Welcome to mirror list, hosted at ThFree Co, Russian Federation.

cygwin.com/git/newlib-cygwin.git - Unnamed repository; edit this file 'description' to name the repository.
summaryrefslogtreecommitdiff
path: root/winsup/cygwin/local_includes/ntdll.h
diff options
context:
space:
mode:
Diffstat (limited to 'winsup/cygwin/local_includes/ntdll.h')
-rw-r--r--winsup/cygwin/local_includes/ntdll.h1765
1 files changed, 1765 insertions, 0 deletions
diff --git a/winsup/cygwin/local_includes/ntdll.h b/winsup/cygwin/local_includes/ntdll.h
new file mode 100644
index 000000000..0f2310882
--- /dev/null
+++ b/winsup/cygwin/local_includes/ntdll.h
@@ -0,0 +1,1765 @@
+/* ntdll.h. Contains ntdll specific stuff not defined elsewhere.
+
+ This file is part of Cygwin.
+
+ This software is a copyrighted work licensed under the terms of the
+ Cygwin license. Please consult the file "CYGWIN_LICENSE" for
+ details. */
+
+#pragma once
+
+#include <w32api/ntstatus.h>
+
+/* Values for Cygwin AF_UNIX socket reparse points. */
+#define IO_REPARSE_TAG_CYGUNIX (0x00006375)
+extern GUID __cygwin_socket_guid;
+#define CYGWIN_SOCKET_GUID (&__cygwin_socket_guid)
+
+/* Status codes not known to Mingw-w64 yet. The error code needs to
+ be maintained here as well as long as Mingw-w64 didn't follow up. */
+#define STATUS_CASE_DIFFERING_NAMES_IN_DIR ((NTSTATUS)0xC00004B3)
+#define ERROR_CASE_DIFFERING_NAMES_IN_DIR __MSABI_LONG(424)
+
+/* Custom Cygwin-only status codes. */
+#define STATUS_THREAD_SIGNALED ((NTSTATUS)0xe0000001)
+#define STATUS_THREAD_CANCELED ((NTSTATUS)0xe0000002)
+#define STATUS_ILLEGAL_DLL_PSEUDO_RELOCATION ((DWORD) 0xe0000269)
+
+/* Simplify checking for a transactional error code. */
+#define NT_TRANSACTIONAL_ERROR(s) \
+ (((ULONG)(s) >= (ULONG)STATUS_TRANSACTIONAL_CONFLICT) \
+ && ((ULONG)(s) <= (ULONG)STATUS_TRANSACTION_NOT_ENLISTED))
+
+#define NtCurrentProcess() ((HANDLE) (LONG_PTR) -1)
+#define NtCurrentThread() ((HANDLE) (LONG_PTR) -2)
+
+/* Creation information returned in IO_STATUS_BLOCK. */
+#define FILE_SUPERSEDED 0
+#define FILE_OPENED 1
+#define FILE_CREATED 2
+#define FILE_OVERWRITTEN 3
+#define FILE_EXISTS 4
+#define FILE_DOES_NOT_EXIST 5
+
+/* Relative file position values in NtWriteFile call. */
+#define FILE_WRITE_TO_END_OF_FILE (-1LL)
+#define FILE_USE_FILE_POINTER_POSITION (-2LL)
+
+/* Device Characteristics. */
+#define FILE_REMOVABLE_MEDIA 0x00000001
+#define FILE_READ_ONLY_DEVICE 0x00000002
+#define FILE_FLOPPY_DISKETTE 0x00000004
+#define FILE_WRITE_ONCE_MEDIA 0x00000008
+#define FILE_REMOTE_DEVICE 0x00000010
+#define FILE_DEVICE_IS_MOUNTED 0x00000020
+#define FILE_VIRTUAL_VOLUME 0x00000040
+#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
+#define FILE_DEVICE_SECURE_OPEN 0x00000100
+
+/* Lock type in NtLockVirtualMemory/NtUnlockVirtualMemory call. */
+#define MAP_PROCESS 1
+#define MAP_SYSTEM 2
+
+/* Directory access rights (only in NT namespace). */
+#define DIRECTORY_QUERY 1
+#define DIRECTORY_TRAVERSE 2
+#define DIRECTORY_CREATE_OBJECT 4
+#define DIRECTORY_CREATE_SUBDIRECTORY 8
+#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|0x0f)
+
+/* Symbolic link access rights (only in NT namespace). */
+#define SYMBOLIC_LINK_QUERY 1
+#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
+
+/* Transaction access rights. */
+#ifndef TRANSACTION_ALL_ACCESS
+#define TRANSACTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x3F)
+#endif
+
+/* Event object access rights. */
+#define EVENT_QUERY_STATE 1
+
+/* Semaphore access rights. */
+#define SEMAPHORE_QUERY_STATE 1
+
+/* Specific ACCESS_MASKSs for objects created in Cygwin. */
+#define CYG_SHARED_DIR_ACCESS (DIRECTORY_QUERY \
+ | DIRECTORY_TRAVERSE \
+ | DIRECTORY_CREATE_SUBDIRECTORY \
+ | DIRECTORY_CREATE_OBJECT \
+ | READ_CONTROL)
+#define CYG_MUTANT_ACCESS (MUTANT_QUERY_STATE \
+ | SYNCHRONIZE \
+ | READ_CONTROL)
+#define CYG_EVENT_ACCESS (EVENT_QUERY_STATE \
+ | EVENT_MODIFY_STATE \
+ | SYNCHRONIZE \
+ | READ_CONTROL)
+#define CYG_SEMAPHORE_ACCESS (SEMAPHORE_QUERY_STATE \
+ | SEMAPHORE_MODIFY_STATE \
+ | SYNCHRONIZE \
+ | READ_CONTROL)
+
+/* Definitions for first parameter of RtlQueryRegistryValues. */
+#define RTL_REGISTRY_ABSOLUTE 0
+#define RTL_REGISTRY_SERVICES 1
+#define RTL_REGISTRY_CONTROL 2
+#define RTL_REGISTRY_WINDOWS_NT 3
+#define RTL_REGISTRY_DEVICEMAP 4
+#define RTL_REGISTRY_USER 5
+#define RTL_REGISTRY_HANDLE 0x40000000
+#define RTL_REGISTRY_OPTIONAL 0x80000000
+
+/* Flags values for QueryTable parameter of RtlQueryRegistryValues. */
+#define RTL_QUERY_REGISTRY_SUBKEY 0x01
+#define RTL_QUERY_REGISTRY_TOPKEY 0x02
+#define RTL_QUERY_REGISTRY_REQUIRED 0x04
+#define RTL_QUERY_REGISTRY_NOVALUE 0x08
+#define RTL_QUERY_REGISTRY_NOEXPAND 0x10
+#define RTL_QUERY_REGISTRY_DIRECT 0x20
+#define RTL_QUERY_REGISTRY_DELETE 0x40
+#define RTL_QUERY_REGISTRY_NOSTRING 0x80
+
+/* What RtlQueryProcessDebugInformation shall return. */
+#define PDI_MODULES 0x01
+#define PDI_HEAPS 0x04
+#define PDI_HEAP_BLOCKS 0x10
+#define PDI_WOW64_MODULES 0x40
+
+/* VM working set list protection values. Returned by NtQueryVirtualMemory. */
+#define WSLE_PAGE_READONLY 0x001
+#define WSLE_PAGE_EXECUTE 0x002
+#define WSLE_PAGE_EXECUTE_READ 0x003
+#define WSLE_PAGE_READWRITE 0x004
+#define WSLE_PAGE_WRITECOPY 0x005
+#define WSLE_PAGE_EXECUTE_READWRITE 0x006
+#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
+#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
+#define WSLE_PAGE_SHAREABLE 0x100
+
+/* Known debug heap flags */
+#define HEAP_FLAG_NOSERIALIZE 0x1
+#define HEAP_FLAG_GROWABLE 0x2
+#define HEAP_FLAG_EXCEPTIONS 0x4
+#define HEAP_FLAG_NONDEFAULT 0x1000
+#define HEAP_FLAG_SHAREABLE 0x8000
+#define HEAP_FLAG_EXECUTABLE 0x40000
+#define HEAP_FLAG_DEBUGGED 0x40000000
+
+#define FILE_VC_QUOTA_NONE 0x00000000
+#define FILE_VC_QUOTA_TRACK 0x00000001
+#define FILE_VC_QUOTA_ENFORCE 0x00000002
+#define FILE_VC_QUOTA_MASK 0x00000003
+#define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
+#define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
+#define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
+#define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
+#define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
+#define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
+#define FILE_VC_QUOTAS_REBUILDING 0x00000200
+#define FILE_VC_VALID_MASK 0x000003ff
+
+/* IOCTL code to impersonate client of named pipe. */
+
+#define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, \
+ METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, \
+ METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, \
+ METHOD_BUFFERED, FILE_READ_DATA)
+#define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, \
+ METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, \
+ METHOD_BUFFERED, FILE_ANY_ACCESS)
+#define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, \
+ METHOD_BUFFERED, FILE_WRITE_DATA)
+
+typedef enum _FILE_INFORMATION_CLASS
+{
+ FileDirectoryInformation = 1, // 1
+ FileFullDirectoryInformation, // 2
+ FileBothDirectoryInformation, // 3
+ FileBasicInformation, // 4
+ FileStandardInformation, // 5
+ FileInternalInformation, // 6
+ FileEaInformation, // 7
+ FileAccessInformation, // 8
+ FileNameInformation, // 9
+ FileRenameInformation, // 10
+ FileLinkInformation, // 11
+ FileNamesInformation, // 12
+ FileDispositionInformation, // 13
+ FilePositionInformation, // 14
+ FileFullEaInformation, // 15
+ FileModeInformation, // 16
+ FileAlignmentInformation, // 17
+ FileAllInformation, // 18
+ FileAllocationInformation, // 19
+ FileEndOfFileInformation, // 20
+ FileAlternateNameInformation, // 21
+ FileStreamInformation, // 22
+ FilePipeInformation, // 23
+ FilePipeLocalInformation, // 24
+ FilePipeRemoteInformation, // 25
+ FileMailslotQueryInformation, // 26
+ FileMailslotSetInformation, // 27
+ FileCompressionInformation, // 28
+ FileObjectIdInformation, // 29
+ FileCompletionInformation, // 30
+ FileMoveClusterInformation, // 31
+ FileQuotaInformation, // 32
+ FileReparsePointInformation, // 33
+ FileNetworkOpenInformation, // 34
+ FileAttributeTagInformation, // 35
+ FileTrackingInformation, // 36
+ FileIdBothDirectoryInformation, // 37
+ FileIdFullDirectoryInformation, // 38
+ FileValidDataLengthInformation, // 39
+ FileShortNameInformation, // 40
+ FileIoCompletionNotificationInformation, // 41
+ FileIoStatusBlockRangeInformation, // 42
+ FileIoPriorityHintInformation, // 43
+ FileSfioReserveInformation, // 44
+ FileSfioVolumeInformation, // 45
+ FileHardLinkInformation, // 46
+ FileProcessIdsUsingFileInformation, // 47
+ FileNormalizedNameInformation, // 48
+ FileNetworkPhysicalNameInformation, // 49
+ FileIdGlobalTxDirectoryInformation, // 50
+ FileIsRemoteDeviceInformation, // 51
+ FileUnusedInformation, // 52
+ FileNumaNodeInformation, // 53
+ FileStandardLinkInformation, // 54
+ FileRemoteProtocolInformation, // 55
+ FileRenameInformationBypassAccessCheck, // 56
+ FileLinkInformationBypassAccessCheck, // 57
+ FileVolumeNameInformation, // 58
+ FileIdInformation, // 59
+ FileIdExtdDirectoryInformation, // 60
+ FileReplaceCompletionInformation, // 61
+ FileHardLinkFullIdInformation, // 62
+ FileIdExtdBothDirectoryInformation, // 63
+ FileDispositionInformationEx, // 64
+ FileRenameInformationEx, // 65
+ FileRenameInformationExBypassAccessCheck, // 66
+ FileDesiredStorageClassInformation, // 67
+ FileStatInformation, // 68
+ FileMemoryPartitionInformation, // 69
+ FileStatLxInformation, // 70
+ FileCaseSensitiveInformation, // 71
+ FileLinkInformationEx, // 72
+ FileLinkInformationExBypassAccessCheck, // 73
+ FileStorageReserveIdInformation, // 74
+ FileCaseSensitiveInformationForceAccessCheck, // 75
+ FileMaximumInformation
+} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
+
+typedef struct _FILE_DIRECTORY_INFORMATION // 1
+{
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
+
+typedef struct _FILE_BOTH_DIR_INFORMATION // 3
+{
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CCHAR ShortNameLength;
+ WCHAR ShortName[12];
+ WCHAR FileName[1];
+} FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
+
+typedef struct _FILE_BASIC_INFORMATION // 4
+{
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ ULONG FileAttributes;
+} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
+
+typedef struct _FILE_STANDARD_INFORMATION // 5
+{
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG NumberOfLinks;
+ BOOLEAN DeletePending;
+ BOOLEAN Directory;
+} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
+
+typedef struct _FILE_INTERNAL_INFORMATION // 6
+{
+ LARGE_INTEGER IndexNumber;
+} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
+
+typedef struct _FILE_EA_INFORMATION // 7
+{
+ ULONG EaSize;
+} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
+
+typedef struct _FILE_ACCESS_INFORMATION // 8
+{
+ ACCESS_MASK AccessFlags;
+} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
+
+typedef struct _FILE_NAME_INFORMATION // 9, 21, 40
+{
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
+
+typedef struct _FILE_RENAME_INFORMATION // 10, 56, 65, 66
+{
+ union
+ {
+ BOOLEAN ReplaceIfExists; // FileRenameInformation
+ ULONG Flags; // FileRenameInformationEx
+ };
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
+
+typedef struct _FILE_LINK_INFORMATION // 11, 57, 72, 73
+{
+ union
+ {
+ BOOLEAN ReplaceIfExists; // FileLinkInformation
+ ULONG Flags; // FileLinkInformationEx
+ };
+ HANDLE RootDirectory;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
+
+typedef struct _FILE_NAMES_INFORMATION // 12
+{
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ ULONG FileNameLength;
+ WCHAR FileName[1];
+} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
+
+typedef struct _FILE_DISPOSITION_INFORMATION // 13
+{
+ BOOLEAN DeleteFile;
+} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
+
+typedef struct _FILE_POSITION_INFORMATION // 14
+{
+ LARGE_INTEGER CurrentByteOffset;
+} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
+
+typedef struct _FILE_MODE_INFORMATION // 16
+{
+ ULONG Mode;
+} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
+
+typedef struct _FILE_ALIGNMENT_INFORMATION // 17
+{
+ ULONG AlignmentRequirement;
+} FILE_ALIGNMENT_INFORMATION;
+
+typedef struct _FILE_ALL_INFORMATION { // 18
+ FILE_BASIC_INFORMATION BasicInformation;
+ FILE_STANDARD_INFORMATION StandardInformation;
+ FILE_INTERNAL_INFORMATION InternalInformation;
+ FILE_EA_INFORMATION EaInformation;
+ FILE_ACCESS_INFORMATION AccessInformation;
+ FILE_POSITION_INFORMATION PositionInformation;
+ FILE_MODE_INFORMATION ModeInformation;
+ FILE_ALIGNMENT_INFORMATION AlignmentInformation;
+ FILE_NAME_INFORMATION NameInformation;
+} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
+
+typedef struct _FILE_END_OF_FILE_INFORMATION // 20
+{
+ LARGE_INTEGER EndOfFile;
+} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
+
+typedef struct _FILE_PIPE_INFORMATION // 23
+{
+ ULONG ReadMode;
+ ULONG CompletionMode;
+} FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
+
+typedef struct _FILE_PIPE_LOCAL_INFORMATION // 24
+{
+ ULONG NamedPipeType;
+ ULONG NamedPipeConfiguration;
+ ULONG MaximumInstances;
+ ULONG CurrentInstances;
+ ULONG InboundQuota;
+ ULONG ReadDataAvailable;
+ ULONG OutboundQuota;
+ ULONG WriteQuotaAvailable;
+ ULONG NamedPipeState;
+ ULONG NamedPipeEnd;
+} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
+
+typedef struct _FILE_COMPRESSION_INFORMATION // 28
+{
+ LARGE_INTEGER CompressedFileSize;
+ USHORT CompressionFormat;
+ UCHAR CompressionUnitShift;
+ UCHAR ChunkShift;
+ UCHAR ClusterShift;
+ UCHAR Reserved[3];
+} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
+
+typedef struct _FILE_NETWORK_OPEN_INFORMATION // 34
+{
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG FileAttributes;
+} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
+
+typedef struct _FILE_ID_BOTH_DIR_INFORMATION // 37
+{
+ ULONG NextEntryOffset;
+ ULONG FileIndex;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER EndOfFile;
+ LARGE_INTEGER AllocationSize;
+ ULONG FileAttributes;
+ ULONG FileNameLength;
+ ULONG EaSize;
+ CCHAR ShortNameLength;
+ WCHAR ShortName[12];
+ LARGE_INTEGER FileId;
+ WCHAR FileName[1];
+} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
+
+typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION // 47
+{
+ ULONG NumberOfProcessIdsInList;
+ ULONG_PTR ProcessIdList[1];
+} FILE_PROCESS_IDS_USING_FILE_INFORMATION,
+ *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
+
+typedef struct _FILE_DISPOSITION_INFORMATION_EX // 64
+{
+ ULONG Flags;
+} FILE_DISPOSITION_INFORMATION_EX, *PFILE_DISPOSITION_INFORMATION_EX;
+
+typedef struct _FILE_STAT_INFORMATION // 68
+{
+ LARGE_INTEGER FileId;
+ LARGE_INTEGER CreationTime;
+ LARGE_INTEGER LastAccessTime;
+ LARGE_INTEGER LastWriteTime;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG FileAttributes;
+ ULONG ReparseTag;
+ ULONG NumberOfLinks;
+ ACCESS_MASK EffectiveAccess;
+} FILE_STAT_INFORMATION, *PFILE_STAT_INFORMATION;
+
+typedef struct _FILE_CASE_SENSITIVE_INFORMATION // 71
+{
+ ULONG Flags;
+} FILE_CASE_SENSITIVE_INFORMATION, *PFILE_CASE_SENSITIVE_INFORMATION;
+
+enum {
+ FILE_LINK_REPLACE_IF_EXISTS = 0x01,
+ FILE_LINK_POSIX_SEMANTICS = 0x02,
+ FILE_LINK_SUPPRESS_STORAGE_RESERVE_INHERITANCE = 0x08,
+ FILE_LINK_NO_INCREASE_AVAILABLE_SPACE = 0x10,
+ FILE_LINK_NO_DECREASE_AVAILABLE_SPACE = 0x20,
+ FILE_LINK_PRESERVE_AVAILABLE_SPACE = 0x30,
+ FILE_LINK_IGNORE_READONLY_ATTRIBUTE = 0x40
+};
+
+enum {
+ FILE_DISPOSITION_DO_NOT_DELETE = 0x00,
+ FILE_DISPOSITION_DELETE = 0x01,
+ FILE_DISPOSITION_POSIX_SEMANTICS = 0x02,
+ FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK = 0x04,
+ FILE_DISPOSITION_ON_CLOSE = 0x08,
+ FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE = 0x10,
+};
+
+enum
+{
+ FILE_RENAME_REPLACE_IF_EXISTS = 0x01,
+ FILE_RENAME_POSIX_SEMANTICS = 0x02,
+ FILE_RENAME_SUPPRESS_PIN_STATE_INHERITANCE = 0x04,
+ FILE_RENAME_SUPPRESS_STORAGE_RESERVE_INHERITANCE = 0x08,
+ FILE_RENAME_NO_INCREASE_AVAILABLE_SPACE = 0x10,
+ FILE_RENAME_NO_DECREASE_AVAILABLE_SPACE = 0x20,
+ FILE_RENAME_PRESERVE_AVAILABLE_SPACE = 0x30,
+ FILE_RENAME_IGNORE_READONLY_ATTRIBUTE = 0x40
+};
+
+enum
+{
+ FILE_CS_FLAG_CASE_SENSITIVE_DIR = 0x01
+};
+
+enum
+{
+ FILE_PIPE_QUEUE_OPERATION = 0,
+ FILE_PIPE_COMPLETE_OPERATION = 1
+};
+
+enum
+{
+ FILE_PIPE_BYTE_STREAM_MODE = 0,
+ FILE_PIPE_MESSAGE_MODE = 1
+};
+
+enum
+{
+ FILE_PIPE_DISCONNECTED_STATE = 1,
+ FILE_PIPE_LISTENING_STATE = 2,
+ FILE_PIPE_CONNECTED_STATE = 3,
+ FILE_PIPE_CLOSING_STATE = 4
+};
+
+enum
+{
+ FILE_PIPE_INBOUND = 0,
+ FILE_PIPE_OUTBOUND = 1,
+ FILE_PIPE_FULL_DUPLEX = 2
+};
+
+enum
+{
+ FILE_PIPE_CLIENT_END = 0,
+ FILE_PIPE_SERVER_END = 1
+};
+
+enum
+{
+ FILE_PIPE_BYTE_STREAM_TYPE = 0,
+ FILE_PIPE_MESSAGE_TYPE = 1,
+ FILE_PIPE_REJECT_REMOTE_CLIENTS = 2
+};
+
+typedef struct _FILE_PIPE_PEEK_BUFFER {
+ ULONG NamedPipeState;
+ ULONG ReadDataAvailable;
+ ULONG NumberOfMessages;
+ ULONG MessageLength;
+ CHAR Data[1];
+} FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
+
+typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
+ LARGE_INTEGER Timeout;
+ ULONG NameLength;
+ BOOLEAN TimeoutSpecified;
+ WCHAR Name[1];
+} FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
+
+typedef enum _SYSTEM_INFORMATION_CLASS
+{
+ SystemBasicInformation = 0,
+ SystemPerformanceInformation = 2,
+ SystemTimeOfDayInformation = 3,
+ SystemProcessInformation = 5,
+ SystemProcessorPerformanceInformation = 8,
+ SystemHandleInformation = 16,
+ SystemPagefileInformation = 18,
+ SystemProcessIdInformation = 0x58,
+ /* There are a lot more of these... */
+} SYSTEM_INFORMATION_CLASS;
+
+typedef struct _SYSTEM_BASIC_INFORMATION
+{
+ ULONG Unknown;
+ ULONG MaximumIncrement;
+ ULONG PhysicalPageSize;
+ ULONG NumberOfPhysicalPages;
+ ULONG LowestPhysicalPage;
+ ULONG HighestPhysicalPage;
+ ULONG AllocationGranularity;
+ ULONG_PTR LowestUserAddress;
+ ULONG_PTR HighestUserAddress;
+ ULONG_PTR ActiveProcessors;
+ UCHAR NumberProcessors;
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
+
+typedef struct _SYSTEM_PAGEFILE_INFORMATION
+{
+ ULONG NextEntryOffset;
+ ULONG CurrentSize;
+ ULONG TotalUsed;
+ ULONG PeakUsed;
+ UNICODE_STRING FileName;
+} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
+
+typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
+{
+ LARGE_INTEGER IdleTime;
+ LARGE_INTEGER KernelTime;
+ LARGE_INTEGER UserTime;
+ LARGE_INTEGER DpcTime;
+ LARGE_INTEGER InterruptTime;
+ ULONG InterruptCount;
+} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
+
+typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
+{
+ USHORT UniqueProcessId;
+ USHORT CreatorBackTraceIndex;
+ UCHAR ObjectTypeIndex;
+ UCHAR HandleAttributes;
+ USHORT HandleValue;
+ PVOID Object;
+ ULONG GrantedAccess;
+} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
+
+typedef struct _SYSTEM_HANDLE_INFORMATION
+{
+ ULONG NumberOfHandles;
+ SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
+} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
+
+typedef LONG KPRIORITY;
+
+typedef struct _VM_COUNTERS
+{
+ SIZE_T PeakVirtualSize;
+ SIZE_T VirtualSize;
+ ULONG PageFaultCount;
+ SIZE_T PeakWorkingSetSize;
+ SIZE_T WorkingSetSize;
+ SIZE_T QuotaPeakPagedPoolUsage;
+ SIZE_T QuotaPagedPoolUsage;
+ SIZE_T QuotaPeakNonPagedPoolUsage;
+ SIZE_T QuotaNonPagedPoolUsage;
+ SIZE_T PagefileUsage;
+ SIZE_T PeakPagefileUsage;
+} VM_COUNTERS, *PVM_COUNTERS;
+
+typedef struct _CLIENT_ID
+{
+ HANDLE UniqueProcess;
+ HANDLE UniqueThread;
+} CLIENT_ID, *PCLIENT_ID;
+
+typedef enum
+{
+ StateInitialized,
+ StateReady,
+ StateRunning,
+ StateStandby,
+ StateTerminated,
+ StateWait,
+ StateTransition,
+ StateUnknown,
+} THREAD_STATE;
+
+typedef enum
+{
+ Executive,
+ FreePage,
+ PageIn,
+ PoolAllocation,
+ DelayExecution,
+ Suspended,
+ UserRequest,
+ WrExecutive,
+ WrFreePage,
+ WrPageIn,
+ WrPoolAllocation,
+ WrDelayExecution,
+ WrSuspended,
+ WrUserRequest,
+ WrEventPair,
+ WrQueue,
+ WrLpcReceive,
+ WrLpcReply,
+ WrVirtualMemory,
+ WrPageOut,
+ WrRendezvous,
+ Spare2,
+ Spare3,
+ Spare4,
+ Spare5,
+ Spare6,
+ WrKernel,
+ MaximumWaitReason
+} KWAIT_REASON;
+
+typedef struct _SYSTEM_THREADS
+{
+ LARGE_INTEGER KernelTime;
+ LARGE_INTEGER UserTime;
+ LARGE_INTEGER CreateTime;
+ ULONG WaitTime;
+ PVOID StartAddress;
+ CLIENT_ID ClientId;
+ KPRIORITY Priority;
+ KPRIORITY BasePriority;
+ ULONG ContextSwitchCount;
+ THREAD_STATE State;
+ KWAIT_REASON WaitReason;
+ DWORD Reserved;
+} SYSTEM_THREADS, *PSYSTEM_THREADS;
+
+typedef struct _SYSTEM_PROCESS_INFORMATION
+{
+ ULONG NextEntryOffset;
+ ULONG NumberOfThreads;
+ ULONG Reserved1[6];
+ LARGE_INTEGER CreateTime;
+ LARGE_INTEGER UserTime;
+ LARGE_INTEGER KernelTime;
+ UNICODE_STRING ImageName;
+ KPRIORITY BasePriority;
+ HANDLE UniqueProcessId;
+ HANDLE InheritedFromUniqueProcessId;
+ ULONG HandleCount;
+ ULONG SessionId;
+ ULONG PageDirectoryBase;
+ VM_COUNTERS VirtualMemoryCounters;
+ SIZE_T PrivatePageCount;
+ IO_COUNTERS IoCounters;
+ SYSTEM_THREADS Threads[1];
+} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
+
+typedef struct _SYSTEM_PERFORMANCE_INFORMATION
+{
+ LARGE_INTEGER IdleTime;
+ LARGE_INTEGER ReadTransferCount;
+ LARGE_INTEGER WriteTransferCount;
+ LARGE_INTEGER OtherTransferCount;
+ ULONG ReadOperationCount;
+ ULONG WriteOperationCount;
+ ULONG OtherOperationCount;
+ ULONG AvailablePages;
+ ULONG TotalCommittedPages;
+ ULONG TotalCommitLimit;
+ ULONG PeakCommitment;
+ ULONG PageFaults;
+ ULONG WriteCopyFaults;
+ ULONG TransitionFaults;
+ ULONG Reserved1;
+ ULONG DemandZeroFaults;
+ ULONG PagesRead;
+ ULONG PageReadIos;
+ ULONG Reserved2[2];
+ ULONG PagefilePagesWritten;
+ ULONG PagefilePageWriteIos;
+ ULONG MappedFilePagesWritten;
+ ULONG MappedFilePageWriteIos;
+ ULONG PagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG PagedPoolAllocs;
+ ULONG PagedPoolFrees;
+ ULONG NonPagedPoolAllocs;
+ ULONG NonPagedPoolFrees;
+ ULONG TotalFreeSystemPtes;
+ ULONG SystemCodePage;
+ ULONG TotalSystemDriverPages;
+ ULONG TotalSystemCodePages;
+ ULONG SmallNonPagedLookasideListAllocateHits;
+ ULONG SmallPagedLookasideListAllocateHits;
+ ULONG Reserved3;
+ ULONG MmSystemCachePage;
+ ULONG PagedPoolPage;
+ ULONG SystemDriverPage;
+ ULONG FastReadNoWait;
+ ULONG FastReadWait;
+ ULONG FastReadResourceMiss;
+ ULONG FastReadNotPossible;
+ ULONG FastMdlReadNoWait;
+ ULONG FastMdlReadWait;
+ ULONG FastMdlReadResourceMiss;
+ ULONG FastMdlReadNotPossible;
+ ULONG MapDataNoWait;
+ ULONG MapDataWait;
+ ULONG MapDataNoWaitMiss;
+ ULONG MapDataWaitMiss;
+ ULONG PinMappedDataCount;
+ ULONG PinReadNoWait;
+ ULONG PinReadWait;
+ ULONG PinReadNoWaitMiss;
+ ULONG PinReadWaitMiss;
+ ULONG CopyReadNoWait;
+ ULONG CopyReadWait;
+ ULONG CopyReadNoWaitMiss;
+ ULONG CopyReadWaitMiss;
+ ULONG MdlReadNoWait;
+ ULONG MdlReadWait;
+ ULONG MdlReadNoWaitMiss;
+ ULONG MdlReadWaitMiss;
+ ULONG ReadAheadIos;
+ ULONG LazyWriteIos;
+ ULONG LazyWritePages;
+ ULONG DataFlushes;
+ ULONG DataPages;
+ ULONG ContextSwitches;
+ ULONG FirstLevelTbFills;
+ ULONG SecondLevelTbFills;
+ ULONG SystemCalls;
+} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
+
+typedef struct _SYSTEM_TIMEOFDAY_INFORMATION
+{
+ LARGE_INTEGER BootTime;
+ LARGE_INTEGER CurrentTime;
+ LARGE_INTEGER TimeZoneBias;
+ ULONG CurrentTimeZoneId;
+ BYTE Reserved1[20]; /* Per MSDN. Always 0. */
+} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
+
+typedef struct _SYSTEM_PROCESS_ID_INFORMATION
+{
+ PVOID ProcessId;
+ UNICODE_STRING ImageName;
+} SYSTEM_PROCESS_ID_INFORMATION, *PSYSTEM_PROCESS_ID_INFORMATION;
+
+typedef enum _PROCESSINFOCLASS
+{
+ ProcessBasicInformation = 0,
+ ProcessQuotaLimits = 1,
+ ProcessVmCounters = 3,
+ ProcessTimes = 4,
+ ProcessSessionInformation = 24,
+ ProcessWow64Information = 26,
+ ProcessImageFileName = 27,
+ ProcessDebugFlags = 31,
+ ProcessHandleInformation = 51 /* Since Win8 */
+} PROCESSINFOCLASS;
+
+typedef struct _PROCESS_HANDLE_TABLE_ENTRY_INFO
+{
+ HANDLE HandleValue;
+ ULONG_PTR HandleCount;
+ ULONG_PTR PointerCount;
+ ULONG GrantedAccess;
+ ULONG ObjectTypeIndex;
+ ULONG HandleAttributes;
+ ULONG Reserved;
+} PROCESS_HANDLE_TABLE_ENTRY_INFO, *PPROCESS_HANDLE_TABLE_ENTRY_INFO;
+
+typedef struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION
+{
+ ULONG_PTR NumberOfHandles;
+ ULONG_PTR Reserved;
+ PROCESS_HANDLE_TABLE_ENTRY_INFO Handles[1];
+} PROCESS_HANDLE_SNAPSHOT_INFORMATION, *PPROCESS_HANDLE_SNAPSHOT_INFORMATION;
+
+typedef struct _DEBUG_BUFFER
+{
+ HANDLE SectionHandle;
+ PVOID SectionBase;
+ PVOID RemoteSectionBase;
+ ULONG_PTR SectionBaseDelta;
+ HANDLE EventPairHandle;
+ ULONG_PTR Unknown[2];
+ HANDLE RemoteThreadHandle;
+ ULONG InfoClassMask;
+ ULONG_PTR SizeOfInfo;
+ ULONG_PTR AllocatedSize;
+ ULONG_PTR SectionSize;
+ PVOID ModuleInformation;
+ PVOID BackTraceInformation;
+ PVOID HeapInformation;
+ PVOID LockInformation;
+ PVOID Reserved[8];
+} DEBUG_BUFFER, *PDEBUG_BUFFER;
+
+typedef struct _DEBUG_HEAP_INFORMATION
+{
+ ULONG_PTR Base;
+ ULONG Flags;
+ USHORT Granularity;
+ USHORT Unknown;
+ ULONG_PTR Allocated;
+ ULONG_PTR Committed;
+ ULONG TagCount;
+ ULONG BlockCount;
+ ULONG Reserved[7];
+ PVOID Tags;
+ PVOID Blocks;
+} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
+
+typedef struct _DEBUG_HEAP_ARRAY
+{
+ ULONG Count;
+ DEBUG_HEAP_INFORMATION Heaps[1];
+} DEBUG_HEAP_ARRAY, *PDEBUG_HEAP_ARRAY;
+
+typedef struct _DEBUG_HEAP_BLOCK
+{
+ ULONG_PTR Size;
+ ULONG Flags;
+ ULONG_PTR Committed;
+ ULONG_PTR Address;
+} DEBUG_HEAP_BLOCK, *PDEBUG_HEAP_BLOCK;
+
+typedef struct _DEBUG_MODULE_INFORMATION
+{
+ ULONG_PTR Reserved[2];
+ ULONG_PTR Base;
+ ULONG Size;
+ ULONG Flags;
+ USHORT Index;
+ USHORT Unknown;
+ USHORT LoadCount;
+ USHORT ModuleNameOffset;
+ CHAR ImageName[256];
+} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
+
+typedef struct _DEBUG_MODULE_ARRAY
+{
+ ULONG Count;
+ DEBUG_MODULE_INFORMATION Modules[1];
+} DEBUG_MODULE_ARRAY, *PDEBUG_MODULE_ARRAY;
+
+typedef struct _KERNEL_USER_TIMES
+{
+ LARGE_INTEGER CreateTime;
+ LARGE_INTEGER ExitTime;
+ LARGE_INTEGER KernelTime;
+ LARGE_INTEGER UserTime;
+} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
+
+typedef struct _LDR_DATA_TABLE_ENTRY
+{
+ /* Heads up! The pointers within the LIST_ENTRYs don't point to the
+ start of the next LDR_DATA_TABLE_ENTRY, but rather they point to the
+ start of their respective LIST_ENTRY *within* LDR_DATA_TABLE_ENTRY. */
+ LIST_ENTRY InLoadOrderLinks;
+ LIST_ENTRY InMemoryOrderLinks;
+ LIST_ENTRY InInitializationOrderLinks;
+ PVOID DllBase;
+ PVOID EntryPoint;
+ ULONG SizeOfImage;
+ UNICODE_STRING FullDllName;
+ UNICODE_STRING BaseDllName;
+ ULONG Flags;
+ USHORT LoadCount;
+ /* More follows. Left out since it's just not used. The aforementioned
+ part of the structure is stable from at least NT4 up to Windows 8,
+ including WOW64. */
+} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
+
+typedef struct _PEB_LDR_DATA
+{
+ ULONG Length;
+ BOOLEAN Initialized;
+ PVOID SsHandle;
+ /* Heads up! The pointers within the LIST_ENTRYs don't point to the
+ start of the next LDR_DATA_TABLE_ENTRY, but rather they point to the
+ start of their respective LIST_ENTRY *within* LDR_DATA_TABLE_ENTRY. */
+ LIST_ENTRY InLoadOrderModuleList;
+ LIST_ENTRY InMemoryOrderModuleList;
+ LIST_ENTRY InInitializationOrderModuleList;
+ PVOID EntryInProgress;
+} PEB_LDR_DATA, *PPEB_LDR_DATA;
+
+typedef struct _RTL_USER_PROCESS_PARAMETERS
+{
+ ULONG AllocationSize;
+ ULONG Size;
+ ULONG Flags;
+ ULONG DebugFlags;
+ HANDLE hConsole;
+ ULONG ProcessGroup;
+ HANDLE hStdInput;
+ HANDLE hStdOutput;
+ HANDLE hStdError;
+ UNICODE_STRING CurrentDirectoryName;
+ HANDLE CurrentDirectoryHandle;
+ UNICODE_STRING DllPath;
+ UNICODE_STRING ImagePathName;
+ UNICODE_STRING CommandLine;
+ PWSTR Environment;
+ ULONG dwX;
+ ULONG dwY;
+ ULONG dwXSize;
+ ULONG dwYSize;
+ ULONG dwXCountChars;
+ ULONG dwYCountChars;
+ ULONG dwFillAttribute;
+ ULONG dwFlags;
+ ULONG wShowWindow;
+ UNICODE_STRING WindowTitle;
+ UNICODE_STRING DesktopInfo;
+ UNICODE_STRING ShellInfo;
+ UNICODE_STRING RuntimeInfo;
+} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
+
+typedef struct _PEB
+{
+ BYTE Reserved1[2];
+ BYTE BeingDebugged;
+ BYTE Reserved2[1];
+ PVOID Reserved3[2];
+ PPEB_LDR_DATA Ldr;
+ PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
+ PVOID Reserved4;
+ PVOID ProcessHeap;
+ PRTL_CRITICAL_SECTION FastPebLock;
+ PVOID Reserved5[2];
+ ULONG EnvironmentUpdateCount;
+ BYTE Reserved6[228];
+ PVOID Reserved7[49];
+ ULONG SessionId;
+ /* A lot more follows... */
+} PEB, *PPEB;
+
+typedef struct _GDI_TEB_BATCH
+{
+ ULONG Offset;
+ HANDLE HDC;
+ ULONG Buffer[0x136];
+} GDI_TEB_BATCH, *PGDI_TEB_BATCH;
+
+typedef struct _TEB
+{
+ NT_TIB Tib;
+ PVOID EnvironmentPointer;
+ CLIENT_ID ClientId;
+ PVOID ActiveRpcHandle;
+ PVOID ThreadLocalStoragePointer;
+ PPEB Peb;
+ ULONG LastErrorValue;
+ ULONG CountOfOwnedCriticalSections;
+ PVOID CsrClientThread;
+ PVOID Win32ThreadInfo;
+ ULONG User32Reserved[26];
+ ULONG UserReserved[5];
+ PVOID WOW32Reserved;
+ LCID CurrentLocale;
+ ULONG FpSoftwareStatusRegister;
+ PVOID SystemReserved1[54];
+ LONG ExceptionCode;
+ PVOID ActivationContextStackPointer;
+ UCHAR SpareBytes1[0x30 - 3 * sizeof(PVOID)];
+ ULONG TxFsContext;
+ GDI_TEB_BATCH GdiTebBatch;
+ CLIENT_ID RealClientId;
+ PVOID GdiCachedProcessHandle;
+ ULONG GdiClientPID;
+ ULONG GdiClientTID;
+ PVOID GdiThreadLocalInfo;
+ SIZE_T Win32ClientInfo[62];
+ PVOID glDispatchTable[233];
+ SIZE_T glReserved1[29];
+ PVOID glReserved2;
+ PVOID glSectionInfo;
+ PVOID glSection;
+ PVOID glTable;
+ PVOID glCurrentRC;
+ PVOID glContext;
+ ULONG LastStatusValue;
+ UNICODE_STRING StaticUnicodeString;
+ WCHAR StaticUnicodeBuffer[261];
+ PVOID DeallocationStack;
+ PVOID TlsSlots[64];
+ BYTE Reserved3[8];
+ PVOID Reserved4[26];
+ PVOID ReservedForOle;
+ PVOID Reserved5[4];
+ PVOID TlsExpansionSlots;
+ /* A lot more follows... */
+} TEB, *PTEB;
+
+typedef struct _KSYSTEM_TIME
+{
+ ULONG LowPart;
+ LONG High1Time;
+ LONG High2Time;
+} KSYSTEM_TIME, *PKSYSTEM_TIME;
+
+typedef struct _KUSER_SHARED_DATA
+{
+ BYTE Reserved1[0x08];
+ KSYSTEM_TIME InterruptTime;
+ BYTE Reserved2[0x2c8];
+ ULONG DismountCount;
+ BYTE Reserved3[0xd0];
+ UINT64 InterruptTimeBias;
+} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
+
+typedef struct _PROCESS_BASIC_INFORMATION
+{
+ NTSTATUS ExitStatus;
+ PPEB PebBaseAddress;
+ KAFFINITY AffinityMask;
+ KPRIORITY BasePriority;
+ ULONG_PTR UniqueProcessId;
+ ULONG_PTR InheritedFromUniqueProcessId;
+} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
+
+typedef struct _PROCESS_SESSION_INFORMATION
+{
+ ULONG SessionId;
+} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
+
+typedef enum _MEMORY_INFORMATION_CLASS
+{
+ MemoryBasicInformation,
+ MemoryWorkingSetList,
+ MemorySectionName,
+ MemoryBasicVlmInformation
+} MEMORY_INFORMATION_CLASS;
+
+typedef struct _MEMORY_WORKING_SET_LIST
+{
+ ULONG NumberOfPages;
+ ULONG_PTR WorkingSetList[1];
+} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
+
+typedef struct _MEMORY_SECTION_NAME
+{
+ UNICODE_STRING SectionFileName;
+} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
+
+typedef struct _FILE_FS_DEVICE_INFORMATION
+{
+ ULONG DeviceType;
+ ULONG Characteristics;
+} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
+
+typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
+{
+ ULONG FileSystemAttributes;
+ ULONG MaximumComponentNameLength;
+ ULONG FileSystemNameLength;
+ WCHAR FileSystemName[1];
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
+
+#pragma pack(push,4)
+typedef struct _FILE_FS_VOLUME_INFORMATION
+{
+ LARGE_INTEGER VolumeCreationTime;
+ ULONG VolumeSerialNumber;
+ ULONG VolumeLabelLength;
+ BOOLEAN SupportsObjects;
+ BOOLEAN __dummy;
+ WCHAR VolumeLabel[1];
+} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
+#pragma pack(pop)
+
+typedef struct _FILE_FS_SIZE_INFORMATION
+{
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER AvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_CONTROL_INFORMATION {
+ LARGE_INTEGER FreeSpaceStartFiltering;
+ LARGE_INTEGER FreeSpaceThreshold;
+ LARGE_INTEGER FreeSpaceStopFiltering;
+ LARGE_INTEGER DefaultQuotaThreshold;
+ LARGE_INTEGER DefaultQuotaLimit;
+ ULONG FileSystemControlFlags;
+} FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
+
+typedef struct _FILE_FS_FULL_SIZE_INFORMATION
+{
+ LARGE_INTEGER TotalAllocationUnits;
+ LARGE_INTEGER CallerAvailableAllocationUnits;
+ LARGE_INTEGER ActualAvailableAllocationUnits;
+ ULONG SectorsPerAllocationUnit;
+ ULONG BytesPerSector;
+} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
+
+typedef struct _FILE_FS_OBJECTID_INFORMATION
+{
+ UCHAR ObjectId[16];
+ UCHAR ExtendedInfo[48];
+} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
+
+typedef enum _FSINFOCLASS {
+ FileFsVolumeInformation = 1,
+ FileFsLabelInformation,
+ FileFsSizeInformation,
+ FileFsDeviceInformation,
+ FileFsAttributeInformation,
+ FileFsControlInformation,
+ FileFsFullSizeInformation,
+ FileFsObjectIdInformation,
+ FileFsDriverPathInformation,
+ FileFsMaximumInformation
+} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
+
+typedef enum _OBJECT_INFORMATION_CLASS
+{
+ ObjectBasicInformation = 0,
+ ObjectNameInformation = 1,
+ ObjectHandleInformation = 4
+ // and many more
+} OBJECT_INFORMATION_CLASS;
+
+typedef struct _OBJECT_BASIC_INFORMATION
+{
+ ULONG Attributes;
+ ACCESS_MASK GrantedAccess;
+ ULONG HandleCount;
+ ULONG PointerCount;
+ ULONG PagedPoolUsage;
+ ULONG NonPagedPoolUsage;
+ ULONG Reserved[3];
+ ULONG NameInformationLength;
+ ULONG TypeInformationLength;
+ ULONG SecurityDescriptorLength;
+ LARGE_INTEGER CreateTime;
+} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
+
+typedef struct _OBJECT_NAME_INFORMATION
+{
+ UNICODE_STRING Name;
+} OBJECT_NAME_INFORMATION;
+
+typedef struct _DIRECTORY_BASIC_INFORMATION
+{
+ UNICODE_STRING ObjectName;
+ UNICODE_STRING ObjectTypeName;
+} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
+
+typedef struct _FILE_GET_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ SID Sid;
+} FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
+
+typedef struct _FILE_QUOTA_INFORMATION {
+ ULONG NextEntryOffset;
+ ULONG SidLength;
+ LARGE_INTEGER ChangeTime;
+ LARGE_INTEGER QuotaUsed;
+ LARGE_INTEGER QuotaThreshold;
+ LARGE_INTEGER QuotaLimit;
+ SID Sid;
+} FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
+
+typedef struct _FILE_GET_EA_INFORMATION
+{
+ ULONG NextEntryOffset;
+ UCHAR EaNameLength;
+ CHAR EaName[1];
+} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
+
+typedef struct _FILE_FULL_EA_INFORMATION
+{
+ ULONG NextEntryOffset;
+ UCHAR Flags;
+ UCHAR EaNameLength;
+ USHORT EaValueLength;
+ CHAR EaName[1];
+} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
+
+typedef struct _FILE_MAILSLOT_SET_INFORMATION
+{
+ LARGE_INTEGER ReadTimeout;
+} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
+
+typedef struct _IO_STATUS_BLOCK
+{
+ union {
+ NTSTATUS Status;
+ PVOID Pointer;
+ };
+ ULONG_PTR Information;
+} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
+
+typedef VOID (*PIO_APC_ROUTINE)(PVOID, PIO_STATUS_BLOCK, ULONG);
+
+typedef struct _EVENT_BASIC_INFORMATION
+{
+ EVENT_TYPE EventType;
+ LONG SignalState;
+} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
+
+typedef enum _EVENT_INFORMATION_CLASS
+{
+ EventBasicInformation = 0
+} EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS;
+
+typedef struct _SEMAPHORE_BASIC_INFORMATION
+{
+ LONG CurrentCount;
+ LONG MaximumCount;
+} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
+
+typedef enum _SEMAPHORE_INFORMATION_CLASS
+{
+ SemaphoreBasicInformation = 0
+} SEMAPHORE_INFORMATION_CLASS, *PSEMAPHORE_INFORMATION_CLASS;
+
+typedef enum _THREADINFOCLASS
+{
+ ThreadBasicInformation = 0,
+ ThreadTimes = 1,
+ ThreadImpersonationToken = 5,
+ ThreadQuerySetWin32StartAddress = 9
+} THREADINFOCLASS, *PTHREADINFOCLASS;
+
+typedef struct _THREAD_BASIC_INFORMATION
+{
+ NTSTATUS ExitStatus;
+ PNT_TIB TebBaseAddress;
+ CLIENT_ID ClientId;
+ KAFFINITY AffinityMask;
+ KPRIORITY Priority;
+ KPRIORITY BasePriority;
+} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
+
+typedef enum _TIMER_INFORMATION_CLASS {
+ TimerBasicInformation = 0
+} TIMER_INFORMATION_CLASS, *PTIMER_INFORMATION_CLASS;
+
+typedef struct _TIMER_BASIC_INFORMATION {
+ LARGE_INTEGER TimeRemaining;
+ BOOLEAN SignalState;
+} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
+
+typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE)
+ (PWSTR, ULONG, PVOID, ULONG, PVOID, PVOID);
+
+typedef struct _RTL_QUERY_REGISTRY_TABLE
+{
+ PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
+ ULONG Flags;
+ PCWSTR Name;
+ PVOID EntryContext;
+ ULONG DefaultType;
+ PVOID DefaultData;
+ ULONG DefaultLength;
+} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
+
+typedef enum _KEY_VALUE_INFORMATION_CLASS
+{
+ KeyValueBasicInformation = 0,
+ KeyValueFullInformation,
+ KeyValuePartialInformation
+} KEY_VALUE_INFORMATION_CLASS, *PKEY_VALUE_INFORMATION_CLASS;
+
+typedef struct _KEY_VALUE_PARTIAL_INFORMATION
+{
+ ULONG TitleIndex;
+ ULONG Type;
+ ULONG DataLength;
+ UCHAR Data[1];
+} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
+
+typedef enum _SECTION_INHERIT
+{
+ ViewShare = 1,
+ ViewUnmap = 2
+} SECTION_INHERIT;
+
+typedef VOID (APIENTRY *PTIMER_APC_ROUTINE)(PVOID, ULONG, ULONG);
+
+typedef struct _SCOPE_TABLE
+{
+ ULONG Count;
+ struct
+ {
+ ULONG BeginAddress;
+ ULONG EndAddress;
+ ULONG HandlerAddress;
+ ULONG JumpTarget;
+ } ScopeRecord[1];
+} SCOPE_TABLE, *PSCOPE_TABLE;
+
+#ifdef __cplusplus
+/* This is the mapping of the KUSER_SHARED_DATA structure into the user
+ address space on BOTH architectures, 32 and 64 bit!
+ We need it here to access the current DismountCount and InterruptTime. */
+static volatile KUSER_SHARED_DATA &SharedUserData
+ = *(volatile KUSER_SHARED_DATA *) 0x7ffe0000;
+
+/* Function declarations for ntdll.dll. These don't appear in any
+ standard Win32 header. */
+
+extern "C"
+{
+#endif
+ NTSTATUS NtAccessCheck (PSECURITY_DESCRIPTOR, HANDLE, ACCESS_MASK,
+ PGENERIC_MAPPING, PPRIVILEGE_SET, PULONG,
+ PACCESS_MASK, PNTSTATUS);
+ NTSTATUS NtAdjustPrivilegesToken (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG,
+ PTOKEN_PRIVILEGES, PULONG);
+ NTSTATUS NtAllocateLocallyUniqueId (PLUID);
+ NTSTATUS NtAssignProcessToJobObject (HANDLE, HANDLE);
+ NTSTATUS NtCancelTimer (HANDLE, PBOOLEAN);
+ NTSTATUS NtClose (HANDLE);
+ NTSTATUS NtCommitTransaction (HANDLE, BOOLEAN);
+ NTSTATUS NtCreateDirectoryObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtCreateEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE,
+ BOOLEAN);
+ NTSTATUS NtCreateFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
+ PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG,
+ ULONG, PVOID, ULONG);
+ NTSTATUS NtCreateJobObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtCreateKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG,
+ PUNICODE_STRING, ULONG, PULONG);
+ NTSTATUS NtCreateMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN);
+ NTSTATUS NtCreateNamedPipeFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
+ PIO_STATUS_BLOCK, ULONG, ULONG, ULONG, ULONG,
+ ULONG, ULONG, ULONG, ULONG, ULONG,
+ PLARGE_INTEGER);
+ NTSTATUS NtCreateSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
+ PLARGE_INTEGER, ULONG, ULONG, HANDLE);
+ NTSTATUS NtCreateSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, LONG,
+ LONG);
+ NTSTATUS NtCreateSymbolicLinkObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
+ PUNICODE_STRING);
+ NTSTATUS NtCreateTimer (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, TIMER_TYPE);
+ NTSTATUS NtCreateTransaction (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
+ LPGUID, HANDLE, ULONG, ULONG, ULONG,
+ PLARGE_INTEGER, PUNICODE_STRING);
+ NTSTATUS NtDuplicateToken (HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN,
+ TOKEN_TYPE, PHANDLE);
+ NTSTATUS NtFsControlFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
+ PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID,
+ ULONG);
+ NTSTATUS NtFlushBuffersFile (HANDLE, PIO_STATUS_BLOCK);
+ NTSTATUS NtLockFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK,
+ PLARGE_INTEGER, PLARGE_INTEGER, ULONG, BOOLEAN, BOOLEAN);
+ NTSTATUS NtLockVirtualMemory (HANDLE, PVOID *, PSIZE_T, ULONG);
+ NTSTATUS NtMapViewOfSection (HANDLE, HANDLE, PVOID *, ULONG_PTR, SIZE_T,
+ PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT, ULONG,
+ ULONG);
+ NTSTATUS NtMapViewOfSectionEx (HANDLE, HANDLE, PVOID *, PLARGE_INTEGER,
+ PSIZE_T, ULONG, ULONG, PMEM_EXTENDED_PARAMETER,
+ ULONG);
+ NTSTATUS NtOpenDirectoryObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
+ PIO_STATUS_BLOCK, ULONG, ULONG);
+ NTSTATUS NtOpenJobObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenProcessToken (HANDLE, ACCESS_MASK, PHANDLE);
+ NTSTATUS NtOpenThreadToken (HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
+ NTSTATUS NtOpenSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ NTSTATUS NtOpenSymbolicLinkObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
+ /* WARNING! Don't rely on the timestamp information returned by
+ NtQueryAttributesFile. Only the DOS file attribute info is reliable. */
+ NTSTATUS NtPrivilegeCheck (HANDLE, PPRIVILEGE_SET, PBOOLEAN);
+ NTSTATUS NtQueryAttributesFile (POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
+ NTSTATUS NtQueryDirectoryFile(HANDLE, HANDLE, PVOID, PVOID, PIO_STATUS_BLOCK,
+ PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN,
+ PUNICODE_STRING, BOOLEAN);
+ NTSTATUS NtQueryDirectoryObject (HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN,
+ PULONG, PULONG);
+ NTSTATUS NtQueryEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN,
+ PVOID, ULONG, PULONG, BOOLEAN);
+ NTSTATUS NtQueryEvent (HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+ NTSTATUS NtQueryInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
+ FILE_INFORMATION_CLASS);
+ NTSTATUS NtQueryInformationJobObject (HANDLE, JOBOBJECTINFOCLASS, PVOID,
+ ULONG, PULONG);
+ NTSTATUS NtQueryInformationProcess (HANDLE, PROCESSINFOCLASS, PVOID, ULONG,
+ PULONG);
+ NTSTATUS NtQueryInformationThread (HANDLE, THREADINFOCLASS, PVOID, ULONG,
+ PULONG);
+ NTSTATUS NtQueryInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, PVOID,
+ ULONG, PULONG);
+ NTSTATUS NtQueryObject (HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG,
+ PULONG);
+ NTSTATUS NtQueryQuotaInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
+ BOOLEAN, PVOID, ULONG, PSID, BOOLEAN);
+ NTSTATUS NtQuerySemaphore (HANDLE, SEMAPHORE_INFORMATION_CLASS, PVOID, ULONG,
+ PULONG);
+ NTSTATUS NtQuerySystemInformation (SYSTEM_INFORMATION_CLASS, PVOID, ULONG,
+ PULONG);
+ NTSTATUS NtQuerySystemTime (PLARGE_INTEGER);
+ NTSTATUS NtQuerySecurityObject (HANDLE, SECURITY_INFORMATION,
+ PSECURITY_DESCRIPTOR, ULONG, PULONG);
+ NTSTATUS NtQuerySymbolicLinkObject (HANDLE, PUNICODE_STRING, PULONG);
+ NTSTATUS NtQueryTimer (HANDLE, TIMER_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+ NTSTATUS NtQueryTimerResolution (PULONG, PULONG, PULONG);
+ NTSTATUS NtQueryValueKey (HANDLE, PUNICODE_STRING,
+ KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
+ NTSTATUS NtQueryVirtualMemory (HANDLE, PVOID, MEMORY_INFORMATION_CLASS, PVOID,
+ SIZE_T, PSIZE_T);
+ NTSTATUS NtQueryVolumeInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
+ FS_INFORMATION_CLASS);
+ NTSTATUS NtReadFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK,
+ PVOID, ULONG, PLARGE_INTEGER, PULONG);
+ NTSTATUS NtRollbackTransaction (HANDLE, BOOLEAN);
+ NTSTATUS NtSetEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG);
+ NTSTATUS NtSetEvent (HANDLE, PULONG);
+ NTSTATUS NtSetInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
+ FILE_INFORMATION_CLASS);
+ NTSTATUS NtSetInformationJobObject (HANDLE, JOBOBJECTINFOCLASS, PVOID, ULONG);
+ NTSTATUS NtSetInformationThread (HANDLE, THREADINFOCLASS, PVOID, ULONG);
+ NTSTATUS NtSetInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, PVOID,
+ ULONG);
+ NTSTATUS NtSetQuotaInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG);
+ NTSTATUS NtSetSecurityObject (HANDLE, SECURITY_INFORMATION,
+ PSECURITY_DESCRIPTOR);
+ NTSTATUS NtSetTimer (HANDLE, PLARGE_INTEGER, PTIMER_APC_ROUTINE, PVOID,
+ BOOLEAN, LONG, PBOOLEAN);
+ NTSTATUS NtSetValueKey (HANDLE, PUNICODE_STRING, ULONG, ULONG, PVOID, ULONG);
+ NTSTATUS NtSetVolumeInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
+ FS_INFORMATION_CLASS);
+ NTSTATUS NtUnlockFile (HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER,
+ PLARGE_INTEGER, ULONG);
+ NTSTATUS NtUnlockVirtualMemory (HANDLE, PVOID *, PSIZE_T, ULONG);
+ NTSTATUS NtUnmapViewOfSection (HANDLE, PVOID);
+ NTSTATUS NtWaitForSingleObject (HANDLE, BOOLEAN, PLARGE_INTEGER);
+ NTSTATUS NtWriteFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
+ PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
+ NTSTATUS RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR,
+ PSECURITY_DESCRIPTOR, PULONG);
+ NTSTATUS RtlAddAccessAllowedAce (PACL, ULONG, ACCESS_MASK, PSID);
+ NTSTATUS RtlAddAccessAllowedAceEx (PACL, ULONG, ULONG, ACCESS_MASK, PSID);
+ NTSTATUS RtlAddAccessDeniedAce (PACL, ULONG, ACCESS_MASK, PSID);
+ NTSTATUS RtlAddAccessDeniedAceEx (PACL, ULONG, ULONG, ACCESS_MASK, PSID);
+ NTSTATUS RtlAddAce (PACL, ULONG, ULONG, PVOID, ULONG);
+ PVOID RtlAllocateHeap (PVOID, ULONG, SIZE_T);
+ NTSTATUS RtlAnsiStringToUnicodeString (PUNICODE_STRING, PANSI_STRING,
+ BOOLEAN);
+ NTSTATUS RtlAppendUnicodeToString (PUNICODE_STRING, PCWSTR);
+ NTSTATUS RtlAppendUnicodeStringToString (PUNICODE_STRING, PUNICODE_STRING);
+ NTSTATUS RtlCheckRegistryKey (ULONG, PCWSTR);
+ LONG RtlCompareUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
+ NTSTATUS RtlConvertSidToUnicodeString (PUNICODE_STRING, PSID, BOOLEAN);
+ NTSTATUS RtlConvertToAutoInheritSecurityObject (PSECURITY_DESCRIPTOR,
+ PSECURITY_DESCRIPTOR,
+ PSECURITY_DESCRIPTOR *,
+ GUID *, BOOLEAN,
+ PGENERIC_MAPPING);
+ NTSTATUS RtlCopySid (ULONG, PSID, PSID);
+ VOID RtlCopyUnicodeString (PUNICODE_STRING, PUNICODE_STRING);
+ NTSTATUS RtlCreateAcl (PACL, ULONG, ULONG);
+ PDEBUG_BUFFER RtlCreateQueryDebugBuffer (ULONG, BOOLEAN);
+ NTSTATUS RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR, ULONG);
+ /* Don't use this function! It's almost always wrong! */
+ // BOOLEAN RtlCreateUnicodeStringFromAsciiz (PUNICODE_STRING, PCSTR);
+ NTSTATUS RtlDeleteSecurityObject (PSECURITY_DESCRIPTOR *);
+ NTSTATUS RtlDestroyQueryDebugBuffer (PDEBUG_BUFFER);
+ NTSTATUS RtlDowncaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
+ NTSTATUS RtlEnterCriticalSection (PRTL_CRITICAL_SECTION);
+ BOOLEAN RtlEqualPrefixSid (PSID, PSID);
+ BOOLEAN RtlEqualSid (PSID, PSID);
+ BOOLEAN RtlEqualUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
+ BOOLEAN RtlFreeHeap (HANDLE, ULONG, PVOID);
+ VOID RtlFreeUnicodeString (PUNICODE_STRING);
+ BOOLEAN RtlFirstFreeAce (PACL, PVOID *);
+ NTSTATUS RtlGetAce (PACL, ULONG, PVOID);
+ NTSTATUS RtlGetControlSecurityDescriptor (PSECURITY_DESCRIPTOR,
+ PSECURITY_DESCRIPTOR_CONTROL,
+ PULONG);
+ HANDLE RtlGetCurrentTransaction ();
+ NTSTATUS RtlGetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, PBOOLEAN, PACL *,
+ PBOOLEAN);
+ NTSTATUS RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
+ PBOOLEAN);
+ NTSTATUS RtlGetNtVersionNumbers (LPDWORD, LPDWORD, LPDWORD);
+ NTSTATUS RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
+ PBOOLEAN);
+ NTSTATUS RtlGetVersion (PRTL_OSVERSIONINFOEXW);
+ PSID_IDENTIFIER_AUTHORITY RtlIdentifierAuthoritySid (PSID);
+ VOID RtlInitAnsiString (PANSI_STRING, PCSTR);
+ NTSTATUS RtlInitializeSid (PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
+ VOID RtlInitUnicodeString (PUNICODE_STRING, PCWSTR);
+ NTSTATUS RtlLeaveCriticalSection (PRTL_CRITICAL_SECTION);
+ ULONG RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR);
+ ULONG RtlLengthSid (PSID);
+ ULONG RtlNtStatusToDosError (NTSTATUS);
+ BOOLEAN RtlPrefixUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
+ NTSTATUS RtlQueryProcessDebugInformation (ULONG, ULONG, PDEBUG_BUFFER);
+ NTSTATUS RtlQueryRegistryValues (ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE,
+ PVOID, PVOID);
+ VOID RtlReleasePebLock ();
+ NTSTATUS RtlSetCurrentDirectory_U (PUNICODE_STRING);
+ BOOLEAN RtlSetCurrentTransaction (HANDLE);
+ NTSTATUS RtlSetControlSecurityDescriptor (PSECURITY_DESCRIPTOR,
+ SECURITY_DESCRIPTOR_CONTROL,
+ SECURITY_DESCRIPTOR_CONTROL);
+ NTSTATUS RtlSetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, BOOLEAN, PACL,
+ BOOLEAN);
+ NTSTATUS RtlSetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID, BOOLEAN);
+ NTSTATUS RtlSetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID, BOOLEAN);
+ PUCHAR RtlSubAuthorityCountSid (PSID);
+ PULONG RtlSubAuthoritySid (PSID, ULONG);
+ ULONG RtlUnicodeStringToAnsiSize (PUNICODE_STRING);
+ NTSTATUS RtlUnicodeStringToAnsiString (PANSI_STRING, PUNICODE_STRING,
+ BOOLEAN);
+ WCHAR RtlUpcaseUnicodeChar (WCHAR);
+ NTSTATUS RtlUpcaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
+ NTSTATUS RtlWriteRegistryValue (ULONG, PCWSTR, PCWSTR, ULONG, PVOID, ULONG);
+
+#ifdef __cplusplus
+ /* A few Rtl functions are either actually macros, or they just don't
+ exist even though they would be a big help. We implement them here,
+ partly as inline functions. */
+
+ /* RtlInitEmptyUnicodeString is defined as a macro in wdm.h, but that file
+ is missing entirely in w32api. */
+
+ inline
+ VOID RtlInitEmptyUnicodeString(PUNICODE_STRING dest, PWSTR buf, USHORT len)
+ {
+ dest->Length = 0;
+ dest->MaximumLength = len;
+ dest->Buffer = buf;
+ }
+ /* Like RtlInitEmptyUnicodeString, but initialize Length to len, too.
+ This is for instance useful when creating a UNICODE_STRING from an
+ NtQueryInformationFile info buffer, where the length of the filename
+ is known, but you can't rely on the string being 0-terminated.
+ If you know it's 0-terminated, just use RtlInitUnicodeString(). */
+ inline
+ VOID RtlInitCountedUnicodeString (PUNICODE_STRING dest, PCWSTR buf,
+ USHORT len)
+ {
+ dest->Length = dest->MaximumLength = len;
+ dest->Buffer = (PWSTR) buf;
+ }
+ /* Split path into dirname and basename part. This function does not
+ copy anything! It just initializes the dirname and basename
+ UNICODE_STRINGs so that their Buffer members point to the right spot
+ into path's Buffer, and the Length (and MaximumLength) members are set
+ to match the dirname part and the basename part.
+ Note that dirname's Length is set so that it also includes the trailing
+ backslash. If you don't need it, just subtract sizeof(WCHAR) from
+ dirname.Length. */
+ inline
+ VOID RtlSplitUnicodePath (PUNICODE_STRING path, PUNICODE_STRING dirname,
+ PUNICODE_STRING basename)
+ {
+ USHORT len = path->Length / sizeof (WCHAR);
+ while (len > 0 && path->Buffer[--len] != L'\\')
+ ;
+ ++len;
+ if (dirname)
+ RtlInitCountedUnicodeString (dirname, path->Buffer, len * sizeof (WCHAR));
+ if (basename)
+ RtlInitCountedUnicodeString (basename, &path->Buffer[len],
+ path->Length - len * sizeof (WCHAR));
+ }
+ /* Check if prefix is a prefix of path. */
+ inline
+ BOOLEAN RtlEqualUnicodePathPrefix (PUNICODE_STRING path,
+ PUNICODE_STRING prefix,
+ BOOLEAN caseinsensitive)
+ {
+ UNICODE_STRING p;
+
+ RtlInitCountedUnicodeString (&p, path->Buffer,
+ prefix->Length < path->Length
+ ? prefix->Length : path->Length);
+ return RtlEqualUnicodeString (&p, prefix, caseinsensitive);
+ }
+ /* Check if suffix is a suffix of path. */
+ inline
+ BOOL RtlEqualUnicodePathSuffix (PUNICODE_STRING path,
+ PUNICODE_STRING suffix,
+ BOOLEAN caseinsensitive)
+ {
+ UNICODE_STRING p;
+
+ if (suffix->Length < path->Length)
+ RtlInitCountedUnicodeString (&p, (PWCHAR) ((PBYTE) path->Buffer
+ + path->Length - suffix->Length),
+ suffix->Length);
+ else
+ RtlInitCountedUnicodeString (&p, path->Buffer, path->Length);
+ return RtlEqualUnicodeString (&p, suffix, caseinsensitive);
+ }
+ /* Implemented in strfuncs.cc. Create a Hex UNICODE_STRING from a given
+ 64 bit integer value. If append is TRUE, append the hex string,
+ otherwise overwrite dest. Returns either STATUS_SUCCESS, or
+ STATUS_BUFFER_OVERFLOW, if the unicode buffer is too small (hasn't
+ room for 16 WCHARs). */
+ NTSTATUS RtlInt64ToHexUnicodeString (ULONGLONG value, PUNICODE_STRING dest,
+ BOOLEAN append);
+ /* Set file attributes. Don't change file times. */
+ inline
+ NTSTATUS NtSetAttributesFile (HANDLE h, ULONG attr)
+ {
+ IO_STATUS_BLOCK io;
+ FILE_BASIC_INFORMATION fbi;
+ fbi.CreationTime.QuadPart = fbi.LastAccessTime.QuadPart =
+ fbi.LastWriteTime.QuadPart = fbi.ChangeTime.QuadPart = 0LL;
+ fbi.FileAttributes = attr ?: FILE_ATTRIBUTE_NORMAL;
+ return NtSetInformationFile(h, &io, &fbi, sizeof fbi, FileBasicInformation);
+ }
+
+ /* This test for a signalled event is twice as fast as calling
+ WaitForSingleObject (event, 0). */
+ inline
+ BOOL IsEventSignalled (HANDLE event)
+ {
+ EVENT_BASIC_INFORMATION ebi;
+ return NT_SUCCESS (NtQueryEvent (event, EventBasicInformation,
+ &ebi, sizeof ebi, NULL))
+ && ebi.SignalState != 0;
+
+ }
+
+ static inline void
+ start_transaction (HANDLE &old_trans, HANDLE &trans)
+ {
+ NTSTATUS status = NtCreateTransaction (&trans,
+ SYNCHRONIZE | TRANSACTION_ALL_ACCESS,
+ NULL, NULL, NULL, 0, 0, 0, NULL, NULL);
+ if (NT_SUCCESS (status))
+ {
+ old_trans = RtlGetCurrentTransaction ();
+ RtlSetCurrentTransaction (trans);
+ }
+ else
+ old_trans = trans = NULL;
+ }
+
+ static inline NTSTATUS
+ stop_transaction (NTSTATUS status, HANDLE old_trans, HANDLE &trans)
+ {
+ RtlSetCurrentTransaction (old_trans);
+ if (NT_SUCCESS (status))
+ status = NtCommitTransaction (trans, TRUE);
+ else
+ status = NtRollbackTransaction (trans, TRUE);
+ NtClose (trans);
+ trans = NULL;
+ return status;
+ }
+}
+
+/* This is for pseudo console workaround. ClosePseudoConsole()
+ seems to have a bug that one internal handle remains opend.
+ This causes handle leak. To close this handle, it is needed
+ to access internal of HPCON. HPCON_INTERNAL is defined for
+ this purpose. The structure of internal of HPCON is not
+ documented. Refer to: https://github.com/Biswa96/XConPty */
+typedef struct _HPCON_INTERNAL
+{
+ HANDLE hWritePipe;
+ HANDLE hConDrvReference;
+ HANDLE hConHostProcess;
+} HPCON_INTERNAL;
+#endif
generated by cgit v1.2.3 (git 2.25.1) at 2024-07-11 10:21:52 +0300