Repository: amdf/NativeShell Branch: master Commit: 4e081c66ac69 Files: 70 Total size: 607.5 KB Directory structure: gitextract_ic8dbz2h/ ├── .github/ │ └── workflows/ │ ├── build.yml │ └── release.yml ├── .gitignore ├── CONTRIBUTORS.md ├── LICENSE ├── README.md ├── display.c ├── file.c ├── hardware.c ├── input.c ├── install/ │ ├── add.reg │ └── remove.reg ├── keytrans.c ├── main.c ├── makefile ├── ndk/ │ ├── arch/ │ │ ├── ketypes.h │ │ └── mmtypes.h │ ├── asm.h │ ├── cctypes.h │ ├── cmfuncs.h │ ├── cmtypes.h │ ├── dbgkfuncs.h │ ├── dbgktypes.h │ ├── exfuncs.h │ ├── extypes.h │ ├── halfuncs.h │ ├── haltypes.h │ ├── i386/ │ │ ├── ketypes.h │ │ └── mmtypes.h │ ├── ifssupp.h │ ├── inbvfuncs.h │ ├── inbvtypes.h │ ├── iofuncs.h │ ├── iotypes.h │ ├── kdfuncs.h │ ├── kdtypes.h │ ├── kefuncs.h │ ├── ketypes.h │ ├── ldrfuncs.h │ ├── ldrtypes.h │ ├── lpcfuncs.h │ ├── lpctypes.h │ ├── mmfuncs.h │ ├── mmtypes.h │ ├── ntndk.h │ ├── ntnls.h │ ├── obfuncs.h │ ├── obtypes.h │ ├── pofuncs.h │ ├── potypes.h │ ├── powerpc/ │ │ ├── ketypes.h │ │ └── mmtypes.h │ ├── psfuncs.h │ ├── pstypes.h │ ├── readme.txt │ ├── rtlfuncs.h │ ├── rtltypes.h │ ├── sefuncs.h │ ├── setypes.h │ ├── umfuncs.h │ └── umtypes.h ├── ntfile.c ├── ntfile.h ├── ntreg.c ├── ntreg.h ├── precomp.h ├── process.c ├── shell.c ├── sources └── sysinfo.c ================================================ FILE CONTENTS ================================================ ================================================ FILE: .github/workflows/build.yml ================================================ name: Build with WDK 7.1.0 on: workflow_dispatch: workflow_call: jobs: build: name: Build runs-on: windows-latest steps: - name: Cache WDK id: cache-wdk-installed uses: actions/cache@v3 env: cache-name: cache-wdk-7.1.0-installed with: path: C:\WinDDK\7600.16385.1 key: ${{ env.cache-name }} - if: ${{ steps.cache-wdk-installed.outputs.cache-hit != 'true' }} name: Download WDK 7.1.0.7600 run: (New-Object Net.WebClient).DownloadFile("https://download.microsoft.com/download/4/A/2/4A25C7D5-EFBE-4182-B6A9-AE6850409A78/GRMWDK_EN_7600_1.ISO", "${{ github.workspace }}\GRMWDK_EN_7600_1.ISO") - if: ${{ steps.cache-wdk-installed.outputs.cache-hit != 'true' }} name: Install 7zip run: choco install 7zip - if: ${{ steps.cache-wdk-installed.outputs.cache-hit != 'true' }} name: Unpack ISO run: 7z.exe x -y -o"${{ github.workspace }}" "${{ github.workspace }}\GRMWDK_EN_7600_1.ISO" - if: ${{ steps.cache-wdk-installed.outputs.cache-hit != 'true' }} name: Setup WDK 7.1.0.7600 run: .\KitSetup.exe /install ALL /ui-level EXPRESS shell: cmd - name: Checkout code uses: actions/checkout@v4 with: path: 'srcdir' - name: Build project x86 run: | C:\WinDDK\7600.16385.1\bin\setenv.bat C:\WinDDK\7600.16385.1 fre x86 WXP && D: && cd ${{ github.workspace }}\srcdir && build /g /w shell: cmd - name: Build project x64 run: | C:\WinDDK\7600.16385.1\bin\setenv.bat C:\WinDDK\7600.16385.1 fre x64 WIN7 && D: && cd ${{ github.workspace }}\srcdir && build /g /w shell: cmd - name: Upload artifact i386 uses: actions/upload-artifact@v4 with: name: nativeshell-i386 path: | ${{ github.workspace }}\srcdir\objfre_wxp_x86\i386\native.exe ${{ github.workspace }}\srcdir\install\* ${{ github.workspace }}\srcdir\README.md retention-days: 1 - name: Upload artifact amd64 uses: actions/upload-artifact@v4 with: name: nativeshell-amd64 path: | ${{ github.workspace }}\srcdir\objfre_win7_amd64\amd64\native.exe ${{ github.workspace }}\srcdir\install\* ${{ github.workspace }}\srcdir\README.md retention-days: 1 ================================================ FILE: .github/workflows/release.yml ================================================ name: Release on: push: tags: - 'v*' jobs: build: uses: ./.github/workflows/build.yml release: needs: build name: Release runs-on: ubuntu-latest steps: - name: Create release uses: actions/create-release@v1 id: create_release with: draft: false prerelease: false release_name: Release ${{ github.ref }} tag_name: ${{ github.ref }} body: NT native executable and install files env: GITHUB_TOKEN: ${{ github.token }} - name: Download i386 binary uses: actions/download-artifact@v4 with: name: nativeshell-i386 path: ${{ github.workspace }}/i386 - name: Prepare release i386 binary working-directory: ${{ github.workspace }}/i386 run: zip -r --junk-paths nativeshell.zip ./* - name: Release i386 binary uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ github.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ${{ github.workspace }}/i386/nativeshell.zip asset_name: nativeshell-${{ github.ref_name }}.i386.zip asset_content_type: application/zip - name: Download amd64 binary uses: actions/download-artifact@v4 with: name: nativeshell-amd64 path: ${{ github.workspace }}/amd64 - name: Prepare release amd64 binary working-directory: ${{ github.workspace }}/amd64 run: zip -r --junk-paths nativeshell.zip ./* - name: Release amd64 binary uses: actions/upload-release-asset@v1 env: GITHUB_TOKEN: ${{ github.token }} with: upload_url: ${{ steps.create_release.outputs.upload_url }} asset_path: ${{ github.workspace }}/amd64/nativeshell.zip asset_name: nativeshell-${{ github.ref_name }}.amd64.zip asset_content_type: application/zip ================================================ FILE: .gitignore ================================================ .vscode *.log objfre_wxp_x86 objfre_win7_amd64 *.err *.wrn *.cmd ================================================ FILE: CONTRIBUTORS.md ================================================ - Alex Ionescu (the original creator) - amdf - ReactOS Team (keyboard translation code parts) - Dmitri Arkhangelski (code parts from ZenWINX library) ================================================ FILE: LICENSE ================================================ GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 Copyright (C) 1991, 1999 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. [This is the first released version of the Lesser GPL. It also counts as the successor of the GNU Library Public License, version 2, hence the version number 2.1.] Preamble The licenses for most software are designed to take away your freedom to share and change it. By contrast, the GNU General Public Licenses are intended to guarantee your freedom to share and change free software--to make sure the software is free for all its users. This license, the Lesser General Public License, applies to some specially designated software packages--typically libraries--of the Free Software Foundation and other authors who decide to use it. You can use it too, but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case, based on the explanations below. When we speak of free software, we are referring to freedom of use, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for this service if you wish); that you receive source code or can get it if you want it; that you can change the software and use pieces of it in new free programs; and that you are informed that you can do these things. To protect your rights, we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights. These restrictions translate to certain responsibilities for you if you distribute copies of the library or if you modify it. For example, if you distribute copies of the library, whether gratis or for a fee, you must give the recipients all the rights that we gave you. You must make sure that they, too, receive or can get the source code. If you link other code with the library, you must provide complete object files to the recipients, so that they can relink them with the library after making changes to the library and recompiling it. And you must show them these terms so they know their rights. We protect your rights with a two-step method: (1) we copyright the library, and (2) we offer you this license, which gives you legal permission to copy, distribute and/or modify the library. To protect each distributor, we want to make it very clear that there is no warranty for the free library. Also, if the library is modified by someone else and passed on, the recipients should know that what they have is not the original version, so that the original author's reputation will not be affected by problems that might be introduced by others. Finally, software patents pose a constant threat to the existence of any free program. We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder. Therefore, we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license. Most GNU software, including some libraries, is covered by the ordinary GNU General Public License. This license, the GNU Lesser General Public License, applies to certain designated libraries, and is quite different from the ordinary General Public License. We use this license for certain libraries in order to permit linking those libraries into non-free programs. When a program is linked with a library, whether statically or using a shared library, the combination of the two is legally speaking a combined work, a derivative of the original library. The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom. The Lesser General Public License permits more lax criteria for linking other code with the library. We call this license the "Lesser" General Public License because it does Less to protect the user's freedom than the ordinary General Public License. It also provides other free software developers Less of an advantage over competing non-free programs. These disadvantages are the reason we use the ordinary General Public License for many libraries. However, the Lesser license provides advantages in certain special circumstances. For example, on rare occasions, there may be a special need to encourage the widest possible use of a certain library, so that it becomes a de-facto standard. To achieve this, non-free programs must be allowed to use the library. A more frequent case is that a free library does the same job as widely used non-free libraries. In this case, there is little to gain by limiting the free library to free software only, so we use the Lesser General Public License. In other cases, permission to use a particular library in non-free programs enables a greater number of people to use a large body of free software. For example, permission to use the GNU C Library in non-free programs enables many more people to use the whole GNU operating system, as well as its variant, the GNU/Linux operating system. Although the Lesser General Public License is Less protective of the users' freedom, it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library. The precise terms and conditions for copying, distribution and modification follow. Pay close attention to the difference between a "work based on the library" and a "work that uses the library". The former contains code derived from the library, whereas the latter must be combined with the library in order to run. GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING, DISTRIBUTION AND MODIFICATION 0. This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distributed under the terms of this Lesser General Public License (also called "this License"). Each licensee is addressed as "you". A "library" means a collection of software functions and/or data prepared so as to be conveniently linked with application programs (which use some of those functions and data) to form executables. The "Library", below, refers to any such software library or work which has been distributed under these terms. A "work based on the Library" means either the Library or any derivative work under copyright law: that is to say, a work containing the Library or a portion of it, either verbatim or with modifications and/or translated straightforwardly into another language. (Hereinafter, translation is included without limitation in the term "modification".) "Source code" for a work means the preferred form of the work for making modifications to it. For a library, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the library. Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running a program using the Library is not restricted, and output from such a program is covered only if its contents constitute a work based on the Library (independent of the use of the Library in a tool for writing it). Whether that is true depends on what the Library does and what the program that uses the Library does. 1. You may copy and distribute verbatim copies of the Library's complete source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and distribute a copy of this License along with the Library. You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee. 2. You may modify your copy or copies of the Library or any portion of it, thus forming a work based on the Library, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions: a) The modified work must itself be a software library. b) You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change. c) You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License. d) If a facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility, other than as an argument passed when the facility is invoked, then you must make a good faith effort to ensure that, in the event an application does not supply such function or table, the facility still operates, and performs whatever part of its purpose remains meaningful. (For example, a function in a library to compute square roots has a purpose that is entirely well-defined independent of the application. Therefore, Subsection 2d requires that any application-supplied function or table used by this function must be optional: if the application does not supply it, the square root function must still compute square roots.) These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Library, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Library, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it. Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Library. In addition, mere aggregation of another work not based on the Library with the Library (or with a work based on the Library) on a volume of a storage or distribution medium does not bring the other work under the scope of this License. 3. You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library. To do this, you must alter all the notices that refer to this License, so that they refer to the ordinary GNU General Public License, version 2, instead of to this License. (If a newer version than version 2 of the ordinary GNU General Public License has appeared, then you can specify that version instead if you wish.) Do not make any other change in these notices. Once this change is made in a given copy, it is irreversible for that copy, so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy. This option is useful when you wish to copy part of the code of the Library into a program that is not a library. 4. You may copy and distribute the Library (or a portion or derivative of it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine-readable source code, which must be distributed under the terms of Sections 1 and 2 above on a medium customarily used for software interchange. If distribution of object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code, even though third parties are not compelled to copy the source along with the object code. 5. A program that contains no derivative of any portion of the Library, but is designed to work with the Library by being compiled or linked with it, is called a "work that uses the Library". Such a work, in isolation, is not a derivative work of the Library, and therefore falls outside the scope of this License. However, linking a "work that uses the Library" with the Library creates an executable that is a derivative of the Library (because it contains portions of the Library), rather than a "work that uses the library". The executable is therefore covered by this License. Section 6 states terms for distribution of such executables. When a "work that uses the Library" uses material from a header file that is part of the Library, the object code for the work may be a derivative work of the Library even though the source code is not. Whether this is true is especially significant if the work can be linked without the Library, or if the work is itself a library. The threshold for this to be true is not precisely defined by law. If such an object file uses only numerical parameters, data structure layouts and accessors, and small macros and small inline functions (ten lines or less in length), then the use of the object file is unrestricted, regardless of whether it is legally a derivative work. (Executables containing this object code plus portions of the Library will still fall under Section 6.) Otherwise, if the work is a derivative of the Library, you may distribute the object code for the work under the terms of Section 6. Any executables containing that work also fall under Section 6, whether or not they are linked directly with the Library itself. 6. As an exception to the Sections above, you may also combine or link a "work that uses the Library" with the Library to produce a work containing portions of the Library, and distribute that work under terms of your choice, provided that the terms permit modification of the work for the customer's own use and reverse engineering for debugging such modifications. You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License. You must supply a copy of this License. If the work during execution displays copyright notices, you must include the copyright notice for the Library among them, as well as a reference directing the user to the copy of this License. Also, you must do one of these things: a) Accompany the work with the complete corresponding machine-readable source code for the Library including whatever changes were used in the work (which must be distributed under Sections 1 and 2 above); and, if the work is an executable linked with the Library, with the complete machine-readable "work that uses the Library", as object code and/or source code, so that the user can modify the Library and then relink to produce a modified executable containing the modified Library. (It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions.) b) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (1) uses at run time a copy of the library already present on the user's computer system, rather than copying library functions into the executable, and (2) will operate properly with a modified version of the library, if the user installs one, as long as the modified version is interface-compatible with the version that the work was made with. c) Accompany the work with a written offer, valid for at least three years, to give the same user the materials specified in Subsection 6a, above, for a charge no more than the cost of performing this distribution. d) If distribution of the work is made by offering access to copy from a designated place, offer equivalent access to copy the above specified materials from the same place. e) Verify that the user has already received a copy of these materials or that you have already sent this user a copy. For an executable, the required form of the "work that uses the Library" must include any data and utility programs needed for reproducing the executable from it. However, as a special exception, the materials to be distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable. It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system. Such a contradiction means you cannot use both them and the Library together in an executable that you distribute. 7. You may place library facilities that are a work based on the Library side-by-side in a single library together with other library facilities not covered by this License, and distribute such a combined library, provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted, and provided that you do these two things: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities. This must be distributed under the terms of the Sections above. b) Give prominent notice with the combined library of the fact that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 8. You may not copy, modify, sublicense, link with, or distribute the Library except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense, link with, or distribute the Library is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance. 9. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Library or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Library (or any work based on the Library), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Library or works based on it. 10. Each time you redistribute the Library (or any work based on the Library), the recipient automatically receives a license from the original licensor to copy, distribute, link with or modify the Library subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties with this License. 11. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Library at all. For example, if a patent license would not permit royalty-free redistribution of the Library by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library. If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply, and the section as a whole is intended to apply in other circumstances. It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice. This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License. 12. If the distribution and/or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License. 13. The Free Software Foundation may publish revised and/or new versions of the Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Library does not specify a license version number, you may choose any version ever published by the Free Software Foundation. 14. If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally. NO WARRANTY 15. BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE LIBRARY, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE LIBRARY "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU. SHOULD THE LIBRARY PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Libraries If you develop a new library, and you want it to be of the greatest possible use to the public, we recommend making it free software that everyone can redistribute and change. You can do so by permitting redistribution under these terms (or, alternatively, under the terms of the ordinary General Public License). To apply these terms, attach the following notices to the library. It is safest to attach them to the start of each source file to most effectively convey the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This library is free software; you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation; either version 2.1 of the License, or (at your option) any later version. This library is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this library; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA Also add information on how to contact you by electronic and paper mail. You should also get your employer (if you work as a programmer) or your school, if any, to sign a "copyright disclaimer" for the library, if necessary. Here is a sample; alter the names: Yoyodyne, Inc., hereby disclaims all copyright interest in the library `Frob' (a library for tweaking knobs) written by James Random Hacker. , 1 April 1990 Ty Coon, President of Vice That's all there is to it! ================================================ FILE: README.md ================================================ # NativeShell Command line interface for Windows Native Mode. It can perform some basic operations with Windows files and directories. Program runs before starting of main Windows components, so it has access to the entire file system and registry without many restrictions. All operations are implemented through the Native API (ntdll.dll). The sources are based on NCLI (Native Command Line Interface) from the TinyKRNL Project. A code from ZenWINX library partially used. ## Requirements Windows Driver Kit Version 7.1.0 ## Build Build command for WDK x86 Free Build Environment: `build /g /w` Build output is native.exe. # Install Copy native.exe to %systemroot%\system32\ Use add.reg from `install` directory. # Uninstall Use remove.reg from `install` directory. Delete %systemroot%\system32\native.exe ================================================ FILE: display.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: display.c * DESCRIPTION: This module handles displaying output to screen. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" WCHAR DisplayBuffer[1024]; USHORT LinePos = 0; WCHAR PutChar[2] = L" "; UNICODE_STRING CharString = {2, 2, PutChar}; /*++ * @name RtlCliPrintString * * The RtlCliPrintString routine display a unicode string on the display device * * @param Message * Pointer to a unicode string containing the message to print. * * @return STATUS_SUCCESS or failure code. * * @remarks None. * *--*/ NTSTATUS RtlCliPrintString(IN PUNICODE_STRING Message) { ULONG i; NTSTATUS Status; for (i = 0; i < (Message->Length / sizeof(WCHAR)); i++) { Status = RtlCliPutChar(Message->Buffer[i]); } return Status; } /*++ * @name RtlCliPutChar * * The RtlCliPutChar routine displays a character. * * @param Char * Character to print out. * * @return STATUS_SUCCESS or failure code. * * @remarks None. * *--*/ NTSTATUS RtlCliPutChar(IN WCHAR Char) { // Initialize the string CharString.Buffer[0] = Char; // Make sure that this isn't backspace if (Char != '\r') { // Check if it's a new line if (Char == '\n') { // Reset the display buffer LinePos = 0; DisplayBuffer[LinePos] = UNICODE_NULL; } else { // Add the character in our buffer DisplayBuffer[LinePos] = Char; LinePos++; } } // Print the character return NtDisplayString(&CharString); } /*++ * @name RtlClipBackspace * * The RtlClipBackspace routine handles a backspace command. * * @param None. * * @return STATUS_SUCCESS or failure code if printing failed. * * @remarks Backspace is handled by printing the previous string minus the last * two characters. * *--*/ NTSTATUS RtlClipBackspace(VOID) { UNICODE_STRING BackString; // Update the line position LinePos--; // Finalize this buffer and make it unicode DisplayBuffer[LinePos] = ANSI_NULL; RtlInitUnicodeString(&BackString, DisplayBuffer); // Display the buffer return NtDisplayString(&BackString); } NTSTATUS __cdecl RtlCliDisplayString(IN PCH Message, ...) { va_list MessageList; PCHAR MessageBuffer; UNICODE_STRING MessageString; NTSTATUS Status; MessageBuffer = RtlAllocateHeap(RtlGetProcessHeap(), 0, 512); // First, combine the message va_start(MessageList, Message); _vsnprintf(MessageBuffer, 512, Message, MessageList); va_end(MessageList); // Now make it a unicode string RtlCreateUnicodeStringFromAsciiz(&MessageString, MessageBuffer); // Display it on screen Status = RtlCliPrintString(&MessageString); // Free Memory RtlFreeHeap(RtlGetProcessHeap(), 0, MessageBuffer); RtlFreeUnicodeString(&MessageString); return Status; } ================================================ FILE: file.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: file.c * DESCRIPTION: This module implements commands for dealing with files and directories. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" /*++ * @name RtlCliGetCurrentDirectory * * The RtlCliGetCurrentDirectory routine provides a way to get the current * directory. * * @param CurrentDirectory * The current directory. * * @return ULONG * * @remarks Documentation for this routine needs to be completed. * *--*/ ULONG RtlCliGetCurrentDirectory(IN OUT PWSTR CurrentDirectory) { return RtlGetCurrentDirectory_U(MAX_PATH * sizeof(WCHAR), CurrentDirectory); } /*++ * @name RtlCliSetCurrentDirectory * * The RtlCliSetCurrentDirectory routine provides a way to change the current * directory. * * @param Directory * The directory to change to. * * @return NTSTATUS * * @remarks Documentation for this routine needs to be completed. * *--*/ NTSTATUS RtlCliSetCurrentDirectory(PCHAR Directory) { WCHAR buf[MAX_PATH]; UNICODE_STRING us; if (NULL == Directory) { return STATUS_UNSUCCESSFUL; } // Full path contains at least two symbols, the second is ':' if (strnlen(Directory, MAX_PATH) >= 2 && Directory[1] == ':') { RtlCreateUnicodeStringFromAsciiz(&us, Directory); RtlSetCurrentDirectory_U(&us); RtlFreeUnicodeString(&us); return STATUS_SUCCESS; } GetFullPath(Directory, buf, TRUE); RtlInitUnicodeString(&us, buf); RtlSetCurrentDirectory_U(&us); return STATUS_SUCCESS; } VOID RtlCliDumpFileInfo(PFILE_BOTH_DIR_INFORMATION DirInfo) { PWCHAR Null; WCHAR Save; TIME_FIELDS Time; CHAR SizeString[16]; WCHAR ShortString[12 + 1]; WCHAR FileString[MAX_PATH + 1]; WCHAR FileStringSize[100]; WCHAR ShortStringSize[100]; UINT file_size = 0; UINT short_size = 0; // The filename isn't null-terminated, and the next structure follows // right after it. So, we save the next char (which ends up being the // NextEntryOffset of the next structure), then temporarly clear it so // that the RtlCliDisplayString can treat it as a null-terminated string Null = (PWCHAR)((PBYTE)DirInfo->FileName + DirInfo->FileNameLength); Save = *Null; *Null = 0; // Get the last access time RtlSystemTimeToLocalTime(&DirInfo->CreationTime, &DirInfo->CreationTime); RtlTimeToTimeFields(&DirInfo->CreationTime, &Time); // Don't display sizes for directories if (!(DirInfo->FileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { sprintf(SizeString, "%d", DirInfo->AllocationSize.LowPart); } else { sprintf(SizeString, " ", DirInfo->AllocationSize.LowPart); } // Display this entry file_size = DirInfo->FileNameLength / sizeof(WCHAR); short_size = DirInfo->ShortNameLength / sizeof(WCHAR); swprintf(ShortStringSize, L"%d", short_size); swprintf(FileStringSize, L"%d", file_size); if (DirInfo->ShortNameLength) { memset(ShortString, 0x00, (12 + 1) * sizeof(WCHAR)); wcsncpy(ShortString, DirInfo->ShortName, short_size); } else { swprintf(ShortString, L" "); } if (DirInfo->FileNameLength) { memset(FileString, 0x00, (MAX_PATH + 1) * sizeof(WCHAR)); wcsncpy(FileString, DirInfo->FileName, file_size); } else { swprintf(FileString, L" "); } RtlCliDisplayString("%02d.%02d.%04d %02d:%02d %s %9s %-28S %12S\n", Time.Day, Time.Month, Time.Year, Time.Hour, Time.Minute, DirInfo->FileAttributes & FILE_ATTRIBUTE_DIRECTORY ? "" : " ", SizeString, FileString, ShortString); // Restore the character that was here before *Null = Save; } /*++ * @name RtlCliListDirectory * * The RtlCliListDirectory routine lists the current directory contents. * * @param None. * * @return NTSTATUS * * @remarks Documentation for this routine needs to be completed. * *--*/ NTSTATUS RtlCliListDirectory(PWCHAR CurrentDirectory) { UNICODE_STRING DirectoryString; OBJECT_ATTRIBUTES ObjectAttributes; HANDLE DirectoryHandle; NTSTATUS Status; IO_STATUS_BLOCK IoStatusBlock; BOOLEAN FirstQuery = TRUE; PFILE_BOTH_DIR_INFORMATION DirectoryInfo, Entry; HANDLE EventHandle; CHAR i, c; // Convert dir to NT Format if (!RtlDosPathNameToNtPathName_U(CurrentDirectory, &DirectoryString, NULL, NULL)) { return STATUS_UNSUCCESSFUL; } // Initialize the object attributes RtlCliDisplayString(" Directory of %S\n\n", CurrentDirectory); InitializeObjectAttributes(&ObjectAttributes, &DirectoryString, OBJ_CASE_INSENSITIVE, NULL, NULL); // Open the directory Status = ZwCreateFile(&DirectoryHandle, FILE_LIST_DIRECTORY, &ObjectAttributes, &IoStatusBlock, NULL, 0, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_DIRECTORY_FILE, NULL, 0); if (!NT_SUCCESS(Status)) { return Status; } // Allocate space for directory entry information DirectoryInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, 4096); if (!DirectoryInfo) { return STATUS_INSUFFICIENT_RESOURCES; } // Create the event to wait on InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL); Status = NtCreateEvent(&EventHandle, EVENT_ALL_ACCESS, &ObjectAttributes, SynchronizationEvent, FALSE); if (!NT_SUCCESS(Status)) { return Status; } // Start loop i = 0; for (;;) { // Get the contents of the directory, adding up the size as we go Status = ZwQueryDirectoryFile(DirectoryHandle, EventHandle, NULL, 0, &IoStatusBlock, DirectoryInfo, 4096, FileBothDirectoryInformation, FALSE, NULL, FirstQuery); if (Status == STATUS_PENDING) { // Wait on the event NtWaitForSingleObject(EventHandle, FALSE, NULL); Status = IoStatusBlock.Status; } // Check for success if (!NT_SUCCESS(Status)) { // Nothing left to enumerate. Close handles and free memory ZwClose(DirectoryHandle); RtlFreeHeap(RtlGetProcessHeap(), 0, DirectoryInfo); return STATUS_SUCCESS; } // Loop every directory Entry = DirectoryInfo; while (Entry) { // List the file RtlCliDumpFileInfo(Entry); if (++i > 20) { i = 0; RtlCliDisplayString("Continue listing (y/n):"); while (TRUE) { c = RtlCliGetChar(hKeyboard); if (c == 'n' || c == 'N') { RtlCliDisplayString("\n"); return STATUS_SUCCESS; } if (c == 'y' || c == 'Y') { break; } } RtlCliDisplayString("\n"); } // Make sure we still have a file if (!Entry->NextEntryOffset) break; // Move to the next one Entry = (PFILE_BOTH_DIR_INFORMATION)((ULONG_PTR)Entry + Entry->NextEntryOffset); } // This isn't the first scan anymore FirstQuery = FALSE; } } ================================================ FILE: hardware.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: hardware.c * DESCRIPTION: Device tree routines. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" #define MAX_DEVICE_ID_LEN 200 #define ROOT_NAME L"HTREE\\ROOT\\0" ULONG Level = 0; HANDLE RootKey = 0; NTSTATUS RtlCliGetEnumKey(OUT PHANDLE KeyHandle) { OBJECT_ATTRIBUTES ObjectAttributes; UNICODE_STRING KeyName = RTL_CONSTANT_STRING(L"\\Registry\\Machine\\System" L"\\CurrentControlSet\\Enum"); // Initialize the object attributes InitializeObjectAttributes(&ObjectAttributes, &KeyName, OBJ_CASE_INSENSITIVE, NULL, NULL); // Open the key for read access return NtOpenKey(KeyHandle, KEY_READ, &ObjectAttributes); } NTSTATUS RtlCliGetChildOrSibling(IN PWCHAR Name, OUT PWCHAR ChildName, IN ULONG Type) { NTSTATUS Status; PLUGPLAY_CONTROL_RELATED_DEVICE_DATA PlugPlayData; // Initialize the Root Device Node name RtlInitUnicodeString(&PlugPlayData.TargetDeviceInstance, Name); // Initialize the request PlugPlayData.Relation = Type; PlugPlayData.RelatedDeviceInstanceLength = MAX_DEVICE_ID_LEN; PlugPlayData.RelatedDeviceInstance = ChildName; // Get the root child node Status = NtPlugPlayControl(PlugPlayControlGetRelatedDevice, (PVOID)&PlugPlayData, sizeof(PLUGPLAY_CONTROL_RELATED_DEVICE_DATA)); return Status; } NTSTATUS RtlCliPrintDeviceName(IN PWCHAR Name) { NTSTATUS Status = STATUS_SUCCESS; HANDLE RegHandle; OBJECT_ATTRIBUTES ObjectAttributes; UNICODE_STRING KeyName; PKEY_VALUE_FULL_INFORMATION FullInformation; ULONG ResultLength; WCHAR Buffer[MAX_DEVICE_ID_LEN]; ULONG i; // If we don't already have a root key, get it now if (!RootKey) Status = RtlCliGetEnumKey(&RootKey); if (NT_SUCCESS(Status)) { // Root key opened, now initialize the device instance key name RtlInitUnicodeString(&KeyName, Name); // Setup the object attributes and open the key InitializeObjectAttributes(&ObjectAttributes, &KeyName, 0, RootKey, NULL); Status = NtOpenKey(&RegHandle, KEY_READ, &ObjectAttributes); if (NT_SUCCESS(Status)) { // Setup and allocate the key data structure ResultLength = sizeof(*FullInformation) + 256; FullInformation = RtlAllocateHeap(RtlGetProcessHeap(), 0, ResultLength); // Now check for a friendly name RtlInitUnicodeString(&KeyName, L"FriendlyName"); Status = NtQueryValueKey(RegHandle, &KeyName, KeyValueFullInformation, FullInformation, ResultLength, &ResultLength); if (!NT_SUCCESS(Status)) { // No friendly name found, try the device description key RtlInitUnicodeString(&KeyName, L"DeviceDesc"); Status = NtQueryValueKey(RegHandle, &KeyName, KeyValueFullInformation, FullInformation, ResultLength, &ResultLength); } // Check if we have success until here if (NT_SUCCESS(Status)) { // Get the pointer to the name Name = (PWCHAR)((ULONG_PTR)FullInformation + FullInformation->DataOffset); // Indent the name to create the appeareance of a tree for (i = 0; i < (Level * 2); i++) Buffer[i] = ' '; Buffer[i] = UNICODE_NULL; // Add the device name or description, and display it wcscat(Buffer, Name); RtlCliDisplayString("%S\n", Buffer); DbgPrint("%S\n", Buffer); } // Close the key to the device instance name NtClose(RegHandle); } } // Return status to caller return Status; } NTSTATUS RtlCliListSubNodes(IN PWCHAR Parent, IN PWCHAR Sibling, IN PWCHAR Current) { NTSTATUS Status; WCHAR FoundSibling[MAX_DEVICE_ID_LEN]; WCHAR FoundChild[MAX_DEVICE_ID_LEN]; // Start looping do { // Get the first sibling Status = RtlCliGetChildOrSibling(Current, FoundSibling, PNP_GET_SIBLING_DEVICE); if (!NT_SUCCESS(Status)) *FoundSibling = UNICODE_NULL; // Print its name Status = RtlCliPrintDeviceName(Current); // Get its children Status = RtlCliGetChildOrSibling(Current, FoundChild, PNP_GET_CHILD_DEVICE); if (NT_SUCCESS(Status)) { // Get it's children's subnodes Level++; RtlCliListSubNodes(Current, NULL, FoundChild); Level--; } // Move to the next sibling Current = FoundSibling; } while (*Current); // Return status return Status; } NTSTATUS RtlCliListHardwareTree(VOID) { NTSTATUS Status; WCHAR Buffer[MAX_DEVICE_ID_LEN]; // Get the root node's child Status = RtlCliGetChildOrSibling(ROOT_NAME, Buffer, PNP_GET_CHILD_DEVICE); if (!NT_SUCCESS(Status)) { RtlCliDisplayString("NtPlugPlayControl get root node failed.\n"); } // Now get the entire tree Status = RtlCliListSubNodes(ROOT_NAME, NULL, Buffer); if (!NT_SUCCESS(Status)) { RtlCliDisplayString("NtPlugPlayControl get child nodes failed.\n"); } return Status; } ================================================ FILE: input.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: input.c * DESCRIPTION: This module deals with device input (such as mouse or keyboard). * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" // FIXME: Temporary here NTSTATUS RtlClipBackspace( VOID); // Event to wait on for keyboard input HANDLE hEvent; // Raw keyboard character buffer ULONG CurrentChar = 0; // Input buffer CHAR Line[1024]; CHAR CurrentPosition = 0; /*++ * @name RtlCliOpenInputDevice * * The RtlCliOpenInputDevice routine opens an input device. * * @param Handle * Pointer where the handle for the input device will be returned. * * @param Type * Type of the input device to use. * * @return STATUS_SUCCESS or error code when attemping to open the device. * * @remarks This routine supports both mouse and keyboard input devices. * *--*/ NTSTATUS RtlCliOpenInputDevice(OUT PHANDLE Handle, IN CON_DEVICE_TYPE Type) { UNICODE_STRING Driver; OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK Iosb; HANDLE hDriver; NTSTATUS Status; // Chose the driver to use // FIXME: Support MouseType later // FIXME: Don't hardcode keyboard path if (Type == KeyboardType) { RtlInitUnicodeString(&Driver, L"\\Device\\KeyboardClass0"); } // Initialize the object attributes InitializeObjectAttributes(&ObjectAttributes, &Driver, OBJ_CASE_INSENSITIVE, NULL, NULL); // Open a handle to it Status = NtCreateFile(&hDriver, SYNCHRONIZE | GENERIC_READ | FILE_READ_ATTRIBUTES, &ObjectAttributes, &Iosb, NULL, FILE_ATTRIBUTE_NORMAL, 0, FILE_OPEN, FILE_DIRECTORY_FILE, NULL, 0); // Now create an event that will be used to wait on the device InitializeObjectAttributes(&ObjectAttributes, NULL, 0, NULL, NULL); Status = NtCreateEvent(&hEvent, EVENT_ALL_ACCESS, &ObjectAttributes, 1, 0); // Return the handle *Handle = hDriver; return Status; } /*++ * @name RtlClipWaitForInput * * The RtlClipWaitForInput routine waits for input from an input device. * * @param hDriver * Handle of the driver/device to get input from. * * @param Buffer * Input buffer. * * @param BufferSize * Size of the input buffer. * * @return STATUS_SUCCESS or error code from the read operation. * * @remarks This routine waits for input to be available. * *--*/ NTSTATUS RtlClipWaitForInput(IN HANDLE hDriver, IN PVOID Buffer, IN OUT PULONG BufferSize) { IO_STATUS_BLOCK Iosb; LARGE_INTEGER ByteOffset; NTSTATUS Status; // Clean up the I/O Status block and read from byte 0 RtlZeroMemory(&Iosb, sizeof(Iosb)); RtlZeroMemory(&ByteOffset, sizeof(ByteOffset)); // Try to read the data Status = NtReadFile(hDriver, hEvent, NULL, NULL, &Iosb, Buffer, *BufferSize, &ByteOffset, NULL); // Check if data is pending if (Status == STATUS_PENDING) { // Wait on the data to be read Status = NtWaitForSingleObject(hEvent, TRUE, NULL); } // Return status and how much data was read *BufferSize = (ULONG)Iosb.Information; return Status; } CHAR RtlCliGetChar(IN HANDLE hDriver) { KEYBOARD_INPUT_DATA KeyboardData; KBD_RECORD kbd_rec; ULONG BufferLength = sizeof(KEYBOARD_INPUT_DATA); RtlClipWaitForInput(hDriver, &KeyboardData, &BufferLength); IntTranslateKey(&KeyboardData, &kbd_rec); if (!kbd_rec.bKeyDown) { return (-1); } return kbd_rec.AsciiChar; } /*++ * @name RtlCliGetLine * * The RtlCliGetLine routine gets line from keyboard. * * @param hDriver * Keyboard handle. * * @return PCHAR * * @remarks Because we don't currently have a thread to display on screen * whatever is typed, we handle this in the same thread and display * a character only if someone is actually waiting for it. This * will be changed later. */ PCHAR RtlCliGetLine(IN HANDLE hDriver) { CHAR Char; BOOLEAN First = FALSE; // Wait for a new character while (TRUE) { // Get the character that was pressed Char = RtlCliGetChar(hDriver); // Check if this was ENTER if (Char == '\r') { // First, null-terminate the line buffer Line[CurrentPosition] = ANSI_NULL; CurrentPosition = 0; // Return it return Line; } else if (Char == '\b') { // Make sure we don't back-space beyond the limit if (CurrentPosition) { // NtDisplayString does not properly handle backspace, so // we unfortunately have to rely on a hack. // We have to call in the display subsystem to redisplay the // current text buffer and replace last character with space. RtlCliPutChar('\r'); RtlClipBackspace(); RtlCliPutChar(' '); RtlCliPutChar('\r'); RtlClipBackspace(); // Now we do the only thing we're supposed to do, which is to // remove a character in the command buffer as well. CurrentPosition--; } // Continue listening for chars. continue; } // We got another character. Make sure it's not NULL. if (!Char || Char == -1) continue; // Add it to our line buffer Line[CurrentPosition] = Char; CurrentPosition++; // Again, as noted earlier, we combine input with display in a very // unholy way, so we also have to display it on screen. RtlCliPutChar(Char); } } ================================================ FILE: install/add.reg ================================================ REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\ 00,6e,61,74,69,76,65,20,48,65,6c,6c,6f,20,57,6f,72,6c,64,21,00,00 ================================================ FILE: install/remove.reg ================================================ REGEDIT4 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager] "BootExecute"=hex(7):61,75,74,6f,63,68,65,63,6b,20,61,75,74,6f,63,68,6b,20,2a,\ 00,00 ================================================ FILE: keytrans.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: keytrans.c * DESCRIPTION: Keyboard codes translation. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" typedef struct _SCANTOASCII { USHORT ScanCode; UCHAR Normal; UCHAR Shift; } SCANTOASCII, *PSCANTOASCII; SCANTOASCII ScanToAscii[] = { {0x1e, 'a', 'A'}, {0x30, 'b', 'B'}, {0x2e, 'c', 'C'}, {0x20, 'd', 'D'}, {0x12, 'e', 'E'}, {0x21, 'f', 'F'}, {0x22, 'g', 'G'}, {0x23, 'h', 'H'}, {0x17, 'i', 'I'}, {0x24, 'j', 'J'}, {0x25, 'k', 'K'}, {0x26, 'l', 'L'}, {0x32, 'm', 'M'}, {0x31, 'n', 'N'}, {0x18, 'o', 'O'}, {0x19, 'p', 'P'}, {0x10, 'q', 'Q'}, {0x13, 'r', 'R'}, {0x1f, 's', 'S'}, {0x14, 't', 'T'}, {0x16, 'u', 'U'}, {0x2f, 'v', 'V'}, {0x11, 'w', 'W'}, {0x2d, 'x', 'X'}, {0x15, 'y', 'Y'}, {0x2c, 'z', 'Z'}, {0x02, '1', '!'}, {0x03, '2', '@'}, {0x04, '3', '#'}, {0x05, '4', '$'}, {0x06, '5', '%'}, {0x07, '6', '^'}, {0x08, '7', '&'}, {0x09, '8', '*'}, {0x0a, '9', '('}, {0x0b, '0', ')'}, {0x29, '\'', '~'}, {0x0c, '-', '_'}, {0x0d, '=', '+'}, {0x1a, '[', '{'}, {0x1b, ']', '}'}, {0x2b, '\\', '|'}, {0x27, ';', ':'}, {0x28, '\'', '"'}, {0x33, ',', '<'}, {0x34, '.', '>'}, {0x35, '/', '?'}, {0x4a, '-', '-'}, {0x4e, '+', '+'}, {0x37, '*', '*'}, {0x39, ' ', ' '}, {0x1c, '\r', '\r'}, {0x0e, 0x08, 0x08}, /* backspace */ {0, 0, 0}}; static void IntUpdateControlKeyState(LPDWORD State, PKEYBOARD_INPUT_DATA InputData) { DWORD Value = 0; if (InputData->Flags & KEY_E1) /* Only the pause key has E1 */ return; if (!(InputData->Flags & KEY_E0)) { switch (InputData->MakeCode) { case 0x2a: case 0x36: Value = SHIFT_PRESSED; break; case 0x1d: Value = LEFT_CTRL_PRESSED; break; case 0x38: Value = LEFT_ALT_PRESSED; break; case 0x45: Value = NUMLOCK_ON; if (!(InputData->Flags & KEY_BREAK)) *State ^= Value; return; default: return; } } else { switch (InputData->MakeCode) { case 0x1d: Value = RIGHT_CTRL_PRESSED; break; case 0x38: Value = RIGHT_ALT_PRESSED; break; default: return; } } if (InputData->Flags & KEY_BREAK) *State &= ~Value; else *State |= Value; } static UCHAR IntAsciiFromInput(PKEYBOARD_INPUT_DATA InputData, DWORD KeyState) { UINT Counter = 0; while (ScanToAscii[Counter].ScanCode != 0) { if (ScanToAscii[Counter].ScanCode == InputData->MakeCode) { if (KeyState & SHIFT_PRESSED) return ScanToAscii[Counter].Shift; return ScanToAscii[Counter].Normal; } Counter++; } return 0; } /* * Only the bKeyDown and AsciiChar members are used in the zenwinx library. */ void IntTranslateKey(PKEYBOARD_INPUT_DATA InputData, KBD_RECORD *kbd_rec) { static DWORD dwControlKeyState; kbd_rec->wVirtualScanCode = InputData->MakeCode; kbd_rec->bKeyDown = (InputData->Flags & KEY_BREAK) ? FALSE : TRUE; IntUpdateControlKeyState(&dwControlKeyState, InputData); kbd_rec->dwControlKeyState = dwControlKeyState; if (InputData->Flags & KEY_E0) kbd_rec->dwControlKeyState |= ENHANCED_KEY; kbd_rec->AsciiChar = IntAsciiFromInput(InputData, kbd_rec->dwControlKeyState); } ================================================ FILE: main.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: main.c * DESCRIPTION: This module handles the main command line interface and command parsing. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" HANDLE hKeyboard; HANDLE hHeap; HANDLE hKey; #define __APP_VER__ "0.14.1" #if defined(_M_AMD64) || defined(_AMD64_) #define __NCLI_VER__ __APP_VER__ " x64" #else #define __NCLI_VER__ __APP_VER__ " x86" #endif WCHAR *helpstr[] = { {L"\n" L"cd X - Change directory to X md X - Make directory X\n" L"copy X Y - Copy file X to Y poweroff - Power off PC\n" L"dir X - Show directory contents pwd - Print working directory\n" L"del X - Delete file X reboot - Reboot PC\n" L"devtree - Dump device tree shutdown - Shutdown PC\n" L"\x0000"}, {L"exit - Exit shell sysinfo - Dump system information\n" L"lm - List modules drawtext X - Draw string X\n" L"lp - List processes move X Y - Move file X to Y\n" L"testvid - Test screen output testarg X Y - Test argument parsing\n" L"\n" L"X: - change drive letter to X\n" L"If a command is not in the list, it is treated as an executable name\n" L"\n" L"\x0000"}}; VOID RtlClipProcessMessage(PCHAR Command) { WCHAR CurrentDirectory[MAX_PATH] = {0}; UNICODE_STRING CurrentDirectoryString; CHAR CommandBuf[BUFFER_SIZE] = {0}; UINT argc; CHAR **argv; strncpy(CommandBuf, Command, strnlen(Command, BUFFER_SIZE)); argv = StringToArguments(&CommandBuf[0], &argc); if (0 == argc) return; if (!_strnicmp(argv[0], CMDSTR("exit"))) { // Exit from shell DeinitHeapMemory(hHeap); NtTerminateProcess(NtCurrentProcess(), 0); } else if (!_strnicmp(argv[0], CMDSTR("testarg"))) { UINT i = 0; RtlCliDisplayString("Args: %d\n", argc); if (argc > 1) { for (i = 1; i < argc; i++) { if (NULL != argv[i]) RtlCliDisplayString("Arg %d: %s\n", i, argv[i]); else { RtlCliDisplayString("Arg %d: NULL\n", i); break; } } } } else if (!_strnicmp(argv[0], CMDSTR("help"))) { RtlCliDisplayString("%S", helpstr[0]); RtlCliDisplayString("%S", helpstr[1]); } else if (!_strnicmp(argv[0], CMDSTR("lm"))) { // List Modules (!lm) RtlCliListDrivers(); } else if (!_strnicmp(argv[0], CMDSTR("lp"))) { // List Processes (!lp) RtlCliListProcesses(); } else if (!_strnicmp(argv[0], CMDSTR("sysinfo"))) { // Dump System Information (sysinfo) RtlCliDumpSysInfo(); } else if (!_strnicmp(argv[0], CMDSTR("cd"))) { // Set the current directory RtlCliSetCurrentDirectory(&Command[3]); } else if (!_strnicmp(argv[0], CMDSTR("drawtext"))) { #if (NTDDI_VERSION >= NTDDI_WIN7) UNICODE_STRING us; ANSI_STRING as; RtlInitAnsiString(&as, &Command[9]); RtlAnsiStringToUnicodeString(&us, &as, TRUE); NtDrawText(&us); RtlFreeUnicodeString(&us); #else RtlCliDisplayString("\nNot supported prior to Win7\n"); #endif } else if (!_strnicmp(argv[0], CMDSTR("pwd"))) { // Get the current directory RtlCliGetCurrentDirectory(CurrentDirectory); // Display it RtlInitUnicodeString(&CurrentDirectoryString, CurrentDirectory); RtlCliPrintString(&CurrentDirectoryString); } else if (!_strnicmp(argv[0], CMDSTR("dir"))) { WCHAR Dir[MAX_PATH]; WCHAR ArgDir[MAX_PATH]; RtlCliGetCurrentDirectory(Dir); if (argc > 1) { UNICODE_STRING us; ANSI_STRING as; RtlInitAnsiString(&as, argv[1]); RtlAnsiStringToUnicodeString(&us, &as, TRUE); AppendString(Dir, L"\\"); AppendString(Dir, us.Buffer); RtlFreeUnicodeString(&us); } // List directory RtlCliListDirectory(Dir); } else if (!_strnicmp(argv[0], CMDSTR("devtree"))) { // Dump hardware tree RtlCliListHardwareTree(); } else if (!_strnicmp(argv[0], CMDSTR("shutdown"))) { RtlCliShutdown(); } else if (!_strnicmp(argv[0], CMDSTR("reboot"))) { RtlCliReboot(); } else if (!_strnicmp(argv[0], CMDSTR("poweroff"))) { RtlCliPowerOff(); } else if (!_strnicmp(argv[0], CMDSTR("testvid"))) { UINT j; WCHAR i, w; UNICODE_STRING us; LARGE_INTEGER delay; memset(&delay, 0x00, sizeof(LARGE_INTEGER)); delay.LowPart = 100000000; RtlInitUnicodeString(&us, L" "); // 75x23 RtlCliDisplayString("\nVid mode is 75x23\n\nCharacter test:"); j = 0; for (w = L'A'; w < 0xFFFF; w++) { j++; NtDelayExecution(FALSE, &delay); // w = i; if (w != L'\n' && w != L'\r') { RtlCliPutChar(w); } else { RtlCliPutChar(L' '); } if (j > 70) { j = 0; RtlCliPutChar(L'\n'); } } } else if (!_strnicmp(argv[0], CMDSTR("copy"))) { // Copy file if (argc > 2) { WCHAR buf1[MAX_PATH] = {0}; WCHAR buf2[MAX_PATH] = {0}; GetFullPath(argv[1], buf1, FALSE); GetFullPath(argv[2], buf2, FALSE); RtlCliDisplayString("\nCopy %S to %S\n", buf1, buf2); if (FileExists(buf1)) { if (!NtFileCopyFile(buf1, buf2)) { RtlCliDisplayString("Failed.\n"); } } else { RtlCliDisplayString("File does not exist.\n"); } } else { RtlCliDisplayString("Not enough arguments.\n"); } } else if (!_strnicmp(argv[0], CMDSTR("move"))) { // Move/rename file if (argc > 2) { WCHAR buf1[MAX_PATH] = {0}; WCHAR buf2[MAX_PATH] = {0}; GetFullPath(argv[1], buf1, FALSE); GetFullPath(argv[2], buf2, FALSE); RtlCliDisplayString("\nMove %S to %S\n", buf1, buf2); if (FileExists(buf1)) { if (!NtFileMoveFile(buf1, buf2, FALSE)) { RtlCliDisplayString("Failed.\n"); } } else { RtlCliDisplayString("File does not exist.\n"); } } else { RtlCliDisplayString("Not enough arguments.\n"); } } else if (!_strnicmp(argv[0], CMDSTR("del"))) { // Delete file if (argc > 1) { WCHAR buf1[MAX_PATH] = {0}; GetFullPath(argv[1], buf1, FALSE); if (FileExists(buf1)) { RtlCliDisplayString("\nDelete %S\n", buf1); if (!NtFileDeleteFile(buf1)) { RtlCliDisplayString("Failed.\n"); } } else { RtlCliDisplayString("File does not exist.\n"); } } else { RtlCliDisplayString("Not enough arguments.\n"); } } else if (!_strnicmp(argv[0], CMDSTR("md"))) { // Make directory if (argc > 1) { WCHAR buf1[MAX_PATH] = {0}; GetFullPath(argv[1], buf1, FALSE); RtlCliDisplayString("\nCreate directory %S\n", buf1); if (!NtFileCreateDirectory(buf1)) { RtlCliDisplayString("Failed.\n"); } } else { RtlCliDisplayString("Not enough arguments.\n"); } } else if ((strlen(argv[0]) == 2) && (argv[0][1] == ':')) { // Change disk RtlCliSetCurrentDirectory(argv[0]); return; } else { // Unknown command, try to find an executable and run it. WCHAR filename[MAX_PATH] = {0}; BOOL bExist = FALSE; GetFullPath(argv[0], filename, FALSE); bExist = FileExists(filename); if (!bExist) { wcscat(filename, L".exe"); bExist = FileExists(filename); } if (bExist) { HANDLE hProcess; NTSTATUS status; ANSI_STRING as; UNICODE_STRING us; RtlInitAnsiString(&as, Command); RtlAnsiStringToUnicodeString(&us, &as, TRUE); NtClose(hKeyboard); status = CreateNativeProcess(filename, us.Buffer, &hProcess); if (NT_SUCCESS(status)) { NtWaitForSingleObject(hProcess, FALSE, NULL); } else { RtlCliDisplayString("Failed to execute %s\n", Command); } RtlCliOpenInputDevice(&hKeyboard, KeyboardType); RtlFreeUnicodeString(&us); } else { RtlCliDisplayString("%s is not recognized as a command or an executable file name\n" "\nType \"help\" for the list of commands.\n", Command); } } } /*++ * @name RtlClipDisplayPrompt * * The RtlClipDisplayPrompt routine * * @param None. * * @return None. * * @remarks Documentation for this routine needs to be completed. * *--*/ VOID RtlClipDisplayPrompt(VOID) { WCHAR CurrentDirectory[MAX_PATH]; UNICODE_STRING DirString; RtlCliGetCurrentDirectory(CurrentDirectory); if (!RtlDosPathNameToNtPathName_U(CurrentDirectory, &DirString, NULL, NULL)) { RtlCliDisplayString("%S>", CurrentDirectory); return; } RtlCliPrintString(&DirString); RtlCliPutChar(L'>'); } NTSTATUS __cdecl main(INT argc, PCHAR argv[], PCHAR envp[], ULONG DebugFlag OPTIONAL) { PPEB Peb = NtCurrentPeb(); NTSTATUS Status; PCHAR Command; hHeap = InitHeapMemory(); hKey = NULL; // Show banner RtlCliDisplayString("Native Shell v" __NCLI_VER__ " (build " __DATE__ " " __TIME__ ")\n\n"); // Setup keyboard input Status = RtlCliOpenInputDevice(&hKeyboard, KeyboardType); // Show initial prompt RtlClipDisplayPrompt(); // Wait for a new line while (TRUE) { // Get the line that was entered and display a new line Command = RtlCliGetLine(hKeyboard); RtlCliDisplayString("\n"); // Make sure there's actually a command if (*Command) { // Process the command and do a new line again. RtlClipProcessMessage(Command); RtlCliDisplayString("\n"); } // Display the prompt, and restart the loop RtlClipDisplayPrompt(); continue; } DeinitHeapMemory(hHeap); NtTerminateProcess(NtCurrentProcess(), 0); return STATUS_SUCCESS; } ================================================ FILE: makefile ================================================ # # DO NOT EDIT THIS FILE!!! Edit .\sources. if you want to add a new source # file to this component. This file merely indirects to the real make file # that is shared by all the driver components of the Windows NT DDK # !INCLUDE $(NTMAKEENV)\makefile.def ================================================ FILE: ndk/arch/ketypes.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ketypes.h (ARCH) Abstract: Portability file to choose the correct Architecture-specific file. Author: Alex Ionescu (alex.ionescu@reactos.com) 06-Oct-2004 --*/ #ifndef _ARCH_KETYPES_H #define _ARCH_KETYPES_H // // Include the right file for this architecture. // #ifdef _M_IX86 #include #elif defined(_M_PPC) #include #else #error "Unknown processor" #endif #endif ================================================ FILE: ndk/arch/mmtypes.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: mmtypes.h (ARCH) Abstract: Portability file to choose the correct Architecture-specific file. Author: Alex Ionescu (alex.ionescu@reactos.com) 06-Oct-2004 --*/ #ifndef _ARCH_MMTYPES_H #define _ARCH_MMTYPES_H // // Include the right file for this architecture. // #if defined(_M_IX86) || defined(_M_AMD64) #include #elif defined(_M_PPC) #include #else #error "Unknown processor" #endif #endif ================================================ FILE: ndk/asm.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: asm.h Abstract: ASM Offsets for dealing with de-referencing structures in registers. C-compatible version of the file ks386.inc present in the newest WDK. Author: Alex Ionescu (alex.ionescu@reactos.com) 06-Oct-2004 --*/ #ifndef _ASM_H #define _ASM_H #define NEW_SCHEDULER // // PCR Access // #ifdef __ASM__ #ifdef CONFIG_SMP #define PCR fs: #else #define PCR ds:[0xFFDFF000] #endif #endif // // CPU Modes // #define KernelMode 0x0 #define UserMode 0x1 // // CPU Types // #define CPU_INTEL 0x1 #define CPU_AMD 0x2 // // Selector Names // #ifdef __ASM__ #define RPL_MASK 0x0003 #define MODE_MASK 0x0001 #define KGDT_R0_CODE (0x8) #define KGDT_R0_DATA (0x10) #define KGDT_R3_CODE (0x18) #define KGDT_R3_DATA (0x20) #define KGDT_TSS (0x28) #define KGDT_R0_PCR (0x30) #define KGDT_R3_TEB (0x38) #define KGDT_LDT (0x48) #define KGDT_DF_TSS (0x50) #define KGDT_NMI_TSS (0x58) #endif // // KV86M_REGISTERS Offsets // #define KV86M_REGISTERS_EBP 0x0 #define KV86M_REGISTERS_EDI 0x4 #define KV86M_REGISTERS_ESI 0x8 #define KV86M_REGISTERS_EDX 0xC #define KV86M_REGISTERS_ECX 0x10 #define KV86M_REGISTERS_EBX 0x14 #define KV86M_REGISTERS_EAX 0x18 #define KV86M_REGISTERS_DS 0x1C #define KV86M_REGISTERS_ES 0x20 #define KV86M_REGISTERS_FS 0x24 #define KV86M_REGISTERS_GS 0x28 #define KV86M_REGISTERS_EIP 0x2C #define KV86M_REGISTERS_CS 0x30 #define KV86M_REGISTERS_EFLAGS 0x34 #define KV86M_REGISTERS_ESP 0x38 #define KV86M_REGISTERS_SS 0x3C #define TF_SAVED_EXCEPTION_STACK 0x8C #define TF_REGS 0x90 #define TF_ORIG_EBP 0x94 // // TSS Offsets // #define KTSS_ESP0 0x4 #define KTSS_CR3 0x1C #define KTSS_EFLAGS 0x24 #define KTSS_IOMAPBASE 0x66 #define KTSS_IO_MAPS 0x68 // // KTHREAD Offsets // #define KTHREAD_DEBUG_ACTIVE 0x03 #define KTHREAD_INITIAL_STACK 0x18 #define KTHREAD_STACK_LIMIT 0x1C #define KTHREAD_TEB 0x74 #define KTHREAD_KERNEL_STACK 0x20 #define KTHREAD_ALERTED 0x5E #define KTHREAD_APCSTATE_PROCESS 0x28 + 0x10 #define KTHREAD_PENDING_USER_APC 0x28 + 0x16 #define KTHREAD_PENDING_KERNEL_APC 0x28 + 0x15 #define KTHREAD_CONTEXT_SWITCHES 0x48 #define KTHREAD_STATE_ 0x4C #define KTHREAD_NPX_STATE 0x4D #define KTHREAD_WAIT_IRQL 0x4E #define KTHREAD_NEXT_PROCESSOR 0x40 #define KTHREAD_WAIT_REASON 0x5A #define KTHREAD_PRIORITY 0x5B #define KTHREAD_SWAP_BUSY 0x5D #define KTHREAD_SERVICE_TABLE 0x118 #define KTHREAD_PREVIOUS_MODE 0xD7 #define KTHREAD_COMBINED_APC_DISABLE 0x70 #define KTHREAD_SPECIAL_APC_DISABLE 0x72 #define KTHREAD_LARGE_STACK 0x107 #define KTHREAD_TRAP_FRAME 0x110 #define KTHREAD_CALLBACK_STACK 0x114 #define KTHREAD_APC_STATE_INDEX 0x11C #define KTHREAD_STACK_BASE 0x158 #define KTHREAD_QUANTUM 0x15D #define KTHREAD_KERNEL_TIME 0x160 #define KTHREAD_USER_TIME 0x18C // // KPROCESS Offsets // #define KPROCESS_DIRECTORY_TABLE_BASE 0x18 #define KPROCESS_LDT_DESCRIPTOR0 0x20 #define KPROCESS_LDT_DESCRIPTOR1 0x24 #define KPROCESS_INT21_DESCRIPTOR0 0x28 #define KPROCESS_INT21_DESCRIPTOR1 0x2C #define KPROCESS_IOPM_OFFSET 0x30 #define KPROCESS_ACTIVE_PROCESSORS 0x34 #define EPROCESS_VDM_OBJECTS 0x144 // // KTIMER_TABLE Offsets // #ifdef __ASM__ #define KTIMER_TABLE_ENTRY 0x00 #define KTIMER_TABLE_TIME 0x08 #define TIMER_ENTRY_SIZE 0x10 #define TIMER_TABLE_SIZE 0x200 #endif // // KPRCB Offsets // #define KPRCB_DR0 0x2F8 #define KPRCB_DR1 0x2FC #define KPRCB_DR2 0x300 #define KPRCB_DR3 0x304 #define KPRCB_DR6 0x308 #define KPRCB_DR7 0x30C #define KPRCB_TIMER_HAND 0x964 #define KPRCB_TIMER_REQUEST 0x968 // // KPCR Offsets // #define KPCR_EXCEPTION_LIST 0x0 #define KPCR_INITIAL_STACK 0x4 #define KPCR_STACK_LIMIT 0x8 #define KPCR_PERF_GLOBAL_GROUP_MASK 0x8 #define KPCR_CONTEXT_SWITCHES 0x10 #define KPCR_SET_MEMBER_COPY 0x14 #define KPCR_TEB 0x18 #define KPCR_SELF 0x1C #define KPCR_PRCB 0x20 #define KPCR_IRQL 0x24 #define KPCR_IRR 0x28 #define KPCR_IRR_ACTIVE 0x2C #define KPCR_IDR 0x30 #define KPCR_KD_VERSION_BLOCK 0x34 #define KPCR_IDT 0x38 #define KPCR_GDT 0x3C #define KPCR_TSS 0x40 #define KPCR_STALL_SCALE_FACTOR 0x4C #define KPCR_SET_MEMBER 0x48 #define KPCR_NUMBER 0x51 #define KPCR_VDM_ALERT 0x54 #define KPCR_PRCB_DATA 0x120 #define KPCR_CURRENT_THREAD 0x124 #define KPCR_PRCB_NEXT_THREAD 0x128 #define KPCR_PRCB_IDLE_THREAD 0x12C #define KPCR_PROCESSOR_NUMBER 0x130 #define KPCR_PRCB_SET_MEMBER 0x134 #define KPCR_PRCB_CPU_TYPE 0x138 #define KPCR_NPX_THREAD 0x640 #define KPCR_DR6 0x428 #define KPCR_DR7 0x42C #define KPCR_PRCB_INTERRUPT_COUNT 0x644 #define KPCR_PRCB_KERNEL_TIME 0x648 #define KPCR_PRCB_USER_TIME 0x64C #define KPCR_PRCB_DPC_TIME 0x650 #define KPCR_PRCB_DEBUG_DPC_TIME 0x654 #define KPCR_PRCB_INTERRUPT_TIME 0x658 #define KPCR_PRCB_ADJUST_DPC_THRESHOLD 0x65C #define KPCR_PRCB_SKIP_TICK 0x664 #define KPCR_SYSTEM_CALLS 0x6B8 #define KPCR_PRCB_DPC_QUEUE_DEPTH 0xA4C #define KPCR_PRCB_DPC_COUNT 0xA50 #define KPCR_PRCB_DPC_STACK 0xA68 #define KPCR_PRCB_MAXIMUM_DPC_QUEUE_DEPTH 0xA6C #define KPCR_PRCB_DPC_REQUEST_RATE 0xA70 #define KPCR_PRCB_DPC_INTERRUPT_REQUESTED 0xA78 #define KPCR_PRCB_DPC_ROUTINE_ACTIVE 0xA7A #define KPCR_PRCB_DPC_LAST_COUNT 0xA80 #define KPCR_PRCB_TIMER_REQUEST 0xA88 #define KPCR_PRCB_QUANTUM_END 0xAA1 #define KPCR_PRCB_DEFERRED_READY_LIST_HEAD 0xC10 #define KPCR_PRCB_POWER_STATE_IDLE_FUNCTION 0xEC0 // // KINTERRUPT Offsets // #define KINTERRUPT_SERVICE_ROUTINE 0x0C #define KINTERRUPT_SERVICE_CONTEXT 0x10 #define KINTERRUPT_TICK_COUNT 0x18 #define KINTERRUPT_ACTUAL_LOCK 0x1C #define KINTERRUPT_IRQL 0x20 #define KINTERRUPT_VECTOR 0x24 #define KINTERRUPT_SYNCHRONIZE_IRQL 0x29 #define KINTERRUPT_DISPATCH_COUNT 0x38 // // KGDTENTRY Offsets // #define KGDT_BASE_LOW 0x2 #define KGDT_BASE_MID 0x4 #define KGDT_BASE_HI 0x7 #define KGDT_LIMIT_HI 0x6 #define KGDT_LIMIT_LOW 0x0 // // FPU Save Area Offsets // #define FP_CONTROL_WORD 0x0 #define FP_STATUS_WORD 0x4 #define FP_TAG_WORD 0x8 #define FP_ERROR_OFFSET 0xC #define FP_ERROR_SELECTOR 0x10 #define FP_DATA_OFFSET 0x14 #define FP_DATA_SELECTOR 0x18 #define FN_CR0_NPX_STATE 0x20C #define SIZEOF_FX_SAVE_AREA 528 #define NPX_FRAME_LENGTH 0x210 // // FX Save Area Offsets // #define FX_CONTROL_WORD 0x0 #define FX_STATUS_WORD 0x2 #define FX_TAG_WORD 0x4 #define FX_ERROR_OPCODE 0x6 #define FX_ERROR_OFFSET 0x8 #define FX_ERROR_SELECTOR 0xC #define FX_DATA_OFFSET 0x10 #define FX_DATA_SELECTOR 0x14 #define FX_MXCSR 0x18 // // NPX States // #define NPX_STATE_NOT_LOADED 0xA #define NPX_STATE_LOADED 0x0 // // Trap Frame Offsets // #define KTRAP_FRAME_DEBUGEBP 0x0 #define KTRAP_FRAME_DEBUGEIP 0x4 #define KTRAP_FRAME_DEBUGARGMARK 0x8 #define KTRAP_FRAME_DEBUGPOINTER 0xC #define KTRAP_FRAME_TEMPCS 0x10 #define KTRAP_FRAME_TEMPESP 0x14 #define KTRAP_FRAME_DR0 0x18 #define KTRAP_FRAME_DR1 0x1C #define KTRAP_FRAME_DR2 0x20 #define KTRAP_FRAME_DR3 0x24 #define KTRAP_FRAME_DR6 0x28 #define KTRAP_FRAME_DR7 0x2C #define KTRAP_FRAME_GS 0x30 #define KTRAP_FRAME_RESERVED1 0x32 #define KTRAP_FRAME_ES 0x34 #define KTRAP_FRAME_RESERVED2 0x36 #define KTRAP_FRAME_DS 0x38 #define KTRAP_FRAME_RESERVED3 0x3A #define KTRAP_FRAME_EDX 0x3C #define KTRAP_FRAME_ECX 0x40 #define KTRAP_FRAME_EAX 0x44 #define KTRAP_FRAME_PREVIOUS_MODE 0x48 #define KTRAP_FRAME_EXCEPTION_LIST 0x4C #define KTRAP_FRAME_FS 0x50 #define KTRAP_FRAME_RESERVED4 0x52 #define KTRAP_FRAME_EDI 0x54 #define KTRAP_FRAME_ESI 0x58 #define KTRAP_FRAME_EBX 0x5C #define KTRAP_FRAME_EBP 0x60 #define KTRAP_FRAME_ERROR_CODE 0x64 #define KTRAP_FRAME_EIP 0x68 #define KTRAP_FRAME_CS 0x6C #define KTRAP_FRAME_EFLAGS 0x70 #define KTRAP_FRAME_ESP 0x74 #define KTRAP_FRAME_SS 0x78 #define KTRAP_FRAME_RESERVED5 0x7A #define KTRAP_FRAME_V86_ES 0x7C #define KTRAP_FRAME_RESERVED6 0x7E #define KTRAP_FRAME_V86_DS 0x80 #define KTRAP_FRAME_RESERVED7 0x82 #define KTRAP_FRAME_V86_FS 0x84 #define KTRAP_FRAME_RESERVED8 0x86 #define KTRAP_FRAME_V86_GS 0x88 #define KTRAP_FRAME_RESERVED9 0x8A #define KTRAP_FRAME_SIZE 0x8C #define KTRAP_FRAME_LENGTH 0x8C #define KTRAP_FRAME_ALIGN 0x04 #define FRAME_EDITED 0xFFF8 // // KUSER_SHARED_DATA Offsets // #ifdef __ASM__ #define USER_SHARED_DATA 0xFFDF0000 #endif #define USER_SHARED_DATA_INTERRUPT_TIME 0x8 #define USER_SHARED_DATA_SYSTEM_TIME 0x14 #define USER_SHARED_DATA_TICK_COUNT 0x320 // // KUSER_SHARED_DATA Offsets (this stuff is trash) // #define KERNEL_USER_SHARED_DATA 0x7FFE0000 #define KUSER_SHARED_PROCESSOR_FEATURES KERNEL_USER_SHARED_DATA + 0x274 #define KUSER_SHARED_SYSCALL KERNEL_USER_SHARED_DATA + 0x300 #define KUSER_SHARED_SYSCALL_RET KERNEL_USER_SHARED_DATA + 0x304 #define PROCESSOR_FEATURE_FXSR KUSER_SHARED_PROCESSOR_FEATURES + 0x4 // // CONTEXT Offsets // #define CONTEXT_FLAGS 0x0 #define CONTEXT_DR6 0x14 #define CONTEXT_FLOAT_SAVE 0x1C #define CONTEXT_SEGGS 0x8C #define CONTEXT_SEGFS 0x90 #define CONTEXT_SEGES 0x94 #define CONTEXT_SEGDS 0x98 #define CONTEXT_EDI 0x9C #define CONTEXT_ESI 0xA0 #define CONTEXT_EBX 0xA4 #define CONTEXT_EDX 0xA8 #define CONTEXT_ECX 0xAC #define CONTEXT_EAX 0xB0 #define CONTEXT_EBP 0xB4 #define CONTEXT_EIP 0xB8 #define CONTEXT_SEGCS 0xBC #define CONTEXT_EFLAGS 0xC0 #define CONTEXT_ESP 0xC4 #define CONTEXT_SEGSS 0xC8 #define CONTEXT_FLOAT_SAVE_CONTROL_WORD CONTEXT_FLOAT_SAVE + FP_CONTROL_WORD #define CONTEXT_FLOAT_SAVE_STATUS_WORD CONTEXT_FLOAT_SAVE + FP_STATUS_WORD #define CONTEXT_FLOAT_SAVE_TAG_WORD CONTEXT_FLOAT_SAVE + FP_TAG_WORD #define CONTEXT_ALIGNED_SIZE 0x2CC // // EXCEPTION_RECORD Offsets // #define EXCEPTION_RECORD_EXCEPTION_CODE 0x0 #define EXCEPTION_RECORD_EXCEPTION_FLAGS 0x4 #define EXCEPTION_RECORD_EXCEPTION_RECORD 0x8 #define EXCEPTION_RECORD_EXCEPTION_ADDRESS 0xC #define EXCEPTION_RECORD_NUMBER_PARAMETERS 0x10 #define SIZEOF_EXCEPTION_RECORD 0x14 #define EXCEPTION_RECORD_LENGTH 0x50 // // Exception types // #ifdef __ASM__ #define EXCEPTION_NONCONTINUABLE 0x0001 #define EXCEPTION_UNWINDING 0x0002 #define EXCEPTION_EXIT_UNWIND 0x0004 #define EXCEPTION_STACK_INVALID 0x0008 #define EXCEPTION_NESTED_CALL 0x00010 #define EXCEPTION_TARGET_UNWIND 0x00020 #define EXCEPTION_COLLIDED_UNWIND 0x00040 #define EXCEPTION_UNWIND 0x00066 #define EXCEPTION_EXECUTE_HANDLER 0x00001 #define EXCEPTION_CONTINUE_SEARCH 0x00000 #define EXCEPTION_CONTINUE_EXECUTION 0xFFFFFFFF #define EXCEPTION_CHAIN_END 0xFFFFFFFF #endif // // TEB Offsets // #define TEB_EXCEPTION_LIST 0x0 #define TEB_STACK_BASE 0x4 #define TEB_STACK_LIMIT 0x8 #define TEB_FIBER_DATA 0x10 #define TEB_PEB 0x30 #define TEB_EXCEPTION_CODE 0x1A4 #define TEB_ACTIVATION_CONTEXT_STACK_POINTER 0x1A8 #define TEB_DEALLOCATION_STACK 0xE0C #define TEB_GDI_BATCH_COUNT 0xF70 #define TEB_GUARANTEED_STACK_BYTES 0xF78 #define TEB_FLS_DATA 0xFB4 // // PEB Offsets // #define PEB_KERNEL_CALLBACK_TABLE 0x2C // // FIBER Offsets // #define FIBER_PARAMETER 0x0 #define FIBER_EXCEPTION_LIST 0x4 #define FIBER_STACK_BASE 0x8 #define FIBER_STACK_LIMIT 0xC #define FIBER_DEALLOCATION_STACK 0x10 #define FIBER_CONTEXT 0x14 #define FIBER_GUARANTEED_STACK_BYTES 0x2E0 #define FIBER_FLS_DATA 0x2E4 #define FIBER_ACTIVATION_CONTEXT_STACK 0x2E8 #define FIBER_CONTEXT_FLAGS FIBER_CONTEXT + CONTEXT_FLAGS #define FIBER_CONTEXT_EAX FIBER_CONTEXT + CONTEXT_EAX #define FIBER_CONTEXT_EBX FIBER_CONTEXT + CONTEXT_EBX #define FIBER_CONTEXT_ECX FIBER_CONTEXT + CONTEXT_ECX #define FIBER_CONTEXT_EDX FIBER_CONTEXT + CONTEXT_EDX #define FIBER_CONTEXT_ESI FIBER_CONTEXT + CONTEXT_ESI #define FIBER_CONTEXT_EDI FIBER_CONTEXT + CONTEXT_EDI #define FIBER_CONTEXT_EBP FIBER_CONTEXT + CONTEXT_EBP #define FIBER_CONTEXT_ESP FIBER_CONTEXT + CONTEXT_ESP #define FIBER_CONTEXT_DR6 FIBER_CONTEXT + CONTEXT_DR6 #define FIBER_CONTEXT_FLOAT_SAVE_STATUS_WORD FIBER_CONTEXT + CONTEXT_FLOAT_SAVE_STATUS_WORD #define FIBER_CONTEXT_FLOAT_SAVE_CONTROL_WORD FIBER_CONTEXT + CONTEXT_FLOAT_SAVE_CONTROL_WORD #define FIBER_CONTEXT_FLOAT_SAVE_TAG_WORD FIBER_CONTEXT + CONTEXT_FLOAT_SAVE_TAG_WORD // // EFLAGS // #ifdef __ASM__ #define EFLAGS_TF 0x100 #define EFLAGS_INTERRUPT_MASK 0x200 #define EFLAGS_NESTED_TASK 0x4000 #define EFLAGS_V86_MASK 0x20000 #define EFLAGS_ALIGN_CHECK 0x40000 #define EFLAGS_VIF 0x80000 #define EFLAGS_VIP 0x100000 #define EFLAG_SIGN 0x8000 #define EFLAG_ZERO 0x4000 #define EFLAG_SELECT (EFLAG_SIGN + EFLAG_ZERO) #endif #define EFLAGS_USER_SANITIZE 0x3F4DD7 // // CR0 // #define CR0_PE 0x1 #define CR0_MP 0x2 #define CR0_EM 0x4 #define CR0_TS 0x8 #define CR0_ET 0x10 #define CR0_NE 0x20 #define CR0_WP 0x10000 #define CR0_AM 0x40000 #define CR0_NW 0x20000000 #define CR0_CD 0x40000000 #define CR0_PG 0x80000000 // // CR4 // #ifdef __ASM__ #define CR4_VME 0x1 #define CR4_PVI 0x2 #define CR4_TSD 0x4 #define CR4_DE 0x8 #define CR4_PSE 0x10 #define CR4_PAE 0x20 #define CR4_MCE 0x40 #define CR4_PGE 0x80 #define CR4_FXSR 0x200 #define CR4_XMMEXCPT 0x400 #endif // // DR6 and 7 Masks // #define DR6_LEGAL 0xE00F #define DR7_LEGAL 0xFFFF0155 #define DR7_ACTIVE 0x55 #define DR7_OVERRIDE_V 0x04 #define DR7_RESERVED_MASK 0xDC00 #define DR7_OVERRIDE_MASK 0xF0000 // // Usermode callout frame definitions // #define CBSTACK_STACK 0x0 #define CBSTACK_TRAP_FRAME 0x4 #define CBSTACK_CALLBACK_STACK 0x8 #define CBSTACK_EBP 0x18 #define CBSTACK_RESULT 0x20 #define CBSTACK_RESULT_LENGTH 0x24 // // NTSTATUS and Bugcheck Codes // #ifdef __ASM__ #define STATUS_ACCESS_VIOLATION 0xC0000005 #define STATUS_IN_PAGE_ERROR 0xC0000006 #define STATUS_GUARD_PAGE_VIOLATION 0x80000001 #define STATUS_PRIVILEGED_INSTRUCTION 0xC0000096 #define STATUS_STACK_OVERFLOW 0xC00000FD #define KI_EXCEPTION_ACCESS_VIOLATION 0x10000004 #define STATUS_INVALID_SYSTEM_SERVICE 0xC000001C #define STATUS_NO_CALLBACK_ACTIVE 0xC0000258 #define STATUS_CALLBACK_POP_STACK 0xC0000423 #define STATUS_ARRAY_BOUNDS_EXCEEDED 0xC000008C #define STATUS_ILLEGAL_INSTRUCTION 0xC000001D #define STATUS_INVALID_LOCK_SEQUENCE 0xC000001E #define STATUS_BREAKPOINT 0x80000003 #define STATUS_SINGLE_STEP 0x80000004 #define STATUS_INTEGER_DIVIDE_BY_ZERO 0xC0000094 #define STATUS_INTEGER_OVERFLOW 0xC0000095 #define STATUS_FLOAT_DENORMAL_OPERAND 0xC000008D #define STATUS_FLOAT_DIVIDE_BY_ZERO 0xC000008E #define STATUS_FLOAT_INEXACT_RESULT 0xC000008F #define STATUS_FLOAT_INVALID_OPERATION 0xC0000090 #define STATUS_FLOAT_OVERFLOW 0xC0000091 #define STATUS_FLOAT_STACK_CHECK 0xC0000092 #define STATUS_FLOAT_UNDERFLOW 0xC0000093 #define STATUS_FLOAT_MULTIPLE_FAULTS 0xC00002B4 #define STATUS_FLOAT_MULTIPLE_TRAPS 0xC00002B5 #define APC_INDEX_MISMATCH 0x01 #define IRQL_NOT_GREATER_OR_EQUAL 0x09 #define IRQL_NOT_LESS_OR_EQUAL 0x0A #define TRAP_CAUSE_UNKNOWN 0x12 #define KMODE_EXCEPTION_NOT_HANDLED 0x13 #define IRQL_GT_ZERO_AT_SYSTEM_SERVICE 0x4A #define UNEXPECTED_KERNEL_MODE_TRAP 0x7F #define ATTEMPTED_SWITCH_FROM_DPC 0xB8 #define HARDWARE_INTERRUPT_STORM 0xF2 // // IRQL Levels // #define PASSIVE_LEVEL 0x0 #define APC_LEVEL 0x1 #define DISPATCH_LEVEL 0x2 #define CLOCK2_LEVEL 0x1C #define HIGH_LEVEL 0x1F // // Quantum Decrements // #define CLOCK_QUANTUM_DECREMENT 0x3 #endif // // System Call Table definitions // #define NUMBER_SERVICE_TABLES 0x0002 #define SERVICE_NUMBER_MASK 0x0FFF #define SERVICE_TABLE_SHIFT 0x0008 #define SERVICE_TABLE_MASK 0x0010 #define SERVICE_TABLE_TEST 0x0010 #define SERVICE_DESCRIPTOR_BASE 0x0000 #define SERVICE_DESCRIPTOR_COUNT 0x0004 #define SERVICE_DESCRIPTOR_LIMIT 0x0008 #define SERVICE_DESCRIPTOR_NUMBER 0x000C #define SERVICE_DESCRIPTOR_LENGTH 0x0010 // // VDM State Pointer // #define FIXED_NTVDMSTATE_LINEAR_PC_AT 0x714 // // Machine types // #ifdef __ASM__ #define MACHINE_TYPE_ISA 0x0000 #define MACHINE_TYPE_EISA 0x0001 #define MACHINE_TYPE_MCA 0x0002 // // Kernel Feature Bits // #define KF_RDTSC 0x00000002 // // Kernel Stack Size // #define KERNEL_STACK_SIZE 0x3000 #endif // // Generic Definitions // #define PRIMARY_VECTOR_BASE 0x30 // FIXME: HACK #define MAXIMUM_IDTVECTOR 0xFF #endif // !_ASM_H ================================================ FILE: ndk/cctypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: cctypes.h Abstract: Type definitions for the Cache Controller. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _CCTYPES_H #define _CCTYPES_H // // Dependencies // #include #ifndef NTOS_MODE_USER // // Kernel Exported CcData // extern ULONG NTSYSAPI CcFastReadNotPossible; extern ULONG NTSYSAPI CcFastReadWait; extern ULONG NTSYSAPI CcFastReadResourceMiss; extern ULONG NTSYSAPI CcFastReadNoWait; extern ULONG NTSYSAPI CcFastMdlReadNotPossible; // // Virtual Address Control BLock // typedef struct _VACB { PVOID BaseAddress; struct _SHARED_CACHE_MAP *SharedCacheMap; union { LARGE_INTEGER FileOffset; USHORT ActiveCount; } Overlay; LIST_ENTRY LruList; } VACB, *PVACB; // // Private Cache Map Structure and Flags // typedef struct _PRIVATE_CACHE_MAP_FLAGS { ULONG DontUse:16; ULONG ReadAheadActive:1; ULONG ReadAheadEnabled:1; ULONG Available:14; } PRIVATE_CACHE_MAP_FLAGS; typedef struct _PRIVATE_CACHE_MAP { union { CSHORT NodeTypeCode; PRIVATE_CACHE_MAP_FLAGS Flags; ULONG UlongFlags; }; ULONG ReadAheadMask; PFILE_OBJECT FileObject; LARGE_INTEGER FileOffset1; LARGE_INTEGER BeyondLastByte1; LARGE_INTEGER FileOffset2; LARGE_INTEGER BeyondLastByte2; LARGE_INTEGER ReadAheadOffset[2]; ULONG ReadAheadLength[2]; KSPIN_LOCK ReadAheadSpinLock; LIST_ENTRY PrivateLinks; } PRIVATE_CACHE_MAP, *PPRIVATE_CACHE_MAP; #ifdef _NTIFS_INCLUDED_ // // Shared Cache Map // typedef struct _SHARED_CACHE_MAP { SHORT NodeTypeCode; SHORT NodeByteSize; ULONG OpenCount; LARGE_INTEGER FileSize; LIST_ENTRY BcbList; LARGE_INTEGER SectionSize; LARGE_INTEGER ValidDataLength; LARGE_INTEGER ValidDataGoal; PVACB InitialVacbs[4]; PVACB Vacbs; PFILE_OBJECT FileObject; PVACB ActiveVacb; PVOID NeedToZero; ULONG ActivePage; ULONG NeedToZeroPage; ULONG ActiveVacbSpinLock; ULONG VacbActiveCount; ULONG DirtyPages; LIST_ENTRY SharedCacheMapLinks; ULONG Flags; ULONG Status; PMCB Mbcb; PVOID Section; PKEVENT CreateEvent; PKEVENT WaitOnActiveCount; ULONG PagesToWrite; LONGLONG BeyondLastFlush; PCACHE_MANAGER_CALLBACKS Callbacks; PVOID LazyWriteContext; PLIST_ENTRY PrivateList; PVOID LogHandle; PVOID FlushToLsnRoutine; ULONG DirtyPageThreshold; ULONG LazyWritePassCount; PCACHE_UNINITIALIZE_EVENT UninitializeEvent; PVACB NeedToZeroVacb; ULONG BcbSpinLock; PVOID Reserved; KEVENT Event; PEX_PUSH_LOCK VacbPushLock; PPRIVATE_CACHE_MAP PrivateCacheMap; } SHARED_CACHE_MAP; #endif /* _NTIFS_INCLUDED_ */ #endif /* NTOS_MODE_USER */ #endif /* _CCTYPES_H */ ================================================ FILE: ndk/cmfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: cmfuncs.h Abstract: Function definitions for the Configuration Manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _CMFUNCS_H #define _CMFUNCS_H // // Dependencies // #include #include // // Native calls // NTSTATUS NTAPI NtCompactKeys( IN ULONG Count, IN PHANDLE KeyArray ); NTSTATUS NTAPI NtCompressKey( IN HANDLE Key ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, IN PULONG Disposition OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteKey( IN HANDLE KeyHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateValueKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtFlushKey( IN HANDLE KeyHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtGetPlugPlayEvent( IN ULONG Reserved1, IN ULONG Reserved2, OUT PPLUGPLAY_EVENT_BLOCK Buffer, IN ULONG BufferSize ); NTSYSCALLAPI NTSTATUS NTAPI NtInitializeRegistry( USHORT Flag ); NTSYSCALLAPI NTSTATUS NTAPI NtLoadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtLoadKey2( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes, IN ULONG Flags ); NTSTATUS NTAPI NtLoadKeyEx( IN POBJECT_ATTRIBUTES TargetKey, IN POBJECT_ATTRIBUTES SourceFile, IN ULONG Flags, IN HANDLE TrustClassKey ); NTSTATUS NTAPI NtLockProductActivationKeys( IN PULONG pPrivateVer, IN PULONG pSafeMode ); NTSTATUS NTAPI NtLockRegistryKey( IN HANDLE KeyHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtNotifyChangeKey( IN HANDLE KeyHandle, IN HANDLE Event, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CompletionFilter, IN BOOLEAN Asynchroneous, OUT PVOID ChangeBuffer, IN ULONG Length, IN BOOLEAN WatchSubtree ); NTSTATUS NTAPI NtNotifyChangeMultipleKeys( IN HANDLE MasterKeyHandle, IN ULONG Count, IN POBJECT_ATTRIBUTES SlaveObjects, IN HANDLE Event, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CompletionFilter, IN BOOLEAN WatchTree, OUT PVOID Buffer, IN ULONG Length, IN BOOLEAN Asynchronous ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtPlugPlayControl( IN PLUGPLAY_CONTROL_CLASS PlugPlayControlClass, IN OUT PVOID Buffer, IN ULONG BufferSize ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryKey( IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryMultipleValueKey( IN HANDLE KeyHandle, IN OUT PKEY_VALUE_ENTRY ValueList, IN ULONG NumberOfValues, OUT PVOID Buffer, IN OUT PULONG Length, OUT PULONG ReturnLength ); NTSTATUS NTAPI NtQueryOpenSubKeys( IN POBJECT_ATTRIBUTES TargetKey, IN ULONG HandleCount ); NTSTATUS NTAPI NtQueryOpenSubKeysEx( IN POBJECT_ATTRIBUTES TargetKey, IN ULONG BufferLength, IN PVOID Buffer, IN PULONG RequiredSize ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtRenameKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ReplacementName ); NTSYSCALLAPI NTSTATUS NTAPI NtReplaceKey( IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE Key, IN POBJECT_ATTRIBUTES ReplacedObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtRestoreKey( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG RestoreFlags ); NTSYSCALLAPI NTSTATUS NTAPI NtSaveKey( IN HANDLE KeyHandle, IN HANDLE FileHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSaveKeyEx( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags ); NTSTATUS NTAPI NtSaveMergedKeys( IN HANDLE HighPrecedenceKeyHandle, IN HANDLE LowPrecedenceKeyHandle, IN HANDLE FileHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationKey( IN HANDLE KeyHandle, IN KEY_SET_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG KeyInformationLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex OPTIONAL, IN ULONG Type, IN PVOID Data, IN ULONG DataSize ); NTSYSCALLAPI NTSTATUS NTAPI NtUnloadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes ); NTSTATUS NTAPI NtUnloadKey2( IN POBJECT_ATTRIBUTES TargetKey, IN ULONG Flags ); NTSTATUS NTAPI NtUnloadKeyEx( IN POBJECT_ATTRIBUTES TargetKey, IN HANDLE Event ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwCreateKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG TitleIndex, IN PUNICODE_STRING Class OPTIONAL, IN ULONG CreateOptions, IN PULONG Disposition OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwDeleteKey( IN HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI ZwDeleteValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName ); NTSYSAPI NTSTATUS NTAPI ZwEnumerateKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwEnumerateValueKey( IN HANDLE KeyHandle, IN ULONG Index, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwFlushKey( IN HANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI ZwGetPlugPlayEvent( IN ULONG Reserved1, IN ULONG Reserved2, OUT PPLUGPLAY_EVENT_BLOCK Buffer, IN ULONG BufferSize ); NTSYSAPI NTSTATUS NTAPI ZwLoadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwLoadKey2( IN POBJECT_ATTRIBUTES KeyObjectAttributes, IN POBJECT_ATTRIBUTES FileObjectAttributes, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI ZwNotifyChangeKey( IN HANDLE KeyHandle, IN HANDLE Event, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG CompletionFilter, IN BOOLEAN Asynchroneous, OUT PVOID ChangeBuffer, IN ULONG Length, IN BOOLEAN WatchSubtree ); NTSYSAPI NTSTATUS NTAPI ZwOpenKey( OUT PHANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwPlugPlayControl( IN PLUGPLAY_CONTROL_CLASS PlugPlayControlClass, IN OUT PVOID Buffer, IN ULONG BufferSize ); NTSYSAPI NTSTATUS NTAPI ZwQueryKey( IN HANDLE KeyHandle, IN KEY_INFORMATION_CLASS KeyInformationClass, OUT PVOID KeyInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwQueryMultipleValueKey( IN HANDLE KeyHandle, IN OUT PKEY_VALUE_ENTRY ValueList, IN ULONG NumberOfValues, OUT PVOID Buffer, IN OUT PULONG Length, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwQueryValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass, OUT PVOID KeyValueInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwReplaceKey( IN POBJECT_ATTRIBUTES ObjectAttributes, IN HANDLE Key, IN POBJECT_ATTRIBUTES ReplacedObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwRestoreKey( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG RestoreFlags ); NTSYSAPI NTSTATUS NTAPI ZwSaveKey( IN HANDLE KeyHandle, IN HANDLE FileHandle ); NTSYSAPI NTSTATUS NTAPI ZwSaveKeyEx( IN HANDLE KeyHandle, IN HANDLE FileHandle, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationKey( IN HANDLE KeyHandle, IN KEY_SET_INFORMATION_CLASS KeyInformationClass, IN PVOID KeyInformation, IN ULONG KeyInformationLength ); NTSYSAPI NTSTATUS NTAPI ZwSetValueKey( IN HANDLE KeyHandle, IN PUNICODE_STRING ValueName, IN ULONG TitleIndex OPTIONAL, IN ULONG Type, IN PVOID Data, IN ULONG DataSize ); #endif NTSYSAPI NTSTATUS NTAPI ZwInitializeRegistry( USHORT Flag ); NTSYSAPI NTSTATUS NTAPI ZwUnloadKey( IN POBJECT_ATTRIBUTES KeyObjectAttributes ); #endif ================================================ FILE: ndk/cmtypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: cmtypes.h Abstract: Type definitions for the Configuration Manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _CMTYPES_H #define _CMTYPES_H // // Dependencies // #include #include #include #define MAX_BUS_NAME 24 // // PLUGPLAY_CONTROL_RELATED_DEVICE_DATA.Relations // #define PNP_GET_PARENT_DEVICE 1 #define PNP_GET_CHILD_DEVICE 2 #define PNP_GET_SIBLING_DEVICE 3 // // PLUGPLAY_CONTROL_STATUS_DATA Operations // #define PNP_GET_DEVICE_STATUS 0 #define PNP_SET_DEVICE_STATUS 1 #define PNP_CLEAR_DEVICE_STATUS 2 #ifdef NTOS_MODE_USER // // Resource Type // #define CmResourceTypeNull 0 #define CmResourceTypePort 1 #define CmResourceTypeInterrupt 2 #define CmResourceTypeMemory 3 #define CmResourceTypeDma 4 #define CmResourceTypeDeviceSpecific 5 #define CmResourceTypeBusNumber 6 #define CmResourceTypeMaximum 7 #define CmResourceTypeNonArbitrated 128 #define CmResourceTypeConfigData 128 #define CmResourceTypeDevicePrivate 129 #define CmResourceTypePcCardConfig 130 #define CmResourceTypeMfCardConfig 131 // // Resource Descriptor Share Dispositions // typedef enum _CM_SHARE_DISPOSITION { CmResourceShareUndetermined, CmResourceShareDeviceExclusive, CmResourceShareDriverExclusive, CmResourceShareShared } CM_SHARE_DISPOSITION; #endif // // Port Resource Descriptor Flags // #define CM_RESOURCE_PORT_MEMORY 0x0000 #define CM_RESOURCE_PORT_IO 0x0001 #define CM_RESOURCE_PORT_10_BIT_DECODE 0x0004 #define CM_RESOURCE_PORT_12_BIT_DECODE 0x0008 #define CM_RESOURCE_PORT_16_BIT_DECODE 0x0010 #define CM_RESOURCE_PORT_POSITIVE_DECODE 0x0020 #define CM_RESOURCE_PORT_PASSIVE_DECODE 0x0040 #define CM_RESOURCE_PORT_WINDOW_DECODE 0x0080 // // Memory Resource Descriptor Flags // #define CM_RESOURCE_MEMORY_READ_WRITE 0x0000 #define CM_RESOURCE_MEMORY_READ_ONLY 0x0001 #define CM_RESOURCE_MEMORY_WRITE_ONLY 0x0002 #define CM_RESOURCE_MEMORY_PREFETCHABLE 0x0004 #define CM_RESOURCE_MEMORY_COMBINEDWRITE 0x0008 #define CM_RESOURCE_MEMORY_24 0x0010 #define CM_RESOURCE_MEMORY_CACHEABLE 0x0020 // // DMA Resource Descriptor Flags // #define CM_RESOURCE_DMA_8 0x0000 #define CM_RESOURCE_DMA_16 0x0001 #define CM_RESOURCE_DMA_32 0x0002 #define CM_RESOURCE_DMA_8_AND_16 0x0004 #define CM_RESOURCE_DMA_BUS_MASTER 0x0008 #define CM_RESOURCE_DMA_TYPE_A 0x0010 #define CM_RESOURCE_DMA_TYPE_B 0x0020 #define CM_RESOURCE_DMA_TYPE_F 0x0040 // // NtInitializeRegistry Flags // #define CM_BOOT_FLAG_SMSS 0x0000 #define CM_BOOT_FLAG_SETUP 0x0001 #define CM_BOOT_FLAG_ACCEPTED 0x0002 #define CM_BOOT_FLAG_MAX 0x03E9 #ifdef NTOS_MODE_USER // // Information Classes for NtQueryKey // typedef enum _KEY_INFORMATION_CLASS { KeyBasicInformation, KeyNodeInformation, KeyFullInformation, KeyNameInformation, KeyCachedInformation, KeyFlagsInformation } KEY_INFORMATION_CLASS; typedef enum _KEY_VALUE_INFORMATION_CLASS { KeyValueBasicInformation, KeyValueFullInformation, KeyValuePartialInformation, KeyValueFullInformationAlign64, KeyValuePartialInformationAlign64 } KEY_VALUE_INFORMATION_CLASS; typedef enum _KEY_SET_INFORMATION_CLASS { KeyWriteTimeInformation, KeyUserFlagsInformation, MaxKeySetInfoClass } KEY_SET_INFORMATION_CLASS; #endif // // Plag and Play Classes // typedef enum _PLUGPLAY_CONTROL_CLASS { PlugPlayControlUserResponse = 0x07, PlugPlayControlProperty = 0x0A, PlugPlayControlGetRelatedDevice = 0x0C, PlugPlayControlDeviceStatus = 0x0E, PlugPlayControlGetDeviceDepth, PlugPlayControlResetDevice = 0x14 } PLUGPLAY_CONTROL_CLASS; typedef enum _PLUGPLAY_BUS_CLASS { SystemBus, PlugPlayVirtualBus, MaxPlugPlayBusClass } PLUGPLAY_BUS_CLASS, *PPLUGPLAY_BUS_CLASS; // // Plag and Play Bus Types // typedef enum _PLUGPLAY_VIRTUAL_BUS_TYPE { Root, MaxPlugPlayVirtualBusType } PLUGPLAY_VIRTUAL_BUS_TYPE, *PPLUGPLAY_VIRTUAL_BUS_TYPE; // // Plag and Play Event Categories // typedef enum _PLUGPLAY_EVENT_CATEGORY { HardwareProfileChangeEvent, TargetDeviceChangeEvent, DeviceClassChangeEvent, CustomDeviceEvent, DeviceInstallEvent, DeviceArrivalEvent, PowerEvent, VetoEvent, BlockedDriverEvent, MaxPlugEventCategory } PLUGPLAY_EVENT_CATEGORY; #ifdef NTOS_MODE_USER // // Information Structures for NtQueryKeyInformation // typedef struct _KEY_WRITE_TIME_INFORMATION { LARGE_INTEGER LastWriteTime; } KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION; typedef struct _KEY_USER_FLAGS_INFORMATION { ULONG UserFlags; } KEY_USER_FLAGS_INFORMATION, *PKEY_USER_FLAGS_INFORMATION; typedef struct _KEY_FULL_INFORMATION { LARGE_INTEGER LastWriteTime; ULONG TitleIndex; ULONG ClassOffset; ULONG ClassLength; ULONG SubKeys; ULONG MaxNameLen; ULONG MaxClassLen; ULONG Values; ULONG MaxValueNameLen; ULONG MaxValueDataLen; WCHAR Class[1]; } KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION; typedef struct _KEY_NAME_INFORMATION { WCHAR Name[1]; } KEY_NAME_INFORMATION, *PKEY_NAME_INFORMATION; typedef struct _KEY_NODE_INFORMATION { LARGE_INTEGER LastWriteTime; ULONG TitleIndex; ULONG ClassOffset; ULONG ClassLength; ULONG NameLength; WCHAR Name[1]; } KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION; typedef struct _KEY_VALUE_ENTRY { PUNICODE_STRING ValueName; ULONG DataLength; ULONG DataOffset; ULONG Type; } KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY; typedef struct _KEY_VALUE_PARTIAL_INFORMATION { ULONG TitleIndex; ULONG Type; ULONG DataLength; UCHAR Data[1]; } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION; typedef struct _KEY_VALUE_BASIC_INFORMATION { ULONG TitleIndex; ULONG Type; ULONG NameLength; WCHAR Name[1]; } KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION; typedef struct _KEY_VALUE_FULL_INFORMATION { ULONG TitleIndex; ULONG Type; ULONG DataOffset; ULONG DataLength; ULONG NameLength; WCHAR Name[1]; } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; typedef struct _KEY_BASIC_INFORMATION { LARGE_INTEGER LastWriteTime; ULONG TitleIndex; ULONG NameLength; WCHAR Name[1]; } KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION; #endif // // Plug and Play Event Block // typedef struct _PLUGPLAY_EVENT_BLOCK { GUID EventGuid; PLUGPLAY_EVENT_CATEGORY EventCategory; PULONG Result; ULONG Flags; ULONG TotalSize; PVOID DeviceObject; union { struct { GUID ClassGuid; WCHAR SymbolicLinkName[ANYSIZE_ARRAY]; } DeviceClass; struct { WCHAR DeviceIds[ANYSIZE_ARRAY]; } TargetDevice; struct { WCHAR DeviceId[ANYSIZE_ARRAY]; } InstallDevice; struct { PVOID NotificationStructure; WCHAR DeviceIds[ANYSIZE_ARRAY]; } CustomNotification; struct { PVOID Notification; } ProfileNotification; struct { ULONG NotificationCode; ULONG NotificationData; } PowerNotification; struct { PNP_VETO_TYPE VetoType; WCHAR DeviceIdVetoNameBuffer[ANYSIZE_ARRAY]; } VetoNotification; struct { GUID BlockedDriverGuid; } BlockedDriverNotification; }; } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK; // // Plug and Play Control Classes // //Class 0x0A typedef struct _PLUGPLAY_CONTROL_PROPERTY_DATA { UNICODE_STRING DeviceInstance; ULONG Property; PVOID Buffer; ULONG BufferSize; } PLUGPLAY_CONTROL_PROPERTY_DATA, *PPLUGPLAY_CONTROL_PROPERTY_DATA; // Class 0x0C typedef struct _PLUGPLAY_CONTROL_RELATED_DEVICE_DATA { UNICODE_STRING TargetDeviceInstance; ULONG Relation; PWCHAR RelatedDeviceInstance; ULONG RelatedDeviceInstanceLength; } PLUGPLAY_CONTROL_RELATED_DEVICE_DATA, *PPLUGPLAY_CONTROL_RELATED_DEVICE_DATA; // Class 0x0E typedef struct _PLUGPLAY_CONTOL_STATUS_DATA { UNICODE_STRING DeviceInstance; ULONG Operation; ULONG DeviceStatus; ULONG DeviceProblem; } PLUGPLAY_CONTROL_STATUS_DATA, *PPLUGPLAY_CONTROL_STATUS_DATA; // Class 0x0F typedef struct _PLUGPLAY_CONTROL_DEPTH_DATA { UNICODE_STRING DeviceInstance; ULONG Depth; } PLUGPLAY_CONTROL_DEPTH_DATA, *PPLUGPLAY_CONTROL_DEPTH_DATA; // Class 0x14 typedef struct _PLUGPLAY_CONTROL_RESET_DEVICE_DATA { UNICODE_STRING DeviceInstance; } PLUGPLAY_CONTROL_RESET_DEVICE_DATA, *PPLUGPLAY_CONTROL_RESET_DEVICE_DATA; // // Plug and Play Bus Type Definition // typedef struct _PLUGPLAY_BUS_TYPE { PLUGPLAY_BUS_CLASS BusClass; union { INTERFACE_TYPE SystemBusType; PLUGPLAY_VIRTUAL_BUS_TYPE PlugPlayVirtualBusType; }; } PLUGPLAY_BUS_TYPE, *PPLUGPLAY_BUS_TYPE; // // Plug and Play Bus Instance Definition // typedef struct _PLUGPLAY_BUS_INSTANCE { PLUGPLAY_BUS_TYPE BusType; ULONG BusNumber; WCHAR BusName[MAX_BUS_NAME]; } PLUGPLAY_BUS_INSTANCE, *PPLUGPLAY_BUS_INSTANCE; #ifdef NTOS_MODE_USER // // Partial Resource Descriptor and List for Hardware // #include typedef struct _CM_PARTIAL_RESOURCE_DESCRIPTOR { UCHAR Type; UCHAR ShareDisposition; USHORT Flags; union { struct { PHYSICAL_ADDRESS Start; ULONG Length; } Generic; struct { PHYSICAL_ADDRESS Start; ULONG Length; } Port; struct { ULONG Level; ULONG Vector; ULONG Affinity; } Interrupt; struct { PHYSICAL_ADDRESS Start; ULONG Length; } Memory; struct { ULONG Channel; ULONG Port; ULONG Reserved1; } Dma; struct { ULONG Data[3]; } DevicePrivate; struct { ULONG Start; ULONG Length; ULONG Reserved; } BusNumber; struct { ULONG DataSize; ULONG Reserved1; ULONG Reserved2; } DeviceSpecificData; } u; } CM_PARTIAL_RESOURCE_DESCRIPTOR, *PCM_PARTIAL_RESOURCE_DESCRIPTOR; typedef struct _CM_PARTIAL_RESOURCE_LIST { USHORT Version; USHORT Revision; ULONG Count; CM_PARTIAL_RESOURCE_DESCRIPTOR PartialDescriptors[1]; } CM_PARTIAL_RESOURCE_LIST, *PCM_PARTIAL_RESOURCE_LIST; // // Full Resource Descriptor and List for Hardware // typedef struct _CM_FULL_RESOURCE_DESCRIPTOR { INTERFACE_TYPE InterfaceType; ULONG BusNumber; CM_PARTIAL_RESOURCE_LIST PartialResourceList; } CM_FULL_RESOURCE_DESCRIPTOR, *PCM_FULL_RESOURCE_DESCRIPTOR; typedef struct _CM_RESOURCE_LIST { ULONG Count; CM_FULL_RESOURCE_DESCRIPTOR List[1]; } CM_RESOURCE_LIST, *PCM_RESOURCE_LIST; // // ROM Block Structure // typedef struct _CM_ROM_BLOCK { ULONG Address; ULONG Size; } CM_ROM_BLOCK, *PCM_ROM_BLOCK; // // Disk/INT13 Structures // typedef struct _CM_INT13_DRIVE_PARAMETER { USHORT DriveSelect; ULONG MaxCylinders; USHORT SectorsPerTrack; USHORT MaxHeads; USHORT NumberDrives; } CM_INT13_DRIVE_PARAMETER, *PCM_INT13_DRIVE_PARAMETER; typedef struct _CM_DISK_GEOMETRY_DEVICE_DATA { ULONG BytesPerSector; ULONG NumberOfCylinders; ULONG SectorsPerTrack; ULONG NumberOfHeads; } CM_DISK_GEOMETRY_DEVICE_DATA, *PCM_DISK_GEOMETRY_DEVICE_DATA; #include #endif // _!NTOS_MODE_USER #endif // _CMTYPES_H ================================================ FILE: ndk/dbgkfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: dbgkfuncs.h Abstract: Function definitions for the User Mode Debugging Facility. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _DBGKFUNCS_H #define _DBGKFUNCS_H // // Dependencies // #include #include // // Native calls // NTSYSCALLAPI NTSTATUS NTAPI NtDebugActiveProcess( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateDebugObject( OUT PHANDLE DebugHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN KillProcessOnExit ); NTSYSCALLAPI NTSTATUS NTAPI NtDebugContinue( IN HANDLE DebugObject, IN PCLIENT_ID AppClientId, IN NTSTATUS ContinueStatus ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForDebugEvent( IN HANDLE DebugObject, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PDBGUI_WAIT_STATE_CHANGE StateChange ); NTSYSCALLAPI NTSTATUS NTAPI NtRemoveProcessDebug( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationDebugObject( IN HANDLE DebugObject, IN DEBUGOBJECTINFOCLASS InformationClass, IN PVOID Information, IN ULONG InformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwDebugActiveProcess( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSAPI NTSTATUS NTAPI ZwCreateDebugObject( OUT PHANDLE DebugHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN KillProcessOnExit ); NTSYSAPI NTSTATUS NTAPI ZwDebugContinue( IN HANDLE DebugObject, IN PCLIENT_ID AppClientId, IN NTSTATUS ContinueStatus ); NTSYSAPI NTSTATUS NTAPI ZwRemoveProcessDebug( IN HANDLE Process, IN HANDLE DebugObject ); NTSYSAPI NTSTATUS NTAPI ZwWaitForDebugEvent( IN HANDLE DebugObject, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL, OUT PDBGUI_WAIT_STATE_CHANGE StateChange ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationDebugObject( IN HANDLE DebugObject, IN DEBUGOBJECTINFOCLASS InformationClass, IN PVOID Information, IN ULONG InformationLength, OUT PULONG ReturnLength OPTIONAL ); #endif ================================================ FILE: ndk/dbgktypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: dbgktypes.h Abstract: Type definitions for the User Mode Debugging Facility. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _DBGKTYPES_H #define _DBGKTYPES_H // // Dependencies // #include #include // // Debug Object Access Masks // #define DEBUG_OBJECT_WAIT_STATE_CHANGE 0x0001 #define DEBUG_OBJECT_ADD_REMOVE_PROCESS 0x0002 #define DEBUG_OBJECT_SET_INFORMATION 0x0004 #define DEBUG_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x0F) // // Debug Object Information Classes for NtQueryDebugObject // typedef enum _DEBUGOBJECTINFOCLASS { DebugObjectUnusedInformation, DebugObjectKillProcessOnExitInformation } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS; // // Debug Message API Number // typedef enum _DBGKM_APINUMBER { DbgKmExceptionApi = 0, DbgKmCreateThreadApi = 1, DbgKmCreateProcessApi = 2, DbgKmExitThreadApi = 3, DbgKmExitProcessApi = 4, DbgKmLoadDllApi = 5, DbgKmUnloadDllApi = 6, DbgKmErrorReportApi = 7, DbgKmMaxApiNumber = 8, } DBGKM_APINUMBER; // // Debug Object Information Structures // typedef struct _DEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION { ULONG KillProcessOnExit; } DEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION, *PDEBUG_OBJECT_KILL_PROCESS_ON_EXIT_INFORMATION; #ifndef NTOS_MODE_USER // // Debug Object // typedef struct _DEBUG_OBJECT { KEVENT EventsPresent; FAST_MUTEX Mutex; LIST_ENTRY EventList; union { ULONG Flags; struct { UCHAR DebuggerInactive:1; UCHAR KillProcessOnExit:1; }; }; } DEBUG_OBJECT, *PDEBUG_OBJECT; #endif // // Debug States // typedef enum _DBG_STATE { DbgIdle, DbgReplyPending, DbgCreateThreadStateChange, DbgCreateProcessStateChange, DbgExitThreadStateChange, DbgExitProcessStateChange, DbgExceptionStateChange, DbgBreakpointStateChange, DbgSingleStepStateChange, DbgLoadDllStateChange, DbgUnloadDllStateChange } DBG_STATE, *PDBG_STATE; // // Debug Message Structures // typedef struct _DBGKM_EXCEPTION { EXCEPTION_RECORD ExceptionRecord; ULONG FirstChance; } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION; typedef struct _DBGKM_CREATE_THREAD { ULONG SubSystemKey; PVOID StartAddress; } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD; typedef struct _DBGKM_CREATE_PROCESS { ULONG SubSystemKey; HANDLE FileHandle; PVOID BaseOfImage; ULONG DebugInfoFileOffset; ULONG DebugInfoSize; DBGKM_CREATE_THREAD InitialThread; } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS; typedef struct _DBGKM_EXIT_THREAD { NTSTATUS ExitStatus; } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD; typedef struct _DBGKM_EXIT_PROCESS { NTSTATUS ExitStatus; } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS; typedef struct _DBGKM_LOAD_DLL { HANDLE FileHandle; PVOID BaseOfDll; ULONG DebugInfoFileOffset; ULONG DebugInfoSize; PVOID NamePointer; } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL; typedef struct _DBGKM_UNLOAD_DLL { PVOID BaseAddress; } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL; // // User-Mode Debug State Change Structure // typedef struct _DBGUI_WAIT_STATE_CHANGE { DBG_STATE NewState; CLIENT_ID AppClientId; union { struct { HANDLE HandleToThread; DBGKM_CREATE_THREAD NewThread; } CreateThread; struct { HANDLE HandleToProcess; HANDLE HandleToThread; DBGKM_CREATE_PROCESS NewProcess; } CreateProcessInfo; DBGKM_EXIT_THREAD ExitThread; DBGKM_EXIT_PROCESS ExitProcess; DBGKM_EXCEPTION Exception; DBGKM_LOAD_DLL LoadDll; DBGKM_UNLOAD_DLL UnloadDll; } StateInfo; } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE; // // LPC Debug Message // typedef struct _DBGKM_MSG { PORT_MESSAGE h; DBGKM_APINUMBER ApiNumber; ULONG ReturnedStatus; union { DBGKM_EXCEPTION Exception; DBGKM_CREATE_THREAD CreateThread; DBGKM_CREATE_PROCESS CreateProcess; DBGKM_EXIT_THREAD ExitThread; DBGKM_EXIT_PROCESS ExitProcess; DBGKM_LOAD_DLL LoadDll; DBGKM_UNLOAD_DLL UnloadDll; }; } DBGKM_MSG, *PDBGKM_MSG; #ifndef NTOS_MODE_USER // // Debug Event // typedef struct _DEBUG_EVENT { LIST_ENTRY EventList; KEVENT ContinueEvent; CLIENT_ID ClientId; PEPROCESS Process; PETHREAD Thread; NTSTATUS Status; ULONG Flags; PETHREAD BackoutThread; DBGKM_MSG ApiMsg; } DEBUG_EVENT, *PDEBUG_EVENT; #endif #endif ================================================ FILE: ndk/exfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: exfuncs.h Abstract: Function definitions for the Executive. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _EXFUNCS_H #define _EXFUNCS_H // // Dependencies // #include #include #include // // Don't include WMI headers just for one define // typedef struct _EVENT_TRACE_HEADER *PEVENT_TRACE_HEADER; #ifndef NTOS_MODE_USER // // Fast Mutex functions // VOID FASTCALL ExEnterCriticalRegionAndAcquireFastMutexUnsafe( PFAST_MUTEX FastMutex ); VOID FASTCALL ExReleaseFastMutexUnsafeAndLeaveCriticalRegion( PFAST_MUTEX FastMutex ); // // Pushlock functions // VOID FASTCALL ExfAcquirePushLockExclusive( PEX_PUSH_LOCK PushLock ); VOID FASTCALL ExfAcquirePushLockShared( PEX_PUSH_LOCK PushLock ); VOID FASTCALL ExfReleasePushLock( PEX_PUSH_LOCK PushLock ); VOID FASTCALL ExfReleasePushLockExclusive( PEX_PUSH_LOCK PushLock ); VOID FASTCALL ExfReleasePushLockShared( PEX_PUSH_LOCK PushLock ); VOID FASTCALL ExfTryToWakePushLock( PEX_PUSH_LOCK PushLock ); VOID FASTCALL ExfUnblockPushLock( PEX_PUSH_LOCK PushLock, PVOID CurrentWaitBlock ); // // Resource Functions // NTKERNELAPI BOOLEAN NTAPI ExTryToAcquireResourceExclusiveLite( IN PERESOURCE Resource ); // // Handle Table Functions // NTKERNELAPI BOOLEAN NTAPI ExEnumHandleTable( IN PHANDLE_TABLE HandleTable, IN PEX_ENUM_HANDLE_CALLBACK EnumHandleProcedure, IN OUT PVOID Context, OUT PHANDLE Handle OPTIONAL ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtAddAtom( IN PWSTR AtomName, IN ULONG AtomNameLength, IN OUT PRTL_ATOM Atom ); NTSYSCALLAPI NTSTATUS NTAPI NtCancelTimer( IN HANDLE TimerHandle, OUT PBOOLEAN CurrentState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtClearEvent( IN HANDLE EventHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN EVENT_TYPE EventType, IN BOOLEAN InitialState ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateKeyedEvent( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Flags ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN InitialOwner ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN LONG InitialCount, IN LONG MaximumCount ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TIMER_TYPE TimerType ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteAtom( IN RTL_ATOM Atom ); NTSYSCALLAPI NTSTATUS NTAPI NtDisplayString( IN PUNICODE_STRING DisplayString ); NTSYSCALLAPI NTSTATUS NTAPI NtDrawText( IN PUNICODE_STRING DisplayString ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx( IN ULONG InformationClass, IN PVOID Buffer, IN ULONG BufferLength ); NTSYSCALLAPI NTSTATUS NTAPI NtFindAtom( IN PWSTR AtomName, IN ULONG AtomNameLength, OUT PRTL_ATOM Atom OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenKeyedEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAcces, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtPulseEvent( IN HANDLE EventHandle, IN PLONG PulseCount OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDefaultLocale( IN BOOLEAN UserProfile, OUT PLCID DefaultLocaleId ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDefaultUILanguage( PLANGID LanguageId ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryEvent( IN HANDLE EventHandle, IN EVENT_INFORMATION_CLASS EventInformationClass, OUT PVOID EventInformation, IN ULONG EventInformationLength, OUT PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationAtom( IN RTL_ATOM Atom, IN ATOM_INFORMATION_CLASS AtomInformationClass, OUT PVOID AtomInformation, IN ULONG AtomInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInstallUILanguage( PLANGID LanguageId ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryMutant( IN HANDLE MutantHandle, IN MUTANT_INFORMATION_CLASS MutantInformationClass, OUT PVOID MutantInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySemaphore( IN HANDLE SemaphoreHandle, IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, OUT PVOID SemaphoreInformation, IN ULONG Length, OUT PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValue( IN PUNICODE_STRING Name, OUT PWSTR Value, ULONG Length, PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN OUT PULONG ReturnLength, IN OUT PULONG Attributes ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN SIZE_T Length, OUT PSIZE_T ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryTimer( IN HANDLE TimerHandle, IN TIMER_INFORMATION_CLASS TimerInformationClass, OUT PVOID TimerInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtRaiseHardError( IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response ); NTSYSCALLAPI NTSTATUS NTAPI NtReleaseMutant( IN HANDLE MutantHandle, IN PLONG ReleaseCount OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtReleaseKeyedEvent( IN HANDLE EventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtReleaseSemaphore( IN HANDLE SemaphoreHandle, IN LONG ReleaseCount, OUT PLONG PreviousCount ); NTSYSCALLAPI NTSTATUS NTAPI NtResetEvent( IN HANDLE EventHandle, OUT PLONG NumberOfWaitingThreads OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDefaultLocale( IN BOOLEAN UserProfile, IN LCID DefaultLocaleId ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDefaultUILanguage( LANGID LanguageId ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDefaultHardErrorPort( IN HANDLE PortHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetEvent( IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetEventBoostPriority( IN HANDLE EventHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetHighEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetHighWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetLowEventPair( HANDLE EventPair ); NTSYSCALLAPI NTSTATUS NTAPI NtSetLowWaitHighEventPair( HANDLE EventPair ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemEnvironmentValue( IN PUNICODE_STRING VariableName, IN PUNICODE_STRING Value ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemEnvironmentValueEx( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN SIZE_T SystemInformationLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetTimer( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PTIMER_APC_ROUTINE TimerApcRoutine, IN PVOID TimerContext, IN BOOLEAN WakeTimer, IN LONG Period OPTIONAL, OUT PBOOLEAN PreviousState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetUuidSeed( IN PUCHAR UuidSeed ); NTSYSCALLAPI NTSTATUS NTAPI NtShutdownSystem( IN SHUTDOWN_ACTION Action ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForKeyedEvent( IN HANDLE EventHandle, IN PVOID Key, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtTraceEvent( IN ULONG TraceHandle, IN ULONG Flags, IN ULONG TraceHeaderLength, IN PEVENT_TRACE_HEADER TraceHeader ); NTSYSAPI NTSTATUS NTAPI ZwAddAtom( IN PWSTR AtomName, IN ULONG AtomNameLength, IN OUT PRTL_ATOM Atom ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwCancelTimer( IN HANDLE TimerHandle, OUT PBOOLEAN CurrentState OPTIONAL ); #endif NTSYSAPI NTSTATUS NTAPI ZwClearEvent( IN HANDLE EventHandle ); NTSYSAPI NTSTATUS NTAPI ZwCreateEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN EVENT_TYPE EventType, IN BOOLEAN InitialState ); NTSYSAPI NTSTATUS NTAPI ZwCreateEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwCreateMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN BOOLEAN InitialOwner ); NTSYSAPI NTSTATUS NTAPI ZwCreateSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN LONG InitialCount, IN LONG MaximumCount ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwCreateTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TIMER_TYPE TimerType ); #endif NTSYSAPI NTSTATUS NTAPI ZwDeleteAtom( IN RTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI ZwDisplayString( IN PUNICODE_STRING DisplayString ); NTSYSAPI NTSTATUS NTAPI ZwFindAtom( IN PWSTR AtomName, IN ULONG AtomNameLength, OUT PRTL_ATOM Atom OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwOpenEvent( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenMutant( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAcces, IN POBJECT_ATTRIBUTES ObjectAttributes ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwOpenTimer( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); #endif NTSYSAPI NTSTATUS NTAPI ZwPulseEvent( IN HANDLE EventHandle, IN PLONG PulseCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwQueryDefaultLocale( IN BOOLEAN UserProfile, OUT PLCID DefaultLocaleId ); NTSYSAPI NTSTATUS NTAPI ZwQueryDefaultUILanguage( PLANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI ZwQueryEvent( IN HANDLE EventHandle, IN EVENT_INFORMATION_CLASS EventInformationClass, OUT PVOID EventInformation, IN ULONG EventInformationLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwQueryInformationAtom( IN RTL_ATOM Atom, IN ATOM_INFORMATION_CLASS AtomInformationClass, OUT PVOID AtomInformation, IN ULONG AtomInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwQueryInstallUILanguage( PLANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI ZwQueryMutant( IN HANDLE MutantHandle, IN MUTANT_INFORMATION_CLASS MutantInformationClass, OUT PVOID MutantInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwQuerySemaphore( IN HANDLE SemaphoreHandle, IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, OUT PVOID SemaphoreInformation, IN ULONG Length, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwQuerySystemEnvironmentValue( IN PUNICODE_STRING Name, OUT PWSTR Value, ULONG Length, PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwQuerySystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN SIZE_T Length, OUT PSIZE_T ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwQueryTimer( IN HANDLE TimerHandle, IN TIMER_INFORMATION_CLASS TimerInformationClass, OUT PVOID TimerInformation, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwRaiseHardError( IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response ); NTSYSAPI NTSTATUS NTAPI ZwReleaseMutant( IN HANDLE MutantHandle, IN PLONG ReleaseCount OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwReleaseSemaphore( IN HANDLE SemaphoreHandle, IN LONG ReleaseCount, OUT PLONG PreviousCount ); NTSYSAPI NTSTATUS NTAPI ZwResetEvent( IN HANDLE EventHandle, OUT PLONG NumberOfWaitingThreads OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwSetDefaultLocale( IN BOOLEAN UserProfile, IN LCID DefaultLocaleId ); NTSYSAPI NTSTATUS NTAPI ZwSetDefaultUILanguage( LANGID LanguageId ); NTSYSAPI NTSTATUS NTAPI ZwSetDefaultHardErrorPort( IN HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI ZwSetEvent( IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwSetHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI ZwSetHighWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI ZwSetLowEventPair( HANDLE EventPair ); NTSYSAPI NTSTATUS NTAPI ZwSetLowWaitHighEventPair( HANDLE EventPair ); NTSYSAPI NTSTATUS NTAPI ZwSetSystemEnvironmentValue( IN PUNICODE_STRING VariableName, IN PUNICODE_STRING Value ); NTSYSAPI NTSTATUS NTAPI ZwSetSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN SIZE_T SystemInformationLength ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwSetTimer( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PTIMER_APC_ROUTINE TimerApcRoutine, IN PVOID TimerContext, IN BOOLEAN WakeTimer, IN LONG Period OPTIONAL, OUT PBOOLEAN PreviousState OPTIONAL ); #endif NTSYSAPI NTSTATUS NTAPI ZwSetUuidSeed( IN PUCHAR UuidSeed ); NTSYSAPI NTSTATUS NTAPI ZwShutdownSystem( IN SHUTDOWN_ACTION Action ); NTSYSAPI NTSTATUS NTAPI ZwWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI ZwWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSAPI NTSTATUS NTAPI ZwTraceEvent( IN ULONG TraceHandle, IN ULONG Flags, IN ULONG TraceHeaderLength, IN PEVENT_TRACE_HEADER TraceHeader ); #endif ================================================ FILE: ndk/extypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: extypes.h Abstract: Type definitions for the Executive. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _EXTYPES_H #define _EXTYPES_H // // Dependencies // #include #include #if defined(_MSC_VER) && !defined(NTOS_MODE_USER) #include #endif #include #include #include #include #ifdef NTOS_MODE_USER #include #endif // // GCC compatibility // #if defined(__GNUC__) #define __ALIGNED(n) __attribute__((aligned (n))) #elif defined(_MSC_VER) #define __ALIGNED(n) __declspec(align(n)) #else //#error __ALIGNED not defined for your compiler! #define __ALIGNED(n) #warning __ALIGNED not defined for your compiler! #endif // // Atom and Language IDs // typedef USHORT LANGID, *PLANGID; typedef USHORT RTL_ATOM, *PRTL_ATOM; #ifndef NTOS_MODE_USER // // Kernel Exported Object Types // extern POBJECT_TYPE NTSYSAPI ExDesktopObjectType; extern POBJECT_TYPE NTSYSAPI ExWindowStationObjectType; extern POBJECT_TYPE NTSYSAPI ExIoCompletionType; extern POBJECT_TYPE NTSYSAPI ExMutantObjectType; extern POBJECT_TYPE NTSYSAPI ExTimerType; // // Exported NT Build Number // extern ULONG NtBuildNumber; // // Invalid Handle Value Constant // #define INVALID_HANDLE_VALUE (HANDLE)-1 #endif // // Increments // #define MUTANT_INCREMENT 1 // // Callback Object Access Mask // #define CALLBACK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x0001) #define CALLBACK_EXECUTE (STANDARD_RIGHTS_EXECUTE|SYNCHRONIZE|0x0001) #define CALLBACK_WRITE (STANDARD_RIGHTS_WRITE|SYNCHRONIZE|0x0001) #define CALLBACK_READ (STANDARD_RIGHTS_READ|SYNCHRONIZE|0x0001) // // Event Object Access Masks // #ifdef NTOS_MODE_USER #define EVENT_QUERY_STATE 0x0001 // // Semaphore Object Access Masks // #define SEMAPHORE_QUERY_STATE 0x0001 #else // // Mutant Object Access Masks // #define MUTANT_QUERY_STATE 0x0001 #define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ SYNCHRONIZE | \ MUTANT_QUERY_STATE) #define TIMER_QUERY_STATE 0x0001 #define TIMER_MODIFY_STATE 0x0002 #define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ SYNCHRONIZE | \ TIMER_QUERY_STATE | \ TIMER_MODIFY_STATE) #endif // // Event Pair Access Masks // #define EVENT_PAIR_ALL_ACCESS 0x1F0000L // // Profile Object Access Masks // #define PROFILE_CONTROL 0x0001 #define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL) // // Maximum Parameters for NtRaiseHardError // #define MAXIMUM_HARDERROR_PARAMETERS 4 // // Pushlock bits // #define EX_PUSH_LOCK_LOCK_V ((ULONG_PTR)0x0) #define EX_PUSH_LOCK_LOCK ((ULONG_PTR)0x1) #define EX_PUSH_LOCK_WAITING ((ULONG_PTR)0x2) #define EX_PUSH_LOCK_WAKING ((ULONG_PTR)0x4) #define EX_PUSH_LOCK_MULTIPLE_SHARED ((ULONG_PTR)0x8) #define EX_PUSH_LOCK_SHARE_INC ((ULONG_PTR)0x10) #define EX_PUSH_LOCK_PTR_BITS ((ULONG_PTR)0xf) // // Pushlock Wait Block Flags // #define EX_PUSH_LOCK_FLAGS_EXCLUSIVE 1 #define EX_PUSH_LOCK_FLAGS_WAIT 2 // // Resource (ERESOURCE) Flags // #define ResourceHasDisabledPriorityBoost 0x08 // // Shutdown types for NtShutdownSystem // typedef enum _SHUTDOWN_ACTION { ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff } SHUTDOWN_ACTION; // // Responses for NtRaiseHardError // typedef enum _HARDERROR_RESPONSE_OPTION { OptionAbortRetryIgnore, OptionOk, OptionOkCancel, OptionRetryCancel, OptionYesNo, OptionYesNoCancel, OptionShutdownSystem } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; typedef enum _HARDERROR_RESPONSE { ResponseReturnToCaller, ResponseNotHandled, ResponseAbort, ResponseCancel, ResponseIgnore, ResponseNo, ResponseOk, ResponseRetry, ResponseYes, ResponseTryAgain, ResponseContinue } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; // // System Information Classes for NtQuerySystemInformation // typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation, SystemProcessorInformation, SystemPerformanceInformation, SystemTimeOfDayInformation, SystemPathInformation, /// Obsolete: Use KUSER_SHARED_DATA SystemProcessInformation, SystemCallCountInformation, SystemDeviceInformation, SystemProcessorPerformanceInformation, SystemFlagsInformation, SystemCallTimeInformation, SystemModuleInformation, SystemLocksInformation, SystemStackTraceInformation, SystemPagedPoolInformation, SystemNonPagedPoolInformation, SystemHandleInformation, SystemObjectInformation, SystemPageFileInformation, SystemVdmInstemulInformation, SystemVdmBopInformation, SystemFileCacheInformation, SystemPoolTagInformation, SystemInterruptInformation, SystemDpcBehaviorInformation, SystemFullMemoryInformation, SystemLoadGdiDriverInformation, SystemUnloadGdiDriverInformation, SystemTimeAdjustmentInformation, SystemSummaryMemoryInformation, SystemMirrorMemoryInformation, SystemPerformanceTraceInformation, SystemObsolete0, SystemExceptionInformation, SystemCrashDumpStateInformation, SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation, SystemExtendServiceTableInformation, SystemPrioritySeperation, SystemPlugPlayBusInformation, SystemDockInformation, SystemPowerInformationNative, SystemProcessorSpeedInformation, SystemCurrentTimeZoneInformation, SystemLookasideInformation, SystemTimeSlipNotification, SystemSessionCreate, SystemSessionDetach, SystemSessionInformation, SystemRangeStartInformation, SystemVerifierInformation, SystemAddVerifier, SystemSessionProcessesInformation, SystemLoadGdiDriverInSystemSpaceInformation, SystemNumaProcessorMap, SystemPrefetcherInformation, SystemExtendedProcessInformation, SystemRecommendedSharedDataAlignment, SystemComPlusPackage, SystemNumaAvailableMemory, SystemProcessorPowerInformation, SystemEmulationBasicInformation, SystemEmulationProcessorInformation, SystemExtendedHanfleInformation, SystemLostDelayedWriteInformation, SystemBigPoolInformation, SystemSessionPoolTagInformation, SystemSessionMappedViewInformation, SystemHotpatchInformation, SystemObjectSecurityMode, SystemWatchDogTimerHandler, SystemWatchDogTimerInformation, SystemLogicalProcessorInformation, SystemWo64SharedInformationObosolete, SystemRegisterFirmwareTableInformationHandler, SystemFirmwareTableInformation, SystemModuleInformationEx, SystemVerifierTriageInformation, SystemSuperfetchInformation, SystemMemoryListInformation, SystemFileCacheInformationEx, SystemThreadPriorityClientIdInformation, SystemProcessorIdleCycleTimeInformation, SystemVerifierCancellationInformation, SystemProcessorPowerInformationEx, SystemRefTraceInformation, SystemSpecialPoolInformation, SystemProcessIdInformation, SystemErrorPortInformation, SystemBootEnvironmentInformation, SystemHypervisorInformation, SystemVerifierInformationEx, SystemTimeZoneInformation, SystemImageFileExecutionOptionsInformation, SystemCoverageInformation, SystemPrefetchPathInformation, SystemVerifierFaultsInformation, MaxSystemInfoClass, } SYSTEM_INFORMATION_CLASS; // // System Information Classes for NtQueryMutant // typedef enum _MUTANT_INFORMATION_CLASS { MutantBasicInformation, MutantOwnerInformation } MUTANT_INFORMATION_CLASS; // // System Information Classes for NtQueryAtom // typedef enum _ATOM_INFORMATION_CLASS { AtomBasicInformation, AtomTableInformation, } ATOM_INFORMATION_CLASS; // // System Information Classes for NtQueryTimer // typedef enum _TIMER_INFORMATION_CLASS { TimerBasicInformation } TIMER_INFORMATION_CLASS; // // System Information Classes for NtQuerySemaphore // typedef enum _SEMAPHORE_INFORMATION_CLASS { SemaphoreBasicInformation } SEMAPHORE_INFORMATION_CLASS; // // System Information Classes for NtQueryEvent // typedef enum _EVENT_INFORMATION_CLASS { EventBasicInformation } EVENT_INFORMATION_CLASS; #ifdef NTOS_MODE_USER // // Firmware Table Actions for SystemFirmwareTableInformation // typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION { SystemFirmwareTable_Enumerate = 0, SystemFirmwareTable_Get = 1, } SYSTEM_FIRMWARE_TABLE_ACTION, *PSYSTEM_FIRMWARE_TABLE_ACTION; // // Firmware Handler Callback // struct _SYSTEM_FIRMWARE_TABLE_INFORMATION; typedef NTSTATUS (__cdecl *PFNFTH)( IN struct _SYSTEM_FIRMWARE_TABLE_INFORMATION *FirmwareTableInformation ); #else // // Handle Enumeration Callback // struct _HANDLE_TABLE_ENTRY; typedef BOOLEAN (NTAPI *PEX_ENUM_HANDLE_CALLBACK)( IN struct _HANDLE_TABLE_ENTRY *HandleTableEntry, IN HANDLE Handle, IN PVOID Context ); // // Compatibility with Windows XP Drivers using ERESOURCE // typedef struct _ERESOURCE_XP { LIST_ENTRY SystemResourcesList; POWNER_ENTRY OwnerTable; SHORT ActiveCount; USHORT Flag; PKSEMAPHORE SharedWaiters; PKEVENT ExclusiveWaiters; OWNER_ENTRY OwnerThreads[2]; ULONG ContentionCount; USHORT NumberOfSharedWaiters; USHORT NumberOfExclusiveWaiters; union { PVOID Address; ULONG_PTR CreatorBackTraceIndex; }; KSPIN_LOCK SpinLock; } ERESOURCE_XP, *PERESOURCE_XP; // // Executive Work Queue Structures // typedef struct _EX_QUEUE_WORKER_INFO { ULONG QueueDisabled:1; ULONG MakeThreadsAsNecessary:1; ULONG WaitMode:1; ULONG WorkerCount:29; } EX_QUEUE_WORKER_INFO, *PEX_QUEUE_WORKER_INFO; typedef struct _EX_WORK_QUEUE { KQUEUE WorkerQueue; LONG DynamicThreadCount; ULONG WorkItemsProcessed; ULONG WorkItemsProcessedLastPass; ULONG QueueDepthLastPass; EX_QUEUE_WORKER_INFO Info; } EX_WORK_QUEUE, *PEX_WORK_QUEUE; // // Executive Fast Reference Structure // typedef struct _EX_FAST_REF { union { PVOID Object; ULONG_PTR RefCnt:3; ULONG_PTR Value; }; } EX_FAST_REF, *PEX_FAST_REF; // // Executive Cache-Aware Rundown Reference Descriptor // typedef struct _EX_RUNDOWN_REF_CACHE_AWARE { PEX_RUNDOWN_REF RunRefs; PVOID PoolToFree; ULONG RunRefSize; ULONG Number; } EX_RUNDOWN_REF_CACHE_AWARE, *PEX_RUNDOWN_REF_CACHE_AWARE; // // Executive Rundown Wait Block // typedef struct _EX_RUNDOWN_WAIT_BLOCK { ULONG_PTR Count; KEVENT WakeEvent; } EX_RUNDOWN_WAIT_BLOCK, *PEX_RUNDOWN_WAIT_BLOCK; // // Executive Pushlock // #undef EX_PUSH_LOCK #undef PEX_PUSH_LOCK typedef struct _EX_PUSH_LOCK { union { struct { ULONG_PTR Locked:1; ULONG_PTR Waiting:1; ULONG_PTR Waking:1; ULONG_PTR MultipleShared:1; ULONG_PTR Shared:sizeof (ULONG_PTR) * 8 - 4; }; ULONG_PTR Value; PVOID Ptr; }; } EX_PUSH_LOCK, *PEX_PUSH_LOCK; // // Executive Pushlock Wait Block // typedef __ALIGNED(16) struct _EX_PUSH_LOCK_WAIT_BLOCK { union { KGATE WakeGate; KEVENT WakeEvent; }; struct _EX_PUSH_LOCK_WAIT_BLOCK *Next; struct _EX_PUSH_LOCK_WAIT_BLOCK *Last; struct _EX_PUSH_LOCK_WAIT_BLOCK *Previous; LONG ShareCount; LONG Flags; #if DBG BOOLEAN Signaled; EX_PUSH_LOCK NewValue; EX_PUSH_LOCK OldValue; PEX_PUSH_LOCK PushLock; #endif } EX_PUSH_LOCK_WAIT_BLOCK, *PEX_PUSH_LOCK_WAIT_BLOCK; // // Callback Object // typedef struct _CALLBACK_OBJECT { ULONG Signature; KSPIN_LOCK Lock; LIST_ENTRY RegisteredCallbacks; BOOLEAN AllowMultipleCallbacks; UCHAR reserved[3]; } CALLBACK_OBJECT, *PCALLBACK_OBJECT; // // Callback Handle // typedef struct _CALLBACK_REGISTRATION { LIST_ENTRY Link; PCALLBACK_OBJECT CallbackObject; PCALLBACK_FUNCTION CallbackFunction; PVOID CallbackContext; ULONG Busy; BOOLEAN UnregisterWaiting; } CALLBACK_REGISTRATION, *PCALLBACK_REGISTRATION; // // Internal Callback Object // typedef struct _EX_CALLBACK_ROUTINE_BLOCK { EX_RUNDOWN_REF RundownProtect; PEX_CALLBACK_FUNCTION Function; PVOID Context; } EX_CALLBACK_ROUTINE_BLOCK, *PEX_CALLBACK_ROUTINE_BLOCK; // // Internal Callback Handle // typedef struct _EX_CALLBACK { EX_FAST_REF RoutineBlock; } EX_CALLBACK, *PEX_CALLBACK; // // Profile Object // typedef struct _EPROFILE { PEPROCESS Process; PVOID RangeBase; SIZE_T RangeSize; PVOID Buffer; ULONG BufferSize; ULONG BucketSize; PKPROFILE ProfileObject; PVOID LockedBufferAddress; PMDL Mdl; ULONG Segment; KPROFILE_SOURCE ProfileSource; KAFFINITY Affinity; } EPROFILE, *PEPROFILE; // // Handle Table Structures // typedef struct _HANDLE_TRACE_DB_ENTRY { CLIENT_ID ClientId; HANDLE Handle; ULONG Type; PVOID StackTrace[16]; } HANDLE_TRACE_DB_ENTRY, *PHANDLE_TRACE_DB_ENTRY; typedef struct _HANDLE_TRACE_DEBUG_INFO { LONG RefCount; ULONG TableSize; ULONG BitMaskFlags; FAST_MUTEX CloseCompatcionLock; ULONG CurrentStackIndex; HANDLE_TRACE_DB_ENTRY TraceDb[1]; } HANDLE_TRACE_DEBUG_INFO, *PHANDLE_TRACE_DEBUG_INFO; typedef struct _HANDLE_TABLE_ENTRY_INFO { ULONG AuditMask; } HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO; typedef struct _HANDLE_TABLE_ENTRY { union { PVOID Object; ULONG_PTR ObAttributes; PHANDLE_TABLE_ENTRY_INFO InfoTable; ULONG_PTR Value; }; union { ULONG GrantedAccess; struct { USHORT GrantedAccessIndex; USHORT CreatorBackTraceIndex; }; LONG NextFreeTableEntry; }; } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; typedef struct _HANDLE_TABLE { #if (NTDDI_VERSION >= NTDDI_WINXP) ULONG TableCode; #else PHANDLE_TABLE_ENTRY **Table; #endif PEPROCESS QuotaProcess; PVOID UniqueProcessId; #if (NTDDI_VERSION >= NTDDI_WINXP) EX_PUSH_LOCK HandleTableLock[4]; LIST_ENTRY HandleTableList; EX_PUSH_LOCK HandleContentionEvent; #else ERESOURCE HandleLock; LIST_ENTRY HandleTableList; KEVENT HandleContentionEvent; #endif PHANDLE_TRACE_DEBUG_INFO DebugInfo; LONG ExtraInfoPages; #if (NTDDI_VERSION >= NTDDI_LONGHORN) union { ULONG Flags; UCHAR StrictFIFO:1; }; LONG FirstFreeHandle; PHANDLE_TABLE_ENTRY LastFreeHandleEntry; LONG HandleCount; ULONG NextHandleNeedingPool; #else ULONG FirstFree; ULONG LastFree; ULONG NextHandleNeedingPool; LONG HandleCount; union { ULONG Flags; UCHAR StrictFIFO:1; }; #endif } HANDLE_TABLE, *PHANDLE_TABLE; #endif // // Hard Error LPC Message // typedef struct _HARDERROR_MSG { PORT_MESSAGE h; NTSTATUS Status; LARGE_INTEGER ErrorTime; ULONG ValidResponseOptions; ULONG Response; ULONG NumberOfParameters; ULONG UnicodeStringParameterMask; ULONG Parameters[MAXIMUM_HARDERROR_PARAMETERS]; } HARDERROR_MSG, *PHARDERROR_MSG; // // Information Structures for NtQueryMutant // typedef struct _MUTANT_BASIC_INFORMATION { LONG CurrentCount; BOOLEAN OwnedByCaller; BOOLEAN AbandonedState; } MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION; typedef struct _MUTANT_OWNER_INFORMATION { CLIENT_ID ClientId; } MUTANT_OWNER_INFORMATION, *PMUTANT_OWNER_INFORMATION; // // Information Structures for NtQueryAtom // typedef struct _ATOM_BASIC_INFORMATION { USHORT UsageCount; USHORT Flags; USHORT NameLength; WCHAR Name[1]; } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; typedef struct _ATOM_TABLE_INFORMATION { ULONG NumberOfAtoms; USHORT Atoms[1]; } ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION; // // Information Structures for NtQueryTimer // typedef struct _TIMER_BASIC_INFORMATION { LARGE_INTEGER TimeRemaining; BOOLEAN SignalState; } TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION; // // Information Structures for NtQuerySemaphore // typedef struct _SEMAPHORE_BASIC_INFORMATION { LONG CurrentCount; LONG MaximumCount; } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION; // // Information Structures for NtQueryEvent // typedef struct _EVENT_BASIC_INFORMATION { EVENT_TYPE EventType; LONG EventState; } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; // // Information Structures for NtQuerySystemInformation // typedef struct _SYSTEM_BASIC_INFORMATION { ULONG Reserved; ULONG TimerResolution; ULONG PageSize; ULONG NumberOfPhysicalPages; ULONG LowestPhysicalPageNumber; ULONG HighestPhysicalPageNumber; ULONG AllocationGranularity; ULONG_PTR MinimumUserModeAddress; ULONG_PTR MaximumUserModeAddress; ULONG_PTR ActiveProcessorsAffinityMask; CCHAR NumberOfProcessors; } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; // Class 1 typedef struct _SYSTEM_PROCESSOR_INFORMATION { USHORT ProcessorArchitecture; USHORT ProcessorLevel; USHORT ProcessorRevision; USHORT Reserved; ULONG ProcessorFeatureBits; } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; // Class 2 typedef struct _SYSTEM_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleProcessTime; LARGE_INTEGER IoReadTransferCount; LARGE_INTEGER IoWriteTransferCount; LARGE_INTEGER IoOtherTransferCount; ULONG IoReadOperationCount; ULONG IoWriteOperationCount; ULONG IoOtherOperationCount; ULONG AvailablePages; ULONG CommittedPages; ULONG CommitLimit; ULONG PeakCommitment; ULONG PageFaultCount; ULONG CopyOnWriteCount; ULONG TransitionCount; ULONG CacheTransitionCount; ULONG DemandZeroCount; ULONG PageReadCount; ULONG PageReadIoCount; ULONG CacheReadCount; ULONG CacheIoCount; ULONG DirtyPagesWriteCount; ULONG DirtyWriteIoCount; ULONG MappedPagesWriteCount; ULONG MappedWriteIoCount; ULONG PagedPoolPages; ULONG NonPagedPoolPages; ULONG PagedPoolAllocs; ULONG PagedPoolFrees; ULONG NonPagedPoolAllocs; ULONG NonPagedPoolFrees; ULONG FreeSystemPtes; ULONG ResidentSystemCodePage; ULONG TotalSystemDriverPages; ULONG TotalSystemCodePages; ULONG NonPagedPoolLookasideHits; ULONG PagedPoolLookasideHits; ULONG Spare3Count; ULONG ResidentSystemCachePage; ULONG ResidentPagedPoolPage; ULONG ResidentSystemDriverPage; ULONG CcFastReadNoWait; ULONG CcFastReadWait; ULONG CcFastReadResourceMiss; ULONG CcFastReadNotPossible; ULONG CcFastMdlReadNoWait; ULONG CcFastMdlReadWait; ULONG CcFastMdlReadResourceMiss; ULONG CcFastMdlReadNotPossible; ULONG CcMapDataNoWait; ULONG CcMapDataWait; ULONG CcMapDataNoWaitMiss; ULONG CcMapDataWaitMiss; ULONG CcPinMappedDataCount; ULONG CcPinReadNoWait; ULONG CcPinReadWait; ULONG CcPinReadNoWaitMiss; ULONG CcPinReadWaitMiss; ULONG CcCopyReadNoWait; ULONG CcCopyReadWait; ULONG CcCopyReadNoWaitMiss; ULONG CcCopyReadWaitMiss; ULONG CcMdlReadNoWait; ULONG CcMdlReadWait; ULONG CcMdlReadNoWaitMiss; ULONG CcMdlReadWaitMiss; ULONG CcReadAheadIos; ULONG CcLazyWriteIos; ULONG CcLazyWritePages; ULONG CcDataFlushes; ULONG CcDataPages; ULONG ContextSwitches; ULONG FirstLevelTbFills; ULONG SecondLevelTbFills; ULONG SystemCalls; } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; // Class 3 typedef struct _SYSTEM_TIMEOFDAY_INFORMATION { LARGE_INTEGER BootTime; LARGE_INTEGER CurrentTime; LARGE_INTEGER TimeZoneBias; ULONG TimeZoneId; ULONG Reserved; LARGE_INTEGER BootTimeBias; LARGE_INTEGER SleepTimeBias; } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; // Class 4 // This class is obsolete, please use KUSER_SHARED_DATA instead // Class 5 typedef struct _SYSTEM_THREAD_INFORMATION { LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER CreateTime; ULONG WaitTime; PVOID StartAddress; CLIENT_ID ClientId; KPRIORITY Priority; LONG BasePriority; ULONG ContextSwitches; ULONG ThreadState; ULONG WaitReason; } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; typedef struct _SYSTEM_PROCESS_INFORMATION { ULONG NextEntryOffset; ULONG NumberOfThreads; LARGE_INTEGER SpareLi1; LARGE_INTEGER SpareLi2; LARGE_INTEGER SpareLi3; LARGE_INTEGER CreateTime; LARGE_INTEGER UserTime; LARGE_INTEGER KernelTime; UNICODE_STRING ImageName; KPRIORITY BasePriority; HANDLE UniqueProcessId; HANDLE InheritedFromUniqueProcessId; ULONG HandleCount; ULONG SessionId; ULONG_PTR PageDirectoryBase; // // This part corresponds to VM_COUNTERS_EX. // NOTE: *NOT* THE SAME AS VM_COUNTERS! // SIZE_T PeakVirtualSize; ULONG VirtualSize; SIZE_T PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; SIZE_T PrivatePageCount; // // This part corresponds to IO_COUNTERS // LARGE_INTEGER ReadOperationCount; LARGE_INTEGER WriteOperationCount; LARGE_INTEGER OtherOperationCount; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; //SYSTEM_THREAD_INFORMATION TH[1]; } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; // Class 6 typedef struct _SYSTEM_CALL_COUNT_INFORMATION { ULONG Length; ULONG NumberOfTables; } SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION; // Class 7 typedef struct _SYSTEM_DEVICE_INFORMATION { ULONG NumberOfDisks; ULONG NumberOfFloppies; ULONG NumberOfCdRoms; ULONG NumberOfTapes; ULONG NumberOfSerialPorts; ULONG NumberOfParallelPorts; } SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION; // Class 8 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER DpcTime; LARGE_INTEGER InterruptTime; ULONG InterruptCount; } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; // Class 9 typedef struct _SYSTEM_FLAGS_INFORMATION { ULONG Flags; } SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION; // Class 10 typedef struct _SYSTEM_CALL_TIME_INFORMATION { ULONG Length; ULONG TotalCalls; LARGE_INTEGER TimeOfCalls[1]; } SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION; // Class 11 - See RTL_PROCESS_MODULES // Class 12 - See RTL_PROCESS_LOCKS // Class 13 - See RTL_PROCESS_BACKTRACES // Class 14 - 15 typedef struct _SYSTEM_POOL_ENTRY { BOOLEAN Allocated; BOOLEAN Spare0; USHORT AllocatorBackTraceIndex; ULONG Size; union { UCHAR Tag[4]; ULONG TagUlong; PVOID ProcessChargedQuota; }; } SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY; typedef struct _SYSTEM_POOL_INFORMATION { ULONG TotalSize; PVOID FirstEntry; USHORT EntryOverhead; BOOLEAN PoolTagPresent; BOOLEAN Spare0; ULONG NumberOfEntries; SYSTEM_POOL_ENTRY Entries[1]; } SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION; // Class 16 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { USHORT UniqueProcessId; USHORT CreatorBackTraceIndex; UCHAR ObjectTypeIndex; UCHAR HandleAttributes; USHORT HandleValue; PVOID Object; ULONG GrantedAccess; } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; typedef struct _SYSTEM_HANDLE_INFORMATION { ULONG NumberOfHandles; SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; // Class 17 typedef struct _SYSTEM_OBJECTTYPE_INFORMATION { ULONG NextEntryOffset; ULONG NumberOfObjects; ULONG NumberOfHandles; ULONG TypeIndex; ULONG InvalidAttributes; GENERIC_MAPPING GenericMapping; ULONG ValidAccessMask; ULONG PoolType; BOOLEAN SecurityRequired; BOOLEAN WaitableObject; UNICODE_STRING TypeName; } SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION; typedef struct _SYSTEM_OBJECT_INFORMATION { ULONG NextEntryOffset; PVOID Object; HANDLE CreatorUniqueProcess; USHORT CreatorBackTraceIndex; USHORT Flags; LONG PointerCount; LONG HandleCount; ULONG PagedPoolCharge; ULONG NonPagedPoolCharge; HANDLE ExclusiveProcessId; PVOID SecurityDescriptor; OBJECT_NAME_INFORMATION NameInfo; } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; // Class 18 typedef struct _SYSTEM_PAGEFILE_INFORMATION { ULONG NextEntryOffset; ULONG TotalSize; ULONG TotalInUse; ULONG PeakUsage; UNICODE_STRING PageFileName; } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; // Class 19 typedef struct _SYSTEM_VDM_INSTEMUL_INFO { ULONG SegmentNotPresent; ULONG VdmOpcode0F; ULONG OpcodeESPrefix; ULONG OpcodeCSPrefix; ULONG OpcodeSSPrefix; ULONG OpcodeDSPrefix; ULONG OpcodeFSPrefix; ULONG OpcodeGSPrefix; ULONG OpcodeOPER32Prefix; ULONG OpcodeADDR32Prefix; ULONG OpcodeINSB; ULONG OpcodeINSW; ULONG OpcodeOUTSB; ULONG OpcodeOUTSW; ULONG OpcodePUSHF; ULONG OpcodePOPF; ULONG OpcodeINTnn; ULONG OpcodeINTO; ULONG OpcodeIRET; ULONG OpcodeINBimm; ULONG OpcodeINWimm; ULONG OpcodeOUTBimm; ULONG OpcodeOUTWimm ; ULONG OpcodeINB; ULONG OpcodeINW; ULONG OpcodeOUTB; ULONG OpcodeOUTW; ULONG OpcodeLOCKPrefix; ULONG OpcodeREPNEPrefix; ULONG OpcodeREPPrefix; ULONG OpcodeHLT; ULONG OpcodeCLI; ULONG OpcodeSTI; ULONG BopCount; } SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO; // Class 20 - ULONG VDMBOPINFO // Class 21 typedef struct _SYSTEM_FILECACHE_INFORMATION { ULONG CurrentSize; ULONG PeakSize; ULONG PageFaultCount; ULONG MinimumWorkingSet; ULONG MaximumWorkingSet; ULONG CurrentSizeIncludingTransitionInPages; ULONG PeakSizeIncludingTransitionInPages; ULONG TransitionRePurposeCount; ULONG Flags; } SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION; // Class 22 typedef struct _SYSTEM_POOLTAG { union { UCHAR Tag[4]; ULONG TagUlong; }; ULONG PagedAllocs; ULONG PagedFrees; ULONG PagedUsed; ULONG NonPagedAllocs; ULONG NonPagedFrees; ULONG NonPagedUsed; } SYSTEM_POOLTAG, *PSYSTEM_POOLTAG; typedef struct _SYSTEM_POOLTAG_INFORMATION { ULONG Count; SYSTEM_POOLTAG TagInfo[1]; } SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION; // Class 23 typedef struct _SYSTEM_INTERRUPT_INFORMATION { ULONG ContextSwitches; ULONG DpcCount; ULONG DpcRate; ULONG TimeIncrement; ULONG DpcBypassCount; ULONG ApcBypassCount; } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION; // Class 24 typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION { ULONG Spare; ULONG DpcQueueDepth; ULONG MinimumDpcRate; ULONG AdjustDpcThreshold; ULONG IdealDpcRate; } SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION; // Class 25 typedef struct _SYSTEM_MEMORY_INFO { PUCHAR StringOffset; USHORT ValidCount; USHORT TransitionCount; USHORT ModifiedCount; USHORT PageTableCount; } SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO; typedef struct _SYSTEM_MEMORY_INFORMATION { ULONG InfoSize; ULONG StringStart; SYSTEM_MEMORY_INFO Memory[1]; } SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION; // Class 26 typedef struct _SYSTEM_GDI_DRIVER_INFORMATION { UNICODE_STRING DriverName; PVOID ImageAddress; PVOID SectionPointer; PVOID EntryPoint; PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; ULONG ImageLength; } SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION; // Class 27 // Not an actually class, simply a PVOID to the ImageAddress // Class 28 typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION { ULONG TimeAdjustment; ULONG TimeIncrement; BOOLEAN Enable; } SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION; typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION { ULONG TimeAdjustment; BOOLEAN Enable; } SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION; // Class 29 - Same as 25 // FIXME: Class 30 // Class 31 typedef struct _SYSTEM_REF_TRACE_INFORMATION { UCHAR TraceEnable; UCHAR TracePermanent; UNICODE_STRING TraceProcessName; UNICODE_STRING TracePoolTags; } SYSTEM_REF_TRACE_INFORMATION, *PSYSTEM_REF_TRACE_INFORMATION; // Class 32 - OBSOLETE // Class 33 typedef struct _SYSTEM_EXCEPTION_INFORMATION { ULONG AlignmentFixupCount; ULONG ExceptionDispatchCount; ULONG FloatingEmulationCount; ULONG ByteWordEmulationCount; } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; // Class 34 typedef struct _SYSTEM_CRASH_STATE_INFORMATION { ULONG ValidCrashDump; } SYSTEM_CRASH_STATE_INFORMATION, *PSYSTEM_CRASH_STATE_INFORMATION; // Class 35 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { BOOLEAN KernelDebuggerEnabled; BOOLEAN KernelDebuggerNotPresent; } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; // Class 36 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { ULONG ContextSwitches; ULONG FindAny; ULONG FindLast; ULONG FindIdeal; ULONG IdleAny; ULONG IdleCurrent; ULONG IdleLast; ULONG IdleIdeal; ULONG PreemptAny; ULONG PreemptCurrent; ULONG PreemptLast; ULONG SwitchToIdle; } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; // Class 37 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { ULONG RegistryQuotaAllowed; ULONG RegistryQuotaUsed; ULONG PagedPoolSize; } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; // Class 38 // Not a structure, simply send the UNICODE_STRING // Class 39 // Not a structure, simply send a ULONG containing the new separation // Class 40 typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION { ULONG BusCount; PLUGPLAY_BUS_INSTANCE BusInstance[1]; } SYSTEM_PLUGPLAY_BUS_INFORMATION, *PSYSTEM_PLUGPLAY_BUS_INFORMATION; // Class 41 typedef struct _SYSTEM_DOCK_INFORMATION { SYSTEM_DOCK_STATE DockState; INTERFACE_TYPE DeviceBusType; ULONG DeviceBusNumber; ULONG SlotNumber; } SYSTEM_DOCK_INFORMATION, *PSYSTEM_DOCK_INFORMATION; // Class 42 typedef struct _SYSTEM_POWER_INFORMATION_NATIVE { BOOLEAN SystemSuspendSupported; BOOLEAN SystemHibernateSupported; BOOLEAN ResumeTimerSupportsSuspend; BOOLEAN ResumeTimerSupportsHibernate; BOOLEAN LidSupported; BOOLEAN TurboSettingSupported; BOOLEAN TurboMode; BOOLEAN SystemAcOrDc; BOOLEAN PowerDownDisabled; LARGE_INTEGER SpindownDrives; } SYSTEM_POWER_INFORMATION_NATIVE, *PSYSTEM_POWER_INFORMATION_NATIVE; // Class 43 typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION { PNP_VETO_TYPE VetoType; UNICODE_STRING VetoDriver; // CHAR Buffer[0]; } SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION; // Class 44 //typedef struct _TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION; // Class 45 typedef struct _SYSTEM_LOOKASIDE_INFORMATION { USHORT CurrentDepth; USHORT MaximumDepth; ULONG TotalAllocates; ULONG AllocateMisses; ULONG TotalFrees; ULONG FreeMisses; ULONG Type; ULONG Tag; ULONG Size; } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; // Class 46 // Not a structure. Only a HANDLE for the SlipEvent; // Class 47 // Not a structure. Only a ULONG for the SessionId; // Class 48 // Not a structure. Only a ULONG for the SessionId; // FIXME: Class 49 // Class 50 // Not a structure. Only a ULONG_PTR for the SystemRangeStart // Class 51 typedef struct _SYSTEM_VERIFIER_INFORMATION { ULONG NextEntryOffset; ULONG Level; UNICODE_STRING DriverName; ULONG RaiseIrqls; ULONG AcquireSpinLocks; ULONG SynchronizeExecutions; ULONG AllocationsAttempted; ULONG AllocationsSucceeded; ULONG AllocationsSucceededSpecialPool; ULONG AllocationsWithNoTag; ULONG TrimRequests; ULONG Trims; ULONG AllocationsFailed; ULONG AllocationsFailedDeliberately; ULONG Loads; ULONG Unloads; ULONG UnTrackedPool; ULONG CurrentPagedPoolAllocations; ULONG CurrentNonPagedPoolAllocations; ULONG PeakPagedPoolAllocations; ULONG PeakNonPagedPoolAllocations; ULONG PagedPoolUsageInBytes; ULONG NonPagedPoolUsageInBytes; ULONG PeakPagedPoolUsageInBytes; ULONG PeakNonPagedPoolUsageInBytes; } SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION; // FIXME: Class 52 // Class 53 typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION { ULONG SessionId; ULONG SizeOfBuf; PVOID Buffer; // Same format as in SystemProcessInformation } SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION; // FIXME: Class 54-97 // // Hotpatch flags // #define RTL_HOTPATCH_SUPPORTED_FLAG 0x01 #define RTL_HOTPATCH_SWAP_OBJECT_NAMES 0x08 << 24 #define RTL_HOTPATCH_SYNC_RENAME_FILES 0x10 << 24 #define RTL_HOTPATCH_PATCH_USER_MODE 0x20 << 24 #define RTL_HOTPATCH_REMAP_SYSTEM_DLL 0x40 << 24 #define RTL_HOTPATCH_PATCH_KERNEL_MODE 0x80 << 24 // Class 69 typedef struct _SYSTEM_HOTPATCH_CODE_INFORMATION { ULONG Flags; ULONG InfoSize; union { struct { ULONG Foo; } CodeInfo; struct { USHORT NameOffset; USHORT NameLength; } KernelInfo; struct { USHORT NameOffset; USHORT NameLength; USHORT TargetNameOffset; USHORT TargetNameLength; UCHAR PatchingFinished; } UserModeInfo; struct { USHORT NameOffset; USHORT NameLength; USHORT TargetNameOffset; USHORT TargetNameLength; UCHAR PatchingFinished; NTSTATUS ReturnCode; HANDLE TargetProcess; } InjectionInfo; struct { HANDLE FileHandle1; PIO_STATUS_BLOCK IoStatusBlock1; PVOID RenameInformation1; PVOID RenameInformationLength1; HANDLE FileHandle2; PIO_STATUS_BLOCK IoStatusBlock2; PVOID RenameInformation2; PVOID RenameInformationLength2; } RenameInfo; struct { HANDLE ParentDirectory; HANDLE ObjectHandle1; HANDLE ObjectHandle2; } AtomicSwap; }; } SYSTEM_HOTPATCH_CODE_INFORMATION, *PSYSTEM_HOTPATCH_CODE_INFORMATION; // // Class 75 // #ifdef NTOS_MODE_USER typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER { ULONG ProviderSignature; BOOLEAN Register; PFNFTH FirmwareTableHandler; PVOID DriverObject; } SYSTEM_FIRMWARE_TABLE_HANDLER, *PSYSTEM_FIRMWARE_TABLE_HANDLER; // // Class 76 // typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION { ULONG ProviderSignature; SYSTEM_FIRMWARE_TABLE_ACTION Action; ULONG TableID; ULONG TableBufferLength; UCHAR TableBuffer[1]; } SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION; // // Class 81 // typedef struct _SYSTEM_MEMORY_LIST_INFORMATION { SIZE_T ZeroPageCount; SIZE_T FreePageCount; SIZE_T ModifiedPageCount; SIZE_T ModifiedNoWritePageCount; SIZE_T BadPageCount; SIZE_T PageCountByPriority[8]; SIZE_T RepurposedPagesByPriority[8]; } SYSTEM_MEMORY_LIST_INFORMATION, *PSYSTEM_MEMORY_LIST_INFORMATION; #endif #endif ================================================ FILE: ndk/halfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: halfuncs.h Abstract: Function definitions for the HAL. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _HALFUNCS_H #define _HALFUNCS_H // // Dependencies // #include #include #include #ifndef NTOS_MODE_USER // // Private HAL Callbacks // #define HalHandlerForBus HALPRIVATEDISPATCH->HalHandlerForBus #define HalHandlerForConfigSpace HALPRIVATEDISPATCH->HalHandlerForConfigSpace #define HalLocateHiberRanges HALPRIVATEDISPATCH->HalLocateHiberRanges #define HalRegisterBusHandler HALPRIVATEDISPATCH->HalRegisterBusHandler #define HalSetWakeEnable HALPRIVATEDISPATCH->HalSetWakeEnable #define HalSetWakeAlarm HALPRIVATEDISPATCH->HalSetWakeAlarm #define HalPciTranslateBusAddress HALPRIVATEDISPATCH->HalPciTranslateBusAddress #define HalPciAssignSlotResources HALPRIVATEDISPATCH->HalPciAssignSlotResources #define HalHaltSystem HALPRIVATEDISPATCH->HalHaltSystem #define HalFindBusAddressTranslation HALPRIVATEDISPATCH->HalFindBusAddressTranslation #define HalResetDisplay HALPRIVATEDISPATCH->HalResetDisplay #define HalAllocateMapRegisters HALPRIVATEDISPATCH->HalAllocateMapRegisters #define KdSetupPciDeviceForDebugging HALPRIVATEDISPATCH->KdSetupPciDeviceForDebugging #define KdReleasePciDeviceforDebugging HALPRIVATEDISPATCH->KdReleasePciDeviceforDebugging #define KdGetAcpiTablePhase0 HALPRIVATEDISPATCH->KdGetAcpiTablePhase0 #define KdCheckPowerButton HALPRIVATEDISPATCH->KdCheckPowerButton #define HalVectorToIDTEntry HALPRIVATEDISPATCH->HalVectorToIDTEntry #define KdMapPhysicalMemory64 HALPRIVATEDISPATCH->KdMapPhysicalMemory64 #define KdUnmapVirtualAddress HALPRIVATEDISPATCH->KdUnmapVirtualAddress // // The DDK steals these away from you. // #ifdef _MSC_VER void __cdecl _enable(void); void __cdecl _disable(void); #pragma intrinsic(_enable) #pragma intrinsic(_disable) #endif // // Display Functions // NTHALAPI VOID NTAPI HalDisplayString( IN PCHAR String ); // // Initialization Functions // NTHALAPI BOOLEAN NTAPI HalAllProcessorsStarted( VOID ); #ifdef _ARC_ NTHALAPI VOID NTAPI HalInitializeProcessor( ULONG ProcessorNumber, struct _LOADER_PARAMETER_BLOCK *LoaderBlock ); NTHALAPI BOOLEAN NTAPI HalInitSystem( ULONG BootPhase, struct _LOADER_PARAMETER_BLOCK *LoaderBlock ); NTHALAPI BOOLEAN NTAPI HalStartNextProcessor( IN struct _LOADER_PARAMETER_BLOCK *LoaderBlock, IN PKPROCESSOR_STATE ProcessorState ); #endif NTHALAPI VOID NTAPI HalReturnToFirmware( FIRMWARE_REENTRY Action ); // // CPU Routines // NTHALAPI VOID NTAPI HalProcessorIdle( VOID ); // // Interrupt Functions // NTHALAPI BOOLEAN NTAPI HalBeginSystemInterrupt( KIRQL Irql, ULONG Vector, PKIRQL OldIrql ); NTHALAPI BOOLEAN NTAPI HalDisableSystemInterrupt( ULONG Vector, KIRQL Irql ); NTHALAPI BOOLEAN NTAPI HalEnableSystemInterrupt( ULONG Vector, KIRQL Irql, KINTERRUPT_MODE InterruptMode ); NTHALAPI VOID NTAPI HalEndSystemInterrupt( KIRQL Irql, ULONG Vector ); NTHALAPI VOID NTAPI HalReportResourceUsage( VOID ); NTHALAPI VOID FASTCALL HalRequestSoftwareInterrupt( KIRQL SoftwareInterruptRequested ); NTHALAPI VOID NTAPI HalRequestIpi( KAFFINITY TargetSet ); NTHALAPI VOID NTAPI HalHandleNMI( PVOID NmiInfo ); // // Environment Functions // #ifdef _ARC_ NTHALAPI ARC_STATUS NTAPI HalSetEnvironmentVariable( IN PCH Name, IN PCH Value ); NTHALAPI ARC_STATUS NTAPI HalGetEnvironmentVariable( IN PCH Variable, IN USHORT Length, OUT PCH Buffer ); #endif // // Time Functions // NTHALAPI BOOLEAN NTAPI HalQueryRealTimeClock( IN PTIME_FIELDS RtcTime ); NTHALAPI BOOLEAN NTAPI HalSetRealTimeClock( IN PTIME_FIELDS RtcTime ); #endif #endif ================================================ FILE: ndk/haltypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: haltypes.h Abstract: Type definitions for the HAL. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _HALTYPES_H #define _HALTYPES_H // // Dependencies // #include #ifndef NTOS_MODE_USER // // HalShutdownSystem Types // typedef enum _FIRMWARE_REENTRY { HalHaltRoutine, HalPowerDownRoutine, HalRestartRoutine, HalRebootRoutine, HalInteractiveModeRoutine, HalMaximumRoutine } FIRMWARE_REENTRY, *PFIRMWARE_REENTRY; // // HAL Private function Types // typedef PBUS_HANDLER (NTAPI *pHalHandlerForConfigSpace)( IN BUS_DATA_TYPE ConfigSpace, IN ULONG BusNumber ); typedef NTSTATUS (NTAPI *PINSTALL_BUS_HANDLER)( IN PBUS_HANDLER Bus ); typedef NTSTATUS (NTAPI *pHalRegisterBusHandler)( IN INTERFACE_TYPE InterfaceType, IN BUS_DATA_TYPE ConfigSpace, IN ULONG BusNumber, IN INTERFACE_TYPE ParentInterfaceType, IN ULONG ParentBusNumber, IN ULONG ContextSize, IN PINSTALL_BUS_HANDLER InstallCallback, OUT PBUS_HANDLER *BusHandler ); typedef VOID (NTAPI *pHalSetWakeEnable)( IN BOOLEAN Enable ); typedef VOID (NTAPI *pHalSetWakeAlarm)( IN ULONGLONG AlartTime, IN PTIME_FIELDS TimeFields ); typedef VOID (NTAPI *pHalLocateHiberRanges)( IN PVOID MemoryMap ); typedef BOOLEAN (NTAPI *pHalAllocateMapRegisters)( IN PADAPTER_OBJECT AdapterObject, IN ULONG Unknown, IN ULONG Unknown2, PMAP_REGISTER_ENTRY Registers ); // // HAL Bus Handler Callback Types // typedef NTSTATUS (NTAPI *pAdjustResourceList)( IN PBUS_HANDLER BusHandler, IN ULONG BusNumber, IN OUT PCM_RESOURCE_LIST Resources ); typedef NTSTATUS (NTAPI *pAssignSlotResources)( IN PBUS_HANDLER BusHandler, IN PBUS_HANDLER RootHandler, IN PUNICODE_STRING RegistryPath, IN PUNICODE_STRING DriverClassName, IN PDRIVER_OBJECT DriverObject, IN PDEVICE_OBJECT DeviceObject, IN ULONG SlotNumber, IN OUT PCM_RESOURCE_LIST *AllocatedResources ); typedef ULONG (NTAPI *pGetSetBusData)( IN PBUS_HANDLER BusHandler, IN PBUS_HANDLER RootHandler, IN PCI_SLOT_NUMBER SlotNumber, OUT PUCHAR Buffer, IN ULONG Offset, IN ULONG Length ); typedef ULONG (NTAPI *pGetInterruptVector)( IN PBUS_HANDLER BusHandler, IN ULONG BusNumber, IN ULONG BusInterruptLevel, IN ULONG BusInterruptVector, OUT PKIRQL Irql, OUT PKAFFINITY Affinity ); typedef ULONG (NTAPI *pTranslateBusAddress)( IN PBUS_HANDLER BusHandler, IN ULONG BusNumber, IN PHYSICAL_ADDRESS BusAddress, IN OUT PULONG AddressSpace, OUT PPHYSICAL_ADDRESS TranslatedAddress ); // // Hal Private dispatch Table // #define HAL_PRIVATE_DISPATCH_VERSION 2 typedef struct _HAL_PRIVATE_DISPATCH { ULONG Version; pHalHandlerForBus HalHandlerForBus; pHalHandlerForConfigSpace HalHandlerForConfigSpace; pHalLocateHiberRanges HalLocateHiberRanges; pHalRegisterBusHandler HalRegisterBusHandler; pHalSetWakeEnable HalSetWakeEnable; pHalSetWakeAlarm HalSetWakeAlarm; pHalTranslateBusAddress HalPciTranslateBusAddress; pHalAssignSlotResources HalPciAssignSlotResources; pHalHaltSystem HalHaltSystem; pHalFindBusAddressTranslation HalFindBusAddressTranslation; pHalResetDisplay HalResetDisplay; pHalAllocateMapRegisters HalAllocateMapRegisters; pKdSetupPciDeviceForDebugging KdSetupPciDeviceForDebugging; pKdReleasePciDeviceForDebugging KdReleasePciDeviceforDebugging; pKdGetAcpiTablePhase0 KdGetAcpiTablePhase0; pKdCheckPowerButton KdCheckPowerButton; pHalVectorToIDTEntry HalVectorToIDTEntry; pKdMapPhysicalMemory64 KdMapPhysicalMemory64; pKdUnmapVirtualAddress KdUnmapVirtualAddress; #if (NTDDI_VERSION >= NTDDI_LONGHORN) pKdGetPciDataByOffset KdGetPciDataByOffset; pKdSetPciDataByOffset KdSetPciDataByOffset; PVOID HalGetInterruptVectorOverride; PVOID HalGetVectorInputOverride; #endif } HAL_PRIVATE_DISPATCH, *PHAL_PRIVATE_DISPATCH; // // HAL Bus Handler // typedef struct _BUS_HANDLER { ULONG Version; INTERFACE_TYPE InterfaceType; BUS_DATA_TYPE ConfigurationType; ULONG BusNumber; PDEVICE_OBJECT DeviceObject; struct _BUS_HANDLER *ParentHandler; PVOID BusData; ULONG DeviceControlExtensionSize; //PSUPPORTED_RANGES BusAddresses; ULONG Reserved[4]; pGetSetBusData GetBusData; pGetSetBusData SetBusData; pAdjustResourceList AdjustResourceList; pAssignSlotResources AssignSlotResources; pGetInterruptVector GetInterruptVector; pTranslateBusAddress TranslateBusAddress; } BUS_HANDLER; // // Kernel Exports // #if defined(_NTDRIVER_) || defined(_NTHAL_) extern NTSYSAPI PHAL_PRIVATE_DISPATCH HalPrivateDispatchTable; #define HALPRIVATEDISPATCH ((PHAL_PRIVATE_DISPATCH)&HalPrivateDispatchTable) #else extern NTSYSAPI HAL_PRIVATE_DISPATCH HalPrivateDispatchTable; #define HALPRIVATEDISPATCH (&HalPrivateDispatchTable) #endif // // HAL Exports // #ifndef _NTHAL_ extern NTHALAPI PUCHAR *KdComPortInUse; #endif #endif #endif ================================================ FILE: ndk/i386/ketypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ketypes.h (X86) Abstract: i386 Type definitions for the Kernel services. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _I386_KETYPES_H #define _I386_KETYPES_H // // Dependencies // // // Machine Types // #define MACHINE_TYPE_ISA 0x0000 #define MACHINE_TYPE_EISA 0x0001 #define MACHINE_TYPE_MCA 0x0002 // // X86 80386 Segment Types // #define I386_TASK_GATE 0x5 #define I386_TSS 0x9 #define I386_ACTIVE_TSS 0xB #define I386_CALL_GATE 0xC #define I386_INTERRUPT_GATE 0xE #define I386_TRAP_GATE 0xF // // Selector Names // #define RPL_MASK 0x0003 #define MODE_MASK 0x0001 #define KGDT_R0_CODE 0x8 #define KGDT_R0_DATA 0x10 #define KGDT_R3_CODE 0x18 #define KGDT_R3_DATA 0x20 #define KGDT_TSS 0x28 #define KGDT_R0_PCR 0x30 #define KGDT_R3_TEB 0x38 #define KGDT_LDT 0x48 #define KGDT_DF_TSS 0x50 #define KGDT_NMI_TSS 0x58 // // CR4 // #define CR4_VME 0x1 #define CR4_PVI 0x2 #define CR4_TSD 0x4 #define CR4_DE 0x8 #define CR4_PSE 0x10 #define CR4_PAE 0x20 #define CR4_MCE 0x40 #define CR4_PGE 0x80 #define CR4_FXSR 0x200 #define CR4_XMMEXCPT 0x400 // // EFlags // #define EFLAGS_CF 0x01L #define EFLAGS_ZF 0x40L #define EFLAGS_TF 0x100L #define EFLAGS_INTERRUPT_MASK 0x200L #define EFLAGS_DF 0x400L #define EFLAGS_NESTED_TASK 0x4000L #define EFLAGS_V86_MASK 0x20000 #define EFLAGS_ALIGN_CHECK 0x40000 #define EFLAGS_VIF 0x80000 #define EFLAGS_VIP 0x100000 #define EFLAGS_USER_SANITIZE 0x3F4DD7 #define EFLAG_SIGN 0x8000 #define EFLAG_ZERO 0x4000 // // IPI Types // #define IPI_APC 1 #define IPI_DPC 2 #define IPI_FREEZE 4 #define IPI_PACKET_READY 8 #define IPI_SYNCH_REQUEST 16 // // PRCB Flags // #define PRCB_MAJOR_VERSION 1 #define PRCB_BUILD_DEBUG 1 #define PRCB_BUILD_UNIPROCESSOR 2 // // HAL Variables // #define INITIAL_STALL_COUNT 0x64 // // IOPM Definitions // #define IO_ACCESS_MAP_NONE 0 #define IOPM_OFFSET FIELD_OFFSET(KTSS, IoMaps[0].IoMap) #define KiComputeIopmOffset(MapNumber) \ (MapNumber == IO_ACCESS_MAP_NONE) ? \ (USHORT)(sizeof(KTSS)) : \ (USHORT)(FIELD_OFFSET(KTSS, IoMaps[MapNumber-1].IoMap)) // // Static Kernel-Mode Address start (use MM_KSEG0_BASE for actual) // #define KSEG0_BASE 0x80000000 // // Synchronization-level IRQL // #ifndef CONFIG_SMP #define SYNCH_LEVEL DISPATCH_LEVEL #else #define SYNCH_LEVEL (IPI_LEVEL - 1) #endif // // Trap Frame Definition // typedef struct _KTRAP_FRAME { ULONG DbgEbp; ULONG DbgEip; ULONG DbgArgMark; ULONG DbgArgPointer; ULONG TempSegCs; ULONG TempEsp; ULONG Dr0; ULONG Dr1; ULONG Dr2; ULONG Dr3; ULONG Dr6; ULONG Dr7; ULONG SegGs; ULONG SegEs; ULONG SegDs; ULONG Edx; ULONG Ecx; ULONG Eax; ULONG PreviousPreviousMode; struct _EXCEPTION_REGISTRATION_RECORD FAR *ExceptionList; ULONG SegFs; ULONG Edi; ULONG Esi; ULONG Ebx; ULONG Ebp; ULONG ErrCode; ULONG Eip; ULONG SegCs; ULONG EFlags; ULONG HardwareEsp; ULONG HardwareSegSs; ULONG V86Es; ULONG V86Ds; ULONG V86Fs; ULONG V86Gs; } KTRAP_FRAME, *PKTRAP_FRAME; // // LDT Entry Definition // #ifndef _LDT_ENTRY_DEFINED #define _LDT_ENTRY_DEFINED typedef struct _LDT_ENTRY { USHORT LimitLow; USHORT BaseLow; union { struct { UCHAR BaseMid; UCHAR Flags1; UCHAR Flags2; UCHAR BaseHi; } Bytes; struct { ULONG BaseMid:8; ULONG Type:5; ULONG Dpl:2; ULONG Pres:1; ULONG LimitHi:4; ULONG Sys:1; ULONG Reserved_0:1; ULONG Default_Big:1; ULONG Granularity:1; ULONG BaseHi:8; } Bits; } HighWord; } LDT_ENTRY, *PLDT_ENTRY, *LPLDT_ENTRY; #endif // // GDT Entry Definition // typedef struct _KGDTENTRY { USHORT LimitLow; USHORT BaseLow; union { struct { UCHAR BaseMid; UCHAR Flags1; UCHAR Flags2; UCHAR BaseHi; } Bytes; struct { ULONG BaseMid:8; ULONG Type:5; ULONG Dpl:2; ULONG Pres:1; ULONG LimitHi:4; ULONG Sys:1; ULONG Reserved_0:1; ULONG Default_Big:1; ULONG Granularity:1; ULONG BaseHi:8; } Bits; } HighWord; } KGDTENTRY, *PKGDTENTRY; // // IDT Entry Access Definition // typedef struct _KIDT_ACCESS { union { struct { UCHAR Reserved; UCHAR SegmentType:4; UCHAR SystemSegmentFlag:1; UCHAR Dpl:2; UCHAR Present:1; }; USHORT Value; }; } KIDT_ACCESS, *PKIDT_ACCESS; // // IDT Entry Definition // typedef struct _KIDTENTRY { USHORT Offset; USHORT Selector; USHORT Access; USHORT ExtendedOffset; } KIDTENTRY, *PKIDTENTRY; typedef struct _DESCRIPTOR { USHORT Pad; USHORT Limit; ULONG Base; } KDESCRIPTOR, *PKDESCRIPTOR; #ifndef NTOS_MODE_USER // // Macro to get current KPRCB // FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID) { return (struct _KPRCB *)(ULONG_PTR)__readfsdword(FIELD_OFFSET(KPCR, Prcb)); } // // FN/FX (FPU) Save Area Structures // typedef struct _FNSAVE_FORMAT { ULONG ControlWord; ULONG StatusWord; ULONG TagWord; ULONG ErrorOffset; ULONG ErrorSelector; ULONG DataOffset; ULONG DataSelector; UCHAR RegisterArea[80]; } FNSAVE_FORMAT, *PFNSAVE_FORMAT; typedef struct _FXSAVE_FORMAT { USHORT ControlWord; USHORT StatusWord; USHORT TagWord; USHORT ErrorOpcode; ULONG ErrorOffset; ULONG ErrorSelector; ULONG DataOffset; ULONG DataSelector; ULONG MXCsr; ULONG MXCsrMask; UCHAR RegisterArea[128]; UCHAR Reserved3[128]; UCHAR Reserved4[224]; UCHAR Align16Byte[8]; } FXSAVE_FORMAT, *PFXSAVE_FORMAT; typedef struct _FX_SAVE_AREA { union { FNSAVE_FORMAT FnArea; FXSAVE_FORMAT FxArea; } U; ULONG NpxSavedCpu; ULONG Cr0NpxState; } FX_SAVE_AREA, *PFX_SAVE_AREA; // // Special Registers Structure (outside of CONTEXT) // typedef struct _KSPECIAL_REGISTERS { ULONG Cr0; ULONG Cr2; ULONG Cr3; ULONG Cr4; ULONG KernelDr0; ULONG KernelDr1; ULONG KernelDr2; ULONG KernelDr3; ULONG KernelDr6; ULONG KernelDr7; KDESCRIPTOR Gdtr; KDESCRIPTOR Idtr; USHORT Tr; USHORT Ldtr; ULONG Reserved[6]; } KSPECIAL_REGISTERS, *PKSPECIAL_REGISTERS; // // Processor State Data // typedef struct _KPROCESSOR_STATE { CONTEXT ContextFrame; KSPECIAL_REGISTERS SpecialRegisters; } KPROCESSOR_STATE, *PKPROCESSOR_STATE; // // Processor Region Control Block // #pragma pack(push,4) typedef struct _KPRCB { USHORT MinorVersion; USHORT MajorVersion; struct _KTHREAD *CurrentThread; struct _KTHREAD *NextThread; struct _KTHREAD *IdleThread; UCHAR Number; UCHAR Reserved; USHORT BuildType; KAFFINITY SetMember; UCHAR CpuType; UCHAR CpuID; USHORT CpuStep; KPROCESSOR_STATE ProcessorState; ULONG KernelReserved[16]; ULONG HalReserved[16]; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CFlushSize; UCHAR PrcbPad0[88]; #else UCHAR PrcbPad0[92]; #endif KSPIN_LOCK_QUEUE LockQueue[LockQueueMaximumLock]; struct _KTHREAD *NpxThread; ULONG InterruptCount; ULONG KernelTime; ULONG UserTime; ULONG DpcTime; ULONG DebugDpcTime; ULONG InterruptTime; ULONG AdjustDpcThreshold; ULONG PageColor; UCHAR SkipTick; UCHAR DebuggerSavedIRQL; #if (NTDDI_VERSION >= NTDDI_WS03) UCHAR NodeColor; #if (NTDDI_VERSION >= NTDDI_LONGHORN) UCHAR PollSlot; #else UCHAR Spare1; #endif ULONG NodeShiftedColor; #else UCHAR Spare1[6]; #endif struct _KNODE *ParentNode; ULONG MultiThreadProcessorSet; struct _KPRCB *MultiThreadSetMaster; #if (NTDDI_VERSION >= NTDDI_WS03) ULONG SecondaryColorMask; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG DpcTimeLimit; #else LONG Sleeping; #endif #else ULONG ThreadStartCount[2]; #endif ULONG CcFastReadNoWait; ULONG CcFastReadWait; ULONG CcFastReadNotPossible; ULONG CcCopyReadNoWait; ULONG CcCopyReadWait; ULONG CcCopyReadNoWaitMiss; #if (NTDDI_VERSION < NTDDI_LONGHORN) ULONG KeAlignmentFixupCount; #endif ULONG SpareCounter0; #if (NTDDI_VERSION < NTDDI_LONGHORN) ULONG KeDcacheFlushCount; ULONG KeExceptionDispatchCount; ULONG KeFirstLevelTbFills; ULONG KeFloatingEmulationCount; ULONG KeIcacheFlushCount; ULONG KeSecondLevelTbFills; ULONG KeSystemCalls; #endif volatile ULONG IoReadOperationCount; volatile ULONG IoWriteOperationCount; volatile ULONG IoOtherOperationCount; LARGE_INTEGER IoReadTransferCount; LARGE_INTEGER IoWriteTransferCount; LARGE_INTEGER IoOtherTransferCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CcFastMdlReadNoWait; ULONG CcFastMdlReadWait; ULONG CcFastMdlReadNotPossible; ULONG CcMapDataNoWait; ULONG CcMapDataWait; ULONG CcPinMappedDataCount; ULONG CcPinReadNoWait; ULONG CcPinReadWait; ULONG CcMdlReadNoWait; ULONG CcMdlReadWait; ULONG CcLazyWriteHotSpots; ULONG CcLazyWriteIos; ULONG CcLazyWritePages; ULONG CcDataFlushes; ULONG CcDataPages; ULONG CcLostDelayedWrites; ULONG CcFastReadResourceMiss; ULONG CcCopyReadWaitMiss; ULONG CcFastMdlReadResourceMiss; ULONG CcMapDataNoWaitMiss; ULONG CcMapDataWaitMiss; ULONG CcPinReadNoWaitMiss; ULONG CcPinReadWaitMiss; ULONG CcMdlReadNoWaitMiss; ULONG CcMdlReadWaitMiss; ULONG CcReadAheadIos; ULONG KeAlignmentFixupCount; ULONG KeExceptionDispatchCount; ULONG KeSystemCalls; ULONG PrcbPad1[3]; #else ULONG SpareCounter1[8]; #endif PP_LOOKASIDE_LIST PPLookasideList[16]; PP_LOOKASIDE_LIST PPNPagedLookasideList[32]; PP_LOOKASIDE_LIST PPPagedLookasideList[32]; volatile ULONG PacketBarrier; volatile ULONG ReverseStall; PVOID IpiFrame; UCHAR PrcbPad2[52]; volatile PVOID CurrentPacket[3]; volatile ULONG TargetSet; volatile PKIPI_WORKER WorkerRoutine; volatile ULONG IpiFrozen; UCHAR PrcbPad3[40]; volatile ULONG RequestSummary; volatile struct _KPRCB *SignalDone; UCHAR PrcbPad4[56]; struct _KDPC_DATA DpcData[2]; PVOID DpcStack; ULONG MaximumDpcQueueDepth; ULONG DpcRequestRate; ULONG MinimumDpcRate; volatile UCHAR DpcInterruptRequested; volatile UCHAR DpcThreadRequested; volatile UCHAR DpcRoutineActive; volatile UCHAR DpcThreadActive; ULONG PrcbLock; ULONG DpcLastCount; volatile ULONG TimerHand; volatile ULONG TimerRequest; PVOID DpcThread; KEVENT DpcEvent; UCHAR ThreadDpcEnable; volatile BOOLEAN QuantumEnd; UCHAR PrcbPad50; volatile UCHAR IdleSchedule; LONG DpcSetEventRequest; #if (NTDDI_VERSION >= NTDDI_LONGHORN) LONG Sleeping; ULONG PeriodicCount; ULONG PeriodicBias; UCHAR PrcbPad5[6]; #else UCHAR PrcbPad5[18]; #endif LONG TickOffset; KDPC CallDpc; #if (NTDDI_VERSION >= NTDDI_LONGHORN) LONG ClockKeepAlive; UCHAR ClockCheckSlot; UCHAR ClockPollCycle; UCHAR PrcbPad6[2]; LONG DpcWatchdogPeriod; LONG DpcWatchDogCount; LONG ThreadWatchdogPeriod; LONG ThreadWatchDogCount; ULONG PrcbPad70[2]; #else ULONG PrcbPad7[8]; #endif LIST_ENTRY WaitListHead; ULONG ReadySummary; ULONG QueueIndex; #if (NTDDI_VERSION >= NTDDI_LONGHORN) SINGLE_LIST_ENTRY DeferredReadyListHead; ULONGLONG StartCycles; ULONGLONG CycleTime; ULONGLONG PrcbPad71[3]; LIST_ENTRY DispatcherReadyListHead[32]; #else LIST_ENTRY DispatcherReadyListHead[32]; SINGLE_LIST_ENTRY DeferredReadyListHead; ULONG PrcbPad72[11]; #endif PVOID ChainedInterruptList; LONG LookasideIrpFloat; volatile LONG MmPageFaultCount; volatile LONG MmCopyOnWriteCount; volatile LONG MmTransitionCount; volatile LONG MmCacheTransitionCount; volatile LONG MmDemandZeroCount; volatile LONG MmPageReadCount; volatile LONG MmPageReadIoCount; volatile LONG MmCacheReadCount; volatile LONG MmCacheIoCount; volatile LONG MmDirtyPagesWriteCount; volatile LONG MmDirtyWriteIoCount; volatile LONG MmMappedPagesWriteCount; volatile LONG MmMappedWriteIoCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CachedCommit; ULONG CachedResidentAvailable; PVOID HyperPte; UCHAR CpuVendor; UCHAR PrcbPad9[3]; #else ULONG SpareFields0[1]; #endif CHAR VendorString[13]; UCHAR InitialApicId; UCHAR LogicalProcessorsPerPhysicalProcessor; ULONG MHz; ULONG FeatureBits; LARGE_INTEGER UpdateSignature; volatile LARGE_INTEGER IsrTime; LARGE_INTEGER SpareField1; FX_SAVE_AREA NpxSaveArea; PROCESSOR_POWER_STATE PowerState; #if (NTDDI_VERSION >= NTDDI_LONGHORN) KDPC DpcWatchdogDoc; KTIMER DpcWatchdogTimer; PVOID WheaInfo; PVOID EtwSupport; SLIST_HEADER InterruptObjectPool; LARGE_INTEGER HyperCallPagePhysical; LARGE_INTEGER HyperCallPageVirtual; PVOID RateControl; CACHE_DESCRIPTOR Cache[5]; ULONG CacheCount; ULONG CacheProcessorMask[5]; UCHAR LogicalProcessorsPerCore; UCHAR PrcbPad8[3]; ULONG PackageProcessorSet; ULONG CoreProcessorSet; #endif } KPRCB, *PKPRCB; // // Processor Control Region // typedef struct _KIPCR { union { NT_TIB NtTib; struct { struct _EXCEPTION_REGISTRATION_RECORD *Used_ExceptionList; PVOID Used_StackBase; PVOID PerfGlobalGroupMask; PVOID TssCopy; ULONG ContextSwitches; KAFFINITY SetMemberCopy; PVOID Used_Self; }; }; struct _KPCR *Self; struct _KPRCB *Prcb; KIRQL Irql; ULONG IRR; ULONG IrrActive; ULONG IDR; PVOID KdVersionBlock; PKIDTENTRY IDT; #ifdef __REACTOS__ PUSHORT GDT; #else PKGDTENTRY GDT; #endif struct _KTSS *TSS; USHORT MajorVersion; USHORT MinorVersion; KAFFINITY SetMember; ULONG StallScaleFactor; UCHAR SparedUnused; UCHAR Number; UCHAR Reserved; UCHAR L2CacheAssociativity; ULONG VdmAlert; ULONG KernelReserved[14]; ULONG SecondLevelCacheSize; ULONG HalReserved[16]; ULONG InterruptMode; UCHAR Spare1; ULONG KernelReserved2[17]; KPRCB PrcbData; } KIPCR, *PKIPCR; #pragma pack(pop) // // TSS Definition // typedef struct _KiIoAccessMap { UCHAR DirectionMap[32]; UCHAR IoMap[8196]; } KIIO_ACCESS_MAP; typedef struct _KTSS { USHORT Backlink; USHORT Reserved0; ULONG Esp0; USHORT Ss0; USHORT Reserved1; ULONG NotUsed1[4]; ULONG CR3; ULONG Eip; ULONG EFlags; ULONG Eax; ULONG Ecx; ULONG Edx; ULONG Ebx; ULONG Esp; ULONG Ebp; ULONG Esi; ULONG Edi; USHORT Es; USHORT Reserved2; USHORT Cs; USHORT Reserved3; USHORT Ss; USHORT Reserved4; USHORT Ds; USHORT Reserved5; USHORT Fs; USHORT Reserved6; USHORT Gs; USHORT Reserved7; USHORT LDT; USHORT Reserved8; USHORT Flags; USHORT IoMapBase; KIIO_ACCESS_MAP IoMaps[1]; UCHAR IntDirectionMap[32]; } KTSS, *PKTSS; // // i386 CPUs don't have exception frames // typedef struct _KEXCEPTION_FRAME KEXCEPTION_FRAME, *PKEXCEPTION_FRAME; #endif #endif ================================================ FILE: ndk/i386/mmtypes.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: mmtypes.h (X86) Abstract: i386 Type definitions for the Memory Manager Author: Alex Ionescu (alex.ionescu@reactos.com) 06-Oct-2004 --*/ #ifndef _I386_MMTYPES_H #define _I386_MMTYPES_H // // Dependencies // // // Page-related Macros // #define PAGE_SIZE 0x1000 #define PAGE_SHIFT 12L #define MM_ALLOCATION_GRANULARITY 0x10000 #define MM_ALLOCATION_GRANULARITY_SHIFT 16L // // Sanity checks for Paging Macros // #ifdef C_ASSERT C_ASSERT(PAGE_SIZE == (1 << PAGE_SHIFT)); C_ASSERT(MM_ALLOCATION_GRANULARITY == (1 << MM_ALLOCATION_GRANULARITY_SHIFT)); C_ASSERT(MM_ALLOCATION_GRANULARITY && !(MM_ALLOCATION_GRANULARITY & (MM_ALLOCATION_GRANULARITY - 1))); C_ASSERT(MM_ALLOCATION_GRANULARITY >= PAGE_SIZE); #endif // // PAE SEG0 Base? // #define KSEG0_BASE_PAE 0xE0000000 // // Page Table Entry Definitions // typedef struct _HARDWARE_PTE_X86 { ULONG Valid:1; ULONG Write:1; ULONG Owner:1; ULONG WriteThrough:1; ULONG CacheDisable:1; ULONG Accessed:1; ULONG Dirty:1; ULONG LargePage:1; ULONG Global:1; ULONG CopyOnWrite:1; ULONG Prototype: 1; ULONG reserved: 1; ULONG PageFrameNumber:20; } HARDWARE_PTE_X86, *PHARDWARE_PTE_X86; typedef struct _MMPTE_SOFTWARE { ULONG Valid:1; ULONG PageFileLow:4; ULONG Protection:5; ULONG Prototype:1; ULONG Transition:1; ULONG PageFileHigh:20; } MMPTE_SOFTWARE; typedef struct _MMPTE_TRANSITION { ULONG Valid:1; ULONG Write:1; ULONG Owner:1; ULONG WriteThrough:1; ULONG CacheDisable:1; ULONG Protection:5; ULONG Prototype:1; ULONG Transition:1; ULONG PageFrameNumber:20; } MMPTE_TRANSITION; typedef struct _MMPTE_PROTOTYPE { ULONG Valid:1; ULONG ProtoAddressLow:7; ULONG ReadOnly:1; ULONG WhichPool:1; ULONG Prototype:1; ULONG ProtoAddressHigh:21; } MMPTE_PROTOTYPE; typedef struct _MMPTE_SUBSECTION { ULONG Valid:1; ULONG SubsectionAddressLow:4; ULONG Protection:5; ULONG Prototype:1; ULONG SubsectionAddressHigh:20; ULONG WhichPool:1; } MMPTE_SUBSECTION; typedef struct _MMPTE_LIST { ULONG Valid:1; ULONG OneEntry:1; ULONG filler0:8; ULONG NextEntry:20; ULONG Prototype:1; ULONG filler1:1; } MMPTE_LIST; #ifndef CONFIG_SMP typedef struct _MMPTE_HARDWARE { ULONG Valid:1; ULONG Write:1; ULONG Owner:1; ULONG WriteThrough:1; ULONG CacheDisable:1; ULONG Accessed:1; ULONG Dirty:1; ULONG LargePage:1; ULONG Global:1; ULONG CopyOnWrite:1; ULONG Prototype:1; ULONG reserved:1; ULONG PageFrameNumber:20; } MMPTE_HARDWARE, *PMMPTE_HARDWARE; #else typedef struct _MMPTE_HARDWARE { ULONG Valid:1; ULONG Writable:1; ULONG Owner:1; ULONG WriteThrough:1; ULONG CacheDisable:1; ULONG Accessed:1; ULONG Dirty:1; ULONG LargePage:1; ULONG Global:1; ULONG CopyOnWrite:1; ULONG Prototype:1; ULONG Write:1; ULONG PageFrameNumber:20; } MMPTE_HARDWARE, *PMMPTE_HARDWARE; #endif // // Use the right PTE structure // #define HARDWARE_PTE HARDWARE_PTE_X86 #define PHARDWARE_PTE PHARDWARE_PTE_X86 #endif ================================================ FILE: ndk/ifssupp.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ifssupp.h Abstract: NDK Support for usage without the IFS. Will be deprecated at WDK Release. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _NTIFS_ #ifndef NTOS_MODE_USER #define _NTIFS_ #define TOKEN_SOURCE_LENGTH 8 typedef enum _TOKEN_TYPE { TokenPrimary = 1, TokenImpersonation } TOKEN_TYPE, *PTOKEN_TYPE; typedef PVOID PRTL_HEAP_PARAMETERS; typedef PVOID PFS_FILTER_CALLBACKS; typedef USHORT SECURITY_DESCRIPTOR_CONTROL, *PSECURITY_DESCRIPTOR_CONTROL; typedef struct _RTL_SPLAY_LINKS { struct _RTL_SPLAY_LINKS *Parent; struct _RTL_SPLAY_LINKS *LeftChild; struct _RTL_SPLAY_LINKS *RightChild; } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; typedef struct _RTL_GENERIC_TABLE RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE; typedef ULONG TABLE_SEARCH_RESULT; #if defined(USE_LPC6432) #define LPC_CLIENT_ID CLIENT_ID64 #define LPC_SIZE_T ULONGLONG #define LPC_PVOID ULONGLONG #define LPC_HANDLE ULONGLONG #else #define LPC_CLIENT_ID CLIENT_ID #define LPC_SIZE_T SIZE_T #define LPC_PVOID PVOID #define LPC_HANDLE HANDLE #endif typedef struct _PORT_MESSAGE { union { struct { CSHORT DataLength; CSHORT TotalLength; } s1; ULONG Length; } u1; union { struct { CSHORT Type; CSHORT DataInfoOffset; } s2; ULONG ZeroInit; } u2; union { LPC_CLIENT_ID ClientId; double DoNotUseThisField; }; ULONG MessageId; union { LPC_SIZE_T ClientViewSize; ULONG CallbackId; }; } PORT_MESSAGE, *PPORT_MESSAGE; typedef struct _PORT_VIEW { ULONG Length; LPC_HANDLE SectionHandle; ULONG SectionOffset; LPC_SIZE_T ViewSize; LPC_PVOID ViewBase; LPC_PVOID ViewRemoteBase; } PORT_VIEW, *PPORT_VIEW; typedef struct _REMOTE_PORT_VIEW { ULONG Length; LPC_SIZE_T ViewSize; LPC_PVOID ViewBase; } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; typedef struct _KAPC_STATE { LIST_ENTRY ApcListHead[2]; struct _KPROCESS *Process; BOOLEAN KernelApcInProgress; BOOLEAN KernelApcPending; BOOLEAN UserApcPending; } KAPC_STATE, *PKAPC_STATE, *RESTRICTED_POINTER PRKAPC_STATE; typedef struct _KQUEUE { DISPATCHER_HEADER Header; LIST_ENTRY EntryListHead; ULONG CurrentCount; ULONG MaximumCount; LIST_ENTRY ThreadListHead; } KQUEUE, *PKQUEUE, *RESTRICTED_POINTER PRKQUEUE; typedef struct _ACE_HEADER { UCHAR AceType; UCHAR AceFlags; USHORT AceSize; } ACE_HEADER, *PACE_HEADER; typedef enum _RTL_GENERIC_COMPARE_RESULTS { GenericLessThan, GenericGreaterThan, GenericEqual } RTL_GENERIC_COMPARE_RESULTS; typedef struct _SID_IDENTIFIER_AUTHORITY { UCHAR Value[6]; } SID_IDENTIFIER_AUTHORITY, *PSID_IDENTIFIER_AUTHORITY; typedef struct _SID_AND_ATTRIBUTES { PSID Sid; ULONG Attributes; } SID_AND_ATTRIBUTES, * PSID_AND_ATTRIBUTES; typedef struct _TOKEN_SOURCE { CHAR SourceName[TOKEN_SOURCE_LENGTH]; LUID SourceIdentifier; } TOKEN_SOURCE, *PTOKEN_SOURCE; typedef struct _TOKEN_CONTROL { LUID TokenId; LUID AuthenticationId; LUID ModifiedId; TOKEN_SOURCE TokenSource; } TOKEN_CONTROL, *PTOKEN_CONTROL; typedef struct _SECURITY_CLIENT_CONTEXT { SECURITY_QUALITY_OF_SERVICE SecurityQos; PACCESS_TOKEN ClientToken; BOOLEAN DirectlyAccessClientToken; BOOLEAN DirectAccessEffectiveOnly; BOOLEAN ServerIsRemote; TOKEN_CONTROL ClientTokenControl; } SECURITY_CLIENT_CONTEXT, *PSECURITY_CLIENT_CONTEXT; typedef struct _SECURITY_DESCRIPTOR_RELATIVE { UCHAR Revision; UCHAR Sbz1; SECURITY_DESCRIPTOR_CONTROL Control; ULONG Owner; ULONG Group; ULONG Sacl; ULONG Dacl; } SECURITY_DESCRIPTOR_RELATIVE, *PISECURITY_DESCRIPTOR_RELATIVE; typedef struct _TOKEN_GROUPS { ULONG GroupCount; SID_AND_ATTRIBUTES Groups[ANYSIZE_ARRAY]; } TOKEN_GROUPS, *PTOKEN_GROUPS; typedef struct _TOKEN_PRIVILEGES { ULONG PrivilegeCount; LUID_AND_ATTRIBUTES Privileges[ANYSIZE_ARRAY]; } TOKEN_PRIVILEGES, *PTOKEN_PRIVILEGES; typedef struct _TOKEN_USER { SID_AND_ATTRIBUTES User; } TOKEN_USER, *PTOKEN_USER; typedef enum _TOKEN_INFORMATION_CLASS { TokenUser = 1, TokenGroups, TokenPrivileges, TokenOwner, TokenPrimaryGroup, TokenDefaultDacl, TokenSource, TokenType, TokenImpersonationLevel, TokenStatistics, TokenRestrictedSids, TokenSessionId, TokenGroupsAndPrivileges, TokenSessionReference, TokenSandBoxInert, TokenAuditPolicy, TokenOrigin, TokenElevationType, TokenLinkedToken, TokenElevation, TokenIsRestricted, TokenAccessInformation, TokenVirtualization, TokenIntegrityLevel, TokenIntegrityLevelDesktop, TokenMandatoryPolicy, MaxTokenInfoClass } TOKEN_INFORMATION_CLASS, *PTOKEN_INFORMATION_CLASS; typedef struct _TOKEN_OWNER { PSID Owner; } TOKEN_OWNER, *PTOKEN_OWNER; typedef struct _TOKEN_PRIMARY_GROUP { PSID PrimaryGroup; } TOKEN_PRIMARY_GROUP, *PTOKEN_PRIMARY_GROUP; typedef struct _TOKEN_DEFAULT_DACL { PACL DefaultDacl; } TOKEN_DEFAULT_DACL, *PTOKEN_DEFAULT_DACL; #endif // !NTOS_MODE_USER #endif // _NTIFS_ ================================================ FILE: ndk/inbvfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: inbvfuncs.h Abstract: Function definitions for the Boot Video Driver. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _INBVFUNCS_H #define _INBVFUNCS_H // // Dependencies // #include #include #ifndef NTOS_MODE_USER // // Ownership Functions // VOID NTAPI InbvAcquireDisplayOwnership( VOID ); BOOLEAN NTAPI InbvCheckDisplayOwnership( VOID ); VOID NTAPI InbvNotifyDisplayOwnershipLost( IN INBV_RESET_DISPLAY_PARAMETERS Callback ); // // Installation Functions // VOID NTAPI InbvEnableBootDriver( IN BOOLEAN Enable ); VOID NTAPI InbvInstallDisplayStringFilter( IN INBV_DISPLAY_STRING_FILTER DisplayFilter ); BOOLEAN NTAPI InbvIsBootDriverInstalled( VOID ); // // Display Functions // BOOLEAN NTAPI InbvDisplayString( IN PCHAR String ); BOOLEAN NTAPI InbvEnableDisplayString( IN BOOLEAN Enable ); BOOLEAN NTAPI InbvResetDisplay( VOID ); VOID NTAPI InbvSetScrollRegion( IN ULONG Left, IN ULONG Top, IN ULONG Width, IN ULONG Height ); VOID NTAPI InbvSetTextColor( IN ULONG Color ); VOID NTAPI InbvSolidColorFill( IN ULONG Left, IN ULONG Top, IN ULONG Width, IN ULONG Height, IN ULONG Color ); VOID NTAPI InbvSetProgressBarSubset( IN ULONG Floor, IN ULONG Ceiling ); #endif #endif ================================================ FILE: ndk/inbvtypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: inbvtypes.h Abstract: Type definitions for the Boot Video Driver. Author: Alex Ionescu (alexi@tinykrnl.org) - Created - 02-Feb-2007 --*/ #ifndef _INBVTYPES_H #define _INBVTYPES_H // // Dependencies // #include #ifndef NTOS_MODE_USER // // Boot Video Display Ownership Status // typedef enum _INBV_DISPLAY_STATE { INBV_DISPLAY_STATE_OWNED, INBV_DISPLAY_STATE_DISABLED, INBV_DISPLAY_STATE_LOST } INBV_DISPLAY_STATE; // // Function Callbacks // typedef BOOLEAN (NTAPI *INBV_RESET_DISPLAY_PARAMETERS)( ULONG Cols, ULONG Rows ); typedef VOID (NTAPI *INBV_DISPLAY_STRING_FILTER)( PCHAR *Str ); #endif #endif ================================================ FILE: ndk/iofuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: iofuncs.h Abstract: Function definitions for the I/O Manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _IOFUNCS_H #define _IOFUNCS_H // // Dependencies // #include #include #ifdef __cplusplus extern "C" { #endif // // I/O Functions // #ifndef NTOS_MODE_USER VOID FASTCALL IoAssignDriveLetters( IN struct _LOADER_PARAMETER_BLOCK *LoaderBlock, IN PSTRING NtDeviceName, OUT PUCHAR NtSystemPath, OUT PSTRING NtSystemPathString ); #endif // // Native calls // NTSYSCALLAPI NTSTATUS NTAPI NtAddBootEntry( IN PBOOT_ENTRY BootEntry, IN ULONG Id ); NTSYSCALLAPI NTSTATUS NTAPI NtAddDriverEntry( IN PEFI_DRIVER_ENTRY BootEntry, IN ULONG Id ); NTSYSCALLAPI NTSTATUS NTAPI NtCancelIoFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG NumberOfConcurrentThreads ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateMailslotFile( OUT PHANDLE MailSlotFileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG MaxMessageSize, IN PLARGE_INTEGER TimeOut ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateNamedPipeFile( OUT PHANDLE NamedPipeFileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN ULONG WriteModeMessage, IN ULONG ReadModeMessage, IN ULONG NonBlocking, IN ULONG MaxInstances, IN ULONG InBufferSize, IN ULONG OutBufferSize, IN PLARGE_INTEGER DefaultTimeOut ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteDriverEntry( IN ULONG Id ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteBootEntry( IN ULONG Id ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteFile( IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtDeviceIoControlFile( IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateBootEntries( IN PVOID Buffer, IN PULONG BufferLength ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateDriverEntries( IN PVOID Buffer, IN PULONG BufferLength ); NTSYSCALLAPI NTSTATUS NTAPI NtFlushBuffersFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSCALLAPI NTSTATUS NTAPI NtFlushWriteBuffer(VOID); NTSYSCALLAPI NTSTATUS NTAPI NtFsControlFile( IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize ); NTSYSCALLAPI NTSTATUS NTAPI NtLoadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSCALLAPI NTSTATUS NTAPI NtLockFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER ByteOffset, IN PLARGE_INTEGER Length, IN ULONG Key, IN BOOLEAN FailImmediatedly, IN BOOLEAN ExclusiveLock ); NTSYSCALLAPI NTSTATUS NTAPI NtModifyBootEntry( IN PBOOT_ENTRY BootEntry ); NTSYSCALLAPI NTSTATUS NTAPI NtModifyDriverEntry( IN PEFI_DRIVER_ENTRY DriverEntry ); NTSYSCALLAPI NTSTATUS NTAPI NtNotifyChangeDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG BufferSize, IN ULONG CompletionFilter, IN BOOLEAN WatchTree ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenIoCompletion( OUT PHANDLE CompetionPort, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation ); NTSTATUS NTAPI NtQueryDriverEntryOrder( IN PULONG Ids, IN PULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryBootEntryOrder( IN PULONG Ids, IN PULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryBootOptions( IN PBOOT_OPTIONS BootOptions, IN PULONG BootOptionsLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass, IN BOOLEAN ReturnSingleEntry, IN PUNICODE_STRING FileName OPTIONAL, IN BOOLEAN RestartScan ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN PVOID EaList OPTIONAL, IN ULONG EaListLength, IN PULONG EaIndex OPTIONAL, IN BOOLEAN RestartScan ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryFullAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryIoCompletion( IN HANDLE IoCompletionHandle, IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, OUT PVOID IoCompletionInformation, IN ULONG IoCompletionInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN PVOID SidList OPTIONAL, IN ULONG SidListLength, IN PSID StartSid OPTIONAL, IN BOOLEAN RestartScan ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FsInformation, IN ULONG Length, IN FS_INFORMATION_CLASS FsInformationClass ); NTSYSCALLAPI NTSTATUS NTAPI NtReadFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG BufferLength, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtReadFileScatter( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK UserIoStatusBlock, IN FILE_SEGMENT_ELEMENT BufferDescription[], IN ULONG BufferLength, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtRemoveIoCompletion( IN HANDLE IoCompletionHandle, OUT PVOID *CompletionKey, OUT PVOID *CompletionContext, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetBootEntryOrder( IN PULONG Ids, IN PULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtSetBootOptions( IN PBOOT_OPTIONS BootOptions, IN ULONG FieldsToChange ); NTSTATUS NTAPI NtSetDriverEntryOrder( IN PULONG Ids, IN PULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtSetEaFile( IN HANDLE FileHandle, IN PIO_STATUS_BLOCK IoStatusBlock, PVOID EaBuffer, ULONG EaBufferSize ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationFile( IN HANDLE FileHandle, IN PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSCALLAPI NTSTATUS NTAPI NtSetIoCompletion( IN HANDLE IoCompletionPortHandle, IN PVOID CompletionKey, IN PVOID CompletionContext, IN NTSTATUS CompletionStatus, IN ULONG CompletionInformation ); NTSYSCALLAPI NTSTATUS NTAPI NtSetQuotaInformationFile( HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG BufferLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FsInformation, IN ULONG Length, IN FS_INFORMATION_CLASS FsInformationClass ); NTSYSCALLAPI NTSTATUS NTAPI NtTranslateFilePath( PFILE_PATH InputFilePath, ULONG OutputType, PFILE_PATH OutputFilePath, ULONG OutputFilePathLength ); NTSYSCALLAPI NTSTATUS NTAPI NtUnloadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSCALLAPI NTSTATUS NTAPI NtUnlockFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER ByteOffset, IN PLARGE_INTEGER Lenght, OUT ULONG Key OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtWriteFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtWriteFileGather( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN FILE_SEGMENT_ELEMENT BufferDescription[], IN ULONG BufferLength, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwAddBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI ZwCancelIoFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI ZwCreateFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength ); NTSYSAPI NTSTATUS NTAPI ZwCreateIoCompletion( OUT PHANDLE IoCompletionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG NumberOfConcurrentThreads ); NTSYSAPI NTSTATUS NTAPI ZwCreateMailslotFile( OUT PHANDLE MailSlotFileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG MaxMessageSize, IN PLARGE_INTEGER TimeOut ); NTSYSAPI NTSTATUS NTAPI ZwCreateNamedPipeFile( OUT PHANDLE NamedPipeFileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN ULONG WriteModeMessage, IN ULONG ReadModeMessage, IN ULONG NonBlocking, IN ULONG MaxInstances, IN ULONG InBufferSize, IN ULONG OutBufferSize, IN PLARGE_INTEGER DefaultTimeOut ); NTSYSAPI NTSTATUS NTAPI ZwDeleteBootEntry( IN PUNICODE_STRING EntryName, IN PUNICODE_STRING EntryValue ); NTSYSAPI NTSTATUS NTAPI ZwDeleteFile( IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwDeviceIoControlFile( IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize ); NTSYSAPI NTSTATUS NTAPI ZwFlushBuffersFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock ); NTSYSAPI NTSTATUS NTAPI ZwFlushWriteBuffer(VOID); NTSYSAPI NTSTATUS NTAPI ZwFsControlFile( IN HANDLE DeviceHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer, IN ULONG InputBufferSize, OUT PVOID OutputBuffer, IN ULONG OutputBufferSize ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwLoadDriver( IN PUNICODE_STRING DriverServiceName ); #endif NTSYSAPI NTSTATUS NTAPI ZwLockFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER ByteOffset, IN PLARGE_INTEGER Length, IN ULONG Key, IN BOOLEAN FailImmediatedly, IN BOOLEAN ExclusiveLock ); NTSYSAPI NTSTATUS NTAPI ZwNotifyChangeDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG BufferSize, IN ULONG CompletionFilter, IN BOOLEAN WatchTree ); NTSYSAPI NTSTATUS NTAPI ZwOpenFile( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions ); NTSYSAPI NTSTATUS NTAPI ZwOpenIoCompletion( OUT PHANDLE CompetionPort, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwQueryAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_BASIC_INFORMATION FileInformation ); NTSYSAPI NTSTATUS NTAPI ZwQueryDirectoryFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass, IN BOOLEAN ReturnSingleEntry, IN PUNICODE_STRING FileName OPTIONAL, IN BOOLEAN RestartScan ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwQueryEaFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN PVOID EaList OPTIONAL, IN ULONG EaListLength, IN PULONG EaIndex OPTIONAL, IN BOOLEAN RestartScan ); #endif NTSYSAPI NTSTATUS NTAPI ZwQueryFullAttributesFile( IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PFILE_NETWORK_OPEN_INFORMATION FileInformation ); NTSYSAPI NTSTATUS NTAPI ZwQueryInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSAPI NTSTATUS NTAPI ZwQueryIoCompletion( IN HANDLE IoCompletionHandle, IN IO_COMPLETION_INFORMATION_CLASS IoCompletionInformationClass, OUT PVOID IoCompletionInformation, IN ULONG IoCompletionInformationLength, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwQueryQuotaInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG Length, IN BOOLEAN ReturnSingleEntry, IN PVOID SidList OPTIONAL, IN ULONG SidListLength, IN PSID StartSid OPTIONAL, IN BOOLEAN RestartScan ); NTSYSAPI NTSTATUS NTAPI ZwQueryVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID FsInformation, IN ULONG Length, IN FS_INFORMATION_CLASS FsInformationClass ); NTSYSAPI NTSTATUS NTAPI ZwReadFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, OUT PVOID Buffer, IN ULONG BufferLength, IN PLARGE_INTEGER ByteOffset OPTIONAL, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwReadFileScatter( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE UserApcRoutine OPTIONAL, IN PVOID UserApcContext OPTIONAL, OUT PIO_STATUS_BLOCK UserIoStatusBlock, IN FILE_SEGMENT_ELEMENT BufferDescription[], IN ULONG BufferLength, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwRemoveIoCompletion( IN HANDLE IoCompletionHandle, OUT PVOID *CompletionKey, OUT PVOID *CompletionContext, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER Timeout OPTIONAL ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI ZwSetEaFile( IN HANDLE FileHandle, IN PIO_STATUS_BLOCK IoStatusBlock, PVOID EaBuffer, ULONG EaBufferSize ); #endif NTSYSAPI NTSTATUS NTAPI ZwSetInformationFile( IN HANDLE FileHandle, IN PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FileInformation, IN ULONG Length, IN FILE_INFORMATION_CLASS FileInformationClass ); NTSYSAPI NTSTATUS NTAPI ZwSetIoCompletion( IN HANDLE IoCompletionPortHandle, IN PVOID CompletionKey, IN PVOID CompletionContext, IN NTSTATUS CompletionStatus, IN ULONG CompletionInformation ); NTSYSAPI NTSTATUS NTAPI ZwSetQuotaInformationFile( HANDLE FileHandle, PIO_STATUS_BLOCK IoStatusBlock, PVOID Buffer, ULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI ZwSetVolumeInformationFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID FsInformation, IN ULONG Length, IN FS_INFORMATION_CLASS FsInformationClass ); NTSYSAPI NTSTATUS NTAPI ZwUnloadDriver( IN PUNICODE_STRING DriverServiceName ); NTSYSAPI NTSTATUS NTAPI ZwUnlockFile( IN HANDLE FileHandle, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER ByteOffset, IN PLARGE_INTEGER Lenght, OUT ULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwWriteFile( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PVOID Buffer, IN ULONG Length, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwWriteFileGather( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN FILE_SEGMENT_ELEMENT BufferDescription[], IN ULONG BufferLength, IN PLARGE_INTEGER ByteOffset, IN PULONG Key OPTIONAL ); #ifdef __cplusplus } #endif #endif ================================================ FILE: ndk/iotypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: iotypes.h Abstract: Type definitions for the I/O Manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _IOTYPES_H #define _IOTYPES_H // // Dependencies // #include #include // // I/O Completion Access Rights // #define IO_COMPLETION_QUERY_STATE 0x0001 #ifndef NTOS_MODE_USER #define IO_COMPLETION_MODIFY_STATE 0x0002 #define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ SYNCHRONIZE | \ 0x3) // // Kernel Exported Object Types // extern POBJECT_TYPE NTSYSAPI IoAdapterObjectType; extern POBJECT_TYPE NTSYSAPI IoDeviceHandlerObjectType; extern POBJECT_TYPE NTSYSAPI IoDeviceObjectType; extern POBJECT_TYPE NTSYSAPI IoDriverObjectType; #else // // Symbolic Link Access Rights // #define SYMBOLIC_LINK_QUERY 0x0001 #define SYMBOLIC_LINK_ALL_ACCESS STANDARD_RIGHTS_REQUIRED | 0x0001 #endif // // NtCreateFile Result Flags // #define FILE_SUPERSEDED 0x00000000 #define FILE_OPENED 0x00000001 #define FILE_CREATED 0x00000002 #define FILE_OVERWRITTEN 0x00000003 #define FILE_EXISTS 0x00000004 #define FILE_DOES_NOT_EXIST 0x00000005 // // Pipe Flags // #define FILE_PIPE_BYTE_STREAM_TYPE 0x00000000 #define FILE_PIPE_MESSAGE_TYPE 0x00000001 #define FILE_PIPE_BYTE_STREAM_MODE 0x00000000 #define FILE_PIPE_MESSAGE_MODE 0x00000001 #define FILE_PIPE_QUEUE_OPERATION 0x00000000 #define FILE_PIPE_COMPLETE_OPERATION 0x00000001 #define FILE_PIPE_INBOUND 0x00000000 #define FILE_PIPE_OUTBOUND 0x00000001 #define FILE_PIPE_FULL_DUPLEX 0x00000002 #define FILE_PIPE_CLIENT_END 0x00000000 #define FILE_PIPE_SERVER_END 0x00000001 // // NtCreateFile Attributes // #define FILE_ATTRIBUTE_VALID_FLAGS 0x00007fb7 #define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x000031a7 // // NtCreateFile OpenType Flags // #define FILE_SUPERSEDE 0x00000000 #define FILE_OPEN 0x00000001 #define FILE_CREATE 0x00000002 #define FILE_OPEN_IF 0x00000003 #define FILE_OVERWRITE 0x00000004 #define FILE_OVERWRITE_IF 0x00000005 #define FILE_MAXIMUM_DISPOSITION 0x00000005 // // NtCreateFile Flags // #define FILE_DIRECTORY_FILE 0x00000001 #define FILE_WRITE_THROUGH 0x00000002 #define FILE_SEQUENTIAL_ONLY 0x00000004 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 #define FILE_NON_DIRECTORY_FILE 0x00000040 #define FILE_CREATE_TREE_CONNECTION 0x00000080 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 #define FILE_NO_EA_KNOWLEDGE 0x00000200 #define FILE_OPEN_FOR_RECOVERY 0x00000400 #define FILE_RANDOM_ACCESS 0x00000800 #define FILE_DELETE_ON_CLOSE 0x00001000 #define FILE_OPEN_BY_FILE_ID 0x00002000 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 #define FILE_NO_COMPRESSION 0x00008000 #define FILE_RESERVE_OPFILTER 0x00100000 #define FILE_OPEN_REPARSE_POINT 0x00200000 #define FILE_OPEN_NO_RECALL 0x00400000 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 // // Device Charactertics // #define FILE_REMOVABLE_MEDIA 0x00000001 #define FILE_REMOTE_DEVICE 0x00000010 // // File Object Flags // #define FO_FILE_OBJECT_HAS_EXTENSION 0x00800000 // // Device Object Extension Flags // #define DOE_UNLOAD_PENDING 0x1 #define DOE_DELETE_PENDING 0x2 #define DOE_REMOVE_PENDING 0x4 #define DOE_REMOVE_PROCESSED 0x8 #define DOE_START_PENDING 0x10 // // Device Object StartIo Flags // #define DOE_SIO_NO_KEY 0x20 #define DOE_SIO_WITH_KEY 0x40 #define DOE_SIO_CANCELABLE 0x80 #define DOE_SIO_DEFERRED 0x100 #define DOE_SIO_NO_CANCEL 0x200 // // Device Node Flags // #define DNF_PROCESSED 0x00000001 #define DNF_STARTED 0x00000002 #define DNF_START_FAILED 0x00000004 #define DNF_ENUMERATED 0x00000008 #define DNF_DELETED 0x00000010 #define DNF_MADEUP 0x00000020 #define DNF_START_REQUEST_PENDING 0x00000040 #define DNF_NO_RESOURCE_REQUIRED 0x00000080 #define DNF_INSUFFICIENT_RESOURCES 0x00000100 #define DNF_RESOURCE_ASSIGNED 0x00000200 #define DNF_RESOURCE_REPORTED 0x00000400 #define DNF_HAL_NODE 0x00000800 // ??? #define DNF_ADDED 0x00001000 #define DNF_ADD_FAILED 0x00002000 #define DNF_LEGACY_DRIVER 0x00004000 #define DNF_STOPPED 0x00008000 #define DNF_WILL_BE_REMOVED 0x00010000 #define DNF_NEED_TO_ENUM 0x00020000 #define DNF_NOT_CONFIGURED 0x00040000 #define DNF_REINSTALL 0x00080000 #define DNF_RESOURCE_REQUIREMENTS_NEED_FILTERED 0x00100000 // ??? #define DNF_DISABLED 0x00200000 #define DNF_RESTART_OK 0x00400000 #define DNF_NEED_RESTART 0x00800000 #define DNF_VISITED 0x01000000 #define DNF_ASSIGNING_RESOURCES 0x02000000 #define DNF_BEEING_ENUMERATED 0x04000000 #define DNF_NEED_ENUMERATION_ONLY 0x08000000 #define DNF_LOCKED 0x10000000 #define DNF_HAS_BOOT_CONFIG 0x20000000 #define DNF_BOOT_CONFIG_RESERVED 0x40000000 #define DNF_HAS_PROBLEM 0x80000000 // ??? // // Device Node User Flags // #define DNUF_DONT_SHOW_IN_UI 0x0002 #define DNUF_NOT_DISABLEABLE 0x0008 // // Internal Option Flags // #define IO_ATTACH_DEVICE_API 0x80000000 // // Undocumented WMI Registration Flags // #define WMIREG_FLAG_TRACE_PROVIDER 0x00010000 #define WMIREG_FLAG_TRACE_NOTIFY_MASK 0x00F00000 #define WMIREG_NOTIFY_DISK_IO 0x00100000 #define WMIREG_NOTIFY_TDI_IO 0x00200000 // // I/O Completion Information Class for NtQueryIoCompletionInformation // typedef enum _IO_COMPLETION_INFORMATION_CLASS { IoCompletionBasicInformation } IO_COMPLETION_INFORMATION_CLASS; #ifdef NTOS_MODE_USER // // Hardware Interface Type // typedef enum _INTERFACE_TYPE { InterfaceTypeUndefined = -1, Internal, Isa, Eisa, MicroChannel, TurboChannel, PCIBus, VMEBus, NuBus, PCMCIABus, CBus, MPIBus, MPSABus, ProcessorInternal, InternalPowerBus, PNPISABus, PNPBus, MaximumInterfaceType }INTERFACE_TYPE, *PINTERFACE_TYPE; typedef enum _BUS_DATA_TYPE { ConfigurationSpaceUndefined = -1, Cmos, EisaConfiguration, Pos, CbusConfiguration, PCIConfiguration, VMEConfiguration, NuBusConfiguration, PCMCIAConfiguration, MPIConfiguration, MPSAConfiguration, PNPISAConfiguration, SgiInternalConfiguration, MaximumBusDataType } BUS_DATA_TYPE, *PBUS_DATA_TYPE; // // File Information Classes for NtQueryInformationFile // typedef enum _FILE_INFORMATION_CLASS { FileDirectoryInformation = 1, FileFullDirectoryInformation, FileBothDirectoryInformation, FileBasicInformation, FileStandardInformation, FileInternalInformation, FileEaInformation, FileAccessInformation, FileNameInformation, FileRenameInformation, FileLinkInformation, FileNamesInformation, FileDispositionInformation, FilePositionInformation, FileFullEaInformation, FileModeInformation, FileAlignmentInformation, FileAllInformation, FileAllocationInformation, FileEndOfFileInformation, FileAlternateNameInformation, FileStreamInformation, FilePipeInformation, FilePipeLocalInformation, FilePipeRemoteInformation, FileMailslotQueryInformation, FileMailslotSetInformation, FileCompressionInformation, FileObjectIdInformation, FileCompletionInformation, FileMoveClusterInformation, FileQuotaInformation, FileReparsePointInformation, FileNetworkOpenInformation, FileAttributeTagInformation, FileTrackingInformation, FileIdBothDirectoryInformation, FileIdFullDirectoryInformation, FileValidDataLengthInformation, FileShortNameInformation, FileIoCompletionNotificationInformation, FileIoStatusBlockRangeInformation, FileIoPriorityHintInformation, FileSfioReserveInformation, FileSfioVolumeInformation, FileHardLinkInformation, FileProcessIdsUsingFileInformation, FileNormalizedNameInformation, FileNetworkPhysicalNameInformation, FileIdGlobalTxDirectoryInformation, FileMaximumInformation } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; // // File Information Classes for NtQueryInformationFileSystem // typedef enum _FSINFOCLASS { FileFsVolumeInformation = 1, FileFsLabelInformation, FileFsSizeInformation, FileFsDeviceInformation, FileFsAttributeInformation, FileFsControlInformation, FileFsFullSizeInformation, FileFsObjectIdInformation, FileFsDriverPathInformation, FileFsMaximumInformation } FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS; #endif // // Device Node States // typedef enum _PNP_DEVNODE_STATE { DeviceNodeUnspecified = 0x300, DeviceNodeUninitialized = 0x301, DeviceNodeInitialized = 0x302, DeviceNodeDriversAdded = 0x303, DeviceNodeResourcesAssigned = 0x304, DeviceNodeStartPending = 0x305, DeviceNodeStartCompletion = 0x306, DeviceNodeStartPostWork = 0x307, DeviceNodeStarted = 0x308, DeviceNodeQueryStopped = 0x309, DeviceNodeStopped = 0x30a, DeviceNodeRestartCompletion = 0x30b, DeviceNodeEnumeratePending = 0x30c, DeviceNodeEnumerateCompletion = 0x30d, DeviceNodeAwaitingQueuedDeletion = 0x30e, DeviceNodeAwaitingQueuedRemoval = 0x30f, DeviceNodeQueryRemoved = 0x310, DeviceNodeRemovePendingCloses = 0x311, DeviceNodeRemoved = 0x312, DeviceNodeDeletePendingCloses = 0x313, DeviceNodeDeleted = 0x314, MaxDeviceNodeState = 0x315, } PNP_DEVNODE_STATE; #ifdef NTOS_MODE_USER // // I/O Status Block // typedef struct _IO_STATUS_BLOCK { union { NTSTATUS Status; PVOID Pointer; }; ULONG_PTR Information; } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; // // File Information structures for NtQueryInformationFile // typedef struct _FILE_BASIC_INFORMATION { LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; ULONG FileAttributes; } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; typedef struct _FILE_STANDARD_INFORMATION { LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG NumberOfLinks; BOOLEAN DeletePending; BOOLEAN Directory; } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION; typedef struct _FILE_STREAM_INFORMATION { ULONG NextEntryOffset; ULONG StreamNameLength; LARGE_INTEGER StreamSize; LARGE_INTEGER StreamAllocationSize; WCHAR StreamName[1]; } FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION; typedef struct _FILE_NETWORK_OPEN_INFORMATION { LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER AllocationSize; LARGE_INTEGER EndOfFile; ULONG FileAttributes; } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; typedef struct _FILE_EA_INFORMATION { ULONG EaSize; } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION; typedef struct _FILE_COMPRESSION_INFORMATION { LARGE_INTEGER CompressedFileSize; USHORT CompressionFormat; UCHAR CompressionUnitShift; UCHAR ChunkShift; UCHAR ClusterShift; UCHAR Reserved[3]; } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION; typedef struct _FILE_POSITION_INFORMATION { LARGE_INTEGER CurrentByteOffset; } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION; typedef struct _FILE_DISPOSITION_INFORMATION { BOOLEAN DeleteFile; } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION; typedef struct _FILE_FULL_EA_INFORMATION { ULONG NextEntryOffset; UCHAR Flags; UCHAR EaNameLength; USHORT EaValueLength; CHAR EaName[1]; } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION; typedef struct _FILE_QUOTA_INFORMATION { ULONG NextEntryOffset; ULONG SidLength; LARGE_INTEGER ChangeTime; LARGE_INTEGER QuotaUsed; LARGE_INTEGER QuotaThreshold; LARGE_INTEGER QuotaLimit; SID Sid; } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION; typedef struct _FILE_INTERNAL_INFORMATION { LARGE_INTEGER IndexNumber; } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION; typedef struct _FILE_RENAME_INFORMATION { BOOLEAN ReplaceIfExists; HANDLE RootDirectory; ULONG FileNameLength; WCHAR FileName[1]; } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; typedef struct _FILE_PIPE_INFORMATION { ULONG ReadMode; ULONG CompletionMode; } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION; typedef struct _FILE_PIPE_LOCAL_INFORMATION { ULONG NamedPipeType; ULONG NamedPipeConfiguration; ULONG MaximumInstances; ULONG CurrentInstances; ULONG InboundQuota; ULONG ReadDataAvailable; ULONG OutboundQuota; ULONG WriteQuotaAvailable; ULONG NamedPipeState; ULONG NamedPipeEnd; } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION; typedef struct _FILE_PIPE_REMOTE_INFORMATION { LARGE_INTEGER CollectDataTime; ULONG MaximumCollectionCount; } FILE_PIPE_REMOTE_INFORMATION, *PFILE_PIPE_REMOTE_INFORMATION; typedef struct _FILE_MAILSLOT_QUERY_INFORMATION { ULONG MaximumMessageSize; ULONG MailslotQuota; ULONG NextMessageSize; ULONG MessagesAvailable; LARGE_INTEGER ReadTimeout; } FILE_MAILSLOT_QUERY_INFORMATION, *PFILE_MAILSLOT_QUERY_INFORMATION; typedef struct _FILE_MAILSLOT_SET_INFORMATION { PLARGE_INTEGER ReadTimeout; } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION; typedef struct _FILE_BOTH_DIR_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; ULONG EaSize; CCHAR ShortNameLength; WCHAR ShortName[12]; WCHAR FileName[1]; } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION; typedef struct _FILE_COMPLETION_INFORMATION { HANDLE Port; PVOID Key; } FILE_COMPLETION_INFORMATION, *PFILE_COMPLETION_INFORMATION; typedef struct _FILE_LINK_INFORMATION { BOOLEAN ReplaceIfExists; HANDLE RootDirectory; ULONG FileNameLength; WCHAR FileName[1]; } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION; typedef struct _FILE_NAME_INFORMATION { ULONG FileNameLength; WCHAR FileName[1]; } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION; typedef struct _FILE_ALLOCATION_INFORMATION { LARGE_INTEGER AllocationSize; } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION; typedef struct _FILE_END_OF_FILE_INFORMATION { LARGE_INTEGER EndOfFile; } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION; typedef struct _FILE_VALID_DATA_LENGTH_INFORMATION { LARGE_INTEGER ValidDataLength; } FILE_VALID_DATA_LENGTH_INFORMATION, *PFILE_VALID_DATA_LENGTH_INFORMATION; typedef struct _FILE_DIRECTORY_INFORMATION { ULONG NextEntryOffset; ULONG FileIndex; LARGE_INTEGER CreationTime; LARGE_INTEGER LastAccessTime; LARGE_INTEGER LastWriteTime; LARGE_INTEGER ChangeTime; LARGE_INTEGER EndOfFile; LARGE_INTEGER AllocationSize; ULONG FileAttributes; ULONG FileNameLength; WCHAR FileName[1]; } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION; typedef struct _FILE_IO_COMPLETION_INFORMATION { PVOID KeyContext; PVOID ApcContext; IO_STATUS_BLOCK IoStatusBlock; } FILE_IO_COMPLETION_INFORMATION, *PFILE_IO_COMPLETION_INFORMATION; // // File System Information structures for NtQueryInformationFile // typedef struct _FILE_FS_DEVICE_INFORMATION { DEVICE_TYPE DeviceType; ULONG Characteristics; } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION; typedef struct _FILE_FS_ATTRIBUTE_INFORMATION { ULONG FileSystemAttributes; ULONG MaximumComponentNameLength; ULONG FileSystemNameLength; WCHAR FileSystemName[1]; } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION; typedef struct _FILE_FS_SIZE_INFORMATION { LARGE_INTEGER TotalAllocationUnits; LARGE_INTEGER AvailableAllocationUnits; ULONG SectorsPerAllocationUnit; ULONG BytesPerSector; } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION; typedef struct _FILE_FS_FULL_SIZE_INFORMATION { LARGE_INTEGER TotalAllocationUnits; LARGE_INTEGER CallerAvailableAllocationUnits; LARGE_INTEGER ActualAvailableAllocationUnits; ULONG SectorsPerAllocationUnit; ULONG BytesPerSector; } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION; typedef struct _FILE_FS_LABEL_INFORMATION { ULONG VolumeLabelLength; WCHAR VolumeLabel[1]; } FILE_FS_LABEL_INFORMATION, *PFILE_FS_LABEL_INFORMATION; typedef struct _FILE_FS_VOLUME_INFORMATION { LARGE_INTEGER VolumeCreationTime; ULONG VolumeSerialNumber; ULONG VolumeLabelLength; BOOLEAN SupportsObjects; WCHAR VolumeLabel[1]; } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION; // // Pipe Structures for IOCTL_PIPE_XXX // typedef struct _FILE_PIPE_WAIT_FOR_BUFFER { LARGE_INTEGER Timeout; ULONG NameLength; BOOLEAN TimeoutSpecified; WCHAR Name[1]; } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER; typedef struct _FILE_PIPE_PEEK_BUFFER { ULONG NamedPipeState; ULONG ReadDataAvailable; ULONG NumberOfMessages; ULONG MessageLength; CHAR Data[1]; } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER; // // I/O Error Log Structures // typedef struct _IO_ERROR_LOG_PACKET { UCHAR MajorFunctionCode; UCHAR RetryCount; USHORT DumpDataSize; USHORT NumberOfStrings; USHORT StringOffset; USHORT EventCategory; NTSTATUS ErrorCode; ULONG UniqueErrorValue; NTSTATUS FinalStatus; ULONG SequenceNumber; ULONG IoControlCode; LARGE_INTEGER DeviceOffset; ULONG DumpData[1]; }IO_ERROR_LOG_PACKET, *PIO_ERROR_LOG_PACKET; typedef struct _IO_ERROR_LOG_MESSAGE { USHORT Type; USHORT Size; USHORT DriverNameLength; LARGE_INTEGER TimeStamp; ULONG DriverNameOffset; IO_ERROR_LOG_PACKET EntryData; } IO_ERROR_LOG_MESSAGE, *PIO_ERROR_LOG_MESSAGE; #endif // // I/O Completion Information structures // typedef struct _IO_COMPLETION_BASIC_INFORMATION { LONG Depth; } IO_COMPLETION_BASIC_INFORMATION, *PIO_COMPLETION_BASIC_INFORMATION; // // Parameters for NtCreateMailslotFile/NtCreateNamedPipeFile // typedef struct _MAILSLOT_CREATE_PARAMETERS { ULONG MailslotQuota; ULONG MaximumMessageSize; LARGE_INTEGER ReadTimeout; BOOLEAN TimeoutSpecified; } MAILSLOT_CREATE_PARAMETERS, *PMAILSLOT_CREATE_PARAMETERS; typedef struct _NAMED_PIPE_CREATE_PARAMETERS { ULONG NamedPipeType; ULONG ReadMode; ULONG CompletionMode; ULONG MaximumInstances; ULONG InboundQuota; ULONG OutboundQuota; LARGE_INTEGER DefaultTimeout; BOOLEAN TimeoutSpecified; } NAMED_PIPE_CREATE_PARAMETERS, *PNAMED_PIPE_CREATE_PARAMETERS; #ifndef NTOS_MODE_USER // // I/O Timer Object // typedef struct _IO_TIMER { USHORT Type; USHORT TimerEnabled; LIST_ENTRY IoTimerList; PIO_TIMER_ROUTINE TimerRoutine; PVOID Context; PDEVICE_OBJECT DeviceObject; } IO_TIMER, *PIO_TIMER; // // Driver Extension // typedef struct _IO_CLIENT_EXTENSION { struct _IO_CLIENT_EXTENSION *NextExtension; PVOID ClientIdentificationAddress; } IO_CLIENT_EXTENSION, *PIO_CLIENT_EXTENSION; // // Device Node // typedef struct _DEVICE_NODE { struct _DEVICE_NODE *Parent; struct _DEVICE_NODE *PrevSibling; struct _DEVICE_NODE *NextSibling; struct _DEVICE_NODE *Child; ULONG Level; struct _PO_DEVICE_NOTIFY *Notify; PNP_DEVNODE_STATE State; PNP_DEVNODE_STATE PreviousState; PNP_DEVNODE_STATE StateHistory[20]; ULONG StateHistoryEntry; INT CompletionStatus; PIRP PendingIrp; ULONG Flags; ULONG UserFlags; ULONG Problem; PDEVICE_OBJECT PhysicalDeviceObject; PCM_RESOURCE_LIST ResourceList; PCM_RESOURCE_LIST ResourceListTranslated; UNICODE_STRING InstancePath; UNICODE_STRING ServiceName; PDEVICE_OBJECT DuplicatePDO; PIO_RESOURCE_REQUIREMENTS_LIST ResourceRequirements; INTERFACE_TYPE InterfaceType; ULONG BusNumber; INTERFACE_TYPE ChildInterfaceType; ULONG ChildBusNumber; USHORT ChildBusTypeIndex; UCHAR RemovalPolicy; UCHAR HardwareRemovalPolicy; LIST_ENTRY TargetDeviceNotify; LIST_ENTRY DeviceArbiterList; LIST_ENTRY DeviceTranslatorList; USHORT NoTranslatorMask; USHORT QueryTranslatorMask; USHORT NoArbiterMask; USHORT QueryArbiterMask; union { struct _DEVICE_NODE *LegacyDeviceNode; PDEVICE_RELATIONS PendingDeviceRelations; } OverUsed1; union { struct _DEVICE_NODE *NextResourceDeviceNode; } OverUsed2; PCM_RESOURCE_LIST BootResources; ULONG CapabilityFlags; struct { ULONG DockStatus; LIST_ENTRY ListEntry; WCHAR *SerialNumber; } DockInfo; ULONG DisableableDepends; LIST_ENTRY PendedSetInterfaceState; LIST_ENTRY LegacyBusListEntry; ULONG DriverUnloadRetryCount; struct _DEVICE_NODE *PreviousParent; ULONG DeletedChidren; } DEVICE_NODE, *PDEVICE_NODE; // // Resource Aribtrer Entry // typedef struct _PI_RESOURCE_ARBITER_ENTRY { LIST_ENTRY DeviceArbiterList; UCHAR ResourceType; PARBITER_INTERFACE ArbiterInterface; ULONG Level; LIST_ENTRY ResourceList; LIST_ENTRY BestResourceList; LIST_ENTRY BestConfig; LIST_ENTRY ActiveArbiterList; UCHAR State; UCHAR ResourcesChanged; } PI_RESOURCE_ARBITER_ENTRY, *PPI_RESOURCE_ARBITER_ENTRY; // // Extended Device Object Extension Structure // typedef struct _EXTENDED_DEVOBJ_EXTENSION { CSHORT Type; USHORT Size; PDEVICE_OBJECT DeviceObject; ULONG PowerFlags; struct DEVICE_OBJECT_POWER_EXTENSION *Dope; ULONG ExtensionFlags; struct _DEVICE_NODE *DeviceNode; PDEVICE_OBJECT AttachedTo; LONG StartIoCount; LONG StartIoKey; ULONG StartIoFlags; struct _VPB *Vpb; } EXTENDED_DEVOBJ_EXTENSION, *PEXTENDED_DEVOBJ_EXTENSION; // // Extended Driver Object Extension Structure // typedef struct _EXTENDED_DRIVER_EXTENSION { struct _DRIVER_OBJECT *DriverObject; PDRIVER_ADD_DEVICE AddDevice; ULONG Count; UNICODE_STRING ServiceKeyName; PIO_CLIENT_EXTENSION ClientDriverExtension; PFS_FILTER_CALLBACKS FsFilterCallbacks; } EXTENDED_DRIVER_EXTENSION, *PEXTENDED_DRIVER_EXTENSION; // // Extended I/O Stack Location Structure // #if !defined(_ALPHA_) #include #endif typedef struct _EXTENDED_IO_STACK_LOCATION { UCHAR MajorFunction; UCHAR MinorFunction; UCHAR Flags; UCHAR Control; union { struct { PIO_SECURITY_CONTEXT SecurityContext; ULONG Options; USHORT FileAttributes; USHORT ShareAccess; ULONG EaLength; } Create; struct { PIO_SECURITY_CONTEXT SecurityContext; ULONG Options; USHORT Reserved; USHORT ShareAccess; struct _NAMED_PIPE_CREATE_PARAMETERS *Parameters; } CreatePipe; struct { PIO_SECURITY_CONTEXT SecurityContext; ULONG Options; USHORT Reserved; USHORT ShareAccess; struct _MAILSLOT_CREATE_PARAMETERS *Parameters; } CreateMailslot; struct { ULONG Length; ULONG Key; LARGE_INTEGER ByteOffset; } Read; struct { ULONG Length; ULONG Key; LARGE_INTEGER ByteOffset; } Write; struct { ULONG Length; PUNICODE_STRING FileName; FILE_INFORMATION_CLASS FileInformationClass; ULONG FileIndex; } QueryDirectory; struct { ULONG Length; ULONG CompletionFilter; } NotifyDirectory; struct { ULONG Length; FILE_INFORMATION_CLASS FileInformationClass; } QueryFile; struct { ULONG Length; FILE_INFORMATION_CLASS FileInformationClass; PFILE_OBJECT FileObject; union { struct { BOOLEAN ReplaceIfExists; BOOLEAN AdvanceOnly; }; ULONG ClusterCount; HANDLE DeleteHandle; }; } SetFile; struct { ULONG Length; PVOID EaList; ULONG EaListLength; ULONG EaIndex; } QueryEa; struct { ULONG Length; } SetEa; struct { ULONG Length; FS_INFORMATION_CLASS FsInformationClass; } QueryVolume; struct { ULONG Length; FS_INFORMATION_CLASS FsInformationClass; } SetVolume; struct { ULONG OutputBufferLength; ULONG InputBufferLength; ULONG FsControlCode; PVOID Type3InputBuffer; } FileSystemControl; struct { PLARGE_INTEGER Length; ULONG Key; LARGE_INTEGER ByteOffset; } LockControl; struct { ULONG OutputBufferLength; ULONG InputBufferLength; ULONG IoControlCode; PVOID Type3InputBuffer; } DeviceIoControl; struct { SECURITY_INFORMATION SecurityInformation; ULONG POINTER_ALIGNMENT Length; } QuerySecurity; struct { SECURITY_INFORMATION SecurityInformation; PSECURITY_DESCRIPTOR SecurityDescriptor; } SetSecurity; struct { PVPB Vpb; PDEVICE_OBJECT DeviceObject; } MountVolume; struct { PVPB Vpb; PDEVICE_OBJECT DeviceObject; } VerifyVolume; struct { struct _SCSI_REQUEST_BLOCK *Srb; } Scsi; struct { ULONG Length; PSID StartSid; struct _FILE_GET_QUOTA_INFORMATION *SidList; ULONG SidListLength; } QueryQuota; struct { ULONG Length; } SetQuota; struct { DEVICE_RELATION_TYPE Type; } QueryDeviceRelations; struct { CONST GUID *InterfaceType; USHORT Size; USHORT Version; PINTERFACE Interface; PVOID InterfaceSpecificData; } QueryInterface; struct { PDEVICE_CAPABILITIES Capabilities; } DeviceCapabilities; struct { PIO_RESOURCE_REQUIREMENTS_LIST IoResourceRequirementList; } FilterResourceRequirements; struct { ULONG WhichSpace; PVOID Buffer; ULONG Offset; ULONG Length; } ReadWriteConfig; struct { BOOLEAN Lock; } SetLock; struct { BUS_QUERY_ID_TYPE IdType; } QueryId; struct { DEVICE_TEXT_TYPE DeviceTextType; LCID LocaleId; } QueryDeviceText; struct { BOOLEAN InPath; BOOLEAN Reserved[3]; DEVICE_USAGE_NOTIFICATION_TYPE Type; } UsageNotification; struct { SYSTEM_POWER_STATE PowerState; } WaitWake; struct { PPOWER_SEQUENCE PowerSequence; } PowerSequence; struct { ULONG SystemContext; POWER_STATE_TYPE Type; POWER_STATE State; POWER_ACTION ShutdownType; } Power; struct { PCM_RESOURCE_LIST AllocatedResources; PCM_RESOURCE_LIST AllocatedResourcesTranslated; } StartDevice; struct { ULONG_PTR ProviderId; PVOID DataPath; ULONG BufferSize; PVOID Buffer; } WMI; struct { PVOID Argument1; PVOID Argument2; PVOID Argument3; PVOID Argument4; } Others; } Parameters; PDEVICE_OBJECT DeviceObject; PFILE_OBJECT FileObject; PIO_COMPLETION_ROUTINE CompletionRoutine; PVOID Context; } EXTENDED_IO_STACK_LOCATION, *PEXTENDED_IO_STACK_LOCATION; #if !defined(_ALPHA_) #include #endif #endif // // Firmware Boot File Path // typedef struct _FILE_PATH { ULONG Version; ULONG Length; ULONG Type; CHAR FilePath[1]; } FILE_PATH, *PFILE_PATH; // // Firmware Boot Options // typedef struct _BOOT_OPTIONS { ULONG Version; ULONG Length; ULONG Timeout; ULONG CurrentBootEntryId; ULONG NextBootEntryId; WCHAR HeadlessRedirection[1]; } BOOT_OPTIONS, *PBOOT_OPTIONS; // // Firmware Boot Entry // typedef struct _BOOT_ENTRY { ULONG Version; ULONG Length; ULONG Id; ULONG Attributes; ULONG FriendlyNameOffset; ULONG BootFilePathOffset; ULONG OsOptionsLength; CHAR OsOptions[1]; } BOOT_ENTRY, *PBOOT_ENTRY; // // Firmware Driver Entry // typedef struct _EFI_DRIVER_ENTRY { ULONG Version; ULONG Length; ULONG Id; ULONG Attributes; ULONG FriendlyNameOffset; ULONG DriverFilePathOffset; } EFI_DRIVER_ENTRY, *PEFI_DRIVER_ENTRY; // // APC Callback for NtCreateFile // typedef VOID (NTAPI *PIO_APC_ROUTINE)( IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved); #ifdef NTOS_MODE_USER // // Mailslot IOCTL Codes // #define FSCTL_MAILSLOT_PEEK \ CTL_CODE(FILE_DEVICE_MAILSLOT, 0, METHOD_NEITHER, FILE_READ_DATA) // // Pipe IOCTL Codes // #define FSCTL_PIPE_ASSIGN_EVENT \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 0, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_DISCONNECT \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_LISTEN \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_PEEK \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, METHOD_BUFFERED, FILE_READ_DATA) #define FSCTL_PIPE_QUERY_EVENT \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 4, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_TRANSCEIVE \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 5, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) #define FSCTL_PIPE_WAIT \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_IMPERSONATE \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_SET_CLIENT_PROCESS \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 8, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_QUERY_CLIENT_PROCESS \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 9, METHOD_BUFFERED, FILE_ANY_ACCESS) #define FSCTL_PIPE_INTERNAL_READ \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2045, METHOD_BUFFERED, FILE_READ_DATA) #define FSCTL_PIPE_INTERNAL_WRITE \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2046, METHOD_BUFFERED, FILE_WRITE_DATA) #define FSCTL_PIPE_INTERNAL_TRANSCEIVE \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2047, METHOD_NEITHER, FILE_READ_DATA | FILE_WRITE_DATA) #define FSCTL_PIPE_INTERNAL_READ_OVFLOW \ CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2048, METHOD_BUFFERED, FILE_READ_DATA) // // Tape IOCTL Codes // #define IOCTL_TAPE_ERASE \ CTL_CODE(FILE_DEVICE_TAPE, 0, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) #define IOCTL_TAPE_PREPARE \ CTL_CODE(FILE_DEVICE_TAPE, 1, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_WRITE_MARKS \ CTL_CODE(FILE_DEVICE_TAPE, 2, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) #define IOCTL_TAPE_GET_POSITION \ CTL_CODE(FILE_DEVICE_TAPE, 3, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_SET_POSITION \ CTL_CODE(FILE_DEVICE_TAPE, 4, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_GET_DRIVE_PARAMS \ CTL_CODE(FILE_DEVICE_TAPE, 5, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_SET_DRIVE_PARAMS \ CTL_CODE(FILE_DEVICE_TAPE, 6, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) #define IOCTL_TAPE_GET_MEDIA_PARAMS \ CTL_CODE(FILE_DEVICE_TAPE, 7, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_SET_MEDIA_PARAMS \ CTL_CODE(FILE_DEVICE_TAPE, 8, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_GET_STATUS \ CTL_CODE(FILE_DEVICE_TAPE, 9, METHOD_BUFFERED, FILE_READ_ACCESS) #define IOCTL_TAPE_CREATE_PARTITION \ CTL_CODE(FILE_DEVICE_TAPE, 10, METHOD_BUFFERED, FILE_READ_ACCESS | FILE_WRITE_ACCESS) #endif // NTOS_MODE_USER #endif ================================================ FILE: ndk/kdfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: kdfuncs.h Abstract: Function definitions for the Kernel Debugger. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _KDFUNCS_H #define _KDFUNCS_H // // Dependencies // #include #include #ifndef NTOS_MODE_USER // // Debugger API // NTSTATUS NTAPI KdSystemDebugControl( SYSDBG_COMMAND Command, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnLength, KPROCESSOR_MODE PreviousMode ); BOOLEAN NTAPI KdPollBreakIn( VOID ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtQueryDebugFilterState( ULONG ComponentId, ULONG Level ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDebugFilterState( ULONG ComponentId, ULONG Level, BOOLEAN State ); NTSYSCALLAPI NTSTATUS NTAPI NtSystemDebugControl( SYSDBG_COMMAND ControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwQueryDebugFilterState( ULONG ComponentId, ULONG Level ); NTSYSAPI NTSTATUS NTAPI ZwSetDebugFilterState( ULONG ComponentId, ULONG Level, BOOLEAN State ); NTSYSAPI NTSTATUS NTAPI ZwSystemDebugControl( SYSDBG_COMMAND ControlCode, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength, PULONG ReturnLength ); #endif ================================================ FILE: ndk/kdtypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: kdtypes.h Abstract: Type definitions for the Kernel Debugger. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _KDTYPES_H #define _KDTYPES_H // // Dependencies // #include // // Debug Filter Levels // #define DPFLTR_ERROR_LEVEL 0 #define DPFLTR_WARNING_LEVEL 1 #define DPFLTR_TRACE_LEVEL 2 #define DPFLTR_INFO_LEVEL 3 #define DPFLTR_MASK 0x80000000 // // Debug Status Codes // #define DBG_STATUS_CONTROL_C 1 #define DBG_STATUS_SYSRQ 2 #define DBG_STATUS_BUGCHECK_FIRST 3 #define DBG_STATUS_BUGCHECK_SECOND 4 #define DBG_STATUS_FATAL 5 #define DBG_STATUS_DEBUG_CONTROL 6 #define DBG_STATUS_WORKER 7 // // DebugService Control Types // #define BREAKPOINT_BREAK 0 #define BREAKPOINT_PRINT 1 #define BREAKPOINT_PROMPT 2 #define BREAKPOINT_LOAD_SYMBOLS 3 #define BREAKPOINT_UNLOAD_SYMBOLS 4 #define BREAKPOINT_COMMAND_STRING 5 // // Debug Control Codes for NtSystemDebugcontrol // typedef enum _SYSDBG_COMMAND { SysDbgQueryModuleInformation = 0, SysDbgQueryTraceInformation = 1, SysDbgSetTracepoint = 2, SysDbgSetSpecialCall = 3, SysDbgClearSpecialCalls = 4, SysDbgQuerySpecialCalls = 5, SysDbgBreakPoint = 6, SysDbgQueryVersion = 7, SysDbgReadVirtual = 8, SysDbgWriteVirtual = 9, SysDbgReadPhysical = 10, SysDbgWritePhysical = 11, SysDbgReadControlSpace = 12, SysDbgWriteControlSpace = 13, SysDbgReadIoSpace = 14, SysDbgWriteIoSpace = 15, SysDbgReadMsr = 16, SysDbgWriteMsr = 17, SysDbgReadBusData = 18, SysDbgWriteBusData = 19, SysDbgCheckLowMemory = 20, SysDbgEnableKernelDebugger = 21, SysDbgDisableKernelDebugger = 22, SysDbgGetAutoKdEnable = 23, SysDbgSetAutoKdEnable = 24, SysDbgGetPrintBufferSize = 25, SysDbgSetPrintBufferSize = 26, SysDbgGetKdUmExceptionEnable = 27, SysDbgSetKdUmExceptionEnable = 28, SysDbgGetTriageDump = 29, SysDbgGetKdBlockEnable = 30, SysDbgSetKdBlockEnable = 31, SysDbgRegisterForUmBreakInfo = 32, SysDbgGetUmBreakPid = 33, SysDbgClearUmBreakPid = 34, SysDbgGetUmAttachPid = 35, SysDbgClearUmAttachPid = 36, } SYSDBG_COMMAND; // // System Debugger Types // typedef struct _SYSDBG_PHYSICAL { PHYSICAL_ADDRESS Address; PVOID Buffer; ULONG Request; } SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL; typedef struct _SYSDBG_VIRTUAL { PVOID Address; PVOID Buffer; ULONG Request; } SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL; typedef struct _SYSDBG_CONTROL_SPACE { ULONGLONG Address; PVOID Buffer; ULONG Request; ULONG Processor; } SYSDBG_CONTROL_SPACE, *PSYSDBG_CONTROL_SPACE; typedef struct _SYSDBG_IO_SPACE { ULONGLONG Address; PVOID Buffer; ULONG Request; INTERFACE_TYPE InterfaceType; ULONG BusNumber; ULONG AddressSpace; } SYSDBG_IO_SPACE, *PSYSDBG_IO_SPACE; typedef struct _SYSDBG_BUS_DATA { ULONG Address; PVOID Buffer; ULONG Request; BUS_DATA_TYPE BusDataType; ULONG BusNumber; ULONG SlotNumber; } SYSDBG_BUS_DATA, *PSYSDBG_BUS_DATA; typedef struct _SYSDBG_MSR { ULONG Address; ULONGLONG Data; } SYSDBG_MSR, *PSYSDBG_MSR; typedef struct _SYSDBG_TRIAGE_DUMP { ULONG Flags; ULONG BugCheckCode; ULONG_PTR BugCheckParam1; ULONG_PTR BugCheckParam2; ULONG_PTR BugCheckParam3; ULONG_PTR BugCheckParam4; ULONG ProcessHandles; ULONG ThreadHandles; PHANDLE Handles; } SYSDBG_TRIAGE_DUMP, *PSYSDBG_TRIAGE_DUMP; // // KD Structures // typedef struct _KD_SYMBOLS_INFO { PVOID BaseOfDll; ULONG_PTR ProcessId; ULONG CheckSum; ULONG SizeOfImage; } KD_SYMBOLS_INFO, *PKD_SYMBOLS_INFO; #endif // _KDTYPES_H ================================================ FILE: ndk/kefuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: kefuncs.h Abstract: Functions definitions for the Kernel services. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _KEFUNCS_H #define _KEFUNCS_H // // Dependencies // #include #include #ifndef NTOS_MODE_USER // // APC Functions // VOID NTAPI KeInitializeApc( IN PKAPC Apc, IN PKTHREAD Thread, IN KAPC_ENVIRONMENT TargetEnvironment, IN PKKERNEL_ROUTINE KernelRoutine, IN PKRUNDOWN_ROUTINE RundownRoutine OPTIONAL, IN PKNORMAL_ROUTINE NormalRoutine, IN KPROCESSOR_MODE Mode, IN PVOID Context ); BOOLEAN NTAPI KeInsertQueueApc( IN PKAPC Apc, IN PVOID SystemArgument1, IN PVOID SystemArgument2, IN KPRIORITY PriorityBoost ); VOID NTAPI KiDeliverApc( IN KPROCESSOR_MODE PreviousMode, IN PKEXCEPTION_FRAME ExceptionFrame, IN PKTRAP_FRAME TrapFrame ); // // Process/Thread Functions // VOID NTAPI KeTerminateThread( IN KPRIORITY Increment ); BOOLEAN NTAPI KeIsAttachedProcess( VOID ); VOID NTAPI KeSetEventBoostPriority( IN PKEVENT Event, IN PKTHREAD *Thread OPTIONAL ); KAFFINITY NTAPI KeSetAffinityThread( PKTHREAD Thread, KAFFINITY Affinity ); PKPROCESS NTAPI KeGetCurrentProcess( VOID ); BOOLEAN NTAPI KeAddSystemServiceTable( PULONG_PTR Base, PULONG Count OPTIONAL, ULONG Limit, PUCHAR Number, ULONG Index ); // // Spinlock Functions // VOID FASTCALL KiAcquireSpinLock( PKSPIN_LOCK SpinLock ); VOID FASTCALL KiReleaseSpinLock( PKSPIN_LOCK SpinLock ); KIRQL FASTCALL KeAcquireQueuedSpinLockRaiseToSynch( IN KSPIN_LOCK_QUEUE_NUMBER LockNumber ); VOID FASTCALL KeAcquireInStackQueuedSpinLockRaiseToSynch( IN PKSPIN_LOCK SpinLock, IN PKLOCK_QUEUE_HANDLE LockHandle ); // // Interrupt Functions // VOID NTAPI KeInitializeInterrupt( PKINTERRUPT InterruptObject, PKSERVICE_ROUTINE ServiceRoutine, PVOID ServiceContext, PKSPIN_LOCK SpinLock, ULONG Vector, KIRQL Irql, KIRQL SynchronizeIrql, KINTERRUPT_MODE InterruptMode, BOOLEAN ShareVector, CHAR ProcessorNumber, BOOLEAN FloatingSave ); BOOLEAN NTAPI KeConnectInterrupt( PKINTERRUPT InterruptObject ); BOOLEAN NTAPI KeDisconnectInterrupt( PKINTERRUPT InterruptObject ); VOID NTAPI KiDispatchInterrupt( VOID ); VOID NTAPI KiCoprocessorError( VOID ); VOID NTAPI KiUnexpectedInterrupt( VOID ); VOID NTAPI KeEnterKernelDebugger( VOID ); BOOLEAN NTAPI KeIsExecutingDpc( VOID ); BOOLEAN NTAPI KiIpiServiceRoutine( IN PKTRAP_FRAME TrapFrame, IN PVOID ExceptionFrame ); // // ARC Configuration Functions. Only enabled if you have ARC Support // #ifdef _ARC_ PCONFIGURATION_COMPONENT_DATA NTAPI KeFindConfigurationNextEntry( IN PCONFIGURATION_COMPONENT_DATA Child, IN CONFIGURATION_CLASS Class, IN CONFIGURATION_TYPE Type, IN PULONG ComponentKey OPTIONAL, IN PCONFIGURATION_COMPONENT_DATA *NextLink ); PCONFIGURATION_COMPONENT_DATA NTAPI KeFindConfigurationEntry( IN PCONFIGURATION_COMPONENT_DATA Child, IN CONFIGURATION_CLASS Class, IN CONFIGURATION_TYPE Type, IN PULONG ComponentKey OPTIONAL ); #endif // // Low-level Hardware/CPU Control Functions // VOID NTAPI KeFlushEntireTb( IN BOOLEAN Invalid, IN BOOLEAN AllProcessors ); VOID NTAPI KeUpdateSystemTime( PKTRAP_FRAME TrapFrame, KIRQL Irql, ULONG Increment ); VOID NTAPI KeUpdateRunTime( PKTRAP_FRAME TrapFrame, KIRQL Irql ); VOID NTAPI KeSetDmaIoCoherency( IN ULONG Coherency ); VOID KeSetGdtSelector( ULONG Entry, ULONG Value1, ULONG Value2 ); VOID NTAPI KeSetProfileIrql( IN KIRQL ProfileIrql ); VOID NTAPI KeSetTimeIncrement( IN ULONG MaxIncrement, IN ULONG MinIncrement ); NTSTATUS NTAPI Ke386CallBios( IN ULONG BiosCommand, IN OUT PCONTEXT BiosArguments ); // // Misc. Functions // NTSTATUS NTAPI KeUserModeCallback( IN ULONG FunctionID, IN PVOID InputBuffer, IN ULONG InputLength, OUT PVOID *OutputBuffer, OUT PULONG OutputLength ); NTSTATUS NTAPI KeRaiseUserException( IN NTSTATUS ExceptionCode ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtContinue( IN PCONTEXT Context, IN BOOLEAN TestAlert ); NTSYSCALLAPI NTSTATUS NTAPI NtCallbackReturn( PVOID Result, ULONG ResultLength, NTSTATUS Status ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateProfile( OUT PHANDLE ProfileHandle, IN HANDLE ProcessHandle, IN PVOID ImageBase, IN ULONG ImageSize, IN ULONG Granularity, OUT PVOID Buffer, IN ULONG ProfilingSize, IN KPROFILE_SOURCE Source, IN KAFFINITY ProcessorMask ); NTSYSCALLAPI NTSTATUS NTAPI NtDelayExecution( IN BOOLEAN Alertable, IN LARGE_INTEGER *Interval ); NTSYSCALLAPI NTSTATUS NTAPI NtFlushInstructionCache( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN ULONG NumberOfBytesToFlush ); ULONG NTAPI NtGetCurrentProcessorNumber( VOID ); NTSYSCALLAPI NTSTATUS NTAPI NtGetContextThread( IN HANDLE ThreadHandle, OUT PCONTEXT Context ); NTSYSCALLAPI ULONG NTAPI NtGetTickCount( VOID ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryIntervalProfile( IN KPROFILE_SOURCE ProfileSource, OUT PULONG Interval ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryPerformanceCounter( IN PLARGE_INTEGER Counter, IN PLARGE_INTEGER Frequency ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemTime( OUT PLARGE_INTEGER CurrentTime ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryTimerResolution( OUT PULONG MinimumResolution, OUT PULONG MaximumResolution, OUT PULONG ActualResolution ); NTSYSCALLAPI NTSTATUS NTAPI NtQueueApcThread( HANDLE ThreadHandle, PKNORMAL_ROUTINE ApcRoutine, PVOID NormalContext, PVOID SystemArgument1, PVOID SystemArgument2 ); NTSYSCALLAPI NTSTATUS NTAPI NtRaiseException( IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT Context, IN BOOLEAN SearchFrames ); NTSYSCALLAPI NTSTATUS NTAPI NtSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT Context ); NTSYSCALLAPI NTSTATUS NTAPI NtSetIntervalProfile( ULONG Interval, KPROFILE_SOURCE ClockSource ); NTSYSCALLAPI NTSTATUS NTAPI NtSetLdtEntries( ULONG Selector1, LDT_ENTRY LdtEntry1, ULONG Selector2, LDT_ENTRY LdtEntry2 ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemTime( IN PLARGE_INTEGER SystemTime, IN PLARGE_INTEGER NewSystemTime OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetTimerResolution( IN ULONG RequestedResolution, IN BOOLEAN SetOrUnset, OUT PULONG ActualResolution ); NTSYSCALLAPI NTSTATUS NTAPI NtStartProfile( IN HANDLE ProfileHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtStopProfile( IN HANDLE ProfileHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtTestAlert( VOID ); NTSYSCALLAPI NTSTATUS NTAPI NtVdmControl( ULONG ControlCode, PVOID ControlData ); NTSYSCALLAPI NTSTATUS NTAPI NtW32Call( IN ULONG RoutineIndex, IN PVOID Argument, IN ULONG ArgumentLength, OUT PVOID* Result OPTIONAL, OUT PULONG ResultLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtYieldExecution( VOID ); NTSYSAPI NTSTATUS NTAPI ZwContinue( IN PCONTEXT Context, IN BOOLEAN TestAlert ); NTSYSAPI NTSTATUS NTAPI ZwCallbackReturn( PVOID Result, ULONG ResultLength, NTSTATUS Status ); NTSYSAPI NTSTATUS NTAPI ZwCreateProfile( OUT PHANDLE ProfileHandle, IN HANDLE ProcessHandle, IN PVOID ImageBase, IN ULONG ImageSize, IN ULONG Granularity, OUT PVOID Buffer, IN ULONG ProfilingSize, IN KPROFILE_SOURCE Source, IN KAFFINITY ProcessorMask ); NTSYSAPI NTSTATUS NTAPI ZwDelayExecution( IN BOOLEAN Alertable, IN LARGE_INTEGER *Interval ); NTSYSAPI NTSTATUS NTAPI ZwFlushInstructionCache( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN ULONG NumberOfBytesToFlush ); NTSYSAPI NTSTATUS NTAPI ZwGetContextThread( IN HANDLE ThreadHandle, OUT PCONTEXT Context ); NTSYSAPI ULONG NTAPI ZwGetTickCount( VOID ); NTSYSAPI NTSTATUS NTAPI ZwQueryIntervalProfile( IN KPROFILE_SOURCE ProfileSource, OUT PULONG Interval ); NTSYSAPI NTSTATUS NTAPI ZwQueryPerformanceCounter( IN PLARGE_INTEGER Counter, IN PLARGE_INTEGER Frequency ); NTSYSAPI NTSTATUS NTAPI ZwQuerySystemTime( OUT PLARGE_INTEGER CurrentTime ); NTSYSAPI NTSTATUS NTAPI ZwQueryTimerResolution( OUT PULONG MinimumResolution, OUT PULONG MaximumResolution, OUT PULONG ActualResolution ); NTSYSAPI NTSTATUS NTAPI ZwQueueApcThread( HANDLE ThreadHandle, PKNORMAL_ROUTINE ApcRoutine, PVOID NormalContext, PVOID SystemArgument1, PVOID SystemArgument2 ); NTSYSAPI NTSTATUS NTAPI ZwRaiseException( IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT Context, IN BOOLEAN SearchFrames ); NTSYSAPI NTSTATUS NTAPI ZwSetContextThread( IN HANDLE ThreadHandle, IN PCONTEXT Context ); NTSYSAPI NTSTATUS NTAPI ZwSetIntervalProfile( ULONG Interval, KPROFILE_SOURCE ClockSource ); NTSYSAPI NTSTATUS NTAPI ZwSetLdtEntries( ULONG Selector1, LDT_ENTRY LdtEntry1, ULONG Selector2, LDT_ENTRY LdtEntry2 ); NTSYSAPI NTSTATUS NTAPI ZwSetSystemTime( IN PLARGE_INTEGER SystemTime, IN PLARGE_INTEGER NewSystemTime OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwSetTimerResolution( IN ULONG RequestedResolution, IN BOOLEAN SetOrUnset, OUT PULONG ActualResolution ); NTSYSAPI NTSTATUS NTAPI ZwStartProfile( IN HANDLE ProfileHandle ); NTSYSAPI NTSTATUS NTAPI ZwStopProfile( IN HANDLE ProfileHandle ); NTSYSAPI NTSTATUS NTAPI ZwTestAlert( VOID ); NTSYSAPI NTSTATUS NTAPI ZwVdmControl( ULONG ControlCode, PVOID ControlData ); NTSYSAPI NTSTATUS NTAPI ZwW32Call( IN ULONG RoutineIndex, IN PVOID Argument, IN ULONG ArgumentLength, OUT PVOID* Result OPTIONAL, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwYieldExecution( VOID ); #endif ================================================ FILE: ndk/ketypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: lpctypes.h Abstract: Type definitions for the Loader. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _KETYPES_H #define _KETYPES_H // // Dependencies // #include #ifndef NTOS_MODE_USER #include #include #include #endif // // Context Record Flags // #define CONTEXT_DEBUGGER (CONTEXT_FULL | CONTEXT_FLOATING_POINT) // // Maximum System Descriptor Table Entries // #define SSDT_MAX_ENTRIES 2 // // Processor Architectures // #define PROCESSOR_ARCHITECTURE_INTEL 0 // // Object Type Mask for Kernel Dispatcher Objects // #define KOBJECT_TYPE_MASK 0x7F #define KOBJECT_LOCK_BIT 0x80 // // Dispatcher Priority increments // #define THREAD_ALERT_INCREMENT 2 // // User Shared Data in Kernel-Mode // #define KI_USER_SHARED_DATA 0xffdf0000 // // Physical memory offset of KUSER_SHARED_DATA // #define KI_USER_SHARED_DATA_PHYSICAL 0x41000 // // Quantum values and decrements // #define MAX_QUANTUM 0x7F #define WAIT_QUANTUM_DECREMENT 1 #define CLOCK_QUANTUM_DECREMENT 3 // // Kernel Feature Bits // #define KF_V86_VIS 0x00000001 #define KF_RDTSC 0x00000002 #define KF_CR4 0x00000004 #define KF_CMOV 0x00000008 #define KF_GLOBAL_PAGE 0x00000010 #define KF_LARGE_PAGE 0x00000020 #define KF_MTRR 0x00000040 #define KF_CMPXCHG8B 0x00000080 #define KF_MMX 0x00000100 #define KF_WORKING_PTE 0x00000200 #define KF_PAT 0x00000400 #define KF_FXSR 0x00000800 #define KF_FAST_SYSCALL 0x00001000 #define KF_XMMI 0x00002000 #define KF_3DNOW 0x00004000 #define KF_AMDK6MTRR 0x00008000 #define KF_XMMI64 0x00010000 #define KF_DTS 0x00020000 #define KF_NX_BIT 0x20000000 #define KF_NX_DISABLED 0x40000000 #define KF_NX_ENABLED 0x80000000 // // Internal Exception Codes // #define KI_EXCEPTION_INTERNAL 0x10000000 #define KI_EXCEPTION_ACCESS_VIOLATION (KI_EXCEPTION_INTERNAL | 0x04) // // KPCR Access for non-IA64 builds // #define K0IPCR ((ULONG_PTR)(KIP0PCRADDRESS)) #define PCR ((volatile KPCR * const)K0IPCR) #if !defined(CONFIG_SMP) && !defined(NT_BUILD) #define KeGetPcr() PCR #else #define KeGetPcr() ((volatile KPCR * const)__readfsdword(0x1C)) #endif // // Number of dispatch codes supported by KINTERRUPT // #if (NTDDI_VERSION >= NTDDI_LONGHORN) #define KINTERRUPT_DISPATCH_CODES 135 #else #define KINTERRUPT_DISPATCH_CODES 106 #endif #ifdef NTOS_MODE_USER // // KPROCESSOR_MODE Type // typedef CCHAR KPROCESSOR_MODE; // // Dereferencable pointer to KUSER_SHARED_DATA in User-Mode // #define SharedUserData ((KUSER_SHARED_DATA *CONST)USER_SHARED_DATA) // // Maximum WOW64 Entries in KUSER_SHARED_DATA // #define MAX_WOW64_SHARED_ENTRIES 16 // // Maximum Processor Features supported in KUSER_SHARED_DATA // #define PROCESSOR_FEATURE_MAX 64 // // Event Types // typedef enum _EVENT_TYPE { NotificationEvent, SynchronizationEvent } EVENT_TYPE; // // Timer Types // typedef enum _TIMER_TYPE { NotificationTimer, SynchronizationTimer } TIMER_TYPE; // // Wait Types // typedef enum _WAIT_TYPE { WaitAll, WaitAny } WAIT_TYPE; // // Processor Execution Modes // typedef enum _MODE { KernelMode, UserMode, MaximumMode } MODE; // // Wait Reasons // typedef enum _KWAIT_REASON { Executive, FreePage, PageIn, PoolAllocation, DelayExecution, Suspended, UserRequest, WrExecutive, WrFreePage, WrPageIn, WrPoolAllocation, WrDelayExecution, WrSuspended, WrUserRequest, WrEventPair, WrQueue, WrLpcReceive, WrLpcReply, WrVirtualMemory, WrPageOut, WrRendezvous, Spare2, WrGuardedMutex, Spare4, Spare5, Spare6, WrKernel, WrResource, WrPushLock, WrMutex, WrQuantumEnd, WrDispatchInt, WrPreempted, WrYieldExecution, MaximumWaitReason } KWAIT_REASON; // // Profiling Sources // typedef enum _KPROFILE_SOURCE { ProfileTime, ProfileAlignmentFixup, ProfileTotalIssues, ProfilePipelineDry, ProfileLoadInstructions, ProfilePipelineFrozen, ProfileBranchInstructions, ProfileTotalNonissues, ProfileDcacheMisses, ProfileIcacheMisses, ProfileCacheMisses, ProfileBranchMispredictions, ProfileStoreInstructions, ProfileFpInstructions, ProfileIntegerInstructions, Profile2Issue, Profile3Issue, Profile4Issue, ProfileSpecialInstructions, ProfileTotalCycles, ProfileIcacheIssues, ProfileDcacheAccesses, ProfileMemoryBarrierCycles, ProfileLoadLinkedIssues, ProfileMaximum } KPROFILE_SOURCE; // // NT Product and Architecture Types // typedef enum _NT_PRODUCT_TYPE { NtProductWinNt = 1, NtProductLanManNt, NtProductServer } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE; typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE { StandardDesign, NEC98x86, EndAlternatives } ALTERNATIVE_ARCHITECTURE_TYPE; #endif // // Thread States // typedef enum _KTHREAD_STATE { Initialized, Ready, Running, Standby, Terminated, Waiting, Transition, DeferredReady, #if (NTDDI_VERSION >= NTDDI_WS03) GateWait #endif } KTHREAD_STATE, *PKTHREAD_STATE; // // Kernel Object Types // typedef enum _KOBJECTS { EventNotificationObject = 0, EventSynchronizationObject = 1, MutantObject = 2, ProcessObject = 3, QueueObject = 4, SemaphoreObject = 5, ThreadObject = 6, GateObject = 7, TimerNotificationObject = 8, TimerSynchronizationObject = 9, Spare2Object = 10, Spare3Object = 11, Spare4Object = 12, Spare5Object = 13, Spare6Object = 14, Spare7Object = 15, Spare8Object = 16, Spare9Object = 17, ApcObject = 18, DpcObject = 19, DeviceQueueObject = 20, EventPairObject = 21, InterruptObject = 22, ProfileObject = 23, ThreadedDpcObject = 24, MaximumKernelObject = 25 } KOBJECTS; // // Adjust reasons // typedef enum _ADJUST_REASON { AdjustNone = 0, AdjustUnwait = 1, AdjustBoost = 2 } ADJUST_REASON; // // Continue Status // typedef enum _KCONTINUE_STATUS { ContinueError = 0, ContinueSuccess, ContinueProcessorReselected, ContinueNextProcessor } KCONTINUE_STATUS; // // Process States // typedef enum _KPROCESS_STATE { ProcessInMemory, ProcessOutOfMemory, ProcessInTransition, ProcessInSwap, ProcessOutSwap, } KPROCESS_STATE, *PKPROCESS_STATE; // // NtVdmControl Classes // typedef enum _VDMSERVICECLASS { VdmStartExecution = 0, VdmQueueInterrupt = 1, VdmDelayInterrupt = 2, VdmInitialize = 3, VdmFeatures = 4, VdmSetInt21Handler = 5, VdmQueryDir = 6, VdmPrinterDirectIoOpen = 7, VdmPrinterDirectIoClose = 8, VdmPrinterInitialize = 9, VdmSetLdtEntries = 10, VdmSetProcessLdtInfo = 11, VdmAdlibEmulation = 12, VdmPMCliControl = 13, VdmQueryVdmProcess = 14, } VDMSERVICECLASS; #ifdef NTOS_MODE_USER // // APC Normal Routine // typedef VOID (NTAPI *PKNORMAL_ROUTINE)( IN PVOID NormalContext, IN PVOID SystemArgument1, IN PVOID SystemArgument2 ); // // Timer Routine // typedef VOID (NTAPI *PTIMER_APC_ROUTINE)( IN PVOID TimerContext, IN ULONG TimerLowValue, IN LONG TimerHighValue ); // // System Time Structure // typedef struct _KSYSTEM_TIME { ULONG LowPart; LONG High1Time; LONG High2Time; } KSYSTEM_TIME, *PKSYSTEM_TIME; // // Shared Kernel User Data // typedef struct _KUSER_SHARED_DATA { ULONG TickCountLowDeprecated; ULONG TickCountMultiplier; volatile KSYSTEM_TIME InterruptTime; volatile KSYSTEM_TIME SystemTime; volatile KSYSTEM_TIME TimeZoneBias; USHORT ImageNumberLow; USHORT ImageNumberHigh; WCHAR NtSystemRoot[260]; ULONG MaxStackTraceDepth; ULONG CryptoExponent; ULONG TimeZoneId; ULONG LargePageMinimum; ULONG Reserved2[7]; NT_PRODUCT_TYPE NtProductType; BOOLEAN ProductTypeIsValid; ULONG NtMajorVersion; ULONG NtMinorVersion; BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; ULONG Reserved1; ULONG Reserved3; volatile ULONG TimeSlip; ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; LARGE_INTEGER SystemExpirationDate; ULONG SuiteMask; BOOLEAN KdDebuggerEnabled; #if (NTDDI_VERSION >= NTDDI_WINXPSP2) UCHAR NXSupportPolicy; #endif volatile ULONG ActiveConsoleId; volatile ULONG DismountCount; ULONG ComPlusPackage; ULONG LastSystemRITEventTickCount; ULONG NumberOfPhysicalPages; BOOLEAN SafeBootMode; ULONG TraceLogging; ULONG Fill0; ULONGLONG TestRetInstruction; ULONG SystemCall; ULONG SystemCallReturn; ULONGLONG SystemCallPad[3]; union { volatile KSYSTEM_TIME TickCount; volatile ULONG64 TickCountQuad; }; ULONG Cookie; #if (NTDDI_VERSION >= NTDDI_WS03) LONGLONG ConsoleSessionForegroundProcessId; ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES]; #endif #if (NTDDI_VERSION >= NTDDI_LONGHORN) USHORT UserModeGlobalLogger[8]; ULONG HeapTracingPid[2]; ULONG CritSecTracingPid[2]; union { ULONG SharedDataFlags; struct { ULONG DbgErrorPortPresent:1; ULONG DbgElevationEnabled:1; ULONG DbgVirtEnabled:1; ULONG DbgInstallerDetectEnabled:1; ULONG SpareBits:28; }; }; ULONG ImageFileExecutionOptions; KAFFINITY ActiveProcessorAffinity; #endif } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; // // VDM Structures // #include "pshpack1.h" typedef struct _VdmVirtualIca { LONG ica_count[8]; LONG ica_int_line; LONG ica_cpu_int; USHORT ica_base; USHORT ica_hipiri; USHORT ica_mode; UCHAR ica_master; UCHAR ica_irr; UCHAR ica_isr; UCHAR ica_imr; UCHAR ica_ssr; } VDMVIRTUALICA, *PVDMVIRTUALICA; #include "poppack.h" typedef struct _VdmIcaUserData { PVOID pIcaLock; PVDMVIRTUALICA pIcaMaster; PVDMVIRTUALICA pIcaSlave; PULONG pDelayIrq; PULONG pUndelayIrq; PULONG pDelayIret; PULONG pIretHooked; PULONG pAddrIretBopTable; PHANDLE phWowIdleEvent; PLARGE_INTEGER pIcaTimeout; PHANDLE phMainThreadSuspended; } VDMICAUSERDATA, *PVDMICAUSERDATA; typedef struct _VDM_INITIALIZE_DATA { PVOID TrapcHandler; PVDMICAUSERDATA IcaUserData; } VDM_INITIALIZE_DATA, *PVDM_INITIALIZE_DATA; #else // // System Thread Start Routine // typedef VOID (NTAPI *PKSYSTEM_ROUTINE)( PKSTART_ROUTINE StartRoutine, PVOID StartContext ); // // APC Environment Types // typedef enum _KAPC_ENVIRONMENT { OriginalApcEnvironment, AttachedApcEnvironment, CurrentApcEnvironment, InsertApcEnvironment } KAPC_ENVIRONMENT; // // CPU Cache Types // typedef enum _PROCESSOR_CACHE_TYPE { CacheUnified, CacheInstruction, CacheData, CacheTrace, } PROCESSOR_CACHE_TYPE; // // PRCB DPC Data // typedef struct _KDPC_DATA { LIST_ENTRY DpcListHead; ULONG DpcLock; volatile ULONG DpcQueueDepth; ULONG DpcCount; } KDPC_DATA, *PKDPC_DATA; // // Per-Processor Lookaside List // typedef struct _PP_LOOKASIDE_LIST { struct _GENERAL_LOOKASIDE *P; struct _GENERAL_LOOKASIDE *L; } PP_LOOKASIDE_LIST, *PPP_LOOKASIDE_LIST; // // CPU Cache Descriptor // typedef struct _CACHE_DESCRIPTOR { UCHAR Level; UCHAR Associativity; USHORT LineSize; ULONG Size; PROCESSOR_CACHE_TYPE Type; } CACHE_DESCRIPTOR, *PCACHE_DESCRIPTOR; // // Architectural Types // #include // // Kernel Memory Node // #include typedef struct _KNODE { SLIST_HEADER DeadStackList; SLIST_HEADER PfnDereferenceSListHead; KAFFINITY ProcessorMask; ULONG Color; UCHAR Seed; UCHAR NodeNumber; ULONG Flags; ULONG MmShiftedColor; ULONG FreeCount[2]; struct _SINGLE_LIST_ENTRY *PfnDeferredList; } KNODE, *PKNODE; #include // // Kernel Profile Object // typedef struct _KPROFILE { CSHORT Type; CSHORT Size; LIST_ENTRY ProfileListEntry; struct _KPROCESS *Process; PVOID RangeBase; PVOID RangeLimit; ULONG BucketShift; PVOID Buffer; ULONG Segment; KAFFINITY Affinity; KPROFILE_SOURCE Source; BOOLEAN Started; } KPROFILE, *PKPROFILE; // // Kernel Interrupt Object // typedef struct _KINTERRUPT { CSHORT Type; CSHORT Size; LIST_ENTRY InterruptListEntry; PKSERVICE_ROUTINE ServiceRoutine; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PKSERVICE_ROUTINE MessageServiceRoutine; ULONG MessageIndex; #endif PVOID ServiceContext; KSPIN_LOCK SpinLock; ULONG TickCount; PKSPIN_LOCK ActualLock; PKINTERRUPT_ROUTINE DispatchAddress; ULONG Vector; KIRQL Irql; KIRQL SynchronizeIrql; BOOLEAN FloatingSave; BOOLEAN Connected; CCHAR Number; BOOLEAN ShareVector; KINTERRUPT_MODE Mode; #if (NTDDI_VERSION >= NTDDI_LONGHORN) KINTERRUPT_POLARITY Polarity; #endif ULONG ServiceCount; ULONG DispatchCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONGLONG Rsvd1; #endif ULONG DispatchCode[KINTERRUPT_DISPATCH_CODES]; } KINTERRUPT, *PKINTERRUPT; // // Kernel Event Pair Object // typedef struct _KEVENT_PAIR { CSHORT Type; CSHORT Size; KEVENT LowEvent; KEVENT HighEvent; } KEVENT_PAIR, *PKEVENT_PAIR; // // Kernel No Execute Options // typedef struct _KEXECUTE_OPTIONS { UCHAR ExecuteDisable:1; UCHAR ExecuteEnable:1; UCHAR DisableThunkEmulation:1; UCHAR Permanent:1; UCHAR ExecuteDispatchEnable:1; UCHAR ImageDispatchEnable:1; UCHAR Spare:2; } KEXECUTE_OPTIONS, *PKEXECUTE_OPTIONS; // // Kernel Thread (KTHREAD) // typedef struct _KTHREAD { DISPATCHER_HEADER DispatcherHeader; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONGLONG CycleTime; ULONG HighCycleTime; ULONGLONG QuantumTarget; #else LIST_ENTRY MutantListHead; #endif PVOID InitialStack; ULONG_PTR StackLimit; PVOID KernelStack; KSPIN_LOCK ThreadLock; union { KAPC_STATE ApcState; struct { UCHAR ApcStateFill[23]; UCHAR ApcQueueable; volatile UCHAR NextProcessor; volatile UCHAR DeferredProcessor; UCHAR AdjustReason; SCHAR AdjustIncrement; }; }; KSPIN_LOCK ApcQueueLock; ULONG ContextSwitches; volatile UCHAR State; UCHAR NpxState; KIRQL WaitIrql; KPROCESSOR_MODE WaitMode; LONG_PTR WaitStatus; union { PKWAIT_BLOCK WaitBlockList; PKGATE GateObject; }; #if (NTDDI_VERSION >= NTDDI_LONGHORN) union { struct { ULONG KernelStackResident:1; ULONG ReadyTransition:1; ULONG ProcessReadyQueue:1; ULONG WaitNext:1; ULONG SystemAffinityActive:1; ULONG Alertable:1; ULONG GdiFlushActive:1; ULONG Reserved:25; }; LONG MiscFlags; }; #else BOOLEAN Alertable; BOOLEAN WaitNext; #endif UCHAR WaitReason; SCHAR Priority; BOOLEAN EnableStackSwap; volatile UCHAR SwapBusy; BOOLEAN Alerted[MaximumMode]; union { LIST_ENTRY WaitListEntry; SINGLE_LIST_ENTRY SwapListEntry; }; PKQUEUE Queue; ULONG WaitTime; union { struct { SHORT KernelApcDisable; SHORT SpecialApcDisable; }; ULONG CombinedApcDisable; }; struct _TEB *Teb; union { KTIMER Timer; struct { UCHAR TimerFill[40]; union { struct { LONG AutoAlignment:1; LONG DisableBoost:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) LONG EtwStackTrace1ApcInserted:1; LONG EtwStackTrace2ApcInserted:1; LONG CycleChargePending:1; LONG ReservedFlags:27; #else LONG ReservedFlags:30; #endif }; LONG ThreadFlags; }; }; }; union { KWAIT_BLOCK WaitBlock[THREAD_WAIT_OBJECTS + 1]; struct { UCHAR WaitBlockFill0[23]; #if (NTDDI_VERSION >= NTDDI_LONGHORN) UCHAR IdealProcessor; #else BOOLEAN SystemAffinityActive; #endif }; struct { UCHAR WaitBlockFill1[47]; CCHAR PreviousMode; }; struct { UCHAR WaitBlockFill2[71]; UCHAR ResourceIndex; }; struct { UCHAR WaitBlockFill3[95]; UCHAR LargeStack; }; }; LIST_ENTRY QueueListEntry; PKTRAP_FRAME TrapFrame; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID FirstArgument; #endif PVOID CallbackStack; PVOID ServiceTable; UCHAR ApcStateIndex; #if (NTDDI_VERSION < NTDDI_LONGHORN) UCHAR IdealProcessor; #endif BOOLEAN Preempted; #if (NTDDI_VERSION >= NTDDI_LONGHORN) BOOLEAN CalloutActive; #else BOOLEAN ProcessReadyQueue; BOOLEAN KernelStackResident; #endif SCHAR BasePriority; SCHAR PriorityDecrement; CHAR Saturation; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG SystemCallNumber; ULONG Spare2; #endif KAFFINITY UserAffinity; struct _KPROCESS *Process; KAFFINITY Affinity; PKAPC_STATE ApcStatePointer[2]; union { KAPC_STATE SavedApcState; struct { UCHAR SavedApcStateFill[23]; CCHAR FreezeCount; CCHAR SuspendCount; UCHAR UserIdealProcessor; #if (NTDDI_VERSION >= NTDDI_LONGHORN) union { struct { UCHAR ReservedBits0:1; UCHAR SegmentsPresent:1; UCHAR Reservedbits1:1; }; UCHAR NestedStateFlags; }; #else UCHAR CalloutActive; #endif UCHAR Iopl; }; }; PVOID Win32Thread; PVOID StackBase; union { KAPC SuspendApc; struct { UCHAR SuspendApcFill0[1]; SCHAR Quantum; }; struct { UCHAR SuspendApcFill1[3]; UCHAR QuantumReset; }; struct { UCHAR SuspendApcFill2[4]; ULONG KernelTime; }; struct { UCHAR SuspendApcFill3[36]; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PKPRCB WaitPrcb; #else PVOID TlsArray; #endif }; struct { UCHAR SuspendApcFill4[40]; PVOID LegoData; }; struct { UCHAR SuspendApcFill5[47]; UCHAR PowerState; ULONG UserTime; }; }; union { KSEMAPHORE SuspendSemaphore; struct { UCHAR SuspendSemaphorefill[20]; ULONG SListFaultCount; }; }; LIST_ENTRY ThreadListEntry; #if (NTDDI_VERSION >= NTDDI_LONGHORN) LIST_ENTRY MutantListHead; #endif PVOID SListFaultAddress; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID MdlForLockedteb; #endif } KTHREAD, *PKTHREAD; #define ASSERT_THREAD(object) \ ASSERT((((object)->DispatcherHeader.Type & KOBJECT_TYPE_MASK) == ThreadObject)) // // Kernel Process (KPROCESS) // typedef struct _KPROCESS { DISPATCHER_HEADER Header; LIST_ENTRY ProfileListHead; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG DirectoryTableBase; ULONG Unused0; #else LARGE_INTEGER DirectoryTableBase; #endif #if defined(_M_IX86) KGDTENTRY LdtDescriptor; KIDTENTRY Int21Descriptor; USHORT IopmOffset; UCHAR Iopl; UCHAR Unused; #endif volatile ULONG ActiveProcessors; ULONG KernelTime; ULONG UserTime; LIST_ENTRY ReadyListHead; SINGLE_LIST_ENTRY SwapListEntry; PVOID VdmTrapcHandler; LIST_ENTRY ThreadListHead; KSPIN_LOCK ProcessLock; KAFFINITY Affinity; union { struct { LONG AutoAlignment:1; LONG DisableBoost:1; LONG DisableQuantum:1; LONG ReservedFlags:29; }; LONG ProcessFlags; }; SCHAR BasePriority; SCHAR QuantumReset; UCHAR State; UCHAR ThreadSeed; UCHAR PowerState; UCHAR IdealNode; UCHAR Visited; union { KEXECUTE_OPTIONS Flags; UCHAR ExecuteOptions; }; ULONG StackCount; LIST_ENTRY ProcessListEntry; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONGLONG CycleTime; #endif } KPROCESS, *PKPROCESS; #define ASSERT_PROCESS(object) \ ASSERT((((object)->Header.Type & KOBJECT_TYPE_MASK) == ProcessObject)) // // System Service Table Descriptor // typedef struct _KSERVICE_TABLE_DESCRIPTOR { PULONG_PTR Base; PULONG Count; ULONG Limit; #if defined(_IA64_) LONG TableBaseGpOffset; #endif PUCHAR Number; } KSERVICE_TABLE_DESCRIPTOR, *PKSERVICE_TABLE_DESCRIPTOR; // // Exported Loader Parameter Block // extern struct _LOADER_PARAMETER_BLOCK NTSYSAPI *KeLoaderBlock; // // Exported Hardware Data // extern KAFFINITY NTSYSAPI KeActiveProcessors; #if (NTDDI_VERSION >= NTDDI_LONGHORN) extern volatile CCHAR NTSYSAPI KeNumberProcessors; #else #if (NTDDI_VERSION >= NTDDI_WINXP) extern CCHAR NTSYSAPI KeNumberProcessors; #else //extern PCCHAR KeNumberProcessors; extern NTSYSAPI CCHAR KeNumberProcessors; //FIXME: Note to Alex: I won't fix this atm, since I prefer to discuss this with you first. #endif #endif extern ULONG NTSYSAPI KiDmaIoCoherency; extern ULONG NTSYSAPI KeMaximumIncrement; extern ULONG NTSYSAPI KeMinimumIncrement; extern ULONG NTSYSAPI KeDcacheFlushCount; extern ULONG NTSYSAPI KeIcacheFlushCount; // // Exported System Service Descriptor Tables // extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTable[SSDT_MAX_ENTRIES]; extern KSERVICE_TABLE_DESCRIPTOR NTSYSAPI KeServiceDescriptorTableShadow[SSDT_MAX_ENTRIES]; #endif // !NTOS_MODE_USER #endif // _KETYPES_H ================================================ FILE: ndk/ldrfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ldrfuncs.h Abstract: Functions definitions for the Loader. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _LDRFUNCS_H #define _LDRFUNCS_H // // Dependencies // #include #include #if defined(_MSC_VER) && !defined(NTOS_MODE_USER) #include #endif // // Resource Functions // NTSTATUS NTAPI LdrAccessResource( IN PVOID BaseAddress, IN PIMAGE_RESOURCE_DATA_ENTRY ResourceDataEntry, OUT PVOID *Resource OPTIONAL, OUT PULONG Size OPTIONAL ); NTSTATUS NTAPI LdrFindResource_U( IN PVOID BaseAddress, IN PLDR_RESOURCE_INFO ResourceInfo, IN ULONG Level, OUT PIMAGE_RESOURCE_DATA_ENTRY *ResourceDataEntry ); NTSTATUS NTAPI LdrFindResourceDirectory_U( IN PVOID BaseAddress, IN PLDR_RESOURCE_INFO ResourceInfo, IN ULONG Level, OUT PIMAGE_RESOURCE_DIRECTORY *ResourceDirectory ); BOOLEAN LdrUnloadAlternateResourceModule( IN PVOID BaseAddress ); // // Misc. Functions // NTSTATUS NTAPI LdrGetProcedureAddress( IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress ); ULONG NTAPI LdrRelocateImage( IN PVOID NewBase, IN PUCHAR LoaderName, IN ULONG Success, IN ULONG Conflict, IN ULONG Invalid ); NTSTATUS LdrLockLoaderLock( IN ULONG Flags, OUT PULONG Disposition OPTIONAL, OUT PULONG Cookie OPTIONAL ); NTSTATUS NTAPI LdrUnlockLoaderLock( IN ULONG Flags, IN ULONG Cookie OPTIONAL ); BOOLEAN NTAPI LdrVerifyMappedImageMatchesChecksum( IN PVOID BaseAddress, IN ULONG NumberOfBytes, IN ULONG FileLength ); #endif ================================================ FILE: ndk/ldrtypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ldrtypes.h Abstract: Type definitions for the Loader. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _LDRTYPES_H #define _LDRTYPES_H // // Dependencies // #include // // Resource Type Levels // #define RESOURCE_TYPE_LEVEL 0 #define RESOURCE_NAME_LEVEL 1 #define RESOURCE_LANGUAGE_LEVEL 2 #define RESOURCE_DATA_LEVEL 3 // // Loader Data Table Entry Flags // #define LDRP_STATIC_LINK 0x00000002 #define LDRP_IMAGE_DLL 0x00000004 #define LDRP_LOAD_IN_PROGRESS 0x00001000 #define LDRP_UNLOAD_IN_PROGRESS 0x00002000 #define LDRP_ENTRY_PROCESSED 0x00004000 #define LDRP_ENTRY_INSERTED 0x00008000 #define LDRP_CURRENT_LOAD 0x00010000 #define LDRP_FAILED_BUILTIN_LOAD 0x00020000 #define LDRP_DONT_CALL_FOR_THREADS 0x00040000 #define LDRP_PROCESS_ATTACH_CALLED 0x00080000 #define LDRP_DEBUG_SYMBOLS_LOADED 0x00100000 #define LDRP_IMAGE_NOT_AT_BASE 0x00200000 #define LDRP_COR_IMAGE 0x00400000 #define LDR_COR_OWNS_UNMAP 0x00800000 #define LDRP_SYSTEM_MAPPED 0x01000000 #define LDRP_IMAGE_VERIFYING 0x02000000 #define LDRP_DRIVER_DEPENDENT_DLL 0x04000000 #define LDRP_ENTRY_NATIVE 0x08800000 #define LDRP_REDIRECTED 0x10000000 #define LDRP_NON_PAGED_DEBUG_INFO 0x20000000 #define LDRP_MM_LOADED 0x40000000 #define LDRP_COMPAT_DATABASE_PROCESSED 0x80000000 // // Dll Characteristics for LdrLoadDll // #define LDR_IGNORE_CODE_AUTHZ_LEVEL 0x00001000 // // LdrAddRef Flags // #define LDR_PIN_MODULE 0x00000001 // // LdrLockLoaderLock Flags // #define LDR_LOCK_LOADER_LOCK_FLAG_RAISE_STATUS 0x00000001 #define LDR_LOCK_LOADER_LOCK_FLAG_TRY_ONLY 0x00000002 // // FIXME: THIS SHOULD *NOT* BE USED! // #define IMAGE_SCN_TYPE_NOLOAD 0x00000002 // // Loader Data stored in the PEB // typedef struct _PEB_LDR_DATA { ULONG Length; BOOLEAN Initialized; PVOID SsHandle; LIST_ENTRY InLoadOrderModuleList; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; PVOID EntryInProgress; } PEB_LDR_DATA, *PPEB_LDR_DATA; // // Loader Data Table Entry // typedef struct _LDR_DATA_TABLE_ENTRY { LIST_ENTRY InLoadOrderLinks; LIST_ENTRY InMemoryOrderModuleList; LIST_ENTRY InInitializationOrderModuleList; PVOID DllBase; PVOID EntryPoint; ULONG SizeOfImage; UNICODE_STRING FullDllName; UNICODE_STRING BaseDllName; ULONG Flags; USHORT LoadCount; USHORT TlsIndex; union { LIST_ENTRY HashLinks; PVOID SectionPointer; }; ULONG CheckSum; union { ULONG TimeDateStamp; PVOID LoadedImports; }; PVOID EntryPointActivationContext; PVOID PatchInformation; } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY; // // Loaded Imports Reference Counting in Kernel // typedef struct _LOAD_IMPORTS { SIZE_T Count; PLDR_DATA_TABLE_ENTRY Entry[1]; } LOAD_IMPORTS, *PLOAD_IMPORTS; // // Loader Resource Information // typedef struct _LDR_RESOURCE_INFO { ULONG Type; ULONG Name; ULONG Language; } LDR_RESOURCE_INFO, *PLDR_RESOURCE_INFO; // // DLL Notifications // typedef struct _LDR_DLL_LOADED_NOTIFICATION_DATA { ULONG Flags; PUNICODE_STRING FullDllName; PUNICODE_STRING BaseDllName; PVOID DllBase; ULONG SizeOfImage; } LDR_DLL_LOADED_NOTIFICATION_DATA, *PLDR_DLL_LOADED_NOTIFICATION_DATA; typedef VOID (*PLDR_DLL_LOADED_NOTIFICATION_CALLBACK)( IN BOOLEAN Type, IN struct _LDR_DLL_LOADED_NOTIFICATION_DATA *Data ); typedef struct _LDR_DLL_LOADED_NOTIFICATION_ENTRY { LIST_ENTRY NotificationListEntry; PLDR_DLL_LOADED_NOTIFICATION_CALLBACK Callback; } LDR_DLL_LOADED_NOTIFICATION_ENTRY, *PLDR_DLL_LOADED_NOTIFICATION_ENTRY; // // Alternate Resources Support // typedef struct _ALT_RESOURCE_MODULE { LANGID LangId; PVOID ModuleBase; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID ModuleManifest; #endif PVOID AlternateModule; #if (NTDDI_VERSION >= NTDDI_LONGHORN) HANDLE AlternateFileHandle; ULONG ModuleCheckSum; ULONG ErrorCode; #endif } ALT_RESOURCE_MODULE, *PALT_RESOURCE_MODULE; #endif ================================================ FILE: ndk/lpcfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: lpcfuncs.h Abstract: Function definitions for the Executive. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _LPCFUNCS_H #define _LPCFUNCS_H // // Dependencies // #include // // LPC Exports // #ifndef NTOS_MODE_USER NTKERNELAPI NTSTATUS NTAPI LpcRequestWaitReplyPort( IN PVOID Port, IN PPORT_MESSAGE LpcMessageRequest, OUT PPORT_MESSAGE LpcMessageReply ); NTSTATUS NTAPI LpcRequestPort( IN PVOID Port, IN PPORT_MESSAGE LpcMessage ); #endif // // Native calls // NTSYSCALLAPI NTSTATUS NTAPI NtAcceptConnectPort( PHANDLE PortHandle, PVOID PortContext OPTIONAL, PPORT_MESSAGE ConnectionRequest, BOOLEAN AcceptConnection, PPORT_VIEW ServerView OPTIONAL, PREMOTE_PORT_VIEW ClientView OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtCompleteConnectPort( HANDLE PortHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtConnectPort( PHANDLE PortHandle, PUNICODE_STRING PortName, PSECURITY_QUALITY_OF_SERVICE SecurityQos, PPORT_VIEW ClientView OPTIONAL, PREMOTE_PORT_VIEW ServerView OPTIONAL, PULONG MaxMessageLength OPTIONAL, PVOID ConnectionInformation OPTIONAL, PULONG ConnectionInformationLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtCreatePort( PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG MaxConnectionInfoLength, ULONG MaxMessageLength, ULONG MaxPoolUsage ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateWaitablePort( PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG MaxConnectInfoLength, ULONG MaxDataLength, ULONG NPMessageQueueSize OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateClientOfPort( HANDLE PortHandle, PPORT_MESSAGE ClientMessage ); NTSYSCALLAPI NTSTATUS NTAPI NtListenPort( HANDLE PortHandle, PPORT_MESSAGE ConnectionRequest ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationPort( HANDLE PortHandle, PORT_INFORMATION_CLASS PortInformationClass, PVOID PortInformation, ULONG PortInformationLength, PULONG ReturnLength ); NTSTATUS NTAPI NtQueryPortInformationProcess( VOID ); NTSYSCALLAPI NTSTATUS NTAPI NtReadRequestData( HANDLE PortHandle, PPORT_MESSAGE Message, ULONG Index, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE LpcReply ); NTSYSCALLAPI NTSTATUS NTAPI NtReplyWaitReceivePort( IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage ); NTSYSCALLAPI NTSTATUS NTAPI NtReplyWaitReceivePortEx( IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtReplyWaitReplyPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE ReplyMessage ); NTSYSCALLAPI NTSTATUS NTAPI NtRequestPort( IN HANDLE PortHandle, IN PPORT_MESSAGE LpcMessage ); NTSYSCALLAPI NTSTATUS NTAPI NtRequestWaitReplyPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE LpcReply, IN PPORT_MESSAGE LpcRequest ); NTSYSCALLAPI NTSTATUS NTAPI NtSecureConnectPort( PHANDLE PortHandle, PUNICODE_STRING PortName, PSECURITY_QUALITY_OF_SERVICE SecurityQos, PPORT_VIEW ClientView OPTIONAL, PSID Sid OPTIONAL, PREMOTE_PORT_VIEW ServerView OPTIONAL, PULONG MaxMessageLength OPTIONAL, PVOID ConnectionInformation OPTIONAL, PULONG ConnectionInformationLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtWriteRequestData( HANDLE PortHandle, PPORT_MESSAGE Message, ULONG Index, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwAcceptConnectPort( PHANDLE PortHandle, PVOID PortContext OPTIONAL, PPORT_MESSAGE ConnectionRequest, BOOLEAN AcceptConnection, PPORT_VIEW ServerView OPTIONAL, PREMOTE_PORT_VIEW ClientView OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwCompleteConnectPort( HANDLE PortHandle ); NTSYSAPI NTSTATUS NTAPI ZwConnectPort( PHANDLE PortHandle, PUNICODE_STRING PortName, PSECURITY_QUALITY_OF_SERVICE SecurityQos, PPORT_VIEW ClientView OPTIONAL, PREMOTE_PORT_VIEW ServerView OPTIONAL, PULONG MaxMessageLength OPTIONAL, PVOID ConnectionInformation OPTIONAL, PULONG ConnectionInformationLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwCreatePort( PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG MaxConnectionInfoLength, ULONG MaxMessageLength, ULONG MaxPoolUsage ); NTSYSAPI NTSTATUS NTAPI ZwCreateWaitablePort( PHANDLE PortHandle, POBJECT_ATTRIBUTES ObjectAttributes, ULONG MaxConnectInfoLength, ULONG MaxDataLength, ULONG NPMessageQueueSize OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwImpersonateClientOfPort( HANDLE PortHandle, PPORT_MESSAGE ClientMessage ); NTSYSAPI NTSTATUS NTAPI ZwListenPort( HANDLE PortHandle, PPORT_MESSAGE ConnectionRequest ); NTSYSAPI NTSTATUS NTAPI ZwQueryInformationPort( HANDLE PortHandle, PORT_INFORMATION_CLASS PortInformationClass, PVOID PortInformation, ULONG PortInformationLength, PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwReadRequestData( HANDLE PortHandle, PPORT_MESSAGE Message, ULONG Index, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwReplyPort( IN HANDLE PortHandle, IN PPORT_MESSAGE LpcReply ); NTSYSAPI NTSTATUS NTAPI ZwReplyWaitReceivePort( IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage ); NTSYSAPI NTSTATUS NTAPI ZwReplyWaitReceivePortEx( IN HANDLE PortHandle, OUT PVOID *PortContext OPTIONAL, IN PPORT_MESSAGE ReplyMessage OPTIONAL, OUT PPORT_MESSAGE ReceiveMessage, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwReplyWaitReplyPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE ReplyMessage ); NTSYSAPI NTSTATUS NTAPI ZwRequestPort( IN HANDLE PortHandle, IN PPORT_MESSAGE LpcMessage ); NTSYSAPI NTSTATUS NTAPI ZwRequestWaitReplyPort( IN HANDLE PortHandle, OUT PPORT_MESSAGE LpcReply, IN PPORT_MESSAGE LpcRequest ); NTSYSAPI NTSTATUS NTAPI ZwSecureConnectPort( PHANDLE PortHandle, PUNICODE_STRING PortName, PSECURITY_QUALITY_OF_SERVICE SecurityQos, PPORT_VIEW ClientView OPTIONAL, PSID Sid OPTIONAL, PREMOTE_PORT_VIEW ServerView OPTIONAL, PULONG MaxMessageLength OPTIONAL, PVOID ConnectionInformation OPTIONAL, PULONG ConnectionInformationLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwWriteRequestData( HANDLE PortHandle, PPORT_MESSAGE Message, ULONG Index, PVOID Buffer, ULONG BufferLength, PULONG ReturnLength ); #endif ================================================ FILE: ndk/lpctypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: lpctypes.h Abstract: Type definitions for the Loader. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _LPCTYPES_H #define _LPCTYPES_H // // Dependencies // #include //#include // // Internal helper macro // #define N_ROUND_UP(x,s) \ (((ULONG)(x)+(s)-1) & ~((ULONG)(s)-1)) // // Maximum message size that can be sent through an LPC Port without a section // #define PORT_MAXIMUM_MESSAGE_LENGTH 256 // // Port Object Access Masks // #define PORT_CONNECT 0x1 #define PORT_ALL_ACCESS 0x1 // // Port Object Flags // #define LPCP_CONNECTION_PORT 0x00000001 #define LPCP_UNCONNECTED_PORT 0x00000002 #define LPCP_COMMUNICATION_PORT 0x00000003 #define LPCP_CLIENT_PORT 0x00000004 #define LPCP_PORT_TYPE_MASK 0x0000000F #define LPCP_PORT_DELETED 0x10000000 #define LPCP_WAITABLE_PORT 0x20000000 #define LPCP_NAME_DELETED 0x40000000 #define LPCP_SECURITY_DYNAMIC 0x80000000 // // LPC Message Types // typedef enum _LPC_TYPE { LPC_NEW_MESSAGE, LPC_REQUEST, LPC_REPLY, LPC_DATAGRAM, LPC_LOST_REPLY, LPC_PORT_CLOSED, LPC_CLIENT_DIED, LPC_EXCEPTION, LPC_DEBUG_EVENT, LPC_ERROR_EVENT, LPC_CONNECTION_REQUEST, LPC_CONNECTION_REFUSED, LPC_MAXIMUM } LPC_TYPE; // // Information Classes for NtQueryInformationPort // typedef enum _PORT_INFORMATION_CLASS { PortNoInformation } PORT_INFORMATION_CLASS; #ifdef NTOS_MODE_USER // // Portable LPC Types for 32/64-bit compatibility // #ifdef USE_LPC6432 #define LPC_CLIENT_ID CLIENT_ID64 #define LPC_SIZE_T ULONGLONG #define LPC_PVOID ULONGLONG #define LPC_HANDLE ULONGLONG #else #define LPC_CLIENT_ID CLIENT_ID #define LPC_SIZE_T SIZE_T #define LPC_PVOID PVOID #define LPC_HANDLE HANDLE #endif // // LPC Port Message // typedef struct _PORT_MESSAGE { union { struct { CSHORT DataLength; CSHORT TotalLength; } s1; ULONG Length; } u1; union { struct { CSHORT Type; CSHORT DataInfoOffset; } s2; ULONG ZeroInit; } u2; union { LPC_CLIENT_ID ClientId; double DoNotUseThisField; }; ULONG MessageId; union { LPC_SIZE_T ClientViewSize; ULONG CallbackId; }; } PORT_MESSAGE, *PPORT_MESSAGE; // // Local and Remove Port Views // typedef struct _PORT_VIEW { ULONG Length; LPC_HANDLE SectionHandle; ULONG SectionOffset; LPC_SIZE_T ViewSize; LPC_PVOID ViewBase; LPC_PVOID ViewRemoteBase; } PORT_VIEW, *PPORT_VIEW; typedef struct _REMOTE_PORT_VIEW { ULONG Length; LPC_SIZE_T ViewSize; LPC_PVOID ViewBase; } REMOTE_PORT_VIEW, *PREMOTE_PORT_VIEW; // // LPC Kernel-Mode Message Structures defined for size only // typedef struct _LPCP_MESSAGE { UCHAR Data[0x14]; PORT_MESSAGE Request; } LPCP_MESSAGE; typedef struct _LPCP_CONNECTION_MESSAGE { UCHAR Data[0x2C]; } LPCP_CONNECTION_MESSAGE; #else // // LPC Paged and Non-Paged Port Queues // typedef struct _LPCP_NONPAGED_PORT_QUEUE { KSEMAPHORE Semaphore; struct _LPCP_PORT_OBJECT *BackPointer; } LPCP_NONPAGED_PORT_QUEUE, *PLPCP_NONPAGED_PORT_QUEUE; typedef struct _LPCP_PORT_QUEUE { PLPCP_NONPAGED_PORT_QUEUE NonPagedPortQueue; PKSEMAPHORE Semaphore; LIST_ENTRY ReceiveHead; } LPCP_PORT_QUEUE, *PLPCP_PORT_QUEUE; // // LPC Port Object // typedef struct _LPCP_PORT_OBJECT { struct _LPCP_PORT_OBJECT *ConnectionPort; struct _LPCP_PORT_OBJECT *ConnectedPort; LPCP_PORT_QUEUE MsgQueue; CLIENT_ID Creator; PVOID ClientSectionBase; PVOID ServerSectionBase; PVOID PortContext; PETHREAD ClientThread; SECURITY_QUALITY_OF_SERVICE SecurityQos; SECURITY_CLIENT_CONTEXT StaticSecurity; LIST_ENTRY LpcReplyChainHead; LIST_ENTRY LpcDataInfoChainHead; PEPROCESS ServerProcess; PEPROCESS MappingProcess; ULONG MaxMessageLength; ULONG MaxConnectionInfoLength; ULONG Flags; KEVENT WaitEvent; } LPCP_PORT_OBJECT, *PLPCP_PORT_OBJECT; // // LPC Kernel-Mode Message Structures // typedef struct _LPCP_MESSAGE { union { LIST_ENTRY Entry; struct { SINGLE_LIST_ENTRY FreeEntry; ULONG Reserved0; }; }; PLPCP_PORT_OBJECT SenderPort; PETHREAD RepliedToThread; PVOID PortContext; PORT_MESSAGE Request; } LPCP_MESSAGE, *PLPCP_MESSAGE; typedef struct _LPCP_CONNECTION_MESSAGE { PORT_VIEW ClientView; PLPCP_PORT_OBJECT ClientPort; PVOID SectionToMap; REMOTE_PORT_VIEW ServerView; } LPCP_CONNECTION_MESSAGE, *PLPCP_CONNECTION_MESSAGE; #endif // // Client Died LPC Message // typedef struct _CLIENT_DIED_MSG { PORT_MESSAGE h; LARGE_INTEGER CreateTime; } CLIENT_DIED_MSG, *PCLIENT_DIED_MSG; // // Maximum total Kernel-Mode LPC Message Structure Size // #define LPCP_MAX_MESSAGE_SIZE \ N_ROUND_UP(PORT_MAXIMUM_MESSAGE_LENGTH + \ sizeof(LPCP_MESSAGE) + \ sizeof(LPCP_CONNECTION_MESSAGE), 16) // // Maximum actual LPC Message Length // #define LPC_MAX_MESSAGE_LENGTH \ (LPCP_MAX_MESSAGE_SIZE - \ FIELD_OFFSET(LPCP_MESSAGE, Request)) // // Maximum actual size of LPC Message Data // #define LPC_MAX_DATA_LENGTH \ (LPC_MAX_MESSAGE_LENGTH - \ sizeof(PORT_MESSAGE) - \ sizeof(LPCP_CONNECTION_MESSAGE)) #endif // _LPCTYPES_H ================================================ FILE: ndk/mmfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: mmfuncs.h Abstract: Functions definitions for the Memory Manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _MMFUNCS_H #define _MMFUNCS_H // // Dependencies // #include #ifndef NTOS_MODE_USER // // Section Functions // NTSTATUS NTAPI MmCreateSection( OUT PVOID *SectionObject, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize, IN ULONG SectionPageProtection, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL, IN PFILE_OBJECT File OPTIONAL ); NTSTATUS NTAPI MmMapViewOfSection( IN PVOID SectionObject, IN PEPROCESS Process, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PULONG ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG Protect ); NTSTATUS NTAPI MmUnmapViewOfSection( struct _EPROCESS* Process, PVOID BaseAddress ); #endif // // Native calls // NTSYSCALLAPI NTSTATUS NTAPI NtAreMappedFilesTheSame( IN PVOID File1MappedAsAnImage, IN PVOID File2MappedAsFile ); NTSTATUS NTAPI NtAllocateUserPhysicalPages( IN HANDLE ProcessHandle, IN OUT PULONG NumberOfPages, IN OUT PULONG UserPfnArray ); NTSYSCALLAPI NTSTATUS NTAPI NtAllocateVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN OUT PSIZE_T RegionSize, IN ULONG AllocationType, IN ULONG Protect ); NTSYSCALLAPI NTSTATUS NTAPI NtCreatePagingFile( IN PUNICODE_STRING FileName, IN PLARGE_INTEGER InitialSize, IN PLARGE_INTEGER MaxiumSize, IN ULONG Reserved ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtExtendSection( IN HANDLE SectionHandle, IN PLARGE_INTEGER NewMaximumSize ); NTSYSCALLAPI NTSTATUS NTAPI NtFlushVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN OUT PSIZE_T RegionSize, OUT PIO_STATUS_BLOCK IoStatus ); NTSTATUS NTAPI NtFreeUserPhysicalPages( IN HANDLE ProcessHandle, IN OUT PULONG NumberOfPages, IN OUT PULONG UserPfnArray ); NTSYSCALLAPI NTSTATUS NTAPI NtFreeVirtualMemory( IN HANDLE ProcessHandle, IN PVOID *BaseAddress, IN PSIZE_T RegionSize, IN ULONG FreeType ); NTSTATUS NTAPI NtGetWriteWatch( IN HANDLE ProcessHandle, IN ULONG Flags, IN PVOID BaseAddress, IN ULONG RegionSize, IN PVOID *UserAddressArray, OUT PULONG EntriesInUserAddressArray, OUT PULONG Granularity ); NTSYSCALLAPI NTSTATUS NTAPI NtLockVirtualMemory( HANDLE ProcessHandle, PVOID BaseAddress, ULONG NumberOfBytesToLock, PULONG NumberOfBytesLocked ); NTSTATUS NTAPI NtMapUserPhysicalPages( IN PVOID *VirtualAddresses, IN ULONG NumberOfPages, IN OUT PULONG UserPfnArray ); NTSTATUS NTAPI NtMapUserPhysicalPagesScatter( IN PVOID *VirtualAddresses, IN ULONG NumberOfPages, IN OUT PULONG UserPfnArray ); NTSYSCALLAPI NTSTATUS NTAPI NtMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG AccessProtection ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtProtectVirtualMemory( IN HANDLE ProcessHandle, IN PVOID *BaseAddress, IN ULONG *NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySection( IN HANDLE SectionHandle, IN SECTION_INFORMATION_CLASS SectionInformationClass, OUT PVOID SectionInformation, IN SIZE_T Length, OUT PSIZE_T ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryVirtualMemory( IN HANDLE ProcessHandle, IN PVOID Address, IN MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass, OUT PVOID VirtualMemoryInformation, IN SIZE_T Length, OUT PSIZE_T ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead ); NTSTATUS NTAPI NtResetWriteWatch( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN SIZE_T RegionSize ); NTSYSCALLAPI NTSTATUS NTAPI NtUnlockVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN SIZE_T NumberOfBytesToUnlock, OUT PSIZE_T NumberOfBytesUnlocked OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); NTSYSCALLAPI NTSTATUS NTAPI NtWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN SIZE_T NumberOfBytesToWrite, OUT PSIZE_T NumberOfBytesWritten ); NTSYSAPI NTSTATUS NTAPI ZwAreMappedFilesTheSame( IN PVOID File1MappedAsAnImage, IN PVOID File2MappedAsFile ); NTSYSAPI NTSTATUS NTAPI ZwAllocateVirtualMemory( IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN OUT PSIZE_T RegionSize, IN ULONG AllocationType, IN ULONG Protect ); NTSYSAPI NTSTATUS NTAPI ZwCreatePagingFile( IN PUNICODE_STRING FileName, IN PLARGE_INTEGER InitialSize, IN PLARGE_INTEGER MaxiumSize, IN ULONG Reserved ); NTSYSAPI NTSTATUS NTAPI ZwCreateSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN PLARGE_INTEGER MaximumSize OPTIONAL, IN ULONG SectionPageProtection OPTIONAL, IN ULONG AllocationAttributes, IN HANDLE FileHandle OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwExtendSection( IN HANDLE SectionHandle, IN PLARGE_INTEGER NewMaximumSize ); NTSYSAPI NTSTATUS NTAPI ZwFreeVirtualMemory( IN HANDLE ProcessHandle, IN PVOID *BaseAddress, IN PSIZE_T RegionSize, IN ULONG FreeType ); NTSYSAPI NTSTATUS NTAPI ZwLockVirtualMemory( HANDLE ProcessHandle, PVOID BaseAddress, SIZE_T NumberOfBytesToLock, PSIZE_T NumberOfBytesLocked ); NTSYSAPI NTSTATUS NTAPI ZwMapViewOfSection( IN HANDLE SectionHandle, IN HANDLE ProcessHandle, IN OUT PVOID *BaseAddress, IN ULONG ZeroBits, IN ULONG CommitSize, IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, IN OUT PSIZE_T ViewSize, IN SECTION_INHERIT InheritDisposition, IN ULONG AllocationType, IN ULONG AccessProtection ); NTSYSAPI NTSTATUS NTAPI ZwOpenSection( OUT PHANDLE SectionHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwProtectVirtualMemory( IN HANDLE ProcessHandle, IN PVOID *BaseAddress, IN ULONG *NumberOfBytesToProtect, IN ULONG NewAccessProtection, OUT PULONG OldAccessProtection ); NTSYSAPI NTSTATUS NTAPI ZwQuerySection( IN HANDLE SectionHandle, IN SECTION_INFORMATION_CLASS SectionInformationClass, OUT PVOID SectionInformation, IN SIZE_T Length, OUT PSIZE_T ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwQueryVirtualMemory( IN HANDLE ProcessHandle, IN PVOID Address, IN MEMORY_INFORMATION_CLASS VirtualMemoryInformationClass, OUT PVOID VirtualMemoryInformation, IN SIZE_T Length, OUT PSIZE_T ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwReadVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T NumberOfBytesToRead, OUT PSIZE_T NumberOfBytesRead ); NTSYSAPI NTSTATUS NTAPI ZwUnlockVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN SIZE_T NumberOfBytesToUnlock, OUT PSIZE_T NumberOfBytesUnlocked OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwUnmapViewOfSection( IN HANDLE ProcessHandle, IN PVOID BaseAddress ); NTSYSAPI NTSTATUS NTAPI ZwWriteVirtualMemory( IN HANDLE ProcessHandle, IN PVOID BaseAddress, IN PVOID Buffer, IN ULONG NumberOfBytesToWrite, OUT PULONG NumberOfBytesWritten ); #endif ================================================ FILE: ndk/mmtypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: mmtypes.h Abstract: Type definitions for the Memory Manager Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _MMTYPES_H #define _MMTYPES_H // // Dependencies // #include #include #include // // Page-Rounding Macros // #define PAGE_ROUND_DOWN(x) \ (((ULONG_PTR)(x))&(~(PAGE_SIZE-1))) #define PAGE_ROUND_UP(x) \ ( (((ULONG_PTR)(x)) + PAGE_SIZE-1) & (~(PAGE_SIZE-1)) ) #ifdef NTOS_MODE_USER #define ROUND_TO_PAGES(Size) \ (((ULONG_PTR)(Size) + PAGE_SIZE - 1) & ~(PAGE_SIZE - 1)) #endif #define ROUND_TO_ALLOCATION_GRANULARITY(Size) \ (((ULONG_PTR)(Size) + MM_ALLOCATION_GRANULARITY - 1) \ & ~(MM_ALLOCATION_GRANULARITY - 1)) // // Macro for generating pool tags // #define TAG(A, B, C, D) \ (ULONG)(((A)<<0) + ((B)<<8) + ((C)<<16) + ((D)<<24)) // // PFN Identity Uses // #define MMPFNUSE_PROCESSPRIVATE 0 #define MMPFNUSE_FILE 1 #define MMPFNUSE_PAGEFILEMAPPED 2 #define MMPFNUSE_PAGETABLE 3 #define MMPFNUSE_PAGEDPOOL 4 #define MMPFNUSE_NONPAGEDPOOL 5 #define MMPFNUSE_SYSTEMPTE 6 #define MMPFNUSE_SESSIONPRIVATE 7 #define MMPFNUSE_METAFILE 8 #define MMPFNUSE_AWEPAGE 9 #define MMPFNUSE_DRIVERLOCKPAGE 10 #define MMPFNUSE_KERNELSTACK 11 #ifndef NTOS_MODE_USER // // Virtual Memory Flags // #define MEM_WRITE_WATCH 0x200000 #define MEM_PHYSICAL 0x400000 #define MEM_ROTATE 0x800000 #define MEM_IMAGE SEC_IMAGE #define MEM_DOS_LIM 0x40000000 // // Section Flags for NtCreateSection // #define SEC_NO_CHANGE 0x400000 #define SEC_FILE 0x800000 #define SEC_IMAGE 0x1000000 #define SEC_PROTECTED_IMAGE 0x2000000 #define SEC_RESERVE 0x4000000 #define SEC_COMMIT 0x8000000 #define SEC_NOCACHE 0x10000000 #define SEC_WRITECOMBINE 0x40000000 #define SEC_LARGE_PAGES 0x80000000 #else #define SEC_BASED 0x200000 // // Section Inherit Flags for NtCreateSection // typedef enum _SECTION_INHERIT { ViewShare = 1, ViewUnmap = 2 } SECTION_INHERIT; // // Pool Types // typedef enum _POOL_TYPE { NonPagedPool, PagedPool, NonPagedPoolMustSucceed, DontUseThisType, NonPagedPoolCacheAligned, PagedPoolCacheAligned, NonPagedPoolCacheAlignedMustS, MaxPoolType, NonPagedPoolSession = 32, PagedPoolSession, NonPagedPoolMustSucceedSession, DontUseThisTypeSession, NonPagedPoolCacheAlignedSession, PagedPoolCacheAlignedSession, NonPagedPoolCacheAlignedMustSSession } POOL_TYPE; #endif // // Memory Manager Page Lists // typedef enum _MMLISTS { ZeroedPageList = 0, FreePageList = 1, StandbyPageList = 2, ModifiedPageList = 3, ModifiedNoWritePageList = 4, BadPageList = 5, ActiveAndValid = 6, TransitionPage = 7 } MMLISTS; // // Per Processor Non Paged Lookaside List IDs // typedef enum _PP_NPAGED_LOOKASIDE_NUMBER { LookasideSmallIrpList = 0, LookasideLargeIrpList = 1, LookasideMdlList = 2, LookasideCreateInfoList = 3, LookasideNameBufferList = 4, LookasideTwilightList = 5, LookasideCompletionList = 6, LookasideMaximumList = 7 } PP_NPAGED_LOOKASIDE_NUMBER; // // Memory Information Classes for NtQueryVirtualMemory // typedef enum _MEMORY_INFORMATION_CLASS { MemoryBasicInformation, MemoryWorkingSetList, MemorySectionName, MemoryBasicVlmInformation } MEMORY_INFORMATION_CLASS; // // Section Information Clasess for NtQuerySection // typedef enum _SECTION_INFORMATION_CLASS { SectionBasicInformation, SectionImageInformation, } SECTION_INFORMATION_CLASS; #ifdef NTOS_MODE_USER // // Virtual Memory Counters // typedef struct _VM_COUNTERS { SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; } VM_COUNTERS, *PVM_COUNTERS; typedef struct _VM_COUNTERS_EX { SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; SIZE_T PrivateUsage; } VM_COUNTERS_EX, *PVM_COUNTERS_EX; #endif // // Sub-Information Types for PFN Identity // typedef struct _MEMORY_FRAME_INFORMATION { ULONGLONG UseDescription:4; ULONGLONG ListDescription:3; ULONGLONG Reserved0:1; ULONGLONG Pinned:1; ULONGLONG DontUse:48; ULONGLONG Priority:3; ULONGLONG Reserved:4; } MEMORY_FRAME_INFORMATION, *PMEMORY_FRAME_INFORMATION; typedef struct _FILEOFFSET_INFORMATION { ULONGLONG DontUse:9; ULONGLONG Offset:48; ULONGLONG Reserved:7; } FILEOFFSET_INFORMATION, *PFILEOFFSET_INFORMATION; typedef struct _PAGEDIR_INFORMATION { ULONGLONG DontUse:9; ULONGLONG PageDirectoryBase:48; ULONGLONG Reserved:7; } PAGEDIR_INFORMATION, *PPAGEDIR_INFORMATION; typedef struct _UNIQUE_PROCESS_INFORMATION { ULONGLONG DontUse:9; ULONGLONG UniqueProcessKey:48; ULONGLONG Reserved:7; } UNIQUE_PROCESS_INFORMATION, *PUNIQUE_PROCESS_INFORMATION; // // PFN Identity Data Structure // typedef struct _MMPFN_IDENTITY { union { MEMORY_FRAME_INFORMATION e1; FILEOFFSET_INFORMATION e2; PAGEDIR_INFORMATION e3; UNIQUE_PROCESS_INFORMATION e4; } u1; SIZE_T PageFrameIndex; union { struct { ULONG Image:1; ULONG Mismatch:1; } e1; PVOID FileObject; PVOID UniqueFileObjectKey; PVOID ProtoPteAddress; PVOID VirtualAddress; } u2; } MMPFN_IDENTITY, *PMMPFN_IDENTITY; // // List of Working Sets // typedef struct _MEMORY_WORKING_SET_LIST { ULONG NumberOfPages; ULONG WorkingSetList[1]; } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST; // // Memory Information Structures for NtQueryVirtualMemory // typedef struct { UNICODE_STRING SectionFileName; WCHAR NameBuffer[ANYSIZE_ARRAY]; } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; // // Section Information Structures for NtQuerySection // typedef struct _SECTION_BASIC_INFORMATION { PVOID BaseAddress; ULONG Attributes; LARGE_INTEGER Size; } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; typedef struct _SECTION_IMAGE_INFORMATION { PVOID TransferAddress; ULONG ZeroBits; SIZE_T MaximumStackSize; SIZE_T CommittedStackSize; ULONG SubSystemType; union { struct { USHORT SubSystemMinorVersion; USHORT SubSystemMajorVersion; }; ULONG SubSystemVersion; }; union { struct { USHORT MajorOperatingSystemVersion; USHORT MinorOperatingSystemVersion; }; ULONG OperatingSystemVersion; }; USHORT ImageCharacteristics; USHORT DllCharacteristics; USHORT Machine; BOOLEAN ImageContainsCode; union { UCHAR ImageFlags; struct { UCHAR ComPlusNativeReady : 1; UCHAR ComPlusILOnly : 1; UCHAR ImageDynamicallyRelocated : 1; UCHAR ImageMappedFlat : 1; UCHAR BaseBelow4gb : 1; UCHAR ComPlusPrefer32bit : 1; UCHAR Reserved : 2; }; }; ULONG LoaderFlags; ULONG ImageFileSize; ULONG CheckSum; } SECTION_IMAGE_INFORMATION, *PSECTION_IMAGE_INFORMATION; #ifndef NTOS_MODE_USER // // PTE Structures // typedef struct _MMPTE { union { ULONG Long; HARDWARE_PTE Flush; MMPTE_HARDWARE Hard; MMPTE_PROTOTYPE Proto; MMPTE_SOFTWARE Soft; MMPTE_TRANSITION Trans; MMPTE_SUBSECTION Subsect; MMPTE_LIST List; } u; } MMPTE, *PMMPTE; // // Section Extension Information // typedef struct _MMEXTEND_INFO { ULONGLONG CommittedSize; ULONG ReferenceCount; } MMEXTEND_INFO, *PMMEXTEND_INFO; // // Segment and Segment Flags // typedef struct _SEGMENT_FLAGS { ULONG TotalNumberOfPtes4132:10; ULONG ExtraSharedWowSubsections:1; ULONG LargePages:1; ULONG Spare:20; } SEGMENT_FLAGS, *PSEGMENT_FLAGS; typedef struct _SEGMENT { struct _CONTROL_AREA *ControlArea; ULONG TotalNumberOfPtes; ULONG NonExtendedPtes; ULONG Spare0; ULONGLONG SizeOfSegment; MMPTE SegmentPteTemplate; ULONG NumberOfCommittedPages; PMMEXTEND_INFO ExtendInfo; SEGMENT_FLAGS SegmentFlags; PVOID BaseAddress; union { SIZE_T ImageCommitment; PEPROCESS CreatingProcess; } u1; union { PSECTION_IMAGE_INFORMATION ImageInformation; PVOID FirstMappedVa; } u2; PMMPTE PrototypePte; MMPTE ThePtes[1]; } SEGMENT, *PSEGMENT; // // Event Counter Structure // typedef struct _EVENT_COUNTER { ULONG RefCount; KEVENT Event; LIST_ENTRY ListEntry; } EVENT_COUNTER, *PEVENT_COUNTER; // // Flags // typedef struct _MMSECTION_FLAGS { ULONG BeingDeleted:1; ULONG BeingCreated:1; ULONG BeingPurged:1; ULONG NoModifiedWriting:1; ULONG FailAllIo:1; ULONG Image:1; ULONG Based:1; ULONG File:1; ULONG Networked:1; ULONG NoCache:1; ULONG PhysicalMemory:1; ULONG CopyOnWrite:1; ULONG Reserve:1; ULONG Commit:1; ULONG FloppyMedia:1; ULONG WasPurged:1; ULONG UserReference:1; ULONG GlobalMemory:1; ULONG DeleteOnClose:1; ULONG FilePointerNull:1; ULONG DebugSymbolsLoaded:1; ULONG SetMappedFileIoComplete:1; ULONG CollidedFlush:1; ULONG NoChange:1; ULONG filler0:1; ULONG ImageMappedInSystemSpace:1; ULONG UserWritable:1; ULONG Accessed:1; ULONG GlobalOnlyPerSession:1; ULONG Rom:1; ULONG WriteCombined:1; ULONG filler:1; } MMSECTION_FLAGS, *PMMSECTION_FLAGS; typedef struct _MMSUBSECTION_FLAGS { ULONG ReadOnly:1; ULONG ReadWrite:1; ULONG SubsectionStatic:1; ULONG GlobalMemory:1; ULONG Protection:5; ULONG Spare:1; ULONG StartingSector4132:10; ULONG SectorEndOffset:12; } MMSUBSECTION_FLAGS, *PMMSUBSECTION_FLAGS; typedef struct _MMSUBSECTION_FLAGS2 { ULONG SubsectionAccessed:1; ULONG SubsectionConverted:1; ULONG Reserved:30; } MMSUBSECTION_FLAGS2; // // Control Area Structures // typedef struct _CONTROL_AREA { PSEGMENT Segment; LIST_ENTRY DereferenceList; ULONG NumberOfSectionReferences; ULONG NumberOfPfnReferences; ULONG NumberOfMappedViews; ULONG NumberOfSystemCacheViews; ULONG NumberOfUserReferences; union { ULONG LongFlags; MMSECTION_FLAGS Flags; } u; PFILE_OBJECT FilePointer; PEVENT_COUNTER WaitingForDeletion; USHORT ModifiedWriteCount; USHORT FlushInProgressCount; ULONG WritableUserReferences; ULONG QuadwordPad; } CONTROL_AREA, *PCONTROL_AREA; typedef struct _LARGE_CONTROL_AREA { PSEGMENT Segment; LIST_ENTRY DereferenceList; ULONG NumberOfSectionReferences; ULONG NumberOfPfnReferences; ULONG NumberOfMappedViews; ULONG NumberOfSystemCacheViews; ULONG NumberOfUserReferences; union { ULONG LongFlags; MMSECTION_FLAGS Flags; } u; PFILE_OBJECT FilePointer; PEVENT_COUNTER WaitingForDeletion; USHORT ModifiedWriteCount; USHORT FlushInProgressCount; ULONG WritableUserReferences; ULONG QuadwordPad; ULONG StartingFrame; LIST_ENTRY UserGlobalList; ULONG SessionId; } LARGE_CONTROL_AREA, *PLARGE_CONTROL_AREA; // // Subsection and Mapped Subsection // typedef struct _SUBSECTION { PCONTROL_AREA ControlArea; union { ULONG LongFlags; MMSUBSECTION_FLAGS SubsectionFlags; } u; ULONG StartingSector; ULONG NumberOfFullSectors; PMMPTE SubsectionBase; ULONG UnusedPtes; ULONG PtesInSubsection; struct _SUBSECTION *NextSubsection; } SUBSECTION, *PSUBSECTION; typedef struct _MSUBSECTION { PCONTROL_AREA ControlArea; union { ULONG LongFlags; MMSUBSECTION_FLAGS SubsectionFlags; } u; ULONG StartingSector; ULONG NumberOfFullSectors; PMMPTE SubsectionBase; ULONG UnusedPtes; ULONG PtesInSubsection; struct _SUBSECTION *NextSubsection; LIST_ENTRY DereferenceList; ULONG_PTR NumberOfMappedViews; union { ULONG LongFlags2; MMSUBSECTION_FLAGS2 SubsectionFlags2; } u2; } MSUBSECTION, *PMSUBSECTION; // // Segment Object // typedef struct _SEGMENT_OBJECT { PVOID BaseAddress; ULONG TotalNumberOfPtes; LARGE_INTEGER SizeOfSegment; ULONG NonExtendedPtes; ULONG ImageCommitment; PCONTROL_AREA ControlArea; PSUBSECTION Subsection; PLARGE_CONTROL_AREA LargeControlArea; PMMSECTION_FLAGS MmSectionFlags; PMMSUBSECTION_FLAGS MmSubSectionFlags; } SEGMENT_OBJECT, *PSEGMENT_OBJECT; // // Section Object // typedef struct _SECTION_OBJECT { PVOID StartingVa; PVOID EndingVa; PVOID LeftChild; PVOID RightChild; PSEGMENT_OBJECT Segment; } SECTION_OBJECT, *PSECTION_OBJECT; // // Generic Address Range Structure // typedef struct _ADDRESS_RANGE { ULONG BaseAddrLow; ULONG BaseAddrHigh; ULONG LengthLow; ULONG LengthHigh; ULONG Type; } ADDRESS_RANGE, *PADDRESS_RANGE; // // Node in Memory Manager's AVL Table // typedef struct _MMADDRESS_NODE { union { ULONG Balance:2; struct _MMADDRESS_NODE *Parent; } u1; struct _MMADDRESS_NODE *LeftChild; struct _MMADDRESS_NODE *RightChild; ULONG StartingVpn; ULONG EndingVpn; } MMADDRESS_NODE, *PMMADDRESS_NODE; // // Memory Manager AVL Table for VADs and other descriptors // typedef struct _MM_AVL_TABLE { MMADDRESS_NODE BalancedRoot; ULONG DepthOfTree:5; ULONG Unused:3; ULONG NumberGenericTableElements:24; PVOID NodeHint; PVOID NodeFreeHint; } MM_AVL_TABLE, *PMM_AVL_TABLE; // // Actual Section Object // typedef struct _SECTION { MMADDRESS_NODE Address; PSEGMENT Segment; LARGE_INTEGER SizeOfSection; union { ULONG LongFlags; MMSECTION_FLAGS Flags; } u; ULONG InitialPageProtection; } SECTION, *PSECTION; // // Memory Manager Working Set Structures // typedef struct _MMWSLENTRY { ULONG Valid:1; ULONG LockedInWs:1; ULONG LockedInMemory:1; ULONG Protection:5; ULONG Hashed:1; ULONG Direct:1; ULONG Age:2; ULONG VirtualPageNumber:14; } MMWSLENTRY, *PMMWSLENTRY; typedef struct _MMWSLE { union { PVOID VirtualAddress; ULONG Long; MMWSLENTRY e1; } u1; } MMWSLE, *PMMWSLE; typedef struct _MMWSLE_HASH { PVOID Key; ULONG Index; } MMWSLE_HASH, *PMMWSLE_HASH; typedef struct _MMWSL { ULONG FirstFree; ULONG FirstDynamic; ULONG LastEntry; ULONG NextSlot; PMMWSLE Wsle; ULONG LastInitializedWsle; ULONG NonDirectCount; PMMWSLE_HASH HashTable; ULONG HashTableSize; ULONG NumberOfCommittedPageTables; PVOID HashTableStart; PVOID HighestPermittedHashAddress; ULONG NumberOfImageWaiters; ULONG VadBitMapHint; USHORT UsedPageTableEntries[768]; ULONG CommittedPageTables[24]; } MMWSL, *PMMWSL; // // Flags for Memory Support Structure // typedef struct _MMSUPPORT_FLAGS { ULONG SessionSpace:1; ULONG BeingTrimmed:1; ULONG SessionLeader:1; ULONG TrimHard:1; ULONG MaximumWorkingSetHard:1; ULONG ForceTrim:1; ULONG MinimumworkingSetHard:1; ULONG Available0:1; ULONG MemoryPriority:8; ULONG GrowWsleHash:1; ULONG AcquiredUnsafe:1; ULONG Available:14; } MMSUPPORT_FLAGS, *PMMSUPPORT_FLAGS; // // Per-Process Memory Manager Data // typedef struct _MMSUPPORT { #if (NTDDI_VERSION >= NTDDI_WS03) LIST_ENTRY WorkingSetExpansionLinks; #endif #if (NTDDI_VERSION >= NTDDI_LONGHORN) USHORT LastTrimpStamp; USHORT NextPageColor; #else LARGE_INTEGER LastTrimTime; #endif MMSUPPORT_FLAGS Flags; ULONG PageFaultCount; ULONG PeakWorkingSetSize; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG Spare0; #else ULONG GrowthSinceLastEstimate; #endif ULONG MinimumWorkingSetSize; ULONG MaximumWorkingSetSize; PMMWSL VmWorkingSetList; #if (NTDDI_VERSION < NTDDI_WS03) LIST_ENTRY WorkingSetExpansionLinks; #endif ULONG Claim; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG Spare; ULONG WorkingSetPrivateSize; ULONG WorkingSetSizeOverhead; #else ULONG NextEstimationSlot; ULONG NextAgingSlot; ULONG EstimatedAvailable; #endif ULONG WorkingSetSize; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PKEVENT ExitEvent; #endif EX_PUSH_LOCK WorkingSetMutex; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID AccessLog; #endif } MMSUPPORT, *PMMSUPPORT; // // Memory Information Types // typedef struct _MEMORY_BASIC_INFORMATION { PVOID BaseAddress; PVOID AllocationBase; ULONG AllocationProtect; ULONG RegionSize; ULONG State; ULONG Protect; ULONG Type; } MEMORY_BASIC_INFORMATION,*PMEMORY_BASIC_INFORMATION; // // Driver Verifier Data // typedef struct _MM_DRIVER_VERIFIER_DATA { ULONG Level; ULONG RaiseIrqls; ULONG AcquireSpinLocks; ULONG SynchronizeExecutions; ULONG AllocationsAttempted; ULONG AllocationsSucceeded; ULONG AllocationsSucceededSpecialPool; ULONG AllocationsWithNoTag; ULONG TrimRequests; ULONG Trims; ULONG AllocationsFailed; ULONG AllocationsFailedDeliberately; ULONG Loads; ULONG Unloads; ULONG UnTrackedPool; ULONG UserTrims; ULONG CurrentPagedPoolAllocations; ULONG CurrentNonPagedPoolAllocations; ULONG PeakPagedPoolAllocations; ULONG PeakNonPagedPoolAllocations; ULONG PagedBytes; ULONG NonPagedBytes; ULONG PeakPagedBytes; ULONG PeakNonPagedBytes; ULONG BurstAllocationsFailedDeliberately; ULONG SessionTrims; ULONG Reserved[2]; } MM_DRIVER_VERIFIER_DATA, *PMM_DRIVER_VERIFIER_DATA; // // Internal Driver Verifier Table Data // typedef struct _DRIVER_SPECIFIED_VERIFIER_THUNKS { LIST_ENTRY ListEntry; struct _LDR_DATA_TABLE_ENTRY *DataTableEntry; ULONG NumberOfThunks; } DRIVER_SPECIFIED_VERIFIER_THUNKS, *PDRIVER_SPECIFIED_VERIFIER_THUNKS; // // Default heap size values. For user mode, these values are copied to a new // process's PEB by the kernel in MmCreatePeb. In kernel mode, RtlCreateHeap // reads these variables directly. // // These variables should be considered "const"; they are written only once, // during MmInitSystem. // extern SIZE_T MmHeapSegmentReserve; extern SIZE_T MmHeapSegmentCommit; extern SIZE_T MmHeapDeCommitTotalFreeThreshold; extern SIZE_T MmHeapDeCommitFreeBlockThreshold; // // Section Object Type // extern POBJECT_TYPE MmSectionObjectType; #endif // !NTOS_MODE_USER #endif // _MMTYPES_H ================================================ FILE: ndk/ntndk.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ntndk.h Abstract: Master include file for the Native Development Kit. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _NTNDK_ #define _NTNDK_ // // Disable some warnings that we'd get on /W4. // Only active for compilers which support this feature. // #ifdef _MSC_VER #pragma warning(push) #pragma warning(disable:4001) #pragma warning(disable:4201) #pragma warning(disable:4115) #pragma warning(disable:4214) #endif // // Headers needed for NDK // #include // C Standard Header #include // C Standard Header #include // C Standard Header #include // General Definitions // // Type Headers // #include // Cache Manager Types #include // Configuration Manager Types #include // User-Mode Kernel Debugging Types #include // Executive Types #include // Kernel Debugger Types #include // Kernel Types #include // Hardware Abstraction Layer Types #include // IFS Support Header #include // Input/Output Manager Types #include // Loader Types #include // Local Procedure Call Types #include // Memory Manager Types #include // Object Manager Types #include // Power Manager Types #include // Process Manager Types #include // Runtime Library Types #include // Security Subsystem Types // // Function Headers // #include // Configuration Manager Functions #include // User-Mode Kernel Debugging Functions #include // Kernel Debugger Functions #include // Kernel Functions #include // Executive Functions #include // Hardware Abstraction Layer Functions #include // Input/Output Manager Functions #include // Initialization Boot Video Functions #include // Loader Functions #include // Local Procedure Call Functions #include // Memory Manager Functions #include // Object Manager Functions #include // Power Manager Functions #include // Process Manager Functions #include // Runtime Library Functions #include // Security Subsystem Functions #include // User-Mode NT Library Functions // // Assembly Support // #include // Assembly Offsets #ifdef _MSC_VER #pragma warning(pop) #endif #endif // _NTNDK_ ================================================ FILE: ndk/ntnls.h ================================================ /*++ Copyright (c) Microsoft Corporation. All rights reserved. Module Name: ntnls.h Abstract: NLS file formats and data types Revision History: --*/ #ifndef _NTNLS_ #define _NTNLS_ #if _MSC_VER > 1000 #pragma once #endif #ifdef __cplusplus extern "C" { #endif #define MAXIMUM_LEADBYTES 12 typedef struct _CPTABLEINFO { USHORT CodePage; // code page number USHORT MaximumCharacterSize; // max length (bytes) of a char USHORT DefaultChar; // default character (MB) USHORT UniDefaultChar; // default character (Unicode) USHORT TransDefaultChar; // translation of default char (Unicode) USHORT TransUniDefaultChar; // translation of Unic default char (MB) USHORT DBCSCodePage; // Non 0 for DBCS code pages UCHAR LeadByte[MAXIMUM_LEADBYTES]; // lead byte ranges PUSHORT MultiByteTable; // pointer to MB translation table PVOID WideCharTable; // pointer to WC translation table PUSHORT DBCSRanges; // pointer to DBCS ranges PUSHORT DBCSOffsets; // pointer to DBCS offsets } CPTABLEINFO, *PCPTABLEINFO; typedef struct _NLSTABLEINFO { CPTABLEINFO OemTableInfo; CPTABLEINFO AnsiTableInfo; PUSHORT UpperCaseTable; // 844 format upcase table PUSHORT LowerCaseTable; // 844 format lower case table } NLSTABLEINFO, *PNLSTABLEINFO; #ifdef __cplusplus } #endif #endif // _NTNLS_ ================================================ FILE: ndk/obfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: obtypes.h Abstract: Type definitions for the Object Manager Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _OBFUNCS_H #define _OBFUNCS_H // // Dependencies // #include #include #include #ifndef NTOS_MODE_USER // // Object Functions // NTKERNELAPI NTSTATUS NTAPI ObAssignSecurity( IN PACCESS_STATE AccessState, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PVOID Object, IN POBJECT_TYPE Type ); NTKERNELAPI NTSTATUS NTAPI ObCloseHandle( IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode ); NTKERNELAPI NTSTATUS NTAPI ObCreateObject( IN KPROCESSOR_MODE ObjectAttributesAccessMode OPTIONAL, IN POBJECT_TYPE ObjectType, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, IN ULONG ObjectSize, IN ULONG PagedPoolCharge OPTIONAL, IN ULONG NonPagedPoolCharge OPTIONAL, OUT PVOID *Object ); NTKERNELAPI NTSTATUS NTAPI ObCreateObjectType( IN PUNICODE_STRING TypeName, IN POBJECT_TYPE_INITIALIZER ObjectTypeInitializer, IN PVOID Reserved, OUT POBJECT_TYPE *ObjectType ); NTKERNELAPI ULONG NTAPI ObGetObjectPointerCount( IN PVOID Object ); NTKERNELAPI NTSTATUS NTAPI ObOpenObjectByName( IN POBJECT_ATTRIBUTES ObjectAttributes, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN PACCESS_STATE PassedAccessState, IN ACCESS_MASK DesiredAccess, IN OUT PVOID ParseContext, OUT PHANDLE Handle ); NTKERNELAPI NTSTATUS NTAPI ObReferenceObjectByName( IN PUNICODE_STRING ObjectName, IN ULONG Attributes, IN PACCESS_STATE PassedAccessState OPTIONAL, IN ACCESS_MASK DesiredAccess OPTIONAL, IN POBJECT_TYPE ObjectType, IN KPROCESSOR_MODE AccessMode, IN OUT PVOID ParseContext OPTIONAL, OUT PVOID *Object ); NTKERNELAPI BOOLEAN NTAPI ObFindHandleForObject( IN PEPROCESS Process, IN PVOID Object, IN POBJECT_TYPE ObjectType, IN POBJECT_HANDLE_INFORMATION HandleInformation, OUT PHANDLE Handle ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtClose( IN HANDLE Handle ); NTSYSCALLAPI NTSTATUS NTAPI NtCloseObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING Name ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateObject( IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle, OUT PHANDLE TargetHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options ); NTSYSCALLAPI NTSTATUS NTAPI NtMakePermanentObject( IN HANDLE Object ); NTSYSCALLAPI NTSTATUS NTAPI NtMakeTemporaryObject( IN HANDLE Handle ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenDirectoryObject( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenJobObject( PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDirectoryObject( IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG Length, OUT PULONG ResultLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySymbolicLinkObject( IN HANDLE SymLinkObjHandle, OUT PUNICODE_STRING LinkTarget, OUT PULONG DataWritten OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, IN PVOID ObjectInformation, IN ULONG Length ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor ); NTSYSCALLAPI NTSTATUS NTAPI NtSignalAndWaitForSingleObject( IN HANDLE SignalObject, IN HANDLE WaitObject, IN BOOLEAN Alertable, IN PLARGE_INTEGER Time ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForMultipleObjects( IN ULONG Count, IN HANDLE Object[], IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Time ); NTSTATUS NTAPI NtWaitForMultipleObjects32( IN ULONG ObjectCount, IN PLONG Handles, IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER TimeOut OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForSingleObject( IN HANDLE Object, IN BOOLEAN Alertable, IN PLARGE_INTEGER Time ); NTSYSAPI NTSTATUS NTAPI ZwClose( IN HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI ZwCloseObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI ZwCreateDirectoryObject( OUT PHANDLE DirectoryHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwCreateSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PUNICODE_STRING Name ); NTSYSAPI NTSTATUS NTAPI ZwDeleteObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN BOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI ZwDuplicateObject( IN HANDLE SourceProcessHandle, IN HANDLE SourceHandle, IN HANDLE TargetProcessHandle, OUT PHANDLE TargetHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, IN ULONG Options ); NTSYSAPI NTSTATUS NTAPI ZwMakePermanentObject( IN HANDLE Object ); NTSYSAPI NTSTATUS NTAPI ZwMakeTemporaryObject( IN HANDLE Handle ); NTSYSAPI NTSTATUS NTAPI ZwOpenDirectoryObject( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenJobObject( PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwOpenSymbolicLinkObject( OUT PHANDLE SymbolicLinkHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwQueryDirectoryObject( IN HANDLE DirectoryHandle, OUT PVOID Buffer, IN ULONG BufferLength, IN BOOLEAN ReturnSingleEntry, IN BOOLEAN RestartScan, IN OUT PULONG Context, OUT PULONG ReturnLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwQueryObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, OUT PVOID ObjectInformation, IN ULONG Length, OUT PULONG ResultLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwQuerySecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Length, OUT PULONG ResultLength ); NTSYSAPI NTSTATUS NTAPI ZwQuerySymbolicLinkObject( IN HANDLE SymLinkObjHandle, OUT PUNICODE_STRING LinkTarget, OUT PULONG DataWritten OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationObject( IN HANDLE ObjectHandle, IN OBJECT_INFORMATION_CLASS ObjectInformationClass, IN PVOID ObjectInformation, IN ULONG Length ); NTSYSAPI NTSTATUS NTAPI ZwSetSecurityObject( IN HANDLE Handle, IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor ); NTSYSAPI NTSTATUS NTAPI ZwSignalAndWaitForSingleObject( IN HANDLE SignalObject, IN HANDLE WaitObject, IN BOOLEAN Alertable, IN PLARGE_INTEGER Time ); NTSYSAPI NTSTATUS NTAPI ZwWaitForMultipleObjects( IN ULONG Count, IN HANDLE Object[], IN WAIT_TYPE WaitType, IN BOOLEAN Alertable, IN PLARGE_INTEGER Time ); NTSYSAPI NTSTATUS NTAPI ZwWaitForSingleObject( IN HANDLE Object, IN BOOLEAN Alertable, IN PLARGE_INTEGER Time ); #endif ================================================ FILE: ndk/obtypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: obtypes.h Abstract: Type definitions for the Object Manager Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _OBTYPES_H #define _OBTYPES_H // // Dependencies // #include #ifndef NTOS_MODE_USER #include #endif #ifdef NTOS_MODE_USER // // Definitions for Object Creation // #define OBJ_INHERIT 0x00000002L #define OBJ_PERMANENT 0x00000010L #define OBJ_EXCLUSIVE 0x00000020L #define OBJ_CASE_INSENSITIVE 0x00000040L #define OBJ_OPENIF 0x00000080L #define OBJ_OPENLINK 0x00000100L #define OBJ_KERNEL_HANDLE 0x00000200L #define OBJ_FORCE_ACCESS_CHECK 0x00000400L #define OBJ_VALID_ATTRIBUTES 0x000007F2L #define InitializeObjectAttributes(p,n,a,r,s) { \ (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ (p)->RootDirectory = (r); \ (p)->Attributes = (a); \ (p)->ObjectName = (n); \ (p)->SecurityDescriptor = (s); \ (p)->SecurityQualityOfService = NULL; \ } // // Number of custom-defined bits that can be attached to a handle // #define OBJ_HANDLE_TAGBITS 0x3 // // Directory Object Access Rights // #define DIRECTORY_QUERY 0x0001 #define DIRECTORY_TRAVERSE 0x0002 #define DIRECTORY_CREATE_OBJECT 0x0004 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF) // // Slash separator used in the OB Namespace (and Registry) // #define OBJ_NAME_PATH_SEPARATOR L'\\' // // Object Information Classes for NtQueryInformationObject // typedef enum _OBJECT_INFORMATION_CLASS { ObjectBasicInformation, ObjectNameInformation, ObjectTypeInformation, ObjectTypesInformation, ObjectHandleFlagInformation, ObjectSessionInformation, MaxObjectInfoClass } OBJECT_INFORMATION_CLASS; #else #if (NTDDI_VERSION < NTDDI_VISTASP1) typedef enum _OBJECT_INFORMATION_CLASS { ObjectBasicInformation, ObjectNameInformation, ObjectTypeInformation, ObjectTypesInformation, ObjectHandleFlagInformation, ObjectSessionInformation, MaxObjectInfoClass } OBJECT_INFORMATION_CLASS; #endif // // Object Flags // #define OB_FLAG_CREATE_INFO 0x01 #define OB_FLAG_KERNEL_MODE 0x02 #define OB_FLAG_CREATOR_INFO 0x04 #define OB_FLAG_EXCLUSIVE 0x08 #define OB_FLAG_PERMANENT 0x10 #define OB_FLAG_SECURITY 0x20 #define OB_FLAG_SINGLE_PROCESS 0x40 #define OB_FLAG_DEFER_DELETE 0x80 #define OBJECT_TO_OBJECT_HEADER(o) \ CONTAINING_RECORD((o), OBJECT_HEADER, Body) #define OBJECT_HEADER_TO_NAME_INFO(h) \ ((POBJECT_HEADER_NAME_INFO)(!(h)->NameInfoOffset ? \ NULL: ((PCHAR)(h) - (h)->NameInfoOffset))) #define OBJECT_HEADER_TO_HANDLE_INFO(h) \ ((POBJECT_HEADER_HANDLE_INFO)(!(h)->HandleInfoOffset ? \ NULL: ((PCHAR)(h) - (h)->HandleInfoOffset))) #define OBJECT_HEADER_TO_QUOTA_INFO(h) \ ((POBJECT_HEADER_QUOTA_INFO)(!(h)->QuotaInfoOffset ? \ NULL: ((PCHAR)(h) - (h)->QuotaInfoOffset))) #define OBJECT_HEADER_TO_CREATOR_INFO(h) \ ((POBJECT_HEADER_CREATOR_INFO)(!((h)->Flags & \ OB_FLAG_CREATOR_INFO) ? NULL: ((PCHAR)(h) - \ sizeof(OBJECT_HEADER_CREATOR_INFO)))) #define OBJECT_HEADER_TO_EXCLUSIVE_PROCESS(h) \ ((!((h)->Flags & OB_FLAG_EXCLUSIVE)) ? \ NULL: (((POBJECT_HEADER_QUOTA_INFO)((PCHAR)(h) - \ (h)->QuotaInfoOffset))->ExclusiveProcess)) // // Reasons for Open Callback // typedef enum _OB_OPEN_REASON { ObCreateHandle, ObOpenHandle, ObDuplicateHandle, ObInheritHandle, ObMaxOpenReason } OB_OPEN_REASON; #endif // // Object Duplication Flags // #define DUPLICATE_SAME_ATTRIBUTES 0x00000004 // // Number of hash entries in an Object Directory // #define NUMBER_HASH_BUCKETS 37 // // Types for DosDeviceDriveType // #define DOSDEVICE_DRIVE_UNKNOWN 0 #define DOSDEVICE_DRIVE_CALCULATE 1 #define DOSDEVICE_DRIVE_REMOVABLE 2 #define DOSDEVICE_DRIVE_FIXED 3 #define DOSDEVICE_DRIVE_REMOTE 4 #define DOSDEVICE_DRIVE_CDROM 5 #define DOSDEVICE_DRIVE_RAMDISK 6 // // Dump Control Structure for Object Debugging // typedef struct _OB_DUMP_CONTROL { PVOID Stream; ULONG Detail; } OB_DUMP_CONTROL, *POB_DUMP_CONTROL; #ifndef NTOS_MODE_USER // // Object Type Callbacks // typedef VOID (NTAPI *OB_DUMP_METHOD)( IN PVOID Object, IN POB_DUMP_CONTROL Control OPTIONAL ); typedef NTSTATUS (NTAPI *OB_OPEN_METHOD)( IN OB_OPEN_REASON Reason, IN PEPROCESS Process OPTIONAL, IN PVOID ObjectBody, IN ACCESS_MASK GrantedAccess, IN ULONG HandleCount ); typedef VOID (NTAPI *OB_CLOSE_METHOD)( IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN ACCESS_MASK GrantedAccess, IN ULONG ProcessHandleCount, IN ULONG SystemHandleCount ); typedef VOID (NTAPI *OB_DELETE_METHOD)( IN PVOID Object ); typedef NTSTATUS (NTAPI *OB_PARSE_METHOD)( IN PVOID ParseObject, IN PVOID ObjectType, IN OUT PACCESS_STATE AccessState, IN KPROCESSOR_MODE AccessMode, IN ULONG Attributes, IN OUT PUNICODE_STRING CompleteName, IN OUT PUNICODE_STRING RemainingName, IN OUT PVOID Context OPTIONAL, IN PSECURITY_QUALITY_OF_SERVICE SecurityQos OPTIONAL, OUT PVOID *Object ); typedef NTSTATUS (NTAPI *OB_SECURITY_METHOD)( IN PVOID Object, IN SECURITY_OPERATION_CODE OperationType, IN PSECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN OUT PULONG CapturedLength, IN OUT PSECURITY_DESCRIPTOR *ObjectSecurityDescriptor, IN POOL_TYPE PoolType, IN PGENERIC_MAPPING GenericMapping ); typedef NTSTATUS (NTAPI *OB_QUERYNAME_METHOD)( IN PVOID Object, IN BOOLEAN HasObjectName, OUT POBJECT_NAME_INFORMATION ObjectNameInfo, IN ULONG Length, OUT PULONG ReturnLength, IN KPROCESSOR_MODE AccessMode ); typedef NTSTATUS (NTAPI *OB_OKAYTOCLOSE_METHOD)( IN PEPROCESS Process OPTIONAL, IN PVOID Object, IN HANDLE Handle, IN KPROCESSOR_MODE AccessMode ); #else // // Object Information Types for NtQueryInformationObject // typedef struct _OBJECT_NAME_INFORMATION { UNICODE_STRING Name; } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; #endif typedef struct _OBJECT_HANDLE_ATTRIBUTE_INFORMATION { BOOLEAN Inherit; BOOLEAN ProtectFromClose; } OBJECT_HANDLE_ATTRIBUTE_INFORMATION, *POBJECT_HANDLE_ATTRIBUTE_INFORMATION; typedef struct _OBJECT_DIRECTORY_INFORMATION { UNICODE_STRING Name; UNICODE_STRING TypeName; } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION; // // Object Type Information // typedef struct _OBJECT_TYPE_INFORMATION { UNICODE_STRING TypeName; ULONG TotalNumberOfObjects; ULONG TotalNumberOfHandles; ULONG TotalPagedPoolUsage; ULONG TotalNonPagedPoolUsage; ULONG TotalNamePoolUsage; ULONG TotalHandleTableUsage; ULONG HighWaterNumberOfObjects; ULONG HighWaterNumberOfHandles; ULONG HighWaterPagedPoolUsage; ULONG HighWaterNonPagedPoolUsage; ULONG HighWaterNamePoolUsage; ULONG HighWaterHandleTableUsage; ULONG InvalidAttributes; GENERIC_MAPPING GenericMapping; ULONG ValidAccessMask; BOOLEAN SecurityRequired; BOOLEAN MaintainHandleCount; ULONG PoolType; ULONG DefaultPagedPoolCharge; ULONG DefaultNonPagedPoolCharge; } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; #ifdef NTOS_MODE_USER typedef struct _OBJECT_BASIC_INFORMATION { ULONG Attributes; ACCESS_MASK GrantedAccess; ULONG HandleCount; ULONG PointerCount; ULONG PagedPoolUsage; ULONG NonPagedPoolUsage; ULONG Reserved[3]; ULONG NameInformationLength; ULONG TypeInformationLength; ULONG SecurityDescriptorLength; LARGE_INTEGER CreateTime; } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; #else typedef struct _OBJECT_CREATE_INFORMATION { ULONG Attributes; HANDLE RootDirectory; PVOID ParseContext; KPROCESSOR_MODE ProbeMode; ULONG PagedPoolCharge; ULONG NonPagedPoolCharge; ULONG SecurityDescriptorCharge; PSECURITY_DESCRIPTOR SecurityDescriptor; PSECURITY_QUALITY_OF_SERVICE SecurityQos; SECURITY_QUALITY_OF_SERVICE SecurityQualityOfService; } OBJECT_CREATE_INFORMATION, *POBJECT_CREATE_INFORMATION; // // Object Type Initialize for ObCreateObjectType // typedef struct _OBJECT_TYPE_INITIALIZER { USHORT Length; BOOLEAN UseDefaultObject; BOOLEAN CaseInsensitive; ULONG InvalidAttributes; GENERIC_MAPPING GenericMapping; ULONG ValidAccessMask; BOOLEAN SecurityRequired; BOOLEAN MaintainHandleCount; BOOLEAN MaintainTypeList; POOL_TYPE PoolType; ULONG DefaultPagedPoolCharge; ULONG DefaultNonPagedPoolCharge; OB_DUMP_METHOD DumpProcedure; OB_OPEN_METHOD OpenProcedure; OB_CLOSE_METHOD CloseProcedure; OB_DELETE_METHOD DeleteProcedure; OB_PARSE_METHOD ParseProcedure; OB_SECURITY_METHOD SecurityProcedure; OB_QUERYNAME_METHOD QueryNameProcedure; OB_OKAYTOCLOSE_METHOD OkayToCloseProcedure; } OBJECT_TYPE_INITIALIZER, *POBJECT_TYPE_INITIALIZER; // // Object Type Object // typedef struct _OBJECT_TYPE { ERESOURCE Mutex; LIST_ENTRY TypeList; UNICODE_STRING Name; PVOID DefaultObject; ULONG Index; ULONG TotalNumberOfObjects; ULONG TotalNumberOfHandles; ULONG HighWaterNumberOfObjects; ULONG HighWaterNumberOfHandles; OBJECT_TYPE_INITIALIZER TypeInfo; ULONG Key; ERESOURCE ObjectLocks[4]; } OBJECT_TYPE; // // Object Directory Structures // typedef struct _OBJECT_DIRECTORY_ENTRY { struct _OBJECT_DIRECTORY_ENTRY *ChainLink; PVOID Object; #if (NTDDI_VERSION >= NTDDI_WS03) ULONG HashValue; #endif } OBJECT_DIRECTORY_ENTRY, *POBJECT_DIRECTORY_ENTRY; typedef struct _OBJECT_DIRECTORY { struct _OBJECT_DIRECTORY_ENTRY *HashBuckets[NUMBER_HASH_BUCKETS]; #if (NTDDI_VERSION < NTDDI_WINXP) ERESOURCE Lock; #else EX_PUSH_LOCK Lock; #endif #if (NTDDI_VERSION < NTDDI_WINXP) BOOLEAN CurrentEntryValid; #else struct _DEVICE_MAP *DeviceMap; #endif ULONG SessionId; #if (NTDDI_VERSION == NTDDI_WINXP) USHORT Reserved; USHORT SymbolicLinkUsageCount; #endif } OBJECT_DIRECTORY, *POBJECT_DIRECTORY; // // Object Header Addon Information // typedef struct _OBJECT_HEADER_NAME_INFO { POBJECT_DIRECTORY Directory; UNICODE_STRING Name; ULONG QueryReferences; ULONG Reserved2; ULONG DbgReferenceCount; } OBJECT_HEADER_NAME_INFO, *POBJECT_HEADER_NAME_INFO; typedef struct _OBJECT_HANDLE_COUNT_ENTRY { struct _EPROCESS *Process; ULONG HandleCount; } OBJECT_HANDLE_COUNT_ENTRY, *POBJECT_HANDLE_COUNT_ENTRY; typedef struct _OBJECT_HANDLE_COUNT_DATABASE { ULONG CountEntries; OBJECT_HANDLE_COUNT_ENTRY HandleCountEntries[1]; } OBJECT_HANDLE_COUNT_DATABASE, *POBJECT_HANDLE_COUNT_DATABASE; typedef struct _OBJECT_HEADER_HANDLE_INFO { union { POBJECT_HANDLE_COUNT_DATABASE HandleCountDatabase; OBJECT_HANDLE_COUNT_ENTRY SingleEntry; }; } OBJECT_HEADER_HANDLE_INFO, *POBJECT_HEADER_HANDLE_INFO; typedef struct _OBJECT_HEADER_CREATOR_INFO { LIST_ENTRY TypeList; PVOID CreatorUniqueProcess; USHORT CreatorBackTraceIndex; USHORT Reserved; } OBJECT_HEADER_CREATOR_INFO, *POBJECT_HEADER_CREATOR_INFO; typedef struct _OBJECT_HEADER_QUOTA_INFO { ULONG PagedPoolCharge; ULONG NonPagedPoolCharge; ULONG SecurityDescriptorCharge; PEPROCESS ExclusiveProcess; } OBJECT_HEADER_QUOTA_INFO, *POBJECT_HEADER_QUOTA_INFO; // // Object Header // typedef struct _OBJECT_HEADER { LONG PointerCount; union { LONG HandleCount; volatile PVOID NextToFree; }; POBJECT_TYPE Type; UCHAR NameInfoOffset; UCHAR HandleInfoOffset; UCHAR QuotaInfoOffset; UCHAR Flags; union { POBJECT_CREATE_INFORMATION ObjectCreateInfo; PVOID QuotaBlockCharged; }; PSECURITY_DESCRIPTOR SecurityDescriptor; QUAD Body; } OBJECT_HEADER, *POBJECT_HEADER; // // Object Lookup Context // typedef struct _OBP_LOOKUP_CONTEXT { POBJECT_DIRECTORY Directory; PVOID Object; ULONG HashValue; USHORT HashIndex; BOOLEAN DirectoryLocked; ULONG LockStateSignature; } OBP_LOOKUP_CONTEXT, *POBP_LOOKUP_CONTEXT; // // Device Map // typedef struct _DEVICE_MAP { POBJECT_DIRECTORY DosDevicesDirectory; POBJECT_DIRECTORY GlobalDosDevicesDirectory; ULONG ReferenceCount; ULONG DriveMap; UCHAR DriveType[32]; } DEVICE_MAP, *PDEVICE_MAP; // // Symbolic Link Object // typedef struct _OBJECT_SYMBOLIC_LINK { LARGE_INTEGER CreationTime; UNICODE_STRING LinkTarget; UNICODE_STRING LinkTargetRemaining; PVOID LinkTargetObject; ULONG DosDeviceDriveIndex; } OBJECT_SYMBOLIC_LINK, *POBJECT_SYMBOLIC_LINK; // // Kernel Exports // extern POBJECT_TYPE NTSYSAPI ObDirectoryType; extern PDEVICE_MAP NTSYSAPI ObSystemDeviceMap; #endif // !NTOS_MODE_USER #endif // _OBTYPES_H ================================================ FILE: ndk/pofuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: pofuncs.h Abstract: Function definitions for the Power Subsystem. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _POFUNCS_H #define _POFUNCS_H // // Dependencies // #include // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtInitiatePowerAction( POWER_ACTION SystemAction, SYSTEM_POWER_STATE MinSystemState, ULONG Flags, BOOLEAN Asynchronous ); NTSYSCALLAPI NTSTATUS NTAPI NtPowerInformation( POWER_INFORMATION_LEVEL PowerInformationLevel, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemPowerState( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags ); NTSYSAPI NTSTATUS NTAPI ZwInitiatePowerAction( POWER_ACTION SystemAction, SYSTEM_POWER_STATE MinSystemState, ULONG Flags, BOOLEAN Asynchronous ); NTSYSAPI NTSTATUS NTAPI ZwPowerInformation( POWER_INFORMATION_LEVEL PowerInformationLevel, PVOID InputBuffer, ULONG InputBufferLength, PVOID OutputBuffer, ULONG OutputBufferLength ); NTSYSAPI NTSTATUS NTAPI ZwSetSystemPowerState( IN POWER_ACTION SystemAction, IN SYSTEM_POWER_STATE MinSystemState, IN ULONG Flags ); #endif ================================================ FILE: ndk/potypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: potypes.h Abstract: Type definitions for the Power Subystem Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _POTYPES_H #define _POTYPES_H // // Dependencies // #include #ifndef NTOS_MODE_USER #include #endif // // Docking states // typedef enum _SYSTEM_DOCK_STATE { SystemDockStateUnknown, SystemUndocked, SystemDocked } SYSTEM_DOCK_STATE, *PSYSTEM_DOCK_STATE; #ifndef NTOS_MODE_USER // // Processor Power State Data // typedef struct _PROCESSOR_POWER_STATE { PVOID IdleFunction; ULONG Idle0KernelTimeLimit; ULONG Idle0LastTime; PVOID IdleHandlers; PVOID IdleState; ULONG IdleHandlersCount; ULONGLONG LastCheck; PROCESSOR_IDLE_TIMES IdleTimes; ULONG IdleTime1; ULONG PromotionCheck; ULONG IdleTime2; UCHAR CurrentThrottle; UCHAR ThermalThrottleLimit; UCHAR CurrentThrottleIndex; UCHAR ThermalThrottleIndex; ULONG LastKernelUserTime; ULONG PerfIdleTime; ULONG DebugDelta; ULONG DebugCount; ULONG LastSysTime; ULONG TotalIdleStateTime[3]; ULONG TotalIdleTransitions[3]; ULONGLONG PreviousC3StateTime; UCHAR KneeThrottleIndex; UCHAR ThrottleLimitIndex; UCHAR PerfStatesCount; UCHAR ProcessorMinThrottle; UCHAR ProcessorMaxThrottle; UCHAR LastBusyPercentage; UCHAR LastC3Percentage; UCHAR LastAdjustedBusyPercentage; ULONG PromotionCount; ULONG DemotionCount; ULONG ErrorCount; ULONG RetryCount; ULONG Flags; LARGE_INTEGER PerfCounterFrequency; ULONG PerfTickCount; KTIMER PerfTimer; KDPC PerfDpc; PROCESSOR_PERF_STATE *PerfStates; PVOID PerfSetThrottle; ULONG LastC3KernelUserTime; ULONG Spare1[1]; } PROCESSOR_POWER_STATE, *PPROCESSOR_POWER_STATE; // // Device Notification Structure // typedef struct _PO_DEVICE_NOTIFY { LIST_ENTRY Link; PDEVICE_OBJECT TargetDevice; UCHAR WakeNeeded; UCHAR OrderLevel; PDEVICE_OBJECT DeviceObject; PVOID Node; PUSHORT DeviceName; PUSHORT DriverName; ULONG ChildCount; ULONG ActiveChild; } PO_DEVICE_NOTIFY, *PPO_DEVICE_NOTIFY; #endif // !NTOS_MODE_USER #endif // _POTYPES_H ================================================ FILE: ndk/powerpc/ketypes.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: ketypes.h (PPC) Abstract: PowerPC Type definitions for the Kernel services. Author: Alex Ionescu (alex.ionescu@reactos.com) 06-Oct-2004 --*/ #ifndef _POWERPC_KETYPES_H #define _POWERPC_KETYPES_H // // Dependencies // // // IPI Types // #define IPI_APC 1 #define IPI_DPC 2 #define IPI_FREEZE 3 #define IPI_PACKET_READY 4 #define IPI_SYNCH_REQUEST 10 #define MAXIMUM_VECTOR 0x100 #define KSEG0_BASE 0x80000000 #define PRCB_MAJOR_VERSION 1 #define PRCB_BUILD_DEBUG 1 #ifndef ROUND_UP #define ROUND_UP(x,y) (((x) + ((y)-1)) & ~((y)-1)) #endif typedef double DOUBLE; typedef struct _FX_SAVE_AREA { ULONG Fr[32]; } FX_SAVE_AREA, *PFX_SAVE_AREA; typedef struct _FXSAVE_FORMAT { ULONG Xer,Fpscr; } FXSAVE_FORMAT, *PFXSAVE_FORMAT; typedef struct _LDT_ENTRY { USHORT LimitLow; USHORT BaseLow; union { struct { UCHAR BaseMid; UCHAR Flags1; UCHAR Flags2; UCHAR BaseHi; } Bytes; struct { ULONG BaseMid : 8; ULONG Type : 5; ULONG Dpl : 2; ULONG Pres : 1; ULONG LimitHi : 4; ULONG Sys : 1; ULONG Reserved_0 : 1; ULONG Default_Big : 1; ULONG Granularity : 1; ULONG BaseHi : 8; } Bits; } HighWord; } LDT_ENTRY; #ifndef CONFIG_SMP #define SYNCH_LEVEL DISPATCH_LEVEL #else #define SYNCH_LEVEL (IPI_LEVEL - 1) #endif // // Trap Frame Definition // typedef struct _KTRAP_FRAME { PVOID TrapFrame; UCHAR OldIrql; UCHAR PreviousMode; UCHAR SavedApcStateIndex; UCHAR SavedKernelApcDisable; UCHAR ExceptionRecord[ROUND_UP(sizeof(EXCEPTION_RECORD), sizeof(ULONGLONG))]; ULONG FILL2; ULONG Gpr0; ULONG Gpr1; ULONG Gpr2; ULONG Gpr3; ULONG Gpr4; ULONG Gpr5; ULONG Gpr6; ULONG Gpr7; ULONG Gpr8; ULONG Gpr9; ULONG Gpr10; ULONG Gpr11; ULONG Gpr12; DOUBLE Fpr0; DOUBLE Fpr1; DOUBLE Fpr2; DOUBLE Fpr3; DOUBLE Fpr4; DOUBLE Fpr5; DOUBLE Fpr6; DOUBLE Fpr7; DOUBLE Fpr8; DOUBLE Fpr9; DOUBLE Fpr10; DOUBLE Fpr11; DOUBLE Fpr12; DOUBLE Fpr13; DOUBLE Fpscr; ULONG Cr; ULONG Xer; ULONG Msr; ULONG Iar; ULONG Lr; ULONG Ctr; ULONG Dr0; ULONG Dr1; ULONG Dr2; ULONG Dr3; ULONG Dr4; ULONG Dr5; ULONG Dr6; ULONG Dr7; } KTRAP_FRAME, *PKTRAP_FRAME; // // GDT Entry Definition // typedef struct _KGDTENTRY { USHORT LimitLow; USHORT BaseLow; union { struct { UCHAR BaseMid; UCHAR Flags1; UCHAR Flags2; UCHAR BaseHi; } Bytes; struct { ULONG BaseMid:8; ULONG Type:5; ULONG Dpl:2; ULONG Pres:1; ULONG LimitHi:4; ULONG Sys:1; ULONG Reserved_0:1; ULONG Default_Big:1; ULONG Granularity:1; ULONG BaseHi:8; } Bits; } HighWord; } KGDTENTRY, *PKGDTENTRY; // // IDT Entry Definition // typedef struct _KIDTENTRY { USHORT Offset; USHORT Selector; USHORT Access; USHORT ExtendedOffset; } KIDTENTRY, *PKIDTENTRY; typedef struct _DESCRIPTOR { USHORT Pad; USHORT Limit; ULONG Base; } KDESCRIPTOR, *PKDESCRIPTOR; // // Special Registers Structure (outside of CONTEXT) // typedef struct _KSPECIAL_REGISTERS { ULONG KernelDr0; ULONG KernelDr1; ULONG KernelDr2; ULONG KernelDr3; ULONG KernelDr4; ULONG KernelDr5; ULONG KernelDr6; ULONG KernelDr7; ULONG Sprg0; ULONG Sprg1; ULONG Sr0; ULONG Sr1; ULONG Sr2; ULONG Sr3; ULONG Sr4; ULONG Sr5; ULONG Sr6; ULONG Sr7; ULONG Sr8; ULONG Sr9; ULONG Sr10; ULONG Sr11; ULONG Sr12; ULONG Sr13; ULONG Sr14; ULONG Sr15; ULONG DBAT0L; ULONG DBAT0U; ULONG DBAT1L; ULONG DBAT1U; ULONG DBAT2L; ULONG DBAT2U; ULONG DBAT3L; ULONG DBAT3U; ULONG IBAT0L; ULONG IBAT0U; ULONG IBAT1L; ULONG IBAT1U; ULONG IBAT2L; ULONG IBAT2U; ULONG IBAT3L; ULONG IBAT3U; ULONG Sdr1; ULONG Reserved[9]; } KSPECIAL_REGISTERS, *PKSPECIAL_REGISTERS; // // Processor State Data // #pragma pack(push,4) typedef struct _KPROCESSOR_STATE { CONTEXT ContextFrame; KSPECIAL_REGISTERS SpecialRegisters; } KPROCESSOR_STATE, *PKPROCESSOR_STATE; // // Processor Region Control Block // typedef struct _KPRCB { USHORT MinorVersion; USHORT MajorVersion; struct _KTHREAD *CurrentThread; struct _KTHREAD *NextThread; struct _KTHREAD *IdleThread; UCHAR Number; UCHAR Reserved; USHORT BuildType; KAFFINITY SetMember; UCHAR CpuType; UCHAR CpuID; USHORT CpuStep; KPROCESSOR_STATE ProcessorState; ULONG KernelReserved[16]; ULONG HalReserved[16]; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CFlushSize; UCHAR PrcbPad0[88]; #else UCHAR PrcbPad0[92]; #endif KSPIN_LOCK_QUEUE LockQueue[LockQueueMaximumLock]; struct _KTHREAD *NpxThread; ULONG InterruptCount; ULONG KernelTime; ULONG UserTime; ULONG DpcTime; ULONG DebugDpcTime; ULONG InterruptTime; ULONG AdjustDpcThreshold; ULONG PageColor; UCHAR SkipTick; UCHAR DebuggerSavedIRQL; #if (NTDDI_VERSION >= NTDDI_WS03) UCHAR NodeColor; #if (NTDDI_VERSION >= NTDDI_LONGHORN) UCHAR PollSlot; #else UCHAR Spare1; #endif ULONG NodeShiftedColor; #else UCHAR Spare1[6]; #endif struct _KNODE *ParentNode; ULONG MultiThreadProcessorSet; struct _KPRCB *MultiThreadSetMaster; #if (NTDDI_VERSION >= NTDDI_WS03) ULONG SecondaryColorMask; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG DpcTimeLimit; #else LONG Sleeping; #endif #else ULONG ThreadStartCount[2]; #endif ULONG CcFastReadNoWait; ULONG CcFastReadWait; ULONG CcFastReadNotPossible; ULONG CcCopyReadNoWait; ULONG CcCopyReadWait; ULONG CcCopyReadNoWaitMiss; #if (NTDDI_VERSION < NTDDI_LONGHORN) ULONG KeAlignmentFixupCount; #endif ULONG SpareCounter0; #if (NTDDI_VERSION < NTDDI_LONGHORN) ULONG KeDcacheFlushCount; ULONG KeExceptionDispatchCount; ULONG KeFirstLevelTbFills; ULONG KeFloatingEmulationCount; ULONG KeIcacheFlushCount; ULONG KeSecondLevelTbFills; ULONG KeSystemCalls; #endif volatile ULONG IoReadOperationCount; volatile ULONG IoWriteOperationCount; volatile ULONG IoOtherOperationCount; LARGE_INTEGER IoReadTransferCount; LARGE_INTEGER IoWriteTransferCount; LARGE_INTEGER IoOtherTransferCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CcFastMdlReadNoWait; ULONG CcFastMdlReadWait; ULONG CcFastMdlReadNotPossible; ULONG CcMapDataNoWait; ULONG CcMapDataWait; ULONG CcPinMappedDataCount; ULONG CcPinReadNoWait; ULONG CcPinReadWait; ULONG CcMdlReadNoWait; ULONG CcMdlReadWait; ULONG CcLazyWriteHotSpots; ULONG CcLazyWriteIos; ULONG CcLazyWritePages; ULONG CcDataFlushes; ULONG CcDataPages; ULONG CcLostDelayedWrites; ULONG CcFastReadResourceMiss; ULONG CcCopyReadWaitMiss; ULONG CcFastMdlReadResourceMiss; ULONG CcMapDataNoWaitMiss; ULONG CcMapDataWaitMiss; ULONG CcPinReadNoWaitMiss; ULONG CcPinReadWaitMiss; ULONG CcMdlReadNoWaitMiss; ULONG CcMdlReadWaitMiss; ULONG CcReadAheadIos; ULONG KeAlignmentFixupCount; ULONG KeExceptionDispatchCount; ULONG KeSystemCalls; ULONG PrcbPad1[3]; #else ULONG SpareCounter1[8]; #endif PP_LOOKASIDE_LIST PPLookasideList[16]; PP_LOOKASIDE_LIST PPNPagedLookasideList[32]; PP_LOOKASIDE_LIST PPPagedLookasideList[32]; volatile ULONG PacketBarrier; volatile ULONG ReverseStall; PVOID IpiFrame; UCHAR PrcbPad2[52]; volatile PVOID CurrentPacket[3]; volatile ULONG TargetSet; volatile PKIPI_WORKER WorkerRoutine; volatile ULONG IpiFrozen; UCHAR PrcbPad3[40]; volatile ULONG RequestSummary; volatile struct _KPRCB *SignalDone; UCHAR PrcbPad4[56]; struct _KDPC_DATA DpcData[2]; PVOID DpcStack; ULONG MaximumDpcQueueDepth; ULONG DpcRequestRate; ULONG MinimumDpcRate; volatile UCHAR DpcInterruptRequested; volatile UCHAR DpcThreadRequested; volatile UCHAR DpcRoutineActive; volatile UCHAR DpcThreadActive; ULONG PrcbLock; ULONG DpcLastCount; volatile ULONG TimerHand; volatile ULONG TimerRequest; PVOID DpcThread; KEVENT DpcEvent; UCHAR ThreadDpcEnable; volatile BOOLEAN QuantumEnd; UCHAR PrcbPad50; volatile UCHAR IdleSchedule; LONG DpcSetEventRequest; #if (NTDDI_VERSION >= NTDDI_LONGHORN) LONG Sleeping; ULONG PeriodicCount; ULONG PeriodicBias; UCHAR PrcbPad5[6]; #else UCHAR PrcbPad5[18]; #endif LONG TickOffset; KDPC CallDpc; #if (NTDDI_VERSION >= NTDDI_LONGHORN) LONG ClockKeepAlive; UCHAR ClockCheckSlot; UCHAR ClockPollCycle; UCHAR PrcbPad6[2]; LONG DpcWatchdogPeriod; LONG DpcWatchDogCount; LONG ThreadWatchdogPeriod; LONG ThreadWatchDogCount; ULONG PrcbPad70[2]; #else ULONG PrcbPad7[8]; #endif LIST_ENTRY WaitListHead; ULONG ReadySummary; ULONG QueueIndex; #if (NTDDI_VERSION >= NTDDI_LONGHORN) SINGLE_LIST_ENTRY DeferredReadyListHead; ULONGLONG StartCycles; ULONGLONG CycleTime; ULONGLONG PrcbPad71[3]; LIST_ENTRY DispatcherReadyListHead[32]; #else LIST_ENTRY DispatcherReadyListHead[32]; SINGLE_LIST_ENTRY DeferredReadyListHead; ULONG PrcbPad72[11]; #endif PVOID ChainedInterruptList; LONG LookasideIrpFloat; volatile LONG MmPageFaultCount; volatile LONG MmCopyOnWriteCount; volatile LONG MmTransitionCount; volatile LONG MmCacheTransitionCount; volatile LONG MmDemandZeroCount; volatile LONG MmPageReadCount; volatile LONG MmPageReadIoCount; volatile LONG MmCacheReadCount; volatile LONG MmCacheIoCount; volatile LONG MmDirtyPagesWriteCount; volatile LONG MmDirtyWriteIoCount; volatile LONG MmMappedPagesWriteCount; volatile LONG MmMappedWriteIoCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CachedCommit; ULONG CachedResidentAvailable; PVOID HyperPte; UCHAR CpuVendor; UCHAR PrcbPad9[3]; #else ULONG SpareFields0[1]; #endif CHAR VendorString[13]; UCHAR InitialApicId; UCHAR LogicalProcessorsPerPhysicalProcessor; ULONG MHz; ULONG FeatureBits; LARGE_INTEGER UpdateSignature; volatile LARGE_INTEGER IsrTime; LARGE_INTEGER SpareField1; FX_SAVE_AREA NpxSaveArea; PROCESSOR_POWER_STATE PowerState; #if (NTDDI_VERSION >= NTDDI_LONGHORN) KDPC DpcWatchdogDoc; KTIMER DpcWatchdogTimer; PVOID WheaInfo; PVOID EtwSupport; SLIST_HEADER InterruptObjectPool; LARGE_INTEGER HyperCallPagePhysical; LARGE_INTEGER HyperCallPageVirtual; PVOID RateControl; CACHE_DESCRIPTOR Cache[5]; ULONG CacheCount; ULONG CacheProcessorMask[5]; UCHAR LogicalProcessorsPerCore; UCHAR PrcbPad8[3]; ULONG PackageProcessorSet; ULONG CoreProcessorSet; #endif } KPRCB, *PKPRCB; // // Processor Control Region // typedef struct _KIPCR { USHORT MinorVersion; USHORT MajorVersion; PKINTERRUPT_ROUTINE InterruptRoutine[MAXIMUM_VECTOR]; ULONG PcrPage2; ULONG Kseg0Top; ULONG Spare7[30]; ULONG FirstLevelDcacheSize; ULONG FirstLevelDcacheFillSize; ULONG FirstLevelIcacheSize; ULONG FirstLevelIcacheFillSize; ULONG SecondLevelDcacheSize; ULONG SecondLevelDcacheFillSize; ULONG SecondLevelIcacheSize; ULONG SecondLevelIcacheFillSize; struct _KPRCB *PrcbData; PVOID Teb; ULONG DcacheAlignment; ULONG DcacheFillSize; ULONG IcacheAlignment; ULONG IcacheFillSize; ULONG ProcessorVersion; ULONG ProcessorRevision; ULONG ProfileInterval; ULONG ProfileCount; ULONG StallExecutionCount; ULONG StallScaleFactor; ULONG Spare; union { ULONG CachePolicy; struct { UCHAR IcacheMode; UCHAR DcacheMode; USHORT ModeSpare; }; }; UCHAR IrqlMask[32]; UCHAR IrqlTable[9]; UCHAR CurrentIrql; CCHAR Number; KAFFINITY SetMember; ULONG ReservedVectors; struct _KTHREAD *CurrentThread; ULONG AlignedCachePolicy; union { ULONG SoftwareInterrupt; struct { UCHAR ApcInterrupt; UCHAR DispatchInterrupt; UCHAR Spare4; UCHAR Spare5; }; }; KAFFINITY NotMember; ULONG SystemReserved[16]; ULONG HalReserved[16]; ULONG FirstLevelActive; ULONG SystemServiceDispatchStart; ULONG SystemServiceDispatchEnd; ULONG InterruptStack; ULONG QuantumEnd; PVOID InitialStack; PVOID PanicStack; ULONG BadVaddr; PVOID StackLimit; PVOID SavedStackLimit; ULONG SavedV0; ULONG SavedV1; UCHAR DebugActive; UCHAR Spare6[3]; ULONG GprSave[6]; ULONG SiR0; ULONG SiR2; ULONG SiR3; ULONG SiR4; ULONG SiR5; ULONG Spare0; ULONG Spare8; ULONG PgDirRa; ULONG OnInterruptStack; ULONG SavedInitialStack; } KIPCR, *PKIPCR; #pragma pack(pop) // // TSS Definition // typedef struct _KTSS { } KTSS, *PKTSS; // // PowerPC Exception Frame // typedef struct _KEXCEPTION_FRAME { ULONG Fill1; ULONG Gpr13; ULONG Gpr14; ULONG Gpr15; ULONG Gpr16; ULONG Gpr17; ULONG Gpr18; ULONG Gpr19; ULONG Gpr20; ULONG Gpr21; ULONG Gpr22; ULONG Gpr23; ULONG Gpr24; ULONG Gpr25; ULONG Gpr26; ULONG Gpr27; ULONG Gpr28; ULONG Gpr29; ULONG Gpr30; ULONG Gpr31; DOUBLE Fpr14; DOUBLE Fpr15; DOUBLE Fpr16; DOUBLE Fpr17; DOUBLE Fpr18; DOUBLE Fpr19; DOUBLE Fpr20; DOUBLE Fpr21; DOUBLE Fpr22; DOUBLE Fpr23; DOUBLE Fpr24; DOUBLE Fpr25; DOUBLE Fpr26; DOUBLE Fpr27; DOUBLE Fpr28; DOUBLE Fpr29; DOUBLE Fpr30; DOUBLE Fpr31; } KEXCEPTION_FRAME, *PKEXCEPTION_FRAME; FORCEINLINE struct _KPRCB * KeGetCurrentPrcb(VOID) { return (struct _KPRCB *)(ULONG_PTR)__readfsdword(FIELD_OFFSET(KIPCR, PrcbData)); } #endif ================================================ FILE: ndk/powerpc/mmtypes.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: mmtypes.h (PPC) Abstract: PowerPC Type definitions for the Memory Manager Author: Art Yerkes (ayerkes@speakeasy.net) 04-Dec-2005 --*/ #ifndef _POWERPC_MMTYPES_H #define _POWERPC_MMTYPES_H // // Dependencies // // // Page-related Macros // #define PAGE_SIZE 0x1000 #define PAGE_SHIFT 12L typedef unsigned long long MMPTE_HARDWARE; typedef unsigned long long MMPTE_SOFTWARE; typedef unsigned long long MMPTE_PROTOTYPE; typedef unsigned long long MMPTE_SUBSECTION; typedef unsigned long long MMPTE_TRANSITION; typedef unsigned long long MMPTE_LIST; // // Page Table Entry Definition // typedef struct _HARDWARE_PTE_PPC { ULONG Dirty:2; ULONG Valid:1; ULONG GuardedStorage:1; ULONG MemoryCoherence:1; ULONG CacheDisable:1; ULONG WriteThrough:1; ULONG Change:1; ULONG Reference:1; ULONG Write:1; ULONG CopyOnWrite:1; ULONG rsvd1:1; ULONG PageFrameNumber:20; } HARDWARE_PTE_PPC, *PHARDWARE_PTE_PPC; #ifndef HARDWARE_PTE #define HARDWARE_PTE HARDWARE_PTE_PPC #define PHARDWARE_PTE PHARDWARE_PTE_PPC #endif #endif/*_POWERPC_MMTYPES_H*/ ================================================ FILE: ndk/psfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: psfuncs.h Abstract: Function definitions for the Process Manager Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _PSFUNCS_H #define _PSFUNCS_H // // Dependencies // #include #include #ifndef NTOS_MODE_USER // // Win32K Process/Thread Functions // NTKERNELAPI struct _W32THREAD* NTAPI PsGetCurrentThreadWin32Thread( VOID ); NTKERNELAPI struct _W32PROCESS* NTAPI PsGetCurrentProcessWin32Process( VOID ); NTKERNELAPI PVOID NTAPI PsGetProcessWin32Process( PEPROCESS Process ); NTKERNELAPI VOID NTAPI PsSetProcessWin32Process( PEPROCESS Process, PVOID Win32Process ); NTKERNELAPI VOID NTAPI PsSetThreadWin32Thread( PETHREAD Thread, PVOID Win32Thread ); NTKERNELAPI PVOID NTAPI PsGetThreadWin32Thread( PETHREAD Thread ); NTKERNELAPI BOOLEAN NTAPI PsGetThreadHardErrorsAreDisabled( PETHREAD Thread ); NTKERNELAPI VOID NTAPI PsSetThreadHardErrorsAreDisabled( PETHREAD Thread, IN BOOLEAN Disabled ); NTKERNELAPI VOID NTAPI PsEstablishWin32Callouts( PWIN32_CALLOUTS_FPNS CalloutData ); NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota( IN PEPROCESS Process, IN ULONG_PTR Amount ); // // Process Impersonation Functions // NTKERNELAPI VOID NTAPI PsRevertThreadToSelf( IN PETHREAD Thread ); // // Misc. Functions // NTKERNELAPI NTSTATUS NTAPI PsLookupProcessThreadByCid( IN PCLIENT_ID Cid, OUT PEPROCESS *Process OPTIONAL, OUT PETHREAD *Thread ); BOOLEAN NTAPI PsIsProtectedProcess( IN PEPROCESS Process ); // // Quota Functions // NTKERNELAPI VOID NTAPI PsChargePoolQuota( IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG Amount ); NTKERNELAPI NTSTATUS NTAPI PsChargeProcessNonPagedPoolQuota( IN PEPROCESS Process, IN ULONG_PTR Amount ); NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPagedPoolQuota( IN PEPROCESS Process, IN ULONG_PTR Amount ); NTKERNELAPI NTSTATUS NTAPI PsChargeProcessPoolQuota( IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG Amount ); NTKERNELAPI VOID NTAPI PsReturnPoolQuota( IN PEPROCESS Process, IN POOL_TYPE PoolType, IN ULONG_PTR Amount ); NTKERNELAPI VOID NTAPI PsReturnProcessNonPagedPoolQuota( IN PEPROCESS Process, IN ULONG_PTR Amount ); NTKERNELAPI VOID NTAPI PsReturnProcessPagedPoolQuota( IN PEPROCESS Process, IN ULONG_PTR Amount ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtAlertResumeThread( IN HANDLE ThreadHandle, OUT PULONG SuspendCount ); typedef ULONG APPHELPCACHESERVICECLASS; NTSYSCALLAPI NTSTATUS NTAPI NtApphelpCacheControl( IN APPHELPCACHESERVICECLASS Service, IN PVOID ServiceData ); NTSYSCALLAPI NTSTATUS NTAPI NtAlertThread( IN HANDLE ThreadHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtAssignProcessToJobObject( HANDLE JobHandle, HANDLE ProcessHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateJobObject( PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes ); NTSTATUS NTAPI NtCreateJobSet( IN ULONG NumJob, IN PJOB_SET_ARRAY UserJobSet, IN ULONG Flags ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess, IN BOOLEAN InheritObjectTable, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateProcessEx( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess, IN ULONG Flags, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, IN BOOLEAN InJob ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle, OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext, IN PINITIAL_TEB UserStack, IN BOOLEAN CreateSuspended ); #ifndef NTOS_MODE_USER #if defined(_M_IX86) FORCEINLINE PTEB NtCurrentTeb(VOID) { #ifndef __GNUC__ return (PTEB)(ULONG_PTR)__readfsdword(0x18); #else struct _TEB *ret; __asm__ __volatile__ ( "movl %%fs:0x18, %0\n" : "=r" (ret) : /* no inputs */ ); return ret; #endif } #endif #else struct _TEB * NtCurrentTeb(void); #endif NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateThread( IN HANDLE ThreadHandle, IN HANDLE ThreadToImpersonate, IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService ); NTSYSCALLAPI NTSTATUS NTAPI NtIsProcessInJob( IN HANDLE ProcessHandle, IN HANDLE JobHandle OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadToken( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenThreadTokenEx( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationJobObject( HANDLE JobHandle, JOBOBJECTINFOCLASS JobInformationClass, PVOID JobInformation, ULONG JobInformationLength, PULONG ReturnLength ); #ifndef _NTDDK_ NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL ); #endif NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtRegisterThreadTerminatePort( HANDLE TerminationPort ); NTSYSCALLAPI NTSTATUS NTAPI NtResumeThread( IN HANDLE ThreadHandle, OUT PULONG SuspendCount ); NTSYSCALLAPI NTSTATUS NTAPI NtResumeProcess( IN HANDLE ProcessHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationJobObject( HANDLE JobHandle, JOBOBJECTINFOCLASS JobInformationClass, PVOID JobInformation, ULONG JobInformationLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSuspendProcess( IN HANDLE ProcessHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSuspendThread( IN HANDLE ThreadHandle, IN PULONG PreviousSuspendCount ); NTSYSCALLAPI NTSTATUS NTAPI NtTerminateProcess( IN HANDLE ProcessHandle, IN NTSTATUS ExitStatus ); NTSYSCALLAPI NTSTATUS NTAPI NtTerminateThread( IN HANDLE ThreadHandle, IN NTSTATUS ExitStatus ); NTSYSCALLAPI NTSTATUS NTAPI NtTerminateJobObject( HANDLE JobHandle, NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI ZwAlertResumeThread( IN HANDLE ThreadHandle, OUT PULONG SuspendCount ); NTSYSAPI NTSTATUS NTAPI ZwAlertThread( IN HANDLE ThreadHandle ); NTSYSAPI NTSTATUS NTAPI ZwAssignProcessToJobObject( HANDLE JobHandle, HANDLE ProcessHandle ); NTSYSAPI NTSTATUS NTAPI ZwCreateJobObject( PHANDLE JobHandle, ACCESS_MASK DesiredAccess, POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSAPI NTSTATUS NTAPI ZwCreateProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ParentProcess, IN BOOLEAN InheritObjectTable, IN HANDLE SectionHandle OPTIONAL, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwCreateThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN HANDLE ProcessHandle, OUT PCLIENT_ID ClientId, IN PCONTEXT ThreadContext, IN PINITIAL_TEB UserStack, IN BOOLEAN CreateSuspended ); NTSYSAPI NTSTATUS NTAPI ZwImpersonateThread( IN HANDLE ThreadHandle, IN HANDLE ThreadToImpersonate, IN PSECURITY_QUALITY_OF_SERVICE SecurityQualityOfService ); NTSYSAPI NTSTATUS NTAPI ZwIsProcessInJob( IN HANDLE ProcessHandle, IN HANDLE JobHandle OPTIONAL ); NTSYSAPI NTSTATUS NTAPI ZwOpenProcess( OUT PHANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSAPI NTSTATUS NTAPI ZwOpenThread( OUT PHANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN PCLIENT_ID ClientId ); NTSYSAPI NTSTATUS NTAPI ZwOpenThreadToken( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI ZwOpenThreadTokenEx( IN HANDLE ThreadHandle, IN ACCESS_MASK DesiredAccess, IN BOOLEAN OpenAsSelf, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI ZwQueryInformationJobObject( HANDLE JobHandle, JOBOBJECTINFOCLASS JobInformationClass, PVOID JobInformation, ULONG JobInformationLength, PULONG ReturnLength ); #ifndef _NTDDK_ NTSYSAPI NTSTATUS NTAPI ZwQueryInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL ); #endif NTSYSAPI NTSTATUS NTAPI ZwQueryInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwRegisterThreadTerminatePort( HANDLE TerminationPort ); NTSYSAPI NTSTATUS NTAPI ZwResumeThread( IN HANDLE ThreadHandle, OUT PULONG SuspendCount ); NTSYSAPI NTSTATUS NTAPI ZwResumeProcess( IN HANDLE ProcessHandle ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationJobObject( HANDLE JobHandle, JOBOBJECTINFOCLASS JobInformationClass, PVOID JobInformation, ULONG JobInformationLength ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationProcess( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, IN PVOID ProcessInformation, IN ULONG ProcessInformationLength ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationThread( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, IN PVOID ThreadInformation, IN ULONG ThreadInformationLength ); NTSYSAPI NTSTATUS NTAPI ZwSuspendProcess( IN HANDLE ProcessHandle ); NTSYSAPI NTSTATUS NTAPI ZwSuspendThread( IN HANDLE ThreadHandle, IN PULONG PreviousSuspendCount ); NTSYSAPI NTSTATUS NTAPI ZwTerminateProcess( IN HANDLE ProcessHandle, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI ZwTerminateThread( IN HANDLE ThreadHandle, IN NTSTATUS ExitStatus ); NTSYSAPI NTSTATUS NTAPI ZwTerminateJobObject( HANDLE JobHandle, NTSTATUS ExitStatus ); #endif ================================================ FILE: ndk/pstypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: pstypes.h Abstract: Type definitions for the Process Manager Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _PSTYPES_H #define _PSTYPES_H // // Dependencies // #include #include #include #include #ifndef NTOS_MODE_USER #include #include #endif // // KUSER_SHARED_DATA location in User Mode // #define USER_SHARED_DATA (0x7FFE0000) // // Global Flags // #define FLG_STOP_ON_EXCEPTION 0x00000001 #define FLG_SHOW_LDR_SNAPS 0x00000002 #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 #define FLG_STOP_ON_HUNG_GUI 0x00000008 #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 #define FLG_HEAP_VALIDATE_ALL 0x00000080 #define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100 #define FLG_POOL_ENABLE_FREE_CHECK 0x00000200 #define FLG_POOL_ENABLE_TAGGING 0x00000400 #define FLG_HEAP_ENABLE_TAGGING 0x00000800 #define FLG_USER_STACK_TRACE_DB 0x00001000 #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 #define FLG_IGNORE_DEBUG_PRIV 0x00010000 #define FLG_ENABLE_CSRDEBUG 0x00020000 #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 #define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000 #define FLG_HEAP_DISABLE_COALESCING 0x00200000 #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 #define FLG_HEAP_PAGE_ALLOCS 0x02000000 #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 #define FLG_VALID_BITS 0x07FFFFFF // // Process priority classes // #define PROCESS_PRIORITY_CLASS_INVALID 0 #define PROCESS_PRIORITY_CLASS_IDLE 1 #define PROCESS_PRIORITY_CLASS_NORMAL 2 #define PROCESS_PRIORITY_CLASS_HIGH 3 #define PROCESS_PRIORITY_CLASS_REALTIME 4 #define PROCESS_PRIORITY_CLASS_BELOW_NORMAL 5 #define PROCESS_PRIORITY_CLASS_ABOVE_NORMAL 6 // // NtCreateProcessEx flags // #define PS_REQUEST_BREAKAWAY 1 #define PS_NO_DEBUG_INHERIT 2 #define PS_INHERIT_HANDLES 4 #define PS_LARGE_PAGES 8 #define PS_ALL_FLAGS (PS_REQUEST_BREAKAWAY | \ PS_NO_DEBUG_INHERIT | \ PS_INHERIT_HANDLES | \ PS_LARGE_PAGES) // // Process base priorities // #define PROCESS_PRIORITY_IDLE 3 #define PROCESS_PRIORITY_NORMAL 8 #define PROCESS_PRIORITY_NORMAL_FOREGROUND 9 // // Process memory priorities // #define MEMORY_PRIORITY_BACKGROUND 0 #define MEMORY_PRIORITY_UNKNOWN 1 #define MEMORY_PRIORITY_FOREGROUND 2 // // Process Priority Separation Values (OR) // #define PSP_VARIABLE_QUANTUMS 4 #define PSP_LONG_QUANTUMS 16 #ifndef NTOS_MODE_USER // // Thread Access Types // #define THREAD_QUERY_INFORMATION 0x0040 #define THREAD_SET_THREAD_TOKEN 0x0080 #define THREAD_IMPERSONATE 0x0100 #define THREAD_DIRECT_IMPERSONATION 0x0200 // // Process Access Types // #define PROCESS_TERMINATE 0x0001 #define PROCESS_CREATE_THREAD 0x0002 #define PROCESS_SET_SESSIONID 0x0004 #define PROCESS_VM_OPERATION 0x0008 #define PROCESS_VM_READ 0x0010 #define PROCESS_VM_WRITE 0x0020 #define PROCESS_CREATE_PROCESS 0x0080 #define PROCESS_SET_QUOTA 0x0100 #define PROCESS_SET_INFORMATION 0x0200 #define PROCESS_QUERY_INFORMATION 0x0400 #define PROCESS_SUSPEND_RESUME 0x0800 #define PROCESS_QUERY_LIMITED_INFORMATION 0x1000 #if (NTDDI_VERSION >= NTDDI_LONGHORN) #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ SYNCHRONIZE | \ 0xFFFF) #else #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ SYNCHRONIZE | \ 0xFFF) // // Thread Base Priorities // #define THREAD_BASE_PRIORITY_LOWRT 15 #define THREAD_BASE_PRIORITY_MAX 2 #define THREAD_BASE_PRIORITY_MIN -2 #define THREAD_BASE_PRIORITY_IDLE -15 // // TLS Slots // #define TLS_MINIMUM_AVAILABLE 64 #endif // // Job Access Types // #define JOB_OBJECT_ASSIGN_PROCESS 0x1 #define JOB_OBJECT_SET_ATTRIBUTES 0x2 #define JOB_OBJECT_QUERY 0x4 #define JOB_OBJECT_TERMINATE 0x8 #define JOB_OBJECT_SET_SECURITY_ATTRIBUTES 0x10 #define JOB_OBJECT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ SYNCHRONIZE | \ 31) // // Cross Thread Flags // #define CT_TERMINATED_BIT 0x1 #define CT_DEAD_THREAD_BIT 0x2 #define CT_HIDE_FROM_DEBUGGER_BIT 0x4 #define CT_ACTIVE_IMPERSONATION_INFO_BIT 0x8 #define CT_SYSTEM_THREAD_BIT 0x10 #define CT_HARD_ERRORS_ARE_DISABLED_BIT 0x20 #define CT_BREAK_ON_TERMINATION_BIT 0x40 #define CT_SKIP_CREATION_MSG_BIT 0x80 #define CT_SKIP_TERMINATION_MSG_BIT 0x100 // // Same Thread Passive Flags // #define STP_ACTIVE_EX_WORKER_BIT 0x1 #define STP_EX_WORKER_CAN_WAIT_USER_BIT 0x2 #define STP_MEMORY_MAKER_BIT 0x4 #define STP_KEYED_EVENT_IN_USE_BIT 0x8 // // Same Thread APC Flags // #define STA_LPC_RECEIVED_MSG_ID_VALID_BIT 0x1 #define STA_LPC_EXIT_THREAD_CALLED_BIT 0x2 #define STA_ADDRESS_SPACE_OWNER_BIT 0x4 #define STA_OWNS_WORKING_SET_BITS 0x1F8 #endif #define TLS_EXPANSION_SLOTS 1024 // // Process Flags // #define PSF_CREATE_REPORTED_BIT 0x1 #define PSF_NO_DEBUG_INHERIT_BIT 0x2 #define PSF_PROCESS_EXITING_BIT 0x4 #define PSF_PROCESS_DELETE_BIT 0x8 #define PSF_WOW64_SPLIT_PAGES_BIT 0x10 #define PSF_VM_DELETED_BIT 0x20 #define PSF_OUTSWAP_ENABLED_BIT 0x40 #define PSF_OUTSWAPPED_BIT 0x80 #define PSF_FORK_FAILED_BIT 0x100 #define PSF_WOW64_VA_SPACE_4GB_BIT 0x200 #define PSF_ADDRESS_SPACE_INITIALIZED_BIT 0x400 #define PSF_SET_TIMER_RESOLUTION_BIT 0x1000 #define PSF_BREAK_ON_TERMINATION_BIT 0x2000 #define PSF_SESSION_CREATION_UNDERWAY_BIT 0x4000 #define PSF_WRITE_WATCH_BIT 0x8000 #define PSF_PROCESS_IN_SESSION_BIT 0x10000 #define PSF_OVERRIDE_ADDRESS_SPACE_BIT 0x20000 #define PSF_HAS_ADDRESS_SPACE_BIT 0x40000 #define PSF_LAUNCH_PREFETCHED_BIT 0x80000 #define PSF_INJECT_INPAGE_ERRORS_BIT 0x100000 #define PSF_VM_TOP_DOWN_BIT 0x200000 #define PSF_IMAGE_NOTIFY_DONE_BIT 0x400000 #define PSF_PDE_UPDATE_NEEDED_BIT 0x800000 #define PSF_VDM_ALLOWED_BIT 0x1000000 #define PSF_SWAP_ALLOWED_BIT 0x2000000 #define PSF_CREATE_FAILED_BIT 0x4000000 #define PSF_DEFAULT_IO_PRIORITY_BIT 0x8000000 // // Vista Process Flags // #define PSF2_PROTECTED_BIT 0x800 #ifdef NTOS_MODE_USER // // Current Process/Thread built-in 'special' handles // #define NtCurrentProcess() ((HANDLE)(LONG_PTR)-1) #define ZwCurrentProcess() NtCurrentProcess() #define NtCurrentThread() ((HANDLE)(LONG_PTR)-2) #define ZwCurrentThread() NtCurrentThread() // // Process/Thread/Job Information Classes for NtQueryInformationProcess/Thread/Job // typedef enum _PROCESSINFOCLASS { ProcessBasicInformation, ProcessQuotaLimits, ProcessIoCounters, ProcessVmCounters, ProcessTimes, ProcessBasePriority, ProcessRaisePriority, ProcessDebugPort, ProcessExceptionPort, ProcessAccessToken, ProcessLdtInformation, ProcessLdtSize, ProcessDefaultHardErrorMode, ProcessIoPortHandlers, ProcessPooledUsageAndLimits, ProcessWorkingSetWatch, ProcessUserModeIOPL, ProcessEnableAlignmentFaultFixup, ProcessPriorityClass, ProcessWx86Information, ProcessHandleCount, ProcessAffinityMask, ProcessPriorityBoost, ProcessDeviceMap, ProcessSessionInformation, ProcessForegroundInformation, ProcessWow64Information, ProcessImageFileName, ProcessLUIDDeviceMapsEnabled, ProcessBreakOnTermination, ProcessDebugObjectHandle, ProcessDebugFlags, ProcessHandleTracing, ProcessIoPriority, ProcessExecuteFlags, ProcessTlsInformation, ProcessCookie, ProcessImageInformation, ProcessCycleTime, ProcessPagePriority, ProcessInstrumentationCallback, MaxProcessInfoClass } PROCESSINFOCLASS; typedef enum _THREADINFOCLASS { ThreadBasicInformation, ThreadTimes, ThreadPriority, ThreadBasePriority, ThreadAffinityMask, ThreadImpersonationToken, ThreadDescriptorTableEntry, ThreadEnableAlignmentFaultFixup, ThreadEventPair_Reusable, ThreadQuerySetWin32StartAddress, ThreadZeroTlsCell, ThreadPerformanceCount, ThreadAmILastThread, ThreadIdealProcessor, ThreadPriorityBoost, ThreadSetTlsArrayAddress, ThreadIsIoPending, ThreadHideFromDebugger, ThreadBreakOnTermination, ThreadSwitchLegacyState, ThreadIsTerminated, ThreadLastSystemCall, ThreadIoPriority, ThreadCycleTime, ThreadPagePriority, ThreadActualBasePriority, ThreadTebInformation, ThreadCSwitchMon, MaxThreadInfoClass } THREADINFOCLASS; #else typedef enum _PSPROCESSPRIORITYMODE { PsProcessPriorityForeground, PsProcessPriorityBackground, PsProcessPrioritySpinning } PSPROCESSPRIORITYMODE; typedef enum _JOBOBJECTINFOCLASS { JobObjectBasicAccountingInformation = 1, JobObjectBasicLimitInformation, JobObjectBasicProcessIdList, JobObjectBasicUIRestrictions, JobObjectSecurityLimitInformation, JobObjectEndOfJobTimeInformation, JobObjectAssociateCompletionPortInformation, JobObjectBasicAndIoAccountingInformation, JobObjectExtendedLimitInformation, JobObjectJobSetInformation, MaxJobObjectInfoClass } JOBOBJECTINFOCLASS; // // Power Event Events for Win32K Power Event Callback // typedef enum _PSPOWEREVENTTYPE { PsW32FullWake = 0, PsW32EventCode = 1, PsW32PowerPolicyChanged = 2, PsW32SystemPowerState = 3, PsW32SystemTime = 4, PsW32DisplayState = 5, PsW32CapabilitiesChanged = 6, PsW32SetStateFailed = 7, PsW32GdiOff = 8, PsW32GdiOn = 9, PsW32GdiPrepareResumeUI = 10, PsW32GdiOffRequest = 11, PsW32MonitorOff = 12, } PSPOWEREVENTTYPE; // // Power State Tasks for Win32K Power State Callback // typedef enum _POWERSTATETASK { PowerState_BlockSessionSwitch = 0, PowerState_Init = 1, PowerState_QueryApps = 2, PowerState_QueryServices = 3, PowerState_QueryAppsFailed = 4, PowerState_QueryServicesFailed = 5, PowerState_SuspendApps = 6, PowerState_SuspendServices = 7, PowerState_ShowUI = 8, PowerState_NotifyWL = 9, PowerState_ResumeApps = 10, PowerState_ResumeServices = 11, PowerState_UnBlockSessionSwitch = 12, PowerState_End = 13, PowerState_BlockInput = 14, PowerState_UnblockInput = 15, } POWERSTATETASK; // // Win32K Job Callback Types // typedef enum _PSW32JOBCALLOUTTYPE { PsW32JobCalloutSetInformation = 0, PsW32JobCalloutAddProcess = 1, PsW32JobCalloutTerminate = 2, } PSW32JOBCALLOUTTYPE; // // Win32K Thread Callback Types // typedef enum _PSW32THREADCALLOUTTYPE { PsW32ThreadCalloutInitialize, PsW32ThreadCalloutExit, } PSW32THREADCALLOUTTYPE; // // Declare empty structure definitions so that they may be referenced by // routines before they are defined // struct _W32THREAD; struct _W32PROCESS; //struct _ETHREAD; struct _WIN32_POWEREVENT_PARAMETERS; struct _WIN32_POWERSTATE_PARAMETERS; struct _WIN32_JOBCALLOUT_PARAMETERS; struct _WIN32_OPENMETHOD_PARAMETERS; struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS; struct _WIN32_CLOSEMETHOD_PARAMETERS; struct _WIN32_DELETEMETHOD_PARAMETERS; struct _WIN32_PARSEMETHOD_PARAMETERS; // // Win32K Process and Thread Callbacks // typedef NTSTATUS (NTAPI *PKWIN32_PROCESS_CALLOUT)( struct _EPROCESS *Process, BOOLEAN Create ); typedef NTSTATUS (NTAPI *PKWIN32_THREAD_CALLOUT)( struct _ETHREAD *Thread, PSW32THREADCALLOUTTYPE Type ); typedef NTSTATUS (NTAPI *PKWIN32_GLOBALATOMTABLE_CALLOUT)( VOID ); typedef NTSTATUS (NTAPI *PKWIN32_POWEREVENT_CALLOUT)( struct _WIN32_POWEREVENT_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PKWIN32_POWERSTATE_CALLOUT)( struct _WIN32_POWERSTATE_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PKWIN32_JOB_CALLOUT)( struct _WIN32_JOBCALLOUT_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PGDI_BATCHFLUSH_ROUTINE)( VOID ); typedef NTSTATUS (NTAPI *PKWIN32_OPENMETHOD_CALLOUT)( struct _WIN32_OPENMETHOD_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PKWIN32_OKTOCLOSEMETHOD_CALLOUT)( struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PKWIN32_CLOSEMETHOD_CALLOUT)( struct _WIN32_CLOSEMETHOD_PARAMETERS *Parameters ); typedef VOID (NTAPI *PKWIN32_DELETEMETHOD_CALLOUT)( struct _WIN32_DELETEMETHOD_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PKWIN32_PARSEMETHOD_CALLOUT)( struct _WIN32_PARSEMETHOD_PARAMETERS *Parameters ); typedef NTSTATUS (NTAPI *PKWIN32_WIN32DATACOLLECTION_CALLOUT)( struct _EPROCESS *Process, PVOID Callback, PVOID Context ); // // Lego Callback // typedef VOID (NTAPI *PLEGO_NOTIFY_ROUTINE)( IN PKTHREAD Thread ); #endif typedef NTSTATUS (NTAPI *PPOST_PROCESS_INIT_ROUTINE)( VOID ); // // Descriptor Table Entry Definition // #define _DESCRIPTOR_TABLE_ENTRY_DEFINED typedef struct _DESCRIPTOR_TABLE_ENTRY { ULONG Selector; LDT_ENTRY Descriptor; } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY; // // PEB Lock Routine // typedef VOID (NTAPI *PPEBLOCKROUTINE)( PVOID PebLock ); // // PEB Free Block Descriptor // typedef struct _PEB_FREE_BLOCK { struct _PEB_FREE_BLOCK* Next; ULONG Size; } PEB_FREE_BLOCK, *PPEB_FREE_BLOCK; // // Process Environment Block (PEB) // typedef struct _PEB { UCHAR InheritedAddressSpace; UCHAR ReadImageFileExecOptions; UCHAR BeingDebugged; #if (NTDDI_VERSION >= NTDDI_LONGHORN) union { struct { UCHAR ImageUsesLargePages:1; UCHAR IsProtectedProcess:1; UCHAR IsLegacyProcess:1; UCHAR IsImageDynamicallyRelocated:1; UCHAR SkipPatchingUser32Forwarders:1; UCHAR SpareBits:3; }; UCHAR BitField; }; #else BOOLEAN SpareBool; #endif HANDLE Mutant; PVOID ImageBaseAddress; PPEB_LDR_DATA Ldr; struct _RTL_USER_PROCESS_PARAMETERS *ProcessParameters; PVOID SubSystemData; PVOID ProcessHeap; #if (NTDDI_VERSION >= NTDDI_LONGHORN) struct _RTL_CRITICAL_SECTION *FastPebLock; PVOID AltThunkSListPtr; PVOID IFEOKey; union { struct { ULONG ProcessInJob:1; ULONG ProcessInitializing:1; ULONG ProcessUsingVEH:1; ULONG ProcessUsingVCH:1; ULONG ReservedBits0:28; }; ULONG CrossProcessFlags; }; union { PVOID* KernelCallbackTable; PVOID UserSharedInfoPtr; }; ULONG SystemReserved[1]; ULONG SpareUlong; ULONG SparePebPtr0; #else PVOID FastPebLock; PPEBLOCKROUTINE FastPebLockRoutine; PPEBLOCKROUTINE FastPebUnlockRoutine; ULONG EnvironmentUpdateCount; PVOID* KernelCallbackTable; PVOID EventLogSection; PVOID EventLog; PPEB_FREE_BLOCK FreeList; #endif ULONG TlsExpansionCounter; PVOID TlsBitmap; ULONG TlsBitmapBits[0x2]; PVOID ReadOnlySharedMemoryBase; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID HotpatchInformation; #else PVOID ReadOnlySharedMemoryHeap; #endif PVOID* ReadOnlyStaticServerData; PVOID AnsiCodePageData; PVOID OemCodePageData; PVOID UnicodeCaseTableData; ULONG NumberOfProcessors; ULONG NtGlobalFlag; LARGE_INTEGER CriticalSectionTimeout; ULONG HeapSegmentReserve; ULONG HeapSegmentCommit; ULONG HeapDeCommitTotalFreeThreshold; ULONG HeapDeCommitFreeBlockThreshold; ULONG NumberOfHeaps; ULONG MaximumNumberOfHeaps; PVOID* ProcessHeaps; PVOID GdiSharedHandleTable; PVOID ProcessStarterHelper; ULONG GdiDCAttributeList; #if (NTDDI_VERSION >= NTDDI_LONGHORN) struct _RTL_CRITICAL_SECTION *LoaderLock; #else PVOID LoaderLock; #endif ULONG OSMajorVersion; ULONG OSMinorVersion; USHORT OSBuildNumber; USHORT OSCSDVersion; ULONG OSPlatformId; ULONG ImageSubSystem; ULONG ImageSubSystemMajorVersion; ULONG ImageSubSystemMinorVersion; ULONG ImageProcessAffinityMask; ULONG GdiHandleBuffer[0x22]; PPOST_PROCESS_INIT_ROUTINE PostProcessInitRoutine; struct _RTL_BITMAP *TlsExpansionBitmap; ULONG TlsExpansionBitmapBits[0x20]; ULONG SessionId; #if (NTDDI_VERSION >= NTDDI_WINXP) ULARGE_INTEGER AppCompatFlags; ULARGE_INTEGER AppCompatFlagsUser; PVOID pShimData; PVOID AppCompatInfo; UNICODE_STRING CSDVersion; struct _ACTIVATION_CONTEXT_DATA *ActivationContextData; struct _ASSEMBLY_STORAGE_MAP *ProcessAssemblyStorageMap; struct _ACTIVATION_CONTEXT_DATA *SystemDefaultActivationContextData; struct _ASSEMBLY_STORAGE_MAP *SystemAssemblyStorageMap; ULONG MinimumStackCommit; #endif #if (NTDDI_VERSION >= NTDDI_WS03) PVOID *FlsCallback; LIST_ENTRY FlsListHead; struct _RTL_BITMAP *FlsBitmap; ULONG FlsBitmapBits[4]; ULONG FlsHighIndex; #endif #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID WerRegistrationData; PVOID WerShipAssertPtr; #endif } PEB, *PPEB; // // GDI Batch Descriptor // typedef struct _GDI_TEB_BATCH { ULONG Offset; HANDLE HDC; ULONG Buffer[0x136]; } GDI_TEB_BATCH, *PGDI_TEB_BATCH; // // Initial TEB // typedef struct _INITIAL_TEB { PVOID PreviousStackBase; PVOID PreviousStackLimit; PVOID StackBase; PVOID StackLimit; PVOID AllocatedStackBase; } INITIAL_TEB, *PINITIAL_TEB; // // TEB Active Frame Structures // typedef struct _TEB_ACTIVE_FRAME_CONTEXT { ULONG Flags; LPSTR FrameName; } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT; typedef struct _TEB_ACTIVE_FRAME { ULONG Flags; struct _TEB_ACTIVE_FRAME *Previous; PTEB_ACTIVE_FRAME_CONTEXT Context; } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME; // // Thread Environment Block (TEB) // typedef struct _TEB { NT_TIB Tib; PVOID EnvironmentPointer; CLIENT_ID Cid; PVOID ActiveRpcHandle; PVOID ThreadLocalStoragePointer; struct _PEB *ProcessEnvironmentBlock; ULONG LastErrorValue; ULONG CountOfOwnedCriticalSections; PVOID CsrClientThread; struct _W32THREAD* Win32ThreadInfo; ULONG User32Reserved[0x1A]; ULONG UserReserved[5]; PVOID WOW32Reserved; LCID CurrentLocale; ULONG FpSoftwareStatusRegister; PVOID SystemReserved1[0x36]; LONG ExceptionCode; struct _ACTIVATION_CONTEXT_STACK *ActivationContextStackPointer; #ifdef _WIN64 UCHAR SpareBytes1[24]; #else UCHAR SpareBytes1[0x24]; #endif ULONG TxFsContext; GDI_TEB_BATCH GdiTebBatch; CLIENT_ID RealClientId; PVOID GdiCachedProcessHandle; ULONG GdiClientPID; ULONG GdiClientTID; PVOID GdiThreadLocalInfo; SIZE_T Win32ClientInfo[62]; PVOID glDispatchTable[0xE9]; SIZE_T glReserved1[0x1D]; PVOID glReserved2; PVOID glSectionInfo; PVOID glSection; PVOID glTable; PVOID glCurrentRC; PVOID glContext; NTSTATUS LastStatusValue; UNICODE_STRING StaticUnicodeString; WCHAR StaticUnicodeBuffer[0x105]; PVOID DeallocationStack; PVOID TlsSlots[0x40]; LIST_ENTRY TlsLinks; PVOID Vdm; PVOID ReservedForNtRpc; PVOID DbgSsReserved[0x2]; ULONG HardErrorDisabled; #ifdef _WIN64 PVOID Instrumentation[11]; #else PVOID Instrumentation[9]; #endif GUID ActivityId; PVOID SubProcessTag; PVOID EtwTraceData; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID EtwLocalData; #endif PVOID WinSockData; ULONG GdiBatchCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) BOOLEAN SpareBool0; BOOLEAN SpareBool1; BOOLEAN SpareBool2; #else BOOLEAN InDbgPrint; BOOLEAN FreeStackOnTermination; BOOLEAN HasFiberData; #endif UCHAR IdealProcessor; ULONG GuaranteedStackBytes; PVOID ReservedForPerf; PVOID ReservedForOle; ULONG WaitingOnLoaderLock; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID SavedPriorityState; #else ULONG SparePointer1; #endif ULONG SoftPatchPtr1; ULONG SoftPatchPtr2; PVOID *TlsExpansionSlots; ULONG ImpersonationLocale; ULONG IsImpersonating; PVOID NlsCache; PVOID pShimData; ULONG HeapVirualAffinity; PVOID CurrentTransactionHandle; PTEB_ACTIVE_FRAME ActiveFrame; #if (NTDDI_VERSION >= NTDDI_WS03) PVOID FlsData; #endif #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID PreferredLangauges; PVOID UserPrefLanguages; PVOID MergedPrefLanguages; ULONG MuiImpersonation; union { struct { USHORT SpareCrossTebFlags:16; }; USHORT CrossTebFlags; }; union { struct { USHORT DbgSafeThunkCall:1; USHORT DbgInDebugPrint:1; USHORT DbgHasFiberData:1; USHORT DbgSkipThreadAttach:1; USHORT DbgWerInShipAssertCode:1; USHORT DbgIssuedInitialBp:1; USHORT DbgClonedThread:1; USHORT SpareSameTebBits:9; }; USHORT SameTebFlags; }; PVOID TxnScopeEntercallback; PVOID TxnScopeExitCAllback; PVOID TxnScopeContext; ULONG LockCount; ULONG ProcessRundown; ULONGLONG LastSwitchTime; ULONGLONG TotalSwitchOutTime; LARGE_INTEGER WaitReasonBitMap; #else UCHAR SafeThunkCall; UCHAR BooleanSpare[3]; #endif } TEB, *PTEB; #ifdef NTOS_MODE_USER // // Process Information Structures for NtQueryProcessInformation // typedef struct _PROCESS_BASIC_INFORMATION { NTSTATUS ExitStatus; PPEB PebBaseAddress; ULONG_PTR AffinityMask; KPRIORITY BasePriority; ULONG_PTR UniqueProcessId; ULONG_PTR InheritedFromUniqueProcessId; } PROCESS_BASIC_INFORMATION,*PPROCESS_BASIC_INFORMATION; typedef struct _PROCESS_ACCESS_TOKEN { HANDLE Token; HANDLE Thread; } PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN; typedef struct _PROCESS_DEVICEMAP_INFORMATION { union { struct { HANDLE DirectoryHandle; } Set; struct { ULONG DriveMap; UCHAR DriveType[32]; } Query; }; } PROCESS_DEVICEMAP_INFORMATION, *PPROCESS_DEVICEMAP_INFORMATION; typedef struct _KERNEL_USER_TIMES { LARGE_INTEGER CreateTime; LARGE_INTEGER ExitTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES; typedef struct _PROCESS_SESSION_INFORMATION { ULONG SessionId; } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION; #endif typedef struct _PROCESS_PRIORITY_CLASS { BOOLEAN Foreground; UCHAR PriorityClass; } PROCESS_PRIORITY_CLASS, *PPROCESS_PRIORITY_CLASS; // // Thread Information Structures for NtQueryProcessInformation // typedef struct _THREAD_BASIC_INFORMATION { NTSTATUS ExitStatus; PVOID TebBaseAddress; CLIENT_ID ClientId; KAFFINITY AffinityMask; KPRIORITY Priority; KPRIORITY BasePriority; } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION; #ifndef NTOS_MODE_USER // // Job Set Array // typedef struct _JOB_SET_ARRAY { HANDLE JobHandle; ULONG MemberLevel; ULONG Flags; } JOB_SET_ARRAY, *PJOB_SET_ARRAY; // // EPROCESS Quota Structures // typedef struct _EPROCESS_QUOTA_ENTRY { SIZE_T Usage; SIZE_T Limit; SIZE_T Peak; SIZE_T Return; } EPROCESS_QUOTA_ENTRY, *PEPROCESS_QUOTA_ENTRY; typedef struct _EPROCESS_QUOTA_BLOCK { EPROCESS_QUOTA_ENTRY QuotaEntry[3]; LIST_ENTRY QuotaList; ULONG ReferenceCount; ULONG ProcessCount; } EPROCESS_QUOTA_BLOCK, *PEPROCESS_QUOTA_BLOCK; // // Process Pagefault History // typedef struct _PAGEFAULT_HISTORY { ULONG CurrentIndex; ULONG MapIndex; KSPIN_LOCK SpinLock; PVOID Reserved; PROCESS_WS_WATCH_INFORMATION WatchInfo[1]; } PAGEFAULT_HISTORY, *PPAGEFAULT_HISTORY; // // Process Impersonation Information // typedef struct _PS_IMPERSONATION_INFORMATION { PACCESS_TOKEN Token; BOOLEAN CopyOnOpen; BOOLEAN EffectiveOnly; SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; } PS_IMPERSONATION_INFORMATION, *PPS_IMPERSONATION_INFORMATION; // // Process Termination Port // typedef struct _TERMINATION_PORT { struct _TERMINATION_PORT *Next; PVOID Port; } TERMINATION_PORT, *PTERMINATION_PORT; // // Per-Process APC Rate Limiting // typedef struct _PSP_RATE_APC { union { SINGLE_LIST_ENTRY NextApc; ULONGLONG ExcessCycles; }; ULONGLONG TargetGEneration; KAPC RateApc; } PSP_RATE_APC, *PPSP_RATE_APC; // // Executive Thread (ETHREAD) // typedef struct _ETHREAD { KTHREAD Tcb; PVOID Padding; LARGE_INTEGER CreateTime; union { LARGE_INTEGER ExitTime; LIST_ENTRY LpcReplyChain; LIST_ENTRY KeyedWaitChain; }; union { NTSTATUS ExitStatus; PVOID OfsChain; }; LIST_ENTRY PostBlockList; union { struct _TERMINATION_PORT *TerminationPort; struct _ETHREAD *ReaperLink; PVOID KeyedWaitValue; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID Win32StartParameter; #endif }; KSPIN_LOCK ActiveTimerListLock; LIST_ENTRY ActiveTimerListHead; CLIENT_ID Cid; #if (NTDDI_VERSION >= NTDDI_LONGHORN) KSEMAPHORE KeyedWaitSemaphore; #else union { KSEMAPHORE LpcReplySemaphore; KSEMAPHORE KeyedReplySemaphore; }; union { PVOID LpcReplyMessage; PVOID LpcWaitingOnPort; }; #endif PPS_IMPERSONATION_INFORMATION ImpersonationInfo; LIST_ENTRY IrpList; ULONG TopLevelIrp; PDEVICE_OBJECT DeviceToVerify; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PPSP_RATE_APC RateControlApc; #else struct _EPROCESS *ThreadsProcess; #endif PVOID Win32StartAddress; union { PKSTART_ROUTINE StartAddress; ULONG LpcReceivedMessageId; }; LIST_ENTRY ThreadListEntry; EX_RUNDOWN_REF RundownProtect; EX_PUSH_LOCK ThreadLock; #if (NTDDI_VERSION < NTDDI_LONGHORN) ULONG LpcReplyMessageId; #endif ULONG ReadClusterSize; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG SpareUlong0; #else ACCESS_MASK GrantedAccess; #endif union { struct { ULONG Terminated:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG ThreadInserted:1; #else ULONG DeadThread:1; #endif ULONG HideFromDebugger:1; ULONG ActiveImpersonationInfo:1; ULONG SystemThread:1; ULONG HardErrorsAreDisabled:1; ULONG BreakOnTermination:1; ULONG SkipCreationMsg:1; ULONG SkipTerminationMsg:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG CreateMsgSent:1; ULONG ThreadIoPriority:3; ULONG ThreadPagePriority:3; ULONG PendingRatecontrol:1; #endif }; ULONG CrossThreadFlags; }; union { struct { ULONG ActiveExWorker:1; ULONG ExWorkerCanWaitUser:1; ULONG MemoryMaker:1; ULONG KeyedEventInUse:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG RateApcState:2; #endif }; ULONG SameThreadPassiveFlags; }; union { struct { ULONG LpcReceivedMsgIdValid:1; ULONG LpcExitThreadCalled:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG Spare:1; #else ULONG AddressSpaceOwner:1; #endif ULONG OwnsProcessWorkingSetExclusive:1; ULONG OwnsProcessWorkingSetShared:1; ULONG OwnsSystemWorkingSetExclusive:1; ULONG OwnsSystemWorkingSetShared:1; ULONG OwnsSessionWorkingSetExclusive:1; ULONG OwnsSessionWorkingSetShared:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG SupressSymbolLoad:1; ULONG Spare1:3; ULONG PriorityRegionActive:4; #else ULONG ApcNeeded:1; #endif }; ULONG SameThreadApcFlags; }; #if (NTDDI_VERSION >= NTDDI_LONGHORN) UCHAR CacheManagerActive; #else UCHAR ForwardClusterOnly; #endif UCHAR DisablePageFaultClustering; UCHAR ActiveFaultCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG AlpcMessageId; union { PVOID AlpcMessage; ULONG AlpcReceiveAttributeSet; }; LIST_ENTRY AlpcWaitListEntry; KSEMAPHORE AlpcWaitSemaphore; ULONG CacheManagerCount; #endif } ETHREAD, *PETHREAD; // // Executive Process (EPROCESS) // typedef struct _EPROCESS { KPROCESS Pcb; EX_PUSH_LOCK ProcessLock; LARGE_INTEGER CreateTime; LARGE_INTEGER ExitTime; EX_RUNDOWN_REF RundownProtect; HANDLE UniqueProcessId; LIST_ENTRY ActiveProcessLinks; ULONG QuotaUsage[3]; /* 0=PagedPool, 1=NonPagedPool, 2=Pagefile */ ULONG QuotaPeak[3]; /* ditto */ ULONG CommitCharge; ULONG PeakVirtualSize; ULONG VirtualSize; LIST_ENTRY SessionProcessLinks; PVOID DebugPort; #if (NTDDI_VERSION >= NTDDI_LONGHORN) union { PVOID ExceptionPortData; ULONG ExceptionPortValue; UCHAR ExceptionPortState:3; }; #else PVOID ExceptionPort; #endif PHANDLE_TABLE ObjectTable; EX_FAST_REF Token; ULONG WorkingSetPage; #if (NTDDI_VERSION >= NTDDI_LONGHORN) EX_PUSH_LOCK AddressCreationLock; PETHREAD RotateInProgress; #else KGUARDED_MUTEX AddressCreationLock; KSPIN_LOCK HyperSpaceLock; #endif PETHREAD ForkInProgress; ULONG HardwareTrigger; PMM_AVL_TABLE PhysicalVadRoot; PVOID CloneRoot; ULONG NumberOfPrivatePages; ULONG NumberOfLockedPages; PVOID *Win32Process; struct _EJOB *Job; PVOID SectionObject; PVOID SectionBaseAddress; PEPROCESS_QUOTA_BLOCK QuotaBlock; PPAGEFAULT_HISTORY WorkingSetWatch; PVOID Win32WindowStation; HANDLE InheritedFromUniqueProcessId; PVOID LdtInformation; PVOID VadFreeHint; PVOID VdmObjects; PVOID DeviceMap; #if (NTDDI_VERSION >= NTDDI_LONGHORN) PVOID EtwDataSource; PVOID FreeTebHint; #else PVOID Spare0[3]; #endif union { HARDWARE_PTE PagedirectoryPte; ULONGLONG Filler; }; ULONG Session; CHAR ImageFileName[16]; LIST_ENTRY JobLinks; PVOID LockedPagesList; LIST_ENTRY ThreadListHead; PVOID SecurityPort; PVOID PaeTop; ULONG ActiveThreads; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG ImagePathHash; #else ACCESS_MASK GrantedAccess; #endif ULONG DefaultHardErrorProcessing; NTSTATUS LastThreadExitStatus; struct _PEB* Peb; EX_FAST_REF PrefetchTrace; LARGE_INTEGER ReadOperationCount; LARGE_INTEGER WriteOperationCount; LARGE_INTEGER OtherOperationCount; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; ULONG CommitChargeLimit; ULONG CommitChargePeak; PVOID AweInfo; SE_AUDIT_PROCESS_CREATION_INFO SeAuditProcessCreationInfo; MMSUPPORT Vm; LIST_ENTRY MmProcessLinks; ULONG ModifiedPageCount; #if (NTDDI_VERSION >= NTDDI_LONGHORN) union { struct { ULONG JobNotReallyActive:1; ULONG AccountingFolded:1; ULONG NewProcessReported:1; ULONG ExitProcessReported:1; ULONG ReportCommitChanges:1; ULONG LastReportMemory:1; ULONG ReportPhysicalPageChanges:1; ULONG HandleTableRundown:1; ULONG NeedsHandleRundown:1; ULONG RefTraceEnabled:1; ULONG NumaAware:1; ULONG ProtectedProcess:1; ULONG DefaultPagePriority:3; ULONG PrimaryTokenFrozen:1; ULONG ProcessVerifierTarget:1; ULONG StackRandomizationDisabled:1; ULONG Unused01:1; ULONG Unused02:1; ULONG CrossSectionCreate:1; }; ULONG Flags2; }; #else ULONG JobStatus; #endif union { struct { ULONG CreateReported:1; ULONG NoDebugInherit:1; ULONG ProcessExiting:1; ULONG ProcessDelete:1; ULONG Wow64SplitPages:1; ULONG VmDeleted:1; ULONG OutswapEnabled:1; ULONG Outswapped:1; ULONG ForkFailed:1; ULONG Wow64VaSpace4Gb:1; ULONG AddressSpaceInitialized:2; ULONG SetTimerResolution:1; ULONG BreakOnTermination:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG DeprioritizeViews:1; #else ULONG SessionCreationUnderway:1; #endif ULONG WriteWatch:1; ULONG ProcessInSession:1; ULONG OverrideAddressSpace:1; ULONG HasAddressSpace:1; ULONG LaunchPrefetched:1; ULONG InjectInpageErrors:1; ULONG VmTopDown:1; ULONG ImageNotifyDone:1; ULONG PdeUpdateNeeded:1; ULONG VdmAllowed:1; ULONG SmapAllowed:1; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG ProcessInserted:1; #else ULONG CreateFailed:1; #endif ULONG DefaultIoPriority:3; #if (NTDDI_VERSION >= NTDDI_LONGHORN) ULONG SparePsFlags1:2; #else ULONG Spare1:1; ULONG Spare2:1; #endif }; ULONG Flags; }; NTSTATUS ExitStatus; #if (NTDDI_VERSION >= NTDDI_LONGHORN) USHORT Spare7; #else USHORT NextPageColor; #endif union { struct { UCHAR SubSystemMinorVersion; UCHAR SubSystemMajorVersion; }; USHORT SubSystemVersion; }; UCHAR PriorityClass; MM_AVL_TABLE VadRoot; ULONG Cookie; } EPROCESS, *PEPROCESS; // // Job Token Filter Data // #include typedef struct _PS_JOB_TOKEN_FILTER { ULONG CapturedSidCount; PSID_AND_ATTRIBUTES CapturedSids; ULONG CapturedSidsLength; ULONG CapturedGroupCount; PSID_AND_ATTRIBUTES CapturedGroups; ULONG CapturedGroupsLength; ULONG CapturedPrivilegeCount; PLUID_AND_ATTRIBUTES CapturedPrivileges; ULONG CapturedPrivilegesLength; } PS_JOB_TOKEN_FILTER, *PPS_JOB_TOKEN_FILTER; // // Executive Job (EJOB) // typedef struct _EJOB { KEVENT Event; LIST_ENTRY JobLinks; LIST_ENTRY ProcessListHead; ERESOURCE JobLock; LARGE_INTEGER TotalUserTime; LARGE_INTEGER TotalKernelTime; LARGE_INTEGER ThisPeriodTotalUserTime; LARGE_INTEGER ThisPeriodTotalKernelTime; ULONG TotalPageFaultCount; ULONG TotalProcesses; ULONG ActiveProcesses; ULONG TotalTerminatedProcesses; LARGE_INTEGER PerProcessUserTimeLimit; LARGE_INTEGER PerJobUserTimeLimit; ULONG LimitFlags; ULONG MinimumWorkingSetSize; ULONG MaximumWorkingSetSize; ULONG ActiveProcessLimit; ULONG Affinity; UCHAR PriorityClass; ULONG UIRestrictionsClass; ULONG SecurityLimitFlags; PVOID Token; PPS_JOB_TOKEN_FILTER Filter; ULONG EndOfJobTimeAction; PVOID CompletionPort; PVOID CompletionKey; ULONG SessionId; ULONG SchedulingClass; ULONGLONG ReadOperationCount; ULONGLONG WriteOperationCount; ULONGLONG OtherOperationCount; ULONGLONG ReadTransferCount; ULONGLONG WriteTransferCount; ULONGLONG OtherTransferCount; IO_COUNTERS IoInfo; ULONG ProcessMemoryLimit; ULONG JobMemoryLimit; ULONG PeakProcessMemoryUsed; ULONG PeakJobMemoryUsed; ULONG CurrentJobMemoryUsed; #if (NTDDI_VERSION == NTDDI_WINXP) FAST_MUTEX MemoryLimitsLock; #elif (NTDDI_VERSION == NTDDI_WS03) KGUARDED_MUTEX MemoryLimitsLock; #elif (NTDDI_VERSION >= NTDDI_LONGHORN) EX_PUSH_LOCK MemoryLimitsLock; #endif LIST_ENTRY JobSetLinks; ULONG MemberLevel; ULONG JobFlags; } EJOB, *PEJOB; #include // // Win32K Callback Registration Data // typedef struct _WIN32_POWEREVENT_PARAMETERS { PSPOWEREVENTTYPE EventNumber; ULONG Code; } WIN32_POWEREVENT_PARAMETERS, *PWIN32_POWEREVENT_PARAMETERS; typedef struct _WIN32_POWERSTATE_PARAMETERS { UCHAR Promotion; POWER_ACTION SystemAction; SYSTEM_POWER_STATE MinSystemState; ULONG Flags; POWERSTATETASK PowerStateTask; } WIN32_POWERSTATE_PARAMETERS, *PWIN32_POWERSTATE_PARAMETERS; typedef struct _WIN32_JOBCALLOUT_PARAMETERS { PVOID Job; PSW32JOBCALLOUTTYPE CalloutType; PVOID Data; } WIN32_JOBCALLOUT_PARAMETERS, *PWIN32_JOBCALLOUT_PARAMETERS; typedef struct _WIN32_OPENMETHOD_PARAMETERS { OB_OPEN_REASON OpenReason; PEPROCESS Process; PVOID Object; ULONG GrantedAccess; ULONG HandleCount; } WIN32_OPENMETHOD_PARAMETERS, *PWIN32_OPENMETHOD_PARAMETERS; typedef struct _WIN32_OKAYTOCLOSEMETHOD_PARAMETERS { PEPROCESS Process; PVOID Object; HANDLE Handle; KPROCESSOR_MODE PreviousMode; } WIN32_OKAYTOCLOSEMETHOD_PARAMETERS, *PWIN32_OKAYTOCLOSEMETHOD_PARAMETERS; typedef struct _WIN32_CLOSEMETHOD_PARAMETERS { PEPROCESS Process; PVOID Object; ACCESS_MASK AccessMask; ULONG ProcessHandleCount; ULONG SystemHandleCount; } WIN32_CLOSEMETHOD_PARAMETERS, *PWIN32_CLOSEMETHOD_PARAMETERS; typedef struct _WIN32_DELETEMETHOD_PARAMETERS { PVOID Object; } WIN32_DELETEMETHOD_PARAMETERS, *PWIN32_DELETEMETHOD_PARAMETERS; typedef struct _WIN32_PARSEMETHOD_PARAMETERS { PVOID ParseObject; PVOID ObjectType; PACCESS_STATE AccessState; KPROCESSOR_MODE AccessMode; ULONG Attributes; OUT PUNICODE_STRING CompleteName; PUNICODE_STRING RemainingName; PVOID Context; PSECURITY_QUALITY_OF_SERVICE SecurityQos; PVOID *Object; } WIN32_PARSEMETHOD_PARAMETERS, *PWIN32_PARSEMETHOD_PARAMETERS; typedef struct _WIN32_CALLOUTS_FPNS { PKWIN32_PROCESS_CALLOUT ProcessCallout; PKWIN32_THREAD_CALLOUT ThreadCallout; PKWIN32_GLOBALATOMTABLE_CALLOUT GlobalAtomTableCallout; PKWIN32_POWEREVENT_CALLOUT PowerEventCallout; PKWIN32_POWERSTATE_CALLOUT PowerStateCallout; PKWIN32_JOB_CALLOUT JobCallout; PGDI_BATCHFLUSH_ROUTINE BatchFlushRoutine; PKWIN32_OPENMETHOD_CALLOUT DesktopOpenProcedure; PKWIN32_OKTOCLOSEMETHOD_CALLOUT DesktopOkToCloseProcedure; PKWIN32_CLOSEMETHOD_CALLOUT DesktopCloseProcedure; PKWIN32_DELETEMETHOD_CALLOUT DesktopDeleteProcedure; PKWIN32_OKTOCLOSEMETHOD_CALLOUT WindowStationOkToCloseProcedure; PKWIN32_CLOSEMETHOD_CALLOUT WindowStationCloseProcedure; PKWIN32_DELETEMETHOD_CALLOUT WindowStationDeleteProcedure; PKWIN32_PARSEMETHOD_CALLOUT WindowStationParseProcedure; PKWIN32_OPENMETHOD_CALLOUT WindowStationOpenProcedure; PKWIN32_WIN32DATACOLLECTION_CALLOUT Win32DataCollectionProcedure; } WIN32_CALLOUTS_FPNS, *PWIN32_CALLOUTS_FPNS; #endif // !NTOS_MODE_USER #endif // _PSTYPES_H ================================================ FILE: ndk/readme.txt ================================================ Native Development Kit README NDK 1.00 ----------------------------- 0. PREAMBLE 0.1 COPYRIGHT The NDK is Copyright 2005-2008 Alex Ionescu. 0.2 CONTACT INFORMATION The author, Alex Ionescu, may be reached through the following means: Email: aionescu@gmail.com Mail: 1411 du Fort, #1207. H3H 2N7. Montreal, QC. CANADA. Phone: 1-(514)-581-7156 1. LICENSE 1.1 OPEN SOURCE USAGE Open Source Projects may choose to use the following licenses: GNU GENERAL PUBLIC LICENSE Version 2, June 1991 OR GNU LESSER GENERAL PUBLIC LICENSE Version 2.1, February 1999 OR EITHER of the aforementioned licenses AND (at your option) any later version of the above said licenses. 1.2 LICENSE LIMITATIONS The choice is yours to make based on the license which is most compatible with your software. You MUST read GPL.TXT or LGPL.TXT after your decision. Violating your chosen license voids your usage rights of the NDK and will lead to legal action on the part of the author. Using this software with any later version of the GNU GPL or LGPL in no way changes your obligations under the versions listed above. You MUST still release the NDK and its changes under the terms of the original licenses (either GPLv2 or LGPLv2.1) as listed above. This DOES NOT AFFECT the license of a software package released under a later version and ONLY serves to clarify that using the NDK with a later version is permitted provided the aforementioned terms are met. If your Open Source product does not use a license which is compatible with the ones listed above, please contact the author to reach a mutual agreement to find a better solution for your product. Alternatively, you may choose to use the Proprietary Usage license displayed below in section 1.3 If you are unsure of whether or not your product qualifies as an Open Source product, please contact the Free Software Foundation, or visit their website at www.fsf.org. 1.3 PROPRIETARY USAGE Because it may be undesirable or impossible to adapt this software to your commercial and/or proprietary product(s) and/or service(s) using a (L)GPL license, proprietary products are free to use the following license: NDK LICENSE Version 1, November 2005 You MUST read NDK.TXT for the full text of this license. Violating your chosen license voids your usage rights of the NDK, constitutes a copyright violation, and will lead to legal action on the part of the author. If you are unsure of have any questions about the NDK License, please contact the author for further clarification. 2. ORIGINS OF NDK MATERIAL, AND ADDING YOUR OWN 2.1 CONTRIBUTIONS AND SOURCES The NDK could not exist without the various contributions made by a variety of people and sources. The following public sources of information were lawfully used: - GNU NTIFS.H, Revision 43 - W32API, Version 2.5 - Microsoft Windows Driver Kit 6001 - Microsoft Windows Driver Kit 6000 - Microsoft Driver Development Kit 2003 SP1 - Microsoft Driver Development Kit 2000 - Microsoft Driver Development Kit NT 4 - Microsoft Driver Development Kit WinME - Microsoft Installable File Systems Kit 2003 SP1 - Microsoft Windows Debugger (WinDBG) 6.5.0003.7 and later - Microsoft Public Symbolic Data - Microsoft Public Windows Binaries (strings) - OSR Technical Articles - Undocumented windows 2000 Secrets, a Programmer's Cookbook - Windows NT/2000 Native API Reference - Windows NT File System Internals - Windows Internals I - II - Windows Internals 4th Edition If the information contained in these sources was copyrighted, the information was not copied, but simply used as a basis for developing a compatible and identical definition. No information protected by a patent or NDA was used. All information was publically located through the Internet or purchased or licensed for lawful use. Additionally, the following people contributed to the NDK: - Art Yerkes - Eric Kohl - Filip Navara - Steven Edwards 2.2 BECOMING A CONTRIBUTOR To contribute information to the NDK, simply contact the author with your new structure, definition, enumeration, or prototype. Please make sure that your addition is: 1) Actually correct! 2) Present in Windows NT 5, 5.1, 5.2 and/or 6.0 3) Not already accessible through another public header in the DDK, IFS, WDK and/or PSDK. 4) From a publically verifiable source. The author needs to be able to search for your addition in a public information location (book, Internet, etc) and locate this definition. 5) Not Reversed. Reversing a type is STRONGLY discouraged and a reversed type will more then likely not be accepted, due to the fact that functionality and naming will be entirely guessed, and things like unions are almost impossible to determine. It can also bring up possible legal ramifications depending on your location. However, using a tool to dump the strings inside an executable for the purpose of locating the actual name or definition of a structure (sometimes possible due to ASSERTs or debugging strings) is considered 'fair use' and will be a likely candidate. If your addition satsfies these points, then please submit it, and also include whether or not you would like to be credited for it. 3. USAGE 3.1 ORGANIZATION * The NDK is organized in a main folder (include/ndk) with arch-specific subfolders (ex: include/ndk/i386). * The NDK is structured by NT Subsystem Component (ex: ex, ps, rtl, etc). * The NDK can either be included on-demand (#include ) or globally (#include ). The former is recommended to reduce compile time. * The NDK is structured by function and type. Every Subsystem Component has an associated "xxfuncs.h" and "xxtypes.h" header, where "xx" is the Subsystem (ex: iofuncs.h, iotypes.h) * The NDK has a special file called "umtypes.h" which exports to User-Mode or Native-Mode Applications the basic NT types which are present in ntdef.h. This file cannot be included since it would conflict with winnt.h and/or windef.h. Thus, umtypes.h provides the missing types. This file is automatically included in a User-Mode NDK project. * The NDK also includes a file called "umfuncs.h" which exports to User-Mode or Native-Mode Applications undocumented functions which can only be accessed from ntdll.dll. * The NDK has another special file called "ifssupp.h", which exports to Kernel-Mode drivers a few types which are only documented in the IFS kit, and are part of some native definitions. It will be deprecated next year with the release of the WDK. 3.2 USING IN YOUR PROJECT * User Mode Application requiring Native Types: #define WIN32_NO_STATUS /* Tell Windows headers you'll use ntstatus.s from NDK */ #include "windows.h" /* Declare Windows Headers like you normally would */ #include "ntndk.h" /* Declare the NDK Headers */ * Native Mode Application: #include "ntdef.h" /* Declare basic native types. */ #include "ntndk.h" /* Declare the NDK Headers */ * Kernel Mode Driver: #include "ntddk.h" /* Declare DDK Headers like you normally would */ #include "ntndk.h" /* Declare the NDK Headers */ * You may also include only the files you need (example for User-Mode application): #define WIN32_NO_STATUS /* Tell Windows headers you'll use ntstatus.s from NDK */ #include "windows.h" /* Declare Windows Headers like you normally would */ #include "rtlfuncs.h" /* Declare the Rtl* Functions */ 3.3 CAVEATS * winternl.h: This header, part of the PSDK, was released by Microsoft as part of one of the governmen lawsuits against it, and documents a certain (minimal) part of the Native API and/or types. Unfortunately, Microsoft decided to hack the Native Types and to define them incorrectly, replacing real members by "reserved" ones. As such, you 'cannot include winternl.h in any project that uses the NDK. Note however, that the NDK fully replaces it and retains compatibility with any project that used it. * You must have the WDK installed if using the WDK, even for non-kernel applications, because ntntls.h is required. ================================================ FILE: ndk/rtlfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: rtlfuncs.h Abstract: Function definitions for the Run-Time Library Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _RTLFUNCS_H #define _RTLFUNCS_H // // Dependencies // #include #include #include #include #include "in6addr.h" #include "inaddr.h" #ifdef __cplusplus extern "C" { #endif #ifdef NTOS_MODE_USER // // List Functions // FORCEINLINE VOID InitializeListHead( IN PLIST_ENTRY ListHead ) { ListHead->Flink = ListHead->Blink = ListHead; } FORCEINLINE VOID InsertHeadList( IN PLIST_ENTRY ListHead, IN PLIST_ENTRY Entry ) { PLIST_ENTRY OldFlink; OldFlink = ListHead->Flink; Entry->Flink = OldFlink; Entry->Blink = ListHead; OldFlink->Blink = Entry; ListHead->Flink = Entry; } FORCEINLINE VOID InsertTailList( IN PLIST_ENTRY ListHead, IN PLIST_ENTRY Entry ) { PLIST_ENTRY OldBlink; OldBlink = ListHead->Blink; Entry->Flink = ListHead; Entry->Blink = OldBlink; OldBlink->Flink = Entry; ListHead->Blink = Entry; } BOOLEAN FORCEINLINE IsListEmpty( IN const LIST_ENTRY * ListHead ) { return (BOOLEAN)(ListHead->Flink == ListHead); } FORCEINLINE PSINGLE_LIST_ENTRY PopEntryList( PSINGLE_LIST_ENTRY ListHead ) { PSINGLE_LIST_ENTRY FirstEntry; FirstEntry = ListHead->Next; if (FirstEntry != NULL) { ListHead->Next = FirstEntry->Next; } return FirstEntry; } FORCEINLINE VOID PushEntryList( PSINGLE_LIST_ENTRY ListHead, PSINGLE_LIST_ENTRY Entry ) { Entry->Next = ListHead->Next; ListHead->Next = Entry; } FORCEINLINE BOOLEAN RemoveEntryList( IN PLIST_ENTRY Entry) { PLIST_ENTRY OldFlink; PLIST_ENTRY OldBlink; OldFlink = Entry->Flink; OldBlink = Entry->Blink; OldFlink->Blink = OldBlink; OldBlink->Flink = OldFlink; return (BOOLEAN)(OldFlink == OldBlink); } FORCEINLINE PLIST_ENTRY RemoveHeadList( IN PLIST_ENTRY ListHead) { PLIST_ENTRY Flink; PLIST_ENTRY Entry; Entry = ListHead->Flink; Flink = Entry->Flink; ListHead->Flink = Flink; Flink->Blink = ListHead; return Entry; } FORCEINLINE PLIST_ENTRY RemoveTailList( IN PLIST_ENTRY ListHead) { PLIST_ENTRY Blink; PLIST_ENTRY Entry; Entry = ListHead->Blink; Blink = Entry->Blink; ListHead->Blink = Blink; Blink->Flink = ListHead; return Entry; } // // Unicode string macros // FORCEINLINE VOID RtlInitEmptyUnicodeString(OUT PUNICODE_STRING UnicodeString, IN PWSTR Buffer, IN USHORT BufferSize) { UnicodeString->Length = 0; UnicodeString->MaximumLength = BufferSize; UnicodeString->Buffer = Buffer; } // // LUID Macros // #define RtlEqualLuid(L1, L2) (((L1)->HighPart == (L2)->HighPart) && \ ((L1)->LowPart == (L2)->LowPart)) FORCEINLINE LUID NTAPI_INLINE RtlConvertUlongToLuid(ULONG Ulong) { LUID TempLuid; TempLuid.LowPart = Ulong; TempLuid.HighPart = 0; return TempLuid; } // // ASSERT Macros // #ifndef ASSERT #if DBG #define ASSERT( exp ) \ ((!(exp)) ? \ (RtlAssert( #exp, __FILE__, __LINE__, NULL ),FALSE) : \ TRUE) #define ASSERTMSG( msg, exp ) \ ((!(exp)) ? \ (RtlAssert( #exp, __FILE__, __LINE__, msg ),FALSE) : \ TRUE) #else #define ASSERT( exp ) ((void) 0) #define ASSERTMSG( msg, exp ) ((void) 0) #endif #endif #ifdef NTOS_KERNEL_RUNTIME // // Executing RTL functions at DISPATCH_LEVEL or higher will result in a // bugcheck. // #define RTL_PAGED_CODE PAGED_CODE #else // // This macro does nothing in user mode // #define RTL_PAGED_CODE NOP_FUNCTION #endif // // RTL Splay Tree Functions // NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlSplay( IN PRTL_SPLAY_LINKS Links ); NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlDelete(IN PRTL_SPLAY_LINKS Links ); NTSYSAPI VOID NTAPI RtlDeleteNoSplay( IN PRTL_SPLAY_LINKS Links, OUT PRTL_SPLAY_LINKS *Root ); NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlSubtreeSuccessor( IN PRTL_SPLAY_LINKS Links ); NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlSubtreePredecessor( IN PRTL_SPLAY_LINKS Links ); NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlRealSuccessor( IN PRTL_SPLAY_LINKS Links ); NTSYSAPI PRTL_SPLAY_LINKS NTAPI RtlRealPredecessor( IN PRTL_SPLAY_LINKS Links ); #define RtlIsLeftChild(Links) \ (RtlLeftChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)) #define RtlIsRightChild(Links) \ (RtlRightChild(RtlParent(Links)) == (PRTL_SPLAY_LINKS)(Links)) #define RtlRightChild(Links) \ ((PRTL_SPLAY_LINKS)(Links))->RightChild #define RtlIsRoot(Links) \ (RtlParent(Links) == (PRTL_SPLAY_LINKS)(Links)) #define RtlLeftChild(Links) \ ((PRTL_SPLAY_LINKS)(Links))->LeftChild #define RtlParent(Links) \ ((PRTL_SPLAY_LINKS)(Links))->Parent #define RtlInitializeSplayLinks(Links) \ { \ PRTL_SPLAY_LINKS _SplayLinks; \ _SplayLinks = (PRTL_SPLAY_LINKS)(Links); \ _SplayLinks->Parent = _SplayLinks; \ _SplayLinks->LeftChild = NULL; \ _SplayLinks->RightChild = NULL; \ } #define RtlInsertAsLeftChild(ParentLinks,ChildLinks) \ { \ PRTL_SPLAY_LINKS _SplayParent; \ PRTL_SPLAY_LINKS _SplayChild; \ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ _SplayParent->LeftChild = _SplayChild; \ _SplayChild->Parent = _SplayParent; \ } #define RtlInsertAsRightChild(ParentLinks,ChildLinks) \ { \ PRTL_SPLAY_LINKS _SplayParent; \ PRTL_SPLAY_LINKS _SplayChild; \ _SplayParent = (PRTL_SPLAY_LINKS)(ParentLinks); \ _SplayChild = (PRTL_SPLAY_LINKS)(ChildLinks); \ _SplayParent->RightChild = _SplayChild; \ _SplayChild->Parent = _SplayParent; \ } #endif // // Error and Exception Functions // NTSYSAPI PVOID NTAPI RtlAddVectoredExceptionHandler( IN ULONG FirstHandler, IN PVECTORED_EXCEPTION_HANDLER VectoredHandler ); NTSYSAPI VOID NTAPI RtlAssert( IN PVOID FailedAssertion, IN PVOID FileName, IN ULONG LineNumber, IN PCHAR Message ); NTSYSAPI PVOID NTAPI RtlSetUnhandledExceptionFilter( IN PVOID TopLevelExceptionFilter ); NTSYSAPI VOID NTAPI RtlCaptureContext( OUT PCONTEXT ContextRecord ); NTSYSAPI PVOID NTAPI RtlEncodePointer( IN PVOID Pointer ); NTSYSAPI PVOID NTAPI RtlDecodePointer( IN PVOID Pointer ); NTSYSAPI PVOID NTAPI RtlEncodeSystemPointer( IN PVOID Pointer ); NTSYSAPI PVOID NTAPI RtlDecodeSystemPointer( IN PVOID Pointer ); NTSYSAPI BOOLEAN NTAPI RtlDispatchException( IN PEXCEPTION_RECORD ExceptionRecord, IN PCONTEXT Context ); NTSYSAPI ULONG NTAPI RtlNtStatusToDosError( IN NTSTATUS Status ); NTSYSAPI VOID NTAPI RtlSetLastWin32ErrorAndNtStatusFromNtStatus( IN NTSTATUS Status ); NTSYSAPI VOID NTAPI RtlRaiseException( IN PEXCEPTION_RECORD ExceptionRecord ); NTSYSAPI VOID NTAPI RtlRaiseStatus( IN NTSTATUS Status ); NTSYSAPI LONG NTAPI RtlUnhandledExceptionFilter( IN struct _EXCEPTION_POINTERS* ExceptionInfo ); NTSYSAPI VOID NTAPI RtlUnwind( IN PVOID TargetFrame OPTIONAL, IN PVOID TargetIp OPTIONAL, IN PEXCEPTION_RECORD ExceptionRecord OPTIONAL, IN PVOID ReturnValue ); // // Tracing Functions // NTSYSAPI ULONG NTAPI RtlWalkFrameChain( OUT PVOID *Callers, IN ULONG Count, IN ULONG Flags ); NTSYSAPI USHORT NTAPI RtlLogStackBackTrace( VOID ); // // Heap Functions // NTSYSAPI PVOID NTAPI RtlAllocateHeap( IN HANDLE HeapHandle, IN ULONG Flags, IN ULONG Size ); NTSYSAPI PVOID NTAPI RtlCreateHeap( IN ULONG Flags, IN PVOID BaseAddress OPTIONAL, IN SIZE_T SizeToReserve OPTIONAL, IN SIZE_T SizeToCommit OPTIONAL, IN PVOID Lock OPTIONAL, IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL ); NTSYSAPI ULONG NTAPI RtlCreateTagHeap( IN HANDLE HeapHandle, IN ULONG Flags, IN PWSTR TagName, IN PWSTR TagSubName ); ULONG NTAPI RtlCompactHeap( HANDLE Heap, ULONG Flags ); NTSYSAPI PVOID NTAPI RtlDebugCreateHeap( IN ULONG Flags, IN PVOID BaseAddress OPTIONAL, IN SIZE_T SizeToReserve OPTIONAL, IN SIZE_T SizeToCommit OPTIONAL, IN PVOID Lock OPTIONAL, IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL ); NTSYSAPI HANDLE NTAPI RtlDestroyHeap( IN HANDLE Heap ); NTSYSAPI ULONG NTAPI RtlExtendHeap( IN HANDLE Heap, IN ULONG Flags, IN PVOID P, IN ULONG Size ); NTSYSAPI BOOLEAN NTAPI RtlFreeHeap( IN HANDLE HeapHandle, IN ULONG Flags, IN PVOID P ); NTSYSAPI ULONG NTAPI RtlGetNtGlobalFlags( VOID ); ULONG NTAPI RtlGetProcessHeaps( ULONG HeapCount, HANDLE *HeapArray ); BOOLEAN NTAPI RtlGetUserInfoHeap( IN PVOID HeapHandle, IN ULONG Flags, IN PVOID BaseAddress, OUT PVOID *UserValue, OUT PULONG UserFlags ); NTSYSAPI PWSTR NTAPI RtlQueryTagHeap( IN PVOID HeapHandle, IN ULONG Flags, IN USHORT TagIndex, IN BOOLEAN ResetCounters, OUT PRTL_HEAP_TAG_INFO HeapTagInfo ); NTSYSAPI PVOID NTAPI RtlReAllocateHeap( HANDLE Heap, ULONG Flags, PVOID Ptr, SIZE_T Size ); NTSYSAPI BOOLEAN NTAPI RtlLockHeap( IN HANDLE Heap ); NTSYSAPI NTSTATUS NTAPI RtlUsageHeap( IN HANDLE Heap, IN ULONG Flags, OUT PRTL_HEAP_USAGE Usage ); NTSYSAPI BOOLEAN NTAPI RtlUnlockHeap( IN HANDLE Heap ); BOOLEAN NTAPI RtlSetUserValueHeap( IN PVOID HeapHandle, IN ULONG Flags, IN PVOID BaseAddress, IN PVOID UserValue ); NTSYSAPI ULONG NTAPI RtlSizeHeap( IN PVOID HeapHandle, IN ULONG Flags, IN PVOID MemoryPointer ); NTSYSAPI BOOLEAN NTAPI RtlValidateHeap( HANDLE Heap, ULONG Flags, PVOID P ); #define RtlGetProcessHeap() (NtCurrentPeb()->ProcessHeap) // // Security Functions // NTSYSAPI NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD( IN PSECURITY_DESCRIPTOR AbsoluteSecurityDescriptor, IN OUT PSECURITY_DESCRIPTOR SelfRelativeSecurityDescriptor, IN PULONG BufferLength ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAce( PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedAceEx( IN OUT PACL pAcl, IN ULONG dwAceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN PSID pSid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessAllowedObjectAce( IN OUT PACL pAcl, IN ULONG dwAceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID pSid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAce( PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedAceEx( IN OUT PACL Acl, IN ULONG Revision, IN ULONG Flags, IN ACCESS_MASK AccessMask, IN PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlAddAccessDeniedObjectAce( IN OUT PACL pAcl, IN ULONG dwAceRevision, IN ULONG AceFlags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID pSid ); NTSYSAPI NTSTATUS NTAPI RtlAddAce( PACL Acl, ULONG AceRevision, ULONG StartingAceIndex, PVOID AceList, ULONG AceListLength ); NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAce( PACL Acl, ULONG Revision, ACCESS_MASK AccessMask, PSID Sid, BOOLEAN Success, BOOLEAN Failure ); NTSYSAPI NTSTATUS NTAPI RtlAcquirePrivilege( IN PULONG Privilege, IN ULONG NumPriv, IN ULONG Flags, OUT PVOID *ReturnedState ); NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessAceEx( IN OUT PACL Acl, IN ULONG Revision, IN ULONG Flags, IN ACCESS_MASK AccessMask, IN PSID Sid, IN BOOLEAN Success, IN BOOLEAN Failure ); NTSYSAPI NTSTATUS NTAPI RtlAddAuditAccessObjectAce( IN OUT PACL Acl, IN ULONG Revision, IN ULONG Flags, IN ACCESS_MASK AccessMask, IN GUID *ObjectTypeGuid OPTIONAL, IN GUID *InheritedObjectTypeGuid OPTIONAL, IN PSID Sid, IN BOOLEAN Success, IN BOOLEAN Failure ); NTSYSAPI NTSTATUS NTAPI RtlAddMandatoryAce( IN OUT PACL Acl, IN ULONG Revision, IN ULONG Flags, IN ULONG MandatoryFlags, IN ULONG AceType, IN PSID LabelSid); NTSYSAPI NTSTATUS NTAPI RtlAdjustPrivilege( IN ULONG Privilege, IN BOOLEAN NewValue, IN BOOLEAN ForThread, OUT PBOOLEAN OldValue ); NTSYSAPI NTSTATUS NTAPI RtlAllocateAndInitializeSid( IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount, IN ULONG SubAuthority0, IN ULONG SubAuthority1, IN ULONG SubAuthority2, IN ULONG SubAuthority3, IN ULONG SubAuthority4, IN ULONG SubAuthority5, IN ULONG SubAuthority6, IN ULONG SubAuthority7, OUT PSID *Sid ); NTSYSAPI BOOLEAN NTAPI RtlAreAllAccessesGranted( ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess ); NTSYSAPI BOOLEAN NTAPI RtlAreAnyAccessesGranted( ACCESS_MASK GrantedAccess, ACCESS_MASK DesiredAccess ); NTSYSAPI VOID NTAPI RtlCopyLuid( IN PLUID LuidDest, IN PLUID LuidSrc ); NTSYSAPI VOID NTAPI RtlCopyLuidAndAttributesArray( ULONG Count, PLUID_AND_ATTRIBUTES Src, PLUID_AND_ATTRIBUTES Dest ); NTSYSAPI NTSTATUS NTAPI RtlCopySidAndAttributesArray( ULONG Count, PSID_AND_ATTRIBUTES Src, ULONG SidAreaSize, PSID_AND_ATTRIBUTES Dest, PVOID SidArea, PVOID* RemainingSidArea, PULONG RemainingSidAreaSize ); NTSYSAPI NTSTATUS NTAPI RtlConvertSidToUnicodeString( OUT PUNICODE_STRING DestinationString, IN PSID Sid, IN BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlCopySid( IN ULONG Length, IN PSID Destination, IN PSID Source ); NTSYSAPI NTSTATUS NTAPI RtlCreateAcl( PACL Acl, ULONG AclSize, ULONG AclRevision ); NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptor( OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN ULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlCreateSecurityDescriptorRelative( OUT PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptor, IN ULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlCopySecurityDescriptor( IN PSECURITY_DESCRIPTOR pSourceSecurityDescriptor, OUT PSECURITY_DESCRIPTOR pDestinationSecurityDescriptor ); NTSYSAPI NTSTATUS NTAPI RtlDeleteAce( PACL Acl, ULONG AceIndex ); NTSYSAPI BOOLEAN NTAPI RtlEqualPrefixSid( PSID Sid1, PSID Sid2 ); NTSYSAPI BOOLEAN NTAPI RtlEqualSid ( IN PSID Sid1, IN PSID Sid2 ); NTSYSAPI BOOLEAN NTAPI RtlFirstFreeAce( PACL Acl, PACE* Ace ); NTSYSAPI PVOID NTAPI RtlFreeSid ( IN PSID Sid ); NTSYSAPI NTSTATUS NTAPI RtlGetAce( PACL Acl, ULONG AceIndex, PVOID *Ace ); NTSYSAPI NTSTATUS NTAPI RtlGetControlSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSECURITY_DESCRIPTOR_CONTROL Control, OUT PULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlGetDaclSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PBOOLEAN DaclPresent, OUT PACL *Dacl, OUT PBOOLEAN DaclDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlGetSaclSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PBOOLEAN SaclPresent, OUT PACL* Sacl, OUT PBOOLEAN SaclDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlGetGroupSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Group, OUT PBOOLEAN GroupDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PSID *Owner, OUT PBOOLEAN OwnerDefaulted ); NTSYSAPI BOOLEAN NTAPI RtlGetSecurityDescriptorRMControl( IN PSECURITY_DESCRIPTOR SecurityDescriptor, OUT PUCHAR RMControl ); NTSYSAPI PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid(PSID Sid); NTSYSAPI NTSTATUS NTAPI RtlImpersonateSelf(IN SECURITY_IMPERSONATION_LEVEL ImpersonationLevel); NTSYSAPI NTSTATUS NTAPI RtlInitializeSid( IN OUT PSID Sid, IN PSID_IDENTIFIER_AUTHORITY IdentifierAuthority, IN UCHAR SubAuthorityCount ); NTSYSAPI ULONG NTAPI RtlLengthRequiredSid(IN ULONG SubAuthorityCount); NTSYSAPI ULONG NTAPI RtlLengthSid(IN PSID Sid); NTSYSAPI NTSTATUS NTAPI RtlMakeSelfRelativeSD( IN PSECURITY_DESCRIPTOR AbsoluteSD, OUT PSECURITY_DESCRIPTOR SelfRelativeSD, IN OUT PULONG BufferLength); NTSYSAPI VOID NTAPI RtlMapGenericMask( PACCESS_MASK AccessMask, PGENERIC_MAPPING GenericMapping ); NTSYSAPI NTSTATUS NTAPI RtlQueryInformationAcl( PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass ); NTSYSAPI VOID NTAPI RtlReleasePrivilege( IN PVOID ReturnedState ); NTSYSAPI NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD( IN PSECURITY_DESCRIPTOR SelfRelativeSD, OUT PSECURITY_DESCRIPTOR AbsoluteSD, IN PULONG AbsoluteSDSize, IN PACL Dacl, IN PULONG DaclSize, IN PACL Sacl, IN PULONG SaclSize, IN PSID Owner, IN PULONG OwnerSize, IN PSID PrimaryGroup, IN PULONG PrimaryGroupSize ); NTSYSAPI NTSTATUS NTAPI RtlSelfRelativeToAbsoluteSD2( IN OUT PSECURITY_DESCRIPTOR SelfRelativeSD, OUT PULONG BufferSize ); NTSYSAPI NTSTATUS NTAPI RtlSetAttributesSecurityDescriptor( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN SECURITY_DESCRIPTOR_CONTROL Control, OUT PULONG Revision ); NTSYSAPI NTSTATUS NTAPI RtlSetControlSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN SECURITY_DESCRIPTOR_CONTROL ControlBitsOfInterest, IN SECURITY_DESCRIPTOR_CONTROL ControlBitsToSet ); NTSYSAPI NTSTATUS NTAPI RtlSetDaclSecurityDescriptor ( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN DaclPresent, IN PACL Dacl, IN BOOLEAN DaclDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlSetGroupSecurityDescriptor( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Group, IN BOOLEAN GroupDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlSetInformationAcl( PACL Acl, PVOID Information, ULONG InformationLength, ACL_INFORMATION_CLASS InformationClass ); NTSYSAPI NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID Owner, IN BOOLEAN OwnerDefaulted ); NTSYSAPI NTSTATUS NTAPI RtlSetSaclSecurityDescriptor( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN SaclPresent, IN PACL Sacl, IN BOOLEAN SaclDefaulted ); NTSYSAPI VOID NTAPI RtlSetSecurityDescriptorRMControl( IN OUT PSECURITY_DESCRIPTOR SecurityDescriptor, IN PUCHAR RMControl ); NTSYSAPI PUCHAR NTAPI RtlSubAuthorityCountSid( IN PSID Sid ); NTSYSAPI PULONG NTAPI RtlSubAuthoritySid( IN PSID Sid, IN ULONG SubAuthority ); NTSYSAPI BOOLEAN NTAPI RtlValidRelativeSecurityDescriptor( IN PSECURITY_DESCRIPTOR SecurityDescriptorInput, IN ULONG SecurityDescriptorLength, IN SECURITY_INFORMATION RequiredInformation ); NTSYSAPI BOOLEAN NTAPI RtlValidSecurityDescriptor(IN PSECURITY_DESCRIPTOR SecurityDescriptor); NTSYSAPI BOOLEAN NTAPI RtlValidSid(IN PSID Sid); NTSYSAPI BOOLEAN NTAPI RtlValidAcl(PACL Acl); NTSYSAPI NTSTATUS NTAPI RtlDeleteSecurityObject( IN PSECURITY_DESCRIPTOR *ObjectDescriptor ); NTSYSAPI NTSTATUS NTAPI RtlNewSecurityObject( IN PSECURITY_DESCRIPTOR ParentDescriptor, IN PSECURITY_DESCRIPTOR CreatorDescriptor, OUT PSECURITY_DESCRIPTOR *NewDescriptor, IN BOOLEAN IsDirectoryObject, IN HANDLE Token, IN PGENERIC_MAPPING GenericMapping ); NTSYSAPI NTSTATUS NTAPI RtlQuerySecurityObject( IN PSECURITY_DESCRIPTOR ObjectDescriptor, IN SECURITY_INFORMATION SecurityInformation, OUT PSECURITY_DESCRIPTOR ResultantDescriptor, IN ULONG DescriptorLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI RtlSetSecurityObject( IN SECURITY_INFORMATION SecurityInformation, IN PSECURITY_DESCRIPTOR ModificationDescriptor, OUT PSECURITY_DESCRIPTOR *ObjectsSecurityDescriptor, IN PGENERIC_MAPPING GenericMapping, IN HANDLE Token ); // // Single-Character Functions // NTSYSAPI NTSTATUS NTAPI RtlLargeIntegerToChar( IN PLARGE_INTEGER Value, IN ULONG Base, IN ULONG Length, IN OUT PCHAR String ); NTSYSAPI CHAR NTAPI RtlUpperChar(CHAR Source); NTSYSAPI WCHAR NTAPI RtlUpcaseUnicodeChar(WCHAR Source); NTSYSAPI WCHAR NTAPI RtlDowncaseUnicodeChar(IN WCHAR Source); NTSYSAPI NTSTATUS NTAPI RtlIntegerToChar( IN ULONG Value, IN ULONG Base, IN ULONG Length, IN OUT PCHAR String ); NTSYSAPI NTSTATUS NTAPI RtlIntegerToUnicode( IN ULONG Value, IN ULONG Base OPTIONAL, IN ULONG Length OPTIONAL, IN OUT LPWSTR String ); NTSYSAPI NTSTATUS NTAPI RtlIntegerToUnicodeString( IN ULONG Value, IN ULONG Base, IN OUT PUNICODE_STRING String ); NTSYSAPI NTSTATUS NTAPI RtlCharToInteger( PCSZ String, ULONG Base, PULONG Value ); // // Byte Swap Functions // #if (defined(_M_IX86) && (_MSC_FULL_VER > 13009037)) || \ ((defined(_M_AMD64) || \ defined(_M_IA64)) && (_MSC_FULL_VER > 13009175)) unsigned short __cdecl _byteswap_ushort(unsigned short); unsigned long __cdecl _byteswap_ulong (unsigned long); unsigned __int64 __cdecl _byteswap_uint64(unsigned __int64); #pragma intrinsic(_byteswap_ushort) #pragma intrinsic(_byteswap_ulong) #pragma intrinsic(_byteswap_uint64) #define RtlUshortByteSwap(_x) _byteswap_ushort((USHORT)(_x)) #define RtlUlongByteSwap(_x) _byteswap_ulong((_x)) #define RtlUlonglongByteSwap(_x) _byteswap_uint64((_x)) #else NTSYSAPI USHORT FASTCALL RtlUshortByteSwap(IN USHORT Source); NTSYSAPI ULONG FASTCALL RtlUlongByteSwap(IN ULONG Source); NTSYSAPI ULONGLONG FASTCALL RtlUlonglongByteSwap(IN ULONGLONG Source); #endif // // Unicode->Ansi String Functions // NTSYSAPI ULONG NTAPI RtlxUnicodeStringToAnsiSize(IN PCUNICODE_STRING UnicodeString); #ifdef NTOS_MODE_USER #define RtlUnicodeStringToAnsiSize(STRING) ( \ NLS_MB_CODE_PAGE_TAG ? \ RtlxUnicodeStringToAnsiSize(STRING) : \ ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ ) #endif NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToAnsiString( PANSI_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); // // Unicode->OEM String Functions // NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToOemString( POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToAnsiString( PANSI_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeStringToCountedOemString( IN OUT POEM_STRING DestinationString, IN PCUNICODE_STRING SourceString, IN BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToOemString( POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToOemN( PCHAR OemString, ULONG OemSize, PULONG ResultSize, PWCHAR UnicodeString, ULONG UnicodeSize ); NTSYSAPI ULONG NTAPI RtlxUnicodeStringToOemSize(IN PCUNICODE_STRING UnicodeString); #ifdef NTOS_MODE_USER #define RtlUnicodeStringToOemSize(STRING) ( \ NLS_MB_OEM_CODE_PAGE_TAG ? \ RtlxUnicodeStringToOemSize(STRING) : \ ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \ ) #define RtlUnicodeStringToCountedOemSize(STRING) ( \ (ULONG)(RtlUnicodeStringToOemSize(STRING) - sizeof(ANSI_NULL)) \ ) #endif NTSYSAPI NTSTATUS NTAPI RtlUnicodeToOemN( PCHAR OemString, ULONG OemSize, PULONG ResultSize, PWCHAR UnicodeString, ULONG UnicodeSize ); // // Unicode->MultiByte String Functions // NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteN( PCHAR MbString, ULONG MbSize, PULONG ResultSize, PWCHAR UnicodeString, ULONG UnicodeSize ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeToMultiByteN( PCHAR MbString, ULONG MbSize, PULONG ResultSize, PWCHAR UnicodeString, ULONG UnicodeSize ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeToMultiByteSize( PULONG MbSize, PWCHAR UnicodeString, ULONG UnicodeSize ); NTSYSAPI ULONG NTAPI RtlxOemStringToUnicodeSize(IN PCOEM_STRING OemString); // // OEM to Unicode Functions // NTSYSAPI NTSTATUS NTAPI RtlOemStringToUnicodeString( PUNICODE_STRING DestinationString, PCOEM_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlOemToUnicodeN( PWSTR UnicodeString, ULONG MaxBytesInUnicodeString, PULONG BytesInUnicodeString, IN PCHAR OemString, ULONG BytesInOemString ); #ifdef NTOS_MODE_USER #define RtlOemStringToUnicodeSize(STRING) ( \ NLS_MB_OEM_CODE_PAGE_TAG ? \ RtlxOemStringToUnicodeSize(STRING) : \ ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ ) #define RtlOemStringToCountedUnicodeSize(STRING) ( \ (ULONG)(RtlOemStringToUnicodeSize(STRING) - sizeof(UNICODE_NULL)) \ ) #endif // // Ansi->Unicode String Functions // NTSYSAPI ULONG NTAPI RtlxAnsiStringToUnicodeSize( PCANSI_STRING AnsiString ); NTSYSAPI NTSTATUS NTAPI RtlAnsiStringToUnicodeString( PUNICODE_STRING DestinationString, PCANSI_STRING SourceString, BOOLEAN AllocateDestinationString ); #ifdef NTOS_MODE_USER #define RtlAnsiStringToUnicodeSize(STRING) ( \ NLS_MB_CODE_PAGE_TAG ? \ RtlxAnsiStringToUnicodeSize(STRING) : \ ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \ ) #endif NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz( OUT PUNICODE_STRING Destination, IN PCSZ Source ); // // Unicode String Functions // NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeToString( PUNICODE_STRING Destination, PCWSTR Source ); NTSYSAPI NTSTATUS NTAPI RtlAppendUnicodeStringToString( PUNICODE_STRING Destination, PCUNICODE_STRING Source ); NTSYSAPI LONG NTAPI RtlCompareUnicodeString( PCUNICODE_STRING String1, PCUNICODE_STRING String2, BOOLEAN CaseInsensitive ); NTSYSAPI VOID NTAPI RtlCopyUnicodeString( PUNICODE_STRING DestinationString, PCUNICODE_STRING SourceString ); NTSYSAPI BOOLEAN NTAPI RtlCreateUnicodeString( PUNICODE_STRING DestinationString, PCWSTR SourceString ); #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlDowncaseUnicodeString( IN OUT PUNICODE_STRING UniDest, IN PCUNICODE_STRING UniSource, IN BOOLEAN AllocateDestinationString ); #endif NTSYSAPI NTSTATUS NTAPI RtlDuplicateUnicodeString( IN ULONG Flags, IN PCUNICODE_STRING SourceString, OUT PUNICODE_STRING DestinationString ); NTSYSAPI BOOLEAN NTAPI RtlEqualUnicodeString( PCUNICODE_STRING String1, PCUNICODE_STRING String2, BOOLEAN CaseInsensitive ); NTSYSAPI NTSTATUS NTAPI RtlFindCharInUnicodeString( IN ULONG Flags, IN PUNICODE_STRING SearchString, IN PCUNICODE_STRING MatchString, OUT PUSHORT Position ); NTSYSAPI VOID NTAPI RtlFreeUnicodeString(IN PUNICODE_STRING UnicodeString); NTSYSAPI NTSTATUS NTAPI RtlHashUnicodeString( IN CONST UNICODE_STRING *String, IN BOOLEAN CaseInSensitive, IN ULONG HashAlgorithm, OUT PULONG HashValue ); NTSYSAPI VOID NTAPI RtlInitUnicodeString( IN OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString ); NTSYSAPI NTSTATUS NTAPI RtlInitUnicodeStringEx( OUT PUNICODE_STRING DestinationString, IN PCWSTR SourceString OPTIONAL ); NTSYSAPI ULONG NTAPI RtlIsTextUnicode( PVOID Buffer, ULONG Length, ULONG *Flags ); NTSYSAPI BOOLEAN NTAPI RtlPrefixString( PCANSI_STRING String1, PCANSI_STRING String2, BOOLEAN CaseInsensitive ); NTSYSAPI BOOLEAN NTAPI RtlPrefixUnicodeString( PCUNICODE_STRING String1, PCUNICODE_STRING String2, BOOLEAN CaseInsensitive ); NTSYSAPI NTSTATUS NTAPI RtlUpcaseUnicodeString( PUNICODE_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString ); NTSYSAPI NTSTATUS NTAPI RtlUnicodeStringToInteger( PCUNICODE_STRING String, ULONG Base, PULONG Value ); NTSYSAPI NTSTATUS NTAPI RtlValidateUnicodeString( IN ULONG Flags, IN PCUNICODE_STRING String ); // // Ansi String Functions // NTSYSAPI VOID NTAPI RtlFreeAnsiString(IN PANSI_STRING AnsiString); NTSYSAPI VOID NTAPI RtlInitAnsiString( PANSI_STRING DestinationString, PCSZ SourceString ); // // OEM String Functions // NTSYSAPI VOID NTAPI RtlFreeOemString(IN POEM_STRING OemString); // // MultiByte->Unicode String Functions // NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeN( PWCHAR UnicodeString, ULONG UnicodeSize, PULONG ResultSize, PCSTR MbString, ULONG MbSize ); NTSYSAPI NTSTATUS NTAPI RtlMultiByteToUnicodeSize( PULONG UnicodeSize, PCSTR MbString, ULONG MbSize ); // // Atom Functions // NTSYSAPI NTSTATUS NTAPI RtlAddAtomToAtomTable( IN PRTL_ATOM_TABLE AtomTable, IN PWSTR AtomName, OUT PRTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI RtlCreateAtomTable( IN ULONG TableSize, IN OUT PRTL_ATOM_TABLE *AtomTable ); NTSYSAPI NTSTATUS NTAPI RtlDeleteAtomFromAtomTable( IN PRTL_ATOM_TABLE AtomTable, IN RTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI RtlDestroyAtomTable(IN PRTL_ATOM_TABLE AtomTable); NTSYSAPI NTSTATUS NTAPI RtlQueryAtomInAtomTable( IN PRTL_ATOM_TABLE AtomTable, IN RTL_ATOM Atom, IN OUT PULONG RefCount OPTIONAL, IN OUT PULONG PinCount OPTIONAL, IN OUT PWSTR AtomName OPTIONAL, IN OUT PULONG NameLength OPTIONAL ); NTSYSAPI NTSTATUS NTAPI RtlPinAtomInAtomTable( IN PRTL_ATOM_TABLE AtomTable, IN RTL_ATOM Atom ); NTSYSAPI NTSTATUS NTAPI RtlLookupAtomInAtomTable( IN PRTL_ATOM_TABLE AtomTable, IN PWSTR AtomName, OUT PRTL_ATOM Atom ); // // Memory Functions // NTSYSAPI VOID NTAPI RtlFillMemoryUlong( IN PVOID Destination, IN ULONG Length, IN ULONG Fill ); // // Process Management Functions // NTSYSAPI VOID NTAPI RtlAcquirePebLock(VOID); NTSYSAPI NTSTATUS NTAPI RtlCreateProcessParameters ( OUT PRTL_USER_PROCESS_PARAMETERS *ProcessParameters, IN PUNICODE_STRING ImagePathName OPTIONAL, IN PUNICODE_STRING DllPath OPTIONAL, IN PUNICODE_STRING CurrentDirectory OPTIONAL, IN PUNICODE_STRING CommandLine OPTIONAL, IN PWSTR Environment OPTIONAL, IN PUNICODE_STRING WindowTitle OPTIONAL, IN PUNICODE_STRING DesktopInfo OPTIONAL, IN PUNICODE_STRING ShellInfo OPTIONAL, IN PUNICODE_STRING RuntimeInfo OPTIONAL ); NTSYSAPI NTSTATUS NTAPI RtlCreateUserProcess( IN PUNICODE_STRING ImageFileName, IN ULONG Attributes, IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters, IN PSECURITY_DESCRIPTOR ProcessSecutityDescriptor OPTIONAL, IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor OPTIONAL, IN HANDLE ParentProcess OPTIONAL, IN BOOLEAN CurrentDirectory, IN HANDLE DebugPort OPTIONAL, IN HANDLE ExceptionPort OPTIONAL, OUT PRTL_USER_PROCESS_INFORMATION ProcessInfo ); NTSYSAPI NTSTATUS NTAPI RtlCreateUserThread( IN HANDLE ProcessHandle, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN BOOLEAN CreateSuspended, IN ULONG StackZeroBits, IN SIZE_T StackReserve, IN SIZE_T StackCommit, IN PTHREAD_START_ROUTINE StartAddress, IN PVOID Parameter, IN OUT PHANDLE ThreadHandle, IN OUT PCLIENT_ID ClientId ); NTSYSAPI PRTL_USER_PROCESS_PARAMETERS NTAPI RtlDeNormalizeProcessParams(IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters); NTSYSAPI NTSTATUS NTAPI RtlDestroyProcessParameters(IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters); NTSYSAPI VOID NTAPI RtlExitUserThread(NTSTATUS Status); NTSYSAPI VOID NTAPI RtlInitializeContext( IN HANDLE ProcessHandle, OUT PCONTEXT ThreadContext, IN PVOID ThreadStartParam OPTIONAL, IN PTHREAD_START_ROUTINE ThreadStartAddress, IN PINITIAL_TEB InitialTeb ); NTSYSAPI PRTL_USER_PROCESS_PARAMETERS NTAPI RtlNormalizeProcessParams(IN PRTL_USER_PROCESS_PARAMETERS ProcessParameters); NTSYSAPI VOID NTAPI RtlReleasePebLock(VOID); NTSYSAPI VOID NTAPI RtlSetProcessIsCritical( IN BOOLEAN NewValue, OUT PBOOLEAN OldValue OPTIONAL, IN BOOLEAN IsWinlogon ); #define NtCurrentPeb() (NtCurrentTeb()->ProcessEnvironmentBlock) // // Thread Pool Functions // NTSYSAPI NTSTATUS NTAPI RtlQueueWorkItem( IN WORKERCALLBACKFUNC Function, IN PVOID Context OPTIONAL, IN ULONG Flags ); // // Environment/Path Functions // NTSYSAPI NTSTATUS NTAPI RtlCreateEnvironment( BOOLEAN Inherit, PWSTR *Environment ); NTSYSAPI NTSTATUS NTAPI RtlComputePrivatizedDllName_U( IN PUNICODE_STRING DllName, OUT PUNICODE_STRING RealName, OUT PUNICODE_STRING LocalName ); NTSYSAPI VOID NTAPI RtlDestroyEnvironment( IN PWSTR Environment ); NTSYSAPI BOOLEAN NTAPI RtlDoesFileExists_U( IN PCWSTR FileName ); NTSYSAPI BOOLEAN NTAPI RtlDoesFileExists_UstrEx( IN PCUNICODE_STRING FileName, IN BOOLEAN SucceedIfBusy ); NTSYSAPI ULONG NTAPI RtlDetermineDosPathNameType_U( IN PCWSTR Path ); NTSYSAPI ULONG NTAPI RtlDetermineDosPathNameType_Ustr( IN PCUNICODE_STRING Path ); NTSYSAPI ULONG NTAPI RtlDosSearchPath_U( IN PCWSTR Path, IN PCWSTR FileName, IN PCWSTR Extension, IN ULONG BufferSize, OUT PWSTR Buffer, OUT PWSTR *PartName ); NTSYSAPI BOOLEAN NTAPI RtlDosPathNameToNtPathName_U( IN PCWSTR DosPathName, OUT PUNICODE_STRING NtPathName, OUT PCWSTR *NtFileNamePart, OUT CURDIR *DirectoryInfo ); NTSYSAPI NTSTATUS NTAPI RtlExpandEnvironmentStrings_U( PWSTR Environment, PUNICODE_STRING Source, PUNICODE_STRING Destination, PULONG Length ); NTSYSAPI ULONG NTAPI RtlGetCurrentDirectory_U( ULONG MaximumLength, PWSTR Buffer ); NTSYSAPI ULONG NTAPI RtlGetFullPathName_U( IN PCWSTR FileName, IN ULONG Size, IN PWSTR Buffer, OUT PWSTR *ShortName ); NTSYSAPI ULONG NTAPI RtlGetFullPathName_Ustr( IN PUNICODE_STRING FileName, IN ULONG Size, IN PWSTR Buffer, OUT PWSTR *ShortName, OUT PBOOLEAN InvalidName, OUT RTL_PATH_TYPE *PathType ); NTSYSAPI ULONG NTAPI RtlIsDosDeviceName_U( IN PWSTR Name ); NTSYSAPI ULONG NTAPI RtlIsDosDeviceName_Ustr( IN PUNICODE_STRING Name ); NTSYSAPI BOOLEAN NTAPI RtlIsNameLegalDOS8Dot3( IN PCUNICODE_STRING Name, IN OUT POEM_STRING OemName OPTIONAL, IN OUT PBOOLEAN NameContainsSpaces OPTIONAL ); NTSYSAPI NTSTATUS NTAPI RtlQueryEnvironmentVariable_U( PWSTR Environment, PUNICODE_STRING Name, PUNICODE_STRING Value ); NTSYSAPI NTSTATUS NTAPI RtlSetCurrentDirectory_U( IN PUNICODE_STRING name ); NTSYSAPI NTSTATUS NTAPI RtlSetEnvironmentVariable( PWSTR *Environment, PUNICODE_STRING Name, PUNICODE_STRING Value ); // // Critical Section/Resource Functions // NTSYSAPI NTSTATUS NTAPI RtlDeleteCriticalSection ( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlEnterCriticalSection( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSection( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlInitializeCriticalSectionAndSpinCount( IN PRTL_CRITICAL_SECTION CriticalSection, IN ULONG SpinCount ); NTSYSAPI NTSTATUS NTAPI RtlLeaveCriticalSection( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI BOOLEAN NTAPI RtlTryEnterCriticalSection( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI VOID NTAPI RtlpUnWaitCriticalSection( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI NTSTATUS NTAPI RtlpWaitForCriticalSection( IN PRTL_CRITICAL_SECTION CriticalSection ); NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceExclusive( IN PRTL_RESOURCE Resource, IN BOOLEAN Wait ); NTSYSAPI BOOLEAN NTAPI RtlAcquireResourceShared( IN PRTL_RESOURCE Resource, IN BOOLEAN Wait ); NTSYSAPI VOID NTAPI RtlConvertExclusiveToShared( IN PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlConvertSharedToExclusive( IN PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlDeleteResource( IN PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlDumpResource( IN PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlInitializeResource( IN PRTL_RESOURCE Resource ); NTSYSAPI VOID NTAPI RtlReleaseResource( IN PRTL_RESOURCE Resource ); // // Compression Functions // NTSYSAPI NTSTATUS NTAPI RtlCompressBuffer( IN USHORT CompressionFormatAndEngine, IN PUCHAR UncompressedBuffer, IN ULONG UncompressedBufferSize, OUT PUCHAR CompressedBuffer, IN ULONG CompressedBufferSize, IN ULONG UncompressedChunkSize, OUT PULONG FinalCompressedSize, IN PVOID WorkSpace ); NTSYSAPI NTSTATUS NTAPI RtlDecompressBuffer( IN USHORT CompressionFormat, OUT PUCHAR UncompressedBuffer, IN ULONG UncompressedBufferSize, IN PUCHAR CompressedBuffer, IN ULONG CompressedBufferSize, OUT PULONG FinalUncompressedSize ); NTSYSAPI NTSTATUS NTAPI RtlGetCompressionWorkSpaceSize( IN USHORT CompressionFormatAndEngine, OUT PULONG CompressBufferWorkSpaceSize, OUT PULONG CompressFragmentWorkSpaceSize ); // // Debug Info Functions // NTSYSAPI PRTL_DEBUG_INFORMATION NTAPI RtlCreateQueryDebugBuffer( IN ULONG Size, IN BOOLEAN EventPair ); NTSYSAPI NTSTATUS NTAPI RtlDestroyQueryDebugBuffer(IN PRTL_DEBUG_INFORMATION DebugBuffer); NTSYSAPI NTSTATUS NTAPI RtlQueryProcessDebugInformation( IN ULONG ProcessId, IN ULONG DebugInfoClassMask, IN OUT PRTL_DEBUG_INFORMATION DebugBuffer ); // // Bitmap Functions // NTSYSAPI BOOLEAN NTAPI RtlAreBitsClear( IN PRTL_BITMAP BitMapHeader, IN ULONG StartingIndex, IN ULONG Length ); NTSYSAPI BOOLEAN NTAPI RtlAreBitsSet( IN PRTL_BITMAP BitMapHeader, IN ULONG StartingIndex, IN ULONG Length ); NTSYSAPI VOID NTAPI RtlClearBits( IN PRTL_BITMAP BitMapHeader, IN ULONG StartingIndex, IN ULONG NumberToClear ); NTSYSAPI ULONG NTAPI RtlFindClearBits( IN PRTL_BITMAP BitMapHeader, IN ULONG NumberToFind, IN ULONG HintIndex ); NTSYSAPI ULONG NTAPI RtlFindClearBitsAndSet( IN PRTL_BITMAP BitMapHeader, IN ULONG NumberToFind, IN ULONG HintIndex ); NTSYSAPI ULONG NTAPI RtlFindNextForwardRunClear( IN PRTL_BITMAP BitMapHeader, IN ULONG FromIndex, IN PULONG StartingRunIndex ); NTSYSAPI VOID NTAPI RtlInitializeBitMap( IN PRTL_BITMAP BitMapHeader, IN PULONG BitMapBuffer, IN ULONG SizeOfBitMap ); NTSYSAPI ULONG NTAPI RtlNumberOfSetBits( IN PRTL_BITMAP BitMapHeader ); NTSYSAPI VOID NTAPI RtlSetBit( PRTL_BITMAP BitMapHeader, ULONG BitNumber ); NTSYSAPI VOID NTAPI RtlSetBits( IN PRTL_BITMAP BitMapHeader, IN ULONG StartingIndex, IN ULONG NumberToSet ); NTSYSAPI VOID NTAPI RtlSetAllBits( PRTL_BITMAP BitMapHeader ); NTSYSAPI BOOLEAN NTAPI RtlTestBit( PRTL_BITMAP BitMapHeader, ULONG BitNumber ); // // Timer Functions // NTSYSAPI NTSTATUS NTAPI RtlCreateTimer( HANDLE TimerQueue, PHANDLE phNewTimer, WAITORTIMERCALLBACKFUNC Callback, PVOID Parameter, ULONG DueTime, ULONG Period, ULONG Flags ); NTSYSAPI NTSTATUS NTAPI RtlCreateTimerQueue(PHANDLE TimerQueue); NTSYSAPI NTSTATUS NTAPI RtlDeleteTimer( HANDLE TimerQueue, HANDLE Timer, HANDLE CompletionEvent ); NTSYSAPI NTSTATUS NTAPI RtlUpdateTimer( HANDLE TimerQueue, HANDLE Timer, ULONG DueTime, ULONG Period ); NTSYSAPI NTSTATUS NTAPI RtlDeleteTimerQueueEx( HANDLE TimerQueue, HANDLE CompletionEvent ); NTSYSAPI NTSTATUS NTAPI RtlDeleteTimerQueue(HANDLE TimerQueue); // // SList functions // PSLIST_ENTRY FASTCALL InterlockedPushListSList( IN PSLIST_HEADER ListHead, IN PSLIST_ENTRY List, IN PSLIST_ENTRY ListEnd, IN ULONG Count ); // // Range List functions // NTSYSAPI VOID NTAPI RtlFreeRangeList(IN PRTL_RANGE_LIST RangeList); // // Debug Functions // ULONG __cdecl DbgPrint( IN PCCH Format, IN ... ); NTSYSAPI ULONG __cdecl DbgPrintEx( IN ULONG ComponentId, IN ULONG Level, IN PCCH Format, IN ... ); VOID NTAPI DbgBreakPoint( VOID ); NTSTATUS NTAPI DbgLoadImageSymbols( IN PANSI_STRING Name, IN PVOID Base, IN ULONG_PTR ProcessId ); VOID NTAPI DbgUnLoadImageSymbols( IN PANSI_STRING Name, IN PVOID Base, IN ULONG_PTR ProcessId ); // // Generic Table Functions // #if defined(NTOS_MODE_USER) || !defined(_NTIFS_) PVOID NTAPI RtlInsertElementGenericTable( IN PRTL_GENERIC_TABLE Table, IN PVOID Buffer, IN ULONG BufferSize, OUT PBOOLEAN NewElement OPTIONAL ); PVOID NTAPI RtlInsertElementGenericTableFull( IN PRTL_GENERIC_TABLE Table, IN PVOID Buffer, IN ULONG BufferSize, OUT PBOOLEAN NewElement OPTIONAL, IN PVOID NodeOrParent, IN TABLE_SEARCH_RESULT SearchResult ); BOOLEAN NTAPI RtlIsGenericTableEmpty( IN PRTL_GENERIC_TABLE Table ); PVOID NTAPI RtlLookupElementGenericTableFull( IN PRTL_GENERIC_TABLE Table, IN PVOID Buffer, OUT PVOID *NodeOrParent, OUT TABLE_SEARCH_RESULT *SearchResult ); #endif // // Handle Table Functions // NTSYSAPI PRTL_HANDLE_TABLE_ENTRY NTAPI RtlAllocateHandle( IN PRTL_HANDLE_TABLE HandleTable, IN OUT PULONG Index ); NTSYSAPI VOID NTAPI RtlDestroyHandleTable(IN PRTL_HANDLE_TABLE HandleTable); NTSYSAPI BOOLEAN NTAPI RtlFreeHandle( IN PRTL_HANDLE_TABLE HandleTable, IN PRTL_HANDLE_TABLE_ENTRY Handle ); NTSYSAPI VOID NTAPI RtlInitializeHandleTable( IN ULONG TableSize, IN ULONG HandleSize, IN PRTL_HANDLE_TABLE HandleTable ); NTSYSAPI BOOLEAN NTAPI RtlIsValidHandle( IN PRTL_HANDLE_TABLE HandleTable, IN PRTL_HANDLE_TABLE_ENTRY Handle ); NTSYSAPI BOOLEAN NTAPI RtlIsValidIndexHandle( IN PRTL_HANDLE_TABLE HandleTable, IN ULONG Index, OUT PRTL_HANDLE_TABLE_ENTRY *Handle ); // // PE Functions // NTSYSAPI NTSTATUS NTAPI RtlFindMessage( IN PVOID BaseAddress, IN ULONG Type, IN ULONG Language, IN ULONG MessageId, OUT PRTL_MESSAGE_RESOURCE_ENTRY *MessageResourceEntry ); NTSYSAPI ULONG NTAPI RtlGetNtGlobalFlags(VOID); NTSYSAPI PVOID NTAPI RtlImageDirectoryEntryToData( PVOID BaseAddress, BOOLEAN MappedAsImage, USHORT Directory, PULONG Size ); NTSYSAPI PVOID NTAPI RtlImageRvaToVa( PIMAGE_NT_HEADERS NtHeader, PVOID BaseAddress, ULONG Rva, PIMAGE_SECTION_HEADER *SectionHeader ); NTSYSAPI PIMAGE_NT_HEADERS NTAPI RtlImageNtHeader(IN PVOID BaseAddress); NTSYSAPI NTSTATUS NTAPI RtlImageNtHeaderEx( IN ULONG Flags, IN PVOID BaseAddress, IN ULONGLONG Size, IN PIMAGE_NT_HEADERS *NtHeader ); NTSYSAPI PIMAGE_SECTION_HEADER NTAPI RtlImageRvaToSection( PIMAGE_NT_HEADERS NtHeader, PVOID BaseAddress, ULONG Rva ); NTSYSAPI ULONG NTAPI LdrRelocateImageWithBias( IN PVOID NewAddress, IN LONGLONG AdditionalBias, IN PCCH LoaderName, IN ULONG Success, IN ULONG Conflict, IN ULONG Invalid ); // // Activation Context Functions // #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlActivateActivationContextUnsafeFast( IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame, IN PVOID Context ); NTSYSAPI NTSTATUS NTAPI RtlAllocateActivationContextStack( IN PVOID *Context ); NTSYSAPI NTSTATUS NTAPI RtlGetActiveActivationContext( IN PVOID *Context ); NTSYSAPI VOID NTAPI RtlReleaseActivationContext( IN PVOID *Context ); NTSYSAPI NTSTATUS NTAPI RtlDeactivateActivationContextUnsafeFast( IN PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED Frame ); NTSYSAPI NTSTATUS NTAPI RtlDosApplyFileIsolationRedirection_Ustr( IN BOOLEAN Unknown, IN PUNICODE_STRING OriginalName, IN PUNICODE_STRING Extension, IN OUT PUNICODE_STRING RedirectedName, IN OUT PUNICODE_STRING RedirectedName2, IN OUT PUNICODE_STRING *OriginalName2, IN PVOID Unknown1, IN PVOID Unknown2, IN PVOID Unknown3 ); NTSYSAPI NTSTATUS NTAPI RtlFindActivationContextSectionString( IN PVOID Unknown0, IN PVOID Unknown1, IN ULONG SectionType, IN PUNICODE_STRING SectionName, IN PVOID Unknown2 ); #endif // // Registry Functions // NTSYSAPI NTSTATUS NTAPI RtlCheckRegistryKey( ULONG RelativeTo, PWSTR Path ); NTSYSAPI NTSTATUS NTAPI RtlCreateRegistryKey( IN ULONG RelativeTo, IN PWSTR Path ); NTSYSAPI NTSTATUS NTAPI RtlFormatCurrentUserKeyPath( IN OUT PUNICODE_STRING KeyPath ); NTSYSAPI NTSTATUS NTAPI RtlpNtOpenKey( OUT HANDLE KeyHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN ULONG Unused ); NTSYSAPI NTSTATUS NTAPI RtlOpenCurrentUser( IN ACCESS_MASK DesiredAccess, OUT PHANDLE KeyHandle ); NTSYSAPI NTSTATUS NTAPI RtlQueryRegistryValues( IN ULONG RelativeTo, IN PCWSTR Path, IN PRTL_QUERY_REGISTRY_TABLE QueryTable, IN PVOID Context, IN PVOID Environment ); NTSYSAPI NTSTATUS NTAPI RtlWriteRegistryValue( ULONG RelativeTo, PCWSTR Path, PCWSTR ValueName, ULONG ValueType, PVOID ValueData, ULONG ValueLength ); // // NLS Functions // NTSYSAPI VOID NTAPI RtlInitNlsTables( IN PUSHORT AnsiTableBase, IN PUSHORT OemTableBase, IN PUSHORT CaseTableBase, OUT PNLSTABLEINFO NlsTable ); NTSYSAPI VOID NTAPI RtlInitCodePageTable( IN PUSHORT TableBase, OUT PCPTABLEINFO CodePageTable ); NTSYSAPI VOID NTAPI RtlResetRtlTranslations(IN PNLSTABLEINFO NlsTable); #if defined(NTOS_MODE_USER) && !defined(NO_RTL_INLINES) // // Misc conversion functions // static __inline LARGE_INTEGER NTAPI_INLINE RtlConvertLongToLargeInteger( LONG SignedInteger ) { LARGE_INTEGER Result; Result.QuadPart = SignedInteger; return Result; } static __inline LARGE_INTEGER NTAPI_INLINE RtlEnlargedIntegerMultiply( LONG Multiplicand, LONG Multiplier ) { LARGE_INTEGER Product; Product.QuadPart = (LONGLONG)Multiplicand * (ULONGLONG)Multiplier; return Product; } static __inline ULONG NTAPI_INLINE RtlEnlargedUnsignedDivide( IN ULARGE_INTEGER Dividend, IN ULONG Divisor, IN PULONG Remainder OPTIONAL ) { ULONG Quotient; Quotient = (ULONG)(Dividend.QuadPart / Divisor); if (Remainder) { *Remainder = (ULONG)(Dividend.QuadPart % Divisor); } return Quotient; } static __inline LARGE_INTEGER NTAPI_INLINE RtlEnlargedUnsignedMultiply( ULONG Multiplicand, ULONG Multiplier ) { LARGE_INTEGER Product; Product.QuadPart = (ULONGLONG)Multiplicand * (ULONGLONG)Multiplier; return Product; } #endif NTSYSAPI ULONG NTAPI RtlUniform( IN PULONG Seed ); NTSYSAPI ULONG NTAPI RtlRandom( IN OUT PULONG Seed ); NTSYSAPI ULONG NTAPI RtlComputeCrc32( IN USHORT PartialCrc, IN PUCHAR Buffer, IN ULONG Length ); // // Network Functions // NTSYSAPI NTSTATUS NTAPI RtlIpv4StringToAddressW( IN PWCHAR String, IN UCHAR Strict, OUT PWCHAR Terminator, OUT struct in_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressA( IN PCHAR Name, OUT PCHAR *Terminator, OUT struct in6_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressW( IN PWCHAR Name, OUT PCHAR *Terminator, OUT struct in6_addr *Addr ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressExA( IN PCHAR AddressString, IN struct in6_addr *Address, IN PULONG ScopeId, IN PUSHORT Port ); NTSYSAPI NTSTATUS NTAPI RtlIpv6StringToAddressExW( IN PWCHAR AddressName, IN struct in6_addr *Address, IN PULONG ScopeId, IN PUSHORT Port ); // // Time Functions // NTSYSAPI NTSTATUS NTAPI RtlQueryTimeZoneInformation(PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); NTSYSAPI VOID NTAPI RtlSecondsSince1970ToTime( IN ULONG SecondsSince1970, OUT PLARGE_INTEGER Time ); NTSYSAPI NTSTATUS NTAPI RtlSetTimeZoneInformation(PRTL_TIME_ZONE_INFORMATION TimeZoneInformation); NTSYSAPI BOOLEAN NTAPI RtlTimeFieldsToTime( PTIME_FIELDS TimeFields, PLARGE_INTEGER Time ); NTSYSAPI VOID NTAPI RtlTimeToTimeFields( PLARGE_INTEGER Time, PTIME_FIELDS TimeFields ); NTSYSAPI NTSTATUS NTAPI RtlSystemTimeToLocalTime( IN PLARGE_INTEGER SystemTime, OUT PLARGE_INTEGER LocalTime ); // // Version Functions // NTSYSAPI NTSTATUS NTAPI RtlVerifyVersionInfo( IN PRTL_OSVERSIONINFOEXW VersionInfo, IN ULONG TypeMask, IN ULONGLONG ConditionMask ); NTSYSAPI NTSTATUS NTAPI RtlGetVersion(IN OUT PRTL_OSVERSIONINFOW lpVersionInformation); NTSYSAPI BOOLEAN NTAPI RtlGetNtProductType(OUT PNT_PRODUCT_TYPE ProductType); // // Secure Memory Functions // #ifdef NTOS_MODE_USER NTSYSAPI NTSTATUS NTAPI RtlRegisterSecureMemoryCacheCallback( IN PRTL_SECURE_MEMORY_CACHE_CALLBACK Callback); NTSYSAPI BOOLEAN NTAPI RtlFlushSecureMemoryCache( IN PVOID MemoryCache, IN OPTIONAL SIZE_T MemoryLength ); #endif #ifdef __cplusplus } #endif #endif ================================================ FILE: ndk/rtltypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: rtltypes.h Abstract: Type definitions for the Run-Time Library Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _RTLTYPES_H #define _RTLTYPES_H // // Dependencies // #include #include // // Maximum Atom Length // #define RTL_MAXIMUM_ATOM_LENGTH 255 // // Process Parameters Flags // #define RTL_USER_PROCESS_PARAMETERS_NORMALIZED 0x01 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_USER 0x02 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_SERVER 0x04 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_KERNEL 0x08 #define RTL_USER_PROCESS_PARAMETERS_UNKNOWN 0x10 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB 0x20 #define RTL_USER_PROCESS_PARAMETERS_DISABLE_HEAP_CHECKS 0x100 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_1 0x200 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_2 0x400 #define RTL_USER_PROCESS_PARAMETERS_PRIVATE_DLL_PATH 0x1000 #define RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH 0x2000 #define RTL_USER_PROCESS_PARAMETERS_NX 0x20000 // // Exception Flags // #define EXCEPTION_CHAIN_END ((PEXCEPTION_REGISTRATION_RECORD)-1) #define EXCEPTION_UNWINDING 0x02 #define EXCEPTION_EXIT_UNWIND 0x04 #define EXCEPTION_STACK_INVALID 0x08 #define EXCEPTION_UNWIND (EXCEPTION_UNWINDING + EXCEPTION_EXIT_UNWIND) #define EXCEPTION_NESTED_CALL 0x10 #define EXCEPTION_TARGET_UNWIND 0x20 #define EXCEPTION_COLLIDED_UNWIND 0x20 // // Range and Range List Flags // #define RTL_RANGE_LIST_ADD_IF_CONFLICT 0x00000001 #define RTL_RANGE_LIST_ADD_SHARED 0x00000002 #define RTL_RANGE_SHARED 0x01 #define RTL_RANGE_CONFLICT 0x02 // // Activation Context Frame Flags // #define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER \ 0x1 // // Public Heap Flags // #if !defined(NTOS_MODE_USER) && !defined(_NTIFS_) #define HEAP_NO_SERIALIZE 0x00000001 #define HEAP_GROWABLE 0x00000002 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 #define HEAP_ZERO_MEMORY 0x00000008 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 #define HEAP_CREATE_ALIGN_16 0x00010000 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 #endif // // User-Defined Heap Flags and Classes // #define HEAP_SETTABLE_USER_VALUE 0x00000100 #define HEAP_SETTABLE_USER_FLAG1 0x00000200 #define HEAP_SETTABLE_USER_FLAG2 0x00000400 #define HEAP_SETTABLE_USER_FLAG3 0x00000800 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 #define HEAP_CLASS_0 0x00000000 #define HEAP_CLASS_1 0x00001000 #define HEAP_CLASS_2 0x00002000 #define HEAP_CLASS_3 0x00003000 #define HEAP_CLASS_4 0x00004000 #define HEAP_CLASS_5 0x00005000 #define HEAP_CLASS_6 0x00006000 #define HEAP_CLASS_7 0x00007000 #define HEAP_CLASS_8 0x00008000 #define HEAP_CLASS_MASK 0x0000F000 // // Internal HEAP Structure Flags // #define HEAP_FLAG_PAGE_ALLOCS 0x01000000 #define HEAP_PROTECTION_ENABLED 0x02000000 #define HEAP_BREAK_WHEN_OUT_OF_VM 0x04000000 #define HEAP_NO_ALIGNMENT 0x08000000 #define HEAP_CAPTURE_STACK_BACKTRACES 0x08000000 #define HEAP_SKIP_VALIDATION_CHECKS 0x10000000 #define HEAP_VALIDATE_ALL_ENABLED 0x20000000 #define HEAP_VALIDATE_PARAMETERS_ENABLED 0x40000000 #define HEAP_LOCK_USER_ALLOCATED 0x80000000 // // Heap Validation Flags // #define HEAP_CREATE_VALID_MASK \ (HEAP_NO_SERIALIZE | \ HEAP_GROWABLE | \ HEAP_GENERATE_EXCEPTIONS | \ HEAP_ZERO_MEMORY | \ HEAP_REALLOC_IN_PLACE_ONLY | \ HEAP_TAIL_CHECKING_ENABLED | \ HEAP_FREE_CHECKING_ENABLED | \ HEAP_DISABLE_COALESCE_ON_FREE | \ HEAP_CLASS_MASK | \ HEAP_CREATE_ALIGN_16 | \ HEAP_CREATE_ENABLE_TRACING | \ HEAP_CREATE_ENABLE_EXECUTE) #ifdef C_ASSERT C_ASSERT(HEAP_CREATE_VALID_MASK == 0x0007F0FF); #endif // // Registry Keys // #define RTL_REGISTRY_ABSOLUTE 0 #define RTL_REGISTRY_SERVICES 1 #define RTL_REGISTRY_CONTROL 2 #define RTL_REGISTRY_WINDOWS_NT 3 #define RTL_REGISTRY_DEVICEMAP 4 #define RTL_REGISTRY_USER 5 #define RTL_REGISTRY_MAXIMUM 6 #define RTL_REGISTRY_HANDLE 0x40000000 #define RTL_REGISTRY_OPTIONAL 0x80000000 #define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 #define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 #define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 #define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 #define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 #define RTL_QUERY_REGISTRY_DIRECT 0x00000020 #define RTL_QUERY_REGISTRY_DELETE 0x00000040 // // Versioning // #define VER_MINORVERSION 0x0000001 #define VER_MAJORVERSION 0x0000002 #define VER_BUILDNUMBER 0x0000004 #define VER_PLATFORMID 0x0000008 #define VER_SERVICEPACKMINOR 0x0000010 #define VER_SERVICEPACKMAJOR 0x0000020 #define VER_SUITENAME 0x0000040 #define VER_PRODUCT_TYPE 0x0000080 #define VER_PLATFORM_WIN32s 0 #define VER_PLATFORM_WIN32_WINDOWS 1 #define VER_PLATFORM_WIN32_NT 2 #define VER_EQUAL 1 #define VER_GREATER 2 #define VER_GREATER_EQUAL 3 #define VER_LESS 4 #define VER_LESS_EQUAL 5 #define VER_AND 6 #define VER_OR 7 #define VER_CONDITION_MASK 7 #define VER_NUM_BITS_PER_CONDITION_MASK 3 // // Timezone IDs // #define TIME_ZONE_ID_UNKNOWN 0 #define TIME_ZONE_ID_STANDARD 1 #define TIME_ZONE_ID_DAYLIGHT 2 // // Maximum Path Length // #define MAX_PATH 260 // // RTL Lock Type (Critical Section or Resource) // #define RTL_CRITSECT_TYPE 0 #define RTL_RESOURCE_TYPE 1 // // RtlAcquirePrivileges Flags // #define RTL_ACQUIRE_PRIVILEGE_IMPERSONATE 1 #define RTL_ACQUIRE_PRIVILEGE_PROCESS 2 #ifdef NTOS_MODE_USER // // String Hash Algorithms // #define HASH_STRING_ALGORITHM_DEFAULT 0 #define HASH_STRING_ALGORITHM_X65599 1 #define HASH_STRING_ALGORITHM_INVALID 0xffffffff // // RtlDuplicateString Flags // #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 // // RtlFindCharInUnicodeString Flags // #define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 4 // // Codepages // #define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag #define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo // // C++ CONST casting // #if defined(__cplusplus) #define RTL_CONST_CAST(type) const_cast #else #define RTL_CONST_CAST(type) (type) #endif // // Constant String Macro // #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ { \ sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ sizeof(__SOURCE_STRING__), \ (__SOURCE_STRING__) \ } // // Constant Object Attributes Macro // #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) \ { \ sizeof(OBJECT_ATTRIBUTES), \ NULL, \ RTL_CONST_CAST(PUNICODE_STRING)(n), \ a, \ NULL, \ NULL \ } #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) \ RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) #else // // Message Resource Flag // #define MESSAGE_RESOURCE_UNICODE 0x0001 #endif #define MAXIMUM_LEADBYTES 12 // // RTL Debug Queries // #define RTL_DEBUG_QUERY_MODULES 0x01 #define RTL_DEBUG_QUERY_BACKTRACES 0x02 #define RTL_DEBUG_QUERY_HEAPS 0x04 #define RTL_DEBUG_QUERY_HEAP_TAGS 0x08 #define RTL_DEBUG_QUERY_HEAP_BLOCKS 0x10 #define RTL_DEBUG_QUERY_LOCKS 0x20 // // RTL Handle Flags // #define RTL_HANDLE_VALID 0x1 // // RTL Atom Flags // #define RTL_ATOM_IS_PINNED 0x1 // // Critical section lock bits // #define CS_LOCK_BIT 0x1 #define CS_LOCK_BIT_V 0x0 #define CS_LOCK_WAITER_WOKEN 0x2 #define CS_LOCK_WAITER_INC 0x4 // // Codepage Tags // #ifdef NTOS_MODE_USER extern BOOLEAN NTSYSAPI NLS_MB_CODE_PAGE_TAG; extern BOOLEAN NTSYSAPI NLS_MB_OEM_CODE_PAGE_TAG; // // Constant String Macro // #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ { \ sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ sizeof(__SOURCE_STRING__), \ (__SOURCE_STRING__) \ } #endif #ifdef NTOS_MODE_USER // // Table and Compare result types // typedef enum _TABLE_SEARCH_RESULT { TableEmptyTree, TableFoundNode, TableInsertAsLeft, TableInsertAsRight } TABLE_SEARCH_RESULT; typedef enum _RTL_GENERIC_COMPARE_RESULTS { GenericLessThan, GenericGreaterThan, GenericEqual } RTL_GENERIC_COMPARE_RESULTS; #else // // ACL Query Information Classes // typedef enum _ACL_INFORMATION_CLASS { AclRevisionInformation = 1, AclSizeInformation } ACL_INFORMATION_CLASS; #endif // // RTL Path Types // typedef enum _RTL_PATH_TYPE { RtlPathTypeUnknown, RtlPathTypeUncAbsolute, RtlPathTypeDriveAbsolute, RtlPathTypeDriveRelative, RtlPathTypeRooted, RtlPathTypeRelative, RtlPathTypeLocalDevice, RtlPathTypeRootLocalDevice, } RTL_PATH_TYPE; #ifndef NTOS_MODE_USER // // Callback function for RTL Timers or Registered Waits // typedef VOID (NTAPI *WAITORTIMERCALLBACKFUNC)( PVOID pvContext, BOOLEAN fTimerOrWaitFired ); // // Handler during Vectored RTL Exceptions // typedef LONG (NTAPI *PVECTORED_EXCEPTION_HANDLER)( PEXCEPTION_POINTERS ExceptionPointers ); // // Worker Thread Callback for Rtl // typedef VOID (NTAPI *WORKERCALLBACKFUNC)( IN PVOID Context ); #else // // Handler during regular RTL Exceptions // typedef EXCEPTION_DISPOSITION (NTAPI *PEXCEPTION_ROUTINE)( IN struct _EXCEPTION_RECORD *ExceptionRecord, IN PVOID EstablisherFrame, IN OUT struct _CONTEXT *ContextRecord, IN OUT PVOID DispatcherContext ); // // RTL Library Allocation/Free Routines // typedef PVOID (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( SIZE_T NumberOfBytes ); typedef PVOID (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( SIZE_T NumberOfBytes, PVOID Buffer ); typedef VOID (NTAPI *PRTL_FREE_STRING_ROUTINE)( PVOID Buffer ); extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; #endif // // Callback for RTL Heap Enumeration // typedef NTSTATUS (*PHEAP_ENUMERATION_ROUTINE)( IN PVOID HeapHandle, IN PVOID UserParam ); // // Thread and Process Start Routines for RtlCreateUserThread/Process // typedef ULONG (NTAPI *PTHREAD_START_ROUTINE)( PVOID Parameter ); typedef VOID (NTAPI *PRTL_BASE_PROCESS_START_ROUTINE)( PTHREAD_START_ROUTINE StartAddress, PVOID Parameter ); // // Declare empty structure definitions so that they may be referenced by // routines before they are defined // struct _RTL_AVL_TABLE; struct _RTL_GENERIC_TABLE; struct _RTL_RANGE; typedef struct _COMPRESSED_DATA_INFO COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; // // Routines and callbacks for the RTL AVL/Generic Table package // #if defined(NTOS_MODE_USER) || (!defined(NTOS_MODE_USER) && !defined(_NTIFS_)) typedef NTSTATUS (NTAPI *PRTL_AVL_MATCH_FUNCTION)( struct _RTL_AVL_TABLE *Table, PVOID UserData, PVOID MatchData ); typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_AVL_COMPARE_ROUTINE) ( struct _RTL_AVL_TABLE *Table, PVOID FirstStruct, PVOID SecondStruct ); typedef RTL_GENERIC_COMPARE_RESULTS (NTAPI *PRTL_GENERIC_COMPARE_ROUTINE) ( struct _RTL_GENERIC_TABLE *Table, PVOID FirstStruct, PVOID SecondStruct ); typedef PVOID (NTAPI *PRTL_GENERIC_ALLOCATE_ROUTINE) ( struct _RTL_GENERIC_TABLE *Table, CLONG ByteSize ); typedef VOID (NTAPI *PRTL_GENERIC_FREE_ROUTINE) ( struct _RTL_GENERIC_TABLE *Table, PVOID Buffer ); typedef PVOID (NTAPI *PRTL_AVL_ALLOCATE_ROUTINE) ( struct _RTL_AVL_TABLE *Table, CLONG ByteSize ); typedef VOID (NTAPI *PRTL_AVL_FREE_ROUTINE) ( struct _RTL_AVL_TABLE *Table, PVOID Buffer ); #endif // // RTL Query Registry callback // typedef NTSTATUS (NTAPI *PRTL_QUERY_REGISTRY_ROUTINE)( IN PWSTR ValueName, IN ULONG ValueType, IN PVOID ValueData, IN ULONG ValueLength, IN PVOID Context, IN PVOID EntryContext ); // // RTL Secure Memory callbacks // #ifdef NTOS_MODE_USER typedef NTSTATUS (NTAPI *PRTL_SECURE_MEMORY_CACHE_CALLBACK)( IN PVOID Address, IN SIZE_T Length ); #endif // // RTL Range List callbacks // #ifdef NTOS_MODE_USER typedef BOOLEAN (NTAPI *PRTL_CONFLICT_RANGE_CALLBACK)( PVOID Context, struct _RTL_RANGE *Range ); // // Custom Heap Commit Routine for RtlCreateHeap // typedef NTSTATUS (NTAPI * PRTL_HEAP_COMMIT_ROUTINE)( IN PVOID Base, IN OUT PVOID *CommitAddress, IN OUT PSIZE_T CommitSize ); // // Version Info redefinitions // typedef OSVERSIONINFOW RTL_OSVERSIONINFOW; typedef LPOSVERSIONINFOW PRTL_OSVERSIONINFOW; typedef OSVERSIONINFOEXW RTL_OSVERSIONINFOEXW; typedef LPOSVERSIONINFOEXW PRTL_OSVERSIONINFOEXW; // // Simple pointer definitions // typedef ACL_REVISION_INFORMATION *PACL_REVISION_INFORMATION; typedef ACL_SIZE_INFORMATION *PACL_SIZE_INFORMATION; // // Parameters for RtlCreateHeap // FIXME: Determine whether Length is SIZE_T or ULONG // typedef struct _RTL_HEAP_PARAMETERS { ULONG Length; SIZE_T SegmentReserve; SIZE_T SegmentCommit; SIZE_T DeCommitFreeBlockThreshold; SIZE_T DeCommitTotalFreeThreshold; SIZE_T MaximumAllocationSize; SIZE_T VirtualMemoryThreshold; SIZE_T InitialCommit; SIZE_T InitialReserve; PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; SIZE_T Reserved[2]; } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; // // RTL Bitmap structures // typedef struct _RTL_BITMAP { ULONG SizeOfBitMap; PULONG Buffer; } RTL_BITMAP, *PRTL_BITMAP; typedef struct _RTL_BITMAP_RUN { ULONG StartingIndex; ULONG NumberOfBits; } RTL_BITMAP_RUN, *PRTL_BITMAP_RUN; // // RtlGenerateXxxName context // typedef struct _GENERATE_NAME_CONTEXT { USHORT Checksum; BOOLEAN CheckSumInserted; UCHAR NameLength; WCHAR NameBuffer[8]; ULONG ExtensionLength; WCHAR ExtensionBuffer[4]; ULONG LastIndexValue; } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; // // RTL Splay and Balanced Links structures // typedef struct _RTL_SPLAY_LINKS { struct _RTL_SPLAY_LINKS *Parent; struct _RTL_SPLAY_LINKS *LeftChild; struct _RTL_SPLAY_LINKS *RightChild; } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; typedef struct _RTL_BALANCED_LINKS { struct _RTL_BALANCED_LINKS *Parent; struct _RTL_BALANCED_LINKS *LeftChild; struct _RTL_BALANCED_LINKS *RightChild; CHAR Balance; UCHAR Reserved[3]; } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS; // // RTL Avl/Generic Tables // typedef struct _RTL_GENERIC_TABLE { PRTL_SPLAY_LINKS TableRoot; LIST_ENTRY InsertOrderList; PLIST_ENTRY OrderedPointer; ULONG WhichOrderedElement; ULONG NumberGenericTableElements; PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine; PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine; PRTL_GENERIC_FREE_ROUTINE FreeRoutine; PVOID TableContext; } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE; typedef struct _RTL_AVL_TABLE { RTL_BALANCED_LINKS BalancedRoot; PVOID OrderedPointer; ULONG WhichOrderedElement; ULONG NumberGenericTableElements; ULONG DepthOfTree; PRTL_BALANCED_LINKS RestartKey; ULONG DeleteCount; PRTL_AVL_COMPARE_ROUTINE CompareRoutine; PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine; PRTL_AVL_FREE_ROUTINE FreeRoutine; PVOID TableContext; } RTL_AVL_TABLE, *PRTL_AVL_TABLE; // // RtlQueryRegistry Data // typedef struct _RTL_QUERY_REGISTRY_TABLE { PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine; ULONG Flags; PWSTR Name; PVOID EntryContext; ULONG DefaultType; PVOID DefaultData; ULONG DefaultLength; } RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE; // // RTL Unicode Table Structures // typedef struct _UNICODE_PREFIX_TABLE_ENTRY { CSHORT NodeTypeCode; CSHORT NameLength; struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; RTL_SPLAY_LINKS Links; PUNICODE_STRING Prefix; } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; typedef struct _UNICODE_PREFIX_TABLE { CSHORT NodeTypeCode; CSHORT NameLength; PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; // // Time Structure for RTL Time calls // typedef struct _TIME_FIELDS { CSHORT Year; CSHORT Month; CSHORT Day; CSHORT Hour; CSHORT Minute; CSHORT Second; CSHORT Milliseconds; CSHORT Weekday; } TIME_FIELDS, *PTIME_FIELDS; // // Activation Context // typedef PVOID PACTIVATION_CONTEXT; // // Activation Context Frame // typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME { struct __RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous; PACTIVATION_CONTEXT ActivationContext; ULONG Flags; } RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME; typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED { ULONG Size; ULONG Format; RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; PVOID Extra1; PVOID Extra2; PVOID Extra3; PVOID Extra4; } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED; #endif // // ACE Structure // typedef struct _ACE { ACE_HEADER Header; ACCESS_MASK AccessMask; } ACE, *PACE; // // Information Structures for RTL Debug Functions // typedef struct _RTL_PROCESS_MODULE_INFORMATION { ULONG Section; PVOID MappedBase; PVOID ImageBase; ULONG ImageSize; ULONG Flags; USHORT LoadOrderIndex; USHORT InitOrderIndex; USHORT LoadCount; USHORT OffsetToFileName; CHAR FullPathName[256]; } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; typedef struct _RTL_PROCESS_MODULES { ULONG NumberOfModules; RTL_PROCESS_MODULE_INFORMATION Modules[1]; } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX { ULONG NextOffset; RTL_PROCESS_MODULE_INFORMATION BaseInfo; ULONG ImageCheckSum; ULONG TimeDateStamp; PVOID DefaultBase; } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX; typedef struct _RTL_HEAP_TAG_INFO { ULONG NumberOfAllocations; ULONG NumberOfFrees; ULONG BytesAllocated; } RTL_HEAP_TAG_INFO, *PRTL_HEAP_TAG_INFO; typedef struct _RTL_HEAP_USAGE_ENTRY { struct _RTL_HEAP_USAGE_ENTRY *Next; } RTL_HEAP_USAGE_ENTRY, *PRTL_HEAP_USAGE_ENTRY; typedef struct _RTL_HEAP_USAGE { ULONG Length; ULONG BytesAllocated; ULONG BytesCommitted; ULONG BytesReserved; ULONG BytesReservedMaximum; PRTL_HEAP_USAGE_ENTRY Entries; PRTL_HEAP_USAGE_ENTRY AddedEntries; PRTL_HEAP_USAGE_ENTRY RemovedEntries; UCHAR Reserved[32]; } RTL_HEAP_USAGE, *PRTL_HEAP_USAGE; typedef struct _RTL_HEAP_INFORMATION { PVOID BaseAddress; ULONG Flags; USHORT EntryOverhead; USHORT CreatorBackTraceIndex; ULONG BytesAllocated; ULONG BytesCommitted; ULONG NumberOfTags; ULONG NumberOfEntries; ULONG NumberOfPseudoTags; ULONG PseudoTagGranularity; ULONG Reserved[4]; PVOID Tags; PVOID Entries; } RTL_HEAP_INFORMATION, *PRTL_HEAP_INFORMATION; typedef struct _RTL_PROCESS_HEAPS { ULONG NumberOfHeaps; RTL_HEAP_INFORMATION Heaps[1]; } RTL_PROCESS_HEAPS, *PRTL_PROCESS_HEAPS; typedef struct _RTL_PROCESS_LOCK_INFORMATION { PVOID Address; USHORT Type; USHORT CreatorBackTraceIndex; ULONG OwnerThreadId; ULONG ActiveCount; ULONG ContentionCount; ULONG EntryCount; ULONG RecursionCount; ULONG NumberOfSharedWaiters; ULONG NumberOfExclusiveWaiters; } RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION; typedef struct _RTL_PROCESS_LOCKS { ULONG NumberOfLocks; RTL_PROCESS_LOCK_INFORMATION Locks[1]; } RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS; typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION { PVOID SymbolicBackTrace; ULONG TraceCount; USHORT Index; USHORT Depth; PVOID BackTrace[16]; } RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION; typedef struct _RTL_PROCESS_BACKTRACES { ULONG CommittedMemory; ULONG ReservedMemory; ULONG NumberOfBackTraceLookups; ULONG NumberOfBackTraces; RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1]; } RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES; typedef struct _RTL_PROCESS_VERIFIER_OPTIONS { ULONG SizeStruct; ULONG Option; UCHAR OptionData[1]; // // Option array continues below // } RTL_PROCESS_VERIFIER_OPTIONS, *PRTL_PROCESS_VERIFIER_OPTIONS; typedef struct _RTL_DEBUG_INFORMATION { HANDLE SectionHandleClient; PVOID ViewBaseClient; PVOID ViewBaseTarget; ULONG ViewBaseDelta; HANDLE EventPairClient; PVOID EventPairTarget; HANDLE TargetProcessId; HANDLE TargetThreadHandle; ULONG Flags; ULONG OffsetFree; ULONG CommitSize; ULONG ViewSize; union { PRTL_PROCESS_MODULES Modules; PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx; }; PRTL_PROCESS_BACKTRACES BackTraces; PRTL_PROCESS_HEAPS Heaps; PRTL_PROCESS_LOCKS Locks; HANDLE SpecificHeap; HANDLE TargetProcessHandle; RTL_PROCESS_VERIFIER_OPTIONS VerifierOptions; HANDLE ProcessHeap; HANDLE CriticalSectionHandle; HANDLE CriticalSectionOwnerThread; PVOID Reserved[4]; } RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION; // // Unload Event Trace Structure for RtlGetUnloadEventTrace // typedef struct _RTL_UNLOAD_EVENT_TRACE { PVOID BaseAddress; ULONG SizeOfImage; ULONG Sequence; ULONG TimeDateStamp; ULONG CheckSum; WCHAR ImageName[32]; } RTL_UNLOAD_EVENT_TRACE, *PRTL_UNLOAD_EVENT_TRACE; // // RTL Handle Structures // typedef struct _RTL_HANDLE_TABLE_ENTRY { ULONG Flags; struct _RTL_HANDLE_TABLE_ENTRY *NextFree; } RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY; typedef struct _RTL_HANDLE_TABLE { ULONG MaximumNumberOfHandles; ULONG SizeOfHandleTableEntry; ULONG Reserved[2]; PRTL_HANDLE_TABLE_ENTRY FreeHandles; PRTL_HANDLE_TABLE_ENTRY CommittedHandles; PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles; PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles; } RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE; // // Exception Record // typedef struct _EXCEPTION_REGISTRATION_RECORD { struct _EXCEPTION_REGISTRATION_RECORD *Next; PEXCEPTION_ROUTINE Handler; } EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD; // // Current Directory Structures // typedef struct _CURDIR { UNICODE_STRING DosPath; HANDLE Handle; } CURDIR, *PCURDIR; typedef struct RTL_DRIVE_LETTER_CURDIR { USHORT Flags; USHORT Length; ULONG TimeStamp; UNICODE_STRING DosPath; } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; // // Private State structure for RtlAcquirePrivilege/RtlReleasePrivilege // typedef struct _RTL_ACQUIRE_STATE { HANDLE Token; HANDLE OldImpersonationToken; PTOKEN_PRIVILEGES OldPrivileges; PTOKEN_PRIVILEGES NewPrivileges; ULONG Flags; UCHAR OldPrivBuffer[1024]; } RTL_ACQUIRE_STATE, *PRTL_ACQUIRE_STATE; #ifndef NTOS_MODE_USER // // RTL Critical Section Structures // typedef struct _RTL_CRITICAL_SECTION_DEBUG { USHORT Type; USHORT CreatorBackTraceIndex; struct _RTL_CRITICAL_SECTION *CriticalSection; LIST_ENTRY ProcessLocksList; ULONG EntryCount; ULONG ContentionCount; ULONG Spare[2]; } RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, *PRTL_RESOURCE_DEBUG; typedef struct _RTL_CRITICAL_SECTION { PRTL_CRITICAL_SECTION_DEBUG DebugInfo; LONG LockCount; LONG RecursionCount; HANDLE OwningThread; HANDLE LockSemaphore; ULONG_PTR SpinCount; } RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION; #endif // // RTL Range List Structures // typedef struct _RTL_RANGE_LIST { LIST_ENTRY ListHead; ULONG Flags; ULONG Count; ULONG Stamp; } RTL_RANGE_LIST, *PRTL_RANGE_LIST; typedef struct _RTL_RANGE { ULONGLONG Start; ULONGLONG End; PVOID UserData; PVOID Owner; UCHAR Attributes; UCHAR Flags; } RTL_RANGE, *PRTL_RANGE; typedef struct _RANGE_LIST_ITERATOR { PLIST_ENTRY RangeListHead; PLIST_ENTRY MergedHead; PVOID Current; ULONG Stamp; } RTL_RANGE_LIST_ITERATOR, *PRTL_RANGE_LIST_ITERATOR; // // RTL Resource // typedef struct _RTL_RESOURCE { RTL_CRITICAL_SECTION Lock; HANDLE SharedSemaphore; ULONG SharedWaiters; HANDLE ExclusiveSemaphore; ULONG ExclusiveWaiters; LONG NumberActive; HANDLE OwningThread; ULONG TimeoutBoost; PVOID DebugInfo; } RTL_RESOURCE, *PRTL_RESOURCE; // // RTL Message Structures for PE Resources // typedef struct _RTL_MESSAGE_RESOURCE_ENTRY { USHORT Length; USHORT Flags; CHAR Text[1]; } RTL_MESSAGE_RESOURCE_ENTRY, *PRTL_MESSAGE_RESOURCE_ENTRY; typedef struct _RTL_MESSAGE_RESOURCE_BLOCK { ULONG LowId; ULONG HighId; ULONG OffsetToEntries; } RTL_MESSAGE_RESOURCE_BLOCK, *PRTL_MESSAGE_RESOURCE_BLOCK; typedef struct _RTL_MESSAGE_RESOURCE_DATA { ULONG NumberOfBlocks; RTL_MESSAGE_RESOURCE_BLOCK Blocks[1]; } RTL_MESSAGE_RESOURCE_DATA, *PRTL_MESSAGE_RESOURCE_DATA; // // Structures for RtlCreateUserProcess // typedef struct _RTL_USER_PROCESS_PARAMETERS { ULONG MaximumLength; ULONG Length; ULONG Flags; ULONG DebugFlags; HANDLE ConsoleHandle; ULONG ConsoleFlags; HANDLE StandardInput; HANDLE StandardOutput; HANDLE StandardError; CURDIR CurrentDirectory; UNICODE_STRING DllPath; UNICODE_STRING ImagePathName; UNICODE_STRING CommandLine; PWSTR Environment; ULONG StartingX; ULONG StartingY; ULONG CountX; ULONG CountY; ULONG CountCharsX; ULONG CountCharsY; ULONG FillAttribute; ULONG WindowFlags; ULONG ShowWindowFlags; UNICODE_STRING WindowTitle; UNICODE_STRING DesktopInfo; UNICODE_STRING ShellInfo; UNICODE_STRING RuntimeData; RTL_DRIVE_LETTER_CURDIR CurrentDirectories[32]; } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; typedef struct _RTL_USER_PROCESS_INFORMATION { ULONG Size; HANDLE ProcessHandle; HANDLE ThreadHandle; CLIENT_ID ClientId; SECTION_IMAGE_INFORMATION ImageInformation; } RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; // // RTL Atom Table Structures // typedef struct _RTL_ATOM_TABLE_ENTRY { struct _RTL_ATOM_TABLE_ENTRY *HashLink; USHORT HandleIndex; USHORT Atom; USHORT ReferenceCount; UCHAR Flags; UCHAR NameLength; WCHAR Name[1]; } RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY; typedef struct _RTL_ATOM_TABLE { ULONG Signature; union { #ifdef NTOS_MODE_USER RTL_CRITICAL_SECTION CriticalSection; #else FAST_MUTEX FastMutex; #endif }; union { #ifdef NTOS_MODE_USER RTL_HANDLE_TABLE RtlHandleTable; #else PHANDLE_TABLE ExHandleTable; #endif }; ULONG NumberOfBuckets; PRTL_ATOM_TABLE_ENTRY Buckets[1]; } RTL_ATOM_TABLE, *PRTL_ATOM_TABLE; #ifndef _WINBASE_ // // System Time and Timezone Structures // typedef struct _SYSTEMTIME { USHORT wYear; USHORT wMonth; USHORT wDayOfWeek; USHORT wDay; USHORT wHour; USHORT wMinute; USHORT wSecond; USHORT wMilliseconds; } SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME; typedef struct _TIME_ZONE_INFORMATION { LONG Bias; WCHAR StandardName[32]; SYSTEMTIME StandardDate; LONG StandardBias; WCHAR DaylightName[32]; SYSTEMTIME DaylightDate; LONG DaylightBias; } TIME_ZONE_INFORMATION, *PTIME_ZONE_INFORMATION, *LPTIME_ZONE_INFORMATION; #endif // // Native version of Timezone Structure // typedef LPTIME_ZONE_INFORMATION PRTL_TIME_ZONE_INFORMATION; // // Hotpatch Header // typedef struct _RTL_PATCH_HEADER { LIST_ENTRY PatchList; PVOID PatchImageBase; struct _RTL_PATCH_HEADER *NextPath; ULONG PatchFlags; LONG PatchRefCount; struct _HOTPATCH_HEADER *HotpatchHeader; UNICODE_STRING TargetDllName; PVOID TargetDllBase; PLDR_DATA_TABLE_ENTRY TargetLdrDataTableEntry; PLDR_DATA_TABLE_ENTRY PatchLdrDataTableEntry; struct _SYSTEM_HOTPATCH_CODE_INFORMATION *CodeInfo; } RTL_PATCH_HEADER, *PRTL_PATCH_HEADER; // // Header for NLS Files // typedef struct _NLS_FILE_HEADER { USHORT HeaderSize; USHORT CodePage; USHORT MaximumCharacterSize; USHORT DefaultChar; USHORT UniDefaultChar; USHORT TransDefaultChar; USHORT TransUniDefaultChar; USHORT DBCSCodePage; UCHAR LeadByte[MAXIMUM_LEADBYTES]; } NLS_FILE_HEADER, *PNLS_FILE_HEADER; // // Stack Traces // typedef struct _RTL_STACK_TRACE_ENTRY { struct _RTL_STACK_TRACE_ENTRY *HashChain; ULONG TraceCount; USHORT Index; USHORT Depth; PVOID BackTrace[32]; } RTL_STACK_TRACE_ENTRY, *PRTL_STACK_TRACE_ENTRY; typedef struct _STACK_TRACE_DATABASE { RTL_CRITICAL_SECTION CriticalSection; } STACK_TRACE_DATABASE, *PSTACK_TRACE_DATABASE; #ifndef NTOS_MODE_USER // // Message Resource Entry, Block and Data // typedef struct _MESSAGE_RESOURCE_ENTRY { USHORT Length; USHORT Flags; UCHAR Text[ANYSIZE_ARRAY]; } MESSAGE_RESOURCE_ENTRY, *PMESSAGE_RESOURCE_ENTRY; typedef struct _MESSAGE_RESOURCE_BLOCK { ULONG LowId; ULONG HighId; ULONG OffsetToEntries; } MESSAGE_RESOURCE_BLOCK, *PMESSAGE_RESOURCE_BLOCK; typedef struct _MESSAGE_RESOURCE_DATA { ULONG NumberOfBlocks; MESSAGE_RESOURCE_BLOCK Blocks[ANYSIZE_ARRAY]; } MESSAGE_RESOURCE_DATA, *PMESSAGE_RESOURCE_DATA; #endif #endif ================================================ FILE: ndk/sefuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: sefuncs.h Abstract: Function definitions for the security manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _SEFUNCS_H #define _SEFUNCS_H // // Dependencies // #include #ifndef NTOS_MODE_USER // // Security Descriptors // NTKERNELAPI NTSTATUS NTAPI SeCaptureSecurityDescriptor( IN PSECURITY_DESCRIPTOR OriginalSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN POOL_TYPE PoolType, IN BOOLEAN CaptureIfKernel, OUT PSECURITY_DESCRIPTOR *CapturedSecurityDescriptor ); NTKERNELAPI NTSTATUS NTAPI SeReleaseSecurityDescriptor( IN PSECURITY_DESCRIPTOR CapturedSecurityDescriptor, IN KPROCESSOR_MODE CurrentMode, IN BOOLEAN CaptureIfKernelMode ); // // Access States // NTKERNELAPI NTSTATUS NTAPI SeCreateAccessState( PACCESS_STATE AccessState, PAUX_DATA AuxData, ACCESS_MASK Access, PGENERIC_MAPPING GenericMapping ); NTKERNELAPI VOID NTAPI SeDeleteAccessState( IN PACCESS_STATE AccessState ); // // Impersonation // NTKERNELAPI SECURITY_IMPERSONATION_LEVEL NTAPI SeTokenImpersonationLevel( IN PACCESS_TOKEN Token ); #endif // // Native Calls // NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheck( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, OUT PULONG ReturnLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus ); NTSTATUS NTAPI NtAccessCheckByType( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN ULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus ); NTSTATUS NTAPI NtAccessCheckByTypeResultList( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN PSID PrincipalSelfSid, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN POBJECT_TYPE_LIST ObjectTypeList, IN ULONG ObjectTypeLength, IN PGENERIC_MAPPING GenericMapping, IN PPRIVILEGE_SET PrivilegeSet, IN ULONG PrivilegeSetLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus ); NTSYSCALLAPI NTSTATUS NTAPI NtAccessCheckAndAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, IN BOOLEAN ObjectCreation, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus, OUT PBOOLEAN GenerateOnClose ); NTSYSCALLAPI NTSTATUS NTAPI NtAdjustGroupsToken( IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtAdjustPrivilegesToken( IN HANDLE TokenHandle, IN BOOLEAN DisableAllPrivileges, IN PTOKEN_PRIVILEGES NewState, IN ULONG BufferLength, OUT PTOKEN_PRIVILEGES PreviousState, OUT PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId( OUT LUID *LocallyUniqueId ); NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids( PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed ); NTSYSCALLAPI NTSTATUS NTAPI NtCompareTokens( IN HANDLE FirstTokenHandle, IN HANDLE SecondTokenHandle, OUT PBOOLEAN Equal); NTSYSCALLAPI NTSTATUS NTAPI NtCreateToken( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN TOKEN_TYPE TokenType, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER TokenUser, IN PTOKEN_GROUPS TokenGroups, IN PTOKEN_PRIVILEGES TokenPrivileges, IN PTOKEN_OWNER TokenOwner, IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, IN PTOKEN_SOURCE TokenSource ); NTSYSCALLAPI NTSTATUS NTAPI NtDuplicateToken( IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN BOOLEAN EffectiveOnly, IN TOKEN_TYPE TokenType, OUT PHANDLE NewTokenHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtImpersonateAnonymousToken( IN HANDLE Thread ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE ClientToken, IN ULONG DesiredAccess, IN ULONG GrantedAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN ObjectCreation, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateOnClose ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessToken( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenProcessTokenEx( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeCheck( IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, IN PBOOLEAN Result ); NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegedServiceAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PUNICODE_STRING ServiceName, IN HANDLE ClientToken, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSCALLAPI NTSTATUS NTAPI NtPrivilegeObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE ClientToken, IN ULONG DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength, OUT PULONG ReturnLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength ); NTSYSAPI NTSTATUS NTAPI ZwAccessCheck( IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE ClientToken, IN ACCESS_MASK DesiredAccess, IN PGENERIC_MAPPING GenericMapping, OUT PPRIVILEGE_SET PrivilegeSet, OUT PULONG ReturnLength, OUT PACCESS_MASK GrantedAccess, OUT PNTSTATUS AccessStatus ); NTSYSAPI NTSTATUS NTAPI ZwAdjustGroupsToken( IN HANDLE TokenHandle, IN BOOLEAN ResetToDefault, IN PTOKEN_GROUPS NewState, IN ULONG BufferLength, OUT PTOKEN_GROUPS PreviousState OPTIONAL, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwAdjustPrivilegesToken( IN HANDLE TokenHandle, IN BOOLEAN DisableAllPrivileges, IN PTOKEN_PRIVILEGES NewState, IN ULONG BufferLength, OUT PTOKEN_PRIVILEGES PreviousState, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwAllocateLocallyUniqueId( OUT LUID *LocallyUniqueId ); NTSYSAPI NTSTATUS NTAPI ZwAllocateUuids( PULARGE_INTEGER Time, PULONG Range, PULONG Sequence, PUCHAR Seed ); NTSYSAPI NTSTATUS NTAPI ZwCreateToken( OUT PHANDLE TokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, IN TOKEN_TYPE TokenType, IN PLUID AuthenticationId, IN PLARGE_INTEGER ExpirationTime, IN PTOKEN_USER TokenUser, IN PTOKEN_GROUPS TokenGroups, IN PTOKEN_PRIVILEGES TokenPrivileges, IN PTOKEN_OWNER TokenOwner, IN PTOKEN_PRIMARY_GROUP TokenPrimaryGroup, IN PTOKEN_DEFAULT_DACL TokenDefaultDacl, IN PTOKEN_SOURCE TokenSource ); NTSYSAPI NTSTATUS NTAPI ZwDuplicateToken( IN HANDLE ExistingTokenHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN BOOLEAN EffectiveOnly, IN TOKEN_TYPE TokenType, OUT PHANDLE NewTokenHandle ); NTSYSAPI NTSTATUS NTAPI ZwImpersonateAnonymousToken( IN HANDLE Thread ); NTSYSAPI NTSTATUS NTAPI ZwOpenObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN PUNICODE_STRING ObjectTypeName, IN PUNICODE_STRING ObjectName, IN PSECURITY_DESCRIPTOR SecurityDescriptor, IN HANDLE ClientToken, IN ULONG DesiredAccess, IN ULONG GrantedAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN ObjectCreation, IN BOOLEAN AccessGranted, OUT PBOOLEAN GenerateOnClose ); NTSYSAPI NTSTATUS NTAPI ZwOpenProcessToken( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI ZwOpenProcessTokenEx( IN HANDLE ProcessHandle, IN ACCESS_MASK DesiredAccess, IN ULONG HandleAttributes, OUT PHANDLE TokenHandle ); NTSYSAPI NTSTATUS NTAPI ZwPrivilegeCheck( IN HANDLE ClientToken, IN PPRIVILEGE_SET RequiredPrivileges, IN PBOOLEAN Result ); NTSYSAPI NTSTATUS NTAPI ZwPrivilegedServiceAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PUNICODE_STRING ServiceName, IN HANDLE ClientToken, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSAPI NTSTATUS NTAPI ZwPrivilegeObjectAuditAlarm( IN PUNICODE_STRING SubsystemName, IN PVOID HandleId, IN HANDLE ClientToken, IN ULONG DesiredAccess, IN PPRIVILEGE_SET Privileges, IN BOOLEAN AccessGranted ); NTSYSAPI NTSTATUS NTAPI ZwQueryInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength, OUT PULONG ReturnLength ); NTSYSAPI NTSTATUS NTAPI ZwSetInformationToken( IN HANDLE TokenHandle, IN TOKEN_INFORMATION_CLASS TokenInformationClass, OUT PVOID TokenInformation, IN ULONG TokenInformationLength ); #endif ================================================ FILE: ndk/setypes.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: setypes.h Abstract: Type definitions for the security manager. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _SETYPES_H #define _SETYPES_H // // Dependencies // #include // // Well Known SIDs // #define SECURITY_INTERNETSITE_AUTHORITY {0,0,0,0,0,7} #ifdef NTOS_MODE_USER // // Privilege constants // #define SE_MIN_WELL_KNOWN_PRIVILEGE (2L) #define SE_CREATE_TOKEN_PRIVILEGE (2L) #define SE_ASSIGNPRIMARYTOKEN_PRIVILEGE (3L) #define SE_LOCK_MEMORY_PRIVILEGE (4L) #define SE_INCREASE_QUOTA_PRIVILEGE (5L) #define SE_UNSOLICITED_INPUT_PRIVILEGE (6L) #define SE_MACHINE_ACCOUNT_PRIVILEGE (6L) #define SE_TCB_PRIVILEGE (7L) #define SE_SECURITY_PRIVILEGE (8L) #define SE_TAKE_OWNERSHIP_PRIVILEGE (9L) #define SE_LOAD_DRIVER_PRIVILEGE (10L) #define SE_SYSTEM_PROFILE_PRIVILEGE (11L) #define SE_SYSTEMTIME_PRIVILEGE (12L) #define SE_PROF_SINGLE_PROCESS_PRIVILEGE (13L) #define SE_INC_BASE_PRIORITY_PRIVILEGE (14L) #define SE_CREATE_PAGEFILE_PRIVILEGE (15L) #define SE_CREATE_PERMANENT_PRIVILEGE (16L) #define SE_BACKUP_PRIVILEGE (17L) #define SE_RESTORE_PRIVILEGE (18L) #define SE_SHUTDOWN_PRIVILEGE (19L) #define SE_DEBUG_PRIVILEGE (20L) #define SE_AUDIT_PRIVILEGE (21L) #define SE_SYSTEM_ENVIRONMENT_PRIVILEGE (22L) #define SE_CHANGE_NOTIFY_PRIVILEGE (23L) #define SE_REMOTE_SHUTDOWN_PRIVILEGE (24L) #define SE_MAX_WELL_KNOWN_PRIVILEGE (SE_REMOTE_SHUTDOWN_PRIVILEGE) #else // // User and Group-related SID Attributes // #define SE_GROUP_MANDATORY 0x00000001 #define SE_GROUP_ENABLED_BY_DEFAULT 0x00000002 #define SE_GROUP_ENABLED 0x00000004 #define SE_GROUP_OWNER 0x00000008 #define SE_GROUP_USE_FOR_DENY_ONLY 0x00000010 #define SE_GROUP_INTEGRITY 0x00000020 #define SE_GROUP_INTEGRITY_ENABLED 0x00000040 #define SE_GROUP_RESOURCE 0x20000000 #define SE_GROUP_LOGON_ID 0xC0000000 #define SE_GROUP_VALID_ATTRIBUTES \ (SE_GROUP_MANDATORY | \ SE_GROUP_ENABLED_BY_DEFAULT | \ SE_GROUP_ENABLED | \ SE_GROUP_OWNER | \ SE_GROUP_USE_FOR_DENY_ONLY | \ SE_GROUP_LOGON_ID | \ SE_GROUP_RESOURCE | \ SE_GROUP_INTEGRITY | \ SE_GROUP_INTEGRITY_ENABLED) // // Audit and Policy Structures // typedef struct _SEP_AUDIT_POLICY_CATEGORIES { UCHAR System:4; UCHAR Logon:4; UCHAR ObjectAccess:4; UCHAR PrivilegeUse:4; UCHAR DetailedTracking:4; UCHAR PolicyChange:4; UCHAR AccountManagement:4; UCHAR DirectoryServiceAccess:4; UCHAR AccountLogon:4; } SEP_AUDIT_POLICY_CATEGORIES, *PSEP_AUDIT_POLICY_CATEGORIES; typedef struct _SEP_AUDIT_POLICY_OVERLAY { ULONGLONG PolicyBits:36; UCHAR SetBit:1; } SEP_AUDIT_POLICY_OVERLAY, *PSEP_AUDIT_POLICY_OVERLAY; typedef struct _SEP_AUDIT_POLICY { union { SEP_AUDIT_POLICY_CATEGORIES PolicyElements; SEP_AUDIT_POLICY_OVERLAY PolicyOverlay; ULONGLONG Overlay; }; } SEP_AUDIT_POLICY, *PSEP_AUDIT_POLICY; typedef struct _SE_AUDIT_PROCESS_CREATION_INFO { POBJECT_NAME_INFORMATION ImageFileName; } SE_AUDIT_PROCESS_CREATION_INFO, *PSE_AUDIT_PROCESS_CREATION_INFO; // // Token and auxiliary data // typedef struct _TOKEN { TOKEN_SOURCE TokenSource; /* 0x00 */ LUID TokenId; /* 0x10 */ LUID AuthenticationId; /* 0x18 */ LUID ParentTokenId; /* 0x20 */ LARGE_INTEGER ExpirationTime; /* 0x28 */ struct _ERESOURCE *TokenLock; /* 0x30 */ SEP_AUDIT_POLICY AuditPolicy; /* 0x38 */ LUID ModifiedId; /* 0x40 */ ULONG SessionId; /* 0x48 */ ULONG UserAndGroupCount; /* 0x4C */ ULONG RestrictedSidCount; /* 0x50 */ ULONG PrivilegeCount; /* 0x54 */ ULONG VariableLength; /* 0x58 */ ULONG DynamicCharged; /* 0x5C */ ULONG DynamicAvailable; /* 0x60 */ ULONG DefaultOwnerIndex; /* 0x64 */ PSID_AND_ATTRIBUTES UserAndGroups; /* 0x68 */ PSID_AND_ATTRIBUTES RestrictedSids; /* 0x6C */ PSID PrimaryGroup; /* 0x70 */ PLUID_AND_ATTRIBUTES Privileges; /* 0x74 */ PULONG DynamicPart; /* 0x78 */ PACL DefaultDacl; /* 0x7C */ TOKEN_TYPE TokenType; /* 0x80 */ SECURITY_IMPERSONATION_LEVEL ImpersonationLevel; /* 0x84 */ ULONG TokenFlags; /* 0x88 */ BOOLEAN TokenInUse; /* 0x8C */ PVOID ProxyData; /* 0x90 */ PVOID AuditData; /* 0x94 */ LUID OriginatingLogonSession; /* 0x98 */ ULONG VariablePart; /* 0xA0 */ } TOKEN, *PTOKEN; typedef struct _AUX_DATA { PPRIVILEGE_SET PrivilegeSet; GENERIC_MAPPING GenericMapping; ULONG Reserved; } AUX_DATA, *PAUX_DATA; // // External SRM Data // extern PACL SePublicDefaultDacl; extern PACL SeSystemDefaultDacl; #endif #endif ================================================ FILE: ndk/umfuncs.h ================================================ /*++ NDK Version: 0098 Copyright (c) Alex Ionescu. All rights reserved. Header Name: umfuncs.h Abstract: Function definitions for Native DLL (ntdll) APIs exclusive to User Mode. Author: Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 --*/ #ifndef _UMFUNCS_H #define _UMFUNCS_H // // Dependencies // #include #include // // Don't force inclusion of csrss header, leave this opaque. // struct _CSR_API_MESSAGE; struct _CSR_CAPTURE_BUFFER; // // CSR Functions // PVOID NTAPI CsrAllocateCaptureBuffer( ULONG ArgumentCount, ULONG BufferSize ); ULONG NTAPI CsrAllocateMessagePointer( struct _CSR_CAPTURE_BUFFER *CaptureBuffer, ULONG MessageLength, PVOID *CaptureData ); VOID NTAPI CsrCaptureMessageBuffer( struct _CSR_CAPTURE_BUFFER *CaptureBuffer, PVOID MessageString, ULONG StringLength, PVOID *CapturedData ); NTSTATUS NTAPI CsrClientConnectToServer( PWSTR ObjectDirectory, ULONG ServerId, PVOID ConnectionInfo, PULONG ConnectionInfoSize, PBOOLEAN ServerToServerCall ); NTSTATUS NTAPI CsrClientCallServer( struct _CSR_API_MESSAGE *Request, struct _CSR_CAPTURE_BUFFER *CaptureBuffer OPTIONAL, ULONG ApiNumber, ULONG RequestLength ); NTSTATUS NTAPI CsrIdentifyAlertableThread( VOID ); VOID NTAPI CsrFreeCaptureBuffer( struct _CSR_CAPTURE_BUFFER *CaptureBuffer ); HANDLE NTAPI CsrGetProcessId( VOID ); NTSTATUS NTAPI CsrNewThread(VOID); NTSTATUS NTAPI CsrSetPriorityClass( HANDLE Process, PULONG PriorityClass ); VOID NTAPI CsrProbeForRead( IN PVOID Address, IN ULONG Length, IN ULONG Alignment ); VOID NTAPI CsrProbeForWrite( IN PVOID Address, IN ULONG Length, IN ULONG Alignment ); // // Debug Functions // NTSYSAPI VOID NTAPI DbgBreakPointWithStatus( IN ULONG Status ); NTSTATUS NTAPI DbgUiConnectToDbg( VOID ); NTSTATUS NTAPI DbgUiContinue( IN PCLIENT_ID ClientId, IN NTSTATUS ContinueStatus ); NTSTATUS NTAPI DbgUiDebugActiveProcess( IN HANDLE Process ); NTSTATUS NTAPI DbgUiStopDebugging( IN HANDLE Process ); NTSTATUS NTAPI DbgUiWaitStateChange( IN PDBGUI_WAIT_STATE_CHANGE DbgUiWaitStateCange, IN PLARGE_INTEGER TimeOut ); NTSTATUS NTAPI DbgUiConvertStateChangeStructure( IN PDBGUI_WAIT_STATE_CHANGE WaitStateChange, IN PVOID DebugEvent ); VOID NTAPI DbgUiRemoteBreakin( VOID ); NTSTATUS NTAPI DbgUiIssueRemoteBreakin( IN HANDLE Process ); HANDLE NTAPI DbgUiGetThreadDebugObject( VOID ); // // Loader Functions // NTSTATUS NTAPI LdrAddRefDll( IN ULONG Flags, IN PVOID BaseAddress ); NTSTATUS NTAPI LdrDisableThreadCalloutsForDll( IN PVOID BaseAddress ); NTSTATUS NTAPI LdrGetDllHandle( IN PWSTR DllPath OPTIONAL, IN PULONG DllCharacteristics, IN PUNICODE_STRING DllName, OUT PVOID *DllHandle ); NTSTATUS NTAPI LdrFindEntryForAddress( IN PVOID Address, OUT PLDR_DATA_TABLE_ENTRY *Module ); NTSTATUS NTAPI LdrGetProcedureAddress( IN PVOID BaseAddress, IN PANSI_STRING Name, IN ULONG Ordinal, OUT PVOID *ProcedureAddress ); VOID NTAPI LdrInitializeThunk( ULONG Unknown1, ULONG Unknown2, ULONG Unknown3, ULONG Unknown4 ); NTSTATUS NTAPI LdrLoadDll( IN PWSTR SearchPath OPTIONAL, IN PULONG LoadFlags OPTIONAL, IN PUNICODE_STRING Name, OUT PVOID *BaseAddress OPTIONAL ); PIMAGE_BASE_RELOCATION NTAPI LdrProcessRelocationBlock( IN ULONG_PTR Address, IN ULONG Count, IN PUSHORT TypeOffset, IN LONG_PTR Delta ); NTSTATUS NTAPI LdrQueryImageFileExecutionOptions( IN PUNICODE_STRING SubKey, IN PCWSTR ValueName, IN ULONG ValueSize, OUT PVOID Buffer, IN ULONG BufferSize, OUT PULONG RetunedLength OPTIONAL ); NTSTATUS NTAPI LdrQueryProcessModuleInformation( IN PRTL_PROCESS_MODULES ModuleInformation OPTIONAL, IN ULONG Size OPTIONAL, OUT PULONG ReturnedSize ); NTSTATUS NTAPI LdrShutdownProcess( VOID ); NTSTATUS NTAPI LdrShutdownThread( VOID ); NTSTATUS NTAPI LdrUnloadDll( IN PVOID BaseAddress ); NTSTATUS NTAPI LdrVerifyImageMatchesChecksum( IN HANDLE FileHandle, ULONG Unknown1, ULONG Unknown2, ULONG Unknown3 ); #endif ================================================ FILE: ndk/umtypes.h ================================================ /*++ NDK Version: 0095 Copyright (c) Alex Ionescu. All rights reserved. Header Name: umtypes.h Abstract: Type definitions for the basic native types. Author: Alex Ionescu (alex.ionescu@reactos.com) 06-Oct-2004 --*/ #if !defined(_NTDEF_) && !defined(_NTDEF_H) #define _NTDEF_ #define _NTDEF_H // // NDK Applications must use Unicode // #ifndef UNICODE #define UNICODE #endif // // Don't use the SDK status values // #ifndef WIN32_NO_STATUS #define WIN32_NO_STATUS #endif // // Let the NDK know we're in Application Mode // #define NTOS_MODE_USER // // Dependencies // #include #undef WIN32_NO_STATUS #include #include #include // // Compiler Definitions // #ifndef _MANAGED #if defined(_M_IX86) #define FASTCALL _fastcall #else #define FASTCALL #endif #else #define FASTCALL NTAPI #endif #if !defined(_M_CEE_PURE) #define NTAPI_INLINE NTAPI #else #define NTAPI_INLINE #endif // // Alignment Macros // #define ALIGN_DOWN(s, t) \ ((ULONG)(s) & ~(sizeof(t) - 1)) #define ALIGN_UP(s, t) \ (ALIGN_DOWN(((ULONG)(s) + sizeof(t) - 1), t)) #define ALIGN_DOWN_POINTER(p, t) \ ((PVOID)((ULONG_PTR)(p) & ~((ULONG_PTR)sizeof(t) - 1))) #define ALIGN_UP_POINTER(p, t) \ (ALIGN_DOWN_POINTER(((ULONG_PTR)(p) + sizeof(t) - 1), t)) // // Native API Return Value Macros // #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0) #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1) #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2) #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3) // // Limits // #define MINCHAR 0x80 #define MAXCHAR 0x7f #define MINSHORT 0x8000 #define MAXSHORT 0x7fff #define MINLONG 0x80000000 #define MAXLONG 0x7fffffff #define MAXUCHAR 0xff #define MAXUSHORT 0xffff #define MAXULONG 0xffffffff // // CSR Macros // #define CSR_MAKE_OPCODE(s,m) ((s) << 16) | (m) #define CSR_API_ID_FROM_OPCODE(n) ((ULONG)((USHORT)(n))) #define CSR_SERVER_ID_FROM_OPCODE(n) (ULONG)((n) >> 16) // // Basic Types that aren't defined in User-Mode Headers // typedef CONST int CINT; typedef CONST char *PCSZ; typedef ULONG CLONG; typedef short CSHORT; typedef CSHORT *PCSHORT; typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS; typedef LONG KPRIORITY; typedef LONG NTSTATUS, *PNTSTATUS; // // Basic NT Types // #if !defined(_NTSECAPI_H) && !defined(_SUBAUTH_H) && !defined(_NTSECAPI_) typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UNICODE_STRING, *PUNICODE_STRING; typedef struct _STRING { USHORT Length; USHORT MaximumLength; PCHAR Buffer; } STRING, *PSTRING; typedef struct _CSTRING { USHORT Length; USHORT MaximumLength; CONST CHAR *Buffer; } CSTRING, *PCSTRING; #endif typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES; // // ClientID Structure // typedef struct _CLIENT_ID { HANDLE UniqueProcess; HANDLE UniqueThread; } CLIENT_ID, *PCLIENT_ID; typedef const UNICODE_STRING* PCUNICODE_STRING; typedef STRING ANSI_STRING; typedef PSTRING PANSI_STRING; typedef STRING OEM_STRING; typedef PSTRING POEM_STRING; typedef CONST STRING* PCOEM_STRING; typedef STRING CANSI_STRING; typedef PSTRING PCANSI_STRING; #endif ================================================ FILE: ntfile.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: ntfile.c * DESCRIPTION: File operations. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" #include "ntfile.h" BOOLEAN NtFileOpenDirectory(HANDLE *phRetFile, WCHAR *pwszFileName, BOOLEAN bWrite, BOOLEAN bOverwrite) { HANDLE hFile; UNICODE_STRING ustrFileName; IO_STATUS_BLOCK IoStatusBlock; ULONG CreateDisposition = 0; WCHAR wszFileName[1024] = L"\\??\\"; OBJECT_ATTRIBUTES ObjectAttributes; wcscat(wszFileName, pwszFileName); RtlInitUnicodeString(&ustrFileName, wszFileName); InitializeObjectAttributes(&ObjectAttributes, &ustrFileName, OBJ_CASE_INSENSITIVE, NULL, NULL); if (bWrite) { if (bOverwrite) { CreateDisposition = FILE_OVERWRITE_IF; } else { CreateDisposition = FILE_OPEN_IF; } } else { CreateDisposition = FILE_OPEN; } NtCreateFile(&hFile, FILE_LIST_DIRECTORY | SYNCHRONIZE | FILE_OPEN_FOR_BACKUP_INTENT, &ObjectAttributes, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_CREATE, FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE, NULL, 0); *phRetFile = hFile; return TRUE; } BOOLEAN NtFileOpenFile(HANDLE *phRetFile, WCHAR *pwszFileName, BOOLEAN bWrite, BOOLEAN bOverwrite) { HANDLE hFile; UNICODE_STRING ustrFileName; IO_STATUS_BLOCK IoStatusBlock; ULONG CreateDisposition = 0; WCHAR wszFileName[1024] = L"\\??\\"; OBJECT_ATTRIBUTES ObjectAttributes; NTSTATUS ntStatus; wcscat(wszFileName, pwszFileName); RtlInitUnicodeString(&ustrFileName, wszFileName); InitializeObjectAttributes(&ObjectAttributes, &ustrFileName, OBJ_CASE_INSENSITIVE, NULL, NULL); if (bWrite) { if (bOverwrite) { CreateDisposition = FILE_OVERWRITE_IF; } else { CreateDisposition = FILE_OPEN_IF; } } else { CreateDisposition = FILE_OPEN; } ntStatus = NtCreateFile(&hFile, GENERIC_WRITE | SYNCHRONIZE | GENERIC_READ, &ObjectAttributes, &IoStatusBlock, 0, FILE_ATTRIBUTE_NORMAL, 0, CreateDisposition, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if (!NT_SUCCESS(ntStatus)) { RtlCliDisplayString("NtCreateFile() failed 0x%.8X\n", ntStatus); return FALSE; } *phRetFile = hFile; return TRUE; } BOOLEAN NtFileWriteFile(HANDLE hFile, LPVOID lpData, DWORD dwBufferSize, DWORD *pRetWrittenSize) { IO_STATUS_BLOCK sIoStatus; NTSTATUS ntStatus = 0; memset(&sIoStatus, 0, sizeof(IO_STATUS_BLOCK)); ntStatus = NtWriteFile(hFile, NULL, NULL, NULL, &sIoStatus, lpData, dwBufferSize, NULL, NULL); if (ntStatus == STATUS_SUCCESS) { if (pRetWrittenSize) { *pRetWrittenSize = sIoStatus.Information & MAXULONG; } return TRUE; } return FALSE; } BOOLEAN NtFileCopyFile(WCHAR *pszSrc, WCHAR *pszDst) { HANDLE hSrc = NULL; HANDLE hDst = NULL; BYTE byData[8192]; LONGLONG lFileSize = 0; LONGLONG lWrittenSizeTotal = 0; DWORD dwReadSize = 0; DWORD dwWrittenSize = 0; BOOLEAN bResult = 0; bResult = NtFileOpenFile(&hSrc, pszSrc, FALSE, FALSE); if (bResult == FALSE) { return FALSE; } bResult = NtFileOpenFile(&hDst, pszDst, TRUE, TRUE); if (bResult == FALSE) { NtFileCloseFile(hSrc); return FALSE; } if (NtFileGetFileSize(hSrc, &lFileSize) == FALSE) { NtFileCloseFile(hSrc); NtFileCloseFile(hDst); return FALSE; } lWrittenSizeTotal = 0; while (1) { dwReadSize = 0; if (NtFileReadFile(hSrc, byData, 8192, &dwReadSize) == FALSE) { NtFileCloseFile(hSrc); NtFileCloseFile(hDst); return FALSE; } if (NtFileWriteFile(hDst, byData, dwReadSize, &dwWrittenSize) == FALSE) { NtFileCloseFile(hSrc); NtFileCloseFile(hDst); return FALSE; } if (dwReadSize != dwWrittenSize) { NtFileCloseFile(hSrc); NtFileCloseFile(hDst); return FALSE; } lWrittenSizeTotal += dwWrittenSize; if (lWrittenSizeTotal == lFileSize) { // End of File... break; } } NtFileCloseFile(hSrc); NtFileCloseFile(hDst); return TRUE; } BOOLEAN NtFileReadFile(HANDLE hFile, LPVOID pOutBuffer, DWORD dwOutBufferSize, DWORD *pRetReadSize) { IO_STATUS_BLOCK sIoStatus; NTSTATUS ntStatus = 0; memset(&sIoStatus, 0, sizeof(IO_STATUS_BLOCK)); ntStatus = NtReadFile(hFile, NULL, NULL, NULL, &sIoStatus, pOutBuffer, dwOutBufferSize, NULL, NULL); if (ntStatus == STATUS_SUCCESS) { if (pRetReadSize) { *pRetReadSize = sIoStatus.Information & MAXULONG; } return TRUE; } return FALSE; } BOOLEAN NtFileGetFilePosition(HANDLE hFile, LONGLONG *pRetCurrentPosition) { IO_STATUS_BLOCK sIoStatus; FILE_POSITION_INFORMATION sFilePosition; NTSTATUS ntStatus = 0; memset(&sIoStatus, 0, sizeof(IO_STATUS_BLOCK)); memset(&sFilePosition, 0, sizeof(FILE_POSITION_INFORMATION)); ntStatus = NtQueryInformationFile(hFile, &sIoStatus, &sFilePosition, sizeof(FILE_POSITION_INFORMATION), FilePositionInformation); if (ntStatus == STATUS_SUCCESS) { if (pRetCurrentPosition) { *pRetCurrentPosition = (sFilePosition.CurrentByteOffset.QuadPart); } return TRUE; } return FALSE; } BOOLEAN NtFileGetFileSize(HANDLE hFile, LONGLONG *pRetFileSize) { IO_STATUS_BLOCK sIoStatus; FILE_STANDARD_INFORMATION sFileInfo; NTSTATUS ntStatus = 0; memset(&sIoStatus, 0, sizeof(IO_STATUS_BLOCK)); memset(&sFileInfo, 0, sizeof(FILE_STANDARD_INFORMATION)); ntStatus = NtQueryInformationFile(hFile, &sIoStatus, &sFileInfo, sizeof(FILE_STANDARD_INFORMATION), FileStandardInformation); if (ntStatus == STATUS_SUCCESS) { if (pRetFileSize) { *pRetFileSize = (sFileInfo.EndOfFile.QuadPart); } return TRUE; } return FALSE; } BOOLEAN NtFileSeekFile(HANDLE hFile, LONGLONG lAmount) { IO_STATUS_BLOCK sIoStatus; FILE_POSITION_INFORMATION sFilePosition; NTSTATUS ntStatus = 0; memset(&sIoStatus, 0, sizeof(IO_STATUS_BLOCK)); sFilePosition.CurrentByteOffset.QuadPart = lAmount; ntStatus = NtSetInformationFile(hFile, &sIoStatus, &sFilePosition, sizeof(FILE_POSITION_INFORMATION), FilePositionInformation); if (ntStatus == STATUS_SUCCESS) { return TRUE; } return FALSE; } BOOLEAN NtFileCloseFile(HANDLE hFile) { NTSTATUS ntStatus = 0; ntStatus = NtClose(hFile); if (ntStatus == STATUS_SUCCESS) { return TRUE; } return FALSE; } // filename - full path in DOS format BOOLEAN NtFileDeleteFile(PCWSTR filename) { UNICODE_STRING us; NTSTATUS status; OBJECT_ATTRIBUTES oa; RtlInitUnicodeString(&us, filename); if (!RtlDosPathNameToNtPathName_U(filename, &us, NULL, NULL)) { return FALSE; } InitializeObjectAttributes(&oa, &us, OBJ_CASE_INSENSITIVE, NULL, NULL); status = NtDeleteFile(&oa); if (!NT_SUCCESS(status)) { return FALSE; } return TRUE; } BOOLEAN NtFileCreateDirectory(PCWSTR dirname) { UNICODE_STRING us; NTSTATUS status; HANDLE hFile; OBJECT_ATTRIBUTES oa; IO_STATUS_BLOCK iosb; if (!RtlDosPathNameToNtPathName_U(dirname, &us, NULL, NULL)) { return FALSE; } InitializeObjectAttributes(&oa, &us, OBJ_CASE_INSENSITIVE, NULL, NULL); status = NtCreateFile(&hFile, FILE_LIST_DIRECTORY | SYNCHRONIZE | FILE_OPEN_FOR_BACKUP_INTENT, &oa, &iosb, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_CREATE, FILE_SYNCHRONOUS_IO_NONALERT | FILE_DIRECTORY_FILE, NULL, 0); if (NT_SUCCESS(status)) { NtClose(hFile); return TRUE; } /* if it already exists then return success */ if (status == STATUS_OBJECT_NAME_COLLISION) { return TRUE; } return FALSE; } /* lpExistingFileName - full path in DOS format lpNewFileName - full path in DOS format, or filename */ BOOLEAN NtFileMoveFile(IN LPCWSTR lpExistingFileName, IN LPCWSTR lpNewFileName, BOOLEAN ReplaceIfExists) { PFILE_RENAME_INFORMATION FileRenameInfo; OBJECT_ATTRIBUTES ObjectAttributes; IO_STATUS_BLOCK IoStatusBlock; UNICODE_STRING ExistingFileNameU; WCHAR NewFileName[MAX_PATH] = L"\\??\\"; HANDLE FileHandle; DWORD FileNameSize; NTSTATUS Status; if (!lpExistingFileName || !lpNewFileName) { return FALSE; } RtlDosPathNameToNtPathName_U(lpExistingFileName, &ExistingFileNameU, NULL, NULL); if ((wcslen(lpNewFileName) > 2) && L':' == lpNewFileName[1]) { wcsncat(NewFileName, lpNewFileName, MAX_PATH); } else { wcsncpy(NewFileName, lpNewFileName, MAX_PATH); } RtlCliDisplayString("NtFileMoveFile (%S, %S)\n", ExistingFileNameU.Buffer, NewFileName); InitializeObjectAttributes(&ObjectAttributes, &ExistingFileNameU, OBJ_CASE_INSENSITIVE, NULL, NULL); Status = NtCreateFile(&FileHandle, FILE_ALL_ACCESS, &ObjectAttributes, &IoStatusBlock, NULL, FILE_ATTRIBUTE_NORMAL, FILE_SHARE_READ | FILE_SHARE_WRITE, FILE_OPEN, FILE_SYNCHRONOUS_IO_NONALERT, NULL, 0); if (!NT_SUCCESS(Status)) { RtlCliDisplayString("NtCreateFile() failed (Status %lx)\n", Status); return FALSE; } FileNameSize = wcslen(NewFileName) * sizeof(*NewFileName); FileRenameInfo = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, sizeof(FILE_RENAME_INFORMATION) + FileNameSize); if (!FileRenameInfo) { RtlCliDisplayString("RtlAllocateHeap failed\n"); NtClose(FileHandle); return FALSE; } FileRenameInfo->RootDirectory = NULL; FileRenameInfo->ReplaceIfExists = ReplaceIfExists; FileRenameInfo->FileNameLength = FileNameSize; RtlCopyMemory(FileRenameInfo->FileName, NewFileName, FileNameSize); Status = NtSetInformationFile( FileHandle, &IoStatusBlock, FileRenameInfo, sizeof(FILE_RENAME_INFORMATION) + FileNameSize, FileRenameInformation); RtlFreeHeap(RtlGetProcessHeap(), 0, FileRenameInfo); NtClose(FileHandle); return TRUE; } ================================================ FILE: ntfile.h ================================================ #ifndef NATIVEFILE_FUNCTIONS_H #define NATIVEFILE_FUNCTIONS_H 1 #include BOOLEAN NtFileOpenFile(HANDLE *phRetFile, WCHAR *pwszFileName, BOOLEAN bWrite, BOOLEAN bOverwrite); BOOLEAN NtFileOpenDirectory(HANDLE *phRetFile, WCHAR *pwszFileName, BOOLEAN bWrite, BOOLEAN bOverwrite); BOOLEAN NtFileReadFile(HANDLE hFile, LPVOID pOutBuffer, DWORD dwOutBufferSize, DWORD *pRetReadSize); BOOLEAN NtFileWriteFile(HANDLE hFile, LPVOID lpData, DWORD dwBufferSize, DWORD *pRetWrittenSize); BOOLEAN NtFileSeekFile(HANDLE hFile, LONGLONG lAmount); BOOLEAN NtFileGetFilePosition(HANDLE hFile, LONGLONG *pRetCurrentPosition); BOOLEAN NtFileGetFileSize(HANDLE hFile, LONGLONG *pRetFileSize); BOOLEAN NtFileCloseFile(HANDLE hFile); BOOLEAN NtFileCopyFile(WCHAR *pszSrc, WCHAR *pszDst); BOOLEAN NtFileDeleteFile(PCWSTR filename); BOOLEAN NtFileCreateDirectory(PCWSTR dirname); BOOLEAN NtFileMoveFile(IN LPCWSTR lpExistingFileName, IN LPCWSTR lpNewFileName, BOOLEAN ReplaceIfExists); #endif ================================================ FILE: ntreg.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: ntreg.c * DESCRIPTION: Registry operations. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "ntreg.h" #include "precomp.h" WCHAR *NtRegGetRootPath(H_KEY hkRoot) { if (hkRoot == HKEY_LOCAL_MACHINE) { return L"\\Registry\\Machine"; } else if (hkRoot == HKEY_CLASSES_ROOT) { return L"\\Registry\\Machine\\SOFTWARE\\Classes"; } else if (hkRoot == HKEY_CURRENT_CONFIG) { return L"\\Registry\\Machine\\System\\CurrentControlSet\\Hardware " L"Profiles\\Current"; } else if (hkRoot == HKEY_USERS) { return L"\\Registry\\User"; } return NULL; } BOOLEAN NtRegOpenKey(HANDLE *phKey, H_KEY hkRoot, WCHAR *pwszSubKey, ACCESS_MASK DesiredAccess) { NTSTATUS nRet = 0; HANDLE hReg = 0; UNICODE_STRING ustrKeyName; WCHAR wszKeyName[4096] = { 0, }; WCHAR *pwszRootKey = NULL; OBJECT_ATTRIBUTES ObjectAttributes; pwszRootKey = NtRegGetRootPath(hkRoot); if (!pwszRootKey) { return FALSE; } // Set RootKey AppendString(wszKeyName, pwszRootKey); // Set SubKey AppendString(wszKeyName, L"\\"); AppendString(wszKeyName, pwszSubKey); // Setup Unicode String SetUnicodeString(&ustrKeyName, wszKeyName); // printf("'%S'\n", ustrKeyName.Buffer); InitializeObjectAttributes(&ObjectAttributes, &ustrKeyName, OBJ_CASE_INSENSITIVE, NULL, NULL); nRet = NtOpenKey(phKey, DesiredAccess, &ObjectAttributes); if (!NT_SUCCESS(nRet)) { RtlCliDisplayString("NtOpenKey Error : %X\n", nRet); return FALSE; } return TRUE; } BOOLEAN NtRegWriteValue(HANDLE hKey, WCHAR *pwszValueName, PVOID pData, ULONG uLength, DWORD dwRegType) { UNICODE_STRING ustrValueName; NTSTATUS nRet; SetUnicodeString(&ustrValueName, pwszValueName); nRet = NtSetValueKey(hKey, &ustrValueName, 0, dwRegType, // i.e. REG_BINARY pData, uLength); // printf("NtRegWriteValue : %X\n", nRet); if (!NT_SUCCESS(nRet)) { return FALSE; } return TRUE; } BOOLEAN NtRegWriteString(HANDLE hKey, WCHAR *pwszValueName, WCHAR *pwszValue) { BOOLEAN bRet = FALSE; bRet = NtRegWriteValue(hKey, pwszValueName, pwszValue, (GetStringLength(pwszValue) + 1) * sizeof(WCHAR), REG_SZ); return bRet; } BOOLEAN NtRegDeleteValue(HANDLE hKey, WCHAR *pwszValueName) { UNICODE_STRING ustrValueName; int nRet = 0; SetUnicodeString(&ustrValueName, pwszValueName); nRet = NtDeleteValueKey(hKey, &ustrValueName); if (!NT_SUCCESS(nRet)) { return FALSE; } return TRUE; } BOOLEAN NtRegReadValue(HANDLE hKey, HANDLE hHeapHandle, WCHAR *pszValueName, PKEY_VALUE_PARTIAL_INFORMATION *pRetBuffer, ULONG *pRetBufferSize) { UNICODE_STRING ustrValueName; BYTE *pBuffer = NULL; ULONG uSize = 1024; ULONG uRetSize; NTSTATUS ntStatus = 0; int i = 0; SetUnicodeString(&ustrValueName, pszValueName); for (i = 0; i < 4096; i++) { pBuffer = kmalloc(hHeapHandle, uSize); ntStatus = NtQueryValueKey(hKey, &ustrValueName, KeyValuePartialInformation, pBuffer, uSize, &uRetSize); if (ntStatus == STATUS_SUCCESS) { break; } else if (ntStatus == STATUS_INVALID_PARAMETER) { kfree(hHeapHandle, pBuffer); pBuffer = NULL; return FALSE; } kfree(hHeapHandle, pBuffer); pBuffer = NULL; uSize += 4; } *pRetBuffer = (PKEY_VALUE_PARTIAL_INFORMATION)pBuffer; *pRetBufferSize = uSize; return TRUE; } BOOLEAN NtRegCloseKey(HANDLE hKey) { int nRet = 0; nRet = NtClose(hKey); if (!NT_SUCCESS(nRet)) { return FALSE; } return TRUE; } void NtEnumKey(HANDLE hKey) { NTSTATUS nRet = 0; char buf[BUFFER_SIZE]; PKEY_VALUE_BASIC_INFORMATION pbi; PKEY_NODE_INFORMATION pki; ULONG ResultLength; UINT i; RtlCliDisplayString("=========\n"); i = 0; memset(buf, 0x00, BUFFER_SIZE); pki = (PKEY_NODE_INFORMATION)buf; while (STATUS_SUCCESS == NtEnumerateKey(hKey, i++, KeyNodeInformation, pki, BUFFER_SIZE, &ResultLength)) { if (pki->NameLength) { RtlCliDisplayString("[%S]\n", pki->Name); } else { RtlCliDisplayString("[null]\n"); } memset(buf, 0x00, BUFFER_SIZE); } RtlCliDisplayString("---------\n"); i = 0; memset(buf, 0x00, BUFFER_SIZE); pbi = (PKEY_VALUE_BASIC_INFORMATION)buf; while (STATUS_SUCCESS == NtEnumerateValueKey(hKey, i++, KeyValueBasicInformation, pbi, BUFFER_SIZE, &ResultLength)) { RtlCliDisplayString((pbi->Type == REG_SZ) ? " REG_SZ" : (pbi->Type == REG_MULTI_SZ) ? " REG_MULTI_SZ" : (pbi->Type == REG_DWORD) ? " REG_DWORD" : "Other type (%d)", pbi->Type); if (pbi->NameLength) { RtlCliDisplayString(" %S\n", pbi->Name); } else { RtlCliDisplayString(" (null)\n"); } memset(buf, 0x00, BUFFER_SIZE); } RtlCliDisplayString("=========\n"); return; } ================================================ FILE: ntreg.h ================================================ #ifndef NATIVEREGISTRY_FUNCTIONS_H #define NATIVEREGISTRY_FUNCTIONS_H 1 #include #define HKEY_CLASSES_ROOT 0x80000000 #define HKEY_CURRENT_USER 0x80000001 #define HKEY_LOCAL_MACHINE 0x80000002 #define HKEY_USERS 0x80000003 #define HKEY_PERFORMANCE_DATA 0x80000004 #define HKEY_PERFORMANCE_TEXT 0x80000050 #define HKEY_PERFORMANCE_NLSTEXT 0x80000060 #define HKEY_CURRENT_CONFIG 0x80000005 #define HKEY_DYN_DATA 0x80000006 typedef ULONG H_KEY; WCHAR *NtRegGetRootPath(H_KEY hkRoot); BOOLEAN NtRegOpenKey(HANDLE *phKey, H_KEY hkRoot, WCHAR *pwszSubKey, ACCESS_MASK DesiredAccess); BOOLEAN NtRegWriteValue(HANDLE H_KEY, WCHAR *pwszValueName, PVOID pData, ULONG uLength, DWORD dwRegType); BOOLEAN NtRegWriteString(HANDLE H_KEY, WCHAR *pwszValueName, WCHAR *pwszValue); BOOLEAN NtRegDeleteValue(HANDLE H_KEY, WCHAR *pwszValueName); BOOLEAN NtRegCloseKey(HANDLE H_KEY); BOOLEAN NtRegReadValue(HANDLE H_KEY, HANDLE hHeapHandle, WCHAR *pszValueName, PKEY_VALUE_PARTIAL_INFORMATION *pRetBuffer, ULONG *pRetBufferSize); void NtEnumKey(HANDLE hKey); #endif ================================================ FILE: precomp.h ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: precomp.h * DESCRIPTION: Precompiled header. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #define WIN32_NO_STATUS #define NTOS_MODE_USER #include #include #include #include #include #include #include #include #include "ntfile.h" #include "ntreg.h" // Device type for input/output typedef enum _CON_DEVICE_TYPE { KeyboardType, MouseType } CON_DEVICE_TYPE; // Display functions NTSTATUS __cdecl RtlCliDisplayString( IN PCH Message, ...); NTSTATUS RtlCliPrintString( IN PUNICODE_STRING Message); NTSTATUS RtlCliPutChar( IN WCHAR Char); // Input functions NTSTATUS RtlCliOpenInputDevice( OUT PHANDLE Handle, IN CON_DEVICE_TYPE Type); CHAR RtlCliGetChar( IN HANDLE hDriver); PCHAR RtlCliGetLine( IN HANDLE hDriver); // System information functions NTSTATUS RtlCliListDrivers( VOID); NTSTATUS RtlCliListProcesses( VOID); NTSTATUS RtlCliDumpSysInfo( VOID); NTSTATUS RtlCliShutdown( VOID); NTSTATUS RtlCliReboot( VOID); NTSTATUS RtlCliPowerOff( VOID); // Hardware functions NTSTATUS RtlCliListHardwareTree( VOID); // File functions NTSTATUS RtlCliListDirectory( PWCHAR CurrentDirectory); NTSTATUS RtlCliSetCurrentDirectory( PCHAR Directory); ULONG RtlCliGetCurrentDirectory( IN OUT PWSTR CurrentDirectory); // Keyboard: HANDLE hKeyboard; typedef struct _KBD_RECORD { WORD wVirtualScanCode; DWORD dwControlKeyState; UCHAR AsciiChar; BOOL bKeyDown; } KBD_RECORD, *PKBD_RECORD; void IntTranslateKey(PKEYBOARD_INPUT_DATA InputData, KBD_RECORD *kbd_rec); #define RIGHT_ALT_PRESSED 0x0001 // the right alt key is pressed. #define LEFT_ALT_PRESSED 0x0002 // the left alt key is pressed. #define RIGHT_CTRL_PRESSED 0x0004 // the right ctrl key is pressed. #define LEFT_CTRL_PRESSED 0x0008 // the left ctrl key is pressed. #define SHIFT_PRESSED 0x0010 // the shift key is pressed. #define NUMLOCK_ON 0x0020 // the numlock light is on. #define SCROLLLOCK_ON 0x0040 // the scrolllock light is on. #define CAPSLOCK_ON 0x0080 // the capslock light is on. #define ENHANCED_KEY 0x0100 // the key is enhanced. // Process: NTSTATUS CreateNativeProcess(IN PCWSTR file_name, IN PCWSTR cmd_line, OUT PHANDLE hProcess); #define BUFFER_SIZE 1024 #define NUM_ARGS 256 // Command processing: #define CMDSTR(x) x, strlen(x) CHAR **StringToArguments(CHAR *string, UINT *argc); BOOL GetFullPath(IN PCSTR filename, OUT PWSTR out, IN BOOL add_slash); BOOL FileExists(PCWSTR fname); // Registry NTSTATUS OpenKey(OUT PHANDLE pHandle, IN PWCHAR key); NTSTATUS RegWrite(HANDLE hKey, INT type, PWCHAR key_name, PVOID data, DWORD size); NTSTATUS RegReadValue(HANDLE hKey, PWCHAR key_name, OUT PULONG type, OUT PVOID data, IN ULONG buf_size, OUT PULONG out_size); //=========================================================== // Helper Functions for ntreg.c //=========================================================== BOOLEAN SetUnicodeString( UNICODE_STRING *pustrRet, WCHAR *pwszData); BOOLEAN DisplayString( WCHAR *pwszData); HANDLE InitHeapMemory(void); BOOLEAN DeinitHeapMemory( HANDLE hHeap); PVOID kmalloc( HANDLE hHeap, int nSize); BOOLEAN kfree( HANDLE hHeap, PVOID pMemory); BOOLEAN AppendString( WCHAR *pszInput, WCHAR *pszAppend); UINT GetStringLength( WCHAR *pszInput); ================================================ FILE: process.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: process.c * DESCRIPTION: Create process implementation. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" /* ***************************************************************************** * CreateNativeProcess - Create a native process * file_name: full path to .exe, in DOS format * cmd_line: arguments for process * * Returns: STATUS_SUCCESS or STATUS_UNSUCCESSFUL ***************************************************************************** */ NTSTATUS CreateNativeProcess(IN PCWSTR file_name, IN PCWSTR cmd_line, OUT PHANDLE hProcess) { UNICODE_STRING fname, nt_file; PCWSTR file_part; UNICODE_STRING EnvString, NullString, UnicodeSystemDriveString; NTSTATUS status; // Status UNICODE_STRING imgname; // ImageName UNICODE_STRING imgpath; // Nt ImagePath UNICODE_STRING dllpath; // Nt DllPath (DOS Name) UNICODE_STRING cmdline; // Nt CommandLine PRTL_USER_PROCESS_PARAMETERS processparameters; // ProcessParameters RTL_USER_PROCESS_INFORMATION processinformation = {0}; // ProcessInformation WCHAR Env[2] = {0, 0}; // Process Envirnoment PKUSER_SHARED_DATA SharedData = (PKUSER_SHARED_DATA)USER_SHARED_DATA; // Kernel Shared Data *hProcess = NULL; RtlDosPathNameToNtPathName_U(file_name, &nt_file, &file_part, NULL); RtlInitUnicodeString(&imgpath, nt_file.Buffer); // Image path RtlInitUnicodeString(&imgname, file_part); // Image name RtlInitUnicodeString(&dllpath, SharedData->NtSystemRoot); // DLL Path is %SystemRoot% RtlInitUnicodeString(&cmdline, cmd_line); // Command Line parameters status = RtlCreateProcessParameters(&processparameters, &imgname, &dllpath, &dllpath, &cmdline, Env, 0, 0, 0, 0); if (!NT_SUCCESS(status)) { RtlCliDisplayString("RtlCreateProcessParameters failed\n"); return STATUS_UNSUCCESSFUL; } DbgPrint("Launching Process: %s, DllPath=%s, CmdLine=%s", &imgname, &dllpath, &cmdline); status = RtlCreateUserProcess(&imgpath, OBJ_CASE_INSENSITIVE, processparameters, NULL, NULL, NULL, FALSE, NULL, NULL, &processinformation); if (!NT_SUCCESS(status)) { RtlCliDisplayString("RtlCreateUserProcess failed\n"); return STATUS_UNSUCCESSFUL; } if (processinformation.ImageInformation.SubSystemType != IMAGE_SUBSYSTEM_NATIVE) { RtlCliDisplayString("\nThe %S application cannot be run in native mode.\n", file_name); return STATUS_UNSUCCESSFUL; } status = NtResumeThread(processinformation.ThreadHandle, NULL); if (!NT_SUCCESS(status)) { RtlCliDisplayString("NtResumeThread failed\n"); return STATUS_UNSUCCESSFUL; } *hProcess = processinformation.ProcessHandle; return STATUS_SUCCESS; } ================================================ FILE: shell.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: shell.c * DESCRIPTION: Shell helper functions. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" /* ***************************************************************************** * GetFullPath - Get a full path. * * filename: File name * out: String for full path * add_slash: Add slash to the end of string * * Returns: TRUE or FALSE ***************************************************************************** */ BOOL GetFullPath(IN PCSTR filename, OUT PWSTR out, IN BOOL add_slash) { UNICODE_STRING us; ANSI_STRING as; WCHAR cur_path[MAX_PATH]; RtlCliGetCurrentDirectory(cur_path); if (NULL == filename || NULL == cur_path || NULL == out) { return FALSE; } if ((strlen(filename) > 1) && filename[1] == ':') { RtlInitAnsiString(&as, filename); RtlAnsiStringToUnicodeString(&us, &as, TRUE); wcscpy(out, us.Buffer); if (add_slash) { wcscat(out, L"\\"); } RtlFreeUnicodeString(&us); } else { RtlInitAnsiString(&as, filename); RtlAnsiStringToUnicodeString(&us, &as, TRUE); wcscpy(out, cur_path); if (out[wcslen(out) - 1] != L'\\') { wcscat(out, L"\\"); } wcscat(out, us.Buffer); if (add_slash) { wcscat(out, L"\\"); } RtlFreeUnicodeString(&us); } return TRUE; } // Argument processing functions: static CHAR *xargv[NUM_ARGS]; CHAR **StringToArguments(CHAR *string, UINT *argc) { /* Extract whitespace- and quotes- delimited tokens from the given string and put them into the tokens array. Returns number of tokens extracted. Length specifies the current size of tokens[]. THIS METHOD MODIFIES string. */ const char *whitespace = " \t\r\n"; char *tokenEnd; const char *quoteCharacters = "\"\'"; char *end = string + strlen(string); UINT length = NUM_ARGS; if ((NULL == string) || (NULL == argc) || (0 == length)) return NULL; *argc = 0; while (1) { const char *q; /* Skip over initial whitespace. */ string += strspn(string, whitespace); if (!*string) break; for (q = quoteCharacters; *q; ++q) { if (*string == *q) break; } if (*q) { /* Token is quoted. */ char quote = *string++; tokenEnd = strchr(string, quote); /* If there is no endquote, the token is the rest of the string. */ if (!tokenEnd) tokenEnd = end; } else { tokenEnd = string + strcspn(string, whitespace); } *tokenEnd = 0; xargv[*argc] = string; *argc = *argc + 1; if ((tokenEnd == end) || (*argc >= length)) break; string = tokenEnd + 1; } return xargv; } /******************************************************************************\ * GetFileAttributesNt - Get File Attributes * fname: File name \******************************************************************************/ ULONG GetFileAttributesNt(PCWSTR filename) { OBJECT_ATTRIBUTES oa; FILE_BASIC_INFORMATION fbi; UNICODE_STRING nt_filename; RtlDosPathNameToNtPathName_U(filename, &nt_filename, NULL, NULL); InitializeObjectAttributes(&oa, &nt_filename, OBJ_CASE_INSENSITIVE, 0, 0); fbi.FileAttributes = 0; NtQueryAttributesFile(&oa, &fbi); return fbi.FileAttributes; } /******************************************************************************\ * FolderExists - Check if folder exists * fFile: Folder \******************************************************************************/ BOOL FolderExists(PCWSTR foldername) { BOOL retval = FALSE; UNICODE_STRING u_filename, nt_filename; FILE_BASIC_INFORMATION fbi; OBJECT_ATTRIBUTES oa; NTSTATUS st; RtlInitUnicodeString(&u_filename, foldername); RtlDosPathNameToNtPathName_U(u_filename.Buffer, &nt_filename, NULL, NULL); InitializeObjectAttributes(&oa, &nt_filename, OBJ_CASE_INSENSITIVE, 0, 0); st = NtQueryAttributesFile(&oa, &fbi); retval = NT_SUCCESS(st); if (retval && (fbi.FileAttributes & FILE_ATTRIBUTE_DIRECTORY)) { return TRUE; } return FALSE; } /******************************************************************************\ * FileExists - Checks if file exists * filename: File name \******************************************************************************/ BOOL FileExists(PCWSTR filename) { UNICODE_STRING u_filename, nt_filename; FILE_BASIC_INFORMATION fbi; OBJECT_ATTRIBUTES oa; NTSTATUS st; RtlInitUnicodeString(&u_filename, filename); RtlDosPathNameToNtPathName_U(u_filename.Buffer, &nt_filename, NULL, NULL); InitializeObjectAttributes(&oa, &nt_filename, OBJ_CASE_INSENSITIVE, 0, 0); st = NtQueryAttributesFile(&oa, &fbi); return NT_SUCCESS(st); } BOOLEAN DisplayString(WCHAR *pwszData) { UNICODE_STRING ustrData; BOOLEAN bRet; bRet = SetUnicodeString(&ustrData, pwszData); if (bRet == FALSE) return FALSE; NtDisplayString(&ustrData); return TRUE; } BOOLEAN SetUnicodeString(UNICODE_STRING *pustrRet, WCHAR *pwszData) { if (pustrRet == NULL || pwszData == NULL) { return FALSE; } pustrRet->Buffer = pwszData; pustrRet->Length = wcslen(pwszData) * sizeof(WCHAR); pustrRet->MaximumLength = pustrRet->Length + sizeof(WCHAR); return TRUE; } HANDLE InitHeapMemory(void) { RTL_HEAP_PARAMETERS sHeapDef; HANDLE hHeap; // Init Heap Memory memset(&sHeapDef, 0, sizeof(RTL_HEAP_PARAMETERS)); sHeapDef.Length = sizeof(RTL_HEAP_PARAMETERS); hHeap = RtlCreateHeap(HEAP_GROWABLE, NULL, 0x100000, 0x1000, NULL, &sHeapDef); return hHeap; } BOOLEAN DeinitHeapMemory(HANDLE hHeap) { PVOID pRet; pRet = RtlDestroyHeap(hHeap); if (pRet == NULL) return TRUE; return FALSE; } PVOID kmalloc(HANDLE hHeap, int nSize) { // if you wanna set new memory to zero, use HEAP_ZERO_MEMORY. PVOID pRet = RtlAllocateHeap(hHeap, 0, nSize); return pRet; } BOOLEAN kfree(HANDLE hHeap, PVOID pMemory) { BOOLEAN bRet = RtlFreeHeap(hHeap, 0, pMemory); return bRet; } BOOLEAN AppendString(WCHAR *pszInput, WCHAR *pszAppend) { int i, nAppendIndex; for (i = 0;; i++) { if (pszInput[i] == 0x0000) { break; } } nAppendIndex = 0; for (;;) { if (pszAppend[nAppendIndex] == 0x0000) { break; } pszInput[i] = pszAppend[nAppendIndex]; nAppendIndex++; i++; } pszInput[i] = 0x0000; // set end of string. return TRUE; } UINT GetStringLength(WCHAR *pszInput) { int i; for (i = 0;; i++) { if (pszInput[i] == 0x0000) { break; } } return i; } ================================================ FILE: sources ================================================ TARGETNAME=native TARGETTYPE=PROGRAM UMTYPE=nt MINWIN_SDK_LIB_PATH=$(SDK_LIB_PATH) INCLUDES=$(DDK_INC_PATH);./ndk SOURCES=display.c \ file.c \ hardware.c \ input.c \ main.c \ sysinfo.c \ keytrans.c \ shell.c \ process.c \ ntfile.c \ ntreg.c PRECOMPILED_INCLUDE=precomp.h TARGETLIBS= \ $(DDK_LIB_PATH)\ntdll.lib \ $(DDK_LIB_PATH)\nt.lib USE_NTDLL=1 ================================================ FILE: sysinfo.c ================================================ /** * PROJECT: Native Shell * COPYRIGHT: LGPL; See LICENSE in the top level directory * FILE: sysinfo.c * DESCRIPTION: This module implements commands for displaying system information. * DEVELOPERS: See CONTRIBUTORS.md in the top level directory */ #include "precomp.h" NTSTATUS RtlCliShutdown(VOID) { BOOLEAN Old; // Get the shutdown privilege and shutdown the system RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, FALSE, &Old); return ZwShutdownSystem(ShutdownNoReboot); } NTSTATUS RtlCliReboot(VOID) { BOOLEAN Old; // Get the shutdown privilege and shutdown the system RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, FALSE, &Old); return ZwShutdownSystem(ShutdownReboot); } NTSTATUS RtlCliPowerOff(VOID) { BOOLEAN Old; // Get the shutdown privilege and shutdown the system RtlAdjustPrivilege(SE_SHUTDOWN_PRIVILEGE, TRUE, FALSE, &Old); return ZwShutdownSystem(ShutdownPowerOff); } NTSTATUS RtlCliListDrivers(VOID) { PRTL_PROCESS_MODULES ModuleInfo; PRTL_PROCESS_MODULE_INFORMATION ModuleEntry; NTSTATUS Status; ULONG Size = 1024*1024; ULONG i; // Allocate it ModuleInfo = RtlAllocateHeap(RtlGetProcessHeap(), HEAP_ZERO_MEMORY, Size); // Query the buffer Status = NtQuerySystemInformation(SystemModuleInformation, ModuleInfo, Size, NULL); // Display Header RtlCliDisplayString("*** ACTIVE MODULE LIST - DUMPING %d MODULES\n", ModuleInfo->NumberOfModules); // Now walk every module in it for (i = 0; i < ModuleInfo->NumberOfModules; i++) { // Check if we've displayed 20 // BUGBUG: Should be natively handled by our display routines if (i && !(i % 20)) { // Hold for more input RtlCliDisplayString("--- PRESS SPACE TO CONTINUE ---\n"); while (RtlCliGetChar(hKeyboard) != ' ') ; } // Get this entry ModuleEntry = &ModuleInfo->Modules[i]; // Display basic data RtlCliDisplayString("%s - Base: %p Size: 0x%lx\n", ModuleEntry->FullPathName, ModuleEntry->ImageBase, ModuleEntry->ImageSize); } RtlFreeHeap(RtlGetProcessHeap(), 0, ModuleInfo); // Return error code return Status; } /*++ * @name RtlCliListProcesses * * The RtlCliListProcesses routine provides a way to list the current * processes. * * @param None. * * @return NTSTATUS * * @remarks Documentation for this routine needs to be completed. * *--*/ NTSTATUS RtlCliListProcesses(VOID) { PSYSTEM_PROCESS_INFORMATION ModuleInfo; NTSTATUS Status; ULONG Size = 0x10000; // Allocate a static buffer that should be large enough ModuleInfo = RtlAllocateHeap(RtlGetProcessHeap(), 0, Size); if (!ModuleInfo) return STATUS_INSUFFICIENT_RESOURCES; // Query the buffer Status = NtQuerySystemInformation(SystemProcessInformation, ModuleInfo, Size, NULL); if (!NT_SUCCESS(Status)) return Status; // Display Header RtlCliDisplayString("*** ACTIVE PROCESS LIST\n"); // Now walk every module in it while (TRUE) { // Display basic data RtlCliDisplayString("[%lx] %S - WS/PF/V:[%dK/%dK/%dK] Threads: %d\n", ModuleInfo->UniqueProcessId, ModuleInfo->ImageName.Buffer, ModuleInfo->WorkingSetSize / 1024, ModuleInfo->PagefileUsage / 1024, ModuleInfo->VirtualSize / 1024, ModuleInfo->NumberOfThreads); // Break out if we're done if (!ModuleInfo->NextEntryOffset) break; // Get next entry ModuleInfo = (PSYSTEM_PROCESS_INFORMATION)((ULONG_PTR)ModuleInfo + ModuleInfo->NextEntryOffset); } // Return error code return Status; } /*++ * @name RtlCliDumpSysInfo * * The RtlCliDumpSysInfo routine queries a large amount of system information * and displays it on screen. * * @param None. * * @return NTSTATUS * * @remarks Documentation for this routine needs to be completed. * *--*/ NTSTATUS RtlCliDumpSysInfo(VOID) { NTSTATUS Status; SYSTEM_BASIC_INFORMATION BasicInfo; SYSTEM_PROCESSOR_INFORMATION ProcInfo; SYSTEM_PERFORMANCE_INFORMATION PerfInfo; SYSTEM_TIMEOFDAY_INFORMATION TimeInfo; SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION ProcPerfInfo[2]; SYSTEM_FILECACHE_INFORMATION CacheInfo; PKUSER_SHARED_DATA SharedData = (PKUSER_SHARED_DATA)USER_SHARED_DATA; TIME_FIELDS BootTime, IdleTime, KernelTime, UserTime, DpcTime; // Query basic system information Status = NtQuerySystemInformation(SystemBasicInformation, &BasicInfo, sizeof(BasicInfo), NULL); if (!NT_SUCCESS(Status)) return Status; // Query basic processor information Status = NtQuerySystemInformation(SystemProcessorInformation, &ProcInfo, sizeof(ProcInfo), NULL); if (!NT_SUCCESS(Status)) return Status; // Query basic system information Status = NtQuerySystemInformation(SystemPerformanceInformation, &PerfInfo, sizeof(PerfInfo), NULL); if (!NT_SUCCESS(Status)) return Status; // Query basic system information Status = NtQuerySystemInformation(SystemTimeOfDayInformation, &TimeInfo, sizeof(TimeInfo), NULL); if (!NT_SUCCESS(Status)) return Status; // Query basic system information Status = NtQuerySystemInformation(SystemProcessorPerformanceInformation, &ProcPerfInfo, sizeof(ProcPerfInfo), NULL); if (!NT_SUCCESS(Status)) return Status; // Display Header // FIXME: Center it RtlTimeToTimeFields(&TimeInfo.BootTime, &BootTime); RtlCliDisplayString("Native shell running in %S booted on %02d-%02d-%02d " "at %02d:%02d. CPUs: %d\n", SharedData->NtSystemRoot, BootTime.Day, BootTime.Month, BootTime.Year, BootTime.Hour, BootTime.Minute, BasicInfo.NumberOfProcessors); // Display System Flags RtlCliDisplayString("Version: %x.%x. Debug Mode: %x. Safe Mode: %x " "Product Type: %x. Suite Mask: %x\n", SharedData->NtMajorVersion, SharedData->NtMinorVersion, SharedData->KdDebuggerEnabled, SharedData->SafeBootMode, SharedData->NtProductType, SharedData->SuiteMask); RtlCliDisplayString("-------------------------------------" "-------------------------------------\n"); // Display CPU Information RtlCliDisplayString("[CPU] %s Family %d Model %x Stepping %x. " "Feature Bits: 0x%X NX: 0x%x\n", (ProcInfo.ProcessorArchitecture == PROCESSOR_ARCHITECTURE_INTEL) ? "x86" : "Unknown", ProcInfo.ProcessorLevel, ProcInfo.ProcessorRevision >> 8, ProcInfo.ProcessorRevision & 0xFF, ProcInfo.ProcessorFeatureBits, SharedData->NXSupportPolicy); // Display RAM Information RtlCliDisplayString("[RAM] Page Size: %dKB. Physical Pages: 0x%X. " "Total Physical RAM: %dKB\n", BasicInfo.PageSize / 1024, BasicInfo.NumberOfPhysicalPages, BasicInfo.NumberOfPhysicalPages * PAGE_SIZE / 1024); // Display User-Mode Virtual Memory Information RtlCliDisplayString("[USR] User-Mode Range: 0x%08X-0x%X. " "Allocation Granularity: %dKB\n", BasicInfo.MinimumUserModeAddress, BasicInfo.MaximumUserModeAddress, BasicInfo.AllocationGranularity / 1024); // Display System Virtual Memory Information RtlCliDisplayString("[VRAM] Free: %dKB. Committed: %dKB. " "Total: %dKB. Peak: %dKB\n", PerfInfo.AvailablePages * PAGE_SIZE / 1024, PerfInfo.CommittedPages * PAGE_SIZE / 1024, PerfInfo.CommitLimit * PAGE_SIZE / 1024, PerfInfo.PeakCommitment * PAGE_SIZE / 1024); // Display Kernel Memory/Pool Information RtlCliDisplayString("[KRNL] Paged: %dKB. Non-Paged: %dKB. " "Drivers: %dKB Code: %dKB\n", PerfInfo.PagedPoolPages * PAGE_SIZE / 1024, PerfInfo.NonPagedPoolPages * PAGE_SIZE / 1024, PerfInfo.TotalSystemDriverPages * PAGE_SIZE / 1024, PerfInfo.TotalSystemCodePages * PAGE_SIZE / 1024); // Check if we have two CPUs if (BasicInfo.NumberOfProcessors > 1) { // Handle two CPU case by adding all of CPU 2's times into CPU 1's // FIXME: This should be improved to support 2+ CPUs later ProcPerfInfo[0].IdleTime.QuadPart += ProcPerfInfo[1].IdleTime.QuadPart; ProcPerfInfo[0].KernelTime.QuadPart += ProcPerfInfo[1].KernelTime.QuadPart; ProcPerfInfo[0].UserTime.QuadPart += ProcPerfInfo[1].UserTime.QuadPart; ProcPerfInfo[0].DpcTime.QuadPart += ProcPerfInfo[1].DpcTime.QuadPart; ProcPerfInfo[0].InterruptCount += ProcPerfInfo[1].InterruptCount; } // Convert all 64-bit times into a readable format RtlTimeToTimeFields(&ProcPerfInfo[0].IdleTime, &IdleTime); RtlTimeToTimeFields(&ProcPerfInfo[0].KernelTime, &KernelTime); RtlTimeToTimeFields(&ProcPerfInfo[0].UserTime, &UserTime); RtlTimeToTimeFields(&ProcPerfInfo[0].DpcTime, &DpcTime); // Display System Times RtlCliDisplayString("[TIME] Kernel: %02d:%02d:%02d. User: %02d:%02d:%02d. " "DPC: %02d:%02d:%02d. Idle: %02d:%02d:%02d.\n", KernelTime.Hour, KernelTime.Minute, KernelTime.Second, UserTime.Hour, UserTime.Minute, UserTime.Second, DpcTime.Hour, DpcTime.Minute, DpcTime.Second, IdleTime.Hour, IdleTime.Minute, IdleTime.Second); // Display Core Performance Information RtlCliDisplayString("[PERF] INTs: %d. SysCalls: %d. PFs: %d. " "Ctx Switches: %d\n", ProcPerfInfo[0].InterruptCount, PerfInfo.SystemCalls, PerfInfo.PageFaultCount, PerfInfo.ContextSwitches); // Display I/O Information RtlCliDisplayString("[I/O] Reads: %d/%I64dKB. Writes: %d/%I64dKB. " "Others: %d/%I64dKB\n", PerfInfo.IoReadOperationCount, PerfInfo.IoReadTransferCount.QuadPart / 1024, PerfInfo.IoWriteOperationCount, PerfInfo.IoWriteTransferCount.QuadPart / 1024, PerfInfo.IoOtherOperationCount, PerfInfo.IoOtherTransferCount.QuadPart / 1024); // Display FileSystem Cache Information Status = NtQuerySystemInformation(SystemFileCacheInformation, &CacheInfo, sizeof(CacheInfo), NULL); if (NT_SUCCESS(Status)) { RtlCliDisplayString("[CACHE] Size: %dKB. Peak: %dKB. " "Min WS: %dKB. Max WS: %dKB\n", CacheInfo.CurrentSize / 1024, CacheInfo.PeakSize / 1024, CacheInfo.MinimumWorkingSet, CacheInfo.MaximumWorkingSet); } return STATUS_SUCCESS; }