2001-04-29 10:54:36 +08:00
|
|
|
/* ntdll.h. Contains ntdll specific stuff not defined elsewhere.
|
2000-10-25 02:44:56 +08:00
|
|
|
|
2009-01-16 20:17:28 +08:00
|
|
|
Copyright 2000, 2001, 2002, 2003, 2004, 2005, 2006, 2007, 2008,
|
2011-04-28 15:27:51 +08:00
|
|
|
2009, 2010, 2011 Red Hat, Inc.
|
2000-10-25 02:44:56 +08:00
|
|
|
|
|
|
|
This file is part of Cygwin.
|
|
|
|
|
|
|
|
This software is a copyrighted work licensed under the terms of the
|
|
|
|
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
|
|
|
details. */
|
|
|
|
|
2010-03-16 05:29:15 +08:00
|
|
|
#ifndef _NTDLL_H
|
|
|
|
#define _NTDLL_H 1
|
2011-12-05 23:46:26 +08:00
|
|
|
|
|
|
|
/* NTSTATUS values. */
|
2009-01-08 02:18:23 +08:00
|
|
|
#define STATUS_NOT_ALL_ASSIGNED ((NTSTATUS) 0x00000106)
|
2008-04-21 20:46:58 +08:00
|
|
|
#define STATUS_OBJECT_NAME_EXISTS ((NTSTATUS) 0x40000000)
|
|
|
|
#define STATUS_BUFFER_OVERFLOW ((NTSTATUS) 0x80000005)
|
|
|
|
#define STATUS_NO_MORE_FILES ((NTSTATUS) 0x80000006)
|
2011-08-28 04:01:29 +08:00
|
|
|
#ifdef STATUS_INVALID_INFO_CLASS /* Defined as unsigned value in subauth.h */
|
|
|
|
#undef STATUS_INVALID_INFO_CLASS
|
2006-05-15 02:32:57 +08:00
|
|
|
#endif
|
2011-08-28 04:01:29 +08:00
|
|
|
#define STATUS_INVALID_INFO_CLASS ((NTSTATUS) 0xc0000003)
|
2010-09-24 20:41:33 +08:00
|
|
|
#define STATUS_NOT_IMPLEMENTED ((NTSTATUS) 0xc0000002)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS) 0xc0000004)
|
2011-08-28 04:01:29 +08:00
|
|
|
#ifdef STATUS_INVALID_HANDLE /* Defined as unsigned value in winbase.h */
|
|
|
|
#undef STATUS_INVALID_HANDLE
|
|
|
|
#endif
|
|
|
|
#define STATUS_INVALID_HANDLE ((NTSTATUS) 0xc0000008)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_INVALID_PARAMETER ((NTSTATUS) 0xc000000d)
|
2007-08-23 15:43:24 +08:00
|
|
|
#define STATUS_NO_SUCH_FILE ((NTSTATUS) 0xc000000f)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_INVALID_DEVICE_REQUEST ((NTSTATUS) 0xc0000010)
|
2007-10-13 19:06:43 +08:00
|
|
|
#define STATUS_END_OF_FILE ((NTSTATUS) 0xc0000011)
|
2007-08-01 20:55:25 +08:00
|
|
|
#define STATUS_NO_MEDIA_IN_DEVICE ((NTSTATUS) 0xc0000013)
|
2007-08-01 22:46:09 +08:00
|
|
|
#define STATUS_ACCESS_DENIED ((NTSTATUS) 0xc0000022)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_BUFFER_TOO_SMALL ((NTSTATUS) 0xc0000023)
|
2010-09-06 17:47:01 +08:00
|
|
|
#define STATUS_OBJECT_TYPE_MISMATCH ((NTSTATUS) 0xc0000024)
|
2007-09-20 23:14:13 +08:00
|
|
|
#define STATUS_OBJECT_NAME_INVALID ((NTSTATUS) 0xc0000033)
|
2007-08-01 20:55:25 +08:00
|
|
|
#define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS) 0xc0000034)
|
2011-08-28 04:01:29 +08:00
|
|
|
#define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS) 0xc0000035)
|
2007-08-12 20:48:02 +08:00
|
|
|
#define STATUS_OBJECT_PATH_NOT_FOUND ((NTSTATUS) 0xc000003A)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_SHARING_VIOLATION ((NTSTATUS) 0xc0000043)
|
2009-01-08 02:18:23 +08:00
|
|
|
#define STATUS_EAS_NOT_SUPPORTED ((NTSTATUS) 0xc000004f)
|
* Makefile.in (DLL_OFILES): Add ntea.o.
* cygwin.din (getxattr, listxattr, removexattr, setxattr, lgetxattr,
llistxattr, lremovexattr, lsetxattr, fgetxattr, flistxattr,
fremovexattr, fsetxattr): Export Linux extended attribute functions.
Sort.
* errno.cc (errmap): Add mappings for ERROR_EAS_DIDNT_FIT,
ERROR_EAS_NOT_SUPPORTED, ERROR_EA_LIST_INCONSISTENT,
ERROR_EA_TABLE_FULL, ERROR_FILE_CORRUPT, ERROR_INVALID_EA_NAME.
* fhandler.h (class fhandler_base): Declare new fgetxattr and
fsetxattr methods.
(class fhandler_disk_file): Ditto.
* fhandler.cc (fhandler_base::fgetxattr): New method.
(fhandler_base::fsetxattr): New method.
* fhandler_disk_file.cc (fhandler_disk_file::fgetxattr): New method.
(fhandler_disk_file::fsetxattr): New method.
* ntdll.h (STATUS_EA_TOO_LARGE): Define.
(STATUS_NONEXISTENT_EA_ENTRY): Define.
(STATUS_NO_EAS_ON_FILE): Define.
* ntea.cc (read_ea): Rewrite for long pathnames and for using with
Linux extended attribute functions.
(write_ea): Ditto.
(getxattr_worker): New static function.
(getxattr): New function.
(lgetxattr): New function.
(fgetxattr): New function.
(listxattr): New function.
(llistxattr): New function.
(flistxattr): New function.
(setxattr_worker): New static function.
(setxattr): New function.
(lsetxattr): New function.
(fsetxattr): New function.
(removexattr): New function.
(lsetxattr): New function.
(fsetxattr): New function.
* security.h (read_ea): Change declaration according to above changes.
(write_ea): Ditto.
* include/cygwin/version.h: Bump API minor version.
2008-02-10 23:43:04 +08:00
|
|
|
#define STATUS_EA_TOO_LARGE ((NTSTATUS) 0xc0000050)
|
|
|
|
#define STATUS_NONEXISTENT_EA_ENTRY ((NTSTATUS) 0xc0000051)
|
|
|
|
#define STATUS_NO_EAS_ON_FILE ((NTSTATUS) 0xc0000052)
|
2009-04-16 20:16:35 +08:00
|
|
|
#define STATUS_LOCK_NOT_GRANTED ((NTSTATUS) 0xc0000055)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_DELETE_PENDING ((NTSTATUS) 0xc0000056)
|
2011-04-01 16:41:26 +08:00
|
|
|
#define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS) 0xc000007a)
|
2007-10-15 16:25:38 +08:00
|
|
|
#define STATUS_DISK_FULL ((NTSTATUS) 0xc000007f)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_WORKING_SET_QUOTA ((NTSTATUS) 0xc00000a1)
|
2010-09-06 17:47:01 +08:00
|
|
|
#define STATUS_INSTANCE_NOT_AVAILABLE ((NTSTATUS) 0xc00000ab)
|
|
|
|
#define STATUS_PIPE_NOT_AVAILABLE ((NTSTATUS) 0xc00000ac)
|
|
|
|
#define STATUS_INVALID_PIPE_STATE ((NTSTATUS) 0xc00000ad)
|
|
|
|
#define STATUS_PIPE_BUSY ((NTSTATUS) 0xc00000ae)
|
2007-07-29 16:23:04 +08:00
|
|
|
#define STATUS_NOT_SUPPORTED ((NTSTATUS) 0xc00000bb)
|
2010-06-02 22:52:34 +08:00
|
|
|
#define STATUS_BAD_NETWORK_PATH ((NTSTATUS) 0xc00000be)
|
2010-01-29 19:20:06 +08:00
|
|
|
#define STATUS_INVALID_NETWORK_RESPONSE ((NTSTATUS) 0xc00000c3)
|
2010-06-02 22:52:34 +08:00
|
|
|
#define STATUS_BAD_NETWORK_NAME ((NTSTATUS) 0xc00000cc)
|
2007-07-29 20:27:22 +08:00
|
|
|
#define STATUS_DIRECTORY_NOT_EMPTY ((NTSTATUS) 0xc0000101)
|
2011-08-10 21:13:09 +08:00
|
|
|
#define STATUS_PROCESS_IS_TERMINATING ((NTSTATUS) 0xc000010a)
|
2009-01-08 02:18:23 +08:00
|
|
|
#define STATUS_CANNOT_DELETE ((NTSTATUS) 0xc0000121)
|
2007-07-28 00:24:07 +08:00
|
|
|
#define STATUS_INVALID_LEVEL ((NTSTATUS) 0xc0000148)
|
2008-04-21 20:46:58 +08:00
|
|
|
#define STATUS_DLL_NOT_FOUND ((NTSTATUS) 0xc0000135)
|
|
|
|
#define STATUS_ENTRYPOINT_NOT_FOUND ((NTSTATUS) 0xc0000139)
|
2011-08-09 17:14:28 +08:00
|
|
|
#define STATUS_NOT_FOUND ((NTSTATUS) 0xc0000225)
|
2008-04-21 20:46:58 +08:00
|
|
|
#define STATUS_BAD_DLL_ENTRYPOINT ((NTSTATUS) 0xc0000251)
|
|
|
|
#define STATUS_ILLEGAL_DLL_RELOCATION ((NTSTATUS) 0xc0000269)
|
2009-10-07 23:47:38 +08:00
|
|
|
/* custom status code: */
|
|
|
|
#define STATUS_ILLEGAL_DLL_PSEUDO_RELOCATION ((NTSTATUS) 0xe0000269)
|
2008-03-27 09:50:40 +08:00
|
|
|
|
2011-12-05 23:46:26 +08:00
|
|
|
#define NtCurrentProcess() ((HANDLE) 0xffffffff)
|
|
|
|
#define NtCurrentThread() ((HANDLE) 0xfffffffe)
|
2002-05-12 09:37:48 +08:00
|
|
|
|
2011-12-05 23:46:26 +08:00
|
|
|
/* CreateDisposition in NtCreateFile call. */
|
2007-08-12 20:48:02 +08:00
|
|
|
#define FILE_SUPERSEDED 0
|
|
|
|
#define FILE_OPENED 1
|
|
|
|
#define FILE_CREATED 2
|
|
|
|
#define FILE_OVERWRITTEN 3
|
|
|
|
#define FILE_EXISTS 4
|
|
|
|
#define FILE_DOES_NOT_EXIST 5
|
|
|
|
|
2011-12-05 23:46:26 +08:00
|
|
|
/* Relative file position values in NtWriteFile call. */
|
2007-10-15 16:25:38 +08:00
|
|
|
#define FILE_WRITE_TO_END_OF_FILE (-1LL)
|
|
|
|
#define FILE_USE_FILE_POINTER_POSITION (-2LL)
|
|
|
|
|
2007-08-01 20:55:25 +08:00
|
|
|
/* Device Characteristics. */
|
|
|
|
#define FILE_REMOVABLE_MEDIA 0x00000001
|
|
|
|
#define FILE_READ_ONLY_DEVICE 0x00000002
|
|
|
|
#define FILE_FLOPPY_DISKETTE 0x00000004
|
|
|
|
#define FILE_WRITE_ONCE_MEDIA 0x00000008
|
|
|
|
#define FILE_REMOTE_DEVICE 0x00000010
|
|
|
|
#define FILE_DEVICE_IS_MOUNTED 0x00000020
|
|
|
|
#define FILE_VIRTUAL_VOLUME 0x00000040
|
|
|
|
#define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
|
|
|
|
#define FILE_DEVICE_SECURE_OPEN 0x00000100
|
|
|
|
|
2011-12-05 23:46:26 +08:00
|
|
|
/* Allocation type values in NtMapViewOfSection call. */
|
|
|
|
#define AT_EXTENDABLE_FILE 0x00002000
|
|
|
|
#define AT_ROUND_TO_PAGE 0x40000000
|
|
|
|
|
|
|
|
/* Lock type in NtLockVirtualMemory/NtUnlockVirtualMemory call. */
|
|
|
|
#define MAP_PROCESS 1
|
|
|
|
#define MAP_SYSTEM 2
|
|
|
|
|
|
|
|
/* Directory access rights (only in NT namespace). */
|
|
|
|
#define DIRECTORY_QUERY 1
|
|
|
|
#define DIRECTORY_TRAVERSE 2
|
|
|
|
#define DIRECTORY_CREATE_OBJECT 4
|
|
|
|
#define DIRECTORY_CREATE_SUBDIRECTORY 8
|
|
|
|
#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|0x0f)
|
|
|
|
|
|
|
|
/* Symbolic link access rights (only in NT namespace). */
|
|
|
|
#define SYMBOLIC_LINK_QUERY 1
|
|
|
|
|
2008-05-16 00:34:01 +08:00
|
|
|
/* Transaction access rights. */
|
|
|
|
#define TRANSACTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x3F)
|
|
|
|
|
2011-12-05 23:46:26 +08:00
|
|
|
/* Event object access rights. */
|
|
|
|
#define EVENT_QUERY_STATE 1
|
|
|
|
|
|
|
|
/* Semaphore access rights. */
|
|
|
|
#define SEMAPHORE_QUERY_STATE 1
|
|
|
|
|
|
|
|
/* Specific ACCESS_MASKSs for objects created in Cygwin. */
|
|
|
|
#define CYG_SHARED_DIR_ACCESS (DIRECTORY_QUERY \
|
|
|
|
| DIRECTORY_TRAVERSE \
|
|
|
|
| DIRECTORY_CREATE_SUBDIRECTORY \
|
|
|
|
| DIRECTORY_CREATE_OBJECT \
|
|
|
|
| READ_CONTROL)
|
|
|
|
#define CYG_MUTANT_ACCESS (MUTANT_QUERY_STATE \
|
|
|
|
| SYNCHRONIZE \
|
|
|
|
| READ_CONTROL)
|
|
|
|
#define CYG_EVENT_ACCESS (EVENT_QUERY_STATE \
|
|
|
|
| EVENT_MODIFY_STATE \
|
|
|
|
| SYNCHRONIZE \
|
|
|
|
| READ_CONTROL)
|
|
|
|
#define CYG_SEMAPHORE_ACCESS (SEMAPHORE_QUERY_STATE \
|
|
|
|
| SEMAPHORE_MODIFY_STATE \
|
|
|
|
| SYNCHRONIZE \
|
|
|
|
| READ_CONTROL)
|
|
|
|
|
|
|
|
/* Definitions for first parameter of RtlQueryRegistryValues. */
|
|
|
|
#define RTL_REGISTRY_ABSOLUTE 0
|
|
|
|
#define RTL_REGISTRY_SERVICES 1
|
|
|
|
#define RTL_REGISTRY_CONTROL 2
|
|
|
|
#define RTL_REGISTRY_WINDOWS_NT 3
|
|
|
|
#define RTL_REGISTRY_DEVICEMAP 4
|
|
|
|
#define RTL_REGISTRY_USER 5
|
|
|
|
#define RTL_REGISTRY_HANDLE 0x40000000
|
|
|
|
#define RTL_REGISTRY_OPTIONAL 0x80000000
|
|
|
|
|
|
|
|
/* Flags values for QueryTable parameter of RtlQueryRegistryValues. */
|
|
|
|
#define RTL_QUERY_REGISTRY_SUBKEY 0x01
|
|
|
|
#define RTL_QUERY_REGISTRY_TOPKEY 0x02
|
|
|
|
#define RTL_QUERY_REGISTRY_REQUIRED 0x04
|
|
|
|
#define RTL_QUERY_REGISTRY_NOVALUE 0x08
|
|
|
|
#define RTL_QUERY_REGISTRY_NOEXPAND 0x10
|
|
|
|
#define RTL_QUERY_REGISTRY_DIRECT 0x20
|
|
|
|
#define RTL_QUERY_REGISTRY_DELETE 0x40
|
|
|
|
#define RTL_QUERY_REGISTRY_NOSTRING 0x80
|
|
|
|
|
|
|
|
/* What RtlQueryProcessDebugInformation shall return. */
|
|
|
|
#define PDI_MODULES 0x01
|
|
|
|
#define PDI_HEAPS 0x04
|
|
|
|
#define PDI_HEAP_BLOCKS 0x10
|
|
|
|
|
|
|
|
/* VM working set list protection values. Returned by NtQueryVirtualMemory. */
|
|
|
|
#define WSLE_PAGE_READONLY 0x001
|
|
|
|
#define WSLE_PAGE_EXECUTE 0x002
|
|
|
|
#define WSLE_PAGE_EXECUTE_READ 0x003
|
|
|
|
#define WSLE_PAGE_READWRITE 0x004
|
|
|
|
#define WSLE_PAGE_WRITECOPY 0x005
|
|
|
|
#define WSLE_PAGE_EXECUTE_READWRITE 0x006
|
|
|
|
#define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
|
|
|
|
#define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
|
|
|
|
#define WSLE_PAGE_SHAREABLE 0x100
|
|
|
|
|
|
|
|
/* Known debug heap flags */
|
|
|
|
#define HEAP_FLAG_NOSERIALIZE 0x1
|
|
|
|
#define HEAP_FLAG_GROWABLE 0x2
|
|
|
|
#define HEAP_FLAG_EXCEPTIONS 0x4
|
|
|
|
#define HEAP_FLAG_NONDEFAULT 0x1000
|
|
|
|
#define HEAP_FLAG_SHAREABLE 0x8000
|
|
|
|
#define HEAP_FLAG_EXECUTABLE 0x40000
|
|
|
|
#define HEAP_FLAG_DEBUGGED 0x40000000
|
|
|
|
|
|
|
|
/* IOCTL code to impersonate client of named pipe. */
|
|
|
|
#define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, \
|
|
|
|
METHOD_BUFFERED, FILE_ANY_ACCESS)
|
|
|
|
|
2006-01-25 13:57:20 +08:00
|
|
|
typedef enum _FILE_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
FileDirectoryInformation = 1,
|
|
|
|
FileFullDirectoryInformation, // 2
|
|
|
|
FileBothDirectoryInformation, // 3
|
|
|
|
FileBasicInformation, // 4 wdm
|
|
|
|
FileStandardInformation, // 5 wdm
|
|
|
|
FileInternalInformation, // 6
|
|
|
|
FileEaInformation, // 7
|
|
|
|
FileAccessInformation, // 8
|
|
|
|
FileNameInformation, // 9
|
|
|
|
FileRenameInformation, // 10
|
|
|
|
FileLinkInformation, // 11
|
|
|
|
FileNamesInformation, // 12
|
|
|
|
FileDispositionInformation, // 13
|
|
|
|
FilePositionInformation, // 14 wdm
|
|
|
|
FileFullEaInformation, // 15
|
|
|
|
FileModeInformation, // 16
|
|
|
|
FileAlignmentInformation, // 17
|
|
|
|
FileAllInformation, // 18
|
|
|
|
FileAllocationInformation, // 19
|
|
|
|
FileEndOfFileInformation, // 20 wdm
|
|
|
|
FileAlternateNameInformation, // 21
|
|
|
|
FileStreamInformation, // 22
|
|
|
|
FilePipeInformation, // 23
|
|
|
|
FilePipeLocalInformation, // 24
|
|
|
|
FilePipeRemoteInformation, // 25
|
|
|
|
FileMailslotQueryInformation, // 26
|
|
|
|
FileMailslotSetInformation, // 27
|
|
|
|
FileCompressionInformation, // 28
|
|
|
|
FileObjectIdInformation, // 29
|
|
|
|
FileCompletionInformation, // 30
|
|
|
|
FileMoveClusterInformation, // 31
|
|
|
|
FileQuotaInformation, // 32
|
|
|
|
FileReparsePointInformation, // 33
|
|
|
|
FileNetworkOpenInformation, // 34
|
|
|
|
FileAttributeTagInformation, // 35
|
|
|
|
FileTrackingInformation, // 36
|
|
|
|
FileIdBothDirectoryInformation, // 37
|
|
|
|
FileIdFullDirectoryInformation, // 38
|
|
|
|
FileValidDataLengthInformation, // 39
|
|
|
|
FileShortNameInformation, // 40
|
|
|
|
FileMaximumInformation
|
|
|
|
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
|
|
|
|
|
2007-03-03 04:04:26 +08:00
|
|
|
typedef struct _FILE_NAMES_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
ULONG FileIndex;
|
|
|
|
ULONG FileNameLength;
|
|
|
|
WCHAR FileName[1];
|
|
|
|
} FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
|
|
|
|
|
2007-07-27 01:30:54 +08:00
|
|
|
typedef struct _FILE_DIRECTORY_INFORMATION {
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
ULONG FileIndex;
|
|
|
|
LARGE_INTEGER CreationTime;
|
|
|
|
LARGE_INTEGER LastAccessTime;
|
|
|
|
LARGE_INTEGER LastWriteTime;
|
|
|
|
LARGE_INTEGER ChangeTime;
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
LARGE_INTEGER AllocationSize;
|
|
|
|
ULONG FileAttributes;
|
|
|
|
ULONG FileNameLength;
|
|
|
|
WCHAR FileName[1];
|
|
|
|
} FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
|
|
|
|
|
2010-01-29 19:20:06 +08:00
|
|
|
typedef struct _FILE_BOTH_DIRECTORY_INFORMATION
|
2006-01-25 13:57:20 +08:00
|
|
|
{
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
ULONG FileIndex;
|
|
|
|
LARGE_INTEGER CreationTime;
|
|
|
|
LARGE_INTEGER LastAccessTime;
|
|
|
|
LARGE_INTEGER LastWriteTime;
|
|
|
|
LARGE_INTEGER ChangeTime;
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
LARGE_INTEGER AllocationSize;
|
|
|
|
ULONG FileAttributes;
|
|
|
|
ULONG FileNameLength;
|
|
|
|
ULONG EaSize;
|
|
|
|
CCHAR ShortNameLength;
|
|
|
|
WCHAR ShortName[12];
|
|
|
|
WCHAR FileName[1];
|
2010-01-29 19:20:06 +08:00
|
|
|
} FILE_BOTH_DIRECTORY_INFORMATION, *PFILE_BOTH_DIRECTORY_INFORMATION;
|
2006-01-25 13:57:20 +08:00
|
|
|
|
|
|
|
typedef struct _FILE_ID_BOTH_DIR_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
ULONG FileIndex;
|
|
|
|
LARGE_INTEGER CreationTime;
|
|
|
|
LARGE_INTEGER LastAccessTime;
|
|
|
|
LARGE_INTEGER LastWriteTime;
|
|
|
|
LARGE_INTEGER ChangeTime;
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
LARGE_INTEGER AllocationSize;
|
|
|
|
ULONG FileAttributes;
|
|
|
|
ULONG FileNameLength;
|
|
|
|
ULONG EaSize;
|
|
|
|
CCHAR ShortNameLength;
|
|
|
|
WCHAR ShortName[12];
|
|
|
|
LARGE_INTEGER FileId;
|
|
|
|
WCHAR FileName[1];
|
|
|
|
} FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
|
|
|
|
|
2002-05-12 09:37:48 +08:00
|
|
|
typedef ULONG KAFFINITY;
|
2000-11-02 13:25:56 +08:00
|
|
|
|
|
|
|
typedef enum _SYSTEM_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
SystemBasicInformation = 0,
|
2002-05-12 09:37:48 +08:00
|
|
|
SystemPerformanceInformation = 2,
|
|
|
|
SystemTimeOfDayInformation = 3,
|
2000-11-02 13:25:56 +08:00
|
|
|
SystemProcessesAndThreadsInformation = 5,
|
2002-05-12 09:37:48 +08:00
|
|
|
SystemProcessorTimes = 8,
|
2011-05-29 02:17:09 +08:00
|
|
|
SystemHandleInformation = 16,
|
2004-03-18 20:28:47 +08:00
|
|
|
SystemPagefileInformation = 18,
|
2000-11-02 13:25:56 +08:00
|
|
|
/* There are a lot more of these... */
|
2000-10-25 02:44:56 +08:00
|
|
|
} SYSTEM_INFORMATION_CLASS;
|
|
|
|
|
2000-11-02 13:25:56 +08:00
|
|
|
typedef struct _SYSTEM_BASIC_INFORMATION
|
|
|
|
{
|
2000-10-25 02:44:56 +08:00
|
|
|
ULONG Unknown;
|
|
|
|
ULONG MaximumIncrement;
|
|
|
|
ULONG PhysicalPageSize;
|
|
|
|
ULONG NumberOfPhysicalPages;
|
|
|
|
ULONG LowestPhysicalPage;
|
|
|
|
ULONG HighestPhysicalPage;
|
|
|
|
ULONG AllocationGranularity;
|
|
|
|
ULONG LowestUserAddress;
|
|
|
|
ULONG HighestUserAddress;
|
|
|
|
ULONG ActiveProcessors;
|
2002-05-12 09:37:48 +08:00
|
|
|
UCHAR NumberProcessors;
|
2000-10-25 02:44:56 +08:00
|
|
|
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
|
|
|
|
|
2004-03-18 20:28:47 +08:00
|
|
|
typedef struct _SYSTEM_PAGEFILE_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
ULONG CurrentSize;
|
|
|
|
ULONG TotalUsed;
|
|
|
|
ULONG PeakUsed;
|
|
|
|
UNICODE_STRING FileName;
|
|
|
|
} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
|
|
|
|
|
2002-07-06 05:58:49 +08:00
|
|
|
typedef struct __attribute__ ((aligned (8))) _SYSTEM_PROCESSOR_TIMES
|
2002-05-12 09:37:48 +08:00
|
|
|
{
|
|
|
|
LARGE_INTEGER IdleTime;
|
|
|
|
LARGE_INTEGER KernelTime;
|
|
|
|
LARGE_INTEGER UserTime;
|
|
|
|
LARGE_INTEGER DpcTime;
|
|
|
|
LARGE_INTEGER InterruptTime;
|
|
|
|
ULONG InterruptCount;
|
|
|
|
} SYSTEM_PROCESSOR_TIMES, *PSYSTEM_PROCESSOR_TIMES;
|
|
|
|
|
2000-11-02 13:25:56 +08:00
|
|
|
typedef LONG KPRIORITY;
|
|
|
|
typedef struct _VM_COUNTERS
|
|
|
|
{
|
|
|
|
ULONG PeakVirtualSize;
|
|
|
|
ULONG VirtualSize;
|
|
|
|
ULONG PageFaultCount;
|
|
|
|
ULONG PeakWorkingSetSize;
|
|
|
|
ULONG WorkingSetSize;
|
|
|
|
ULONG QuotaPeakPagedPoolUsage;
|
|
|
|
ULONG QuotaPagedPoolUsage;
|
|
|
|
ULONG QuotaPeakNonPagedPoolUsage;
|
|
|
|
ULONG QuotaNonPagedPoolUsage;
|
|
|
|
ULONG PagefileUsage;
|
|
|
|
ULONG PeakPagefileUsage;
|
|
|
|
} VM_COUNTERS, *PVM_COUNTERS;
|
|
|
|
|
|
|
|
typedef struct _CLIENT_ID
|
|
|
|
{
|
|
|
|
HANDLE UniqueProcess;
|
|
|
|
HANDLE UniqueThread;
|
|
|
|
} CLIENT_ID, *PCLIENT_ID;
|
|
|
|
|
|
|
|
typedef enum
|
|
|
|
{
|
|
|
|
StateInitialized,
|
|
|
|
StateReady,
|
|
|
|
StateRunning,
|
|
|
|
StateStandby,
|
|
|
|
StateTerminated,
|
|
|
|
StateWait,
|
|
|
|
StateTransition,
|
|
|
|
StateUnknown,
|
|
|
|
} THREAD_STATE;
|
2000-10-25 02:44:56 +08:00
|
|
|
|
2000-11-02 13:25:56 +08:00
|
|
|
typedef enum
|
|
|
|
{
|
|
|
|
Executive,
|
|
|
|
FreePage,
|
|
|
|
PageIn,
|
|
|
|
PoolAllocation,
|
|
|
|
DelayExecution,
|
|
|
|
Suspended,
|
|
|
|
UserRequest,
|
|
|
|
WrExecutive,
|
|
|
|
WrFreePage,
|
|
|
|
WrPageIn,
|
|
|
|
WrPoolAllocation,
|
|
|
|
WrDelayExecution,
|
|
|
|
WrSuspended,
|
|
|
|
WrUserRequest,
|
|
|
|
WrEventPair,
|
|
|
|
WrQueue,
|
|
|
|
WrLpcReceive,
|
|
|
|
WrLpcReply,
|
|
|
|
WrVirtualMemory,
|
|
|
|
WrPageOut,
|
|
|
|
WrRendezvous,
|
|
|
|
Spare2,
|
|
|
|
Spare3,
|
|
|
|
Spare4,
|
|
|
|
Spare5,
|
|
|
|
Spare6,
|
|
|
|
WrKernel,
|
|
|
|
MaximumWaitReason
|
|
|
|
} KWAIT_REASON;
|
|
|
|
|
|
|
|
typedef struct _SYSTEM_THREADS
|
|
|
|
{
|
|
|
|
LARGE_INTEGER KernelTime;
|
|
|
|
LARGE_INTEGER UserTime;
|
|
|
|
LARGE_INTEGER CreateTime;
|
|
|
|
ULONG WaitTime;
|
|
|
|
PVOID StartAddress;
|
|
|
|
CLIENT_ID ClientId;
|
|
|
|
KPRIORITY Priority;
|
|
|
|
KPRIORITY BasePriority;
|
|
|
|
ULONG ContextSwitchCount;
|
|
|
|
THREAD_STATE State;
|
|
|
|
KWAIT_REASON WaitReason;
|
2002-05-12 09:37:48 +08:00
|
|
|
DWORD Reserved;
|
2000-11-02 13:25:56 +08:00
|
|
|
} SYSTEM_THREADS, *PSYSTEM_THREADS;
|
|
|
|
|
|
|
|
typedef struct _SYSTEM_PROCESSES
|
|
|
|
{
|
|
|
|
ULONG NextEntryDelta;
|
2002-05-12 09:37:48 +08:00
|
|
|
ULONG ThreadCount;
|
2000-11-02 13:25:56 +08:00
|
|
|
ULONG Reserved1[6];
|
|
|
|
LARGE_INTEGER CreateTime;
|
|
|
|
LARGE_INTEGER UserTime;
|
|
|
|
LARGE_INTEGER KernelTime;
|
|
|
|
UNICODE_STRING ProcessName;
|
|
|
|
KPRIORITY BasePriority;
|
|
|
|
ULONG ProcessId;
|
|
|
|
ULONG InheritedFromProcessId;
|
|
|
|
ULONG HandleCount;
|
|
|
|
ULONG Reserved2[2];
|
|
|
|
VM_COUNTERS VmCounters;
|
|
|
|
IO_COUNTERS IoCounters;
|
|
|
|
SYSTEM_THREADS Threads[1];
|
|
|
|
} SYSTEM_PROCESSES, *PSYSTEM_PROCESSES;
|
|
|
|
|
2001-10-16 22:53:26 +08:00
|
|
|
typedef struct _IO_STATUS_BLOCK
|
|
|
|
{
|
|
|
|
NTSTATUS Status;
|
|
|
|
ULONG Information;
|
|
|
|
} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
|
|
|
|
|
2002-05-12 09:37:48 +08:00
|
|
|
typedef struct _SYSTEM_PERFORMANCE_INFORMATION
|
|
|
|
{
|
|
|
|
LARGE_INTEGER IdleTime;
|
|
|
|
LARGE_INTEGER ReadTransferCount;
|
|
|
|
LARGE_INTEGER WriteTransferCount;
|
|
|
|
LARGE_INTEGER OtherTransferCount;
|
|
|
|
ULONG ReadOperationCount;
|
|
|
|
ULONG WriteOperationCount;
|
|
|
|
ULONG OtherOperationCount;
|
|
|
|
ULONG AvailablePages;
|
|
|
|
ULONG TotalCommittedPages;
|
|
|
|
ULONG TotalCommitLimit;
|
|
|
|
ULONG PeakCommitment;
|
|
|
|
ULONG PageFaults;
|
|
|
|
ULONG WriteCopyFaults;
|
|
|
|
ULONG TransitionFaults;
|
|
|
|
ULONG Reserved1;
|
|
|
|
ULONG DemandZeroFaults;
|
|
|
|
ULONG PagesRead;
|
|
|
|
ULONG PageReadIos;
|
|
|
|
ULONG Reserved2[2];
|
|
|
|
ULONG PagefilePagesWritten;
|
|
|
|
ULONG PagefilePageWriteIos;
|
|
|
|
ULONG MappedFilePagesWritten;
|
|
|
|
ULONG MappedFilePageWriteIos;
|
|
|
|
ULONG PagedPoolUsage;
|
|
|
|
ULONG NonPagedPoolUsage;
|
|
|
|
ULONG PagedPoolAllocs;
|
|
|
|
ULONG PagedPoolFrees;
|
|
|
|
ULONG NonPagedPoolAllocs;
|
|
|
|
ULONG NonPagedPoolFrees;
|
|
|
|
ULONG TotalFreeSystemPtes;
|
|
|
|
ULONG SystemCodePage;
|
|
|
|
ULONG TotalSystemDriverPages;
|
|
|
|
ULONG TotalSystemCodePages;
|
|
|
|
ULONG SmallNonPagedLookasideListAllocateHits;
|
|
|
|
ULONG SmallPagedLookasideListAllocateHits;
|
|
|
|
ULONG Reserved3;
|
|
|
|
ULONG MmSystemCachePage;
|
|
|
|
ULONG PagedPoolPage;
|
|
|
|
ULONG SystemDriverPage;
|
|
|
|
ULONG FastReadNoWait;
|
|
|
|
ULONG FastReadWait;
|
|
|
|
ULONG FastReadResourceMiss;
|
|
|
|
ULONG FastReadNotPossible;
|
|
|
|
ULONG FastMdlReadNoWait;
|
|
|
|
ULONG FastMdlReadWait;
|
|
|
|
ULONG FastMdlReadResourceMiss;
|
|
|
|
ULONG FastMdlReadNotPossible;
|
|
|
|
ULONG MapDataNoWait;
|
|
|
|
ULONG MapDataWait;
|
|
|
|
ULONG MapDataNoWaitMiss;
|
|
|
|
ULONG MapDataWaitMiss;
|
|
|
|
ULONG PinMappedDataCount;
|
|
|
|
ULONG PinReadNoWait;
|
|
|
|
ULONG PinReadWait;
|
|
|
|
ULONG PinReadNoWaitMiss;
|
|
|
|
ULONG PinReadWaitMiss;
|
|
|
|
ULONG CopyReadNoWait;
|
|
|
|
ULONG CopyReadWait;
|
|
|
|
ULONG CopyReadNoWaitMiss;
|
|
|
|
ULONG CopyReadWaitMiss;
|
|
|
|
ULONG MdlReadNoWait;
|
|
|
|
ULONG MdlReadWait;
|
|
|
|
ULONG MdlReadNoWaitMiss;
|
|
|
|
ULONG MdlReadWaitMiss;
|
|
|
|
ULONG ReadAheadIos;
|
|
|
|
ULONG LazyWriteIos;
|
|
|
|
ULONG LazyWritePages;
|
|
|
|
ULONG DataFlushes;
|
|
|
|
ULONG DataPages;
|
|
|
|
ULONG ContextSwitches;
|
|
|
|
ULONG FirstLevelTbFills;
|
|
|
|
ULONG SecondLevelTbFills;
|
|
|
|
ULONG SystemCalls;
|
|
|
|
} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
|
|
|
|
|
2002-07-06 05:58:49 +08:00
|
|
|
typedef struct __attribute__ ((aligned(8))) _SYSTEM_TIME_OF_DAY_INFORMATION
|
2002-05-12 09:37:48 +08:00
|
|
|
{
|
|
|
|
LARGE_INTEGER BootTime;
|
|
|
|
LARGE_INTEGER CurrentTime;
|
|
|
|
LARGE_INTEGER TimeZoneBias;
|
|
|
|
ULONG CurrentTimeZoneId;
|
|
|
|
} SYSTEM_TIME_OF_DAY_INFORMATION, *PSYSTEM_TIME_OF_DAY_INFORMATION;
|
|
|
|
|
|
|
|
typedef enum _PROCESSINFOCLASS
|
|
|
|
{
|
|
|
|
ProcessBasicInformation = 0,
|
|
|
|
ProcessQuotaLimits = 1,
|
|
|
|
ProcessVmCounters = 3,
|
2008-04-21 20:46:58 +08:00
|
|
|
ProcessTimes = 4,
|
|
|
|
ProcessSessionInformation = 24,
|
2009-07-13 05:15:47 +08:00
|
|
|
ProcessWow64Information = 26
|
2002-05-12 09:37:48 +08:00
|
|
|
} PROCESSINFOCLASS;
|
|
|
|
|
|
|
|
typedef struct _DEBUG_BUFFER
|
|
|
|
{
|
|
|
|
HANDLE SectionHandle;
|
|
|
|
PVOID SectionBase;
|
|
|
|
PVOID RemoteSectionBase;
|
|
|
|
ULONG SectionBaseDelta;
|
|
|
|
HANDLE EventPairHandle;
|
|
|
|
ULONG Unknown[2];
|
|
|
|
HANDLE RemoteThreadHandle;
|
|
|
|
ULONG InfoClassMask;
|
|
|
|
ULONG SizeOfInfo;
|
|
|
|
ULONG AllocatedSize;
|
|
|
|
ULONG SectionSize;
|
|
|
|
PVOID ModuleInformation;
|
|
|
|
PVOID BackTraceInformation;
|
|
|
|
PVOID HeapInformation;
|
|
|
|
PVOID LockInformation;
|
|
|
|
PVOID Reserved[9];
|
|
|
|
} DEBUG_BUFFER, *PDEBUG_BUFFER;
|
|
|
|
|
|
|
|
typedef struct _DEBUG_HEAP_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG Base;
|
|
|
|
ULONG Flags;
|
|
|
|
USHORT Granularity;
|
|
|
|
USHORT Unknown;
|
|
|
|
ULONG Allocated;
|
|
|
|
ULONG Committed;
|
|
|
|
ULONG TagCount;
|
|
|
|
ULONG BlockCount;
|
|
|
|
ULONG Reserved[7];
|
|
|
|
PVOID Tags;
|
|
|
|
PVOID Blocks;
|
|
|
|
} DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
|
|
|
|
|
2011-05-13 14:50:20 +08:00
|
|
|
typedef struct _DEBUG_HEAP_ARRAY
|
|
|
|
{
|
|
|
|
ULONG Count;
|
|
|
|
DEBUG_HEAP_INFORMATION Heaps[1];
|
|
|
|
} DEBUG_HEAP_ARRAY, *PDEBUG_HEAP_ARRAY;
|
|
|
|
|
|
|
|
typedef struct _DEBUG_HEAP_BLOCK
|
|
|
|
{
|
|
|
|
ULONG Size;
|
|
|
|
ULONG Flags;
|
|
|
|
ULONG Committed;
|
|
|
|
ULONG Address;
|
|
|
|
} DEBUG_HEAP_BLOCK, *PDEBUG_HEAP_BLOCK;
|
|
|
|
|
2002-05-12 09:37:48 +08:00
|
|
|
typedef struct _DEBUG_MODULE_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG Reserved[2];
|
|
|
|
ULONG Base;
|
|
|
|
ULONG Size;
|
|
|
|
ULONG Flags;
|
|
|
|
USHORT Index;
|
|
|
|
USHORT Unknown;
|
|
|
|
USHORT LoadCount;
|
|
|
|
USHORT ModuleNameOffset;
|
|
|
|
CHAR ImageName[256];
|
|
|
|
} DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
|
|
|
|
|
2011-05-11 21:25:27 +08:00
|
|
|
typedef struct _DEBUG_MODULE_ARRAY
|
|
|
|
{
|
|
|
|
ULONG Count;
|
|
|
|
DEBUG_MODULE_INFORMATION Modules[1];
|
|
|
|
} DEBUG_MODULE_ARRAY, *PDEBUG_MODULE_ARRAY;
|
|
|
|
|
2002-05-12 09:37:48 +08:00
|
|
|
typedef struct _KERNEL_USER_TIMES
|
|
|
|
{
|
|
|
|
LARGE_INTEGER CreateTime;
|
|
|
|
LARGE_INTEGER ExitTime;
|
|
|
|
LARGE_INTEGER KernelTime;
|
|
|
|
LARGE_INTEGER UserTime;
|
|
|
|
} KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
|
|
|
|
|
2011-08-17 04:08:34 +08:00
|
|
|
typedef struct _LDR_DATA_TABLE_ENTRY
|
|
|
|
{
|
|
|
|
LIST_ENTRY InLoadOrderLinks;
|
|
|
|
LIST_ENTRY InMemoryOrderLinks;
|
|
|
|
LIST_ENTRY InInitializationOrderLinks;
|
|
|
|
PVOID DllBase;
|
|
|
|
PVOID EntryPoint;
|
|
|
|
ULONG SizeOfImage;
|
|
|
|
UNICODE_STRING FullDllName;
|
|
|
|
UNICODE_STRING BaseDllName;
|
|
|
|
ULONG Flags;
|
|
|
|
WORD LoadCount;
|
|
|
|
/* More follows. Left out since it's just not used. The aforementioned
|
|
|
|
part of the structure is stable from at least NT4 up to Windows 7,
|
|
|
|
including WOW64. */
|
|
|
|
} LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
|
|
|
|
|
|
|
|
typedef struct _PEB_LDR_DATA
|
|
|
|
{
|
|
|
|
ULONG Length;
|
|
|
|
UCHAR Initialized;
|
|
|
|
PVOID SsHandle;
|
|
|
|
LIST_ENTRY InLoadOrderModuleList;
|
|
|
|
LIST_ENTRY InMemoryOrderModuleList;
|
|
|
|
LIST_ENTRY InInitializationOrderModuleList;
|
|
|
|
PVOID EntryInProgress;
|
|
|
|
} PEB_LDR_DATA, *PPEB_LDR_DATA;
|
|
|
|
|
2007-01-17 02:01:06 +08:00
|
|
|
typedef struct _RTL_USER_PROCESS_PARAMETERS
|
|
|
|
{
|
|
|
|
ULONG AllocationSize;
|
|
|
|
ULONG Size;
|
|
|
|
ULONG Flags;
|
|
|
|
ULONG DebugFlags;
|
|
|
|
HANDLE hConsole;
|
|
|
|
ULONG ProcessGroup;
|
|
|
|
HANDLE hStdInput;
|
|
|
|
HANDLE hStdOutput;
|
|
|
|
HANDLE hStdError;
|
|
|
|
UNICODE_STRING CurrentDirectoryName;
|
|
|
|
HANDLE CurrentDirectoryHandle;
|
|
|
|
UNICODE_STRING DllPath;
|
|
|
|
UNICODE_STRING ImagePathName;
|
|
|
|
UNICODE_STRING CommandLine;
|
|
|
|
PWSTR Environment;
|
|
|
|
ULONG dwX;
|
|
|
|
ULONG dwY;
|
|
|
|
ULONG dwXSize;
|
|
|
|
ULONG dwYSize;
|
|
|
|
ULONG dwXCountChars;
|
|
|
|
ULONG dwYCountChars;
|
|
|
|
ULONG dwFillAttribute;
|
|
|
|
ULONG dwFlags;
|
|
|
|
ULONG wShowWindow;
|
|
|
|
UNICODE_STRING WindowTitle;
|
|
|
|
UNICODE_STRING DesktopInfo;
|
|
|
|
UNICODE_STRING ShellInfo;
|
|
|
|
UNICODE_STRING RuntimeInfo;
|
|
|
|
} RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
|
|
|
|
|
|
|
|
typedef struct _PEB
|
|
|
|
{
|
|
|
|
BYTE Reserved1[2];
|
|
|
|
BYTE BeingDebugged;
|
|
|
|
BYTE Reserved2[9];
|
2011-08-17 04:08:34 +08:00
|
|
|
PPEB_LDR_DATA Ldr;
|
2007-01-17 02:01:06 +08:00
|
|
|
PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
|
2010-10-09 18:54:13 +08:00
|
|
|
BYTE Reserved3[4];
|
|
|
|
PVOID ProcessHeap;
|
|
|
|
PRTL_CRITICAL_SECTION FastPebLock;
|
|
|
|
BYTE Reserved4[436];
|
2007-01-17 02:01:06 +08:00
|
|
|
ULONG SessionId;
|
|
|
|
} PEB, *PPEB;
|
2002-05-12 09:37:48 +08:00
|
|
|
|
2011-05-20 15:23:11 +08:00
|
|
|
/* Simplified definition, just to get stuff we're interested in. */
|
2007-10-24 00:26:28 +08:00
|
|
|
typedef struct _TEB
|
|
|
|
{
|
2011-05-16 02:49:40 +08:00
|
|
|
NT_TIB Tib;
|
|
|
|
PVOID EnvironmentPointer;
|
|
|
|
CLIENT_ID ClientId;
|
|
|
|
PVOID ActiveRpcHandle;
|
|
|
|
PVOID ThreadLocalStoragePointer;
|
|
|
|
PPEB Peb;
|
2011-05-20 15:23:11 +08:00
|
|
|
ULONG LastErrorValue;
|
|
|
|
ULONG CountOfOwnedCriticalSections;
|
|
|
|
PVOID _reserved1[2];
|
|
|
|
ULONG _reserved2[31];
|
|
|
|
PVOID WOW32Reserved;
|
|
|
|
ULONG CurrentLocale;
|
|
|
|
ULONG FpSoftwareStatusRegister;
|
|
|
|
PVOID SystemReserved1[54];
|
|
|
|
LONG ExceptionCode;
|
|
|
|
PVOID ActivationContextStackPointer;
|
|
|
|
UCHAR SpareBytes1[36];
|
|
|
|
ULONG TxFsContext;
|
|
|
|
ULONG GdiTebBatch[312];
|
|
|
|
CLIENT_ID RealClientId;
|
|
|
|
PVOID GdiCachedProcessHandle;
|
|
|
|
ULONG GdiClientPID;
|
|
|
|
ULONG GdiClientTID;
|
|
|
|
PVOID GdiThreadLocalInfo;
|
|
|
|
ULONG Win32ClientInfo[62];
|
|
|
|
PVOID glDispatchTable[233];
|
|
|
|
ULONG glReserved1[29];
|
|
|
|
PVOID glReserved2[6];
|
|
|
|
ULONG LastStatusValue;
|
|
|
|
UNICODE_STRING StaticUnicodeString;
|
|
|
|
WCHAR StaticUnicodeBuffer[261];
|
|
|
|
PVOID DeallocationStack;
|
2007-10-24 00:26:28 +08:00
|
|
|
/* A lot more follows... */
|
|
|
|
} TEB, *PTEB;
|
|
|
|
|
2011-03-29 18:21:30 +08:00
|
|
|
typedef struct _KSYSTEM_TIME
|
|
|
|
{
|
|
|
|
ULONG LowPart;
|
|
|
|
LONG High1Time;
|
|
|
|
LONG High2Time;
|
|
|
|
} KSYSTEM_TIME, *PKSYSTEM_TIME;
|
|
|
|
|
2010-10-09 18:54:13 +08:00
|
|
|
typedef struct _KUSER_SHARED_DATA
|
|
|
|
{
|
2011-03-29 18:21:30 +08:00
|
|
|
BYTE Reserved1[0x08];
|
|
|
|
KSYSTEM_TIME InterruptTime;
|
|
|
|
BYTE Reserved2[0x2c8];
|
2010-10-09 18:54:13 +08:00
|
|
|
ULONG DismountCount;
|
|
|
|
/* A lot more follows... */
|
|
|
|
} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
|
|
|
|
|
2002-05-12 09:37:48 +08:00
|
|
|
typedef struct _PROCESS_BASIC_INFORMATION
|
|
|
|
{
|
|
|
|
NTSTATUS ExitStatus;
|
|
|
|
PPEB PebBaseAddress;
|
|
|
|
KAFFINITY AffinityMask;
|
|
|
|
KPRIORITY BasePriority;
|
|
|
|
ULONG UniqueProcessId;
|
|
|
|
ULONG InheritedFromUniqueProcessId;
|
|
|
|
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
|
|
|
|
|
2008-04-21 20:46:58 +08:00
|
|
|
typedef struct _PROCESS_SESSION_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG SessionId;
|
|
|
|
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
|
|
|
|
|
2002-05-12 09:37:48 +08:00
|
|
|
typedef enum _MEMORY_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
MemoryBasicInformation,
|
|
|
|
MemoryWorkingSetList,
|
|
|
|
MemorySectionName,
|
2003-01-13 11:55:00 +08:00
|
|
|
MemoryBasicVlmInformation
|
2002-05-12 09:37:48 +08:00
|
|
|
} MEMORY_INFORMATION_CLASS;
|
|
|
|
|
2002-05-28 09:55:40 +08:00
|
|
|
typedef struct _MEMORY_WORKING_SET_LIST
|
|
|
|
{
|
2002-05-12 09:37:48 +08:00
|
|
|
ULONG NumberOfPages;
|
|
|
|
ULONG WorkingSetList[1];
|
|
|
|
} MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
|
|
|
|
|
2011-05-11 18:31:22 +08:00
|
|
|
typedef struct _MEMORY_SECTION_NAME
|
|
|
|
{
|
|
|
|
UNICODE_STRING SectionFileName;
|
|
|
|
} MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
|
|
|
|
|
2005-04-12 22:26:31 +08:00
|
|
|
typedef struct _FILE_BASIC_INFORMATION {
|
|
|
|
LARGE_INTEGER CreationTime;
|
|
|
|
LARGE_INTEGER LastAccessTime;
|
|
|
|
LARGE_INTEGER LastWriteTime;
|
|
|
|
LARGE_INTEGER ChangeTime;
|
|
|
|
ULONG FileAttributes;
|
|
|
|
} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
|
|
|
|
|
|
|
|
typedef struct _FILE_STANDARD_INFORMATION {
|
|
|
|
LARGE_INTEGER AllocationSize;
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
ULONG NumberOfLinks;
|
|
|
|
BOOLEAN DeletePending;
|
|
|
|
BOOLEAN Directory;
|
|
|
|
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
|
|
|
|
|
2007-07-20 01:22:34 +08:00
|
|
|
typedef struct _FILE_NETWORK_OPEN_INFORMATION {
|
|
|
|
LARGE_INTEGER CreationTime;
|
|
|
|
LARGE_INTEGER LastAccessTime;
|
|
|
|
LARGE_INTEGER LastWriteTime;
|
|
|
|
LARGE_INTEGER ChangeTime;
|
|
|
|
LARGE_INTEGER AllocationSize;
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
ULONG FileAttributes;
|
|
|
|
} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
|
|
|
|
|
2005-04-12 22:26:31 +08:00
|
|
|
typedef struct _FILE_INTERNAL_INFORMATION {
|
2006-01-28 05:50:42 +08:00
|
|
|
LARGE_INTEGER FileId;
|
2005-04-12 22:26:31 +08:00
|
|
|
} FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
|
|
|
|
|
|
|
|
typedef struct _FILE_EA_INFORMATION {
|
|
|
|
ULONG EaSize;
|
|
|
|
} FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
|
|
|
|
|
|
|
|
typedef struct _FILE_ACCESS_INFORMATION {
|
|
|
|
ACCESS_MASK AccessFlags;
|
|
|
|
} FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
|
|
|
|
|
2006-12-08 01:40:24 +08:00
|
|
|
typedef struct _FILE_DISPOSITION_INFORMATION {
|
|
|
|
BOOLEAN DeleteFile;
|
|
|
|
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
|
|
|
|
|
2005-05-02 11:50:11 +08:00
|
|
|
typedef struct _FILE_POSITION_INFORMATION {
|
|
|
|
LARGE_INTEGER CurrentByteOffset;
|
|
|
|
} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
|
2005-04-12 22:26:31 +08:00
|
|
|
|
2006-08-08 03:29:14 +08:00
|
|
|
typedef struct _FILE_END_OF_FILE_INFORMATION {
|
|
|
|
LARGE_INTEGER EndOfFile;
|
|
|
|
} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
|
|
|
|
|
2005-04-12 22:26:31 +08:00
|
|
|
typedef struct _FILE_MODE_INFORMATION {
|
|
|
|
ULONG Mode;
|
|
|
|
} FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
|
|
|
|
|
|
|
|
typedef struct _FILE_ALIGNMENT_INFORMATION {
|
|
|
|
ULONG AlignmentRequirement;
|
|
|
|
} FILE_ALIGNMENT_INFORMATION;
|
|
|
|
|
2005-05-02 11:50:11 +08:00
|
|
|
typedef struct _FILE_NAME_INFORMATION {
|
|
|
|
ULONG FileNameLength;
|
|
|
|
WCHAR FileName[1];
|
|
|
|
} FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
|
2005-04-12 22:26:31 +08:00
|
|
|
|
2007-07-28 00:24:07 +08:00
|
|
|
typedef struct _FILE_LINK_INFORMATION {
|
|
|
|
BOOLEAN ReplaceIfExists;
|
|
|
|
HANDLE RootDirectory;
|
|
|
|
ULONG FileNameLength;
|
|
|
|
WCHAR FileName[1];
|
|
|
|
} FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
|
|
|
|
|
2006-12-11 00:43:30 +08:00
|
|
|
typedef struct _FILE_RENAME_INFORMATION {
|
|
|
|
BOOLEAN ReplaceIfExists;
|
|
|
|
HANDLE RootDirectory;
|
|
|
|
ULONG FileNameLength;
|
|
|
|
WCHAR FileName[1];
|
|
|
|
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
|
|
|
|
|
2005-04-12 22:26:31 +08:00
|
|
|
typedef struct _FILE_ALL_INFORMATION {
|
|
|
|
FILE_BASIC_INFORMATION BasicInformation;
|
|
|
|
FILE_STANDARD_INFORMATION StandardInformation;
|
|
|
|
FILE_INTERNAL_INFORMATION InternalInformation;
|
|
|
|
FILE_EA_INFORMATION EaInformation;
|
|
|
|
FILE_ACCESS_INFORMATION AccessInformation;
|
|
|
|
FILE_POSITION_INFORMATION PositionInformation;
|
|
|
|
FILE_MODE_INFORMATION ModeInformation;
|
|
|
|
FILE_ALIGNMENT_INFORMATION AlignmentInformation;
|
|
|
|
FILE_NAME_INFORMATION NameInformation;
|
|
|
|
} FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
|
2002-05-28 09:55:40 +08:00
|
|
|
|
2011-06-04 09:06:17 +08:00
|
|
|
enum
|
|
|
|
{
|
|
|
|
FILE_PIPE_DISCONNECTED_STATE = 1,
|
|
|
|
FILE_PIPE_LISTENING_STATE = 2,
|
|
|
|
FILE_PIPE_CONNECTED_STATE = 3,
|
|
|
|
FILE_PIPE_CLOSING_STATE = 4
|
|
|
|
};
|
|
|
|
|
2004-09-03 09:32:02 +08:00
|
|
|
typedef struct _FILE_PIPE_LOCAL_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG NamedPipeType;
|
|
|
|
ULONG NamedPipeConfiguration;
|
|
|
|
ULONG MaximumInstances;
|
|
|
|
ULONG CurrentInstances;
|
|
|
|
ULONG InboundQuota;
|
|
|
|
ULONG ReadDataAvailable;
|
|
|
|
ULONG OutboundQuota;
|
|
|
|
ULONG WriteQuotaAvailable;
|
|
|
|
ULONG NamedPipeState;
|
|
|
|
ULONG NamedPipeEnd;
|
|
|
|
} FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
|
|
|
|
|
2004-04-06 18:19:31 +08:00
|
|
|
typedef struct _FILE_COMPRESSION_INFORMATION
|
|
|
|
{
|
2007-09-27 17:35:06 +08:00
|
|
|
LARGE_INTEGER CompressedFileSize;
|
2004-04-06 18:19:31 +08:00
|
|
|
USHORT CompressionFormat;
|
|
|
|
UCHAR CompressionUnitShift;
|
2007-09-27 17:35:06 +08:00
|
|
|
UCHAR ChunkShift;
|
|
|
|
UCHAR ClusterShift;
|
|
|
|
UCHAR Reserved[3];
|
2004-04-06 18:19:31 +08:00
|
|
|
} FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
|
|
|
|
|
2007-08-01 20:55:25 +08:00
|
|
|
typedef struct _FILE_FS_DEVICE_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG DeviceType;
|
|
|
|
ULONG Characteristics;
|
|
|
|
} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
|
|
|
|
|
2007-02-27 20:58:56 +08:00
|
|
|
typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG FileSystemAttributes;
|
|
|
|
ULONG MaximumComponentNameLength;
|
|
|
|
ULONG FileSystemNameLength;
|
|
|
|
WCHAR FileSystemName[1];
|
|
|
|
} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
|
|
|
|
|
2010-09-10 18:04:28 +08:00
|
|
|
#pragma pack(push,4)
|
2005-04-12 22:26:31 +08:00
|
|
|
typedef struct _FILE_FS_VOLUME_INFORMATION
|
|
|
|
{
|
|
|
|
LARGE_INTEGER VolumeCreationTime;
|
|
|
|
ULONG VolumeSerialNumber;
|
|
|
|
ULONG VolumeLabelLength;
|
|
|
|
BOOLEAN SupportsObjects;
|
2010-09-10 18:04:28 +08:00
|
|
|
BOOLEAN __dummy;
|
2005-04-12 22:26:31 +08:00
|
|
|
WCHAR VolumeLabel[1];
|
|
|
|
} FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
|
2010-09-10 18:04:28 +08:00
|
|
|
#pragma pack(pop)
|
2005-04-12 22:26:31 +08:00
|
|
|
|
2006-03-24 22:52:08 +08:00
|
|
|
typedef struct _FILE_FS_SIZE_INFORMATION
|
2005-04-12 22:26:31 +08:00
|
|
|
{
|
2006-03-24 22:52:08 +08:00
|
|
|
LARGE_INTEGER TotalAllocationUnits;
|
|
|
|
LARGE_INTEGER AvailableAllocationUnits;
|
|
|
|
ULONG SectorsPerAllocationUnit;
|
|
|
|
ULONG BytesPerSector;
|
|
|
|
} FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
|
|
|
|
|
2007-02-27 20:58:56 +08:00
|
|
|
typedef struct _FILE_FS_FULL_SIZE_INFORMATION
|
|
|
|
{
|
|
|
|
LARGE_INTEGER TotalAllocationUnits;
|
|
|
|
LARGE_INTEGER CallerAvailableAllocationUnits;
|
|
|
|
LARGE_INTEGER ActualAvailableAllocationUnits;
|
|
|
|
ULONG SectorsPerAllocationUnit;
|
|
|
|
ULONG BytesPerSector;
|
|
|
|
} FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
|
|
|
|
|
2008-01-23 01:43:22 +08:00
|
|
|
typedef struct _FILE_FS_OBJECTID_INFORMATION {
|
|
|
|
UCHAR ObjectId[16];
|
|
|
|
UCHAR ExtendedInfo[48];
|
|
|
|
} FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
|
|
|
|
|
2006-03-24 22:52:08 +08:00
|
|
|
typedef enum _FSINFOCLASS {
|
|
|
|
FileFsVolumeInformation = 1,
|
|
|
|
FileFsLabelInformation,
|
|
|
|
FileFsSizeInformation,
|
|
|
|
FileFsDeviceInformation,
|
|
|
|
FileFsAttributeInformation,
|
|
|
|
FileFsControlInformation,
|
|
|
|
FileFsFullSizeInformation,
|
|
|
|
FileFsObjectIdInformation,
|
|
|
|
FileFsDriverPathInformation,
|
|
|
|
FileFsMaximumInformation
|
2005-04-12 22:26:31 +08:00
|
|
|
} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
|
|
|
|
|
2002-05-28 09:55:40 +08:00
|
|
|
typedef enum _OBJECT_INFORMATION_CLASS
|
|
|
|
{
|
2004-04-06 18:19:31 +08:00
|
|
|
ObjectBasicInformation = 0,
|
|
|
|
ObjectNameInformation = 1,
|
|
|
|
ObjectHandleInformation = 4
|
2002-05-28 09:55:40 +08:00
|
|
|
// and many more
|
|
|
|
} OBJECT_INFORMATION_CLASS;
|
|
|
|
|
2008-03-24 22:48:58 +08:00
|
|
|
typedef struct _OBJECT_BASIC_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG Attributes;
|
|
|
|
ACCESS_MASK GrantedAccess;
|
|
|
|
ULONG HandleCount;
|
|
|
|
ULONG PointerCount;
|
|
|
|
ULONG PagedPoolUsage;
|
|
|
|
ULONG NonPagedPoolUsage;
|
|
|
|
ULONG Reserved[3];
|
|
|
|
ULONG NameInformationLength;
|
|
|
|
ULONG TypeInformationLength;
|
|
|
|
ULONG SecurityDescriptorLength;
|
|
|
|
LARGE_INTEGER CreateTime;
|
|
|
|
} OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
|
|
|
|
|
2002-05-28 09:55:40 +08:00
|
|
|
typedef struct _OBJECT_NAME_INFORMATION
|
|
|
|
{
|
|
|
|
UNICODE_STRING Name;
|
|
|
|
} OBJECT_NAME_INFORMATION;
|
|
|
|
|
2006-03-09 17:01:08 +08:00
|
|
|
typedef struct _DIRECTORY_BASIC_INFORMATION
|
|
|
|
{
|
|
|
|
UNICODE_STRING ObjectName;
|
|
|
|
UNICODE_STRING ObjectTypeName;
|
|
|
|
} DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
|
|
|
|
|
2006-07-04 02:30:08 +08:00
|
|
|
typedef struct _FILE_GET_EA_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
UCHAR EaNameLength;
|
|
|
|
CHAR EaName[1];
|
|
|
|
} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
|
|
|
|
|
|
|
|
typedef struct _FILE_FULL_EA_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG NextEntryOffset;
|
|
|
|
UCHAR Flags;
|
|
|
|
UCHAR EaNameLength;
|
|
|
|
USHORT EaValueLength;
|
|
|
|
CHAR EaName[1];
|
|
|
|
} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
|
|
|
|
|
2007-08-13 23:08:25 +08:00
|
|
|
typedef struct _FILE_MAILSLOT_SET_INFORMATION
|
|
|
|
{
|
|
|
|
LARGE_INTEGER ReadTimeout;
|
|
|
|
} FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
|
|
|
|
|
2007-08-12 20:48:02 +08:00
|
|
|
typedef VOID NTAPI (*PIO_APC_ROUTINE)(PVOID, PIO_STATUS_BLOCK, ULONG);
|
|
|
|
|
2008-03-24 22:48:58 +08:00
|
|
|
typedef enum _EVENT_TYPE
|
|
|
|
{
|
|
|
|
NotificationEvent = 0,
|
|
|
|
SynchronizationEvent
|
|
|
|
} EVENT_TYPE, *PEVENT_TYPE;
|
|
|
|
|
2008-04-01 02:03:25 +08:00
|
|
|
typedef struct _EVENT_BASIC_INFORMATION
|
|
|
|
{
|
|
|
|
EVENT_TYPE EventType;
|
|
|
|
LONG SignalState;
|
|
|
|
} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
|
|
|
|
|
|
|
|
typedef enum _EVENT_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
EventBasicInformation = 0
|
|
|
|
} EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS;
|
|
|
|
|
2011-04-01 00:08:01 +08:00
|
|
|
typedef enum _THREAD_INFORMATION_CLASS
|
|
|
|
{
|
2011-05-03 09:13:37 +08:00
|
|
|
ThreadBasicInformation = 0,
|
2011-05-18 01:08:10 +08:00
|
|
|
ThreadTimes = 1,
|
2011-04-01 00:08:01 +08:00
|
|
|
ThreadImpersonationToken = 5
|
|
|
|
} THREAD_INFORMATION_CLASS, *PTHREAD_INFORMATION_CLASS;
|
|
|
|
|
2011-05-03 09:13:37 +08:00
|
|
|
typedef struct _THREAD_BASIC_INFORMATION {
|
|
|
|
NTSTATUS ExitStatus;
|
|
|
|
PNT_TIB TebBaseAddress;
|
|
|
|
CLIENT_ID ClientId;
|
|
|
|
KAFFINITY AffinityMask;
|
|
|
|
KPRIORITY Priority;
|
|
|
|
KPRIORITY BasePriority;
|
|
|
|
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
|
|
|
|
|
2011-08-04 00:40:48 +08:00
|
|
|
typedef enum _TIMER_INFORMATION_CLASS {
|
|
|
|
TimerBasicInformation = 0
|
|
|
|
} TIMER_INFORMATION_CLASS, *PTIMER_INFORMATION_CLASS;
|
|
|
|
|
|
|
|
typedef struct _TIMER_BASIC_INFORMATION {
|
|
|
|
LARGE_INTEGER TimeRemaining;
|
|
|
|
BOOLEAN SignalState;
|
|
|
|
} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
|
|
|
|
|
2011-04-01 00:08:01 +08:00
|
|
|
typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE)
|
|
|
|
(PWSTR, ULONG, PVOID, ULONG, PVOID, PVOID);
|
|
|
|
|
|
|
|
typedef struct _RTL_QUERY_REGISTRY_TABLE
|
|
|
|
{
|
|
|
|
PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
|
|
|
|
ULONG Flags;
|
|
|
|
PCWSTR Name;
|
|
|
|
PVOID EntryContext;
|
|
|
|
ULONG DefaultType;
|
|
|
|
PVOID DefaultData;
|
|
|
|
ULONG DefaultLength;
|
|
|
|
} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
|
|
|
|
|
|
|
|
typedef enum _KEY_VALUE_INFORMATION_CLASS
|
|
|
|
{
|
|
|
|
KeyValueBasicInformation = 0,
|
|
|
|
KeyValueFullInformation,
|
|
|
|
KeyValuePartialInformation
|
|
|
|
} KEY_VALUE_INFORMATION_CLASS, *PKEY_VALUE_INFORMATION_CLASS;
|
2011-06-06 13:02:13 +08:00
|
|
|
|
2011-04-01 00:08:01 +08:00
|
|
|
typedef struct _KEY_VALUE_PARTIAL_INFORMATION
|
|
|
|
{
|
|
|
|
ULONG TitleIndex;
|
|
|
|
ULONG Type;
|
|
|
|
ULONG DataLength;
|
|
|
|
UCHAR Data[1];
|
|
|
|
} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
|
|
|
|
|
2011-04-28 20:13:41 +08:00
|
|
|
typedef enum _TIMER_TYPE
|
|
|
|
{
|
|
|
|
NotificationTimer,
|
|
|
|
SynchronisationTimer
|
|
|
|
} TIMER_TYPE, *PTIMER_TYPE;
|
|
|
|
|
|
|
|
typedef VOID (APIENTRY *PTIMER_APC_ROUTINE)(PVOID, ULONG, ULONG);
|
|
|
|
|
2000-11-02 13:25:56 +08:00
|
|
|
/* Function declarations for ntdll.dll. These don't appear in any
|
|
|
|
standard Win32 header. */
|
2009-12-19 04:32:04 +08:00
|
|
|
|
2011-04-01 00:08:01 +08:00
|
|
|
#ifdef __cplusplus
|
2011-03-29 18:21:30 +08:00
|
|
|
/* This is the mapping of the KUSER_SHARED_DATA structure into the 32 bit
|
|
|
|
user address space. We need it here to access the current DismountCount. */
|
|
|
|
static KUSER_SHARED_DATA &SharedUserData
|
|
|
|
= *(volatile PKUSER_SHARED_DATA) 0x7ffe0000;
|
|
|
|
|
2000-11-02 13:25:56 +08:00
|
|
|
extern "C"
|
|
|
|
{
|
2011-04-01 00:08:01 +08:00
|
|
|
#endif
|
|
|
|
NTSTATUS NTAPI NtAccessCheck (PSECURITY_DESCRIPTOR, HANDLE, ACCESS_MASK,
|
|
|
|
PGENERIC_MAPPING, PPRIVILEGE_SET, PULONG,
|
|
|
|
PACCESS_MASK, PNTSTATUS);
|
2007-07-19 16:33:22 +08:00
|
|
|
NTSTATUS NTAPI NtAdjustPrivilegesToken (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES,
|
|
|
|
ULONG, PTOKEN_PRIVILEGES, PULONG);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtAllocateLocallyUniqueId (PLUID);
|
2011-03-29 18:42:11 +08:00
|
|
|
NTSTATUS NTAPI NtAllocateUuids (PLARGE_INTEGER, PULONG, PULONG, PUCHAR);
|
2011-04-28 20:13:41 +08:00
|
|
|
NTSTATUS NTAPI NtCancelTimer (HANDLE, PBOOLEAN);
|
2006-03-09 17:01:08 +08:00
|
|
|
NTSTATUS NTAPI NtClose (HANDLE);
|
2008-05-16 00:34:01 +08:00
|
|
|
NTSTATUS NTAPI NtCommitTransaction (HANDLE, BOOLEAN);
|
2008-03-24 22:48:58 +08:00
|
|
|
NTSTATUS NTAPI NtCreateDirectoryObject (PHANDLE, ACCESS_MASK,
|
|
|
|
POBJECT_ATTRIBUTES);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtCreateKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG,
|
|
|
|
PUNICODE_STRING, ULONG, PULONG);
|
2008-03-24 22:48:58 +08:00
|
|
|
NTSTATUS NTAPI NtCreateEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
2008-11-27 01:21:04 +08:00
|
|
|
EVENT_TYPE, BOOLEAN);
|
2004-04-17 05:22:13 +08:00
|
|
|
NTSTATUS NTAPI NtCreateFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG,
|
|
|
|
ULONG, ULONG, PVOID, ULONG);
|
2007-08-13 23:08:25 +08:00
|
|
|
NTSTATUS NTAPI NtCreateMailslotFile(PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
PIO_STATUS_BLOCK, ULONG, ULONG, ULONG,
|
|
|
|
PLARGE_INTEGER);
|
2008-03-24 22:48:58 +08:00
|
|
|
NTSTATUS NTAPI NtCreateMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
BOOLEAN);
|
2005-11-29 06:32:29 +08:00
|
|
|
NTSTATUS NTAPI NtCreateSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
2008-02-16 01:53:11 +08:00
|
|
|
PLARGE_INTEGER, ULONG, ULONG, HANDLE);
|
2008-04-21 20:46:58 +08:00
|
|
|
NTSTATUS NTAPI NtCreateSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
LONG, LONG);
|
2011-04-28 20:13:41 +08:00
|
|
|
NTSTATUS NTAPI NtCreateTimer (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
TIMER_TYPE);
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
NTSTATUS NTAPI NtCreateToken (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
2001-09-08 05:32:07 +08:00
|
|
|
TOKEN_TYPE, PLUID, PLARGE_INTEGER, PTOKEN_USER,
|
|
|
|
PTOKEN_GROUPS, PTOKEN_PRIVILEGES, PTOKEN_OWNER,
|
|
|
|
PTOKEN_PRIMARY_GROUP, PTOKEN_DEFAULT_DACL,
|
|
|
|
PTOKEN_SOURCE);
|
2008-05-16 00:34:01 +08:00
|
|
|
NTSTATUS NTAPI NtCreateTransaction (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
LPGUID, HANDLE, ULONG, ULONG, ULONG,
|
|
|
|
PLARGE_INTEGER, PUNICODE_STRING);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtDuplicateToken (HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
BOOLEAN, TOKEN_TYPE, PHANDLE);
|
2007-08-12 20:48:02 +08:00
|
|
|
NTSTATUS NTAPI NtFsControlFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
|
2007-07-27 01:30:54 +08:00
|
|
|
PIO_STATUS_BLOCK, ULONG, PVOID, ULONG,
|
|
|
|
PVOID, ULONG);
|
2011-04-02 19:43:43 +08:00
|
|
|
NTSTATUS NTAPI NtFlushBuffersFile (HANDLE, PIO_STATUS_BLOCK);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtLoadKey (POBJECT_ATTRIBUTES, POBJECT_ATTRIBUTES);
|
2005-10-19 02:51:33 +08:00
|
|
|
NTSTATUS NTAPI NtLockVirtualMemory (HANDLE, PVOID *, ULONG *, ULONG);
|
2000-11-02 13:25:56 +08:00
|
|
|
NTSTATUS NTAPI NtMapViewOfSection (HANDLE, HANDLE, PVOID *, ULONG, ULONG,
|
|
|
|
PLARGE_INTEGER, PULONG, SECTION_INHERIT,
|
|
|
|
ULONG, ULONG);
|
2007-08-21 20:37:40 +08:00
|
|
|
NTSTATUS NTAPI NtNotifyChangeDirectoryFile (HANDLE, HANDLE, PIO_APC_ROUTINE,
|
2008-02-16 01:53:11 +08:00
|
|
|
PVOID, PIO_STATUS_BLOCK,
|
2007-08-21 20:37:40 +08:00
|
|
|
PFILE_NOTIFY_INFORMATION, ULONG,
|
|
|
|
ULONG, BOOLEAN);
|
2006-03-09 17:01:08 +08:00
|
|
|
NTSTATUS NTAPI NtOpenDirectoryObject (PHANDLE, ACCESS_MASK,
|
2008-02-16 01:53:11 +08:00
|
|
|
POBJECT_ATTRIBUTES);
|
2008-03-24 22:48:58 +08:00
|
|
|
NTSTATUS NTAPI NtOpenEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
|
2001-10-16 22:53:26 +08:00
|
|
|
NTSTATUS NTAPI NtOpenFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
|
|
|
|
PIO_STATUS_BLOCK, ULONG, ULONG);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtOpenKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
|
2008-03-24 22:48:58 +08:00
|
|
|
NTSTATUS NTAPI NtOpenMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtOpenProcessToken (HANDLE, ACCESS_MASK, PHANDLE);
|
|
|
|
NTSTATUS NTAPI NtOpenThreadToken (HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
|
* autoload.cc: Add load statements for `LookupAccountNameW',
`LsaClose', `LsaEnumerateAccountRights', `LsaFreeMemory',
`LsaOpenPolicy', `LsaQueryInformationPolicy', `NetLocalGroupEnum',
`NetLocalGroupGetMembers', `NetServerEnum', `NetUserGetGroups' and
`NtCreateToken'.
* ntdll.h: Add declaration for `NtCreateToken'.
* sec_helper.cc: Add `well_known_local_sid', `well_known_dialup_sid',
`well_known_network_sid', `well_known_batch_sid',
`well_known_interactive_sid', `well_known_service_sid' and
`well_known_authenticated_users_sid'.
(cygsid::string): Define as const method.
(cygsid::get_sid): Set psid to NO_SID on error.
(cygsid::getfromstr): Ditto.
(cygsid::getfrompw): Simplify.
(cygsid::getfromgr): Check for gr == NULL.
(legal_sid_type): Move to security.h.
(set_process_privilege): Return -1 on error, otherwise 0 or 1 related
to previous privilege setting.
* security.cc (extract_nt_dom_user): Remove `static'.
(lsa2wchar): New function.
(open_local_policy): Ditto.
(close_local_policy): Ditto.
(get_lsa_srv_inf): Ditto.
(get_logon_server): Ditto.
(get_logon_server_and_user_domain): Ditto.
(get_user_groups): Ditto.
(is_group_member): Ditto.
(get_user_local_groups): Ditto.
(sid_in_token_groups): Ditto.
(get_user_primary_group): Ditto.
(get_group_sidlist): Ditto.
(get_system_priv_list): Ditto.
(get_priv_list): Ditto.
(get_dacl): Ditto.
(create_token): Ditto.
(subauth): Return immediately if SE_TCB_NAME can't be assigned.
Change all return statements in case of error to jumps to `out'
label. Add `out' label to support cleanup.
* security.h: Add extern declarations for `well_known_local_sid',
`well_known_dialup_sid', `well_known_network_sid',
`well_known_batch_sid', `well_known_interactive_sid',
`well_known_service_sid' and `well_known_authenticated_users_sid'.
Add extern declarations for functions `create_token',
`extract_nt_dom_user' and `get_logon_server_and_user_domain'.
(class cygsid): Add method `assign'. Change operator= to call new
`assign' method. Add `debug_print' method.
(class cygsidlist): New class.
(legal_sid_type): Moved from sec_helper.cc to here.
* spawn.cc (spawn_guts) Revert reversion of previous patch.
Call `RevertToSelf' and `ImpersonateLoggedOnUser' instead of `seteuid'
again.
* syscalls.cc (seteuid): Rearranged. Call `create_token' now when
needed. Call `subauth' if `create_token' fails. Try setting token
owner and primary group only if token was not explicitely created
by `create_token'.
* uinfo.cc (internal_getlogin): Try harder to generate correct user
information. Especially don't trust return value of `GetUserName'.
2001-05-20 16:10:47 +08:00
|
|
|
NTSTATUS NTAPI NtOpenSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
|
2008-04-21 20:46:58 +08:00
|
|
|
NTSTATUS NTAPI NtOpenSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
|
2010-09-06 17:47:01 +08:00
|
|
|
NTSTATUS NTAPI NtOpenSymbolicLinkObject (PHANDLE, ACCESS_MASK,
|
|
|
|
POBJECT_ATTRIBUTES);
|
2007-08-21 20:37:40 +08:00
|
|
|
/* WARNING! Don't rely on the timestamp information returned by
|
|
|
|
NtQueryAttributesFile. Only the DOS file attribute info is reliable. */
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtPrivilegeCheck (HANDLE, PPRIVILEGE_SET, PBOOLEAN);
|
2007-08-21 20:37:40 +08:00
|
|
|
NTSTATUS NTAPI NtQueryAttributesFile (POBJECT_ATTRIBUTES,
|
|
|
|
PFILE_BASIC_INFORMATION);
|
2006-03-09 17:01:08 +08:00
|
|
|
NTSTATUS NTAPI NtQueryDirectoryFile(HANDLE, HANDLE, PVOID, PVOID,
|
|
|
|
PIO_STATUS_BLOCK, PVOID, ULONG,
|
|
|
|
FILE_INFORMATION_CLASS, BOOLEAN,
|
|
|
|
PUNICODE_STRING, BOOLEAN);
|
|
|
|
NTSTATUS NTAPI NtQueryDirectoryObject (HANDLE, PVOID, ULONG, BOOLEAN,
|
2008-02-16 01:53:11 +08:00
|
|
|
BOOLEAN, PULONG, PULONG);
|
2006-07-04 02:30:08 +08:00
|
|
|
NTSTATUS NTAPI NtQueryEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
|
|
|
|
BOOLEAN, PVOID, ULONG, PULONG, BOOLEAN);
|
2008-04-01 02:03:25 +08:00
|
|
|
NTSTATUS NTAPI NtQueryEvent (HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG,
|
|
|
|
PULONG);
|
2007-07-20 01:22:34 +08:00
|
|
|
NTSTATUS NTAPI NtQueryFullAttributesFile (POBJECT_ATTRIBUTES,
|
|
|
|
PFILE_NETWORK_OPEN_INFORMATION);
|
2005-04-12 22:26:31 +08:00
|
|
|
NTSTATUS NTAPI NtQueryInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID,
|
2004-09-03 09:32:02 +08:00
|
|
|
ULONG, FILE_INFORMATION_CLASS);
|
2002-05-30 15:45:30 +08:00
|
|
|
NTSTATUS NTAPI NtQueryInformationProcess (HANDLE, PROCESSINFOCLASS,
|
2003-03-10 04:31:07 +08:00
|
|
|
PVOID, ULONG, PULONG);
|
2011-05-03 09:13:37 +08:00
|
|
|
NTSTATUS NTAPI NtQueryInformationThread (HANDLE, THREAD_INFORMATION_CLASS,
|
|
|
|
PVOID, ULONG, PULONG);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtQueryInformationToken (HANDLE, TOKEN_INFORMATION_CLASS,
|
|
|
|
PVOID, ULONG, PULONG);
|
2002-05-30 15:45:30 +08:00
|
|
|
NTSTATUS NTAPI NtQueryObject (HANDLE, OBJECT_INFORMATION_CLASS, VOID *,
|
2003-03-10 04:31:07 +08:00
|
|
|
ULONG, ULONG *);
|
2000-11-02 13:25:56 +08:00
|
|
|
NTSTATUS NTAPI NtQuerySystemInformation (SYSTEM_INFORMATION_CLASS,
|
|
|
|
PVOID, ULONG, PULONG);
|
2010-03-16 05:29:15 +08:00
|
|
|
NTSTATUS WINAPI NtQuerySystemTime (PLARGE_INTEGER);
|
2004-04-13 20:14:59 +08:00
|
|
|
NTSTATUS NTAPI NtQuerySecurityObject (HANDLE, SECURITY_INFORMATION,
|
2008-02-16 01:53:11 +08:00
|
|
|
PSECURITY_DESCRIPTOR, ULONG, PULONG);
|
2010-09-06 17:47:01 +08:00
|
|
|
NTSTATUS NTAPI NtQuerySymbolicLinkObject (HANDLE, PUNICODE_STRING, PULONG);
|
2011-08-04 00:40:48 +08:00
|
|
|
NTSTATUS NTAPI NtQueryTimer (HANDLE, TIMER_INFORMATION_CLASS, PVOID,
|
|
|
|
ULONG, PULONG);
|
2011-03-29 18:21:30 +08:00
|
|
|
NTSTATUS NTAPI NtQueryTimerResolution (PULONG, PULONG, PULONG);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtQueryValueKey (HANDLE, PUNICODE_STRING,
|
|
|
|
KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG,
|
|
|
|
PULONG);
|
2002-05-30 15:45:30 +08:00
|
|
|
NTSTATUS NTAPI NtQueryVirtualMemory (HANDLE, PVOID, MEMORY_INFORMATION_CLASS,
|
2003-03-10 04:31:07 +08:00
|
|
|
PVOID, ULONG, PULONG);
|
2005-04-12 22:26:31 +08:00
|
|
|
NTSTATUS NTAPI NtQueryVolumeInformationFile (HANDLE, IO_STATUS_BLOCK *,
|
|
|
|
VOID *, ULONG,
|
|
|
|
FS_INFORMATION_CLASS);
|
2007-08-15 23:17:05 +08:00
|
|
|
NTSTATUS NTAPI NtReadFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
|
|
|
|
PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER,
|
|
|
|
PULONG);
|
2008-05-16 00:34:01 +08:00
|
|
|
NTSTATUS NTAPI NtRollbackTransaction (HANDLE, BOOLEAN);
|
2006-07-04 02:30:08 +08:00
|
|
|
NTSTATUS NTAPI NtSetEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG);
|
2011-08-28 04:01:29 +08:00
|
|
|
NTSTATUS NTAPI NtSetEvent (HANDLE, PULONG);
|
2006-08-08 03:29:14 +08:00
|
|
|
NTSTATUS NTAPI NtSetInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
|
|
|
|
FILE_INFORMATION_CLASS);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtSetInformationThread (HANDLE, THREAD_INFORMATION_CLASS,
|
|
|
|
PVOID, ULONG);
|
|
|
|
NTSTATUS NTAPI NtSetInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, PVOID,
|
|
|
|
ULONG);
|
2004-04-14 18:20:26 +08:00
|
|
|
NTSTATUS NTAPI NtSetSecurityObject (HANDLE, SECURITY_INFORMATION,
|
|
|
|
PSECURITY_DESCRIPTOR);
|
2011-04-28 20:13:41 +08:00
|
|
|
NTSTATUS NTAPI NtSetTimer (HANDLE, PLARGE_INTEGER, PTIMER_APC_ROUTINE, PVOID,
|
|
|
|
BOOLEAN, LONG, PBOOLEAN);
|
2011-03-29 18:21:30 +08:00
|
|
|
NTSTATUS NTAPI NtSetTimerResolution (ULONG, BOOLEAN, PULONG);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI NtSetValueKey (HANDLE, PUNICODE_STRING, ULONG, ULONG, PVOID,
|
|
|
|
ULONG);
|
2005-10-19 02:51:33 +08:00
|
|
|
NTSTATUS NTAPI NtUnlockVirtualMemory (HANDLE, PVOID *, ULONG *, ULONG);
|
2000-11-02 13:25:56 +08:00
|
|
|
NTSTATUS NTAPI NtUnmapViewOfSection (HANDLE, PVOID);
|
2007-08-12 20:48:02 +08:00
|
|
|
NTSTATUS NTAPI NtWriteFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
|
|
|
|
PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER,
|
|
|
|
PULONG);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR,
|
|
|
|
PSECURITY_DESCRIPTOR, PULONG);
|
2010-10-09 18:54:13 +08:00
|
|
|
VOID NTAPI RtlAcquirePebLock ();
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlAddAccessAllowedAce (PACL, ULONG, ACCESS_MASK, PSID);
|
|
|
|
NTSTATUS NTAPI RtlAddAccessDeniedAce (PACL, ULONG, ACCESS_MASK, PSID);
|
|
|
|
NTSTATUS NTAPI RtlAddAce (PACL, ULONG, ULONG, PVOID, ULONG);
|
2010-10-09 18:54:13 +08:00
|
|
|
PVOID NTAPI RtlAllocateHeap (PVOID, ULONG, SIZE_T);
|
2007-07-27 01:30:54 +08:00
|
|
|
NTSTATUS NTAPI RtlAppendUnicodeToString (PUNICODE_STRING, PCWSTR);
|
|
|
|
NTSTATUS NTAPI RtlAppendUnicodeStringToString (PUNICODE_STRING,
|
|
|
|
PUNICODE_STRING);
|
2007-01-17 02:01:06 +08:00
|
|
|
NTSTATUS NTAPI RtlAnsiStringToUnicodeString (PUNICODE_STRING, PANSI_STRING,
|
|
|
|
BOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlCheckRegistryKey (ULONG, PCWSTR);
|
2007-07-27 01:30:54 +08:00
|
|
|
LONG NTAPI RtlCompareUnicodeString (PUNICODE_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
2007-08-09 18:32:25 +08:00
|
|
|
NTSTATUS NTAPI RtlConvertSidToUnicodeString (PUNICODE_STRING, PSID, BOOLEAN);
|
2011-04-28 15:27:51 +08:00
|
|
|
NTSTATUS NTAPI RtlConvertToAutoInheritSecurityObject (PSECURITY_DESCRIPTOR,
|
2011-06-06 13:02:13 +08:00
|
|
|
PSECURITY_DESCRIPTOR,
|
2011-04-28 15:27:51 +08:00
|
|
|
PSECURITY_DESCRIPTOR *,
|
|
|
|
GUID *, BOOLEAN,
|
|
|
|
PGENERIC_MAPPING);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlCopySid (ULONG, PSID, PSID);
|
2011-04-28 15:27:51 +08:00
|
|
|
VOID NTAPI RtlCopyUnicodeString (PUNICODE_STRING, PUNICODE_STRING);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlCreateAcl (PACL, ULONG, ULONG);
|
2011-05-11 21:25:27 +08:00
|
|
|
PDEBUG_BUFFER NTAPI RtlCreateQueryDebugBuffer (ULONG, BOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlCreateRegistryKey (ULONG, PCWSTR);
|
|
|
|
NTSTATUS NTAPI RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR, ULONG);
|
2007-08-16 18:41:45 +08:00
|
|
|
BOOLEAN NTAPI RtlCreateUnicodeStringFromAsciiz (PUNICODE_STRING, PCSTR);
|
2011-04-28 15:27:51 +08:00
|
|
|
NTSTATUS NTAPI RtlDeleteSecurityObject (PSECURITY_DESCRIPTOR *);
|
2011-05-11 21:25:27 +08:00
|
|
|
NTSTATUS NTAPI RtlDestroyQueryDebugBuffer (PDEBUG_BUFFER);
|
2007-12-12 20:12:24 +08:00
|
|
|
NTSTATUS NTAPI RtlDowncaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
2010-10-09 18:54:13 +08:00
|
|
|
NTSTATUS NTAPI RtlEnterCriticalSection (PRTL_CRITICAL_SECTION);
|
2011-04-01 00:08:01 +08:00
|
|
|
BOOLEAN NTAPI RtlEqualPrefixSid (PSID, PSID);
|
|
|
|
BOOLEAN NTAPI RtlEqualSid (PSID, PSID);
|
2007-07-27 01:30:54 +08:00
|
|
|
BOOLEAN NTAPI RtlEqualUnicodeString (PUNICODE_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
2007-08-01 04:48:17 +08:00
|
|
|
VOID NTAPI RtlFreeAnsiString (PANSI_STRING);
|
2010-10-09 18:54:13 +08:00
|
|
|
BOOLEAN NTAPI RtlFreeHeap (PVOID, ULONG, PVOID);
|
2007-08-01 04:48:17 +08:00
|
|
|
VOID NTAPI RtlFreeOemString (POEM_STRING);
|
2007-07-27 01:30:54 +08:00
|
|
|
VOID NTAPI RtlFreeUnicodeString (PUNICODE_STRING);
|
2011-04-01 00:08:01 +08:00
|
|
|
BOOLEAN NTAPI RtlFirstFreeAce (PACL, PVOID *);
|
|
|
|
NTSTATUS NTAPI RtlGetAce (PACL, ULONG, PVOID);
|
2011-04-28 15:27:51 +08:00
|
|
|
NTSTATUS NTAPI RtlGetControlSecurityDescriptor (PSECURITY_DESCRIPTOR,
|
|
|
|
PSECURITY_DESCRIPTOR_CONTROL,
|
|
|
|
PULONG);
|
2008-05-16 00:34:01 +08:00
|
|
|
HANDLE NTAPI RtlGetCurrentTransaction ();
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlGetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, PBOOLEAN,
|
|
|
|
PACL *, PBOOLEAN);
|
|
|
|
NTSTATUS NTAPI RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
|
2011-06-06 13:02:13 +08:00
|
|
|
PBOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
|
2011-06-06 13:02:13 +08:00
|
|
|
PBOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
PSID_IDENTIFIER_AUTHORITY NTAPI RtlIdentifierAuthoritySid (PSID);
|
2007-07-27 01:30:54 +08:00
|
|
|
VOID NTAPI RtlInitEmptyUnicodeString (PUNICODE_STRING, PCWSTR, USHORT);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlInitializeSid (PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
|
2000-11-02 13:25:56 +08:00
|
|
|
VOID NTAPI RtlInitUnicodeString (PUNICODE_STRING, PCWSTR);
|
2007-08-09 18:32:25 +08:00
|
|
|
NTSTATUS NTAPI RtlIntegerToUnicodeString (ULONG, ULONG, PUNICODE_STRING);
|
2006-03-09 17:01:08 +08:00
|
|
|
ULONG NTAPI RtlIsDosDeviceName_U (PCWSTR);
|
2010-10-09 18:54:13 +08:00
|
|
|
NTSTATUS NTAPI RtlLeaveCriticalSection (PRTL_CRITICAL_SECTION);
|
2011-04-28 15:27:51 +08:00
|
|
|
ULONG NTAPI RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR);
|
2011-04-01 00:08:01 +08:00
|
|
|
ULONG NTAPI RtlLengthSid (PSID);
|
2000-11-02 13:25:56 +08:00
|
|
|
ULONG NTAPI RtlNtStatusToDosError (NTSTATUS);
|
2007-01-17 02:01:06 +08:00
|
|
|
NTSTATUS NTAPI RtlOemStringToUnicodeString (PUNICODE_STRING, POEM_STRING,
|
|
|
|
BOOLEAN);
|
2007-07-31 23:20:00 +08:00
|
|
|
BOOLEAN NTAPI RtlPrefixUnicodeString (PUNICODE_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
2011-05-11 21:25:27 +08:00
|
|
|
NTSTATUS NTAPI RtlQueryProcessDebugInformation (ULONG, ULONG, PDEBUG_BUFFER);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlQueryRegistryValues (ULONG, PCWSTR,
|
|
|
|
PRTL_QUERY_REGISTRY_TABLE, PVOID,
|
|
|
|
PVOID);
|
2007-08-16 22:30:53 +08:00
|
|
|
VOID NTAPI RtlReleasePebLock ();
|
2007-07-27 01:30:54 +08:00
|
|
|
VOID NTAPI RtlSecondsSince1970ToTime (ULONG, PLARGE_INTEGER);
|
2010-08-28 01:58:45 +08:00
|
|
|
NTSTATUS NTAPI RtlSetCurrentDirectory_U (PUNICODE_STRING);
|
2008-05-16 00:34:01 +08:00
|
|
|
BOOLEAN NTAPI RtlSetCurrentTransaction (HANDLE);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlSetControlSecurityDescriptor (PSECURITY_DESCRIPTOR,
|
|
|
|
SECURITY_DESCRIPTOR_CONTROL,
|
|
|
|
SECURITY_DESCRIPTOR_CONTROL);
|
|
|
|
NTSTATUS NTAPI RtlSetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, BOOLEAN,
|
|
|
|
PACL, BOOLEAN);
|
|
|
|
NTSTATUS NTAPI RtlSetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID,
|
2011-06-06 13:02:13 +08:00
|
|
|
BOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlSetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID,
|
2011-06-06 13:02:13 +08:00
|
|
|
BOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
PUCHAR NTAPI RtlSubAuthorityCountSid (PSID);
|
|
|
|
PULONG NTAPI RtlSubAuthoritySid (PSID, ULONG);
|
2007-08-01 04:48:17 +08:00
|
|
|
NTSTATUS NTAPI RtlUnicodeStringToAnsiString (PANSI_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
|
|
|
NTSTATUS NTAPI RtlUnicodeStringToOemString (PANSI_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
2007-08-16 18:41:45 +08:00
|
|
|
WCHAR NTAPI RtlUpcaseUnicodeChar (WCHAR);
|
2007-12-12 20:12:24 +08:00
|
|
|
NTSTATUS NTAPI RtlUpcaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING,
|
|
|
|
BOOLEAN);
|
2011-04-01 00:08:01 +08:00
|
|
|
NTSTATUS NTAPI RtlWriteRegistryValue (ULONG, PCWSTR, PCWSTR, ULONG, PVOID,
|
|
|
|
ULONG);
|
2007-07-27 01:30:54 +08:00
|
|
|
|
2011-04-01 00:08:01 +08:00
|
|
|
#ifdef __cplusplus
|
2007-07-27 01:30:54 +08:00
|
|
|
/* A few Rtl functions are either actually macros, or they just don't
|
2007-08-12 20:48:02 +08:00
|
|
|
exist even though they would be a big help. We implement them here,
|
|
|
|
partly as inline functions. */
|
|
|
|
|
|
|
|
/* RtlInitEmptyUnicodeString is defined as a macro in wdm.h, but that file
|
|
|
|
is missing entirely in w32api. */
|
2007-07-27 01:30:54 +08:00
|
|
|
inline
|
|
|
|
VOID NTAPI RtlInitEmptyUnicodeString(PUNICODE_STRING dest, PCWSTR buf,
|
|
|
|
USHORT len)
|
|
|
|
{
|
|
|
|
dest->Length = 0;
|
|
|
|
dest->MaximumLength = len;
|
|
|
|
dest->Buffer = (PWSTR) buf;
|
|
|
|
}
|
2007-08-12 20:48:02 +08:00
|
|
|
/* Like RtlInitEmptyUnicodeString, but initialize Length to len, too.
|
|
|
|
This is for instance useful when creating a UNICODE_STRING from an
|
|
|
|
NtQueryInformationFile info buffer, where the length of the filename
|
|
|
|
is known, but you can't rely on the string being 0-terminated.
|
|
|
|
If you know it's 0-terminated, just use RtlInitUnicodeString(). */
|
2007-07-27 01:30:54 +08:00
|
|
|
inline
|
2007-07-29 00:00:35 +08:00
|
|
|
VOID NTAPI RtlInitCountedUnicodeString (PUNICODE_STRING dest, PCWSTR buf,
|
2008-02-16 01:53:11 +08:00
|
|
|
USHORT len)
|
2007-07-27 01:30:54 +08:00
|
|
|
{
|
|
|
|
dest->Length = dest->MaximumLength = len;
|
|
|
|
dest->Buffer = (PWSTR) buf;
|
|
|
|
}
|
2007-08-12 20:48:02 +08:00
|
|
|
/* Split path into dirname and basename part. This function does not
|
|
|
|
copy anything! It just initializes the dirname and basename
|
|
|
|
UNICODE_STRINGs so that their Buffer members point to the right spot
|
2008-02-16 01:53:11 +08:00
|
|
|
into path's Buffer, and the Length (and MaximumLength) members are set
|
2007-08-12 20:48:02 +08:00
|
|
|
to match the dirname part and the basename part.
|
|
|
|
Note that dirname's Length is set so that it also includes the trailing
|
|
|
|
backslash. If you don't need it, just subtract sizeof(WCHAR) from
|
|
|
|
dirname.Length. */
|
2007-07-27 18:10:57 +08:00
|
|
|
inline
|
2007-08-12 20:48:02 +08:00
|
|
|
VOID NTAPI RtlSplitUnicodePath (PUNICODE_STRING path, PUNICODE_STRING dirname,
|
|
|
|
PUNICODE_STRING basename)
|
2007-07-27 18:10:57 +08:00
|
|
|
{
|
|
|
|
USHORT len = path->Length / sizeof (WCHAR);
|
|
|
|
while (len > 0 && path->Buffer[--len] != L'\\')
|
|
|
|
;
|
|
|
|
++len;
|
2007-08-12 20:48:02 +08:00
|
|
|
if (dirname)
|
|
|
|
RtlInitCountedUnicodeString (dirname, path->Buffer, len * sizeof (WCHAR));
|
|
|
|
if (basename)
|
|
|
|
RtlInitCountedUnicodeString (basename, &path->Buffer[len],
|
2007-07-29 00:00:35 +08:00
|
|
|
path->Length - len * sizeof (WCHAR));
|
|
|
|
}
|
2007-08-12 20:48:02 +08:00
|
|
|
/* Check if prefix is a prefix of path. */
|
2007-07-29 00:00:35 +08:00
|
|
|
inline
|
2009-07-15 01:37:42 +08:00
|
|
|
BOOLEAN NTAPI RtlEqualUnicodePathPrefix (PUNICODE_STRING path,
|
|
|
|
PUNICODE_STRING prefix,
|
2007-07-29 00:08:45 +08:00
|
|
|
BOOLEAN caseinsensitive)
|
2007-07-29 00:00:35 +08:00
|
|
|
{
|
2009-07-15 01:37:42 +08:00
|
|
|
UNICODE_STRING p;
|
2007-07-29 00:00:35 +08:00
|
|
|
|
|
|
|
RtlInitCountedUnicodeString (&p, path->Buffer,
|
2009-07-15 01:37:42 +08:00
|
|
|
prefix->Length < path->Length
|
|
|
|
? prefix->Length : path->Length);
|
|
|
|
return RtlEqualUnicodeString (&p, prefix, caseinsensitive);
|
2007-07-29 00:00:35 +08:00
|
|
|
}
|
2011-07-26 17:54:11 +08:00
|
|
|
/* Check if suffix is a suffix of path. */
|
2007-07-29 00:00:35 +08:00
|
|
|
inline
|
2009-07-15 01:37:42 +08:00
|
|
|
BOOL NTAPI RtlEqualUnicodePathSuffix (PUNICODE_STRING path,
|
|
|
|
PUNICODE_STRING suffix,
|
2007-07-29 00:08:45 +08:00
|
|
|
BOOLEAN caseinsensitive)
|
2007-07-29 00:00:35 +08:00
|
|
|
{
|
2009-07-15 01:37:42 +08:00
|
|
|
UNICODE_STRING p;
|
2007-07-29 00:00:35 +08:00
|
|
|
|
2009-07-15 01:37:42 +08:00
|
|
|
if (suffix->Length < path->Length)
|
2007-07-29 00:00:35 +08:00
|
|
|
RtlInitCountedUnicodeString (&p, (PWCHAR) ((PBYTE) path->Buffer
|
2009-07-15 01:37:42 +08:00
|
|
|
+ path->Length - suffix->Length),
|
|
|
|
suffix->Length);
|
2007-07-29 00:00:35 +08:00
|
|
|
else
|
|
|
|
RtlInitCountedUnicodeString (&p, path->Buffer, path->Length);
|
2009-07-15 01:37:42 +08:00
|
|
|
return RtlEqualUnicodeString (&p, suffix, caseinsensitive);
|
2007-07-27 18:10:57 +08:00
|
|
|
}
|
2007-08-12 20:48:02 +08:00
|
|
|
/* Implemented in strfuncs.cc. Create a Hex UNICODE_STRING from a given
|
|
|
|
64 bit integer value. If append is TRUE, append the hex string,
|
2007-12-12 20:12:24 +08:00
|
|
|
otherwise overwrite dest. Returns either STATUS_SUCCESS, or
|
2007-08-12 20:48:02 +08:00
|
|
|
STATUS_BUFFER_OVERFLOW, if the unicode buffer is too small (hasn't
|
|
|
|
room for 16 WCHARs). */
|
|
|
|
NTSTATUS NTAPI RtlInt64ToHexUnicodeString (ULONGLONG value,
|
|
|
|
PUNICODE_STRING dest,
|
|
|
|
BOOLEAN append);
|
2008-10-21 03:30:06 +08:00
|
|
|
/* Set file attributes. Don't change file times. */
|
|
|
|
inline
|
|
|
|
NTSTATUS NTAPI NtSetAttributesFile (HANDLE h, ULONG attr)
|
|
|
|
{
|
|
|
|
IO_STATUS_BLOCK io;
|
|
|
|
FILE_BASIC_INFORMATION fbi;
|
|
|
|
fbi.CreationTime.QuadPart = fbi.LastAccessTime.QuadPart =
|
|
|
|
fbi.LastWriteTime.QuadPart = fbi.ChangeTime.QuadPart = 0LL;
|
|
|
|
fbi.FileAttributes = attr ?: FILE_ATTRIBUTE_NORMAL;
|
|
|
|
return NtSetInformationFile(h, &io, &fbi, sizeof fbi, FileBasicInformation);
|
|
|
|
}
|
2011-04-29 16:27:11 +08:00
|
|
|
|
|
|
|
/* This test for a signalled event is twice as fast as calling
|
|
|
|
WaitForSingleObject (event, 0). */
|
|
|
|
inline
|
|
|
|
BOOL NTAPI IsEventSignalled (HANDLE event)
|
|
|
|
{
|
|
|
|
EVENT_BASIC_INFORMATION ebi;
|
|
|
|
return NT_SUCCESS (NtQueryEvent (event, EventBasicInformation,
|
|
|
|
&ebi, sizeof ebi, NULL))
|
|
|
|
&& ebi.SignalState != 0;
|
|
|
|
|
|
|
|
}
|
2000-11-02 13:25:56 +08:00
|
|
|
}
|
2011-04-01 00:08:01 +08:00
|
|
|
#endif
|
2010-03-16 05:29:15 +08:00
|
|
|
#endif /*_NTDLL_H*/
|