAP);
NTSYSAPI void WINAPI RtlSetBits(PRTL_BITMAP,ULONG,ULONG);
NTSYSAPI ULONG WINAPI RtlSetCriticalSectionSpinCount(RTL_CRITICAL_SECTION*,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlSetControlSecurityDescriptor(PSECURITY_DESCRIPTOR,SECURITY_DESCRIPTOR_CONTROL,SECURITY_DESCRIPTOR_CONTROL);
NTSYSAPI NTSTATUS WINAPI RtlSetCurrentDirectory_U(const UNICODE_STRING*);
NTSYSAPI void WINAPI RtlSetCurrentEnvironment(PWSTR, PWSTR*);
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR,BOOLEAN,PACL,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlSetEnvironmentVariable(PWSTR*,PUNICODE_STRING,PUNICODE_STRING);
NTSYSAPI NTSTATUS WINAPI RtlSetHeapInformation(HANDLE,HEAP_INFORMATION_CLASS,PVOID,SIZE_T);
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlSetIoCompletionCallback(HANDLE,PRTL_OVERLAPPED_COMPLETION_ROUTINE,ULONG);
NTSYSAPI void WINAPI RtlSetLastWin32Error(DWORD);
NTSYSAPI void WINAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS);
NTSYSAPI NTSTATUS WINAPI RtlSetProcessPreferredUILanguages(DWORD,PCZZWSTR,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR,BOOLEAN,PACL,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlSetSearchPathMode(ULONG);
NTSYSAPI NTSTATUS WINAPI RtlSetThreadErrorMode(DWORD,LPDWORD);
NTSYSAPI NTSTATUS WINAPI RtlSetThreadPreferredUILanguages(DWORD,PCZZWSTR,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlSetTimeZoneInformation(const RTL_TIME_ZONE_INFORMATION*);
NTSYSAPI void WINAPI RtlSetUnhandledExceptionFilter(PRTL_EXCEPTION_FILTER);
NTSYSAPI SIZE_T WINAPI RtlSizeHeap(HANDLE,ULONG,const void*);
NTSYSAPI NTSTATUS WINAPI RtlSleepConditionVariableCS(RTL_CONDITION_VARIABLE*,RTL_CRITICAL_SECTION*,const LARGE_INTEGER*);
NTSYSAPI NTSTATUS WINAPI RtlSleepConditionVariableSRW(RTL_CONDITION_VARIABLE*,RTL_SRWLOCK*,const LARGE_INTEGER*,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlStringFromGUID(REFGUID,PUNICODE_STRING);
NTSYSAPI LPDWORD WINAPI RtlSubAuthoritySid(PSID,DWORD);
NTSYSAPI LPBYTE WINAPI RtlSubAuthorityCountSid(PSID);
NTSYSAPI NTSTATUS WINAPI RtlSystemTimeToLocalTime(const LARGE_INTEGER*,PLARGE_INTEGER);
NTSYSAPI void WINAPI RtlTimeToTimeFields(const LARGE_INTEGER*,PTIME_FIELDS);
NTSYSAPI BOOLEAN WINAPI RtlTimeFieldsToTime(PTIME_FIELDS,PLARGE_INTEGER);
NTSYSAPI void WINAPI RtlTimeToElapsedTimeFields(const LARGE_INTEGER *,PTIME_FIELDS);
NTSYSAPI BOOLEAN WINAPI RtlTimeToSecondsSince1970(const LARGE_INTEGER *,LPDWORD);
NTSYSAPI BOOLEAN WINAPI RtlTimeToSecondsSince1980(const LARGE_INTEGER *,LPDWORD);
NTSYSAPI BOOLEAN WINAPI RtlTryAcquireSRWLockExclusive(RTL_SRWLOCK *);
NTSYSAPI BOOLEAN WINAPI RtlTryAcquireSRWLockShared(RTL_SRWLOCK *);
NTSYSAPI BOOL WINAPI RtlTryEnterCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI NTSTATUS WINAPI RtlUTF8ToUnicodeN(WCHAR*,DWORD,DWORD*,const char*,DWORD);
NTSYSAPI ULONGLONG __cdecl RtlUlonglongByteSwap(ULONGLONG);
NTSYSAPI DWORD WINAPI RtlUnicodeStringToAnsiSize(const UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeStringToAnsiString(PANSI_STRING,PCUNICODE_STRING,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeStringToInteger(const UNICODE_STRING *,ULONG,ULONG *);
NTSYSAPI DWORD WINAPI RtlUnicodeStringToOemSize(const UNICODE_STRING*);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeStringToOemString(POEM_STRING,PCUNICODE_STRING,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToCustomCPN(CPTABLEINFO*,char*,DWORD,DWORD*,const WCHAR*,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToMultiByteN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToMultiByteSize(PULONG,PCWSTR,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToOemN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToUTF8N(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
NTSYSAPI ULONG WINAPI RtlUniform(PULONG);
NTSYSAPI BOOLEAN WINAPI RtlUnlockHeap(HANDLE);
NTSYSAPI void WINAPI RtlUnwind(PVOID,PVOID,PEXCEPTION_RECORD,PVOID);
#ifdef __x86_64__
NTSYSAPI void WINAPI RtlUnwindEx(PVOID,PVOID,PEXCEPTION_RECORD,PVOID,PCONTEXT,PUNWIND_HISTORY_TABLE);
#elif defined(__ia64__)
NTSYSAPI void WINAPI RtlUnwind2(FRAME_POINTERS,PVOID,PEXCEPTION_RECORD,PVOID,PCONTEXT);
NTSYSAPI void WINAPI RtlUnwindEx(FRAME_POINTERS,PVOID,PEXCEPTION_RECORD,PVOID,PCONTEXT,PUNWIND_HISTORY_TABLE);
#endif
NTSYSAPI WCHAR WINAPI RtlUpcaseUnicodeChar(WCHAR);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeString(UNICODE_STRING*,const UNICODE_STRING *,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeStringToAnsiString(STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeStringToCountedOemString(STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeStringToOemString(STRING*,const UNICODE_STRING*,BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeToCustomCPN(CPTABLEINFO*,char*,DWORD,DWORD*,const WCHAR*,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeToMultiByteN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeToOemN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
NTSYSAPI NTSTATUS WINAPI RtlUpdateTimer(HANDLE, HANDLE, DWORD, DWORD);
NTSYSAPI CHAR WINAPI RtlUpperChar(CHAR);
NTSYSAPI void WINAPI RtlUpperString(STRING *,const STRING *);
NTSYSAPI void WINAPI RtlUserThreadStart(PRTL_THREAD_START_ROUTINE,void*);
NTSYSAPI NTSTATUS WINAPI RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR);
NTSYSAPI BOOLEAN WINAPI RtlValidRelativeSecurityDescriptor(PSECURITY_DESCRIPTOR,ULONG,SECURITY_INFORMATION);
NTSYSAPI BOOLEAN WINAPI RtlValidAcl(PACL);
NTSYSAPI BOOLEAN WINAPI RtlValidSid(PSID);
NTSYSAPI BOOLEAN WINAPI RtlValidateHeap(HANDLE,ULONG,LPCVOID);
NTSYSAPI NTSTATUS WINAPI RtlVerifyVersionInfo(const RTL_OSVERSIONINFOEXW*,DWORD,DWORDLONG);
NTSYSAPI NTSTATUS WINAPI RtlWaitOnAddress(const void *,const void *,SIZE_T,const LARGE_INTEGER *);
NTSYSAPI void WINAPI RtlWakeAddressAll(const void *);
NTSYSAPI void WINAPI RtlWakeAddressSingle(const void *);
NTSYSAPI void WINAPI RtlWakeAllConditionVariable(RTL_CONDITION_VARIABLE *);
NTSYSAPI void WINAPI RtlWakeConditionVariable(RTL_CONDITION_VARIABLE *);
NTSYSAPI NTSTATUS WINAPI RtlWalkHeap(HANDLE,PVOID);
NTSYSAPI NTSTATUS WINAPI RtlWow64EnableFsRedirection(BOOLEAN);
NTSYSAPI NTSTATUS WINAPI RtlWow64EnableFsRedirectionEx(ULONG,ULONG*);
#ifdef __x86_64__
NTSYSAPI NTSTATUS WINAPI RtlWow64GetThreadContext(HANDLE, WOW64_CONTEXT *);
NTSYSAPI NTSTATUS WINAPI RtlWow64SetThreadContext(HANDLE, const WOW64_CONTEXT *);
#endif
NTSYSAPI NTSTATUS WINAPI RtlWriteRegistryValue(ULONG,PCWSTR,PCWSTR,ULONG,PVOID,ULONG);
NTSYSAPI NTSTATUS WINAPI RtlZombifyActivationContext(HANDLE);
NTSYSAPI NTSTATUS WINAPI RtlpNtCreateKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,PULONG);
NTSYSAPI NTSTATUS WINAPI RtlpNtEnumerateSubKey(HANDLE,UNICODE_STRING *, ULONG);
NTSYSAPI NTSTATUS WINAPI RtlpWaitForCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI NTSTATUS WINAPI RtlpUnWaitCriticalSection(RTL_CRITICAL_SECTION *);
NTSYSAPI NTSTATUS WINAPI vDbgPrintEx(ULONG,ULONG,LPCSTR,__ms_va_list);
NTSYSAPI NTSTATUS WINAPI vDbgPrintExWithPrefix(LPCSTR,ULONG,ULONG,LPCSTR,__ms_va_list);
#if defined(__x86_64__) || defined(__i386__)
NTSYSAPI NTSTATUS WINAPI RtlCopyExtendedContext(CONTEXT_EX*,ULONG,CONTEXT_EX*);
NTSYSAPI NTSTATUS WINAPI RtlInitializeExtendedContext(void*,ULONG,CONTEXT_EX**);
NTSYSAPI NTSTATUS WINAPI RtlInitializeExtendedContext2(void*,ULONG,CONTEXT_EX**,ULONG64);
NTSYSAPI ULONG64 WINAPI RtlGetEnabledExtendedFeatures(ULONG64);
NTSYSAPI NTSTATUS WINAPI RtlGetExtendedContextLength(ULONG,ULONG*);
NTSYSAPI NTSTATUS WINAPI RtlGetExtendedContextLength2(ULONG,ULONG*,ULONG64);
NTSYSAPI void * WINAPI RtlLocateLegacyContext(CONTEXT_EX*,ULONG*);
NTSYSAPI void * WINAPI RtlLocateExtendedFeature(CONTEXT_EX*,ULONG,ULONG*);
NTSYSAPI void * WINAPI RtlLocateExtendedFeature2(CONTEXT_EX*,ULONG,XSTATE_CONFIGURATION*,ULONG*);
NTSYSAPI ULONG64 WINAPI RtlGetExtendedFeaturesMask(CONTEXT_EX*);
NTSYSAPI void WINAPI RtlSetExtendedFeaturesMask(CONTEXT_EX*,ULONG64);
#endif
#ifndef __WINE_USE_MSVCRT
NTSYSAPI int __cdecl _strnicmp(LPCSTR,LPCSTR,size_t);
#endif
/* 32-bit only functions */
#ifndef _WIN64
NTSYSAPI LONGLONG WINAPI RtlConvertLongToLargeInteger(LONG);
NTSYSAPI ULONGLONG WINAPI RtlConvertUlongToLargeInteger(ULONG);
NTSYSAPI LONGLONG WINAPI RtlEnlargedIntegerMultiply(INT,INT);
NTSYSAPI ULONGLONG WINAPI RtlEnlargedUnsignedMultiply(UINT,UINT);
NTSYSAPI UINT WINAPI RtlEnlargedUnsignedDivide(ULONGLONG,UINT,UINT *);
NTSYSAPI LONGLONG WINAPI RtlExtendedMagicDivide(LONGLONG,LONGLONG,INT);
NTSYSAPI LONGLONG WINAPI RtlExtendedIntegerMultiply(LONGLONG,INT);
NTSYSAPI LONGLONG WINAPI RtlExtendedLargeIntegerDivide(LONGLONG,INT,INT *);
NTSYSAPI LONGLONG WINAPI RtlInterlockedCompareExchange64(LONGLONG*,LONGLONG,LONGLONG);
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerAdd(LONGLONG,LONGLONG);
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerArithmeticShift(LONGLONG,INT);
NTSYSAPI ULONGLONG WINAPI RtlLargeIntegerDivide( ULONGLONG,ULONGLONG,ULONGLONG *);
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerNegate(LONGLONG);
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerShiftLeft(LONGLONG,INT);
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerShiftRight(LONGLONG,INT);
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerSubtract(LONGLONG,LONGLONG);
NTSYSAPI NTSTATUS WINAPI RtlLargeIntegerToChar(const ULONGLONG *,ULONG,ULONG,PCHAR);
#endif
/* Threadpool functions */
NTSYSAPI NTSTATUS WINAPI TpAllocCleanupGroup(TP_CLEANUP_GROUP **);
NTSYSAPI NTSTATUS WINAPI TpAllocIoCompletion(TP_IO **,HANDLE,PTP_IO_CALLBACK,void *,TP_CALLBACK_ENVIRON *);
NTSYSAPI NTSTATUS WINAPI TpAllocPool(TP_POOL **,PVOID);
NTSYSAPI NTSTATUS WINAPI TpAllocTimer(TP_TIMER **,PTP_TIMER_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
NTSYSAPI NTSTATUS WINAPI TpAllocWait(TP_WAIT **,PTP_WAIT_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
NTSYSAPI NTSTATUS WINAPI TpAllocWork(TP_WORK **,PTP_WORK_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
NTSYSAPI void WINAPI TpCallbackLeaveCriticalSectionOnCompletion(TP_CALLBACK_INSTANCE *,RTL_CRITICAL_SECTION *);
NTSYSAPI NTSTATUS WINAPI TpCallbackMayRunLong(TP_CALLBACK_INSTANCE *);
NTSYSAPI void WINAPI TpCallbackReleaseMutexOnCompletion(TP_CALLBACK_INSTANCE *,HANDLE);
NTSYSAPI void WINAPI TpCallbackReleaseSemaphoreOnCompletion(TP_CALLBACK_INSTANCE *,HANDLE,DWORD);
NTSYSAPI void WINAPI TpCallbackSetEventOnCompletion(TP_CALLBACK_INSTANCE *,HANDLE);
NTSYSAPI void WINAPI TpCallbackUnloadDllOnCompletion(TP_CALLBACK_INSTANCE *,HMODULE);
NTSYSAPI void WINAPI TpCancelAsyncIoOperation(TP_IO *);
NTSYSAPI void WINAPI TpDisassociateCallback(TP_CALLBACK_INSTANCE *);
NTSYSAPI BOOL WINAPI TpIsTimerSet(TP_TIMER *);
NTSYSAPI void WINAPI TpPostWork(TP_WORK *);
NTSYSAPI NTSTATUS WINAPI TpQueryPoolStackInformation(TP_POOL *, TP_POOL_STACK_INFORMATION *stack_info);
NTSYSAPI void WINAPI TpReleaseCleanupGroup(TP_CLEANUP_GROUP *);
NTSYSAPI void WINAPI TpReleaseCleanupGroupMembers(TP_CLEANUP_GROUP *,BOOL,PVOID);
NTSYSAPI void WINAPI TpReleaseIoCompletion(TP_IO *);
NTSYSAPI void WINAPI TpReleasePool(TP_POOL *);
NTSYSAPI void WINAPI TpReleaseTimer(TP_TIMER *);
NTSYSAPI void WINAPI TpReleaseWait(TP_WAIT *);
NTSYSAPI void WINAPI TpReleaseWork(TP_WORK *);
NTSYSAPI void WINAPI TpSetPoolMaxThreads(TP_POOL *,DWORD);
NTSYSAPI BOOL WINAPI TpSetPoolMinThreads(TP_POOL *,DWORD);
NTSYSAPI NTSTATUS WINAPI TpSetPoolStackInformation(TP_POOL *, TP_POOL_STACK_INFORMATION *stack_info);
NTSYSAPI void WINAPI TpSetTimer(TP_TIMER *, LARGE_INTEGER *,LONG,LONG);
NTSYSAPI void WINAPI TpSetWait(TP_WAIT *,HANDLE,LARGE_INTEGER *);
NTSYSAPI NTSTATUS WINAPI TpSimpleTryPost(PTP_SIMPLE_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
NTSYSAPI void WINAPI TpStartAsyncIoOperation(TP_IO *);
NTSYSAPI void WINAPI TpWaitForIoCompletion(TP_IO *,BOOL);
NTSYSAPI void WINAPI TpWaitForTimer(TP_TIMER *,BOOL);
NTSYSAPI void WINAPI TpWaitForWait(TP_WAIT *,BOOL);
NTSYSAPI void WINAPI TpWaitForWork(TP_WORK *,BOOL);
/* Wine internal functions */
NTSYSAPI NTSTATUS CDECL wine_nt_to_unix_file_name( const UNICODE_STRING *nameW, char *nameA, SIZE_T *size,
UINT disposition );
NTSYSAPI NTSTATUS CDECL wine_unix_to_nt_file_name( const char *name, WCHAR *buffer, SIZE_T *size );
/***********************************************************************
* Inline functions
*/
#define InitializeObjectAttributes(p,n,a,r,s) \
do { \
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
(p)->RootDirectory = r; \
(p)->Attributes = a; \
(p)->ObjectName = n; \
(p)->SecurityDescriptor = s; \
(p)->SecurityQualityOfService = NULL; \
} while (0)
#define NtCurrentProcess() ((HANDLE)-1)
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
#define RtlStoreUlong(p,v) do { ULONG _v = (v); memcpy((p), &_v, sizeof(_v)); } while (0)
#define RtlStoreUlonglong(p,v) do { ULONGLONG _v = (v); memcpy((p), &_v, sizeof(_v)); } while (0)
#define RtlRetrieveUlong(p,s) memcpy((p), (s), sizeof(ULONG))
#define RtlRetrieveUlonglong(p,s) memcpy((p), (s), sizeof(ULONGLONG))
#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
static inline BOOLEAN RtlCheckBit(PCRTL_BITMAP lpBits, ULONG ulBit)
{
if (lpBits && ulBit < lpBits->SizeOfBitMap &&
lpBits->Buffer[ulBit >> 5] & (1 << (ulBit & 31)))
return TRUE;
return FALSE;
}
/* These are implemented as __fastcall, so we can't let Winelib apps link with them */
static inline USHORT RtlUshortByteSwap(USHORT s)
{
return (s >> 8) | (s << 8);
}
static inline ULONG RtlUlongByteSwap(ULONG i)
{
#if defined(__i386__) && defined(__GNUC__)
ULONG ret;
__asm__("bswap %0" : "=r" (ret) : "0" (i) );
return ret;
#else
return ((ULONG)RtlUshortByteSwap((USHORT)i) << 16) | RtlUshortByteSwap((USHORT)(i >> 16));
#endif
}
/* list manipulation macros */
#define InitializeListHead(le) (void)((le)->Flink = (le)->Blink = (le))
#define InsertHeadList(le,e) do { PLIST_ENTRY f = (le)->Flink; (e)->Flink = f; (e)->Blink = (le); f->Blink = (e); (le)->Flink = (e); } while (0)
#define InsertTailList(le,e) do { PLIST_ENTRY b = (le)->Blink; (e)->Flink = (le); (e)->Blink = b; b->Flink = (e); (le)->Blink = (e); } while (0)
#define IsListEmpty(le) ((le)->Flink == (le))
#define RemoveEntryList(e) do { PLIST_ENTRY f = (e)->Flink, b = (e)->Blink; f->Blink = b; b->Flink = f; (e)->Flink = (e)->Blink = NULL; } while (0)
static inline PLIST_ENTRY RemoveHeadList(PLIST_ENTRY le)
{
PLIST_ENTRY f, b, e;
e = le->Flink;
f = le->Flink->Flink;
b = le->Flink->Blink;
f->Blink = b;
b->Flink = f;
if (e != le) e->Flink = e->Blink = NULL;
return e;
}
static inline PLIST_ENTRY RemoveTailList(PLIST_ENTRY le)
{
PLIST_ENTRY f, b, e;
e = le->Blink;
f = le->Blink->Flink;
b = le->Blink->Blink;
f->Blink = b;
b->Flink = f;
if (e != le) e->Flink = e->Blink = NULL;
return e;
}
#ifdef __WINESRC__
/* Wine internal functions */
extern NTSTATUS CDECL __wine_init_unix_lib( HMODULE module, DWORD reason, const void *ptr_in, void *ptr_out );
/* The thread information for 16-bit threads */
/* NtCurrentTeb()->SubSystemTib points to this */
typedef struct
{
void *unknown; /* 00 unknown */
UNICODE_STRING *exe_name; /* 04 exe module name */
/* the following fields do not exist under Windows */
UNICODE_STRING exe_str; /* exe name string pointed to by exe_name */
CURDIR curdir; /* current directory */
WCHAR curdir_buffer[MAX_PATH];
} WIN16_SUBSYSTEM_TIB;
#endif /* __WINESRC__ */
#ifdef __cplusplus
} /* extern "C" */
#endif /* defined(__cplusplus) */
#endif /* __WINE_WINTERNL_H */