Supervised user import: Listen for profile creation/deletion
[chromium-blink-merge.git] / sandbox / win / src / nt_internals.h
blob45511a1f98a16bcaa0f0e89811ff659387697634
1 // Copyright 2013 The Chromium Authors. All rights reserved.
2 // Use of this source code is governed by a BSD-style license that can be
3 // found in the LICENSE file.
5 // This file holds definitions related to the ntdll API.
7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
10 #include <windows.h>
12 typedef LONG NTSTATUS;
13 #define NT_SUCCESS(st) (st >= 0)
15 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L)
16 #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L)
17 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L)
18 #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L)
19 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L)
20 #ifndef STATUS_INVALID_PARAMETER
21 // It is now defined in Windows 2008 SDK.
22 #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL)
23 #endif
24 #define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L)
25 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L)
26 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L)
27 #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L)
28 #define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L)
29 #define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL)
30 #define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL)
31 #define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL)
33 #define CURRENT_PROCESS ((HANDLE) -1)
34 #define CURRENT_THREAD ((HANDLE) -2)
35 #define NtCurrentProcess CURRENT_PROCESS
37 typedef struct _UNICODE_STRING {
38 USHORT Length;
39 USHORT MaximumLength;
40 PWSTR Buffer;
41 } UNICODE_STRING;
42 typedef UNICODE_STRING *PUNICODE_STRING;
43 typedef const UNICODE_STRING *PCUNICODE_STRING;
45 typedef struct _STRING {
46 USHORT Length;
47 USHORT MaximumLength;
48 PCHAR Buffer;
49 } STRING;
50 typedef STRING *PSTRING;
52 typedef STRING ANSI_STRING;
53 typedef PSTRING PANSI_STRING;
54 typedef CONST PSTRING PCANSI_STRING;
56 typedef STRING OEM_STRING;
57 typedef PSTRING POEM_STRING;
58 typedef CONST STRING* PCOEM_STRING;
60 #define OBJ_CASE_INSENSITIVE 0x00000040L
62 typedef struct _OBJECT_ATTRIBUTES {
63 ULONG Length;
64 HANDLE RootDirectory;
65 PUNICODE_STRING ObjectName;
66 ULONG Attributes;
67 PVOID SecurityDescriptor;
68 PVOID SecurityQualityOfService;
69 } OBJECT_ATTRIBUTES;
70 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
72 #define InitializeObjectAttributes(p, n, a, r, s) { \
73 (p)->Length = sizeof(OBJECT_ATTRIBUTES);\
74 (p)->RootDirectory = r;\
75 (p)->Attributes = a;\
76 (p)->ObjectName = n;\
77 (p)->SecurityDescriptor = s;\
78 (p)->SecurityQualityOfService = NULL;\
81 typedef struct _IO_STATUS_BLOCK {
82 union {
83 NTSTATUS Status;
84 PVOID Pointer;
86 ULONG_PTR Information;
87 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
89 // -----------------------------------------------------------------------
90 // File IO
92 // Create disposition values.
94 #define FILE_SUPERSEDE 0x00000000
95 #define FILE_OPEN 0x00000001
96 #define FILE_CREATE 0x00000002
97 #define FILE_OPEN_IF 0x00000003
98 #define FILE_OVERWRITE 0x00000004
99 #define FILE_OVERWRITE_IF 0x00000005
100 #define FILE_MAXIMUM_DISPOSITION 0x00000005
102 // Create/open option flags.
104 #define FILE_DIRECTORY_FILE 0x00000001
105 #define FILE_WRITE_THROUGH 0x00000002
106 #define FILE_SEQUENTIAL_ONLY 0x00000004
107 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
109 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
110 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
111 #define FILE_NON_DIRECTORY_FILE 0x00000040
112 #define FILE_CREATE_TREE_CONNECTION 0x00000080
114 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
115 #define FILE_NO_EA_KNOWLEDGE 0x00000200
116 #define FILE_OPEN_REMOTE_INSTANCE 0x00000400
117 #define FILE_RANDOM_ACCESS 0x00000800
119 #define FILE_DELETE_ON_CLOSE 0x00001000
120 #define FILE_OPEN_BY_FILE_ID 0x00002000
121 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
122 #define FILE_NO_COMPRESSION 0x00008000
124 #define FILE_RESERVE_OPFILTER 0x00100000
125 #define FILE_OPEN_REPARSE_POINT 0x00200000
126 #define FILE_OPEN_NO_RECALL 0x00400000
127 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000
129 // Create/open result values. These are the disposition values returned on the
130 // io status information.
131 #define FILE_SUPERSEDED 0x00000000
132 #define FILE_OPENED 0x00000001
133 #define FILE_CREATED 0x00000002
134 #define FILE_OVERWRITTEN 0x00000003
135 #define FILE_EXISTS 0x00000004
136 #define FILE_DOES_NOT_EXIST 0x00000005
138 typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
139 OUT PHANDLE FileHandle,
140 IN ACCESS_MASK DesiredAccess,
141 IN POBJECT_ATTRIBUTES ObjectAttributes,
142 OUT PIO_STATUS_BLOCK IoStatusBlock,
143 IN PLARGE_INTEGER AllocationSize OPTIONAL,
144 IN ULONG FileAttributes,
145 IN ULONG ShareAccess,
146 IN ULONG CreateDisposition,
147 IN ULONG CreateOptions,
148 IN PVOID EaBuffer OPTIONAL,
149 IN ULONG EaLength);
151 typedef NTSTATUS (WINAPI *NtOpenFileFunction)(
152 OUT PHANDLE FileHandle,
153 IN ACCESS_MASK DesiredAccess,
154 IN POBJECT_ATTRIBUTES ObjectAttributes,
155 OUT PIO_STATUS_BLOCK IoStatusBlock,
156 IN ULONG ShareAccess,
157 IN ULONG OpenOptions);
159 typedef NTSTATUS (WINAPI *NtCloseFunction)(
160 IN HANDLE Handle);
162 typedef enum _FILE_INFORMATION_CLASS {
163 FileRenameInformation = 10
164 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
166 typedef struct _FILE_RENAME_INFORMATION {
167 BOOLEAN ReplaceIfExists;
168 HANDLE RootDirectory;
169 ULONG FileNameLength;
170 WCHAR FileName[1];
171 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
173 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)(
174 IN HANDLE FileHandle,
175 OUT PIO_STATUS_BLOCK IoStatusBlock,
176 IN PVOID FileInformation,
177 IN ULONG Length,
178 IN FILE_INFORMATION_CLASS FileInformationClass);
180 typedef struct FILE_BASIC_INFORMATION {
181 LARGE_INTEGER CreationTime;
182 LARGE_INTEGER LastAccessTime;
183 LARGE_INTEGER LastWriteTime;
184 LARGE_INTEGER ChangeTime;
185 ULONG FileAttributes;
186 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
188 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)(
189 IN POBJECT_ATTRIBUTES ObjectAttributes,
190 OUT PFILE_BASIC_INFORMATION FileAttributes);
192 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
193 LARGE_INTEGER CreationTime;
194 LARGE_INTEGER LastAccessTime;
195 LARGE_INTEGER LastWriteTime;
196 LARGE_INTEGER ChangeTime;
197 LARGE_INTEGER AllocationSize;
198 LARGE_INTEGER EndOfFile;
199 ULONG FileAttributes;
200 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
202 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)(
203 IN POBJECT_ATTRIBUTES ObjectAttributes,
204 OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
206 // -----------------------------------------------------------------------
207 // Sections
209 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)(
210 OUT PHANDLE SectionHandle,
211 IN ACCESS_MASK DesiredAccess,
212 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
213 IN PLARGE_INTEGER MaximumSize OPTIONAL,
214 IN ULONG SectionPageProtection,
215 IN ULONG AllocationAttributes,
216 IN HANDLE FileHandle OPTIONAL);
218 typedef ULONG SECTION_INHERIT;
219 #define ViewShare 1
220 #define ViewUnmap 2
222 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)(
223 IN HANDLE SectionHandle,
224 IN HANDLE ProcessHandle,
225 IN OUT PVOID *BaseAddress,
226 IN ULONG_PTR ZeroBits,
227 IN SIZE_T CommitSize,
228 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
229 IN OUT PSIZE_T ViewSize,
230 IN SECTION_INHERIT InheritDisposition,
231 IN ULONG AllocationType,
232 IN ULONG Win32Protect);
234 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)(
235 IN HANDLE ProcessHandle,
236 IN PVOID BaseAddress);
238 typedef enum _SECTION_INFORMATION_CLASS {
239 SectionBasicInformation = 0,
240 SectionImageInformation
241 } SECTION_INFORMATION_CLASS;
243 typedef struct _SECTION_BASIC_INFORMATION {
244 PVOID BaseAddress;
245 ULONG Attributes;
246 LARGE_INTEGER Size;
247 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
249 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)(
250 IN HANDLE SectionHandle,
251 IN SECTION_INFORMATION_CLASS SectionInformationClass,
252 OUT PVOID SectionInformation,
253 IN SIZE_T SectionInformationLength,
254 OUT PSIZE_T ReturnLength OPTIONAL);
256 // -----------------------------------------------------------------------
257 // Process and Thread
259 typedef struct _CLIENT_ID {
260 PVOID UniqueProcess;
261 PVOID UniqueThread;
262 } CLIENT_ID, *PCLIENT_ID;
264 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) (
265 OUT PHANDLE ThreadHandle,
266 IN ACCESS_MASK DesiredAccess,
267 IN POBJECT_ATTRIBUTES ObjectAttributes,
268 IN PCLIENT_ID ClientId);
270 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) (
271 OUT PHANDLE ProcessHandle,
272 IN ACCESS_MASK DesiredAccess,
273 IN POBJECT_ATTRIBUTES ObjectAttributes,
274 IN PCLIENT_ID ClientId);
276 typedef enum _NT_THREAD_INFORMATION_CLASS {
277 ThreadBasicInformation,
278 ThreadTimes,
279 ThreadPriority,
280 ThreadBasePriority,
281 ThreadAffinityMask,
282 ThreadImpersonationToken,
283 ThreadDescriptorTableEntry,
284 ThreadEnableAlignmentFaultFixup,
285 ThreadEventPair,
286 ThreadQuerySetWin32StartAddress,
287 ThreadZeroTlsCell,
288 ThreadPerformanceCount,
289 ThreadAmILastThread,
290 ThreadIdealProcessor,
291 ThreadPriorityBoost,
292 ThreadSetTlsArrayAddress,
293 ThreadIsIoPending,
294 ThreadHideFromDebugger
295 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS;
297 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) (
298 IN HANDLE ThreadHandle,
299 IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
300 IN PVOID ThreadInformation,
301 IN ULONG ThreadInformationLength);
303 // Partial definition only:
304 typedef enum _PROCESSINFOCLASS {
305 ProcessBasicInformation = 0,
306 ProcessExecuteFlags = 0x22
307 } PROCESSINFOCLASS;
309 typedef PVOID PPEB;
310 typedef PVOID KPRIORITY;
312 typedef struct _PROCESS_BASIC_INFORMATION {
313 NTSTATUS ExitStatus;
314 PPEB PebBaseAddress;
315 KAFFINITY AffinityMask;
316 KPRIORITY BasePriority;
317 ULONG UniqueProcessId;
318 ULONG InheritedFromUniqueProcessId;
319 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
321 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
322 IN HANDLE ProcessHandle,
323 IN PROCESSINFOCLASS ProcessInformationClass,
324 OUT PVOID ProcessInformation,
325 IN ULONG ProcessInformationLength,
326 OUT PULONG ReturnLength OPTIONAL);
328 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
329 HANDLE ProcessHandle,
330 IN PROCESSINFOCLASS ProcessInformationClass,
331 IN PVOID ProcessInformation,
332 IN ULONG ProcessInformationLength);
334 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
335 IN HANDLE ThreadHandle,
336 IN ACCESS_MASK DesiredAccess,
337 IN BOOLEAN OpenAsSelf,
338 OUT PHANDLE TokenHandle);
340 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) (
341 IN HANDLE ThreadHandle,
342 IN ACCESS_MASK DesiredAccess,
343 IN BOOLEAN OpenAsSelf,
344 IN ULONG HandleAttributes,
345 OUT PHANDLE TokenHandle);
347 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) (
348 IN HANDLE ProcessHandle,
349 IN ACCESS_MASK DesiredAccess,
350 OUT PHANDLE TokenHandle);
352 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
353 IN HANDLE ProcessHandle,
354 IN ACCESS_MASK DesiredAccess,
355 IN ULONG HandleAttributes,
356 OUT PHANDLE TokenHandle);
358 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
359 IN HANDLE Process,
360 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
361 IN BOOLEAN CreateSuspended,
362 IN ULONG ZeroBits,
363 IN SIZE_T MaximumStackSize,
364 IN SIZE_T CommittedStackSize,
365 IN LPTHREAD_START_ROUTINE StartAddress,
366 IN PVOID Parameter,
367 OUT PHANDLE Thread,
368 OUT PCLIENT_ID ClientId);
370 // -----------------------------------------------------------------------
371 // Registry
373 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
374 OUT PHANDLE KeyHandle,
375 IN ACCESS_MASK DesiredAccess,
376 IN POBJECT_ATTRIBUTES ObjectAttributes,
377 IN ULONG TitleIndex,
378 IN PUNICODE_STRING Class OPTIONAL,
379 IN ULONG CreateOptions,
380 OUT PULONG Disposition OPTIONAL);
382 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
383 OUT PHANDLE KeyHandle,
384 IN ACCESS_MASK DesiredAccess,
385 IN POBJECT_ATTRIBUTES ObjectAttributes);
387 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
388 OUT PHANDLE KeyHandle,
389 IN ACCESS_MASK DesiredAccess,
390 IN POBJECT_ATTRIBUTES ObjectAttributes,
391 IN DWORD open_options);
393 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
394 IN HANDLE KeyHandle);
396 // -----------------------------------------------------------------------
397 // Memory
399 // Don't really need this structure right now.
400 typedef PVOID PRTL_HEAP_PARAMETERS;
402 typedef PVOID (WINAPI *RtlCreateHeapFunction)(
403 IN ULONG Flags,
404 IN PVOID HeapBase OPTIONAL,
405 IN SIZE_T ReserveSize OPTIONAL,
406 IN SIZE_T CommitSize OPTIONAL,
407 IN PVOID Lock OPTIONAL,
408 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
410 typedef PVOID (WINAPI *RtlDestroyHeapFunction)(
411 IN PVOID HeapHandle);
413 typedef PVOID (WINAPI *RtlAllocateHeapFunction)(
414 IN PVOID HeapHandle,
415 IN ULONG Flags,
416 IN SIZE_T Size);
418 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)(
419 IN PVOID HeapHandle,
420 IN ULONG Flags,
421 IN PVOID HeapBase);
423 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) (
424 IN HANDLE ProcessHandle,
425 IN OUT PVOID *BaseAddress,
426 IN ULONG_PTR ZeroBits,
427 IN OUT PSIZE_T RegionSize,
428 IN ULONG AllocationType,
429 IN ULONG Protect);
431 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) (
432 IN HANDLE ProcessHandle,
433 IN OUT PVOID *BaseAddress,
434 IN OUT PSIZE_T RegionSize,
435 IN ULONG FreeType);
437 typedef enum _MEMORY_INFORMATION_CLASS {
438 MemoryBasicInformation = 0,
439 MemoryWorkingSetList,
440 MemorySectionName,
441 MemoryBasicVlmInformation
442 } MEMORY_INFORMATION_CLASS;
444 typedef struct _MEMORY_SECTION_NAME { // Information Class 2
445 UNICODE_STRING SectionFileName;
446 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
448 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)(
449 IN HANDLE ProcessHandle,
450 IN PVOID BaseAddress,
451 IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
452 OUT PVOID MemoryInformation,
453 IN SIZE_T MemoryInformationLength,
454 OUT PSIZE_T ReturnLength OPTIONAL);
456 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)(
457 IN HANDLE ProcessHandle,
458 IN OUT PVOID* BaseAddress,
459 IN OUT PSIZE_T ProtectSize,
460 IN ULONG NewProtect,
461 OUT PULONG OldProtect);
463 // -----------------------------------------------------------------------
464 // Objects
466 typedef enum _OBJECT_INFORMATION_CLASS {
467 ObjectBasicInformation,
468 ObjectNameInformation,
469 ObjectTypeInformation,
470 ObjectAllInformation,
471 ObjectDataInformation
472 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
474 typedef struct _OBJDIR_INFORMATION {
475 UNICODE_STRING ObjectName;
476 UNICODE_STRING ObjectTypeName;
477 BYTE Data[1];
478 } OBJDIR_INFORMATION;
480 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
481 ULONG Attributes;
482 ACCESS_MASK GrantedAccess;
483 ULONG HandleCount;
484 ULONG PointerCount;
485 ULONG Reserved[10]; // reserved for internal use
486 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
488 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
489 UNICODE_STRING TypeName;
490 ULONG Reserved[22]; // reserved for internal use
491 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
493 typedef enum _POOL_TYPE {
494 NonPagedPool,
495 PagedPool,
496 NonPagedPoolMustSucceed,
497 ReservedType,
498 NonPagedPoolCacheAligned,
499 PagedPoolCacheAligned,
500 NonPagedPoolCacheAlignedMustS
501 } POOL_TYPE;
503 typedef struct _OBJECT_BASIC_INFORMATION {
504 ULONG Attributes;
505 ACCESS_MASK GrantedAccess;
506 ULONG HandleCount;
507 ULONG PointerCount;
508 ULONG PagedPoolUsage;
509 ULONG NonPagedPoolUsage;
510 ULONG Reserved[3];
511 ULONG NameInformationLength;
512 ULONG TypeInformationLength;
513 ULONG SecurityDescriptorLength;
514 LARGE_INTEGER CreateTime;
515 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
517 typedef struct _OBJECT_TYPE_INFORMATION {
518 UNICODE_STRING Name;
519 ULONG TotalNumberOfObjects;
520 ULONG TotalNumberOfHandles;
521 ULONG TotalPagedPoolUsage;
522 ULONG TotalNonPagedPoolUsage;
523 ULONG TotalNamePoolUsage;
524 ULONG TotalHandleTableUsage;
525 ULONG HighWaterNumberOfObjects;
526 ULONG HighWaterNumberOfHandles;
527 ULONG HighWaterPagedPoolUsage;
528 ULONG HighWaterNonPagedPoolUsage;
529 ULONG HighWaterNamePoolUsage;
530 ULONG HighWaterHandleTableUsage;
531 ULONG InvalidAttributes;
532 GENERIC_MAPPING GenericMapping;
533 ULONG ValidAccess;
534 BOOLEAN SecurityRequired;
535 BOOLEAN MaintainHandleCount;
536 USHORT MaintainTypeList;
537 POOL_TYPE PoolType;
538 ULONG PagedPoolUsage;
539 ULONG NonPagedPoolUsage;
540 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
542 typedef enum _SYSTEM_INFORMATION_CLASS {
543 SystemHandleInformation = 16
544 } SYSTEM_INFORMATION_CLASS;
546 typedef struct _SYSTEM_HANDLE_INFORMATION {
547 USHORT ProcessId;
548 USHORT CreatorBackTraceIndex;
549 UCHAR ObjectTypeNumber;
550 UCHAR Flags;
551 USHORT Handle;
552 PVOID Object;
553 ACCESS_MASK GrantedAccess;
554 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
556 typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
557 ULONG NumberOfHandles;
558 SYSTEM_HANDLE_INFORMATION Information[1];
559 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
561 typedef struct _OBJECT_NAME_INFORMATION {
562 UNICODE_STRING ObjectName;
563 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
565 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)(
566 IN HANDLE Handle,
567 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
568 OUT PVOID ObjectInformation OPTIONAL,
569 IN ULONG ObjectInformationLength,
570 OUT PULONG ReturnLength OPTIONAL);
572 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)(
573 IN HANDLE SourceProcess,
574 IN HANDLE SourceHandle,
575 IN HANDLE TargetProcess,
576 OUT PHANDLE TargetHandle,
577 IN ACCESS_MASK DesiredAccess,
578 IN ULONG Attributes,
579 IN ULONG Options);
581 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)(
582 IN HANDLE HandleToSignal,
583 IN HANDLE HandleToWait,
584 IN BOOLEAN Alertable,
585 IN PLARGE_INTEGER Timeout OPTIONAL);
587 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)(
588 IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
589 OUT PVOID SystemInformation,
590 IN ULONG SystemInformationLength,
591 OUT PULONG ReturnLength);
593 typedef NTSTATUS (WINAPI *NtQueryObject)(
594 IN HANDLE Handle,
595 IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
596 OUT PVOID ObjectInformation,
597 IN ULONG ObjectInformationLength,
598 OUT PULONG ReturnLength);
600 // -----------------------------------------------------------------------
601 // Strings
603 typedef int (__cdecl *_strnicmpFunction)(
604 IN const char* _Str1,
605 IN const char* _Str2,
606 IN size_t _MaxCount);
608 typedef size_t (__cdecl *strlenFunction)(
609 IN const char * _Str);
611 typedef size_t (__cdecl *wcslenFunction)(
612 IN const wchar_t* _Str);
614 typedef void* (__cdecl *memcpyFunction)(
615 IN void* dest,
616 IN const void* src,
617 IN size_t count);
619 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
620 IN OUT PUNICODE_STRING DestinationString,
621 IN PANSI_STRING SourceString,
622 IN BOOLEAN AllocateDestinationString);
624 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)(
625 IN PCUNICODE_STRING String1,
626 IN PCUNICODE_STRING String2,
627 IN BOOLEAN CaseInSensitive);
629 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
630 IN OUT PUNICODE_STRING DestinationString,
631 IN PCWSTR SourceString);
633 typedef enum _EVENT_TYPE {
634 NotificationEvent,
635 SynchronizationEvent
636 } EVENT_TYPE, *PEVENT_TYPE;
638 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) (
639 PHANDLE DirectoryHandle,
640 ACCESS_MASK DesiredAccess,
641 POBJECT_ATTRIBUTES ObjectAttributes);
643 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) (
644 HANDLE LinkHandle,
645 PUNICODE_STRING LinkTarget,
646 PULONG ReturnedLength);
648 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) (
649 PHANDLE LinkHandle,
650 ACCESS_MASK DesiredAccess,
651 POBJECT_ATTRIBUTES ObjectAttributes);
653 #define DIRECTORY_QUERY 0x0001
654 #define DIRECTORY_TRAVERSE 0x0002
655 #define DIRECTORY_CREATE_OBJECT 0x0004
656 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
657 #define DIRECTORY_ALL_ACCESS 0x000F
659 typedef NTSTATUS (WINAPI* NtCreateLowBoxToken)(
660 OUT PHANDLE token,
661 IN HANDLE original_handle,
662 IN ACCESS_MASK access,
663 IN POBJECT_ATTRIBUTES object_attribute,
664 IN PSID appcontainer_sid,
665 IN DWORD capabilityCount,
666 IN PSID_AND_ATTRIBUTES capabilities,
667 IN DWORD handle_count,
668 IN PHANDLE handles);
670 typedef NTSTATUS(WINAPI *NtSetInformationProcess)(
671 IN HANDLE process_handle,
672 IN ULONG info_class,
673 IN PVOID process_information,
674 IN ULONG information_length);
676 struct PROCESS_ACCESS_TOKEN {
677 HANDLE token;
678 HANDLE thread;
681 const unsigned int NtProcessInformationAccessToken = 9;
683 #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__