4672 lines
208 KiB
C
4672 lines
208 KiB
C
/*
|
|
* Internal NT APIs and data structures
|
|
*
|
|
* Copyright (C) the Wine project
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Lesser General Public
|
|
* License as published by the Free Software Foundation; either
|
|
* version 2.1 of the License, or (at your option) any later version.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Lesser General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Lesser General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA
|
|
*/
|
|
|
|
#ifndef __WINE_WINTERNL_H
|
|
#define __WINE_WINTERNL_H
|
|
|
|
#include <ntdef.h>
|
|
#include <windef.h>
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif /* defined(__cplusplus) */
|
|
|
|
|
|
/**********************************************************************
|
|
* Fundamental types and data structures
|
|
*/
|
|
|
|
#ifndef WINE_NTSTATUS_DECLARED
|
|
#define WINE_NTSTATUS_DECLARED
|
|
typedef LONG NTSTATUS;
|
|
#endif
|
|
|
|
typedef const char *PCSZ;
|
|
|
|
typedef short CSHORT;
|
|
typedef CSHORT *PCSHORT;
|
|
|
|
#ifndef __STRING_DEFINED__
|
|
#define __STRING_DEFINED__
|
|
typedef struct _STRING {
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
PCHAR Buffer;
|
|
} STRING, *PSTRING;
|
|
#endif
|
|
|
|
typedef STRING ANSI_STRING;
|
|
typedef PSTRING PANSI_STRING;
|
|
typedef const STRING *PCANSI_STRING;
|
|
|
|
typedef STRING OEM_STRING;
|
|
typedef PSTRING POEM_STRING;
|
|
typedef const STRING *PCOEM_STRING;
|
|
|
|
#ifndef __UNICODE_STRING_DEFINED__
|
|
#define __UNICODE_STRING_DEFINED__
|
|
typedef struct _UNICODE_STRING {
|
|
USHORT Length; /* bytes */
|
|
USHORT MaximumLength; /* bytes */
|
|
PWSTR Buffer;
|
|
} UNICODE_STRING, *PUNICODE_STRING;
|
|
#endif
|
|
|
|
typedef const UNICODE_STRING *PCUNICODE_STRING;
|
|
|
|
#ifndef _FILETIME_
|
|
#define _FILETIME_
|
|
/* 64 bit number of 100 nanoseconds intervals since January 1, 1601 */
|
|
typedef struct _FILETIME
|
|
{
|
|
#ifdef WORDS_BIGENDIAN
|
|
DWORD dwHighDateTime;
|
|
DWORD dwLowDateTime;
|
|
#else
|
|
DWORD dwLowDateTime;
|
|
DWORD dwHighDateTime;
|
|
#endif
|
|
} FILETIME, *PFILETIME, *LPFILETIME;
|
|
#endif /* _FILETIME_ */
|
|
|
|
/*
|
|
* RTL_SYSTEM_TIME and RTL_TIME_ZONE_INFORMATION are the same as
|
|
* the SYSTEMTIME and TIME_ZONE_INFORMATION structures defined
|
|
* in winbase.h, however we need to define them separately so
|
|
* winternl.h doesn't depend on winbase.h. They are used by
|
|
* RtlQueryTimeZoneInformation and RtlSetTimeZoneInformation.
|
|
* The names are guessed; if anybody knows the real names, let me know.
|
|
*/
|
|
typedef struct _RTL_SYSTEM_TIME {
|
|
WORD wYear;
|
|
WORD wMonth;
|
|
WORD wDayOfWeek;
|
|
WORD wDay;
|
|
WORD wHour;
|
|
WORD wMinute;
|
|
WORD wSecond;
|
|
WORD wMilliseconds;
|
|
} RTL_SYSTEM_TIME, *PRTL_SYSTEM_TIME;
|
|
|
|
typedef struct _RTL_TIME_ZONE_INFORMATION {
|
|
LONG Bias;
|
|
WCHAR StandardName[32];
|
|
RTL_SYSTEM_TIME StandardDate;
|
|
LONG StandardBias;
|
|
WCHAR DaylightName[32];
|
|
RTL_SYSTEM_TIME DaylightDate;
|
|
LONG DaylightBias;
|
|
} RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION;
|
|
|
|
typedef struct _RTL_TIME_DYNAMIC_ZONE_INFORMATION
|
|
{
|
|
LONG Bias;
|
|
WCHAR StandardName[32];
|
|
RTL_SYSTEM_TIME StandardDate;
|
|
LONG StandardBias;
|
|
WCHAR DaylightName[32];
|
|
RTL_SYSTEM_TIME DaylightDate;
|
|
LONG DaylightBias;
|
|
WCHAR TimeZoneKeyName[128];
|
|
BOOLEAN DynamicDaylightTimeDisabled;
|
|
} RTL_DYNAMIC_TIME_ZONE_INFORMATION, *PRTL_DYNAMIC_TIME_ZONE_INFORMATION;
|
|
|
|
typedef struct _CLIENT_ID
|
|
{
|
|
HANDLE UniqueProcess;
|
|
HANDLE UniqueThread;
|
|
} CLIENT_ID, *PCLIENT_ID;
|
|
|
|
typedef struct _CURDIR
|
|
{
|
|
UNICODE_STRING DosPath;
|
|
PVOID Handle;
|
|
} CURDIR, *PCURDIR;
|
|
|
|
typedef struct RTL_DRIVE_LETTER_CURDIR
|
|
{
|
|
USHORT Flags;
|
|
USHORT Length;
|
|
ULONG TimeStamp;
|
|
UNICODE_STRING DosPath;
|
|
} RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR;
|
|
|
|
typedef struct _RTL_RELATIVE_NAME
|
|
{
|
|
UNICODE_STRING RelativeName;
|
|
HANDLE ContainerDirectory;
|
|
void *CurDirRef;
|
|
} RTL_RELATIVE_NAME, *PRTL_RELATIVE_NAME;
|
|
|
|
typedef struct tagRTL_BITMAP {
|
|
ULONG SizeOfBitMap; /* Number of bits in the bitmap */
|
|
PULONG Buffer; /* Bitmap data, assumed sized to a DWORD boundary */
|
|
} RTL_BITMAP, *PRTL_BITMAP;
|
|
|
|
typedef const RTL_BITMAP *PCRTL_BITMAP;
|
|
|
|
typedef struct tagRTL_BITMAP_RUN {
|
|
ULONG StartingIndex; /* Bit position at which run starts */
|
|
ULONG NumberOfBits; /* Size of the run in bits */
|
|
} RTL_BITMAP_RUN, *PRTL_BITMAP_RUN;
|
|
|
|
typedef const RTL_BITMAP_RUN *PCRTL_BITMAP_RUN;
|
|
|
|
typedef struct _RTL_USER_PROCESS_PARAMETERS
|
|
{
|
|
ULONG AllocationSize;
|
|
ULONG Size;
|
|
ULONG Flags;
|
|
ULONG DebugFlags;
|
|
HANDLE ConsoleHandle;
|
|
ULONG ConsoleFlags;
|
|
HANDLE hStdInput;
|
|
HANDLE hStdOutput;
|
|
HANDLE hStdError;
|
|
CURDIR CurrentDirectory;
|
|
UNICODE_STRING DllPath;
|
|
UNICODE_STRING ImagePathName;
|
|
UNICODE_STRING CommandLine;
|
|
PWSTR Environment;
|
|
ULONG dwX;
|
|
ULONG dwY;
|
|
ULONG dwXSize;
|
|
ULONG dwYSize;
|
|
ULONG dwXCountChars;
|
|
ULONG dwYCountChars;
|
|
ULONG dwFillAttribute;
|
|
ULONG dwFlags;
|
|
ULONG wShowWindow;
|
|
UNICODE_STRING WindowTitle;
|
|
UNICODE_STRING Desktop;
|
|
UNICODE_STRING ShellInfo;
|
|
UNICODE_STRING RuntimeInfo;
|
|
RTL_DRIVE_LETTER_CURDIR DLCurrentDirectory[0x20];
|
|
ULONG_PTR EnvironmentSize;
|
|
ULONG_PTR EnvironmentVersion;
|
|
PVOID PackageDependencyData;
|
|
ULONG ProcessGroupId;
|
|
ULONG LoaderThreads;
|
|
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
|
|
|
|
/* value for Flags field (FIXME: not the correct name) */
|
|
#define PROCESS_PARAMS_FLAG_NORMALIZED 1
|
|
|
|
typedef struct _PEB_LDR_DATA
|
|
{
|
|
ULONG Length;
|
|
BOOLEAN Initialized;
|
|
PVOID SsHandle;
|
|
LIST_ENTRY InLoadOrderModuleList;
|
|
LIST_ENTRY InMemoryOrderModuleList;
|
|
LIST_ENTRY InInitializationOrderModuleList;
|
|
PVOID EntryInProgress;
|
|
BOOLEAN ShutdownInProgress;
|
|
HANDLE ShutdownThreadId;
|
|
} PEB_LDR_DATA, *PPEB_LDR_DATA;
|
|
|
|
typedef struct _GDI_TEB_BATCH
|
|
{
|
|
ULONG Offset;
|
|
HANDLE HDC;
|
|
ULONG Buffer[0x136];
|
|
} GDI_TEB_BATCH;
|
|
|
|
typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME
|
|
{
|
|
struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous;
|
|
struct _ACTIVATION_CONTEXT *ActivationContext;
|
|
ULONG Flags;
|
|
} RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME;
|
|
|
|
typedef struct _ACTIVATION_CONTEXT_STACK
|
|
{
|
|
RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame;
|
|
LIST_ENTRY FrameListCache;
|
|
ULONG Flags;
|
|
ULONG NextCookieSequenceNumber;
|
|
ULONG_PTR StackId;
|
|
} ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME_CONTEXT
|
|
{
|
|
ULONG Flags;
|
|
const char *FrameName;
|
|
} TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME_CONTEXT_EX
|
|
{
|
|
TEB_ACTIVE_FRAME_CONTEXT BasicContext;
|
|
const char *SourceLocation;
|
|
} TEB_ACTIVE_FRAME_CONTEXT_EX, *PTEB_ACTIVE_FRAME_CONTEXT_EX;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME
|
|
{
|
|
ULONG Flags;
|
|
struct _TEB_ACTIVE_FRAME *Previous;
|
|
TEB_ACTIVE_FRAME_CONTEXT *Context;
|
|
} TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
|
|
|
|
typedef struct _TEB_ACTIVE_FRAME_EX
|
|
{
|
|
TEB_ACTIVE_FRAME BasicFrame;
|
|
void *ExtensionIdentifier;
|
|
} TEB_ACTIVE_FRAME_EX, *PTEB_ACTIVE_FRAME_EX;
|
|
|
|
typedef struct _FLS_CALLBACK
|
|
{
|
|
void *unknown;
|
|
PFLS_CALLBACK_FUNCTION callback; /* ~0 if NULL callback is set, NULL if FLS index is free. */
|
|
} FLS_CALLBACK, *PFLS_CALLBACK;
|
|
|
|
typedef struct _FLS_INFO_CHUNK
|
|
{
|
|
ULONG count; /* number of allocated FLS indexes in the chunk. */
|
|
FLS_CALLBACK callbacks[1]; /* the size is 0x10 for chunk 0 and is twice as
|
|
* the previous chunk size for the rest. */
|
|
} FLS_INFO_CHUNK, *PFLS_INFO_CHUNK;
|
|
|
|
typedef struct _GLOBAL_FLS_DATA
|
|
{
|
|
FLS_INFO_CHUNK *fls_callback_chunks[8];
|
|
LIST_ENTRY fls_list_head;
|
|
ULONG fls_high_index;
|
|
} GLOBAL_FLS_DATA, *PGLOBAL_FLS_DATA;
|
|
|
|
typedef struct _TEB_FLS_DATA
|
|
{
|
|
LIST_ENTRY fls_list_entry;
|
|
void **fls_data_chunks[8];
|
|
} TEB_FLS_DATA, *PTEB_FLS_DATA;
|
|
|
|
#define TEB_ACTIVE_FRAME_CONTEXT_FLAG_EXTENDED 0x00000001
|
|
#define TEB_ACTIVE_FRAME_FLAG_EXTENDED 0x00000001
|
|
|
|
/***********************************************************************
|
|
* PEB data structure
|
|
*/
|
|
typedef struct _PEB
|
|
{ /* win32/win64 */
|
|
BOOLEAN InheritedAddressSpace; /* 000/000 */
|
|
BOOLEAN ReadImageFileExecOptions; /* 001/001 */
|
|
BOOLEAN BeingDebugged; /* 002/002 */
|
|
BOOLEAN SpareBool; /* 003/003 */
|
|
HANDLE Mutant; /* 004/008 */
|
|
HMODULE ImageBaseAddress; /* 008/010 */
|
|
PPEB_LDR_DATA LdrData; /* 00c/018 */
|
|
RTL_USER_PROCESS_PARAMETERS *ProcessParameters; /* 010/020 */
|
|
PVOID SubSystemData; /* 014/028 */
|
|
HANDLE ProcessHeap; /* 018/030 */
|
|
PRTL_CRITICAL_SECTION FastPebLock; /* 01c/038 */
|
|
PVOID /*PPEBLOCKROUTINE*/ FastPebLockRoutine; /* 020/040 */
|
|
PVOID /*PPEBLOCKROUTINE*/ FastPebUnlockRoutine; /* 024/048 */
|
|
ULONG EnvironmentUpdateCount; /* 028/050 */
|
|
PVOID KernelCallbackTable; /* 02c/058 */
|
|
ULONG Reserved; /* 030/060 */
|
|
ULONG AtlThunkSListPtr32; /* 034/064 */
|
|
PVOID /*PPEB_FREE_BLOCK*/ FreeList; /* 038/068 */
|
|
ULONG TlsExpansionCounter; /* 03c/070 */
|
|
PRTL_BITMAP TlsBitmap; /* 040/078 */
|
|
ULONG TlsBitmapBits[2]; /* 044/080 */
|
|
PVOID ReadOnlySharedMemoryBase; /* 04c/088 */
|
|
PVOID ReadOnlySharedMemoryHeap; /* 050/090 */
|
|
PVOID *ReadOnlyStaticServerData; /* 054/098 */
|
|
PVOID AnsiCodePageData; /* 058/0a0 */
|
|
PVOID OemCodePageData; /* 05c/0a8 */
|
|
PVOID UnicodeCaseTableData; /* 060/0b0 */
|
|
ULONG NumberOfProcessors; /* 064/0b8 */
|
|
ULONG NtGlobalFlag; /* 068/0bc */
|
|
LARGE_INTEGER CriticalSectionTimeout; /* 070/0c0 */
|
|
SIZE_T HeapSegmentReserve; /* 078/0c8 */
|
|
SIZE_T HeapSegmentCommit; /* 07c/0d0 */
|
|
SIZE_T HeapDeCommitTotalFreeThreshold; /* 080/0d8 */
|
|
SIZE_T HeapDeCommitFreeBlockThreshold; /* 084/0e0 */
|
|
ULONG NumberOfHeaps; /* 088/0e8 */
|
|
ULONG MaximumNumberOfHeaps; /* 08c/0ec */
|
|
PVOID *ProcessHeaps; /* 090/0f0 */
|
|
PVOID GdiSharedHandleTable; /* 094/0f8 */
|
|
PVOID ProcessStarterHelper; /* 098/100 */
|
|
PVOID GdiDCAttributeList; /* 09c/108 */
|
|
PVOID LoaderLock; /* 0a0/110 */
|
|
ULONG OSMajorVersion; /* 0a4/118 */
|
|
ULONG OSMinorVersion; /* 0a8/11c */
|
|
ULONG OSBuildNumber; /* 0ac/120 */
|
|
ULONG OSPlatformId; /* 0b0/124 */
|
|
ULONG ImageSubSystem; /* 0b4/128 */
|
|
ULONG ImageSubSystemMajorVersion; /* 0b8/12c */
|
|
ULONG ImageSubSystemMinorVersion; /* 0bc/130 */
|
|
ULONG ImageProcessAffinityMask; /* 0c0/134 */
|
|
HANDLE GdiHandleBuffer[28]; /* 0c4/138 */
|
|
ULONG unknown[6]; /* 134/218 */
|
|
PVOID PostProcessInitRoutine; /* 14c/230 */
|
|
PRTL_BITMAP TlsExpansionBitmap; /* 150/238 */
|
|
ULONG TlsExpansionBitmapBits[32]; /* 154/240 */
|
|
ULONG SessionId; /* 1d4/2c0 */
|
|
ULARGE_INTEGER AppCompatFlags; /* 1d8/2c8 */
|
|
ULARGE_INTEGER AppCompatFlagsUser; /* 1e0/2d0 */
|
|
PVOID ShimData; /* 1e8/2d8 */
|
|
PVOID AppCompatInfo; /* 1ec/2e0 */
|
|
UNICODE_STRING CSDVersion; /* 1f0/2e8 */
|
|
PVOID ActivationContextData; /* 1f8/2f8 */
|
|
PVOID ProcessAssemblyStorageMap; /* 1fc/300 */
|
|
PVOID SystemDefaultActivationData; /* 200/308 */
|
|
PVOID SystemAssemblyStorageMap; /* 204/310 */
|
|
SIZE_T MinimumStackCommit; /* 208/318 */
|
|
PVOID *FlsCallback; /* 20c/320 */
|
|
LIST_ENTRY FlsListHead; /* 210/328 */
|
|
PRTL_BITMAP FlsBitmap; /* 218/338 */
|
|
ULONG FlsBitmapBits[4]; /* 21c/340 */
|
|
ULONG FlsHighIndex; /* 22c/350 */
|
|
PVOID WerRegistrationData; /* 230/358 */
|
|
PVOID WerShipAssertPtr; /* 234/360 */
|
|
PVOID pUnused; /* 238/368 */
|
|
PVOID pImageHeaderHash; /* 23c/370 */
|
|
ULONG TracingFlags; /* 240/378 */
|
|
ULONGLONG CsrServerReadOnlySharedMemoryBase; /* 248/380 */
|
|
ULONG TppWorkerpListLock; /* 250/388 */
|
|
LIST_ENTRY TppWorkerpList; /* 254/390 */
|
|
PVOID WaitOnAddressHashTable [0x80]; /* 25c/3a0 */
|
|
PVOID TelemetryCoverageHeader; /* 45c/7a0 */
|
|
ULONG CloudFileFlags; /* 460/7a8 */
|
|
ULONG CloudFileDiagFlags; /* 464/7ac */
|
|
CHAR PlaceholderCompatibilityMode; /* 468/7b0 */
|
|
CHAR PlaceholderCompatibilityModeReserved[7]; /* 469/7b1 */
|
|
PVOID LeapSecondData; /* 470/7b8 */
|
|
ULONG LeapSecondFlags; /* 474/7c0 */
|
|
ULONG NtGlobalFlag2; /* 478/7c4 */
|
|
} PEB, *PPEB;
|
|
|
|
|
|
/***********************************************************************
|
|
* TEB data structure
|
|
*/
|
|
typedef struct _TEB
|
|
{ /* win32/win64 */
|
|
NT_TIB Tib; /* 000/0000 */
|
|
PVOID EnvironmentPointer; /* 01c/0038 */
|
|
CLIENT_ID ClientId; /* 020/0040 */
|
|
PVOID ActiveRpcHandle; /* 028/0050 */
|
|
PVOID ThreadLocalStoragePointer; /* 02c/0058 */
|
|
PPEB Peb; /* 030/0060 */
|
|
ULONG LastErrorValue; /* 034/0068 */
|
|
ULONG CountOfOwnedCriticalSections; /* 038/006c */
|
|
PVOID CsrClientThread; /* 03c/0070 */
|
|
PVOID Win32ThreadInfo; /* 040/0078 */
|
|
ULONG User32Reserved[26]; /* 044/0080 */
|
|
ULONG UserReserved[5]; /* 0ac/00e8 */
|
|
PVOID WOW32Reserved; /* 0c0/0100 */
|
|
ULONG CurrentLocale; /* 0c4/0108 */
|
|
ULONG FpSoftwareStatusRegister; /* 0c8/010c */
|
|
PVOID ReservedForDebuggerInstrumentation[16]; /* 0cc/0110 */
|
|
#ifdef _WIN64
|
|
PVOID SystemReserved1[30]; /* /0190 */
|
|
#else
|
|
PVOID SystemReserved1[26]; /* 10c/ used for krnl386 private data in Wine */
|
|
#endif
|
|
char PlaceholderCompatibilityMode; /* 174/0280 */
|
|
char PlaceholderReserved[11]; /* 175/0281 */
|
|
DWORD ProxiedProcessId; /* 180/028c */
|
|
ACTIVATION_CONTEXT_STACK ActivationContextStack; /* 184/0290 */
|
|
UCHAR WorkingOnBehalfOfTicket[8]; /* 19c/02b8 */
|
|
LONG ExceptionCode; /* 1a4/02c0 */
|
|
ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; /* 1a8/02c8 */
|
|
ULONG_PTR InstrumentationCallbackSp; /* 1ac/02d0 */
|
|
ULONG_PTR InstrumentationCallbackPreviousPc; /* 1b0/02d8 */
|
|
ULONG_PTR InstrumentationCallbackPreviousSp; /* 1b4/02e0 */
|
|
#ifdef _WIN64
|
|
ULONG TxFsContext; /* /02e8 */
|
|
BOOLEAN InstrumentationCallbackDisabled; /* /02ec */
|
|
#else
|
|
BOOLEAN InstrumentationCallbackDisabled; /* 1b8/ */
|
|
BYTE SpareBytes1[23]; /* 1b9/ */
|
|
ULONG TxFsContext; /* 1d0/ */
|
|
#endif
|
|
GDI_TEB_BATCH GdiTebBatch; /* 1d4/02f0 used for ntdll private data in Wine */
|
|
CLIENT_ID RealClientId; /* 6b4/07d8 */
|
|
HANDLE GdiCachedProcessHandle; /* 6bc/07e8 */
|
|
ULONG GdiClientPID; /* 6c0/07f0 */
|
|
ULONG GdiClientTID; /* 6c4/07f4 */
|
|
PVOID GdiThreadLocaleInfo; /* 6c8/07f8 */
|
|
ULONG_PTR Win32ClientInfo[62]; /* 6cc/0800 used for user32 private data in Wine */
|
|
PVOID glDispatchTable[233]; /* 7c4/09f0 */
|
|
PVOID glReserved1[29]; /* b68/1138 */
|
|
PVOID glReserved2; /* bdc/1220 */
|
|
PVOID glSectionInfo; /* be0/1228 */
|
|
PVOID glSection; /* be4/1230 */
|
|
PVOID glTable; /* be8/1238 */
|
|
PVOID glCurrentRC; /* bec/1240 */
|
|
PVOID glContext; /* bf0/1248 */
|
|
ULONG LastStatusValue; /* bf4/1250 */
|
|
UNICODE_STRING StaticUnicodeString; /* bf8/1258 */
|
|
WCHAR StaticUnicodeBuffer[261]; /* c00/1268 */
|
|
PVOID DeallocationStack; /* e0c/1478 */
|
|
PVOID TlsSlots[64]; /* e10/1480 */
|
|
LIST_ENTRY TlsLinks; /* f10/1680 */
|
|
PVOID Vdm; /* f18/1690 */
|
|
PVOID ReservedForNtRpc; /* f1c/1698 */
|
|
PVOID DbgSsReserved[2]; /* f20/16a0 */
|
|
ULONG HardErrorDisabled; /* f28/16b0 */
|
|
PVOID Instrumentation[16]; /* f2c/16b8 */
|
|
PVOID WinSockData; /* f6c/1738 */
|
|
ULONG GdiBatchCount; /* f70/1740 */
|
|
ULONG Spare2; /* f74/1744 */
|
|
ULONG GuaranteedStackBytes; /* f78/1748 */
|
|
PVOID ReservedForPerf; /* f7c/1750 */
|
|
PVOID ReservedForOle; /* f80/1758 */
|
|
ULONG WaitingOnLoaderLock; /* f84/1760 */
|
|
PVOID Reserved5[3]; /* f88/1768 */
|
|
PVOID *TlsExpansionSlots; /* f94/1780 */
|
|
#ifdef _WIN64
|
|
PVOID DeallocationBStore; /* /1788 */
|
|
PVOID BStoreLimit; /* /1790 */
|
|
#endif
|
|
ULONG ImpersonationLocale; /* f98/1798 */
|
|
ULONG IsImpersonating; /* f9c/179c */
|
|
PVOID NlsCache; /* fa0/17a0 */
|
|
PVOID ShimData; /* fa4/17a8 */
|
|
ULONG HeapVirtualAffinity; /* fa8/17b0 */
|
|
PVOID CurrentTransactionHandle; /* fac/17b8 */
|
|
TEB_ACTIVE_FRAME *ActiveFrame; /* fb0/17c0 */
|
|
TEB_FLS_DATA *FlsSlots; /* fb4/17c8 */
|
|
PVOID PreferredLanguages; /* fb8/17d0 */
|
|
PVOID UserPrefLanguages; /* fbc/17d8 */
|
|
PVOID MergedPrefLanguages; /* fc0/17e0 */
|
|
ULONG MuiImpersonation; /* fc4/17e8 */
|
|
USHORT CrossTebFlags; /* fc8/17ec */
|
|
USHORT SameTebFlags; /* fca/17ee */
|
|
PVOID TxnScopeEnterCallback; /* fcc/17f0 */
|
|
PVOID TxnScopeExitCallback; /* fd0/17f8 */
|
|
PVOID TxnScopeContext; /* fd4/1800 */
|
|
ULONG LockCount; /* fd8/1808 */
|
|
LONG WowTebOffset; /* fdc/180c */
|
|
PVOID ResourceRetValue; /* fe0/1810 */
|
|
PVOID ReservedForWdf; /* fe4/1818 */
|
|
ULONGLONG ReservedForCrt; /* fe8/1820 */
|
|
GUID EffectiveContainerId; /* ff0/1828 */
|
|
} TEB, *PTEB;
|
|
|
|
|
|
/***********************************************************************
|
|
* The 32-bit/64-bit version of the PEB and TEB for WoW64
|
|
*/
|
|
typedef struct _NT_TIB32
|
|
{
|
|
ULONG ExceptionList; /* 0000 */
|
|
ULONG StackBase; /* 0004 */
|
|
ULONG StackLimit; /* 0008 */
|
|
ULONG SubSystemTib; /* 000c */
|
|
ULONG FiberData; /* 0010 */
|
|
ULONG ArbitraryUserPointer; /* 0014 */
|
|
ULONG Self; /* 0018 */
|
|
} NT_TIB32;
|
|
|
|
typedef struct _NT_TIB64
|
|
{
|
|
ULONG64 ExceptionList; /* 0000 */
|
|
ULONG64 StackBase; /* 0008 */
|
|
ULONG64 StackLimit; /* 0010 */
|
|
ULONG64 SubSystemTib; /* 0018 */
|
|
ULONG64 FiberData; /* 0020 */
|
|
ULONG64 ArbitraryUserPointer; /* 0028 */
|
|
ULONG64 Self; /* 0030 */
|
|
} NT_TIB64;
|
|
|
|
typedef struct _CLIENT_ID32
|
|
{
|
|
ULONG UniqueProcess;
|
|
ULONG UniqueThread;
|
|
} CLIENT_ID32;
|
|
|
|
typedef struct _CLIENT_ID64
|
|
{
|
|
ULONG64 UniqueProcess;
|
|
ULONG64 UniqueThread;
|
|
} CLIENT_ID64;
|
|
|
|
typedef struct _LIST_ENTRY32
|
|
{
|
|
ULONG Flink;
|
|
ULONG Blink;
|
|
} LIST_ENTRY32;
|
|
|
|
typedef struct _LIST_ENTRY64
|
|
{
|
|
ULONG64 Flink;
|
|
ULONG64 Blink;
|
|
} LIST_ENTRY64;
|
|
|
|
typedef struct _UNICODE_STRING32
|
|
{
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
ULONG Buffer;
|
|
} UNICODE_STRING32;
|
|
|
|
typedef struct _UNICODE_STRING64
|
|
{
|
|
USHORT Length;
|
|
USHORT MaximumLength;
|
|
ULONG64 Buffer;
|
|
} UNICODE_STRING64;
|
|
|
|
typedef struct _ACTIVATION_CONTEXT_STACK32
|
|
{
|
|
ULONG ActiveFrame;
|
|
LIST_ENTRY32 FrameListCache;
|
|
ULONG Flags;
|
|
ULONG NextCookieSequenceNumber;
|
|
ULONG32 StackId;
|
|
} ACTIVATION_CONTEXT_STACK32;
|
|
|
|
typedef struct _ACTIVATION_CONTEXT_STACK64
|
|
{
|
|
ULONG64 ActiveFrame;
|
|
LIST_ENTRY64 FrameListCache;
|
|
ULONG Flags;
|
|
ULONG NextCookieSequenceNumber;
|
|
ULONG64 StackId;
|
|
} ACTIVATION_CONTEXT_STACK64;
|
|
|
|
typedef struct _CURDIR32
|
|
{
|
|
UNICODE_STRING32 DosPath;
|
|
ULONG Handle;
|
|
} CURDIR32;
|
|
|
|
typedef struct _CURDIR64
|
|
{
|
|
UNICODE_STRING64 DosPath;
|
|
ULONG64 Handle;
|
|
} CURDIR64;
|
|
|
|
typedef struct RTL_DRIVE_LETTER_CURDIR32
|
|
{
|
|
USHORT Flags;
|
|
USHORT Length;
|
|
ULONG TimeStamp;
|
|
UNICODE_STRING32 DosPath;
|
|
} RTL_DRIVE_LETTER_CURDIR32;
|
|
|
|
typedef struct RTL_DRIVE_LETTER_CURDIR64
|
|
{
|
|
USHORT Flags;
|
|
USHORT Length;
|
|
ULONG TimeStamp;
|
|
UNICODE_STRING64 DosPath;
|
|
} RTL_DRIVE_LETTER_CURDIR64;
|
|
|
|
typedef struct _RTL_USER_PROCESS_PARAMETERS32
|
|
{
|
|
ULONG AllocationSize;
|
|
ULONG Size;
|
|
ULONG Flags;
|
|
ULONG DebugFlags;
|
|
ULONG ConsoleHandle;
|
|
ULONG ConsoleFlags;
|
|
ULONG hStdInput;
|
|
ULONG hStdOutput;
|
|
ULONG hStdError;
|
|
CURDIR32 CurrentDirectory;
|
|
UNICODE_STRING32 DllPath;
|
|
UNICODE_STRING32 ImagePathName;
|
|
UNICODE_STRING32 CommandLine;
|
|
ULONG Environment;
|
|
ULONG dwX;
|
|
ULONG dwY;
|
|
ULONG dwXSize;
|
|
ULONG dwYSize;
|
|
ULONG dwXCountChars;
|
|
ULONG dwYCountChars;
|
|
ULONG dwFillAttribute;
|
|
ULONG dwFlags;
|
|
ULONG wShowWindow;
|
|
UNICODE_STRING32 WindowTitle;
|
|
UNICODE_STRING32 Desktop;
|
|
UNICODE_STRING32 ShellInfo;
|
|
UNICODE_STRING32 RuntimeInfo;
|
|
RTL_DRIVE_LETTER_CURDIR32 DLCurrentDirectory[0x20];
|
|
ULONG EnvironmentSize;
|
|
ULONG EnvironmentVersion;
|
|
ULONG PackageDependencyData;
|
|
ULONG ProcessGroupId;
|
|
ULONG LoaderThreads;
|
|
} RTL_USER_PROCESS_PARAMETERS32;
|
|
|
|
typedef struct _RTL_USER_PROCESS_PARAMETERS64
|
|
{
|
|
ULONG AllocationSize;
|
|
ULONG Size;
|
|
ULONG Flags;
|
|
ULONG DebugFlags;
|
|
ULONG64 ConsoleHandle;
|
|
ULONG ConsoleFlags;
|
|
ULONG64 hStdInput;
|
|
ULONG64 hStdOutput;
|
|
ULONG64 hStdError;
|
|
CURDIR64 CurrentDirectory;
|
|
UNICODE_STRING64 DllPath;
|
|
UNICODE_STRING64 ImagePathName;
|
|
UNICODE_STRING64 CommandLine;
|
|
ULONG64 Environment;
|
|
ULONG dwX;
|
|
ULONG dwY;
|
|
ULONG dwXSize;
|
|
ULONG dwYSize;
|
|
ULONG dwXCountChars;
|
|
ULONG dwYCountChars;
|
|
ULONG dwFillAttribute;
|
|
ULONG dwFlags;
|
|
ULONG wShowWindow;
|
|
UNICODE_STRING64 WindowTitle;
|
|
UNICODE_STRING64 Desktop;
|
|
UNICODE_STRING64 ShellInfo;
|
|
UNICODE_STRING64 RuntimeInfo;
|
|
RTL_DRIVE_LETTER_CURDIR64 DLCurrentDirectory[0x20];
|
|
ULONG64 EnvironmentSize;
|
|
ULONG64 EnvironmentVersion;
|
|
ULONG64 PackageDependencyData;
|
|
ULONG ProcessGroupId;
|
|
ULONG LoaderThreads;
|
|
} RTL_USER_PROCESS_PARAMETERS64;
|
|
|
|
typedef struct _PEB_LDR_DATA32
|
|
{
|
|
ULONG Length;
|
|
BOOLEAN Initialized;
|
|
ULONG SsHandle;
|
|
LIST_ENTRY32 InLoadOrderModuleList;
|
|
LIST_ENTRY32 InMemoryOrderModuleList;
|
|
LIST_ENTRY32 InInitializationOrderModuleList;
|
|
ULONG EntryInProgress;
|
|
BOOLEAN ShutdownInProgress;
|
|
ULONG ShutdownThreadId;
|
|
} PEB_LDR_DATA32, *PPEB_LDR_DATA32;
|
|
|
|
typedef struct _PEB_LDR_DATA64
|
|
{
|
|
ULONG Length;
|
|
BOOLEAN Initialized;
|
|
ULONG64 SsHandle;
|
|
LIST_ENTRY64 InLoadOrderModuleList;
|
|
LIST_ENTRY64 InMemoryOrderModuleList;
|
|
LIST_ENTRY64 InInitializationOrderModuleList;
|
|
ULONG64 EntryInProgress;
|
|
BOOLEAN ShutdownInProgress;
|
|
ULONG64 ShutdownThreadId;
|
|
} PEB_LDR_DATA64, *PPEB_LDR_DATA64;
|
|
|
|
typedef struct _PEB32
|
|
{
|
|
BOOLEAN InheritedAddressSpace; /* 0000 */
|
|
BOOLEAN ReadImageFileExecOptions; /* 0001 */
|
|
BOOLEAN BeingDebugged; /* 0002 */
|
|
BOOLEAN SpareBool; /* 0003 */
|
|
ULONG Mutant; /* 0004 */
|
|
ULONG ImageBaseAddress; /* 0008 */
|
|
ULONG LdrData; /* 000c */
|
|
ULONG ProcessParameters; /* 0010 */
|
|
ULONG SubSystemData; /* 0014 */
|
|
ULONG ProcessHeap; /* 0018 */
|
|
ULONG FastPebLock; /* 001c */
|
|
ULONG FastPebLockRoutine; /* 0020 */
|
|
ULONG FastPebUnlockRoutine; /* 0024 */
|
|
ULONG EnvironmentUpdateCount; /* 0028 */
|
|
ULONG KernelCallbackTable; /* 002c */
|
|
ULONG Reserved; /* 0030 */
|
|
ULONG AtlThunkSListPtr32; /* 0034 */
|
|
ULONG FreeList; /* 0038 */
|
|
ULONG TlsExpansionCounter; /* 003c */
|
|
ULONG TlsBitmap; /* 0040 */
|
|
ULONG TlsBitmapBits[2]; /* 0044 */
|
|
ULONG ReadOnlySharedMemoryBase; /* 004c */
|
|
ULONG ReadOnlySharedMemoryHeap; /* 0050 */
|
|
ULONG ReadOnlyStaticServerData; /* 0054 */
|
|
ULONG AnsiCodePageData; /* 0058 */
|
|
ULONG OemCodePageData; /* 005c */
|
|
ULONG UnicodeCaseTableData; /* 0060 */
|
|
ULONG NumberOfProcessors; /* 0064 */
|
|
ULONG NtGlobalFlag; /* 0068 */
|
|
LARGE_INTEGER CriticalSectionTimeout; /* 0070 */
|
|
ULONG HeapSegmentReserve; /* 0078 */
|
|
ULONG HeapSegmentCommit; /* 007c */
|
|
ULONG HeapDeCommitTotalFreeThreshold; /* 0080 */
|
|
ULONG HeapDeCommitFreeBlockThreshold; /* 0084 */
|
|
ULONG NumberOfHeaps; /* 0088 */
|
|
ULONG MaximumNumberOfHeaps; /* 008c */
|
|
ULONG ProcessHeaps; /* 0090 */
|
|
ULONG GdiSharedHandleTable; /* 0094 */
|
|
ULONG ProcessStarterHelper; /* 0098 */
|
|
ULONG GdiDCAttributeList; /* 009c */
|
|
ULONG LoaderLock; /* 00a0 */
|
|
ULONG OSMajorVersion; /* 00a4 */
|
|
ULONG OSMinorVersion; /* 00a8 */
|
|
ULONG OSBuildNumber; /* 00ac */
|
|
ULONG OSPlatformId; /* 00b0 */
|
|
ULONG ImageSubSystem; /* 00b4 */
|
|
ULONG ImageSubSystemMajorVersion; /* 00b8 */
|
|
ULONG ImageSubSystemMinorVersion; /* 00bc */
|
|
ULONG ImageProcessAffinityMask; /* 00c0 */
|
|
ULONG GdiHandleBuffer[28]; /* 00c4 */
|
|
ULONG unknown[6]; /* 0134 */
|
|
ULONG PostProcessInitRoutine; /* 014c */
|
|
ULONG TlsExpansionBitmap; /* 0150 */
|
|
ULONG TlsExpansionBitmapBits[32]; /* 0154 */
|
|
ULONG SessionId; /* 01d4 */
|
|
ULARGE_INTEGER AppCompatFlags; /* 01d8 */
|
|
ULARGE_INTEGER AppCompatFlagsUser; /* 01e0 */
|
|
ULONG ShimData; /* 01e8 */
|
|
ULONG AppCompatInfo; /* 01ec */
|
|
UNICODE_STRING CSDVersion; /* 01f0 */
|
|
ULONG ActivationContextData; /* 01f8 */
|
|
ULONG ProcessAssemblyStorageMap; /* 01fc */
|
|
ULONG SystemDefaultActivationData; /* 0200 */
|
|
ULONG SystemAssemblyStorageMap; /* 0204 */
|
|
ULONG MinimumStackCommit; /* 0208 */
|
|
ULONG FlsCallback; /* 020c */
|
|
LIST_ENTRY FlsListHead; /* 0210 */
|
|
ULONG FlsBitmap; /* 0218 */
|
|
ULONG FlsBitmapBits[4]; /* 021c */
|
|
ULONG FlsHighIndex; /* 022c */
|
|
ULONG WerRegistrationData; /* 0230 */
|
|
ULONG WerShipAssertPtr; /* 0234 */
|
|
ULONG pUnused; /* 0238 */
|
|
ULONG pImageHeaderHash; /* 023c */
|
|
ULONG TracingFlags; /* 0240 */
|
|
ULONGLONG CsrServerReadOnlySharedMemoryBase; /* 0248 */
|
|
ULONG TppWorkerpListLock; /* 0250 */
|
|
LIST_ENTRY TppWorkerpList; /* 0254 */
|
|
ULONG WaitOnAddressHashTable [0x80]; /* 025c */
|
|
ULONG TelemetryCoverageHeader; /* 045c */
|
|
ULONG CloudFileFlags; /* 0460 */
|
|
ULONG CloudFileDiagFlags; /* 0464 */
|
|
CHAR PlaceholderCompatibilityMode; /* 0468 */
|
|
CHAR PlaceholderCompatibilityModeReserved[7]; /* 0469 */
|
|
ULONG LeapSecondData; /* 0470 */
|
|
ULONG LeapSecondFlags; /* 0474 */
|
|
ULONG NtGlobalFlag2; /* 0478 */
|
|
} PEB32;
|
|
|
|
typedef struct _PEB64
|
|
{
|
|
BOOLEAN InheritedAddressSpace; /* 0000 */
|
|
BOOLEAN ReadImageFileExecOptions; /* 0001 */
|
|
BOOLEAN BeingDebugged; /* 0002 */
|
|
BOOLEAN SpareBool; /* 0003 */
|
|
ULONG64 Mutant; /* 0008 */
|
|
ULONG64 ImageBaseAddress; /* 0010 */
|
|
ULONG64 LdrData; /* 0018 */
|
|
ULONG64 ProcessParameters; /* 0020 */
|
|
ULONG64 SubSystemData; /* 0028 */
|
|
ULONG64 ProcessHeap; /* 0030 */
|
|
ULONG64 FastPebLock; /* 0038 */
|
|
ULONG64 FastPebLockRoutine; /* 0040 */
|
|
ULONG64 FastPebUnlockRoutine; /* 0048 */
|
|
ULONG EnvironmentUpdateCount; /* 0050 */
|
|
ULONG64 KernelCallbackTable; /* 0058 */
|
|
ULONG Reserved; /* 0060 */
|
|
ULONG AtlThunkSListPtr32; /* 0064 */
|
|
ULONG64 FreeList; /* 0068 */
|
|
ULONG TlsExpansionCounter; /* 0070 */
|
|
ULONG64 TlsBitmap; /* 0078 */
|
|
ULONG TlsBitmapBits[2]; /* 0080 */
|
|
ULONG64 ReadOnlySharedMemoryBase; /* 0088 */
|
|
ULONG64 ReadOnlySharedMemoryHeap; /* 0090 */
|
|
ULONG64 ReadOnlyStaticServerData; /* 0098 */
|
|
ULONG64 AnsiCodePageData; /* 00a0 */
|
|
ULONG64 OemCodePageData; /* 00a8 */
|
|
ULONG64 UnicodeCaseTableData; /* 00b0 */
|
|
ULONG NumberOfProcessors; /* 00b8 */
|
|
ULONG NtGlobalFlag; /* 00bc */
|
|
LARGE_INTEGER CriticalSectionTimeout; /* 00c0 */
|
|
ULONG64 HeapSegmentReserve; /* 00c8 */
|
|
ULONG64 HeapSegmentCommit; /* 00d0 */
|
|
ULONG64 HeapDeCommitTotalFreeThreshold; /* 00d8 */
|
|
ULONG64 HeapDeCommitFreeBlockThreshold; /* 00e0 */
|
|
ULONG NumberOfHeaps; /* 00e8 */
|
|
ULONG MaximumNumberOfHeaps; /* 00ec */
|
|
ULONG64 ProcessHeaps; /* 00f0 */
|
|
ULONG64 GdiSharedHandleTable; /* 00f8 */
|
|
ULONG64 ProcessStarterHelper; /* 0100 */
|
|
ULONG64 GdiDCAttributeList; /* 0108 */
|
|
ULONG64 LoaderLock; /* 0110 */
|
|
ULONG OSMajorVersion; /* 0118 */
|
|
ULONG OSMinorVersion; /* 011c */
|
|
ULONG OSBuildNumber; /* 0120 */
|
|
ULONG OSPlatformId; /* 0124 */
|
|
ULONG ImageSubSystem; /* 0128 */
|
|
ULONG ImageSubSystemMajorVersion; /* 012c */
|
|
ULONG ImageSubSystemMinorVersion; /* 0130 */
|
|
ULONG ImageProcessAffinityMask; /* 0134 */
|
|
ULONG64 GdiHandleBuffer[28]; /* 0138 */
|
|
ULONG unknown[6]; /* 0218 */
|
|
ULONG64 PostProcessInitRoutine; /* 0230 */
|
|
ULONG64 TlsExpansionBitmap; /* 0238 */
|
|
ULONG TlsExpansionBitmapBits[32]; /* 0240 */
|
|
ULONG SessionId; /* 02c0 */
|
|
ULARGE_INTEGER AppCompatFlags; /* 02c8 */
|
|
ULARGE_INTEGER AppCompatFlagsUser; /* 02d0 */
|
|
ULONG64 ShimData; /* 02d8 */
|
|
ULONG64 AppCompatInfo; /* 02e0 */
|
|
UNICODE_STRING64 CSDVersion; /* 02e8 */
|
|
ULONG64 ActivationContextData; /* 02f8 */
|
|
ULONG64 ProcessAssemblyStorageMap; /* 0300 */
|
|
ULONG64 SystemDefaultActivationData; /* 0308 */
|
|
ULONG64 SystemAssemblyStorageMap; /* 0310 */
|
|
ULONG64 MinimumStackCommit; /* 0318 */
|
|
ULONG64 FlsCallback; /* 0320 */
|
|
LIST_ENTRY64 FlsListHead; /* 0328 */
|
|
ULONG64 FlsBitmap; /* 0338 */
|
|
ULONG FlsBitmapBits[4]; /* 0340 */
|
|
ULONG FlsHighIndex; /* 0350 */
|
|
ULONG64 WerRegistrationData; /* 0358 */
|
|
ULONG64 WerShipAssertPtr; /* 0360 */
|
|
ULONG64 pUnused; /* 0368 */
|
|
ULONG64 pImageHeaderHash; /* 0370 */
|
|
ULONG TracingFlags; /* 0378 */
|
|
ULONGLONG CsrServerReadOnlySharedMemoryBase; /* 0380 */
|
|
ULONG TppWorkerpListLock; /* 0388 */
|
|
LIST_ENTRY64 TppWorkerpList; /* 0390 */
|
|
ULONG64 WaitOnAddressHashTable [0x80]; /* 03a0 */
|
|
ULONG64 TelemetryCoverageHeader; /* 07a0 */
|
|
ULONG CloudFileFlags; /* 07a8 */
|
|
ULONG CloudFileDiagFlags; /* 07ac */
|
|
CHAR PlaceholderCompatibilityMode; /* 07b0 */
|
|
CHAR PlaceholderCompatibilityModeReserved[7]; /* 07b1 */
|
|
ULONG64 LeapSecondData; /* 07b8 */
|
|
ULONG LeapSecondFlags; /* 07c0 */
|
|
ULONG NtGlobalFlag2; /* 07c4 */
|
|
} PEB64;
|
|
|
|
typedef struct _TEB32
|
|
{
|
|
NT_TIB32 Tib; /* 0000 */
|
|
ULONG EnvironmentPointer; /* 001c */
|
|
CLIENT_ID32 ClientId; /* 0020 */
|
|
ULONG ActiveRpcHandle; /* 0028 */
|
|
ULONG ThreadLocalStoragePointer; /* 002c */
|
|
ULONG Peb; /* 0030 */
|
|
ULONG LastErrorValue; /* 0034 */
|
|
ULONG CountOfOwnedCriticalSections; /* 0038 */
|
|
ULONG CsrClientThread; /* 003c */
|
|
ULONG Win32ThreadInfo; /* 0040 */
|
|
ULONG User32Reserved[26]; /* 0044 */
|
|
ULONG UserReserved[5]; /* 00ac */
|
|
ULONG WOW32Reserved; /* 00c0 */
|
|
ULONG CurrentLocale; /* 00c4 */
|
|
ULONG FpSoftwareStatusRegister; /* 00c8 */
|
|
ULONG ReservedForDebuggerInstrumentation[16]; /* 00cc */
|
|
ULONG SystemReserved1[26]; /* 010c */
|
|
char PlaceholderCompatibilityMode; /* 0174 */
|
|
char PlaceholderReserved[11]; /* 0175 */
|
|
DWORD ProxiedProcessId; /* 0180 */
|
|
ACTIVATION_CONTEXT_STACK32 ActivationContextStack; /* 0184 */
|
|
UCHAR WorkingOnBehalfOfTicket[8]; /* 019c */
|
|
LONG ExceptionCode; /* 01a4 */
|
|
ULONG ActivationContextStackPointer; /* 01a8 */
|
|
ULONG InstrumentationCallbackSp; /* 01ac */
|
|
ULONG InstrumentationCallbackPreviousPc; /* 01b0 */
|
|
ULONG InstrumentationCallbackPreviousSp; /* 01b4 */
|
|
BOOLEAN InstrumentationCallbackDisabled; /* 01b8 */
|
|
BYTE SpareBytes1[23]; /* 01b9 */
|
|
ULONG TxFsContext; /* 01d0 */
|
|
ULONG GdiTebBatch[0x138]; /* 01d4 */
|
|
CLIENT_ID32 RealClientId; /* 06b4 */
|
|
ULONG GdiCachedProcessHandle; /* 06bc */
|
|
ULONG GdiClientPID; /* 06c0 */
|
|
ULONG GdiClientTID; /* 06c4 */
|
|
ULONG GdiThreadLocaleInfo; /* 06c8 */
|
|
ULONG Win32ClientInfo[62]; /* 06cc */
|
|
ULONG glDispatchTable[233]; /* 07c4 */
|
|
ULONG glReserved1[29]; /* 0b68 */
|
|
ULONG glReserved2; /* 0bdc */
|
|
ULONG glSectionInfo; /* 0be0 */
|
|
ULONG glSection; /* 0be4 */
|
|
ULONG glTable; /* 0be8 */
|
|
ULONG glCurrentRC; /* 0bec */
|
|
ULONG glContext; /* 0bf0 */
|
|
ULONG LastStatusValue; /* 0bf4 */
|
|
UNICODE_STRING32 StaticUnicodeString; /* 0bf8 */
|
|
WCHAR StaticUnicodeBuffer[261]; /* 0c00 */
|
|
ULONG DeallocationStack; /* 0e0c */
|
|
ULONG TlsSlots[64]; /* 0e10 */
|
|
LIST_ENTRY32 TlsLinks; /* 0f10 */
|
|
ULONG Vdm; /* 0f18 */
|
|
ULONG ReservedForNtRpc; /* 0f1c */
|
|
ULONG DbgSsReserved[2]; /* 0f20 */
|
|
ULONG HardErrorDisabled; /* 0f28 */
|
|
ULONG Instrumentation[16]; /* 0f2c */
|
|
ULONG WinSockData; /* 0f6c */
|
|
ULONG GdiBatchCount; /* 0f70 */
|
|
ULONG Spare2; /* 0f74 */
|
|
ULONG GuaranteedStackBytes; /* 0f78 */
|
|
ULONG ReservedForPerf; /* 0f7c */
|
|
ULONG ReservedForOle; /* 0f80 */
|
|
ULONG WaitingOnLoaderLock; /* 0f84 */
|
|
ULONG Reserved5[3]; /* 0f88 */
|
|
ULONG TlsExpansionSlots; /* 0f94 */
|
|
ULONG ImpersonationLocale; /* 0f98 */
|
|
ULONG IsImpersonating; /* 0f9c */
|
|
ULONG NlsCache; /* 0fa0 */
|
|
ULONG ShimData; /* 0fa4 */
|
|
ULONG HeapVirtualAffinity; /* 0fa8 */
|
|
ULONG CurrentTransactionHandle; /* 0fac */
|
|
ULONG ActiveFrame; /* 0fb0 */
|
|
ULONG FlsSlots; /* 0fb4 */
|
|
ULONG PreferredLanguages; /* 0fb8 */
|
|
ULONG UserPrefLanguages; /* 0fbc */
|
|
ULONG MergedPrefLanguages; /* 0fc0 */
|
|
ULONG MuiImpersonation; /* 0fc4 */
|
|
USHORT CrossTebFlags; /* 0fc8 */
|
|
USHORT SameTebFlags; /* 0fca */
|
|
ULONG TxnScopeEnterCallback; /* 0fcc */
|
|
ULONG TxnScopeExitCallback; /* 0fd0 */
|
|
ULONG TxnScopeContext; /* 0fd4 */
|
|
ULONG LockCount; /* 0fd8 */
|
|
LONG WowTebOffset; /* 0fdc */
|
|
ULONG ResourceRetValue; /* 0fe0 */
|
|
ULONG ReservedForWdf; /* 0fe4 */
|
|
ULONGLONG ReservedForCrt; /* 0fe8 */
|
|
GUID EffectiveContainerId; /* 0ff0 */
|
|
} TEB32;
|
|
|
|
typedef struct _TEB64
|
|
{
|
|
NT_TIB64 Tib; /* 0000 */
|
|
ULONG64 EnvironmentPointer; /* 0038 */
|
|
CLIENT_ID64 ClientId; /* 0040 */
|
|
ULONG64 ActiveRpcHandle; /* 0050 */
|
|
ULONG64 ThreadLocalStoragePointer; /* 0058 */
|
|
ULONG64 Peb; /* 0060 */
|
|
ULONG LastErrorValue; /* 0068 */
|
|
ULONG CountOfOwnedCriticalSections; /* 006c */
|
|
ULONG64 CsrClientThread; /* 0070 */
|
|
ULONG64 Win32ThreadInfo; /* 0078 */
|
|
ULONG User32Reserved[26]; /* 0080 */
|
|
ULONG UserReserved[5]; /* 00e8 */
|
|
ULONG64 WOW32Reserved; /* 0100 */
|
|
ULONG CurrentLocale; /* 0108 */
|
|
ULONG FpSoftwareStatusRegister; /* 010c */
|
|
ULONG64 ReservedForDebuggerInstrumentation[16]; /* 0110 */
|
|
ULONG64 SystemReserved1[30]; /* 0190 */
|
|
char PlaceholderCompatibilityMode; /* 0280 */
|
|
char PlaceholderReserved[11]; /* 0281 */
|
|
DWORD ProxiedProcessId; /* 028c */
|
|
ACTIVATION_CONTEXT_STACK64 ActivationContextStack; /* 0290 */
|
|
UCHAR WorkingOnBehalfOfTicket[8]; /* 02b8 */
|
|
LONG ExceptionCode; /* 02c0 */
|
|
ULONG64 ActivationContextStackPointer; /* 02c8 */
|
|
ULONG64 InstrumentationCallbackSp; /* 02d0 */
|
|
ULONG64 InstrumentationCallbackPreviousPc; /* 02d8 */
|
|
ULONG64 InstrumentationCallbackPreviousSp; /* 02e0 */
|
|
ULONG TxFsContext; /* 02e8 */
|
|
BOOLEAN InstrumentationCallbackDisabled; /* 02ec */
|
|
ULONG64 GdiTebBatch[0x9d]; /* 02f0 */
|
|
CLIENT_ID64 RealClientId; /* 07d8 */
|
|
ULONG64 GdiCachedProcessHandle; /* 07e8 */
|
|
ULONG GdiClientPID; /* 07f0 */
|
|
ULONG GdiClientTID; /* 07f4 */
|
|
ULONG64 GdiThreadLocaleInfo; /* 07f8 */
|
|
ULONG64 Win32ClientInfo[62]; /* 0800 */
|
|
ULONG64 glDispatchTable[233]; /* 09f0 */
|
|
ULONG64 glReserved1[29]; /* 1138 */
|
|
ULONG64 glReserved2; /* 1220 */
|
|
ULONG64 glSectionInfo; /* 1228 */
|
|
ULONG64 glSection; /* 1230 */
|
|
ULONG64 glTable; /* 1238 */
|
|
ULONG64 glCurrentRC; /* 1240 */
|
|
ULONG64 glContext; /* 1248 */
|
|
ULONG LastStatusValue; /* 1250 */
|
|
UNICODE_STRING64 StaticUnicodeString; /* 1258 */
|
|
WCHAR StaticUnicodeBuffer[261]; /* 1268 */
|
|
ULONG64 DeallocationStack; /* 1478 */
|
|
ULONG64 TlsSlots[64]; /* 1480 */
|
|
LIST_ENTRY64 TlsLinks; /* 1680 */
|
|
ULONG64 Vdm; /* 1690 */
|
|
ULONG64 ReservedForNtRpc; /* 1698 */
|
|
ULONG64 DbgSsReserved[2]; /* 16a0 */
|
|
ULONG HardErrorDisabled; /* 16b0 */
|
|
ULONG64 Instrumentation[16]; /* 16b8 */
|
|
ULONG64 WinSockData; /* 1738 */
|
|
ULONG GdiBatchCount; /* 1740 */
|
|
ULONG Spare2; /* 1744 */
|
|
ULONG GuaranteedStackBytes; /* 1748 */
|
|
ULONG64 ReservedForPerf; /* 1750 */
|
|
ULONG64 ReservedForOle; /* 1758 */
|
|
ULONG WaitingOnLoaderLock; /* 1760 */
|
|
ULONG64 Reserved5[3]; /* 1768 */
|
|
ULONG64 TlsExpansionSlots; /* 1780 */
|
|
ULONG64 DeallocationBStore; /* 1788 */
|
|
ULONG64 BStoreLimit; /* 1790 */
|
|
ULONG ImpersonationLocale; /* 1798 */
|
|
ULONG IsImpersonating; /* 179c */
|
|
ULONG64 NlsCache; /* 17a0 */
|
|
ULONG64 ShimData; /* 17a8 */
|
|
ULONG HeapVirtualAffinity; /* 17b0 */
|
|
ULONG64 CurrentTransactionHandle; /* 17b8 */
|
|
ULONG64 ActiveFrame; /* 17c0 */
|
|
ULONG64 FlsSlots; /* 17c8 */
|
|
ULONG64 PreferredLanguages; /* 17d0 */
|
|
ULONG64 UserPrefLanguages; /* 17d8 */
|
|
ULONG64 MergedPrefLanguages; /* 17e0 */
|
|
ULONG MuiImpersonation; /* 17e8 */
|
|
USHORT CrossTebFlags; /* 17ec */
|
|
USHORT SameTebFlags; /* 17ee */
|
|
ULONG64 TxnScopeEnterCallback; /* 17f0 */
|
|
ULONG64 TxnScopeExitCallback; /* 17f8 */
|
|
ULONG64 TxnScopeContext; /* 1800 */
|
|
ULONG LockCount; /* 1808 */
|
|
LONG WowTebOffset; /* 180c */
|
|
ULONG64 ResourceRetValue; /* 1810 */
|
|
ULONG64 ReservedForWdf; /* 1818 */
|
|
ULONGLONG ReservedForCrt; /* 1820 */
|
|
GUID EffectiveContainerId; /* 1828 */
|
|
} TEB64;
|
|
|
|
/* reserved TEB64 TLS slots for Wow64 */
|
|
#define WOW64_TLS_CPURESERVED 1
|
|
#define WOW64_TLS_TEMPLIST 3
|
|
#define WOW64_TLS_FILESYSREDIR 8
|
|
|
|
|
|
/***********************************************************************
|
|
* Enums
|
|
*/
|
|
|
|
typedef enum _FILE_INFORMATION_CLASS {
|
|
FileDirectoryInformation = 1,
|
|
FileFullDirectoryInformation,
|
|
FileBothDirectoryInformation,
|
|
FileBasicInformation,
|
|
FileStandardInformation,
|
|
FileInternalInformation,
|
|
FileEaInformation,
|
|
FileAccessInformation,
|
|
FileNameInformation,
|
|
FileRenameInformation,
|
|
FileLinkInformation,
|
|
FileNamesInformation,
|
|
FileDispositionInformation,
|
|
FilePositionInformation,
|
|
FileFullEaInformation,
|
|
FileModeInformation,
|
|
FileAlignmentInformation,
|
|
FileAllInformation,
|
|
FileAllocationInformation,
|
|
FileEndOfFileInformation,
|
|
FileAlternateNameInformation,
|
|
FileStreamInformation,
|
|
FilePipeInformation,
|
|
FilePipeLocalInformation,
|
|
FilePipeRemoteInformation,
|
|
FileMailslotQueryInformation,
|
|
FileMailslotSetInformation,
|
|
FileCompressionInformation,
|
|
FileObjectIdInformation,
|
|
FileCompletionInformation,
|
|
FileMoveClusterInformation,
|
|
FileQuotaInformation,
|
|
FileReparsePointInformation,
|
|
FileNetworkOpenInformation,
|
|
FileAttributeTagInformation,
|
|
FileTrackingInformation,
|
|
FileIdBothDirectoryInformation,
|
|
FileIdFullDirectoryInformation,
|
|
FileValidDataLengthInformation,
|
|
FileShortNameInformation,
|
|
FileIoCompletionNotificationInformation,
|
|
FileIoStatusBlockRangeInformation,
|
|
FileIoPriorityHintInformation,
|
|
FileSfioReserveInformation,
|
|
FileSfioVolumeInformation,
|
|
FileHardLinkInformation,
|
|
FileProcessIdsUsingFileInformation,
|
|
FileNormalizedNameInformation,
|
|
FileNetworkPhysicalNameInformation,
|
|
FileIdGlobalTxDirectoryInformation,
|
|
FileIsRemoteDeviceInformation,
|
|
FileAttributeCacheInformation,
|
|
FileNumaNodeInformation,
|
|
FileStandardLinkInformation,
|
|
FileRemoteProtocolInformation,
|
|
FileRenameInformationBypassAccessCheck,
|
|
FileLinkInformationBypassAccessCheck,
|
|
FileVolumeNameInformation,
|
|
FileIdInformation,
|
|
FileIdExtdDirectoryInformation,
|
|
FileReplaceCompletionInformation,
|
|
FileHardLinkFullIdInformation,
|
|
FileIdExtdBothDirectoryInformation,
|
|
FileMaximumInformation
|
|
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
|
|
|
|
typedef struct _FILE_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
|
|
|
|
typedef struct _FILE_FULL_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_FULL_DIRECTORY_INFORMATION, *PFILE_FULL_DIRECTORY_INFORMATION,
|
|
FILE_FULL_DIR_INFORMATION, *PFILE_FULL_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_ID_FULL_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
LARGE_INTEGER FileId;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_ID_FULL_DIRECTORY_INFORMATION, *PFILE_ID_FULL_DIRECTORY_INFORMATION;
|
|
|
|
typedef struct _FILE_BOTH_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
CHAR ShortNameLength;
|
|
WCHAR ShortName[12];
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION,
|
|
FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_ID_BOTH_DIRECTORY_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
ULONG EaSize;
|
|
CHAR ShortNameLength;
|
|
WCHAR ShortName[12];
|
|
LARGE_INTEGER FileId;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_ID_BOTH_DIRECTORY_INFORMATION, *PFILE_ID_BOTH_DIRECTORY_INFORMATION;
|
|
|
|
typedef struct _FILE_ID_GLOBAL_TX_DIR_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER EndOfFile;
|
|
LARGE_INTEGER AllocationSize;
|
|
ULONG FileAttributes;
|
|
ULONG FileNameLength;
|
|
LARGE_INTEGER FileId;
|
|
GUID LockingTransactionId;
|
|
ULONG TxInfoFlags;
|
|
WCHAR FileName[ANYSIZE_ARRAY];
|
|
} FILE_ID_GLOBAL_TX_DIR_INFORMATION, *PFILE_ID_GLOBAL_TX_DIR_INFORMATION;
|
|
|
|
typedef struct _FILE_BASIC_INFORMATION {
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
ULONG FileAttributes;
|
|
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
|
|
|
|
typedef struct _FILE_STANDARD_INFORMATION {
|
|
LARGE_INTEGER AllocationSize;
|
|
LARGE_INTEGER EndOfFile;
|
|
ULONG NumberOfLinks;
|
|
BOOLEAN DeletePending;
|
|
BOOLEAN Directory;
|
|
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
|
|
|
|
typedef struct _FILE_INTERNAL_INFORMATION {
|
|
LARGE_INTEGER IndexNumber;
|
|
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
|
|
|
|
typedef struct _FILE_ID_128 {
|
|
UCHAR Identifier[16];
|
|
} FILE_ID_128, *PFILE_ID_128;
|
|
|
|
typedef struct _FILE_ID_INFORMATION {
|
|
ULONGLONG VolumeSerialNumber;
|
|
FILE_ID_128 FileId;
|
|
} FILE_ID_INFORMATION, *PFILE_ID_INFORMATION;
|
|
|
|
typedef struct _FILE_EA_INFORMATION {
|
|
ULONG EaSize;
|
|
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
|
|
|
|
typedef struct _FILE_ACCESS_INFORMATION {
|
|
ACCESS_MASK AccessFlags;
|
|
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
|
|
|
|
typedef struct _FILE_NAME_INFORMATION {
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
|
|
|
|
typedef struct _FILE_RENAME_INFORMATION {
|
|
BOOLEAN ReplaceIfExists;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
|
|
|
|
typedef struct _FILE_LINK_INFORMATION {
|
|
BOOLEAN ReplaceIfExists;
|
|
HANDLE RootDirectory;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
|
|
|
|
typedef struct _FILE_NAMES_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG FileIndex;
|
|
ULONG FileNameLength;
|
|
WCHAR FileName[1];
|
|
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
|
|
|
|
typedef struct _FILE_DISPOSITION_INFORMATION {
|
|
BOOLEAN DoDeleteFile;
|
|
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
|
|
|
|
typedef struct _FILE_POSITION_INFORMATION {
|
|
LARGE_INTEGER CurrentByteOffset;
|
|
} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
|
|
|
|
typedef struct _FILE_ALIGNMENT_INFORMATION {
|
|
ULONG AlignmentRequirement;
|
|
} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
|
|
|
|
typedef struct _FILE_ALLOCATION_INFORMATION {
|
|
LARGE_INTEGER AllocationSize;
|
|
} FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
|
|
|
|
typedef struct _FILE_END_OF_FILE_INFORMATION {
|
|
LARGE_INTEGER EndOfFile;
|
|
} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
|
|
|
|
typedef struct _FILE_NETWORK_OPEN_INFORMATION {
|
|
LARGE_INTEGER CreationTime;
|
|
LARGE_INTEGER LastAccessTime;
|
|
LARGE_INTEGER LastWriteTime;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER AllocationSize;
|
|
LARGE_INTEGER EndOfFile;
|
|
ULONG FileAttributes;
|
|
} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
|
|
|
|
typedef struct _FILE_FULL_EA_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
UCHAR Flags;
|
|
UCHAR EaNameLength;
|
|
USHORT EaValueLength;
|
|
CHAR EaName[1];
|
|
} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
|
|
|
|
typedef struct _FILE_MODE_INFORMATION {
|
|
ULONG Mode;
|
|
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
|
|
|
|
typedef struct _FILE_STREAM_INFORMATION
|
|
{
|
|
ULONG NextEntryOffset;
|
|
ULONG StreamNameLength;
|
|
LARGE_INTEGER StreamSize;
|
|
LARGE_INTEGER StreamAllocationSize;
|
|
WCHAR StreamName[1];
|
|
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
|
|
|
|
typedef struct _FILE_ATTRIBUTE_TAG_INFORMATION
|
|
{
|
|
ULONG FileAttributes;
|
|
ULONG ReparseTag;
|
|
} FILE_ATTRIBUTE_TAG_INFORMATION, *PFILE_ATTRIBUTE_TAG_INFORMATION;
|
|
|
|
typedef struct _FILE_MAILSLOT_QUERY_INFORMATION {
|
|
ULONG MaximumMessageSize;
|
|
ULONG MailslotQuota;
|
|
ULONG NextMessageSize;
|
|
ULONG MessagesAvailable;
|
|
LARGE_INTEGER ReadTimeout;
|
|
} FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION;
|
|
|
|
typedef struct _FILE_MAILSLOT_SET_INFORMATION {
|
|
LARGE_INTEGER ReadTimeout;
|
|
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
|
|
|
|
typedef struct _FILE_PIPE_INFORMATION {
|
|
ULONG ReadMode;
|
|
ULONG CompletionMode;
|
|
} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
|
|
|
|
typedef struct _FILE_PIPE_LOCAL_INFORMATION {
|
|
ULONG NamedPipeType;
|
|
ULONG NamedPipeConfiguration;
|
|
ULONG MaximumInstances;
|
|
ULONG CurrentInstances;
|
|
ULONG InboundQuota;
|
|
ULONG ReadDataAvailable;
|
|
ULONG OutboundQuota;
|
|
ULONG WriteQuotaAvailable;
|
|
ULONG NamedPipeState;
|
|
ULONG NamedPipeEnd;
|
|
} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
|
|
|
|
#define FILE_PIPE_DISCONNECTED_STATE 0x00000001
|
|
#define FILE_PIPE_LISTENING_STATE 0x00000002
|
|
#define FILE_PIPE_CONNECTED_STATE 0x00000003
|
|
#define FILE_PIPE_CLOSING_STATE 0x00000004
|
|
|
|
typedef struct _FILE_OBJECTID_BUFFER
|
|
{
|
|
BYTE ObjectId[16];
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
BYTE BirthVolumeId[16];
|
|
BYTE BirthObjectId[16];
|
|
BYTE DomainId[16];
|
|
} DUMMYSTRUCTNAME;
|
|
BYTE ExtendedInfo[48];
|
|
} DUMMYUNIONNAME;
|
|
} FILE_OBJECTID_BUFFER, *PFILE_OBJECTID_BUFFER;
|
|
|
|
typedef struct _FILE_OBJECTID_INFORMATION {
|
|
LONGLONG FileReference;
|
|
UCHAR ObjectId[16];
|
|
union {
|
|
struct {
|
|
UCHAR BirthVolumeId[16];
|
|
UCHAR BirthObjectId[16];
|
|
UCHAR DomainId[16];
|
|
} DUMMYSTRUCTNAME;
|
|
UCHAR ExtendedInfo[48];
|
|
} DUMMYUNIONNAME;
|
|
} FILE_OBJECTID_INFORMATION, *PFILE_OBJECTID_INFORMATION;
|
|
|
|
typedef struct _FILE_QUOTA_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG SidLength;
|
|
LARGE_INTEGER ChangeTime;
|
|
LARGE_INTEGER QuotaUsed;
|
|
LARGE_INTEGER QuotaThreshold;
|
|
LARGE_INTEGER QuotaLimit;
|
|
SID Sid;
|
|
} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
|
|
|
|
typedef struct _FILE_REPARSE_POINT_INFORMATION {
|
|
LONGLONG FileReference;
|
|
ULONG Tag;
|
|
} FILE_REPARSE_POINT_INFORMATION, *PFILE_REPARSE_POINT_INFORMATION;
|
|
|
|
typedef struct _FILE_ALL_INFORMATION {
|
|
FILE_BASIC_INFORMATION BasicInformation;
|
|
FILE_STANDARD_INFORMATION StandardInformation;
|
|
FILE_INTERNAL_INFORMATION InternalInformation;
|
|
FILE_EA_INFORMATION EaInformation;
|
|
FILE_ACCESS_INFORMATION AccessInformation;
|
|
FILE_POSITION_INFORMATION PositionInformation;
|
|
FILE_MODE_INFORMATION ModeInformation;
|
|
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
|
|
FILE_NAME_INFORMATION NameInformation;
|
|
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
|
|
|
|
typedef struct _FILE_IO_COMPLETION_NOTIFICATION_INFORMATION {
|
|
ULONG Flags;
|
|
} FILE_IO_COMPLETION_NOTIFICATION_INFORMATION, *PFILE_IO_COMPLETION_NOTIFICATION_INFORMATION;
|
|
|
|
#define FILE_SKIP_COMPLETION_PORT_ON_SUCCESS 0x1
|
|
#define FILE_SKIP_SET_EVENT_ON_HANDLE 0x2
|
|
#define FILE_SKIP_SET_USER_EVENT_ON_FAST_IO 0x4
|
|
|
|
typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION
|
|
{
|
|
ULONG Version;
|
|
ULONG Reserved;
|
|
VOID *Callback;
|
|
} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, *PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
|
|
|
|
typedef enum _FSINFOCLASS {
|
|
FileFsVolumeInformation = 1,
|
|
FileFsLabelInformation,
|
|
FileFsSizeInformation,
|
|
FileFsDeviceInformation,
|
|
FileFsAttributeInformation,
|
|
FileFsControlInformation,
|
|
FileFsFullSizeInformation,
|
|
FileFsObjectIdInformation,
|
|
FileFsMaximumInformation
|
|
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
|
|
|
|
typedef enum _KEY_INFORMATION_CLASS {
|
|
KeyBasicInformation,
|
|
KeyNodeInformation,
|
|
KeyFullInformation,
|
|
KeyNameInformation,
|
|
KeyCachedInformation,
|
|
KeyFlagsInformation,
|
|
KeyVirtualizationInformation,
|
|
KeyHandleTagsInformation,
|
|
MaxKeyInfoClass
|
|
} KEY_INFORMATION_CLASS;
|
|
|
|
typedef enum _KEY_VALUE_INFORMATION_CLASS {
|
|
KeyValueBasicInformation,
|
|
KeyValueFullInformation,
|
|
KeyValuePartialInformation,
|
|
KeyValueFullInformationAlign64,
|
|
KeyValuePartialInformationAlign64
|
|
} KEY_VALUE_INFORMATION_CLASS;
|
|
|
|
typedef enum _OBJECT_INFORMATION_CLASS {
|
|
ObjectBasicInformation,
|
|
ObjectNameInformation,
|
|
ObjectTypeInformation,
|
|
ObjectTypesInformation,
|
|
ObjectDataInformation
|
|
} OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
|
|
|
|
typedef enum _PROCESSINFOCLASS {
|
|
ProcessBasicInformation = 0,
|
|
ProcessQuotaLimits = 1,
|
|
ProcessIoCounters = 2,
|
|
ProcessVmCounters = 3,
|
|
ProcessTimes = 4,
|
|
ProcessBasePriority = 5,
|
|
ProcessRaisePriority = 6,
|
|
ProcessDebugPort = 7,
|
|
ProcessExceptionPort = 8,
|
|
ProcessAccessToken = 9,
|
|
ProcessLdtInformation = 10,
|
|
ProcessLdtSize = 11,
|
|
ProcessDefaultHardErrorMode = 12,
|
|
ProcessIoPortHandlers = 13,
|
|
ProcessPooledUsageAndLimits = 14,
|
|
ProcessWorkingSetWatch = 15,
|
|
ProcessUserModeIOPL = 16,
|
|
ProcessEnableAlignmentFaultFixup = 17,
|
|
ProcessPriorityClass = 18,
|
|
ProcessWx86Information = 19,
|
|
ProcessHandleCount = 20,
|
|
ProcessAffinityMask = 21,
|
|
ProcessPriorityBoost = 22,
|
|
ProcessDeviceMap = 23,
|
|
ProcessSessionInformation = 24,
|
|
ProcessForegroundInformation = 25,
|
|
ProcessWow64Information = 26,
|
|
ProcessImageFileName = 27,
|
|
ProcessLUIDDeviceMapsEnabled = 28,
|
|
ProcessBreakOnTermination = 29,
|
|
ProcessDebugObjectHandle = 30,
|
|
ProcessDebugFlags = 31,
|
|
ProcessHandleTracing = 32,
|
|
ProcessIoPriority = 33,
|
|
ProcessExecuteFlags = 34,
|
|
ProcessTlsInformation = 35,
|
|
ProcessCookie = 36,
|
|
ProcessImageInformation = 37,
|
|
ProcessCycleTime = 38,
|
|
ProcessPagePriority = 39,
|
|
ProcessInstrumentationCallback = 40,
|
|
ProcessThreadStackAllocation = 41,
|
|
ProcessWorkingSetWatchEx = 42,
|
|
ProcessImageFileNameWin32 = 43,
|
|
MaxProcessInfoClass,
|
|
#ifdef __WINESRC__
|
|
ProcessWineMakeProcessSystem = 1000,
|
|
#endif
|
|
} PROCESSINFOCLASS, PROCESS_INFORMATION_CLASS;
|
|
|
|
#define MEM_EXECUTE_OPTION_DISABLE 0x01
|
|
#define MEM_EXECUTE_OPTION_ENABLE 0x02
|
|
#define MEM_EXECUTE_OPTION_DISABLE_THUNK_EMULATION 0x04
|
|
#define MEM_EXECUTE_OPTION_PERMANENT 0x08
|
|
|
|
typedef enum _SECTION_INHERIT {
|
|
ViewShare = 1,
|
|
ViewUnmap = 2
|
|
} SECTION_INHERIT;
|
|
|
|
typedef enum _SYSTEM_INFORMATION_CLASS {
|
|
SystemBasicInformation = 0,
|
|
SystemCpuInformation = 1,
|
|
SystemPerformanceInformation = 2,
|
|
SystemTimeOfDayInformation = 3, /* was SystemTimeInformation */
|
|
SystemPathInformation = 4,
|
|
SystemProcessInformation = 5,
|
|
SystemCallCountInformation = 6,
|
|
SystemDeviceInformation = 7,
|
|
SystemProcessorPerformanceInformation = 8,
|
|
SystemFlagsInformation = 9,
|
|
SystemCallTimeInformation = 10,
|
|
SystemModuleInformation = 11,
|
|
SystemLocksInformation = 12,
|
|
SystemStackTraceInformation = 13,
|
|
SystemPagedPoolInformation = 14,
|
|
SystemNonPagedPoolInformation = 15,
|
|
SystemHandleInformation = 16,
|
|
SystemObjectInformation = 17,
|
|
SystemPageFileInformation = 18,
|
|
SystemVdmInstemulInformation = 19,
|
|
SystemVdmBopInformation = 20,
|
|
SystemFileCacheInformation = 21,
|
|
SystemPoolTagInformation = 22,
|
|
SystemInterruptInformation = 23,
|
|
SystemDpcBehaviorInformation = 24,
|
|
SystemFullMemoryInformation = 25,
|
|
SystemNotImplemented6 = 25,
|
|
SystemLoadGdiDriverInformation = 26,
|
|
SystemUnloadGdiDriverInformation = 27,
|
|
SystemTimeAdjustmentInformation = 28,
|
|
SystemTimeAdjustment = 28,
|
|
SystemSummaryMemoryInformation = 29,
|
|
SystemMirrorMemoryInformation = 30,
|
|
SystemPerformanceTraceInformation = 31,
|
|
SystemObsolete0 = 32,
|
|
SystemExceptionInformation = 33,
|
|
SystemCrashDumpStateInformation = 34,
|
|
SystemKernelDebuggerInformation = 35,
|
|
SystemContextSwitchInformation = 36,
|
|
SystemRegistryQuotaInformation = 37,
|
|
SystemExtendServiceTableInformation = 38,
|
|
SystemPrioritySeperation = 39,
|
|
SystemVerifierAddDriverInformation = 40,
|
|
SystemVerifierRemoveDriverInformation = 41,
|
|
SystemProcessorIdleInformation = 42,
|
|
SystemLegacyDriverInformation = 43,
|
|
SystemCurrentTimeZoneInformation = 44,
|
|
SystemLookasideInformation = 45,
|
|
SystemTimeSlipNotification = 46,
|
|
SystemSessionCreate = 47,
|
|
SystemSessionDetach = 48,
|
|
SystemSessionInformation = 49,
|
|
SystemRangeStartInformation = 50,
|
|
SystemVerifierInformation = 51,
|
|
SystemVerifierThunkExtend = 52,
|
|
SystemSessionProcessesInformation = 53,
|
|
SystemLoadGdiDriverInSystemSpace = 54,
|
|
SystemNumaProcessorMap = 55,
|
|
SystemPrefetcherInformation = 56,
|
|
SystemExtendedProcessInformation = 57,
|
|
SystemRecommendedSharedDataAlignment = 58,
|
|
SystemComPlusPackage = 59,
|
|
SystemNumaAvailableMemory = 60,
|
|
SystemProcessorPowerInformation = 61,
|
|
SystemEmulationBasicInformation = 62,
|
|
SystemEmulationProcessorInformation = 63,
|
|
SystemExtendedHandleInformation = 64,
|
|
SystemLostDelayedWriteInformation = 65,
|
|
SystemBigPoolInformation = 66,
|
|
SystemSessionPoolTagInformation = 67,
|
|
SystemSessionMappedViewInformation = 68,
|
|
SystemHotpatchInformation = 69,
|
|
SystemObjectSecurityMode = 70,
|
|
SystemWatchdogTimerHandler = 71,
|
|
SystemWatchdogTimerInformation = 72,
|
|
SystemLogicalProcessorInformation = 73,
|
|
SystemWow64SharedInformationObsolete = 74,
|
|
SystemRegisterFirmwareTableInformationHandler = 75,
|
|
SystemFirmwareTableInformation = 76,
|
|
SystemModuleInformationEx = 77,
|
|
SystemVerifierTriageInformation = 78,
|
|
SystemSuperfetchInformation = 79,
|
|
SystemMemoryListInformation = 80,
|
|
SystemFileCacheInformationEx = 81,
|
|
SystemThreadPriorityClientIdInformation = 82,
|
|
SystemProcessorIdleCycleTimeInformation = 83,
|
|
SystemVerifierCancellationInformation = 84,
|
|
SystemProcessorPowerInformationEx = 85,
|
|
SystemRefTraceInformation = 86,
|
|
SystemSpecialPoolInformation = 87,
|
|
SystemProcessIdInformation = 88,
|
|
SystemErrorPortInformation = 89,
|
|
SystemBootEnvironmentInformation = 90,
|
|
SystemHypervisorInformation = 91,
|
|
SystemVerifierInformationEx = 92,
|
|
SystemTimeZoneInformation = 93,
|
|
SystemImageFileExecutionOptionsInformation = 94,
|
|
SystemCoverageInformation = 95,
|
|
SystemPrefetchPatchInformation = 96,
|
|
SystemVerifierFaultsInformation = 97,
|
|
SystemSystemPartitionInformation = 98,
|
|
SystemSystemDiskInformation = 99,
|
|
SystemProcessorPerformanceDistribution = 100,
|
|
SystemNumaProximityNodeInformation = 101,
|
|
SystemDynamicTimeZoneInformation = 102,
|
|
SystemCodeIntegrityInformation = 103,
|
|
SystemProcessorMicrocodeUpdateInformation = 104,
|
|
SystemProcessorBrandString = 105,
|
|
SystemVirtualAddressInformation = 106,
|
|
SystemLogicalProcessorInformationEx = 107,
|
|
SystemProcessorCycleTimeInformation = 108,
|
|
SystemStoreInformation = 109,
|
|
SystemRegistryAppendString = 110,
|
|
SystemAitSamplingValue = 111,
|
|
SystemVhdBootInformation = 112,
|
|
SystemCpuQuotaInformation = 113,
|
|
SystemNativeBasicInformation = 114,
|
|
SystemErrorPortTimeouts = 115,
|
|
SystemLowPriorityIoInformation = 116,
|
|
SystemTpmBootEntropyInformation = 117,
|
|
SystemVerifierCountersInformation = 118,
|
|
SystemPagedPoolInformationEx = 119,
|
|
SystemSystemPtesInformationEx = 120,
|
|
SystemNodeDistanceInformation = 121,
|
|
SystemAcpiAuditInformation = 122,
|
|
SystemBasicPerformanceInformation = 123,
|
|
SystemQueryPerformanceCounterInformation = 124,
|
|
SystemSessionBigPoolInformation = 125,
|
|
SystemBootGraphicsInformation = 126,
|
|
SystemScrubPhysicalMemoryInformation = 127,
|
|
SystemBadPageInformation = 128,
|
|
SystemProcessorProfileControlArea = 129,
|
|
SystemCombinePhysicalMemoryInformation = 130,
|
|
SystemEntropyInterruptTimingInformation = 131,
|
|
SystemConsoleInformation = 132,
|
|
SystemPlatformBinaryInformation = 133,
|
|
SystemPolicyInformation = 134,
|
|
SystemHypervisorProcessorCountInformation = 135,
|
|
SystemDeviceDataInformation = 136,
|
|
SystemDeviceDataEnumerationInformation = 137,
|
|
SystemMemoryTopologyInformation = 138,
|
|
SystemMemoryChannelInformation = 139,
|
|
SystemBootLogoInformation = 140,
|
|
SystemProcessorPerformanceInformationEx = 141,
|
|
SystemCriticalProcessErrorLogInformation = 142,
|
|
SystemSecureBootPolicyInformation = 143,
|
|
SystemPageFileInformationEx = 144,
|
|
SystemSecureBootInformation = 145,
|
|
SystemEntropyInterruptTimingRawInformation = 146,
|
|
SystemPortableWorkspaceEfiLauncherInformation = 147,
|
|
SystemFullProcessInformation = 148,
|
|
SystemKernelDebuggerInformationEx = 149,
|
|
SystemBootMetadataInformation = 150,
|
|
SystemSoftRebootInformation = 151,
|
|
SystemElamCertificateInformation = 152,
|
|
SystemOfflineDumpConfigInformation = 153,
|
|
SystemProcessorFeaturesInformation = 154,
|
|
SystemRegistryReconciliationInformation = 155,
|
|
SystemEdidInformation = 156,
|
|
SystemManufacturingInformation = 157,
|
|
SystemEnergyEstimationConfigInformation = 158,
|
|
SystemHypervisorDetailInformation = 159,
|
|
SystemProcessorCycleStatsInformation = 160,
|
|
SystemVmGenerationCountInformation = 161,
|
|
SystemTrustedPlatformModuleInformation = 162,
|
|
SystemKernelDebuggerFlags = 163,
|
|
SystemCodeIntegrityPolicyInformation = 164,
|
|
SystemIsolatedUserModeInformation = 165,
|
|
SystemHardwareSecurityTestInterfaceResultsInformation = 166,
|
|
SystemSingleModuleInformation = 167,
|
|
SystemAllowedCpuSetsInformation = 168,
|
|
SystemVsmProtectionInformation = 169,
|
|
SystemInterruptCpuSetsInformation = 170,
|
|
SystemSecureBootPolicyFullInformation = 171,
|
|
SystemCodeIntegrityPolicyFullInformation = 172,
|
|
SystemAffinitizedInterruptProcessorInformation = 173,
|
|
SystemRootSiloInformation = 174,
|
|
SystemCpuSetInformation = 175,
|
|
SystemCpuSetTagInformation = 176,
|
|
SystemWin32WerStartCallout = 177,
|
|
SystemSecureKernelProfileInformation = 178,
|
|
SystemCodeIntegrityPlatformManifestInformation = 179,
|
|
SystemInterruptSteeringInformation = 180,
|
|
SystemSupportedProcessorArchitectures = 181,
|
|
SystemMemoryUsageInformation = 182,
|
|
SystemCodeIntegrityCertificateInformation = 183,
|
|
SystemPhysicalMemoryInformation = 184,
|
|
SystemControlFlowTransition = 185,
|
|
SystemKernelDebuggingAllowed = 186,
|
|
SystemActivityModerationExeState = 187,
|
|
SystemActivityModerationUserSettings = 188,
|
|
SystemCodeIntegrityPoliciesFullInformation = 189,
|
|
SystemCodeIntegrityUnlockInformation = 190,
|
|
SystemIntegrityQuotaInformation = 191,
|
|
SystemFlushInformation = 192,
|
|
SystemProcessorIdleMaskInformation = 193,
|
|
SystemSecureDumpEncryptionInformation = 194,
|
|
SystemWriteConstraintInformation = 195,
|
|
SystemKernelVaShadowInformation = 196,
|
|
SystemHypervisorSharedPageInformation = 197,
|
|
SystemFirmwareBootPerformanceInformation = 198,
|
|
SystemCodeIntegrityVerificationInformation = 199,
|
|
SystemFirmwarePartitionInformation = 200,
|
|
SystemSpeculationControlInformation = 201,
|
|
SystemDmaGuardPolicyInformation = 202,
|
|
SystemEnclaveLaunchControlInformation = 203,
|
|
SystemWorkloadAllowedCpuSetsInformation = 204,
|
|
SystemCodeIntegrityUnlockModeInformation = 205,
|
|
SystemLeapSecondInformation = 206,
|
|
SystemFlags2Information = 207,
|
|
SystemSecurityModelInformation = 208,
|
|
SystemCodeIntegritySyntheticCacheInformation = 209,
|
|
SystemFeatureConfigurationInformation = 210,
|
|
SystemFeatureConfigurationSectionInformation = 211,
|
|
SystemFeatureUsageSubscriptionInformation = 212,
|
|
SystemSecureSpeculationControlInformation = 213,
|
|
SystemSpacesBootInformation = 214,
|
|
SystemFwRamdiskInformation = 215,
|
|
SystemWheaIpmiHardwareInformation = 216,
|
|
SystemDifSetRuleClassInformation = 217,
|
|
SystemDifClearRuleClassInformation = 218,
|
|
SystemDifApplyPluginVerificationOnDriver = 219,
|
|
SystemDifRemovePluginVerificationOnDriver = 220,
|
|
SystemShadowStackInformation = 221,
|
|
SystemBuildVersionInformation = 222,
|
|
#ifdef __WINESRC__
|
|
SystemWineVersionInformation = 1000,
|
|
#endif
|
|
} SYSTEM_INFORMATION_CLASS, *PSYSTEM_INFORMATION_CLASS;
|
|
|
|
typedef struct _SYSTEM_CODEINTEGRITY_INFORMATION
|
|
{
|
|
ULONG Length;
|
|
ULONG CodeIntegrityOptions;
|
|
} SYSTEM_CODEINTEGRITY_INFORMATION, *PSYSTEM_CODEINTEGRITY_INFORMATION;
|
|
|
|
#define CODEINTEGRITY_OPTION_ENABLED 0x0001
|
|
#define CODEINTEGRITY_OPTION_TESTSIGN 0x0002
|
|
#define CODEINTEGRITY_OPTION_UMCI_ENABLED 0x0004
|
|
#define CODEINTEGRITY_OPTION_UMCI_AUDITMODE_ENABLED 0x0008
|
|
#define CODEINTEGRITY_OPTION_UMCI_EXCLUSIONPATHS_ENABLED 0x0010
|
|
#define CODEINTEGRITY_OPTION_TEST_BUILD 0x0020
|
|
#define CODEINTEGRITY_OPTION_PREPRODUCTION_BUILD 0x0040
|
|
#define CODEINTEGRITY_OPTION_DEBUGMODE_ENABLED 0x0080
|
|
#define CODEINTEGRITY_OPTION_FLIGHT_BUILD 0x0100
|
|
#define CODEINTEGRITY_OPTION_FLIGHTING_ENABLED 0x0200
|
|
#define CODEINTEGRITY_OPTION_HVCI_KMCI_ENABLED 0x0400
|
|
#define CODEINTEGRITY_OPTION_HVCI_KMCI_AUDITMODE_ENABLED 0x0800
|
|
#define CODEINTEGRITY_OPTION_HVCI_KMCI_STRICTMODE_ENABLED 0x1000
|
|
#define CODEINTEGRITY_OPTION_HVCI_IUM_ENABLED 0x2000
|
|
|
|
typedef enum _THREADINFOCLASS {
|
|
ThreadBasicInformation = 0,
|
|
ThreadTimes,
|
|
ThreadPriority,
|
|
ThreadBasePriority,
|
|
ThreadAffinityMask,
|
|
ThreadImpersonationToken,
|
|
ThreadDescriptorTableEntry,
|
|
ThreadEnableAlignmentFaultFixup,
|
|
ThreadEventPair_Reusable,
|
|
ThreadQuerySetWin32StartAddress,
|
|
ThreadZeroTlsCell,
|
|
ThreadPerformanceCount,
|
|
ThreadAmILastThread,
|
|
ThreadIdealProcessor,
|
|
ThreadPriorityBoost,
|
|
ThreadSetTlsArrayAddress,
|
|
ThreadIsIoPending,
|
|
ThreadHideFromDebugger,
|
|
ThreadBreakOnTermination,
|
|
ThreadSwitchLegacyState,
|
|
ThreadIsTerminated,
|
|
ThreadLastSystemCall,
|
|
ThreadIoPriority,
|
|
ThreadCycleTime,
|
|
ThreadPagePriority,
|
|
ThreadActualBasePriority,
|
|
ThreadTebInformation,
|
|
ThreadCSwitchMon,
|
|
ThreadCSwitchPmu,
|
|
ThreadWow64Context,
|
|
ThreadGroupInformation,
|
|
ThreadUmsInformation,
|
|
ThreadCounterProfiling,
|
|
ThreadIdealProcessorEx,
|
|
ThreadSuspendCount = 35,
|
|
ThreadDescription = 38,
|
|
MaxThreadInfoClass
|
|
} THREADINFOCLASS;
|
|
|
|
typedef struct _THREAD_BASIC_INFORMATION
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
PVOID TebBaseAddress;
|
|
CLIENT_ID ClientId;
|
|
ULONG_PTR AffinityMask;
|
|
LONG Priority;
|
|
LONG BasePriority;
|
|
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
|
|
|
|
typedef struct _THREAD_DESCRIPTOR_INFORMATION
|
|
{
|
|
DWORD Selector;
|
|
LDT_ENTRY Entry;
|
|
} THREAD_DESCRIPTOR_INFORMATION, *PTHREAD_DESCRIPTOR_INFORMATION;
|
|
|
|
typedef struct _THREAD_DESCRIPTION_INFORMATION
|
|
{
|
|
UNICODE_STRING Description;
|
|
} THREAD_DESCRIPTION_INFORMATION, *PTHREAD_DESCRIPTION_INFORMATION;
|
|
|
|
typedef struct _KERNEL_USER_TIMES {
|
|
LARGE_INTEGER CreateTime;
|
|
LARGE_INTEGER ExitTime;
|
|
LARGE_INTEGER KernelTime;
|
|
LARGE_INTEGER UserTime;
|
|
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
|
|
|
|
typedef enum _WINSTATIONINFOCLASS {
|
|
WinStationInformation = 8
|
|
} WINSTATIONINFOCLASS;
|
|
|
|
typedef enum _MEMORY_INFORMATION_CLASS {
|
|
MemoryBasicInformation,
|
|
MemoryWorkingSetInformation,
|
|
MemoryMappedFilenameInformation,
|
|
MemoryRegionInformation,
|
|
MemoryWorkingSetExInformation,
|
|
MemorySharedCommitInformation,
|
|
MemoryImageInformation,
|
|
MemoryRegionInformationEx,
|
|
MemoryPrivilegedBasicInformation,
|
|
MemoryEnclaveImageInformation,
|
|
MemoryBasicInformationCapped,
|
|
MemoryPhysicalContiguityInformation,
|
|
#ifdef __WINESRC__
|
|
MemoryWineUnixFuncs = 1000,
|
|
MemoryWineUnixWow64Funcs,
|
|
#endif
|
|
} MEMORY_INFORMATION_CLASS;
|
|
|
|
typedef struct _MEMORY_SECTION_NAME
|
|
{
|
|
UNICODE_STRING SectionFileName;
|
|
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
|
|
|
|
typedef union _MEMORY_WORKING_SET_EX_BLOCK {
|
|
ULONG_PTR Flags;
|
|
struct {
|
|
ULONG_PTR Valid : 1;
|
|
ULONG_PTR ShareCount : 3;
|
|
ULONG_PTR Win32Protection : 11;
|
|
ULONG_PTR Shared : 1;
|
|
ULONG_PTR Node : 6;
|
|
ULONG_PTR Locked : 1;
|
|
ULONG_PTR LargePage : 1;
|
|
} DUMMYSTRUCTNAME;
|
|
} MEMORY_WORKING_SET_EX_BLOCK, *PMEMORY_WORKING_SET_EX_BLOCK;
|
|
|
|
typedef struct _MEMORY_WORKING_SET_EX_INFORMATION {
|
|
PVOID VirtualAddress;
|
|
MEMORY_WORKING_SET_EX_BLOCK VirtualAttributes;
|
|
} MEMORY_WORKING_SET_EX_INFORMATION, *PMEMORY_WORKING_SET_EX_INFORMATION;
|
|
|
|
typedef enum _MUTANT_INFORMATION_CLASS
|
|
{
|
|
MutantBasicInformation
|
|
} MUTANT_INFORMATION_CLASS, *PMUTANT_INFORMATION_CLASS;
|
|
|
|
typedef struct _MUTANT_BASIC_INFORMATION {
|
|
LONG CurrentCount;
|
|
BOOLEAN OwnedByCaller;
|
|
BOOLEAN AbandonedState;
|
|
} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;
|
|
|
|
typedef enum _TIMER_INFORMATION_CLASS
|
|
{
|
|
TimerBasicInformation = 0
|
|
} TIMER_INFORMATION_CLASS;
|
|
|
|
typedef struct _TIMER_BASIC_INFORMATION
|
|
{
|
|
LARGE_INTEGER RemainingTime;
|
|
BOOLEAN TimerState;
|
|
} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
|
|
|
|
|
|
/* return type of RtlDetermineDosPathNameType_U (FIXME: not the correct names) */
|
|
typedef enum
|
|
{
|
|
INVALID_PATH = 0,
|
|
UNC_PATH, /* "//foo" */
|
|
ABSOLUTE_DRIVE_PATH, /* "c:/foo" */
|
|
RELATIVE_DRIVE_PATH, /* "c:foo" */
|
|
ABSOLUTE_PATH, /* "/foo" */
|
|
RELATIVE_PATH, /* "foo" */
|
|
DEVICE_PATH, /* "//./foo" */
|
|
UNC_DOT_PATH /* "//." */
|
|
} DOS_PATHNAME_TYPE;
|
|
|
|
|
|
/***********************************************************************
|
|
* Types and data structures
|
|
*/
|
|
|
|
/* This is used by NtQuerySystemInformation */
|
|
typedef struct _SYSTEM_THREAD_INFORMATION
|
|
{ /* win32/win64 */
|
|
LARGE_INTEGER KernelTime; /* 00/00 */
|
|
LARGE_INTEGER UserTime; /* 08/08 */
|
|
LARGE_INTEGER CreateTime; /* 10/10 */
|
|
DWORD dwTickCount; /* 18/18 */
|
|
LPVOID StartAddress; /* 1c/20 */
|
|
CLIENT_ID ClientId; /* 20/28 */
|
|
DWORD dwCurrentPriority; /* 28/38 */
|
|
DWORD dwBasePriority; /* 2c/3c */
|
|
DWORD dwContextSwitches; /* 30/40 */
|
|
DWORD dwThreadState; /* 34/44 */
|
|
DWORD dwWaitReason; /* 38/48 */
|
|
DWORD dwUnknown; /* 3c/4c */
|
|
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
|
|
|
|
typedef struct _IO_STATUS_BLOCK {
|
|
union {
|
|
NTSTATUS Status;
|
|
PVOID Pointer;
|
|
} DUMMYUNIONNAME;
|
|
|
|
ULONG_PTR Information;
|
|
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
|
|
|
|
typedef void (WINAPI * PIO_APC_ROUTINE)(PVOID,PIO_STATUS_BLOCK,ULONG);
|
|
|
|
typedef struct _KEY_BASIC_INFORMATION {
|
|
LARGE_INTEGER LastWriteTime;
|
|
ULONG TitleIndex;
|
|
ULONG NameLength;
|
|
WCHAR Name[1];
|
|
} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
|
|
|
|
typedef struct _KEY_NODE_INFORMATION
|
|
{
|
|
LARGE_INTEGER LastWriteTime;
|
|
ULONG TitleIndex;
|
|
ULONG ClassOffset;
|
|
ULONG ClassLength;
|
|
ULONG NameLength;
|
|
WCHAR Name[1];
|
|
/* Class[1]; */
|
|
} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
|
|
|
|
typedef struct _KEY_FULL_INFORMATION
|
|
{
|
|
LARGE_INTEGER LastWriteTime;
|
|
ULONG TitleIndex;
|
|
ULONG ClassOffset;
|
|
ULONG ClassLength;
|
|
ULONG SubKeys;
|
|
ULONG MaxNameLen;
|
|
ULONG MaxClassLen;
|
|
ULONG Values;
|
|
ULONG MaxValueNameLen;
|
|
ULONG MaxValueDataLen;
|
|
WCHAR Class[1];
|
|
} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
|
|
|
|
typedef struct _KEY_NAME_INFORMATION {
|
|
ULONG NameLength;
|
|
WCHAR Name[1];
|
|
} KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION;
|
|
|
|
typedef struct _KEY_CACHED_INFORMATION
|
|
{
|
|
LARGE_INTEGER LastWriteTime;
|
|
ULONG TitleIndex;
|
|
ULONG SubKeys;
|
|
ULONG MaxNameLen;
|
|
ULONG Values;
|
|
ULONG MaxValueNameLen;
|
|
ULONG MaxValueDataLen;
|
|
ULONG NameLength;
|
|
} KEY_CACHED_INFORMATION, *PKEY_CACHED_INFORMATION;
|
|
|
|
typedef struct _KEY_VALUE_ENTRY
|
|
{
|
|
PUNICODE_STRING ValueName;
|
|
ULONG DataLength;
|
|
ULONG DataOffset;
|
|
ULONG Type;
|
|
} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
|
|
|
|
typedef struct _KEY_VALUE_BASIC_INFORMATION {
|
|
ULONG TitleIndex;
|
|
ULONG Type;
|
|
ULONG NameLength;
|
|
WCHAR Name[1];
|
|
} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
|
|
|
|
typedef struct _KEY_VALUE_FULL_INFORMATION {
|
|
ULONG TitleIndex;
|
|
ULONG Type;
|
|
ULONG DataOffset;
|
|
ULONG DataLength;
|
|
ULONG NameLength;
|
|
WCHAR Name[1];
|
|
} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
|
|
|
|
typedef struct _KEY_VALUE_PARTIAL_INFORMATION {
|
|
ULONG TitleIndex;
|
|
ULONG Type;
|
|
ULONG DataLength;
|
|
UCHAR Data[1];
|
|
} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
|
|
|
|
#ifndef __OBJECT_ATTRIBUTES_DEFINED__
|
|
#define __OBJECT_ATTRIBUTES_DEFINED__
|
|
typedef struct _OBJECT_ATTRIBUTES {
|
|
ULONG Length;
|
|
HANDLE RootDirectory;
|
|
PUNICODE_STRING ObjectName;
|
|
ULONG Attributes;
|
|
PVOID SecurityDescriptor; /* type SECURITY_DESCRIPTOR */
|
|
PVOID SecurityQualityOfService; /* type SECURITY_QUALITY_OF_SERVICE */
|
|
} OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
|
|
#endif
|
|
|
|
typedef struct _OBJECT_DATA_INFORMATION {
|
|
BOOLEAN InheritHandle;
|
|
BOOLEAN ProtectFromClose;
|
|
} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
|
|
|
|
typedef struct _OBJECT_BASIC_INFORMATION {
|
|
ULONG Attributes;
|
|
ACCESS_MASK GrantedAccess;
|
|
ULONG HandleCount;
|
|
ULONG PointerCount;
|
|
ULONG PagedPoolUsage;
|
|
ULONG NonPagedPoolUsage;
|
|
ULONG Reserved[3];
|
|
ULONG NameInformationLength;
|
|
ULONG TypeInformationLength;
|
|
ULONG SecurityDescriptorLength;
|
|
LARGE_INTEGER CreateTime;
|
|
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
|
|
|
|
typedef struct _OBJECT_NAME_INFORMATION {
|
|
UNICODE_STRING Name;
|
|
} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
|
|
|
|
typedef struct __OBJECT_TYPE_INFORMATION {
|
|
UNICODE_STRING TypeName;
|
|
ULONG TotalNumberOfObjects;
|
|
ULONG TotalNumberOfHandles;
|
|
ULONG TotalPagedPoolUsage;
|
|
ULONG TotalNonPagedPoolUsage;
|
|
ULONG TotalNamePoolUsage;
|
|
ULONG TotalHandleTableUsage;
|
|
ULONG HighWaterNumberOfObjects;
|
|
ULONG HighWaterNumberOfHandles;
|
|
ULONG HighWaterPagedPoolUsage;
|
|
ULONG HighWaterNonPagedPoolUsage;
|
|
ULONG HighWaterNamePoolUsage;
|
|
ULONG HighWaterHandleTableUsage;
|
|
ULONG InvalidAttributes;
|
|
GENERIC_MAPPING GenericMapping;
|
|
ULONG ValidAccessMask;
|
|
BOOLEAN SecurityRequired;
|
|
BOOLEAN MaintainHandleCount;
|
|
UCHAR TypeIndex;
|
|
CHAR ReservedByte;
|
|
ULONG PoolType;
|
|
ULONG DefaultPagedPoolCharge;
|
|
ULONG DefaultNonPagedPoolCharge;
|
|
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
|
|
|
|
typedef struct _OBJECT_TYPES_INFORMATION
|
|
{
|
|
ULONG NumberOfTypes;
|
|
} OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
|
|
|
|
typedef struct _PROCESS_BASIC_INFORMATION {
|
|
#ifdef __WINESRC__
|
|
NTSTATUS ExitStatus;
|
|
PEB *PebBaseAddress;
|
|
ULONG_PTR AffinityMask;
|
|
LONG BasePriority;
|
|
ULONG_PTR UniqueProcessId;
|
|
ULONG_PTR InheritedFromUniqueProcessId;
|
|
#else
|
|
PVOID Reserved1;
|
|
PPEB PebBaseAddress;
|
|
PVOID Reserved2[2];
|
|
ULONG_PTR UniqueProcessId;
|
|
PVOID Reserved3;
|
|
#endif
|
|
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
|
|
|
|
#define PROCESS_PRIOCLASS_IDLE 1
|
|
#define PROCESS_PRIOCLASS_NORMAL 2
|
|
#define PROCESS_PRIOCLASS_HIGH 3
|
|
#define PROCESS_PRIOCLASS_REALTIME 4
|
|
#define PROCESS_PRIOCLASS_BELOW_NORMAL 5
|
|
#define PROCESS_PRIOCLASS_ABOVE_NORMAL 6
|
|
|
|
typedef struct _PROCESS_PRIORITY_CLASS {
|
|
BOOLEAN Foreground;
|
|
UCHAR PriorityClass;
|
|
} PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS;
|
|
|
|
typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION
|
|
{
|
|
SIZE_T ReserveSize;
|
|
SIZE_T ZeroBits;
|
|
PVOID StackBase;
|
|
} PROCESS_STACK_ALLOCATION_INFORMATION, *PPROCESS_STACK_ALLOCATION_INFORMATION;
|
|
|
|
typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION_EX
|
|
{
|
|
ULONG PreferredNode;
|
|
ULONG Reserved0;
|
|
ULONG Reserved1;
|
|
ULONG Reserved2;
|
|
PROCESS_STACK_ALLOCATION_INFORMATION AllocInfo;
|
|
} PROCESS_STACK_ALLOCATION_INFORMATION_EX, *PPROCESS_STACK_ALLOCATION_INFORMATION_EX;
|
|
|
|
typedef struct _RTL_HEAP_DEFINITION {
|
|
ULONG Length; /* = sizeof(RTL_HEAP_DEFINITION) */
|
|
|
|
ULONG Unknown[11];
|
|
} RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION;
|
|
|
|
typedef struct _RTL_RWLOCK {
|
|
RTL_CRITICAL_SECTION rtlCS;
|
|
|
|
HANDLE hSharedReleaseSemaphore;
|
|
UINT uSharedWaiters;
|
|
|
|
HANDLE hExclusiveReleaseSemaphore;
|
|
UINT uExclusiveWaiters;
|
|
|
|
INT iNumberActive;
|
|
HANDLE hOwningThreadId;
|
|
DWORD dwTimeoutBoost;
|
|
PVOID pDebugInfo;
|
|
} RTL_RWLOCK, *LPRTL_RWLOCK;
|
|
|
|
/* System Information Class 0x00 */
|
|
|
|
typedef struct _SYSTEM_BASIC_INFORMATION {
|
|
#ifdef __WINESRC__
|
|
DWORD unknown;
|
|
ULONG KeMaximumIncrement;
|
|
ULONG PageSize;
|
|
ULONG MmNumberOfPhysicalPages;
|
|
ULONG MmLowestPhysicalPage;
|
|
ULONG MmHighestPhysicalPage;
|
|
ULONG_PTR AllocationGranularity;
|
|
PVOID LowestUserAddress;
|
|
PVOID HighestUserAddress;
|
|
ULONG_PTR ActiveProcessorsAffinityMask;
|
|
BYTE NumberOfProcessors;
|
|
#else
|
|
BYTE Reserved1[24];
|
|
PVOID Reserved2[4];
|
|
CCHAR NumberOfProcessors;
|
|
#endif
|
|
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
|
|
|
|
/* System Information Class 0x01 */
|
|
|
|
typedef struct _SYSTEM_CPU_INFORMATION {
|
|
USHORT ProcessorArchitecture;
|
|
USHORT ProcessorLevel;
|
|
USHORT ProcessorRevision;
|
|
USHORT MaximumProcessors;
|
|
ULONG ProcessorFeatureBits;
|
|
} SYSTEM_CPU_INFORMATION, *PSYSTEM_CPU_INFORMATION;
|
|
|
|
/* definitions of bits in the Feature set for the x86 processors */
|
|
#define CPU_FEATURE_VME 0x00000005 /* Virtual 86 Mode Extensions */
|
|
#define CPU_FEATURE_TSC 0x00000002 /* Time Stamp Counter available */
|
|
#define CPU_FEATURE_CMOV 0x00000008 /* Conditional Move instruction*/
|
|
#define CPU_FEATURE_PGE 0x00000014 /* Page table Entry Global bit */
|
|
#define CPU_FEATURE_PSE 0x00000024 /* Page Size Extension */
|
|
#define CPU_FEATURE_MTRR 0x00000040 /* Memory Type Range Registers */
|
|
#define CPU_FEATURE_CX8 0x00000080 /* Compare and eXchange 8 byte instr. */
|
|
#define CPU_FEATURE_MMX 0x00000100 /* Multi Media eXtensions */
|
|
#define CPU_FEATURE_X86 0x00000200 /* seems to be always ON, on the '86 */
|
|
#define CPU_FEATURE_PAT 0x00000400 /* Page Attribute Table */
|
|
#define CPU_FEATURE_FXSR 0x00000800 /* FXSAVE and FXSTORE instructions */
|
|
#define CPU_FEATURE_SEP 0x00001000 /* SYSENTER and SYSEXIT instructions */
|
|
#define CPU_FEATURE_SSE 0x00002000 /* SSE extensions (ext. MMX) */
|
|
#define CPU_FEATURE_3DNOW 0x00004000 /* 3DNOW instructions available */
|
|
#define CPU_FEATURE_SSE2 0x00010000 /* SSE2 extensions (XMMI64) */
|
|
#define CPU_FEATURE_DS 0x00020000 /* Debug Store */
|
|
#define CPU_FEATURE_HTT 0x00040000 /* Hyper Threading Technology */
|
|
#define CPU_FEATURE_SSE3 0x00080000 /* SSE3 extensions */
|
|
#define CPU_FEATURE_CX128 0x00100000 /* cmpxchg16b instruction */
|
|
#define CPU_FEATURE_XSAVE 0x00800000 /* XSAVE instructions */
|
|
#define CPU_FEATURE_2NDLEV 0x04000000 /* Second-level address translation */
|
|
#define CPU_FEATURE_VIRT 0x08000000 /* Virtualization support */
|
|
#define CPU_FEATURE_RDFS 0x10000000 /* RDFSBASE etc. instructions */
|
|
#define CPU_FEATURE_NX 0x20000000 /* Data execution prevention */
|
|
|
|
/* FIXME: following values are made up, actual flags are unknown */
|
|
#define CPU_FEATURE_SSSE3 0x00008000 /* SSSE3 instructions */
|
|
#define CPU_FEATURE_SSE41 0x01000000 /* SSE41 instructions */
|
|
#define CPU_FEATURE_SSE42 0x02000000 /* SSE42 instructions */
|
|
#define CPU_FEATURE_AVX 0x40000000 /* AVX instructions */
|
|
#define CPU_FEATURE_AVX2 0x80000000 /* AVX2 instructions */
|
|
#define CPU_FEATURE_PAE 0x00200000
|
|
#define CPU_FEATURE_DAZ 0x00400000
|
|
|
|
#define CPU_FEATURE_ARM_VFP_32 0x00000001
|
|
#define CPU_FEATURE_ARM_NEON 0x00000002
|
|
#define CPU_FEATURE_ARM_V8_CRC32 0x00000004
|
|
#define CPU_FEATURE_ARM_V8_CRYPTO 0x00000008
|
|
|
|
/* System Information Class 0x02 */
|
|
|
|
/* Documented in "Windows NT/2000 Native API Reference" by Gary Nebbett. */
|
|
typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
|
|
LARGE_INTEGER IdleTime;
|
|
LARGE_INTEGER ReadTransferCount;
|
|
LARGE_INTEGER WriteTransferCount;
|
|
LARGE_INTEGER OtherTransferCount;
|
|
ULONG ReadOperationCount;
|
|
ULONG WriteOperationCount;
|
|
ULONG OtherOperationCount;
|
|
ULONG AvailablePages;
|
|
ULONG TotalCommittedPages;
|
|
ULONG TotalCommitLimit;
|
|
ULONG PeakCommitment;
|
|
ULONG PageFaults;
|
|
ULONG WriteCopyFaults;
|
|
ULONG TransitionFaults;
|
|
ULONG Reserved1;
|
|
ULONG DemandZeroFaults;
|
|
ULONG PagesRead;
|
|
ULONG PageReadIos;
|
|
ULONG Reserved2[2];
|
|
ULONG PagefilePagesWritten;
|
|
ULONG PagefilePageWriteIos;
|
|
ULONG MappedFilePagesWritten;
|
|
ULONG MappedFilePageWriteIos;
|
|
ULONG PagedPoolUsage;
|
|
ULONG NonPagedPoolUsage;
|
|
ULONG PagedPoolAllocs;
|
|
ULONG PagedPoolFrees;
|
|
ULONG NonPagedPoolAllocs;
|
|
ULONG NonPagedPoolFrees;
|
|
ULONG TotalFreeSystemPtes;
|
|
ULONG SystemCodePage;
|
|
ULONG TotalSystemDriverPages;
|
|
ULONG TotalSystemCodePages;
|
|
ULONG SmallNonPagedLookasideListAllocateHits;
|
|
ULONG SmallPagedLookasideListAllocateHits;
|
|
ULONG Reserved3;
|
|
ULONG MmSystemCachePage;
|
|
ULONG PagedPoolPage;
|
|
ULONG SystemDriverPage;
|
|
ULONG FastReadNoWait;
|
|
ULONG FastReadWait;
|
|
ULONG FastReadResourceMiss;
|
|
ULONG FastReadNotPossible;
|
|
ULONG FastMdlReadNoWait;
|
|
ULONG FastMdlReadWait;
|
|
ULONG FastMdlReadResourceMiss;
|
|
ULONG FastMdlReadNotPossible;
|
|
ULONG MapDataNoWait;
|
|
ULONG MapDataWait;
|
|
ULONG MapDataNoWaitMiss;
|
|
ULONG MapDataWaitMiss;
|
|
ULONG PinMappedDataCount;
|
|
ULONG PinReadNoWait;
|
|
ULONG PinReadWait;
|
|
ULONG PinReadNoWaitMiss;
|
|
ULONG PinReadWaitMiss;
|
|
ULONG CopyReadNoWait;
|
|
ULONG CopyReadWait;
|
|
ULONG CopyReadNoWaitMiss;
|
|
ULONG CopyReadWaitMiss;
|
|
ULONG MdlReadNoWait;
|
|
ULONG MdlReadWait;
|
|
ULONG MdlReadNoWaitMiss;
|
|
ULONG MdlReadWaitMiss;
|
|
ULONG ReadAheadIos;
|
|
ULONG LazyWriteIos;
|
|
ULONG LazyWritePages;
|
|
ULONG DataFlushes;
|
|
ULONG DataPages;
|
|
ULONG ContextSwitches;
|
|
ULONG FirstLevelTbFills;
|
|
ULONG SecondLevelTbFills;
|
|
ULONG SystemCalls;
|
|
} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
|
|
|
|
/* System Information Class 0x03 */
|
|
|
|
typedef struct _SYSTEM_TIMEOFDAY_INFORMATION {
|
|
#ifdef __WINESRC__
|
|
LARGE_INTEGER BootTime;
|
|
LARGE_INTEGER SystemTime;
|
|
LARGE_INTEGER TimeZoneBias;
|
|
ULONG TimeZoneId;
|
|
ULONG Reserved;
|
|
ULONGLONG BootTimeBias;
|
|
ULONGLONG SleepTimeBias;
|
|
#else
|
|
BYTE Reserved1[48];
|
|
#endif
|
|
} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; /* was SYSTEM_TIME_INFORMATION */
|
|
|
|
/* System Information Class 0x08 */
|
|
|
|
typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
|
|
LARGE_INTEGER IdleTime;
|
|
LARGE_INTEGER KernelTime;
|
|
LARGE_INTEGER UserTime;
|
|
LARGE_INTEGER Reserved1[2];
|
|
ULONG Reserved2;
|
|
} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
|
|
|
|
/* System Information Class 0x0b */
|
|
|
|
typedef struct _SYSTEM_DRIVER_INFORMATION {
|
|
PVOID pvAddress;
|
|
DWORD dwUnknown1;
|
|
DWORD dwUnknown2;
|
|
DWORD dwEntryIndex;
|
|
DWORD dwUnknown3;
|
|
char szName[MAX_PATH + 1];
|
|
} SYSTEM_DRIVER_INFORMATION, *PSYSTEM_DRIVER_INFORMATION;
|
|
|
|
/* System Information Class 0x10 */
|
|
|
|
typedef struct _SYSTEM_HANDLE_ENTRY {
|
|
ULONG OwnerPid;
|
|
BYTE ObjectType;
|
|
BYTE HandleFlags;
|
|
USHORT HandleValue;
|
|
PVOID ObjectPointer;
|
|
ULONG AccessMask;
|
|
} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;
|
|
|
|
typedef struct _SYSTEM_HANDLE_INFORMATION {
|
|
ULONG Count;
|
|
SYSTEM_HANDLE_ENTRY Handle[1];
|
|
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX
|
|
{
|
|
void *Object;
|
|
ULONG_PTR UniqueProcessId;
|
|
ULONG_PTR HandleValue;
|
|
ULONG GrantedAccess;
|
|
USHORT CreatorBackTraceIndex;
|
|
USHORT ObjectTypeIndex;
|
|
ULONG HandleAttributes;
|
|
ULONG Reserved;
|
|
} SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
|
|
|
|
typedef struct _SYSTEM_HANDLE_INFORMATION_EX
|
|
{
|
|
ULONG_PTR NumberOfHandles;
|
|
ULONG_PTR Reserved;
|
|
SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[1];
|
|
} SYSTEM_HANDLE_INFORMATION_EX;
|
|
|
|
/* System Information Class 0x15 */
|
|
|
|
typedef struct _SYSTEM_CACHE_INFORMATION {
|
|
SIZE_T CurrentSize;
|
|
SIZE_T PeakSize;
|
|
ULONG PageFaultCount;
|
|
SIZE_T MinimumWorkingSet;
|
|
SIZE_T MaximumWorkingSet;
|
|
SIZE_T CurrentSizeIncludingTransitionInPages;
|
|
SIZE_T PeakSizeIncludingTransitionInPages;
|
|
ULONG TransitionRePurposeCount;
|
|
ULONG Flags;
|
|
} SYSTEM_CACHE_INFORMATION, *PSYSTEM_CACHE_INFORMATION;
|
|
|
|
/* System Information Class 0x17 */
|
|
|
|
typedef struct _SYSTEM_INTERRUPT_INFORMATION {
|
|
ULONG ContextSwitches;
|
|
ULONG DpcCount;
|
|
ULONG DpcRate;
|
|
ULONG TimeIncrement;
|
|
ULONG DpcBypassCount;
|
|
ULONG ApcBypassCount;
|
|
} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_CONFIGURATION_INFO {
|
|
union {
|
|
ULONG OemId;
|
|
struct {
|
|
WORD ProcessorArchitecture;
|
|
WORD Reserved;
|
|
} tag1;
|
|
} tag2;
|
|
ULONG PageSize;
|
|
PVOID MinimumApplicationAddress;
|
|
PVOID MaximumApplicationAddress;
|
|
ULONG ActiveProcessorMask;
|
|
ULONG NumberOfProcessors;
|
|
ULONG ProcessorType;
|
|
ULONG AllocationGranularity;
|
|
WORD ProcessorLevel;
|
|
WORD ProcessorRevision;
|
|
} SYSTEM_CONFIGURATION_INFO, *PSYSTEM_CONFIGURATION_INFO;
|
|
|
|
typedef struct _SYSTEM_EXCEPTION_INFORMATION {
|
|
BYTE Reserved1[16];
|
|
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
|
|
BYTE Reserved1[32];
|
|
} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
|
|
BOOLEAN DebuggerEnabled;
|
|
BOOLEAN DebuggerNotPresent;
|
|
} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX {
|
|
BOOLEAN DebuggerAllowed;
|
|
BOOLEAN DebuggerEnabled;
|
|
BOOLEAN DebuggerPresent;
|
|
} SYSTEM_KERNEL_DEBUGGER_INFORMATION_EX, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION_EX;
|
|
|
|
typedef struct _VM_COUNTERS
|
|
{
|
|
SIZE_T PeakVirtualSize;
|
|
SIZE_T VirtualSize;
|
|
ULONG PageFaultCount;
|
|
SIZE_T PeakWorkingSetSize;
|
|
SIZE_T WorkingSetSize;
|
|
SIZE_T QuotaPeakPagedPoolUsage;
|
|
SIZE_T QuotaPagedPoolUsage;
|
|
SIZE_T QuotaPeakNonPagedPoolUsage;
|
|
SIZE_T QuotaNonPagedPoolUsage;
|
|
SIZE_T PagefileUsage;
|
|
SIZE_T PeakPagefileUsage;
|
|
} VM_COUNTERS, *PVM_COUNTERS;
|
|
|
|
typedef struct _VM_COUNTERS_EX
|
|
{
|
|
SIZE_T PeakVirtualSize;
|
|
SIZE_T VirtualSize;
|
|
ULONG PageFaultCount;
|
|
SIZE_T PeakWorkingSetSize;
|
|
SIZE_T WorkingSetSize;
|
|
SIZE_T QuotaPeakPagedPoolUsage;
|
|
SIZE_T QuotaPagedPoolUsage;
|
|
SIZE_T QuotaPeakNonPagedPoolUsage;
|
|
SIZE_T QuotaNonPagedPoolUsage;
|
|
SIZE_T PagefileUsage;
|
|
SIZE_T PeakPagefileUsage;
|
|
SIZE_T PrivateUsage;
|
|
} VM_COUNTERS_EX, *PVM_COUNTERS_EX;
|
|
|
|
typedef struct _SYSTEM_PROCESS_INFORMATION {
|
|
#ifdef __WINESRC__ /* win32/win64 */
|
|
ULONG NextEntryOffset; /* 00/00 */
|
|
DWORD dwThreadCount; /* 04/04 */
|
|
DWORD dwUnknown1[6]; /* 08/08 */
|
|
LARGE_INTEGER CreationTime; /* 20/20 */
|
|
LARGE_INTEGER UserTime; /* 28/28 */
|
|
LARGE_INTEGER KernelTime; /* 30/30 */
|
|
UNICODE_STRING ProcessName; /* 38/38 */
|
|
DWORD dwBasePriority; /* 40/48 */
|
|
HANDLE UniqueProcessId; /* 44/50 */
|
|
HANDLE ParentProcessId; /* 48/58 */
|
|
ULONG HandleCount; /* 4c/60 */
|
|
ULONG SessionId; /* 50/64 */
|
|
DWORD dwUnknown4; /* 54/68 */
|
|
VM_COUNTERS_EX vmCounters; /* 58/70 */
|
|
IO_COUNTERS ioCounters; /* 88/d0 */
|
|
SYSTEM_THREAD_INFORMATION ti[1]; /* b8/100 */
|
|
#else
|
|
ULONG NextEntryOffset; /* 00/00 */
|
|
BYTE Reserved1[52]; /* 04/04 */
|
|
PVOID Reserved2[3]; /* 38/38 */
|
|
HANDLE UniqueProcessId; /* 44/50 */
|
|
PVOID Reserved3; /* 48/58 */
|
|
ULONG HandleCount; /* 4c/60 */
|
|
BYTE Reserved4[4]; /* 50/64 */
|
|
PVOID Reserved5[11]; /* 54/68 */
|
|
SIZE_T PeakPagefileUsage; /* 80/c0 */
|
|
SIZE_T PrivatePageCount; /* 84/c8 */
|
|
LARGE_INTEGER Reserved6[6]; /* 88/d0 */
|
|
#endif
|
|
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
|
|
ULONG RegistryQuotaAllowed;
|
|
ULONG RegistryQuotaUsed;
|
|
PVOID Reserved1;
|
|
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_TIME_ADJUSTMENT_QUERY {
|
|
ULONG TimeAdjustment;
|
|
ULONG TimeIncrement;
|
|
BOOLEAN TimeAdjustmentDisabled;
|
|
} SYSTEM_TIME_ADJUSTMENT_QUERY, *PSYSTEM_TIME_ADJUSTMENT_QUERY;
|
|
|
|
typedef struct _SYSTEM_TIME_ADJUSTMENT {
|
|
ULONG TimeAdjustment;
|
|
BOOLEAN TimeAdjustmentDisabled;
|
|
} SYSTEM_TIME_ADJUSTMENT, *PSYSTEM_TIME_ADJUSTMENT;
|
|
|
|
typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION
|
|
{
|
|
SystemFirmwareTable_Enumerate = 0,
|
|
SystemFirmwareTable_Get = 1
|
|
} SYSTEM_FIRMWARE_TABLE_ACTION, *PSYSTEM_FIRMWARE_TABLE_ACTION;
|
|
|
|
/* System Information Class 0x4C */
|
|
|
|
typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION
|
|
{
|
|
ULONG ProviderSignature;
|
|
SYSTEM_FIRMWARE_TABLE_ACTION Action;
|
|
ULONG TableID;
|
|
ULONG TableBufferLength;
|
|
UCHAR TableBuffer[1];
|
|
} SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION;
|
|
|
|
typedef struct _TIME_FIELDS
|
|
{ CSHORT Year;
|
|
CSHORT Month;
|
|
CSHORT Day;
|
|
CSHORT Hour;
|
|
CSHORT Minute;
|
|
CSHORT Second;
|
|
CSHORT Milliseconds;
|
|
CSHORT Weekday;
|
|
} TIME_FIELDS, *PTIME_FIELDS;
|
|
|
|
typedef struct _WINSTATIONINFORMATIONW {
|
|
BYTE Reserved2[70];
|
|
ULONG LogonId;
|
|
BYTE Reserved3[1140];
|
|
} WINSTATIONINFORMATIONW, *PWINSTATIONINFORMATIONW;
|
|
|
|
typedef BOOLEAN (WINAPI * PWINSTATIONQUERYINFORMATIONW)(HANDLE,ULONG,WINSTATIONINFOCLASS,PVOID,ULONG,PULONG);
|
|
|
|
typedef struct _LDR_RESOURCE_INFO
|
|
{
|
|
ULONG_PTR Type;
|
|
ULONG_PTR Name;
|
|
ULONG Language;
|
|
} LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO;
|
|
|
|
|
|
/* debug buffer definitions */
|
|
|
|
typedef struct _DEBUG_BUFFER {
|
|
HANDLE SectionHandle;
|
|
PVOID SectionBase;
|
|
PVOID RemoteSectionBase;
|
|
ULONG SectionBaseDelta;
|
|
HANDLE EventPairHandle;
|
|
ULONG Unknown[2];
|
|
HANDLE RemoteThreadHandle;
|
|
ULONG InfoClassMask;
|
|
ULONG SizeOfInfo;
|
|
ULONG AllocatedSize;
|
|
ULONG SectionSize;
|
|
PVOID ModuleInformation;
|
|
PVOID BackTraceInformation;
|
|
PVOID HeapInformation;
|
|
PVOID LockInformation;
|
|
PVOID Reserved[8];
|
|
} DEBUG_BUFFER, *PDEBUG_BUFFER;
|
|
|
|
#define PDI_MODULES 0x01
|
|
#define PDI_BACKTRACE 0x02
|
|
#define PDI_HEAPS 0x04
|
|
#define PDI_HEAP_TAGS 0x08
|
|
#define PDI_HEAP_BLOCKS 0x10
|
|
#define PDI_LOCKS 0x20
|
|
|
|
typedef struct _DEBUG_MODULE_INFORMATION {
|
|
ULONG Reserved[2];
|
|
ULONG Base;
|
|
ULONG Size;
|
|
ULONG Flags;
|
|
USHORT Index;
|
|
USHORT Unknown;
|
|
USHORT LoadCount;
|
|
USHORT ModuleNameOffset;
|
|
CHAR ImageName[256];
|
|
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
|
|
|
|
typedef struct _DEBUG_HEAP_INFORMATION {
|
|
ULONG Base;
|
|
ULONG Flags;
|
|
USHORT Granularity;
|
|
USHORT Unknown;
|
|
ULONG Allocated;
|
|
ULONG Committed;
|
|
ULONG TagCount;
|
|
ULONG BlockCount;
|
|
ULONG Reserved[7];
|
|
PVOID Tags;
|
|
PVOID Blocks;
|
|
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
|
|
|
|
typedef struct _DEBUG_LOCK_INFORMATION {
|
|
PVOID Address;
|
|
USHORT Type;
|
|
USHORT CreatorBackTraceIndex;
|
|
ULONG OwnerThreadId;
|
|
ULONG ActiveCount;
|
|
ULONG ContentionCount;
|
|
ULONG EntryCount;
|
|
ULONG RecursionCount;
|
|
ULONG NumberOfSharedWaiters;
|
|
ULONG NumberOfExclusiveWaiters;
|
|
} DEBUG_LOCK_INFORMATION, *PDEBUG_LOCK_INFORMATION;
|
|
|
|
typedef struct _PORT_MESSAGE_HEADER {
|
|
USHORT DataSize;
|
|
USHORT MessageSize;
|
|
USHORT MessageType;
|
|
USHORT VirtualRangesOffset;
|
|
CLIENT_ID ClientId;
|
|
ULONG MessageId;
|
|
ULONG SectionSize;
|
|
} PORT_MESSAGE_HEADER, *PPORT_MESSAGE_HEADER, PORT_MESSAGE, *PPORT_MESSAGE;
|
|
|
|
typedef unsigned short RTL_ATOM, *PRTL_ATOM;
|
|
|
|
typedef enum _ATOM_INFORMATION_CLASS {
|
|
AtomBasicInformation = 0,
|
|
AtomTableInformation = 1,
|
|
} ATOM_INFORMATION_CLASS;
|
|
|
|
typedef struct _ATOM_BASIC_INFORMATION {
|
|
USHORT ReferenceCount;
|
|
USHORT Pinned;
|
|
USHORT NameLength;
|
|
WCHAR Name[1];
|
|
} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
|
|
|
|
/* FIXME: names probably not correct */
|
|
typedef struct _RTL_HANDLE
|
|
{
|
|
struct _RTL_HANDLE * Next;
|
|
} RTL_HANDLE;
|
|
|
|
/* FIXME: names probably not correct */
|
|
typedef struct _RTL_HANDLE_TABLE
|
|
{
|
|
ULONG MaxHandleCount; /* 0x00 */
|
|
ULONG HandleSize; /* 0x04 */
|
|
ULONG Unused[2]; /* 0x08-0x0c */
|
|
PVOID NextFree; /* 0x10 */
|
|
PVOID FirstHandle; /* 0x14 */
|
|
PVOID ReservedMemory; /* 0x18 */
|
|
PVOID MaxHandle; /* 0x1c */
|
|
} RTL_HANDLE_TABLE;
|
|
|
|
typedef struct _RTL_ATOM_TABLE_ENTRY
|
|
{
|
|
struct _RTL_ATOM_TABLE_ENTRY *HashLink;
|
|
WORD HandleIndex;
|
|
WORD Atom;
|
|
WORD ReferenceCount;
|
|
UCHAR Flags;
|
|
UCHAR NameLength;
|
|
WCHAR Name[1];
|
|
} RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY;
|
|
|
|
typedef struct _RTL_ATOM_TABLE
|
|
{
|
|
ULONG Signature;
|
|
RTL_CRITICAL_SECTION CriticalSection;
|
|
RTL_HANDLE_TABLE HandleTable;
|
|
ULONG NumberOfBuckets;
|
|
RTL_ATOM_TABLE_ENTRY *Buckets[1];
|
|
} *RTL_ATOM_TABLE, **PRTL_ATOM_TABLE;
|
|
|
|
/***********************************************************************
|
|
* Defines
|
|
*/
|
|
|
|
/* flags for NtCreateFile and NtOpenFile */
|
|
#define FILE_DIRECTORY_FILE 0x00000001
|
|
#define FILE_WRITE_THROUGH 0x00000002
|
|
#define FILE_SEQUENTIAL_ONLY 0x00000004
|
|
#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
|
|
#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
|
|
#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
|
|
#define FILE_NON_DIRECTORY_FILE 0x00000040
|
|
#define FILE_CREATE_TREE_CONNECTION 0x00000080
|
|
#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
|
|
#define FILE_NO_EA_KNOWLEDGE 0x00000200
|
|
#define FILE_OPEN_FOR_RECOVERY 0x00000400
|
|
#define FILE_RANDOM_ACCESS 0x00000800
|
|
#define FILE_DELETE_ON_CLOSE 0x00001000
|
|
#define FILE_OPEN_BY_FILE_ID 0x00002000
|
|
#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
|
|
#define FILE_NO_COMPRESSION 0x00008000
|
|
#define FILE_RESERVE_OPFILTER 0x00100000
|
|
#define FILE_OPEN_REPARSE_POINT 0x00200000
|
|
#define FILE_OPEN_OFFLINE_FILE 0x00400000
|
|
#define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
|
|
|
|
#define FILE_ATTRIBUTE_VALID_FLAGS 0x00007fb7
|
|
#define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x000031a7
|
|
|
|
/* status for NtCreateFile or NtOpenFile */
|
|
#define FILE_SUPERSEDED 0
|
|
#define FILE_OPENED 1
|
|
#define FILE_CREATED 2
|
|
#define FILE_OVERWRITTEN 3
|
|
#define FILE_EXISTS 4
|
|
#define FILE_DOES_NOT_EXIST 5
|
|
|
|
/* disposition for NtCreateFile */
|
|
#define FILE_SUPERSEDE 0
|
|
#define FILE_OPEN 1
|
|
#define FILE_CREATE 2
|
|
#define FILE_OPEN_IF 3
|
|
#define FILE_OVERWRITE 4
|
|
#define FILE_OVERWRITE_IF 5
|
|
#define FILE_MAXIMUM_DISPOSITION 5
|
|
|
|
/* Characteristics of a File System */
|
|
#define FILE_REMOVABLE_MEDIA 0x00000001
|
|
#define FILE_READ_ONLY_DEVICE 0x00000002
|
|
#define FILE_FLOPPY_DISKETTE 0x00000004
|
|
#define FILE_WRITE_ONE_MEDIA 0x00000008
|
|
#define FILE_REMOTE_DEVICE 0x00000010
|
|
#define FILE_DEVICE_IS_MOUNTED 0x00000020
|
|
#define FILE_VIRTUAL_VOLUME 0x00000040
|
|
#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
|
|
#define FILE_DEVICE_SECURE_OPEN 0x00000100
|
|
#define FILE_CHARACTERISTIC_PNP_DEVICE 0x00000800
|
|
#define FILE_CHARACTERISTIC_TS_DEVICE 0x00001000
|
|
#define FILE_CHARACTERISTIC_WEBDAV_DEVICE 0x00002000
|
|
#define FILE_CHARACTERISTIC_CSV 0x00010000
|
|
#define FILE_DEVICE_ALLOW_APPCONTAINER_TRAVERSAL 0x00020000
|
|
#define FILE_PORTABLE_DEVICE 0x00040000
|
|
|
|
/* options for NtCreateNamedPipeFile */
|
|
#define FILE_PIPE_INBOUND 0x00000000
|
|
#define FILE_PIPE_OUTBOUND 0x00000001
|
|
#define FILE_PIPE_FULL_DUPLEX 0x00000002
|
|
|
|
/* options for pipe's type */
|
|
#define FILE_PIPE_TYPE_MESSAGE 0x00000001
|
|
#define FILE_PIPE_TYPE_BYTE 0x00000000
|
|
/* options for pipe's message mode */
|
|
#define FILE_PIPE_MESSAGE_MODE 0x00000001
|
|
#define FILE_PIPE_BYTE_STREAM_MODE 0x00000000
|
|
/* options for pipe's blocking mode */
|
|
#define FILE_PIPE_COMPLETE_OPERATION 0x00000001
|
|
#define FILE_PIPE_QUEUE_OPERATION 0x00000000
|
|
/* and client / server end */
|
|
#define FILE_PIPE_SERVER_END 0x00000001
|
|
#define FILE_PIPE_CLIENT_END 0x00000000
|
|
|
|
#define INTERNAL_TS_ACTIVE_CONSOLE_ID ( *((volatile ULONG*)(0x7ffe02d8)) )
|
|
|
|
#define LOGONID_CURRENT ((ULONG)-1)
|
|
|
|
#define OBJ_PROTECT_CLOSE 0x00000001
|
|
#define OBJ_INHERIT 0x00000002
|
|
#define OBJ_PERMANENT 0x00000010
|
|
#define OBJ_EXCLUSIVE 0x00000020
|
|
#define OBJ_CASE_INSENSITIVE 0x00000040
|
|
#define OBJ_OPENIF 0x00000080
|
|
#define OBJ_OPENLINK 0x00000100
|
|
#define OBJ_KERNEL_HANDLE 0x00000200
|
|
#define OBJ_VALID_ATTRIBUTES 0x000003F2
|
|
|
|
#define SERVERNAME_CURRENT ((HANDLE)NULL)
|
|
|
|
typedef void (CALLBACK *PNTAPCFUNC)(ULONG_PTR,ULONG_PTR,ULONG_PTR); /* FIXME: not the right name */
|
|
typedef void (CALLBACK *PRTL_THREAD_START_ROUTINE)(LPVOID); /* FIXME: not the right name */
|
|
typedef DWORD (CALLBACK *PRTL_WORK_ITEM_ROUTINE)(LPVOID); /* FIXME: not the right name */
|
|
typedef void (NTAPI *RTL_WAITORTIMERCALLBACKFUNC)(PVOID,BOOLEAN); /* FIXME: not the right name */
|
|
|
|
|
|
/* DbgPrintEx default levels */
|
|
#define DPFLTR_ERROR_LEVEL 0
|
|
#define DPFLTR_WARNING_LEVEL 1
|
|
#define DPFLTR_TRACE_LEVEL 2
|
|
#define DPFLTR_INFO_LEVEL 3
|
|
#define DPFLTR_MASK 0x8000000
|
|
|
|
/* Well-known LUID values */
|
|
#define SE_MIN_WELL_KNOWN_PRIVILEGE 2
|
|
#define SE_CREATE_TOKEN_PRIVILEGE 2
|
|
#define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE 3
|
|
#define SE_LOCK_MEMORY_PRIVILEGE 4
|
|
#define SE_INCREASE_QUOTA_PRIVILEGE 5
|
|
#define SE_UNSOLICITED_INPUT_PRIVILEGE 6 /* obsolete */
|
|
#define SE_MACHINE_ACCOUNT_PRIVILEGE 6
|
|
#define SE_TCB_PRIVILEGE 7
|
|
#define SE_SECURITY_PRIVILEGE 8
|
|
#define SE_TAKE_OWNERSHIP_PRIVILEGE 9
|
|
#define SE_LOAD_DRIVER_PRIVILEGE 10
|
|
#define SE_SYSTEM_PROFILE_PRIVILEGE 11
|
|
#define SE_SYSTEMTIME_PRIVILEGE 12
|
|
#define SE_PROF_SINGLE_PROCESS_PRIVILEGE 13
|
|
#define SE_INC_BASE_PRIORITY_PRIVILEGE 14
|
|
#define SE_CREATE_PAGEFILE_PRIVILEGE 15
|
|
#define SE_CREATE_PERMANENT_PRIVILEGE 16
|
|
#define SE_BACKUP_PRIVILEGE 17
|
|
#define SE_RESTORE_PRIVILEGE 18
|
|
#define SE_SHUTDOWN_PRIVILEGE 19
|
|
#define SE_DEBUG_PRIVILEGE 20
|
|
#define SE_AUDIT_PRIVILEGE 21
|
|
#define SE_SYSTEM_ENVIRONMENT_PRIVILEGE 22
|
|
#define SE_CHANGE_NOTIFY_PRIVILEGE 23
|
|
#define SE_REMOTE_SHUTDOWN_PRIVILEGE 24
|
|
#define SE_UNDOCK_PRIVILEGE 25
|
|
#define SE_SYNC_AGENT_PRIVILEGE 26
|
|
#define SE_ENABLE_DELEGATION_PRIVILEGE 27
|
|
#define SE_MANAGE_VOLUME_PRIVILEGE 28
|
|
#define SE_IMPERSONATE_PRIVILEGE 29
|
|
#define SE_CREATE_GLOBAL_PRIVILEGE 30
|
|
#define SE_MAX_WELL_KNOWN_PRIVILEGE SE_CREATE_GLOBAL_PRIVILEGE
|
|
|
|
/* NtGlobalFlag bits */
|
|
#define FLG_STOP_ON_EXCEPTION 0x00000001
|
|
#define FLG_SHOW_LDR_SNAPS 0x00000002
|
|
#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
|
|
#define FLG_STOP_ON_HUNG_GUI 0x00000008
|
|
#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
|
|
#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
|
|
#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
|
|
#define FLG_HEAP_VALIDATE_ALL 0x00000080
|
|
#define FLG_APPLICATION_VERIFIER 0x00000100
|
|
#define FLG_POOL_ENABLE_TAGGING 0x00000400
|
|
#define FLG_HEAP_ENABLE_TAGGING 0x00000800
|
|
#define FLG_USER_STACK_TRACE_DB 0x00001000
|
|
#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
|
|
#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
|
|
#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
|
|
#define FLG_DISABLE_STACK_EXTENSION 0x00010000
|
|
#define FLG_ENABLE_CSRDEBUG 0x00020000
|
|
#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
|
|
#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
|
|
#define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000
|
|
#define FLG_HEAP_DISABLE_COALESCING 0x00200000
|
|
#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000
|
|
#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
|
|
#define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000
|
|
#define FLG_HEAP_PAGE_ALLOCS 0x02000000
|
|
#define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000
|
|
#define FLG_DISABLE_DBGPRINT 0x08000000
|
|
#define FLG_CRITSEC_EVENT_CREATION 0x10000000
|
|
#define FLG_LDR_TOP_DOWN 0x20000000
|
|
#define FLG_ENABLE_HANDLE_EXCEPTIONS 0x40000000
|
|
#define FLG_DISABLE_PROTDLLS 0x80000000
|
|
|
|
/* Rtl*Registry* functions structs and defines */
|
|
#define RTL_REGISTRY_ABSOLUTE 0
|
|
#define RTL_REGISTRY_SERVICES 1
|
|
#define RTL_REGISTRY_CONTROL 2
|
|
#define RTL_REGISTRY_WINDOWS_NT 3
|
|
#define RTL_REGISTRY_DEVICEMAP 4
|
|
#define RTL_REGISTRY_USER 5
|
|
|
|
#define RTL_REGISTRY_HANDLE 0x40000000
|
|
#define RTL_REGISTRY_OPTIONAL 0x80000000
|
|
|
|
#define RTL_QUERY_REGISTRY_SUBKEY 0x00000001
|
|
#define RTL_QUERY_REGISTRY_TOPKEY 0x00000002
|
|
#define RTL_QUERY_REGISTRY_REQUIRED 0x00000004
|
|
#define RTL_QUERY_REGISTRY_NOVALUE 0x00000008
|
|
#define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010
|
|
#define RTL_QUERY_REGISTRY_DIRECT 0x00000020
|
|
#define RTL_QUERY_REGISTRY_DELETE 0x00000040
|
|
#define RTL_QUERY_REGISTRY_TYPECHECK 0x00000100
|
|
|
|
#define RTL_QUERY_REGISTRY_TYPECHECK_SHIFT 24
|
|
|
|
typedef NTSTATUS (WINAPI *PRTL_QUERY_REGISTRY_ROUTINE)( PCWSTR ValueName,
|
|
ULONG ValueType,
|
|
PVOID ValueData,
|
|
ULONG ValueLength,
|
|
PVOID Context,
|
|
PVOID EntryContext);
|
|
|
|
typedef struct _RTL_QUERY_REGISTRY_TABLE
|
|
{
|
|
PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
|
|
ULONG Flags;
|
|
PWSTR Name;
|
|
PVOID EntryContext;
|
|
ULONG DefaultType;
|
|
PVOID DefaultData;
|
|
ULONG DefaultLength;
|
|
} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
|
|
|
|
typedef struct _KEY_MULTIPLE_VALUE_INFORMATION
|
|
{
|
|
PUNICODE_STRING ValueName;
|
|
ULONG DataLength;
|
|
ULONG DataOffset;
|
|
ULONG Type;
|
|
} KEY_MULTIPLE_VALUE_INFORMATION, *PKEY_MULTIPLE_VALUE_INFORMATION;
|
|
|
|
typedef VOID (CALLBACK *PRTL_OVERLAPPED_COMPLETION_ROUTINE)(DWORD,DWORD,LPVOID);
|
|
|
|
typedef VOID (CALLBACK *PTIMER_APC_ROUTINE) ( PVOID, ULONG, LONG );
|
|
|
|
typedef enum _EVENT_INFORMATION_CLASS {
|
|
EventBasicInformation
|
|
} EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS;
|
|
|
|
typedef struct _EVENT_BASIC_INFORMATION {
|
|
EVENT_TYPE EventType;
|
|
LONG EventState;
|
|
} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
|
|
|
|
typedef enum _SEMAPHORE_INFORMATION_CLASS {
|
|
SemaphoreBasicInformation
|
|
} SEMAPHORE_INFORMATION_CLASS, *PSEMAPHORE_INFORMATION_CLASS;
|
|
|
|
typedef struct _SEMAPHORE_BASIC_INFORMATION {
|
|
ULONG CurrentCount;
|
|
ULONG MaximumCount;
|
|
} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
|
|
|
|
typedef enum _SECTION_INFORMATION_CLASS
|
|
{
|
|
SectionBasicInformation,
|
|
SectionImageInformation,
|
|
SectionRelocationInformation,
|
|
SectionOriginalBaseInformation,
|
|
SectionInternalImageInformation
|
|
} SECTION_INFORMATION_CLASS;
|
|
|
|
typedef struct _SECTION_BASIC_INFORMATION {
|
|
PVOID BaseAddress;
|
|
ULONG Attributes;
|
|
LARGE_INTEGER Size;
|
|
} SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
|
|
|
|
typedef struct _SECTION_IMAGE_INFORMATION {
|
|
PVOID TransferAddress;
|
|
ULONG ZeroBits;
|
|
SIZE_T MaximumStackSize;
|
|
SIZE_T CommittedStackSize;
|
|
ULONG SubSystemType;
|
|
USHORT MinorSubsystemVersion;
|
|
USHORT MajorSubsystemVersion;
|
|
USHORT MajorOperatingSystemVersion;
|
|
USHORT MinorOperatingSystemVersion;
|
|
USHORT ImageCharacteristics;
|
|
USHORT DllCharacteristics;
|
|
USHORT Machine;
|
|
BOOLEAN ImageContainsCode;
|
|
union
|
|
{
|
|
UCHAR ImageFlags;
|
|
struct
|
|
{
|
|
UCHAR ComPlusNativeReady : 1;
|
|
UCHAR ComPlusILOnly : 1;
|
|
UCHAR ImageDynamicallyRelocated : 1;
|
|
UCHAR ImageMappedFlat : 1;
|
|
UCHAR BaseBelow4gb : 1;
|
|
UCHAR ComPlusPrefer32bit : 1;
|
|
#ifdef __WINESRC__ /* Wine extensions */
|
|
UCHAR WineBuiltin : 1;
|
|
UCHAR WineFakeDll : 1;
|
|
#else
|
|
UCHAR Reserved : 2;
|
|
#endif
|
|
} DUMMYSTRUCTNAME;
|
|
} DUMMYUNIONNAME;
|
|
ULONG LoaderFlags;
|
|
ULONG ImageFileSize;
|
|
ULONG CheckSum;
|
|
} SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION;
|
|
|
|
typedef struct _LPC_SECTION_WRITE {
|
|
ULONG Length;
|
|
HANDLE SectionHandle;
|
|
ULONG SectionOffset;
|
|
ULONG ViewSize;
|
|
PVOID ViewBase;
|
|
PVOID TargetViewBase;
|
|
} LPC_SECTION_WRITE, *PLPC_SECTION_WRITE;
|
|
|
|
typedef struct _LPC_SECTION_READ {
|
|
ULONG Length;
|
|
ULONG ViewSize;
|
|
PVOID ViewBase;
|
|
} LPC_SECTION_READ, *PLPC_SECTION_READ;
|
|
|
|
typedef struct _LPC_MESSAGE {
|
|
USHORT DataSize;
|
|
USHORT MessageSize;
|
|
USHORT MessageType;
|
|
USHORT VirtualRangesOffset;
|
|
CLIENT_ID ClientId;
|
|
ULONG_PTR MessageId;
|
|
ULONG_PTR SectionSize;
|
|
UCHAR Data[ANYSIZE_ARRAY];
|
|
} LPC_MESSAGE, *PLPC_MESSAGE;
|
|
|
|
typedef struct _RTL_USER_PROCESS_INFORMATION
|
|
{
|
|
ULONG Length;
|
|
HANDLE Process;
|
|
HANDLE Thread;
|
|
CLIENT_ID ClientId;
|
|
SECTION_IMAGE_INFORMATION ImageInformation;
|
|
} RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION;
|
|
|
|
typedef enum _SHUTDOWN_ACTION {
|
|
ShutdownNoReboot,
|
|
ShutdownReboot,
|
|
ShutdownPowerOff
|
|
} SHUTDOWN_ACTION, *PSHUTDOWN_ACTION;
|
|
|
|
typedef enum _KPROFILE_SOURCE {
|
|
ProfileTime,
|
|
ProfileAlignmentFixup,
|
|
ProfileTotalIssues,
|
|
ProfilePipelineDry,
|
|
ProfileLoadInstructions,
|
|
ProfilePipelineFrozen,
|
|
ProfileBranchInstructions,
|
|
ProfileTotalNonissues,
|
|
ProfileDcacheMisses,
|
|
ProfileIcacheMisses,
|
|
ProfileCacheMisses,
|
|
ProfileBranchMispredictions,
|
|
ProfileStoreInstructions,
|
|
ProfileFpInstructions,
|
|
ProfileIntegerInstructions,
|
|
Profile2Issue,
|
|
Profile3Issue,
|
|
Profile4Issue,
|
|
ProfileSpecialInstructions,
|
|
ProfileTotalCycles,
|
|
ProfileIcacheIssues,
|
|
ProfileDcacheAccesses,
|
|
ProfileMemoryBarrierCycles,
|
|
ProfileLoadLinkedIssues,
|
|
ProfileMaximum
|
|
} KPROFILE_SOURCE, *PKPROFILE_SOURCE;
|
|
|
|
typedef struct _DIRECTORY_BASIC_INFORMATION {
|
|
UNICODE_STRING ObjectName;
|
|
UNICODE_STRING ObjectTypeName;
|
|
} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
|
|
|
|
typedef struct _INITIAL_TEB {
|
|
void *OldStackBase;
|
|
void *OldStackLimit;
|
|
void *StackBase;
|
|
void *StackLimit;
|
|
void *DeallocationStack;
|
|
} INITIAL_TEB, *PINITIAL_TEB;
|
|
|
|
typedef enum _PORT_INFORMATION_CLASS {
|
|
PortNoInformation
|
|
} PORT_INFORMATION_CLASS, *PPORT_INFORMATION_CLASS;
|
|
|
|
typedef enum _IO_COMPLETION_INFORMATION_CLASS {
|
|
IoCompletionBasicInformation
|
|
} IO_COMPLETION_INFORMATION_CLASS, *PIO_COMPLETION_INFORMATION_CLASS;
|
|
|
|
typedef struct _FILE_COMPLETION_INFORMATION {
|
|
HANDLE CompletionPort;
|
|
ULONG_PTR CompletionKey;
|
|
} FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION;
|
|
|
|
#define IO_COMPLETION_QUERY_STATE 0x0001
|
|
#define IO_COMPLETION_MODIFY_STATE 0x0002
|
|
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
|
|
|
|
typedef struct _FILE_IO_COMPLETION_INFORMATION {
|
|
ULONG_PTR CompletionKey;
|
|
ULONG_PTR CompletionValue;
|
|
IO_STATUS_BLOCK IoStatusBlock;
|
|
} FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION;
|
|
|
|
typedef enum _HARDERROR_RESPONSE_OPTION {
|
|
OptionAbortRetryIgnore,
|
|
OptionOk,
|
|
OptionOkCancel,
|
|
OptionRetryCancel,
|
|
OptionYesNo,
|
|
OptionYesNoCancel,
|
|
OptionShutdownSystem
|
|
} HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION;
|
|
|
|
typedef enum _HARDERROR_RESPONSE {
|
|
ResponseReturnToCaller,
|
|
ResponseNotHandled,
|
|
ResponseAbort,
|
|
ResponseCancel,
|
|
ResponseIgnore,
|
|
ResponseNo,
|
|
ResponseOk,
|
|
ResponseRetry,
|
|
ResponseYes
|
|
} HARDERROR_RESPONSE, *PHARDERROR_RESPONSE;
|
|
|
|
typedef enum _SYSDBG_COMMAND {
|
|
SysDbgQueryModuleInformation,
|
|
SysDbgQueryTraceInformation,
|
|
SysDbgSetTracepoint,
|
|
SysDbgSetSpecialCall,
|
|
SysDbgClearSpecialCalls,
|
|
SysDbgQuerySpecialCalls,
|
|
SysDbgBreakPoint,
|
|
SysDbgQueryVersion,
|
|
SysDbgReadVirtual,
|
|
SysDbgWriteVirtual,
|
|
SysDbgReadPhysical,
|
|
SysDbgWritePhysical,
|
|
SysDbgReadControlSpace,
|
|
SysDbgWriteControlSpace,
|
|
SysDbgReadIoSpace,
|
|
SysDbgWriteIoSpace,
|
|
SysDbgReadMsr,
|
|
SysDbgWriteMsr,
|
|
SysDbgReadBusData,
|
|
SysDbgWriteBusData
|
|
} SYSDBG_COMMAND, *PSYSDBG_COMMAND;
|
|
|
|
typedef struct _CPTABLEINFO
|
|
{
|
|
USHORT CodePage;
|
|
USHORT MaximumCharacterSize;
|
|
USHORT DefaultChar;
|
|
USHORT UniDefaultChar;
|
|
USHORT TransDefaultChar;
|
|
USHORT TransUniDefaultChar;
|
|
USHORT DBCSCodePage;
|
|
UCHAR LeadByte[12];
|
|
USHORT *MultiByteTable;
|
|
void *WideCharTable;
|
|
USHORT *DBCSRanges;
|
|
USHORT *DBCSOffsets;
|
|
} CPTABLEINFO, *PCPTABLEINFO;
|
|
|
|
typedef struct _NLSTABLEINFO
|
|
{
|
|
CPTABLEINFO OemTableInfo;
|
|
CPTABLEINFO AnsiTableInfo;
|
|
USHORT *UpperCaseTable;
|
|
USHORT *LowerCaseTable;
|
|
} NLSTABLEINFO, *PNLSTABLEINFO;
|
|
|
|
/*************************************************************************
|
|
* Loader structures
|
|
*
|
|
* Those are not part of standard Winternl.h
|
|
*/
|
|
|
|
typedef struct _LDR_SERVICE_TAG_RECORD
|
|
{
|
|
struct _LDR_SERVICE_TAG_RECORD *Next;
|
|
ULONG ServiceTag;
|
|
} LDR_SERVICE_TAG_RECORD, *PLDR_SERVICE_TAG_RECORD;
|
|
|
|
typedef struct _LDRP_CSLIST
|
|
{
|
|
SINGLE_LIST_ENTRY *Tail;
|
|
} LDRP_CSLIST, *PLDRP_CSLIST;
|
|
|
|
typedef struct _LDR_DEPENDENCY
|
|
{
|
|
LDRP_CSLIST dependency_to_entry;
|
|
struct _LDR_DDAG_NODE *dependency_to;
|
|
LDRP_CSLIST dependency_from_entry;
|
|
struct _LDR_DDAG_NODE *dependency_from;
|
|
} LDR_DEPENDENCY, *PLDR_DEPENDENCY;
|
|
|
|
typedef enum _LDR_DDAG_STATE
|
|
{
|
|
LdrModulesMerged = -5,
|
|
LdrModulesInitError = -4,
|
|
LdrModulesSnapError = -3,
|
|
LdrModulesUnloaded = -2,
|
|
LdrModulesUnloading = -1,
|
|
LdrModulesPlaceHolder = 0,
|
|
LdrModulesMapping = 1,
|
|
LdrModulesMapped = 2,
|
|
LdrModulesWaitingForDependencies = 3,
|
|
LdrModulesSnapping = 4,
|
|
LdrModulesSnapped = 5,
|
|
LdrModulesCondensed = 6,
|
|
LdrModulesReadyToInit = 7,
|
|
LdrModulesInitializing = 8,
|
|
LdrModulesReadyToRun = 9,
|
|
} LDR_DDAG_STATE;
|
|
|
|
typedef struct _LDR_DDAG_NODE
|
|
{
|
|
LIST_ENTRY Modules;
|
|
LDR_SERVICE_TAG_RECORD *ServiceTagList;
|
|
LONG LoadCount;
|
|
ULONG LoadWhileUnloadingCount;
|
|
ULONG LowestLink;
|
|
LDRP_CSLIST Dependencies;
|
|
LDRP_CSLIST IncomingDependencies;
|
|
LDR_DDAG_STATE State;
|
|
SINGLE_LIST_ENTRY CondenseLink;
|
|
ULONG PreorderNumber;
|
|
} LDR_DDAG_NODE, *PLDR_DDAG_NODE;
|
|
|
|
typedef enum _LDR_DLL_LOAD_REASON
|
|
{
|
|
LoadReasonStaticDependency,
|
|
LoadReasonStaticForwarderDependency,
|
|
LoadReasonDynamicForwarderDependency,
|
|
LoadReasonDelayloadDependency,
|
|
LoadReasonDynamicLoad,
|
|
LoadReasonAsImageLoad,
|
|
LoadReasonAsDataLoad,
|
|
LoadReasonUnknown = -1
|
|
} LDR_DLL_LOAD_REASON, *PLDR_DLL_LOAD_REASON;
|
|
|
|
typedef struct _LDR_DATA_TABLE_ENTRY
|
|
{
|
|
LIST_ENTRY InLoadOrderLinks;
|
|
LIST_ENTRY InMemoryOrderLinks;
|
|
LIST_ENTRY InInitializationOrderLinks;
|
|
void* DllBase;
|
|
void* EntryPoint;
|
|
ULONG SizeOfImage;
|
|
UNICODE_STRING FullDllName;
|
|
UNICODE_STRING BaseDllName;
|
|
ULONG Flags;
|
|
SHORT LoadCount;
|
|
SHORT TlsIndex;
|
|
LIST_ENTRY HashLinks;
|
|
ULONG TimeDateStamp;
|
|
HANDLE ActivationContext;
|
|
void* Lock;
|
|
LDR_DDAG_NODE* DdagNode;
|
|
LIST_ENTRY NodeModuleLink;
|
|
struct _LDRP_LOAD_CONTEXT *LoadContext;
|
|
void* ParentDllBase;
|
|
void* SwitchBackContext;
|
|
RTL_BALANCED_NODE BaseAddressIndexNode;
|
|
RTL_BALANCED_NODE MappingInfoIndexNode;
|
|
ULONG_PTR OriginalBase;
|
|
LARGE_INTEGER LoadTime;
|
|
ULONG BaseNameHashValue;
|
|
LDR_DLL_LOAD_REASON LoadReason;
|
|
ULONG ImplicitPathOptions;
|
|
ULONG ReferenceCount;
|
|
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
|
|
|
|
typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA
|
|
{
|
|
ULONG Flags;
|
|
const UNICODE_STRING *FullDllName;
|
|
const UNICODE_STRING *BaseDllName;
|
|
void *DllBase;
|
|
ULONG SizeOfImage;
|
|
} LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA;
|
|
|
|
typedef struct _LDR_DLL_UNLOADED_NOTIFICATION_DATA
|
|
{
|
|
ULONG Flags;
|
|
const UNICODE_STRING *FullDllName;
|
|
const UNICODE_STRING *BaseDllName;
|
|
void *DllBase;
|
|
ULONG SizeOfImage;
|
|
} LDR_DLL_UNLOADED_NOTIFICATION_DATA, *PLDR_DLL_UNLOADED_NOTIFICATION_DATA;
|
|
|
|
typedef union _LDR_DLL_NOTIFICATION_DATA
|
|
{
|
|
LDR_DLL_LOADED_NOTIFICATION_DATA Loaded;
|
|
LDR_DLL_UNLOADED_NOTIFICATION_DATA Unloaded;
|
|
} LDR_DLL_NOTIFICATION_DATA, *PLDR_DLL_NOTIFICATION_DATA;
|
|
|
|
typedef void (CALLBACK *PLDR_DLL_NOTIFICATION_FUNCTION)(ULONG, LDR_DLL_NOTIFICATION_DATA*, void*);
|
|
|
|
/* those defines are (some of the) regular LDR_DATA_TABLE_ENTRY.Flags values */
|
|
#define LDR_IMAGE_IS_DLL 0x00000004
|
|
#define LDR_LOAD_IN_PROGRESS 0x00001000
|
|
#define LDR_UNLOAD_IN_PROGRESS 0x00002000
|
|
#define LDR_NO_DLL_CALLS 0x00040000
|
|
#define LDR_PROCESS_ATTACHED 0x00080000
|
|
#define LDR_COR_IMAGE 0x00400000
|
|
#define LDR_COR_ILONLY 0x01000000
|
|
|
|
/* these ones is Wine specific */
|
|
#define LDR_DONT_RESOLVE_REFS 0x40000000
|
|
#define LDR_WINE_INTERNAL 0x80000000
|
|
|
|
/* flag for LdrAddRefDll */
|
|
#define LDR_ADDREF_DLL_PIN 0x00000001
|
|
|
|
/* flags for LdrGetDllHandleEx */
|
|
#define LDR_GET_DLL_HANDLE_EX_FLAG_UNCHANGED_REFCOUNT 0x00000001
|
|
#define LDR_GET_DLL_HANDLE_EX_FLAG_PIN 0x00000002
|
|
|
|
#define LDR_DLL_NOTIFICATION_REASON_LOADED 1
|
|
#define LDR_DLL_NOTIFICATION_REASON_UNLOADED 2
|
|
|
|
/* FIXME: to be checked */
|
|
#define MAXIMUM_FILENAME_LENGTH 256
|
|
|
|
typedef struct _RTL_PROCESS_MODULE_INFORMATION
|
|
{
|
|
PVOID Section; /* 00/00 */
|
|
PVOID MappedBaseAddress; /* 04/08 */
|
|
PVOID ImageBaseAddress; /* 08/10 */
|
|
ULONG ImageSize; /* 0c/18 */
|
|
ULONG Flags; /* 10/1c */
|
|
WORD LoadOrderIndex; /* 14/20 */
|
|
WORD InitOrderIndex; /* 16/22 */
|
|
WORD LoadCount; /* 18/24 */
|
|
WORD NameOffset; /* 1a/26 */
|
|
BYTE Name[MAXIMUM_FILENAME_LENGTH]; /* 1c/28 */
|
|
} RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION;
|
|
|
|
typedef struct _RTL_PROCESS_MODULES
|
|
{
|
|
ULONG ModulesCount;
|
|
RTL_PROCESS_MODULE_INFORMATION Modules[1]; /* FIXME: should be Modules[0] */
|
|
} RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES;
|
|
|
|
#define PROCESS_CREATE_FLAGS_BREAKAWAY 0x00000001
|
|
#define PROCESS_CREATE_FLAGS_NO_DEBUG_INHERIT 0x00000002
|
|
#define PROCESS_CREATE_FLAGS_INHERIT_HANDLES 0x00000004
|
|
#define PROCESS_CREATE_FLAGS_OVERRIDE_ADDRESS_SPACE 0x00000008
|
|
#define PROCESS_CREATE_FLAGS_LARGE_PAGES 0x00000010
|
|
#define PROCESS_CREATE_FLAGS_LARGE_PAGE_SYSTEM_DLL 0x00000020
|
|
#define PROCESS_CREATE_FLAGS_PROTECTED_PROCESS 0x00000040
|
|
#define PROCESS_CREATE_FLAGS_CREATE_SESSION 0x00000080
|
|
#define PROCESS_CREATE_FLAGS_INHERIT_FROM_PARENT 0x00000100
|
|
#define PROCESS_CREATE_FLAGS_SUSPENDED 0x00000200
|
|
#define PROCESS_CREATE_FLAGS_EXTENDED_UNKNOWN 0x00000400
|
|
|
|
typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX
|
|
{
|
|
USHORT NextOffset;
|
|
RTL_PROCESS_MODULE_INFORMATION BaseInfo;
|
|
ULONG ImageCheckSum;
|
|
ULONG TimeDateStamp;
|
|
void *DefaultBase;
|
|
} RTL_PROCESS_MODULE_INFORMATION_EX;
|
|
|
|
#define THREAD_CREATE_FLAGS_CREATE_SUSPENDED 0x00000001
|
|
#define THREAD_CREATE_FLAGS_SKIP_THREAD_ATTACH 0x00000002
|
|
#define THREAD_CREATE_FLAGS_HIDE_FROM_DEBUGGER 0x00000004
|
|
#define THREAD_CREATE_FLAGS_HAS_SECURITY_DESCRIPTOR 0x00000010
|
|
#define THREAD_CREATE_FLAGS_ACCESS_CHECK_IN_TARGET 0x00000020
|
|
#define THREAD_CREATE_FLAGS_INITIAL_THREAD 0x00000080
|
|
|
|
#define EH_NONCONTINUABLE 0x01
|
|
#define EH_UNWINDING 0x02
|
|
#define EH_EXIT_UNWIND 0x04
|
|
#define EH_STACK_INVALID 0x08
|
|
#define EH_NESTED_CALL 0x10
|
|
#define EH_TARGET_UNWIND 0x20
|
|
#define EH_COLLIDED_UNWIND 0x40
|
|
|
|
#ifdef __WINESRC__
|
|
|
|
/* Wine-specific exceptions codes */
|
|
|
|
#define EXCEPTION_WINE_STUB 0x80000100 /* stub entry point called */
|
|
#define EXCEPTION_WINE_ASSERTION 0x80000101 /* assertion failed */
|
|
|
|
/* Wine extension; Windows doesn't have a name for this code. This is an
|
|
undocumented exception understood by MS VC debugger, allowing the program
|
|
to name a particular thread. */
|
|
#define EXCEPTION_WINE_NAME_THREAD 0x406D1388
|
|
|
|
/* used for C++ exceptions in msvcrt
|
|
* parameters:
|
|
* [0] CXX_FRAME_MAGIC
|
|
* [1] pointer to exception object
|
|
* [2] pointer to type
|
|
*/
|
|
#define EXCEPTION_WINE_CXX_EXCEPTION 0xe06d7363
|
|
#define EXCEPTION_WINE_CXX_FRAME_MAGIC 0x19930520
|
|
|
|
#endif
|
|
|
|
typedef LONG (CALLBACK *PRTL_EXCEPTION_FILTER)(PEXCEPTION_POINTERS);
|
|
|
|
typedef void (CALLBACK *PTP_IO_CALLBACK)(PTP_CALLBACK_INSTANCE,void*,void*,IO_STATUS_BLOCK*,PTP_IO);
|
|
|
|
#define PS_ATTRIBUTE_THREAD 0x00010000
|
|
#define PS_ATTRIBUTE_INPUT 0x00020000
|
|
#define PS_ATTRIBUTE_ADDITIVE 0x00040000
|
|
|
|
typedef enum _PS_ATTRIBUTE_NUM
|
|
{
|
|
PsAttributeParentProcess,
|
|
PsAttributeDebugPort,
|
|
PsAttributeToken,
|
|
PsAttributeClientId,
|
|
PsAttributeTebAddress,
|
|
PsAttributeImageName,
|
|
PsAttributeImageInfo,
|
|
PsAttributeMemoryReserve,
|
|
PsAttributePriorityClass,
|
|
PsAttributeErrorMode,
|
|
PsAttributeStdHandleInfo,
|
|
PsAttributeHandleList,
|
|
PsAttributeGroupAffinity,
|
|
PsAttributePreferredNode,
|
|
PsAttributeIdealProcessor,
|
|
PsAttributeUmsThread,
|
|
PsAttributeMitigationOptions,
|
|
PsAttributeProtectionLevel,
|
|
PsAttributeSecureProcess,
|
|
PsAttributeJobList,
|
|
PsAttributeChildProcessPolicy,
|
|
PsAttributeAllApplicationPackagesPolicy,
|
|
PsAttributeWin32kFilter,
|
|
PsAttributeSafeOpenPromptOriginClaim,
|
|
PsAttributeBnoIsolation,
|
|
PsAttributeDesktopAppPolicy,
|
|
PsAttributeChpe,
|
|
PsAttributeMax
|
|
} PS_ATTRIBUTE_NUM;
|
|
|
|
#define PS_ATTRIBUTE_PARENT_PROCESS (PsAttributeParentProcess | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_ADDITIVE)
|
|
#define PS_ATTRIBUTE_DEBUG_PORT (PsAttributeDebugPort | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_ADDITIVE)
|
|
#define PS_ATTRIBUTE_TOKEN (PsAttributeToken | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_ADDITIVE)
|
|
#define PS_ATTRIBUTE_CLIENT_ID (PsAttributeClientId | PS_ATTRIBUTE_THREAD)
|
|
#define PS_ATTRIBUTE_TEB_ADDRESS (PsAttributeTebAddress | PS_ATTRIBUTE_THREAD)
|
|
#define PS_ATTRIBUTE_IMAGE_NAME (PsAttributeImageName | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_IMAGE_INFO (PsAttributeImageInfo)
|
|
#define PS_ATTRIBUTE_MEMORY_RESERVE (PsAttributeMemoryReserve | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_PRIORITY_CLASS (PsAttributePriorityClass | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_ERROR_MODE (PsAttributeErrorMode | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_STD_HANDLE_INFO (PsAttributeStdHandleInfo | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_HANDLE_LIST (PsAttributeHandleList | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_GROUP_AFFINITY (PsAttributeGroupAffinity | PS_ATTRIBUTE_THREAD | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_PREFERRED_NODE (PsAttributePreferredNode | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_IDEAL_PROCESSOR (PsAttributeIdealProcessor | PS_ATTRIBUTE_THREAD | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_MITIGATION_OPTIONS (PsAttributeMitigationOptions | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_UNKNOWN)
|
|
#define PS_ATTRIBUTE_PROTECTION_LEVEL (PsAttributeProtectionLevel | PS_ATTRIBUTE_INPUT | PS_ATTRIBUTE_UNKNOWN)
|
|
#define PS_ATTRIBUTE_SECURE_PROCESS (PsAttributeSecureProcess | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_JOB_LIST (PsAttributeJobList | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_CHILD_PROCESS_POLICY (PsAttributeChildProcessPolicy | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_ALL_APPLICATION_PACKAGES_POLICY (PsAttributeAllApplicationPackagesPolicy | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_WIN32K_FILTER (PsAttributeWin32kFilter | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_SAFE_OPEN_PROMPT_ORIGIN_CLAIM (PsAttributeSafeOpenPromptOriginClaim | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_BNO_ISOLATION (PsAttributeBnoIsolation | PS_ATTRIBUTE_INPUT)
|
|
#define PS_ATTRIBUTE_DESKTOP_APP_POLICY (PsAttributeDesktopAppPolicy | PS_ATTRIBUTE_INPUT)
|
|
|
|
typedef struct _PS_ATTRIBUTE
|
|
{
|
|
ULONG_PTR Attribute;
|
|
SIZE_T Size;
|
|
union
|
|
{
|
|
ULONG_PTR Value;
|
|
void *ValuePtr;
|
|
};
|
|
SIZE_T *ReturnLength;
|
|
} PS_ATTRIBUTE;
|
|
|
|
typedef struct _PS_ATTRIBUTE_LIST
|
|
{
|
|
SIZE_T TotalLength;
|
|
PS_ATTRIBUTE Attributes[1];
|
|
} PS_ATTRIBUTE_LIST, *PPS_ATTRIBUTE_LIST;
|
|
|
|
typedef enum _PS_CREATE_STATE
|
|
{
|
|
PsCreateInitialState,
|
|
PsCreateFailOnFileOpen,
|
|
PsCreateFailOnSectionCreate,
|
|
PsCreateFailExeFormat,
|
|
PsCreateFailMachineMismatch,
|
|
PsCreateFailExeName,
|
|
PsCreateSuccess,
|
|
PsCreateMaximumStates
|
|
} PS_CREATE_STATE;
|
|
|
|
typedef struct _PS_CREATE_INFO
|
|
{
|
|
SIZE_T Size;
|
|
PS_CREATE_STATE State;
|
|
union
|
|
{
|
|
struct
|
|
{
|
|
union
|
|
{
|
|
ULONG InitFlags;
|
|
struct
|
|
{
|
|
UCHAR WriteOutputOnExit : 1;
|
|
UCHAR DetectManifest : 1;
|
|
UCHAR IFEOSkipDebugger : 1;
|
|
UCHAR IFEODoNotPropagateKeyState : 1;
|
|
UCHAR SpareBits1 : 4;
|
|
UCHAR SpareBits2 : 8;
|
|
USHORT ProhibitedImageCharacteristics : 16;
|
|
};
|
|
};
|
|
ACCESS_MASK AdditionalFileAccess;
|
|
} InitState;
|
|
struct
|
|
{
|
|
HANDLE FileHandle;
|
|
} FailSection;
|
|
struct
|
|
{
|
|
USHORT DllCharacteristics;
|
|
} ExeFormat;
|
|
struct
|
|
{
|
|
HANDLE IFEOKey;
|
|
} ExeName;
|
|
struct
|
|
{
|
|
union
|
|
{
|
|
ULONG OutputFlags;
|
|
struct
|
|
{
|
|
UCHAR ProtectedProcess : 1;
|
|
UCHAR AddressSpaceOverride : 1;
|
|
UCHAR DevOverrideEnabled : 1;
|
|
UCHAR ManifestDetected : 1;
|
|
UCHAR ProtectedProcessLight : 1;
|
|
UCHAR SpareBits1 : 3;
|
|
UCHAR SpareBits2 : 8;
|
|
USHORT SpareBits3 : 16;
|
|
};
|
|
};
|
|
HANDLE FileHandle;
|
|
HANDLE SectionHandle;
|
|
ULONGLONG UserProcessParametersNative;
|
|
ULONG UserProcessParametersWow64;
|
|
ULONG CurrentParameterFlags;
|
|
ULONGLONG PebAddressNative;
|
|
ULONG PebAddressWow64;
|
|
ULONGLONG ManifestAddress;
|
|
ULONG ManifestSize;
|
|
} SuccessState;
|
|
};
|
|
} PS_CREATE_INFO, *PPS_CREATE_INFO;
|
|
|
|
typedef struct _DBGKM_EXCEPTION
|
|
{
|
|
EXCEPTION_RECORD ExceptionRecord;
|
|
ULONG FirstChance;
|
|
} DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
|
|
|
|
typedef struct _DBGKM_CREATE_THREAD
|
|
{
|
|
ULONG SubSystemKey;
|
|
PVOID StartAddress;
|
|
} DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
|
|
|
|
typedef struct _DBGKM_CREATE_PROCESS
|
|
{
|
|
ULONG SubSystemKey;
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfImage;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
DBGKM_CREATE_THREAD InitialThread;
|
|
} DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGKM_EXIT_THREAD
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
|
|
|
|
typedef struct _DBGKM_EXIT_PROCESS
|
|
{
|
|
NTSTATUS ExitStatus;
|
|
} DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
|
|
|
|
typedef struct _DBGKM_LOAD_DLL
|
|
{
|
|
HANDLE FileHandle;
|
|
PVOID BaseOfDll;
|
|
ULONG DebugInfoFileOffset;
|
|
ULONG DebugInfoSize;
|
|
PVOID NamePointer;
|
|
} DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
|
|
|
|
typedef struct _DBGKM_UNLOAD_DLL
|
|
{
|
|
PVOID BaseAddress;
|
|
} DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
|
|
|
|
typedef enum _DBG_STATE
|
|
{
|
|
DbgIdle,
|
|
DbgReplyPending,
|
|
DbgCreateThreadStateChange,
|
|
DbgCreateProcessStateChange,
|
|
DbgExitThreadStateChange,
|
|
DbgExitProcessStateChange,
|
|
DbgExceptionStateChange,
|
|
DbgBreakpointStateChange,
|
|
DbgSingleStepStateChange,
|
|
DbgLoadDllStateChange,
|
|
DbgUnloadDllStateChange
|
|
} DBG_STATE, *PDBG_STATE;
|
|
|
|
typedef struct _DBGUI_CREATE_THREAD
|
|
{
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_THREAD NewThread;
|
|
} DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
|
|
|
|
typedef struct _DBGUI_CREATE_PROCESS
|
|
{
|
|
HANDLE HandleToProcess;
|
|
HANDLE HandleToThread;
|
|
DBGKM_CREATE_PROCESS NewProcess;
|
|
} DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
|
|
|
|
typedef struct _DBGUI_WAIT_STATE_CHANGE
|
|
{
|
|
DBG_STATE NewState;
|
|
CLIENT_ID AppClientId;
|
|
union
|
|
{
|
|
DBGKM_EXCEPTION Exception;
|
|
DBGUI_CREATE_THREAD CreateThread;
|
|
DBGUI_CREATE_PROCESS CreateProcessInfo;
|
|
DBGKM_EXIT_THREAD ExitThread;
|
|
DBGKM_EXIT_PROCESS ExitProcess;
|
|
DBGKM_LOAD_DLL LoadDll;
|
|
DBGKM_UNLOAD_DLL UnloadDll;
|
|
} StateInfo;
|
|
} DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
|
|
|
|
struct _DEBUG_EVENT;
|
|
|
|
#define DEBUG_READ_EVENT 0x0001
|
|
#define DEBUG_PROCESS_ASSIGN 0x0002
|
|
#define DEBUG_SET_INFORMATION 0x0004
|
|
#define DEBUG_QUERY_INFORMATION 0x0008
|
|
#define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x0f)
|
|
|
|
#define DEBUG_KILL_ON_CLOSE 0x1
|
|
|
|
typedef enum _DEBUGOBJECTINFOCLASS
|
|
{
|
|
DebugObjectKillProcessOnExitInformation = 1,
|
|
MaxDebugObjectInfoClass
|
|
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
|
|
|
|
|
|
typedef struct _WOW64_CPURESERVED
|
|
{
|
|
USHORT Flags;
|
|
USHORT Machine;
|
|
/* CONTEXT context */
|
|
/* CONTEXT_EX *context_ex */
|
|
} WOW64_CPURESERVED, *PWOW64_CPURESERVED;
|
|
|
|
#define WOW64_CPURESERVED_FLAG_RESET_STATE 1
|
|
|
|
typedef struct _WOW64_CPU_AREA_INFO
|
|
{
|
|
void *Context;
|
|
void *ContextEx;
|
|
void *ContextFlagsLocation;
|
|
WOW64_CPURESERVED *CpuReserved;
|
|
ULONG ContextFlag;
|
|
USHORT Machine;
|
|
} WOW64_CPU_AREA_INFO, *PWOW64_CPU_AREA_INFO;
|
|
|
|
#ifdef __WINESRC__
|
|
/* undocumented layout of LdrSystemDllInitBlock */
|
|
/* this varies across Windows version; we are using the win10-2004 layout */
|
|
typedef struct
|
|
{
|
|
ULONG version;
|
|
ULONG unknown1[3];
|
|
ULONG64 unknown2;
|
|
ULONG64 pLdrInitializeThunk;
|
|
ULONG64 pKiUserExceptionDispatcher;
|
|
ULONG64 pKiUserApcDispatcher;
|
|
ULONG64 pKiUserCallbackDispatcher;
|
|
ULONG64 pRtlUserThreadStart;
|
|
ULONG64 pRtlpQueryProcessDebugInformationRemote;
|
|
ULONG64 ntdll_handle;
|
|
ULONG64 pLdrSystemDllInitBlock;
|
|
ULONG64 pRtlpFreezeTimeBias;
|
|
} SYSTEM_DLL_INIT_BLOCK;
|
|
#endif
|
|
|
|
typedef struct
|
|
{
|
|
ULONG_PTR *ServiceTable;
|
|
ULONG_PTR *CounterTable;
|
|
ULONG_PTR ServiceLimit;
|
|
BYTE *ArgumentTable;
|
|
} SYSTEM_SERVICE_TABLE;
|
|
|
|
/***********************************************************************
|
|
* Function declarations
|
|
*/
|
|
|
|
NTSYSAPI void WINAPI DbgBreakPoint(void);
|
|
NTSYSAPI NTSTATUS WINAPIV DbgPrint(LPCSTR fmt, ...);
|
|
NTSYSAPI NTSTATUS WINAPIV DbgPrintEx(ULONG iComponentId, ULONG Level, LPCSTR fmt, ...);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiConnectToDbg(void);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiContinue(CLIENT_ID*,NTSTATUS);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiConvertStateChangeStructure(DBGUI_WAIT_STATE_CHANGE*,struct _DEBUG_EVENT*);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiDebugActiveProcess(HANDLE);
|
|
NTSYSAPI HANDLE WINAPI DbgUiGetThreadDebugObject(void);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiIssueRemoteBreakin(HANDLE);
|
|
NTSYSAPI void WINAPI DbgUiRemoteBreakin(void*);
|
|
NTSYSAPI void WINAPI DbgUiSetThreadDebugObject(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiStopDebugging(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI DbgUiWaitStateChange(DBGUI_WAIT_STATE_CHANGE*,LARGE_INTEGER*);
|
|
NTSYSAPI void WINAPI DbgUserBreakPoint(void);
|
|
NTSYSAPI NTSTATUS WINAPI LdrAccessResource(HMODULE,const IMAGE_RESOURCE_DATA_ENTRY*,void**,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI LdrAddDllDirectory(const UNICODE_STRING*,void**);
|
|
NTSYSAPI NTSTATUS WINAPI LdrAddRefDll(ULONG,HMODULE);
|
|
NTSYSAPI NTSTATUS WINAPI LdrDisableThreadCalloutsForDll(HMODULE);
|
|
NTSYSAPI NTSTATUS WINAPI LdrFindEntryForAddress(const void*, PLDR_DATA_TABLE_ENTRY*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrFindResourceDirectory_U(HMODULE,const LDR_RESOURCE_INFO*,ULONG,const IMAGE_RESOURCE_DIRECTORY**);
|
|
NTSYSAPI NTSTATUS WINAPI LdrFindResource_U(HMODULE,const LDR_RESOURCE_INFO*,ULONG,const IMAGE_RESOURCE_DATA_ENTRY**);
|
|
NTSYSAPI NTSTATUS WINAPI LdrGetDllDirectory(UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrGetDllHandle(LPCWSTR, ULONG, const UNICODE_STRING*, HMODULE*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrGetDllHandleEx(ULONG, LPCWSTR, ULONG *, const UNICODE_STRING*, HMODULE*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrGetDllPath(PCWSTR,ULONG,PWSTR*,PWSTR*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrGetDllFullName(HMODULE, UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrGetProcedureAddress(HMODULE, const ANSI_STRING*, ULONG, void**);
|
|
NTSYSAPI NTSTATUS WINAPI LdrLoadDll(LPCWSTR, DWORD, const UNICODE_STRING*, HMODULE*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrLockLoaderLock(ULONG,ULONG*,ULONG_PTR*);
|
|
IMAGE_BASE_RELOCATION * WINAPI LdrProcessRelocationBlock(void*,UINT,USHORT*,INT_PTR);
|
|
NTSYSAPI NTSTATUS WINAPI LdrQueryImageFileExecutionOptions(const UNICODE_STRING*,LPCWSTR,ULONG,void*,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrQueryProcessModuleInformation(RTL_PROCESS_MODULES*, ULONG, ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrRegisterDllNotification(ULONG,PLDR_DLL_NOTIFICATION_FUNCTION,void*,void**);
|
|
NTSYSAPI NTSTATUS WINAPI LdrRemoveDllDirectory(void*);
|
|
NTSYSAPI NTSTATUS WINAPI LdrSetDefaultDllDirectories(ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI LdrSetDllDirectory(const UNICODE_STRING*);
|
|
NTSYSAPI void WINAPI LdrShutdownProcess(void);
|
|
NTSYSAPI void WINAPI LdrShutdownThread(void);
|
|
NTSYSAPI NTSTATUS WINAPI LdrUnloadDll(HMODULE);
|
|
NTSYSAPI NTSTATUS WINAPI LdrUnlockLoaderLock(ULONG,ULONG_PTR);
|
|
NTSYSAPI NTSTATUS WINAPI LdrUnregisterDllNotification(void*);
|
|
NTSYSAPI NTSTATUS WINAPI NtAcceptConnectPort(PHANDLE,ULONG,PLPC_MESSAGE,BOOLEAN,PLPC_SECTION_WRITE,PLPC_SECTION_READ);
|
|
NTSYSAPI NTSTATUS WINAPI NtAccessCheck(PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,PGENERIC_MAPPING,PPRIVILEGE_SET,PULONG,PULONG,NTSTATUS*);
|
|
NTSYSAPI NTSTATUS WINAPI NtAccessCheckAndAuditAlarm(PUNICODE_STRING,HANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,ACCESS_MASK,PGENERIC_MAPPING,BOOLEAN,PACCESS_MASK,PBOOLEAN,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtAddAtom(const WCHAR*,ULONG,RTL_ATOM*);
|
|
NTSYSAPI NTSTATUS WINAPI NtAdjustGroupsToken(HANDLE,BOOLEAN,PTOKEN_GROUPS,ULONG,PTOKEN_GROUPS,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtAdjustPrivilegesToken(HANDLE,BOOLEAN,PTOKEN_PRIVILEGES,DWORD,PTOKEN_PRIVILEGES,PDWORD);
|
|
NTSYSAPI NTSTATUS WINAPI NtAlertResumeThread(HANDLE,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtAlertThread(HANDLE ThreadHandle);
|
|
NTSYSAPI NTSTATUS WINAPI NtAllocateLocallyUniqueId(PLUID lpLuid);
|
|
NTSYSAPI NTSTATUS WINAPI NtAllocateUuids(PULARGE_INTEGER,PULONG,PULONG,PUCHAR);
|
|
NTSYSAPI NTSTATUS WINAPI NtAllocateVirtualMemory(HANDLE,PVOID*,ULONG_PTR,SIZE_T*,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtAllocateVirtualMemoryEx(HANDLE,PVOID*,SIZE_T*,ULONG,ULONG,MEM_EXTENDED_PARAMETER*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtAreMappedFilesTheSame(PVOID,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtAssignProcessToJobObject(HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtCallbackReturn(PVOID,ULONG,NTSTATUS);
|
|
NTSYSAPI NTSTATUS WINAPI NtCancelIoFile(HANDLE,PIO_STATUS_BLOCK);
|
|
NTSYSAPI NTSTATUS WINAPI NtCancelIoFileEx(HANDLE,PIO_STATUS_BLOCK,PIO_STATUS_BLOCK);
|
|
NTSYSAPI NTSTATUS WINAPI NtCancelTimer(HANDLE, BOOLEAN*);
|
|
NTSYSAPI NTSTATUS WINAPI NtClearEvent(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtClose(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtCloseObjectAuditAlarm(PUNICODE_STRING,HANDLE,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtCompleteConnectPort(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PLPC_SECTION_READ,PULONG,PVOID,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtContinue(PCONTEXT,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateDebugObject(HANDLE*,ACCESS_MASK,OBJECT_ATTRIBUTES*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateDirectoryObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *,EVENT_TYPE,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateEventPair(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,PLARGE_INTEGER,ULONG,ULONG,ULONG,ULONG,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateIoCompletion(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateJobObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateKeyTransacted(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,HANDLE,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateKeyedEvent(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateLowBoxToken(HANDLE*,HANDLE,ACCESS_MASK,OBJECT_ATTRIBUTES*,SID*,ULONG,SID_AND_ATTRIBUTES*,ULONG,HANDLE*);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateMailslotFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG,ULONG,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateMutant(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateNamedPipeFile(PHANDLE,ULONG,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,ULONG,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreatePagingFile(PUNICODE_STRING,PLARGE_INTEGER,PLARGE_INTEGER,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreatePort(PHANDLE,POBJECT_ATTRIBUTES,ULONG,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateProcess(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,HANDLE,BOOLEAN,HANDLE,HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateProfile(PHANDLE,HANDLE,PVOID,ULONG,ULONG,PVOID,ULONG,KPROFILE_SOURCE,KAFFINITY);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateSection(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const LARGE_INTEGER*,ULONG,ULONG,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateSemaphore(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,LONG,LONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateSymbolicLinkObject(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PUNICODE_STRING);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateThread(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,HANDLE,PCLIENT_ID,PCONTEXT,PINITIAL_TEB,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateThreadEx(HANDLE*,ACCESS_MASK,OBJECT_ATTRIBUTES*,HANDLE,PRTL_THREAD_START_ROUTINE,void*,ULONG,ULONG_PTR,SIZE_T,SIZE_T,PS_ATTRIBUTE_LIST*);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateTimer(HANDLE*, ACCESS_MASK, const OBJECT_ATTRIBUTES*, TIMER_TYPE);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateToken(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,TOKEN_TYPE,PLUID,PLARGE_INTEGER,PTOKEN_USER,PTOKEN_GROUPS,PTOKEN_PRIVILEGES,PTOKEN_OWNER,PTOKEN_PRIMARY_GROUP,PTOKEN_DEFAULT_DACL,PTOKEN_SOURCE);
|
|
NTSYSAPI NTSTATUS WINAPI NtCreateUserProcess(HANDLE*,HANDLE*,ACCESS_MASK,ACCESS_MASK,OBJECT_ATTRIBUTES*,OBJECT_ATTRIBUTES*,ULONG,ULONG,RTL_USER_PROCESS_PARAMETERS*,PS_CREATE_INFO*,PS_ATTRIBUTE_LIST*);
|
|
NTSYSAPI NTSTATUS WINAPI NtDebugActiveProcess(HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtDebugContinue(HANDLE,CLIENT_ID*,NTSTATUS);
|
|
NTSYSAPI NTSTATUS WINAPI NtDelayExecution(BOOLEAN,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtDeleteAtom(RTL_ATOM);
|
|
NTSYSAPI NTSTATUS WINAPI NtDeleteFile(POBJECT_ATTRIBUTES);
|
|
NTSYSAPI NTSTATUS WINAPI NtDeleteKey(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtDeleteValueKey(HANDLE,const UNICODE_STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI NtDeviceIoControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtDisplayString(PUNICODE_STRING);
|
|
NTSYSAPI NTSTATUS WINAPI NtDuplicateObject(HANDLE,HANDLE,HANDLE,PHANDLE,ACCESS_MASK,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtDuplicateToken(HANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,SECURITY_IMPERSONATION_LEVEL,TOKEN_TYPE,PHANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtEnumerateKey(HANDLE,ULONG,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
|
|
NTSYSAPI NTSTATUS WINAPI NtEnumerateValueKey(HANDLE,ULONG,KEY_VALUE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtExtendSection(HANDLE,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtFilterToken(HANDLE,ULONG,TOKEN_GROUPS*,TOKEN_PRIVILEGES*,TOKEN_GROUPS*,HANDLE*);
|
|
NTSYSAPI NTSTATUS WINAPI NtFindAtom(const WCHAR*,ULONG,RTL_ATOM*);
|
|
NTSYSAPI NTSTATUS WINAPI NtFlushBuffersFile(HANDLE,IO_STATUS_BLOCK*);
|
|
NTSYSAPI NTSTATUS WINAPI NtFlushInstructionCache(HANDLE,LPCVOID,SIZE_T);
|
|
NTSYSAPI NTSTATUS WINAPI NtFlushKey(HANDLE);
|
|
NTSYSAPI void WINAPI NtFlushProcessWriteBuffers(void);
|
|
NTSYSAPI NTSTATUS WINAPI NtFlushVirtualMemory(HANDLE,LPCVOID*,SIZE_T*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtFlushWriteBuffer(VOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtFreeVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtFsControlFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,PVOID,ULONG,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtGetContextThread(HANDLE,CONTEXT*);
|
|
NTSYSAPI ULONG WINAPI NtGetCurrentProcessorNumber(void);
|
|
NTSYSAPI NTSTATUS WINAPI NtGetNextThread(HANDLE,HANDLE,ACCESS_MASK,ULONG,ULONG,HANDLE*);
|
|
NTSYSAPI NTSTATUS WINAPI NtGetNlsSectionPtr(ULONG,ULONG,void*,void**,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI NtGetPlugPlayEvent(ULONG,ULONG,PVOID,ULONG);
|
|
NTSYSAPI ULONG WINAPI NtGetTickCount(VOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtGetWriteWatch(HANDLE,ULONG,PVOID,SIZE_T,PVOID*,ULONG_PTR*,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtImpersonateAnonymousToken(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtImpersonateClientOfPort(HANDLE,PPORT_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtImpersonateThread(HANDLE,HANDLE,PSECURITY_QUALITY_OF_SERVICE);
|
|
NTSYSAPI NTSTATUS WINAPI NtInitializeRegistry(BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtInitiatePowerAction(POWER_ACTION,SYSTEM_POWER_STATE,ULONG,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtIsProcessInJob(HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtListenPort(HANDLE,PLPC_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtLoadDriver(const UNICODE_STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI NtLoadKey(const OBJECT_ATTRIBUTES *,OBJECT_ATTRIBUTES *);
|
|
NTSYSAPI NTSTATUS WINAPI NtLoadKey2(const OBJECT_ATTRIBUTES *,OBJECT_ATTRIBUTES *,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtLockFile(HANDLE,HANDLE,PIO_APC_ROUTINE,void*,PIO_STATUS_BLOCK,PLARGE_INTEGER,PLARGE_INTEGER,ULONG*,BOOLEAN,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtLockVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtMakeTemporaryObject(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtMapViewOfSection(HANDLE,HANDLE,PVOID*,ULONG_PTR,SIZE_T,const LARGE_INTEGER*,SIZE_T*,SECTION_INHERIT,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtNotifyChangeDirectoryFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,ULONG,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtNotifyChangeKey(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,BOOLEAN,PVOID,ULONG,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtNotifyChangeMultipleKeys(HANDLE,ULONG,OBJECT_ATTRIBUTES*,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,ULONG,BOOLEAN,PVOID,ULONG,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenDirectoryObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenEvent(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenEventPair(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenFile(PHANDLE,ACCESS_MASK,POBJECT_ATTRIBUTES,PIO_STATUS_BLOCK,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenIoCompletion(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenJobObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES *);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenKeyEx(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenKeyTransacted(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenKeyTransactedEx(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenKeyedEvent(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenMutant(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenObjectAuditAlarm(PUNICODE_STRING,PHANDLE,PUNICODE_STRING,PUNICODE_STRING,PSECURITY_DESCRIPTOR,HANDLE,ACCESS_MASK,ACCESS_MASK,PPRIVILEGE_SET,BOOLEAN,BOOLEAN,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenProcess(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenProcessToken(HANDLE,DWORD,HANDLE *);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenProcessTokenEx(HANDLE,DWORD,DWORD,HANDLE *);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenSection(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenSemaphore(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenSymbolicLinkObject(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenThread(HANDLE*,ACCESS_MASK,const OBJECT_ATTRIBUTES*,const CLIENT_ID*);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenThreadToken(HANDLE,DWORD,BOOLEAN,HANDLE *);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenThreadTokenEx(HANDLE,DWORD,BOOLEAN,DWORD,HANDLE *);
|
|
NTSYSAPI NTSTATUS WINAPI NtOpenTimer(HANDLE*, ACCESS_MASK, const OBJECT_ATTRIBUTES*);
|
|
NTSYSAPI NTSTATUS WINAPI NtPowerInformation(POWER_INFORMATION_LEVEL,PVOID,ULONG,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtPrivilegeCheck(HANDLE,PPRIVILEGE_SET,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtPrivilegeObjectAuditAlarm(PUNICODE_STRING,HANDLE,HANDLE,ULONG,PPRIVILEGE_SET,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtPrivilegedServiceAuditAlarm(PUNICODE_STRING,PUNICODE_STRING,HANDLE,PPRIVILEGE_SET,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtProtectVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtPulseEvent(HANDLE,LONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueueApcThread(HANDLE,PNTAPCFUNC,ULONG_PTR,ULONG_PTR,ULONG_PTR);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryAttributesFile(const OBJECT_ATTRIBUTES*,FILE_BASIC_INFORMATION*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryDefaultLocale(BOOLEAN,LCID*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryDefaultUILanguage(LANGID*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryDirectoryFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,FILE_INFORMATION_CLASS,BOOLEAN,PUNICODE_STRING,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryDirectoryObject(HANDLE,PDIRECTORY_BASIC_INFORMATION,ULONG,BOOLEAN,BOOLEAN,PULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryEaFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,BOOLEAN,PVOID,ULONG,PULONG,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryEvent(HANDLE,EVENT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryFullAttributesFile(const OBJECT_ATTRIBUTES*,FILE_NETWORK_OPEN_INFORMATION*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationAtom(RTL_ATOM,ATOM_INFORMATION_CLASS,PVOID,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,LONG,FILE_INFORMATION_CLASS);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationJobObject(HANDLE,JOBOBJECTINFOCLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationPort(HANDLE,PORT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationProcess(HANDLE,PROCESSINFOCLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationThread(HANDLE,THREADINFOCLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInformationToken(HANDLE,TOKEN_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryInstallUILanguage(LANGID*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryIntervalProfile(KPROFILE_SOURCE,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryIoCompletion(HANDLE,IO_COMPLETION_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryKey(HANDLE,KEY_INFORMATION_CLASS,void *,DWORD,DWORD *);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryMultipleValueKey(HANDLE,PKEY_MULTIPLE_VALUE_INFORMATION,ULONG,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryMutant(HANDLE,MUTANT_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryOpenSubKeys(POBJECT_ATTRIBUTES,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryPerformanceCounter(PLARGE_INTEGER, PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySecurityObject(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySection(HANDLE,SECTION_INFORMATION_CLASS,PVOID,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySemaphore(HANDLE,SEMAPHORE_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySymbolicLinkObject(HANDLE,PUNICODE_STRING,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySystemEnvironmentValue(PUNICODE_STRING,PWCHAR,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySystemEnvironmentValueEx(PUNICODE_STRING,GUID*,void*,ULONG*,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySystemInformation(SYSTEM_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySystemInformationEx(SYSTEM_INFORMATION_CLASS,void*,ULONG,void*,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQuerySystemTime(PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryTimer(HANDLE,TIMER_INFORMATION_CLASS,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryTimerResolution(PULONG,PULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryValueKey(HANDLE,const UNICODE_STRING *,KEY_VALUE_INFORMATION_CLASS,void *,DWORD,DWORD *);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryLicenseValue(const UNICODE_STRING *,ULONG *,PVOID,ULONG,ULONG *);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryVirtualMemory(HANDLE,LPCVOID,MEMORY_INFORMATION_CLASS,PVOID,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI NtQueryVolumeInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FS_INFORMATION_CLASS);
|
|
NTSYSAPI NTSTATUS WINAPI NtRaiseException(PEXCEPTION_RECORD,PCONTEXT,BOOL);
|
|
NTSYSAPI NTSTATUS WINAPI NtRaiseHardError(NTSTATUS,ULONG,PUNICODE_STRING,PVOID*,HARDERROR_RESPONSE_OPTION,PHARDERROR_RESPONSE);
|
|
NTSYSAPI NTSTATUS WINAPI NtReadFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,PVOID,ULONG,PLARGE_INTEGER,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtReadFileScatter(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,FILE_SEGMENT_ELEMENT*,ULONG,PLARGE_INTEGER,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtReadRequestData(HANDLE,PLPC_MESSAGE,ULONG,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtReadVirtualMemory(HANDLE,const void*,void*,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI NtRegisterThreadTerminatePort(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtReleaseKeyedEvent(HANDLE,const void*,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtReleaseMutant(HANDLE,PLONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtReleaseSemaphore(HANDLE,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtRemoveIoCompletion(HANDLE,PULONG_PTR,PULONG_PTR,PIO_STATUS_BLOCK,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtRemoveIoCompletionEx(HANDLE,FILE_IO_COMPLETION_INFORMATION*,ULONG,ULONG*,LARGE_INTEGER*,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI NtRemoveProcessDebug(HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtRenameKey(HANDLE,UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI NtReplaceKey(POBJECT_ATTRIBUTES,HANDLE,POBJECT_ATTRIBUTES);
|
|
NTSYSAPI NTSTATUS WINAPI NtReplyPort(HANDLE,PLPC_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtReplyWaitReceivePort(HANDLE,PULONG,PLPC_MESSAGE,PLPC_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtReplyWaitReceivePortEx(HANDLE,PVOID*,PPORT_MESSAGE,PPORT_MESSAGE,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI NtReplyWaitReplyPort(HANDLE,PLPC_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtRequestPort(HANDLE,PLPC_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtRequestWaitReplyPort(HANDLE,PLPC_MESSAGE,PLPC_MESSAGE);
|
|
NTSYSAPI NTSTATUS WINAPI NtResetEvent(HANDLE,LONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtResetWriteWatch(HANDLE,PVOID,SIZE_T);
|
|
NTSYSAPI NTSTATUS WINAPI NtRestoreKey(HANDLE,HANDLE,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtResumeProcess(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtResumeThread(HANDLE,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSaveKey(HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSecureConnectPort(PHANDLE,PUNICODE_STRING,PSECURITY_QUALITY_OF_SERVICE,PLPC_SECTION_WRITE,PSID,PLPC_SECTION_READ,PULONG,PVOID,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetContextThread(HANDLE,const CONTEXT*);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetDefaultHardErrorPort(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetDefaultLocale(BOOLEAN,LCID);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetDefaultUILanguage(LANGID);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetEaFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetEvent(HANDLE,LONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetHighEventPair(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetHighWaitLowEventPair(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetHighWaitLowThread(VOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationDebugObject(HANDLE,DEBUGOBJECTINFOCLASS,PVOID,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FILE_INFORMATION_CLASS);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationJobObject(HANDLE,JOBOBJECTINFOCLASS,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationKey(HANDLE,const int,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationObject(HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationProcess(HANDLE,PROCESS_INFORMATION_CLASS,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationThread(HANDLE,THREADINFOCLASS,LPCVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetInformationToken(HANDLE,TOKEN_INFORMATION_CLASS,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetIntervalProfile(ULONG,KPROFILE_SOURCE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetIoCompletion(HANDLE,ULONG_PTR,ULONG_PTR,NTSTATUS,SIZE_T);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetLdtEntries(ULONG,LDT_ENTRY,ULONG,LDT_ENTRY);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetLowEventPair(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetLowWaitHighEventPair(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetLowWaitHighThread(VOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetSecurityObject(HANDLE,SECURITY_INFORMATION,PSECURITY_DESCRIPTOR);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetSystemEnvironmentValue(PUNICODE_STRING,PUNICODE_STRING);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetSystemInformation(SYSTEM_INFORMATION_CLASS,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetSystemPowerState(POWER_ACTION,SYSTEM_POWER_STATE,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetSystemTime(const LARGE_INTEGER*,LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetThreadExecutionState(EXECUTION_STATE,EXECUTION_STATE*);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetTimer(HANDLE, const LARGE_INTEGER*, PTIMER_APC_ROUTINE, PVOID, BOOLEAN, ULONG, BOOLEAN*);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetTimerResolution(ULONG,BOOLEAN,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetValueKey(HANDLE,const UNICODE_STRING *,ULONG,ULONG,const void *,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSetVolumeInformationFile(HANDLE,PIO_STATUS_BLOCK,PVOID,ULONG,FS_INFORMATION_CLASS);
|
|
NTSYSAPI NTSTATUS WINAPI NtSignalAndWaitForSingleObject(HANDLE,HANDLE,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtShutdownSystem(SHUTDOWN_ACTION);
|
|
NTSYSAPI NTSTATUS WINAPI NtStartProfile(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtStopProfile(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSuspendProcess(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtSuspendThread(HANDLE,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtSystemDebugControl(SYSDBG_COMMAND,PVOID,ULONG,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtTerminateJobObject(HANDLE,NTSTATUS);
|
|
NTSYSAPI NTSTATUS WINAPI NtTerminateProcess(HANDLE,LONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtTerminateThread(HANDLE,LONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtTestAlert(VOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtTraceControl(ULONG,void*,ULONG,void*,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtUnloadDriver(const UNICODE_STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI NtUnloadKey(POBJECT_ATTRIBUTES);
|
|
NTSYSAPI NTSTATUS WINAPI NtUnloadKeyEx(POBJECT_ATTRIBUTES,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtUnlockFile(HANDLE,PIO_STATUS_BLOCK,PLARGE_INTEGER,PLARGE_INTEGER,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtUnlockVirtualMemory(HANDLE,PVOID*,SIZE_T*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtUnmapViewOfSection(HANDLE,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtVdmControl(ULONG,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI NtWaitForDebugEvent(HANDLE,BOOLEAN,LARGE_INTEGER*,DBGUI_WAIT_STATE_CHANGE*);
|
|
NTSYSAPI NTSTATUS WINAPI NtWaitForKeyedEvent(HANDLE,const void*,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtWaitForSingleObject(HANDLE,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtWaitForMultipleObjects(ULONG,const HANDLE*,BOOLEAN,BOOLEAN,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI NtWaitHighEventPair(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtWaitLowEventPair(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI NtWriteFile(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,const void*,ULONG,PLARGE_INTEGER,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtWriteFileGather(HANDLE,HANDLE,PIO_APC_ROUTINE,PVOID,PIO_STATUS_BLOCK,FILE_SEGMENT_ELEMENT*,ULONG,PLARGE_INTEGER,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtWriteRequestData(HANDLE,PLPC_MESSAGE,ULONG,PVOID,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtWriteVirtualMemory(HANDLE,void*,const void*,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI NtYieldExecution(void);
|
|
|
|
NTSYSAPI NTSTATUS WINAPI RtlAbsoluteToSelfRelativeSD(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PULONG);
|
|
NTSYSAPI void WINAPI RtlAcquirePebLock(void);
|
|
NTSYSAPI BYTE WINAPI RtlAcquireResourceExclusive(LPRTL_RWLOCK,BYTE);
|
|
NTSYSAPI BYTE WINAPI RtlAcquireResourceShared(LPRTL_RWLOCK,BYTE);
|
|
NTSYSAPI void WINAPI RtlAcquireSRWLockExclusive(RTL_SRWLOCK*);
|
|
NTSYSAPI void WINAPI RtlAcquireSRWLockShared(RTL_SRWLOCK*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlActivateActivationContext(DWORD,HANDLE,ULONG_PTR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlActivateActivationContextEx(ULONG,TEB*,HANDLE,ULONG_PTR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAce(PACL,DWORD,DWORD,PACE_HEADER,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAce(PACL,DWORD,DWORD,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedAceEx(PACL,DWORD,DWORD,DWORD,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAccessAllowedObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAccessDeniedAce(PACL,DWORD,DWORD,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAccessDeniedAceEx(PACL,DWORD,DWORD,DWORD,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAccessDeniedObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAtomToAtomTable(RTL_ATOM_TABLE,const WCHAR*,RTL_ATOM*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAuditAccessAce(PACL,DWORD,DWORD,PSID,BOOL,BOOL);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAuditAccessAceEx(PACL,DWORD,DWORD,DWORD,PSID,BOOL,BOOL);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddAuditAccessObjectAce(PACL,DWORD,DWORD,DWORD,GUID*,GUID*,PSID,BOOL,BOOL);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAddMandatoryAce(PACL,DWORD,DWORD,DWORD,DWORD,PSID);
|
|
NTSYSAPI void WINAPI RtlAddRefActivationContext(HANDLE);
|
|
NTSYSAPI PVOID WINAPI RtlAddVectoredExceptionHandler(ULONG,PVECTORED_EXCEPTION_HANDLER);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAdjustPrivilege(ULONG,BOOLEAN,BOOLEAN,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAllocateAndInitializeSid(PSID_IDENTIFIER_AUTHORITY,BYTE,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,DWORD,PSID *);
|
|
NTSYSAPI RTL_HANDLE * WINAPI RtlAllocateHandle(RTL_HANDLE_TABLE *,ULONG *);
|
|
NTSYSAPI PVOID WINAPI RtlAllocateHeap(HANDLE,ULONG,SIZE_T) __WINE_ALLOC_SIZE(3);
|
|
NTSYSAPI WCHAR WINAPI RtlAnsiCharToUnicodeChar(LPSTR *);
|
|
NTSYSAPI DWORD WINAPI RtlAnsiStringToUnicodeSize(const STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAnsiStringToUnicodeString(PUNICODE_STRING,PCANSI_STRING,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAppendAsciizToString(STRING *,LPCSTR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAppendStringToString(STRING *,const STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAppendUnicodeStringToString(UNICODE_STRING *,const UNICODE_STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlAppendUnicodeToString(UNICODE_STRING *,LPCWSTR);
|
|
NTSYSAPI BOOLEAN WINAPI RtlAreAllAccessesGranted(ACCESS_MASK,ACCESS_MASK);
|
|
NTSYSAPI BOOLEAN WINAPI RtlAreAnyAccessesGranted(ACCESS_MASK,ACCESS_MASK);
|
|
NTSYSAPI BOOLEAN WINAPI RtlAreBitsSet(PCRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI BOOLEAN WINAPI RtlAreBitsClear(PCRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCharToInteger(PCSZ,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCheckRegistryKey(ULONG, PWSTR);
|
|
NTSYSAPI void WINAPI RtlClearAllBits(PRTL_BITMAP);
|
|
NTSYSAPI void WINAPI RtlClearBits(PRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateActivationContext(HANDLE*,const void*);
|
|
NTSYSAPI PDEBUG_BUFFER WINAPI RtlCreateQueryDebugBuffer(ULONG,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateRegistryKey(ULONG,PWSTR);
|
|
NTSYSAPI ULONG WINAPI RtlCompactHeap(HANDLE,ULONG);
|
|
NTSYSAPI LONG WINAPI RtlCompareString(const STRING*,const STRING*,BOOLEAN);
|
|
NTSYSAPI LONG WINAPI RtlCompareUnicodeString(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI LONG WINAPI RtlCompareUnicodeStrings(const WCHAR*,SIZE_T,const WCHAR*,SIZE_T,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCompressBuffer(USHORT,PUCHAR,ULONG,PUCHAR,ULONG,ULONG,PULONG,PVOID);
|
|
NTSYSAPI DWORD WINAPI RtlComputeCrc32(DWORD,const BYTE*,INT);
|
|
NTSYSAPI NTSTATUS WINAPI RtlConvertSidToUnicodeString(PUNICODE_STRING,PSID,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlConvertToAutoInheritSecurityObject(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*,GUID*,BOOL,PGENERIC_MAPPING);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCopyContext(CONTEXT*,DWORD,CONTEXT*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCopyExtendedContext(CONTEXT_EX*,ULONG,CONTEXT_EX*);
|
|
NTSYSAPI void WINAPI RtlCopyLuid(PLUID,const LUID*);
|
|
NTSYSAPI void WINAPI RtlCopyLuidAndAttributesArray(ULONG,const LUID_AND_ATTRIBUTES*,PLUID_AND_ATTRIBUTES);
|
|
NTSYSAPI BOOLEAN WINAPI RtlCopySid(DWORD,PSID,PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCopySecurityDescriptor(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR);
|
|
NTSYSAPI void WINAPI RtlCopyString(STRING*,const STRING*);
|
|
NTSYSAPI void WINAPI RtlCopyUnicodeString(UNICODE_STRING*,const UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateAcl(PACL,DWORD,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateAtomTable(ULONG,RTL_ATOM_TABLE*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateEnvironment(BOOLEAN, PWSTR*);
|
|
NTSYSAPI HANDLE WINAPI RtlCreateHeap(ULONG,PVOID,SIZE_T,SIZE_T,PVOID,PRTL_HEAP_DEFINITION);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateProcessParameters(RTL_USER_PROCESS_PARAMETERS**,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,PWSTR,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateProcessParametersEx(RTL_USER_PROCESS_PARAMETERS**,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,PWSTR,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,const UNICODE_STRING*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateSecurityDescriptor(PSECURITY_DESCRIPTOR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateTimerQueue(PHANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateTimer(PHANDLE, HANDLE, RTL_WAITORTIMERCALLBACKFUNC, PVOID, DWORD, DWORD, ULONG);
|
|
NTSYSAPI BOOLEAN WINAPI RtlCreateUnicodeString(PUNICODE_STRING,LPCWSTR);
|
|
NTSYSAPI BOOLEAN WINAPI RtlCreateUnicodeStringFromAsciiz(PUNICODE_STRING,LPCSTR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateUserProcess(UNICODE_STRING*,ULONG,RTL_USER_PROCESS_PARAMETERS*,SECURITY_DESCRIPTOR*,SECURITY_DESCRIPTOR*,HANDLE,BOOLEAN,HANDLE,HANDLE,RTL_USER_PROCESS_INFORMATION*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateUserThread(HANDLE,SECURITY_DESCRIPTOR*,BOOLEAN,ULONG,SIZE_T,SIZE_T,PRTL_THREAD_START_ROUTINE,void*,HANDLE*,CLIENT_ID*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCreateUserStack(SIZE_T,SIZE_T,ULONG,SIZE_T,SIZE_T,INITIAL_TEB*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlCustomCPToUnicodeN(CPTABLEINFO*,WCHAR*,DWORD,DWORD*,const char*,DWORD);
|
|
NTSYSAPI void WINAPI RtlDeactivateActivationContext(DWORD,ULONG_PTR);
|
|
NTSYSAPI PVOID WINAPI RtlDecodePointer(PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDecompressBuffer(USHORT,PUCHAR,ULONG,PUCHAR,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDecompressFragment(USHORT,PUCHAR,ULONG,PUCHAR,ULONG,ULONG,PULONG,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteAce(PACL,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteAtomFromAtomTable(RTL_ATOM_TABLE,RTL_ATOM);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteRegistryValue(ULONG, PCWSTR, PCWSTR);
|
|
NTSYSAPI void WINAPI RtlDeleteResource(LPRTL_RWLOCK);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteSecurityObject(PSECURITY_DESCRIPTOR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteTimer(HANDLE, HANDLE, HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeleteTimerQueueEx(HANDLE, HANDLE);
|
|
NTSYSAPI PRTL_USER_PROCESS_PARAMETERS WINAPI RtlDeNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeregisterWait(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDeregisterWaitEx(HANDLE,HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDestroyAtomTable(RTL_ATOM_TABLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDestroyEnvironment(PWSTR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDestroyHandleTable(RTL_HANDLE_TABLE *);
|
|
NTSYSAPI HANDLE WINAPI RtlDestroyHeap(HANDLE);
|
|
NTSYSAPI void WINAPI RtlDestroyProcessParameters(RTL_USER_PROCESS_PARAMETERS*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDestroyQueryDebugBuffer(PDEBUG_BUFFER);
|
|
NTSYSAPI DOS_PATHNAME_TYPE WINAPI RtlDetermineDosPathNameType_U(PCWSTR);
|
|
NTSYSAPI BOOLEAN WINAPI RtlDllShutdownInProgress(void);
|
|
NTSYSAPI BOOLEAN WINAPI RtlDoesFileExists_U(LPCWSTR);
|
|
NTSYSAPI BOOLEAN WINAPI RtlDosPathNameToNtPathName_U(PCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDosPathNameToNtPathName_U_WithStatus(PCWSTR,PUNICODE_STRING,PWSTR*,CURDIR*);
|
|
NTSYSAPI ULONG WINAPI RtlDosSearchPath_U(LPCWSTR, LPCWSTR, LPCWSTR, ULONG, LPWSTR, LPWSTR*);
|
|
NTSYSAPI WCHAR WINAPI RtlDowncaseUnicodeChar(WCHAR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDowncaseUnicodeString(UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI void WINAPI RtlDumpResource(LPRTL_RWLOCK);
|
|
NTSYSAPI NTSTATUS WINAPI RtlDuplicateUnicodeString(int,const UNICODE_STRING*,UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlEmptyAtomTable(RTL_ATOM_TABLE,BOOLEAN);
|
|
NTSYSAPI PVOID WINAPI RtlEncodePointer(PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlEnterCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI void WINAPI RtlEraseUnicodeString(UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlEqualComputerName(const UNICODE_STRING*,const UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlEqualDomainName(const UNICODE_STRING*,const UNICODE_STRING*);
|
|
NTSYSAPI BOOLEAN WINAPI RtlEqualLuid(const LUID*,const LUID*);
|
|
NTSYSAPI BOOL WINAPI RtlEqualPrefixSid(PSID,PSID);
|
|
NTSYSAPI BOOL WINAPI RtlEqualSid(PSID,PSID);
|
|
NTSYSAPI BOOLEAN WINAPI RtlEqualString(const STRING*,const STRING*,BOOLEAN);
|
|
NTSYSAPI BOOLEAN WINAPI RtlEqualUnicodeString(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI void DECLSPEC_NORETURN WINAPI RtlExitUserProcess(ULONG);
|
|
NTSYSAPI void DECLSPEC_NORETURN WINAPI RtlExitUserThread(ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlExpandEnvironmentStrings(const WCHAR*,WCHAR*,SIZE_T,WCHAR*,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlExpandEnvironmentStrings_U(PCWSTR, const UNICODE_STRING*, UNICODE_STRING*, ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFindActivationContextSectionString(ULONG,const GUID*,ULONG,const UNICODE_STRING*,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFindActivationContextSectionGuid(ULONG,const GUID*,ULONG,const GUID*,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFindCharInUnicodeString(int,const UNICODE_STRING*,const UNICODE_STRING*,USHORT*);
|
|
NTSYSAPI ULONG WINAPI RtlFindClearBits(PCRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindClearBitsAndSet(PRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindClearRuns(PCRTL_BITMAP,PRTL_BITMAP_RUN,ULONG,BOOLEAN);
|
|
NTSYSAPI void * WINAPI RtlFindExportedRoutineByName(HMODULE,const char*);
|
|
NTSYSAPI ULONG WINAPI RtlFindLastBackwardRunSet(PCRTL_BITMAP,ULONG,PULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindLastBackwardRunClear(PCRTL_BITMAP,ULONG,PULONG);
|
|
NTSYSAPI CCHAR WINAPI RtlFindLeastSignificantBit(ULONGLONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindLongestRunSet(PCRTL_BITMAP,PULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindLongestRunClear(PCRTL_BITMAP,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFindMessage(HMODULE,ULONG,ULONG,ULONG,const MESSAGE_RESOURCE_ENTRY**);
|
|
NTSYSAPI CCHAR WINAPI RtlFindMostSignificantBit(ULONGLONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindNextForwardRunSet(PCRTL_BITMAP,ULONG,PULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindNextForwardRunClear(PCRTL_BITMAP,ULONG,PULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindSetBits(PCRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindSetBitsAndClear(PRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI ULONG WINAPI RtlFindSetRuns(PCRTL_BITMAP,PRTL_BITMAP_RUN,ULONG,BOOLEAN);
|
|
NTSYSAPI BOOLEAN WINAPI RtlFirstFreeAce(PACL,PACE_HEADER *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFlsAlloc(PFLS_CALLBACK_FUNCTION,ULONG *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFlsFree(ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFlsGetValue(ULONG,void **);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFlsSetValue(ULONG,void *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFormatCurrentUserKeyPath(PUNICODE_STRING);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFormatMessage(LPCWSTR,ULONG,BOOLEAN,BOOLEAN,BOOLEAN,__ms_va_list *,LPWSTR,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlFormatMessageEx(LPCWSTR,ULONG,BOOLEAN,BOOLEAN,BOOLEAN,__ms_va_list *,LPWSTR,ULONG,ULONG*,ULONG);
|
|
NTSYSAPI void WINAPI RtlFreeAnsiString(PANSI_STRING);
|
|
NTSYSAPI BOOLEAN WINAPI RtlFreeHandle(RTL_HANDLE_TABLE *,RTL_HANDLE *);
|
|
NTSYSAPI BOOLEAN WINAPI RtlFreeHeap(HANDLE,ULONG,PVOID);
|
|
NTSYSAPI void WINAPI RtlFreeOemString(POEM_STRING);
|
|
NTSYSAPI DWORD WINAPI RtlFreeSid(PSID);
|
|
NTSYSAPI void WINAPI RtlFreeThreadActivationContextStack(void);
|
|
NTSYSAPI void WINAPI RtlFreeUnicodeString(PUNICODE_STRING);
|
|
NTSYSAPI void WINAPI RtlFreeUserStack(void*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetAce(PACL,DWORD,LPVOID *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetActiveActivationContext(HANDLE*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetCompressionWorkSpaceSize(USHORT,PULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetControlSecurityDescriptor(PSECURITY_DESCRIPTOR, PSECURITY_DESCRIPTOR_CONTROL,LPDWORD);
|
|
NTSYSAPI ULONG WINAPI RtlGetCurrentDirectory_U(ULONG, LPWSTR);
|
|
NTSYSAPI PEB * WINAPI RtlGetCurrentPeb(void);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR,PBOOLEAN,PACL *,PBOOLEAN);
|
|
NTSYSAPI ULONG64 WINAPI RtlGetEnabledExtendedFeatures(ULONG64);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetExePath(PCWSTR,PWSTR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetExtendedContextLength(ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetExtendedContextLength2(ULONG,ULONG*,ULONG64);
|
|
NTSYSAPI ULONG64 WINAPI RtlGetExtendedFeaturesMask(CONTEXT_EX*);
|
|
NTSYSAPI TEB_ACTIVE_FRAME * WINAPI RtlGetFrame(void);
|
|
NTSYSAPI ULONG WINAPI RtlGetFullPathName_U(PCWSTR,ULONG,PWSTR,PWSTR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID *,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetLastNtStatus(void);
|
|
NTSYSAPI DWORD WINAPI RtlGetLastWin32Error(void);
|
|
NTSYSAPI DWORD WINAPI RtlGetLongestNtPathLength(void);
|
|
NTSYSAPI ULONG WINAPI RtlGetNtGlobalFlags(void);
|
|
NTSYSAPI BOOLEAN WINAPI RtlGetNtProductType(LPDWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID *,PBOOLEAN);
|
|
NTSYSAPI ULONG WINAPI RtlGetProcessHeaps(ULONG,HANDLE*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetProcessPreferredUILanguages(DWORD,ULONG*,WCHAR*,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR,PBOOLEAN,PACL *,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetSearchPath(PWSTR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetSystemPreferredUILanguages(DWORD,ULONG,ULONG*,WCHAR*,ULONG*);
|
|
NTSYSAPI LONGLONG WINAPI RtlGetSystemTimePrecise(void);
|
|
NTSYSAPI DWORD WINAPI RtlGetThreadErrorMode(void);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetThreadPreferredUILanguages(DWORD,ULONG*,WCHAR*,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetUserPreferredUILanguages(DWORD,ULONG,ULONG*,WCHAR*,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGetVersion(RTL_OSVERSIONINFOEXW*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlGUIDFromString(PUNICODE_STRING,GUID*);
|
|
NTSYSAPI PSID_IDENTIFIER_AUTHORITY WINAPI RtlIdentifierAuthoritySid(PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlIdnToAscii(DWORD,const WCHAR*,INT,WCHAR*,INT*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlIdnToNameprepUnicode(DWORD,const WCHAR*,INT,WCHAR*,INT*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlIdnToUnicode(DWORD,const WCHAR*,INT,WCHAR*,INT*);
|
|
NTSYSAPI PVOID WINAPI RtlImageDirectoryEntryToData(HMODULE,BOOL,WORD,ULONG *);
|
|
NTSYSAPI PIMAGE_NT_HEADERS WINAPI RtlImageNtHeader(HMODULE);
|
|
NTSYSAPI PIMAGE_SECTION_HEADER WINAPI RtlImageRvaToSection(const IMAGE_NT_HEADERS *,HMODULE,DWORD);
|
|
NTSYSAPI PVOID WINAPI RtlImageRvaToVa(const IMAGE_NT_HEADERS *,HMODULE,DWORD,IMAGE_SECTION_HEADER **);
|
|
NTSYSAPI NTSTATUS WINAPI RtlImpersonateSelf(SECURITY_IMPERSONATION_LEVEL);
|
|
NTSYSAPI void WINAPI RtlInitString(PSTRING,PCSZ);
|
|
NTSYSAPI void WINAPI RtlInitAnsiString(PANSI_STRING,PCSZ);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitAnsiStringEx(PANSI_STRING,PCSZ);
|
|
NTSYSAPI void WINAPI RtlInitCodePageTable(USHORT*,CPTABLEINFO*);
|
|
NTSYSAPI void WINAPI RtlInitNlsTables(USHORT*,USHORT*,USHORT*,NLSTABLEINFO*);
|
|
NTSYSAPI void WINAPI RtlInitUnicodeString(PUNICODE_STRING,PCWSTR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitUnicodeStringEx(PUNICODE_STRING,PCWSTR);
|
|
NTSYSAPI void WINAPI RtlInitializeBitMap(PRTL_BITMAP,PULONG,ULONG);
|
|
NTSYSAPI void WINAPI RtlInitializeConditionVariable(RTL_CONDITION_VARIABLE *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitializeCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitializeCriticalSectionAndSpinCount(RTL_CRITICAL_SECTION *,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitializeCriticalSectionEx(RTL_CRITICAL_SECTION *,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitializeExtendedContext(void*,ULONG,CONTEXT_EX**);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInitializeExtendedContext2(void*,ULONG,CONTEXT_EX**,ULONG64);
|
|
NTSYSAPI void WINAPI RtlInitializeHandleTable(ULONG,ULONG,RTL_HANDLE_TABLE *);
|
|
NTSYSAPI void WINAPI RtlInitializeResource(LPRTL_RWLOCK);
|
|
NTSYSAPI void WINAPI RtlInitializeSRWLock(RTL_SRWLOCK*);
|
|
NTSYSAPI BOOL WINAPI RtlInitializeSid(PSID,PSID_IDENTIFIER_AUTHORITY,BYTE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlInt64ToUnicodeString(ULONGLONG,ULONG,UNICODE_STRING *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlIntegerToChar(ULONG,ULONG,ULONG,PCHAR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlIntegerToUnicodeString(ULONG,ULONG,UNICODE_STRING *);
|
|
NTSYSAPI BOOLEAN WINAPI RtlIsActivationContextActive(HANDLE);
|
|
NTSYSAPI BOOL WINAPI RtlIsCriticalSectionLocked(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI BOOL WINAPI RtlIsCriticalSectionLockedByThread(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI ULONG WINAPI RtlIsDosDeviceName_U(PCWSTR);
|
|
NTSYSAPI BOOLEAN WINAPI RtlIsNameLegalDOS8Dot3(const UNICODE_STRING*,POEM_STRING,PBOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlIsNormalizedString(ULONG,const WCHAR*,INT,BOOLEAN*);
|
|
NTSYSAPI BOOLEAN WINAPI RtlIsProcessorFeaturePresent(UINT);
|
|
NTSYSAPI BOOLEAN WINAPI RtlIsTextUnicode(LPCVOID,INT,INT *);
|
|
NTSYSAPI BOOLEAN WINAPI RtlIsValidHandle(const RTL_HANDLE_TABLE *, const RTL_HANDLE *);
|
|
NTSYSAPI BOOLEAN WINAPI RtlIsValidIndexHandle(const RTL_HANDLE_TABLE *, ULONG Index, RTL_HANDLE **);
|
|
NTSYSAPI NTSTATUS WINAPI RtlLeaveCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI DWORD WINAPI RtlLengthRequiredSid(DWORD);
|
|
NTSYSAPI ULONG WINAPI RtlLengthSecurityDescriptor(PSECURITY_DESCRIPTOR);
|
|
NTSYSAPI DWORD WINAPI RtlLengthSid(PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlLocalTimeToSystemTime(const LARGE_INTEGER*,PLARGE_INTEGER);
|
|
NTSYSAPI NTSTATUS WINAPI RtlLocaleNameToLcid(const WCHAR*,LCID*,ULONG);
|
|
NTSYSAPI void * WINAPI RtlLocateExtendedFeature(CONTEXT_EX*,ULONG,ULONG*);
|
|
NTSYSAPI void * WINAPI RtlLocateExtendedFeature2(CONTEXT_EX*,ULONG,XSTATE_CONFIGURATION*,ULONG*);
|
|
NTSYSAPI void * WINAPI RtlLocateLegacyContext(CONTEXT_EX*,ULONG*);
|
|
NTSYSAPI BOOLEAN WINAPI RtlLockHeap(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlLookupAtomInAtomTable(RTL_ATOM_TABLE,const WCHAR*,RTL_ATOM*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlMakeSelfRelativeSD(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,LPDWORD);
|
|
NTSYSAPI void WINAPI RtlMapGenericMask(PACCESS_MASK,const GENERIC_MAPPING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlMultiByteToUnicodeN(LPWSTR,DWORD,LPDWORD,LPCSTR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlMultiByteToUnicodeSize(DWORD*,LPCSTR,UINT);
|
|
NTSYSAPI NTSTATUS WINAPI RtlNewSecurityObject(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR*,BOOLEAN,HANDLE,PGENERIC_MAPPING);
|
|
NTSYSAPI PRTL_USER_PROCESS_PARAMETERS WINAPI RtlNormalizeProcessParams(RTL_USER_PROCESS_PARAMETERS*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlNormalizeString(ULONG,const WCHAR*,INT,WCHAR*,INT*);
|
|
NTSYSAPI ULONG WINAPI RtlNtStatusToDosError(NTSTATUS);
|
|
NTSYSAPI ULONG WINAPI RtlNtStatusToDosErrorNoTeb(NTSTATUS);
|
|
NTSYSAPI ULONG WINAPI RtlNumberOfSetBits(PCRTL_BITMAP);
|
|
NTSYSAPI ULONG WINAPI RtlNumberOfClearBits(PCRTL_BITMAP);
|
|
NTSYSAPI UINT WINAPI RtlOemStringToUnicodeSize(const STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlOemStringToUnicodeString(UNICODE_STRING*,const STRING*,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlOemToUnicodeN(LPWSTR,DWORD,LPDWORD,LPCSTR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlOpenCurrentUser(ACCESS_MASK,PHANDLE);
|
|
NTSYSAPI PVOID WINAPI RtlPcToFileHeader(PVOID,PVOID*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlPinAtomInAtomTable(RTL_ATOM_TABLE,RTL_ATOM);
|
|
NTSYSAPI void WINAPI RtlPopFrame(TEB_ACTIVE_FRAME*);
|
|
NTSYSAPI BOOLEAN WINAPI RtlPrefixString(const STRING*,const STRING*,BOOLEAN);
|
|
NTSYSAPI BOOLEAN WINAPI RtlPrefixUnicodeString(const UNICODE_STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI void WINAPI RtlProcessFlsData(void*,ULONG);
|
|
NTSYSAPI void WINAPI RtlPushFrame(TEB_ACTIVE_FRAME*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryActivationContextApplicationSettings(DWORD,HANDLE,const WCHAR*,const WCHAR*,WCHAR*,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryAtomInAtomTable(RTL_ATOM_TABLE,RTL_ATOM,ULONG*,ULONG*,WCHAR*,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryDynamicTimeZoneInformation(RTL_DYNAMIC_TIME_ZONE_INFORMATION*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryEnvironmentVariable(WCHAR*,const WCHAR*,SIZE_T,WCHAR*,SIZE_T,SIZE_T*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryEnvironmentVariable_U(PWSTR,PUNICODE_STRING,PUNICODE_STRING);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryHeapInformation(HANDLE,HEAP_INFORMATION_CLASS,PVOID,SIZE_T,PSIZE_T);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationAcl(PACL,LPVOID,DWORD,ACL_INFORMATION_CLASS);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryInformationActivationContext(ULONG,HANDLE,PVOID,ULONG,PVOID,SIZE_T,SIZE_T*);
|
|
NTSYSAPI BOOL WINAPI RtlQueryPerformanceCounter(LARGE_INTEGER*);
|
|
NTSYSAPI BOOL WINAPI RtlQueryPerformanceFrequency(LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryProcessDebugInformation(ULONG,ULONG,PDEBUG_BUFFER);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryRegistryValues(ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE, PVOID, PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueryTimeZoneInformation(RTL_TIME_ZONE_INFORMATION*);
|
|
NTSYSAPI BOOL WINAPI RtlQueryUnbiasedInterruptTime(ULONGLONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlQueueWorkItem(PRTL_WORK_ITEM_ROUTINE,PVOID,ULONG);
|
|
NTSYSAPI void WINAPI RtlRaiseException(PEXCEPTION_RECORD);
|
|
NTSYSAPI void WINAPI RtlRaiseStatus(NTSTATUS);
|
|
NTSYSAPI ULONG WINAPI RtlRandom(PULONG);
|
|
NTSYSAPI PVOID WINAPI RtlReAllocateHeap(HANDLE,ULONG,PVOID,SIZE_T);
|
|
NTSYSAPI NTSTATUS WINAPI RtlRegisterWait(PHANDLE,HANDLE,RTL_WAITORTIMERCALLBACKFUNC,PVOID,ULONG,ULONG);
|
|
NTSYSAPI void WINAPI RtlReleaseActivationContext(HANDLE);
|
|
NTSYSAPI void WINAPI RtlReleasePath(PWSTR);
|
|
NTSYSAPI void WINAPI RtlReleasePebLock(void);
|
|
NTSYSAPI void WINAPI RtlReleaseResource(LPRTL_RWLOCK);
|
|
NTSYSAPI void WINAPI RtlReleaseSRWLockExclusive(RTL_SRWLOCK*);
|
|
NTSYSAPI void WINAPI RtlReleaseSRWLockShared(RTL_SRWLOCK*);
|
|
NTSYSAPI ULONG WINAPI RtlRemoveVectoredExceptionHandler(PVOID);
|
|
NTSYSAPI void WINAPI RtlResetRtlTranslations(const NLSTABLEINFO*);
|
|
NTSYSAPI void WINAPI RtlRestoreLastWin32Error(DWORD);
|
|
NTSYSAPI void WINAPI RtlSecondsSince1970ToTime(DWORD,LARGE_INTEGER *);
|
|
NTSYSAPI void WINAPI RtlSecondsSince1980ToTime(DWORD,LARGE_INTEGER *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSelfRelativeToAbsoluteSD(PSECURITY_DESCRIPTOR,PSECURITY_DESCRIPTOR,PDWORD,PACL,PDWORD,PACL,PDWORD,PSID,PDWORD,PSID,PDWORD);
|
|
NTSYSAPI void WINAPI RtlSetAllBits(PRTL_BITMAP);
|
|
NTSYSAPI void WINAPI RtlSetBits(PRTL_BITMAP,ULONG,ULONG);
|
|
NTSYSAPI ULONG WINAPI RtlSetCriticalSectionSpinCount(RTL_CRITICAL_SECTION*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetControlSecurityDescriptor(PSECURITY_DESCRIPTOR,SECURITY_DESCRIPTOR_CONTROL,SECURITY_DESCRIPTOR_CONTROL);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetCurrentDirectory_U(const UNICODE_STRING*);
|
|
NTSYSAPI void WINAPI RtlSetCurrentEnvironment(PWSTR, PWSTR*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetDaclSecurityDescriptor(PSECURITY_DESCRIPTOR,BOOLEAN,PACL,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetEnvironmentVariable(PWSTR*,PUNICODE_STRING,PUNICODE_STRING);
|
|
NTSYSAPI void WINAPI RtlSetExtendedFeaturesMask(CONTEXT_EX*,ULONG64);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetHeapInformation(HANDLE,HEAP_INFORMATION_CLASS,PVOID,SIZE_T);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetOwnerSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetGroupSecurityDescriptor(PSECURITY_DESCRIPTOR,PSID,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetIoCompletionCallback(HANDLE,PRTL_OVERLAPPED_COMPLETION_ROUTINE,ULONG);
|
|
NTSYSAPI void WINAPI RtlSetLastWin32Error(DWORD);
|
|
NTSYSAPI void WINAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus(NTSTATUS);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetProcessPreferredUILanguages(DWORD,PCZZWSTR,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetSaclSecurityDescriptor(PSECURITY_DESCRIPTOR,BOOLEAN,PACL,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetSearchPathMode(ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetThreadErrorMode(DWORD,LPDWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetThreadPreferredUILanguages(DWORD,PCZZWSTR,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSetTimeZoneInformation(const RTL_TIME_ZONE_INFORMATION*);
|
|
NTSYSAPI void WINAPI RtlSetUnhandledExceptionFilter(PRTL_EXCEPTION_FILTER);
|
|
NTSYSAPI SIZE_T WINAPI RtlSizeHeap(HANDLE,ULONG,const void*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSleepConditionVariableCS(RTL_CONDITION_VARIABLE*,RTL_CRITICAL_SECTION*,const LARGE_INTEGER*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSleepConditionVariableSRW(RTL_CONDITION_VARIABLE*,RTL_SRWLOCK*,const LARGE_INTEGER*,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlStringFromGUID(REFGUID,PUNICODE_STRING);
|
|
NTSYSAPI LPDWORD WINAPI RtlSubAuthoritySid(PSID,DWORD);
|
|
NTSYSAPI LPBYTE WINAPI RtlSubAuthorityCountSid(PSID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlSystemTimeToLocalTime(const LARGE_INTEGER*,PLARGE_INTEGER);
|
|
NTSYSAPI void WINAPI RtlTimeToTimeFields(const LARGE_INTEGER*,PTIME_FIELDS);
|
|
NTSYSAPI BOOLEAN WINAPI RtlTimeFieldsToTime(PTIME_FIELDS,PLARGE_INTEGER);
|
|
NTSYSAPI void WINAPI RtlTimeToElapsedTimeFields(const LARGE_INTEGER *,PTIME_FIELDS);
|
|
NTSYSAPI BOOLEAN WINAPI RtlTimeToSecondsSince1970(const LARGE_INTEGER *,LPDWORD);
|
|
NTSYSAPI BOOLEAN WINAPI RtlTimeToSecondsSince1980(const LARGE_INTEGER *,LPDWORD);
|
|
NTSYSAPI BOOLEAN WINAPI RtlTryAcquireSRWLockExclusive(RTL_SRWLOCK *);
|
|
NTSYSAPI BOOLEAN WINAPI RtlTryAcquireSRWLockShared(RTL_SRWLOCK *);
|
|
NTSYSAPI BOOL WINAPI RtlTryEnterCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUTF8ToUnicodeN(WCHAR*,DWORD,DWORD*,const char*,DWORD);
|
|
NTSYSAPI ULONGLONG __cdecl RtlUlonglongByteSwap(ULONGLONG);
|
|
NTSYSAPI DWORD WINAPI RtlUnicodeStringToAnsiSize(const UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeStringToAnsiString(PANSI_STRING,PCUNICODE_STRING,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeStringToInteger(const UNICODE_STRING *,ULONG,ULONG *);
|
|
NTSYSAPI DWORD WINAPI RtlUnicodeStringToOemSize(const UNICODE_STRING*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeStringToOemString(POEM_STRING,PCUNICODE_STRING,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToCustomCPN(CPTABLEINFO*,char*,DWORD,DWORD*,const WCHAR*,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToMultiByteN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToMultiByteSize(PULONG,PCWSTR,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToOemN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUnicodeToUTF8N(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
|
|
NTSYSAPI ULONG WINAPI RtlUniform(PULONG);
|
|
NTSYSAPI BOOLEAN WINAPI RtlUnlockHeap(HANDLE);
|
|
NTSYSAPI void WINAPI RtlUnwind(PVOID,PVOID,PEXCEPTION_RECORD,PVOID);
|
|
NTSYSAPI WCHAR WINAPI RtlUpcaseUnicodeChar(WCHAR);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeString(UNICODE_STRING*,const UNICODE_STRING *,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeStringToAnsiString(STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeStringToCountedOemString(STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeStringToOemString(STRING*,const UNICODE_STRING*,BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeToCustomCPN(CPTABLEINFO*,char*,DWORD,DWORD*,const WCHAR*,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeToMultiByteN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpcaseUnicodeToOemN(LPSTR,DWORD,LPDWORD,LPCWSTR,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI RtlUpdateTimer(HANDLE, HANDLE, DWORD, DWORD);
|
|
NTSYSAPI CHAR WINAPI RtlUpperChar(CHAR);
|
|
NTSYSAPI void WINAPI RtlUpperString(STRING *,const STRING *);
|
|
NTSYSAPI void WINAPI RtlUserThreadStart(PRTL_THREAD_START_ROUTINE,void*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlValidSecurityDescriptor(PSECURITY_DESCRIPTOR);
|
|
NTSYSAPI BOOLEAN WINAPI RtlValidRelativeSecurityDescriptor(PSECURITY_DESCRIPTOR,ULONG,SECURITY_INFORMATION);
|
|
NTSYSAPI BOOLEAN WINAPI RtlValidAcl(PACL);
|
|
NTSYSAPI BOOLEAN WINAPI RtlValidSid(PSID);
|
|
NTSYSAPI BOOLEAN WINAPI RtlValidateHeap(HANDLE,ULONG,LPCVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlVerifyVersionInfo(const RTL_OSVERSIONINFOEXW*,DWORD,DWORDLONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWaitOnAddress(const void *,const void *,SIZE_T,const LARGE_INTEGER *);
|
|
NTSYSAPI void WINAPI RtlWakeAddressAll(const void *);
|
|
NTSYSAPI void WINAPI RtlWakeAddressSingle(const void *);
|
|
NTSYSAPI void WINAPI RtlWakeAllConditionVariable(RTL_CONDITION_VARIABLE *);
|
|
NTSYSAPI void WINAPI RtlWakeConditionVariable(RTL_CONDITION_VARIABLE *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWalkHeap(HANDLE,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64EnableFsRedirection(BOOLEAN);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64EnableFsRedirectionEx(ULONG,ULONG*);
|
|
NTSYSAPI USHORT WINAPI RtlWow64GetCurrentMachine(void);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64GetProcessMachines(HANDLE,USHORT*,USHORT*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64IsWowGuestMachineSupported(USHORT,BOOLEAN*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWriteRegistryValue(ULONG,PCWSTR,PCWSTR,ULONG,PVOID,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlZombifyActivationContext(HANDLE);
|
|
NTSYSAPI NTSTATUS WINAPI RtlpNtCreateKey(PHANDLE,ACCESS_MASK,const OBJECT_ATTRIBUTES*,ULONG,const UNICODE_STRING*,ULONG,PULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlpNtEnumerateSubKey(HANDLE,UNICODE_STRING *, ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlpWaitForCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI NTSTATUS WINAPI RtlpUnWaitCriticalSection(RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI NTSTATUS WINAPI vDbgPrintEx(ULONG,ULONG,LPCSTR,__ms_va_list);
|
|
NTSYSAPI NTSTATUS WINAPI vDbgPrintExWithPrefix(LPCSTR,ULONG,ULONG,LPCSTR,__ms_va_list);
|
|
|
|
#ifndef __WINE_USE_MSVCRT
|
|
NTSYSAPI int __cdecl _strnicmp(LPCSTR,LPCSTR,size_t);
|
|
#endif
|
|
|
|
/* 32-bit or 64-bit only functions */
|
|
|
|
#ifdef _WIN64
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64GetCpuAreaInfo(WOW64_CPURESERVED*,ULONG,WOW64_CPU_AREA_INFO*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64GetCurrentCpuArea(USHORT*,void**,void**);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64GetThreadContext(HANDLE,WOW64_CONTEXT*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64GetThreadSelectorEntry(HANDLE,THREAD_DESCRIPTOR_INFORMATION*,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI RtlWow64SetThreadContext(HANDLE,const WOW64_CONTEXT*);
|
|
#else
|
|
NTSYSAPI NTSTATUS WINAPI NtWow64AllocateVirtualMemory64(HANDLE,ULONG64*,ULONG64,ULONG64*,ULONG,ULONG);
|
|
NTSYSAPI NTSTATUS WINAPI NtWow64GetNativeSystemInformation(SYSTEM_INFORMATION_CLASS,void*,ULONG,ULONG*);
|
|
NTSYSAPI NTSTATUS WINAPI NtWow64ReadVirtualMemory64(HANDLE,ULONG64,void*,ULONG64,ULONG64*);
|
|
NTSYSAPI NTSTATUS WINAPI NtWow64WriteVirtualMemory64(HANDLE,ULONG64,const void*,ULONG64,ULONG64*);
|
|
NTSYSAPI LONGLONG WINAPI RtlConvertLongToLargeInteger(LONG);
|
|
NTSYSAPI ULONGLONG WINAPI RtlConvertUlongToLargeInteger(ULONG);
|
|
NTSYSAPI LONGLONG WINAPI RtlEnlargedIntegerMultiply(INT,INT);
|
|
NTSYSAPI ULONGLONG WINAPI RtlEnlargedUnsignedMultiply(UINT,UINT);
|
|
NTSYSAPI UINT WINAPI RtlEnlargedUnsignedDivide(ULONGLONG,UINT,UINT *);
|
|
NTSYSAPI LONGLONG WINAPI RtlExtendedMagicDivide(LONGLONG,LONGLONG,INT);
|
|
NTSYSAPI LONGLONG WINAPI RtlExtendedIntegerMultiply(LONGLONG,INT);
|
|
NTSYSAPI LONGLONG WINAPI RtlExtendedLargeIntegerDivide(LONGLONG,INT,INT *);
|
|
NTSYSAPI LONGLONG WINAPI RtlInterlockedCompareExchange64(LONGLONG*,LONGLONG,LONGLONG);
|
|
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerAdd(LONGLONG,LONGLONG);
|
|
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerArithmeticShift(LONGLONG,INT);
|
|
NTSYSAPI ULONGLONG WINAPI RtlLargeIntegerDivide( ULONGLONG,ULONGLONG,ULONGLONG *);
|
|
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerNegate(LONGLONG);
|
|
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerShiftLeft(LONGLONG,INT);
|
|
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerShiftRight(LONGLONG,INT);
|
|
NTSYSAPI LONGLONG WINAPI RtlLargeIntegerSubtract(LONGLONG,LONGLONG);
|
|
NTSYSAPI NTSTATUS WINAPI RtlLargeIntegerToChar(const ULONGLONG *,ULONG,ULONG,PCHAR);
|
|
#endif
|
|
|
|
/* Threadpool functions */
|
|
|
|
NTSYSAPI NTSTATUS WINAPI TpAllocCleanupGroup(TP_CLEANUP_GROUP **);
|
|
NTSYSAPI NTSTATUS WINAPI TpAllocIoCompletion(TP_IO **,HANDLE,PTP_IO_CALLBACK,void *,TP_CALLBACK_ENVIRON *);
|
|
NTSYSAPI NTSTATUS WINAPI TpAllocPool(TP_POOL **,PVOID);
|
|
NTSYSAPI NTSTATUS WINAPI TpAllocTimer(TP_TIMER **,PTP_TIMER_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
|
|
NTSYSAPI NTSTATUS WINAPI TpAllocWait(TP_WAIT **,PTP_WAIT_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
|
|
NTSYSAPI NTSTATUS WINAPI TpAllocWork(TP_WORK **,PTP_WORK_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
|
|
NTSYSAPI void WINAPI TpCallbackLeaveCriticalSectionOnCompletion(TP_CALLBACK_INSTANCE *,RTL_CRITICAL_SECTION *);
|
|
NTSYSAPI NTSTATUS WINAPI TpCallbackMayRunLong(TP_CALLBACK_INSTANCE *);
|
|
NTSYSAPI void WINAPI TpCallbackReleaseMutexOnCompletion(TP_CALLBACK_INSTANCE *,HANDLE);
|
|
NTSYSAPI void WINAPI TpCallbackReleaseSemaphoreOnCompletion(TP_CALLBACK_INSTANCE *,HANDLE,DWORD);
|
|
NTSYSAPI void WINAPI TpCallbackSetEventOnCompletion(TP_CALLBACK_INSTANCE *,HANDLE);
|
|
NTSYSAPI void WINAPI TpCallbackUnloadDllOnCompletion(TP_CALLBACK_INSTANCE *,HMODULE);
|
|
NTSYSAPI void WINAPI TpCancelAsyncIoOperation(TP_IO *);
|
|
NTSYSAPI void WINAPI TpDisassociateCallback(TP_CALLBACK_INSTANCE *);
|
|
NTSYSAPI BOOL WINAPI TpIsTimerSet(TP_TIMER *);
|
|
NTSYSAPI void WINAPI TpPostWork(TP_WORK *);
|
|
NTSYSAPI NTSTATUS WINAPI TpQueryPoolStackInformation(TP_POOL *, TP_POOL_STACK_INFORMATION *stack_info);
|
|
NTSYSAPI void WINAPI TpReleaseCleanupGroup(TP_CLEANUP_GROUP *);
|
|
NTSYSAPI void WINAPI TpReleaseCleanupGroupMembers(TP_CLEANUP_GROUP *,BOOL,PVOID);
|
|
NTSYSAPI void WINAPI TpReleaseIoCompletion(TP_IO *);
|
|
NTSYSAPI void WINAPI TpReleasePool(TP_POOL *);
|
|
NTSYSAPI void WINAPI TpReleaseTimer(TP_TIMER *);
|
|
NTSYSAPI void WINAPI TpReleaseWait(TP_WAIT *);
|
|
NTSYSAPI void WINAPI TpReleaseWork(TP_WORK *);
|
|
NTSYSAPI void WINAPI TpSetPoolMaxThreads(TP_POOL *,DWORD);
|
|
NTSYSAPI BOOL WINAPI TpSetPoolMinThreads(TP_POOL *,DWORD);
|
|
NTSYSAPI NTSTATUS WINAPI TpSetPoolStackInformation(TP_POOL *, TP_POOL_STACK_INFORMATION *stack_info);
|
|
NTSYSAPI void WINAPI TpSetTimer(TP_TIMER *, LARGE_INTEGER *,LONG,LONG);
|
|
NTSYSAPI void WINAPI TpSetWait(TP_WAIT *,HANDLE,LARGE_INTEGER *);
|
|
NTSYSAPI NTSTATUS WINAPI TpSimpleTryPost(PTP_SIMPLE_CALLBACK,PVOID,TP_CALLBACK_ENVIRON *);
|
|
NTSYSAPI void WINAPI TpStartAsyncIoOperation(TP_IO *);
|
|
NTSYSAPI void WINAPI TpWaitForIoCompletion(TP_IO *,BOOL);
|
|
NTSYSAPI void WINAPI TpWaitForTimer(TP_TIMER *,BOOL);
|
|
NTSYSAPI void WINAPI TpWaitForWait(TP_WAIT *,BOOL);
|
|
NTSYSAPI void WINAPI TpWaitForWork(TP_WORK *,BOOL);
|
|
|
|
/* Wine internal functions */
|
|
|
|
NTSYSAPI NTSTATUS WINAPI wine_nt_to_unix_file_name( const OBJECT_ATTRIBUTES *attr, char *nameA, ULONG *size,
|
|
UINT disposition );
|
|
NTSYSAPI NTSTATUS WINAPI wine_unix_to_nt_file_name( const char *name, WCHAR *buffer, ULONG *size );
|
|
|
|
|
|
/***********************************************************************
|
|
* Inline functions
|
|
*/
|
|
|
|
#define InitializeObjectAttributes(p,n,a,r,s) \
|
|
do { \
|
|
(p)->Length = sizeof(OBJECT_ATTRIBUTES); \
|
|
(p)->RootDirectory = r; \
|
|
(p)->Attributes = a; \
|
|
(p)->ObjectName = n; \
|
|
(p)->SecurityDescriptor = s; \
|
|
(p)->SecurityQualityOfService = NULL; \
|
|
} while (0)
|
|
|
|
#define NtCurrentProcess() ((HANDLE)-1)
|
|
|
|
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
|
|
#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
|
|
#define RtlStoreUlong(p,v) do { ULONG _v = (v); memcpy((p), &_v, sizeof(_v)); } while (0)
|
|
#define RtlStoreUlonglong(p,v) do { ULONGLONG _v = (v); memcpy((p), &_v, sizeof(_v)); } while (0)
|
|
#define RtlRetrieveUlong(p,s) memcpy((p), (s), sizeof(ULONG))
|
|
#define RtlRetrieveUlonglong(p,s) memcpy((p), (s), sizeof(ULONGLONG))
|
|
#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
|
|
|
|
static inline BOOLEAN RtlCheckBit(PCRTL_BITMAP lpBits, ULONG ulBit)
|
|
{
|
|
if (lpBits && ulBit < lpBits->SizeOfBitMap &&
|
|
lpBits->Buffer[ulBit >> 5] & (1 << (ulBit & 31)))
|
|
return TRUE;
|
|
return FALSE;
|
|
}
|
|
|
|
/* These are implemented as __fastcall, so we can't let Winelib apps link with them */
|
|
static inline USHORT RtlUshortByteSwap(USHORT s)
|
|
{
|
|
return (s >> 8) | (s << 8);
|
|
}
|
|
static inline ULONG RtlUlongByteSwap(ULONG i)
|
|
{
|
|
#if defined(__i386__) && defined(__GNUC__)
|
|
ULONG ret;
|
|
__asm__("bswap %0" : "=r" (ret) : "0" (i) );
|
|
return ret;
|
|
#else
|
|
return ((ULONG)RtlUshortByteSwap((USHORT)i) << 16) | RtlUshortByteSwap((USHORT)(i >> 16));
|
|
#endif
|
|
}
|
|
|
|
/* list manipulation macros */
|
|
#define InitializeListHead(le) (void)((le)->Flink = (le)->Blink = (le))
|
|
#define InsertHeadList(le,e) do { PLIST_ENTRY f = (le)->Flink; (e)->Flink = f; (e)->Blink = (le); f->Blink = (e); (le)->Flink = (e); } while (0)
|
|
#define InsertTailList(le,e) do { PLIST_ENTRY b = (le)->Blink; (e)->Flink = (le); (e)->Blink = b; b->Flink = (e); (le)->Blink = (e); } while (0)
|
|
#define IsListEmpty(le) ((le)->Flink == (le))
|
|
#define RemoveEntryList(e) do { PLIST_ENTRY f = (e)->Flink, b = (e)->Blink; f->Blink = b; b->Flink = f; (e)->Flink = (e)->Blink = NULL; } while (0)
|
|
static inline PLIST_ENTRY RemoveHeadList(PLIST_ENTRY le)
|
|
{
|
|
PLIST_ENTRY f, b, e;
|
|
|
|
e = le->Flink;
|
|
f = le->Flink->Flink;
|
|
b = le->Flink->Blink;
|
|
f->Blink = b;
|
|
b->Flink = f;
|
|
|
|
if (e != le) e->Flink = e->Blink = NULL;
|
|
return e;
|
|
}
|
|
static inline PLIST_ENTRY RemoveTailList(PLIST_ENTRY le)
|
|
{
|
|
PLIST_ENTRY f, b, e;
|
|
|
|
e = le->Blink;
|
|
f = le->Blink->Flink;
|
|
b = le->Blink->Blink;
|
|
f->Blink = b;
|
|
b->Flink = f;
|
|
|
|
if (e != le) e->Flink = e->Blink = NULL;
|
|
return e;
|
|
}
|
|
|
|
|
|
#ifdef __WINESRC__
|
|
|
|
/* Wine internal functions */
|
|
extern NTSTATUS CDECL __wine_init_unix_lib( HMODULE module, DWORD reason, const void *ptr_in, void *ptr_out );
|
|
extern NTSTATUS WINAPI __wine_unix_spawnvp( char * const argv[], int wait );
|
|
|
|
/* The thread information for 16-bit threads */
|
|
/* NtCurrentTeb()->SubSystemTib points to this */
|
|
typedef struct
|
|
{
|
|
void *unknown; /* 00 unknown */
|
|
UNICODE_STRING *exe_name; /* 04 exe module name */
|
|
|
|
/* the following fields do not exist under Windows */
|
|
UNICODE_STRING exe_str; /* exe name string pointed to by exe_name */
|
|
CURDIR curdir; /* current directory */
|
|
WCHAR curdir_buffer[MAX_PATH];
|
|
} WIN16_SUBSYSTEM_TIB;
|
|
|
|
#endif /* __WINESRC__ */
|
|
|
|
#ifdef __cplusplus
|
|
} /* extern "C" */
|
|
#endif /* defined(__cplusplus) */
|
|
|
|
#endif /* __WINE_WINTERNL_H */
|