search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Cygwin: (mostly) drop NT4 and Samba < 3.0 support
[newlib-cygwin.git] / winsup / cygwin / local_includes / ntdll.h
blob7737ae503c1829db547f13351b13716bff60057c
1 /* ntdll.h. Contains ntdll specific stuff not defined elsewhere.
2
3 This file is part of Cygwin.
4
5 This software is a copyrighted work licensed under the terms of the
6 Cygwin license. Please consult the file "CYGWIN_LICENSE" for
7 details. */
8
9 #pragma once
10
11 #include <w32api/ntstatus.h>
12
13 /* Values for Cygwin AF_UNIX socket reparse points. */
14 #define IO_REPARSE_TAG_CYGUNIX (0x00006375)
15 extern GUID __cygwin_socket_guid;
16 #define CYGWIN_SOCKET_GUID (&__cygwin_socket_guid)
17
18 /* Status codes not known to Mingw-w64 yet. The error code needs to
19 be maintained here as well as long as Mingw-w64 didn't follow up. */
20 #define STATUS_CASE_DIFFERING_NAMES_IN_DIR ((NTSTATUS)0xC00004B3)
21 #define ERROR_CASE_DIFFERING_NAMES_IN_DIR __MSABI_LONG(424)
22
23 /* Custom Cygwin-only status codes. */
24 #define STATUS_THREAD_SIGNALED ((NTSTATUS)0xe0000001)
25 #define STATUS_THREAD_CANCELED ((NTSTATUS)0xe0000002)
26 #define STATUS_ILLEGAL_DLL_PSEUDO_RELOCATION ((DWORD) 0xe0000269)
27
28 /* Simplify checking for a transactional error code. */
29 #define NT_TRANSACTIONAL_ERROR(s) \
30 (((ULONG)(s) >= (ULONG)STATUS_TRANSACTIONAL_CONFLICT) \
31 && ((ULONG)(s) <= (ULONG)STATUS_TRANSACTION_NOT_ENLISTED))
32
33 #define NtCurrentProcess() ((HANDLE) (LONG_PTR) -1)
34 #define NtCurrentThread() ((HANDLE) (LONG_PTR) -2)
35
36 /* Creation information returned in IO_STATUS_BLOCK. */
37 #define FILE_SUPERSEDED 0
38 #define FILE_OPENED 1
39 #define FILE_CREATED 2
40 #define FILE_OVERWRITTEN 3
41 #define FILE_EXISTS 4
42 #define FILE_DOES_NOT_EXIST 5
43
44 /* Relative file position values in NtWriteFile call. */
45 #define FILE_WRITE_TO_END_OF_FILE (-1LL)
46 #define FILE_USE_FILE_POINTER_POSITION (-2LL)
47
48 /* Sparsification granularity on NTFS. */
49 #define FILE_SPARSE_GRANULARITY (64 * 1024)
50
51 /* Device Characteristics. */
52 #define FILE_REMOVABLE_MEDIA 0x00000001
53 #define FILE_READ_ONLY_DEVICE 0x00000002
54 #define FILE_FLOPPY_DISKETTE 0x00000004
55 #define FILE_WRITE_ONCE_MEDIA 0x00000008
56 #define FILE_REMOTE_DEVICE 0x00000010
57 #define FILE_DEVICE_IS_MOUNTED 0x00000020
58 #define FILE_VIRTUAL_VOLUME 0x00000040
59 #define FILE_AUTOGENERATED_DEVICE_NAME 0x00000080
60 #define FILE_DEVICE_SECURE_OPEN 0x00000100
61
62 /* Sector Size Information Flags */
63 #define SSINFO_FLAGS_ALIGNED_DEVICE 0x00000001
64 #define SSINFO_FLAGS_PARTITION_ALIGNED_ON_DEVICE 0x00000002
65 #define SSINFO_FLAGS_NO_SEEK_PENALTY 0x00000004
66 #define SSINFO_FLAGS_TRIM_ENABLED 0x00000008
67 #define SSINFO_FLAGS_BYTE_ADDRESSABLE 0x00000010
68
69 /* Lock type in NtLockVirtualMemory/NtUnlockVirtualMemory call. */
70 #define MAP_PROCESS 1
71 #define MAP_SYSTEM 2
72
73 /* Directory access rights (only in NT namespace). */
74 #define DIRECTORY_QUERY 1
75 #define DIRECTORY_TRAVERSE 2
76 #define DIRECTORY_CREATE_OBJECT 4
77 #define DIRECTORY_CREATE_SUBDIRECTORY 8
78 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|0x0f)
79
80 /* Symbolic link access rights (only in NT namespace). */
81 #define SYMBOLIC_LINK_QUERY 1
82 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
83
84 /* Transaction access rights. */
85 #ifndef TRANSACTION_ALL_ACCESS
86 #define TRANSACTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x3F)
87 #endif
88
89 /* Event object access rights. */
90 #define EVENT_QUERY_STATE 1
91
92 /* Semaphore access rights. */
93 #define SEMAPHORE_QUERY_STATE 1
94
95 /* Specific ACCESS_MASKSs for objects created in Cygwin. */
96 #define CYG_SHARED_DIR_ACCESS (DIRECTORY_QUERY \
97 | DIRECTORY_TRAVERSE \
98 | DIRECTORY_CREATE_SUBDIRECTORY \
99 | DIRECTORY_CREATE_OBJECT \
100 | READ_CONTROL)
101 #define CYG_MUTANT_ACCESS (MUTANT_QUERY_STATE \
102 | SYNCHRONIZE \
103 | READ_CONTROL)
104 #define CYG_EVENT_ACCESS (EVENT_QUERY_STATE \
105 | EVENT_MODIFY_STATE \
106 | SYNCHRONIZE \
107 | READ_CONTROL)
108 #define CYG_SEMAPHORE_ACCESS (SEMAPHORE_QUERY_STATE \
109 | SEMAPHORE_MODIFY_STATE \
110 | SYNCHRONIZE \
111 | READ_CONTROL)
112
113 /* Definitions for first parameter of RtlQueryRegistryValues. */
114 #define RTL_REGISTRY_ABSOLUTE 0
115 #define RTL_REGISTRY_SERVICES 1
116 #define RTL_REGISTRY_CONTROL 2
117 #define RTL_REGISTRY_WINDOWS_NT 3
118 #define RTL_REGISTRY_DEVICEMAP 4
119 #define RTL_REGISTRY_USER 5
120 #define RTL_REGISTRY_HANDLE 0x40000000
121 #define RTL_REGISTRY_OPTIONAL 0x80000000
122
123 /* Flags values for QueryTable parameter of RtlQueryRegistryValues. */
124 #define RTL_QUERY_REGISTRY_SUBKEY 0x01
125 #define RTL_QUERY_REGISTRY_TOPKEY 0x02
126 #define RTL_QUERY_REGISTRY_REQUIRED 0x04
127 #define RTL_QUERY_REGISTRY_NOVALUE 0x08
128 #define RTL_QUERY_REGISTRY_NOEXPAND 0x10
129 #define RTL_QUERY_REGISTRY_DIRECT 0x20
130 #define RTL_QUERY_REGISTRY_DELETE 0x40
131 #define RTL_QUERY_REGISTRY_NOSTRING 0x80
132
133 /* What RtlQueryProcessDebugInformation shall return. */
134 #define PDI_MODULES 0x01
135 #define PDI_HEAPS 0x04
136 #define PDI_HEAP_BLOCKS 0x10
137 #define PDI_WOW64_MODULES 0x40
138
139 /* VM working set list protection values. Returned by NtQueryVirtualMemory. */
140 #define WSLE_PAGE_READONLY 0x001
141 #define WSLE_PAGE_EXECUTE 0x002
142 #define WSLE_PAGE_EXECUTE_READ 0x003
143 #define WSLE_PAGE_READWRITE 0x004
144 #define WSLE_PAGE_WRITECOPY 0x005
145 #define WSLE_PAGE_EXECUTE_READWRITE 0x006
146 #define WSLE_PAGE_EXECUTE_WRITECOPY 0x007
147 #define WSLE_PAGE_SHARE_COUNT_MASK 0x0E0
148 #define WSLE_PAGE_SHAREABLE 0x100
149
150 /* Known debug heap flags */
151 #define HEAP_FLAG_NOSERIALIZE 0x1
152 #define HEAP_FLAG_GROWABLE 0x2
153 #define HEAP_FLAG_EXCEPTIONS 0x4
154 #define HEAP_FLAG_NONDEFAULT 0x1000
155 #define HEAP_FLAG_SHAREABLE 0x8000
156 #define HEAP_FLAG_EXECUTABLE 0x40000
157 #define HEAP_FLAG_DEBUGGED 0x40000000
158
159 #define FILE_VC_QUOTA_NONE 0x00000000
160 #define FILE_VC_QUOTA_TRACK 0x00000001
161 #define FILE_VC_QUOTA_ENFORCE 0x00000002
162 #define FILE_VC_QUOTA_MASK 0x00000003
163 #define FILE_VC_CONTENT_INDEX_DISABLED 0x00000008
164 #define FILE_VC_LOG_QUOTA_THRESHOLD 0x00000010
165 #define FILE_VC_LOG_QUOTA_LIMIT 0x00000020
166 #define FILE_VC_LOG_VOLUME_THRESHOLD 0x00000040
167 #define FILE_VC_LOG_VOLUME_LIMIT 0x00000080
168 #define FILE_VC_QUOTAS_INCOMPLETE 0x00000100
169 #define FILE_VC_QUOTAS_REBUILDING 0x00000200
170 #define FILE_VC_VALID_MASK 0x000003ff
171
172 #define PHCM_APPLICATION_DEFAULT 0
173 #define PHCM_DISGUISE_PLACEHOLDER 1
174 #define PHCM_EXPOSE_PLACEHOLDERS 2
175 #define PHCM_MAX 2
176 #define PHCM_ERROR_INVALID_PARAMETER -1
177 #define PHCM_ERROR_NO_TEB -2
178
179 /* IOCTL code to impersonate client of named pipe. */
180
181 #define FSCTL_PIPE_DISCONNECT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 1, \
182 METHOD_BUFFERED, FILE_ANY_ACCESS)
183 #define FSCTL_PIPE_LISTEN CTL_CODE(FILE_DEVICE_NAMED_PIPE, 2, \
184 METHOD_BUFFERED, FILE_ANY_ACCESS)
185 #define FSCTL_PIPE_PEEK CTL_CODE(FILE_DEVICE_NAMED_PIPE, 3, \
186 METHOD_BUFFERED, FILE_READ_DATA)
187 #define FSCTL_PIPE_WAIT CTL_CODE(FILE_DEVICE_NAMED_PIPE, 6, \
188 METHOD_BUFFERED, FILE_ANY_ACCESS)
189 #define FSCTL_PIPE_IMPERSONATE CTL_CODE(FILE_DEVICE_NAMED_PIPE, 7, \
190 METHOD_BUFFERED, FILE_ANY_ACCESS)
191 #define FSCTL_PIPE_FLUSH CTL_CODE(FILE_DEVICE_NAMED_PIPE, 16, \
192 METHOD_BUFFERED, FILE_WRITE_DATA)
193
194 typedef enum _FILE_INFORMATION_CLASS
195 {
196 FileDirectoryInformation = 1, // 1
197 FileFullDirectoryInformation, // 2
198 FileBothDirectoryInformation, // 3
199 FileBasicInformation, // 4
200 FileStandardInformation, // 5
201 FileInternalInformation, // 6
202 FileEaInformation, // 7
203 FileAccessInformation, // 8
204 FileNameInformation, // 9
205 FileRenameInformation, // 10
206 FileLinkInformation, // 11
207 FileNamesInformation, // 12
208 FileDispositionInformation, // 13
209 FilePositionInformation, // 14
210 FileFullEaInformation, // 15
211 FileModeInformation, // 16
212 FileAlignmentInformation, // 17
213 FileAllInformation, // 18
214 FileAllocationInformation, // 19
215 FileEndOfFileInformation, // 20
216 FileAlternateNameInformation, // 21
217 FileStreamInformation, // 22
218 FilePipeInformation, // 23
219 FilePipeLocalInformation, // 24
220 FilePipeRemoteInformation, // 25
221 FileMailslotQueryInformation, // 26
222 FileMailslotSetInformation, // 27
223 FileCompressionInformation, // 28
224 FileObjectIdInformation, // 29
225 FileCompletionInformation, // 30
226 FileMoveClusterInformation, // 31
227 FileQuotaInformation, // 32
228 FileReparsePointInformation, // 33
229 FileNetworkOpenInformation, // 34
230 FileAttributeTagInformation, // 35
231 FileTrackingInformation, // 36
232 FileIdBothDirectoryInformation, // 37
233 FileIdFullDirectoryInformation, // 38
234 FileValidDataLengthInformation, // 39
235 FileShortNameInformation, // 40
236 FileIoCompletionNotificationInformation, // 41
237 FileIoStatusBlockRangeInformation, // 42
238 FileIoPriorityHintInformation, // 43
239 FileSfioReserveInformation, // 44
240 FileSfioVolumeInformation, // 45
241 FileHardLinkInformation, // 46
242 FileProcessIdsUsingFileInformation, // 47
243 FileNormalizedNameInformation, // 48
244 FileNetworkPhysicalNameInformation, // 49
245 FileIdGlobalTxDirectoryInformation, // 50
246 FileIsRemoteDeviceInformation, // 51
247 FileUnusedInformation, // 52
248 FileNumaNodeInformation, // 53
249 FileStandardLinkInformation, // 54
250 FileRemoteProtocolInformation, // 55
251 FileRenameInformationBypassAccessCheck, // 56
252 FileLinkInformationBypassAccessCheck, // 57
253 FileVolumeNameInformation, // 58
254 FileIdInformation, // 59
255 FileIdExtdDirectoryInformation, // 60
256 FileReplaceCompletionInformation, // 61
257 FileHardLinkFullIdInformation, // 62
258 FileIdExtdBothDirectoryInformation, // 63
259 FileDispositionInformationEx, // 64
260 FileRenameInformationEx, // 65
261 FileRenameInformationExBypassAccessCheck, // 66
262 FileDesiredStorageClassInformation, // 67
263 FileStatInformation, // 68
264 FileMemoryPartitionInformation, // 69
265 FileStatLxInformation, // 70
266 FileCaseSensitiveInformation, // 71
267 FileLinkInformationEx, // 72
268 FileLinkInformationExBypassAccessCheck, // 73
269 FileStorageReserveIdInformation, // 74
270 FileCaseSensitiveInformationForceAccessCheck, // 75
271 FileMaximumInformation
272 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
273
274 typedef struct _FILE_DIRECTORY_INFORMATION // 1
275 {
276 ULONG NextEntryOffset;
277 ULONG FileIndex;
278 LARGE_INTEGER CreationTime;
279 LARGE_INTEGER LastAccessTime;
280 LARGE_INTEGER LastWriteTime;
281 LARGE_INTEGER ChangeTime;
282 LARGE_INTEGER EndOfFile;
283 LARGE_INTEGER AllocationSize;
284 ULONG FileAttributes;
285 ULONG FileNameLength;
286 WCHAR FileName[1];
287 } FILE_DIRECTORY_INFORMATION, *PFILE_DIRECTORY_INFORMATION;
288
289 typedef struct _FILE_BOTH_DIR_INFORMATION // 3
290 {
291 ULONG NextEntryOffset;
292 ULONG FileIndex;
293 LARGE_INTEGER CreationTime;
294 LARGE_INTEGER LastAccessTime;
295 LARGE_INTEGER LastWriteTime;
296 LARGE_INTEGER ChangeTime;
297 LARGE_INTEGER EndOfFile;
298 LARGE_INTEGER AllocationSize;
299 ULONG FileAttributes;
300 ULONG FileNameLength;
301 ULONG EaSize;
302 CCHAR ShortNameLength;
303 WCHAR ShortName[12];
304 WCHAR FileName[1];
305 } FILE_BOTH_DIR_INFORMATION, *PFILE_BOTH_DIR_INFORMATION;
306
307 typedef struct _FILE_BASIC_INFORMATION // 4
308 {
309 LARGE_INTEGER CreationTime;
310 LARGE_INTEGER LastAccessTime;
311 LARGE_INTEGER LastWriteTime;
312 LARGE_INTEGER ChangeTime;
313 ULONG FileAttributes;
314 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
315
316 typedef struct _FILE_STANDARD_INFORMATION // 5
317 {
318 LARGE_INTEGER AllocationSize;
319 LARGE_INTEGER EndOfFile;
320 ULONG NumberOfLinks;
321 BOOLEAN DeletePending;
322 BOOLEAN Directory;
323 } FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
324
325 typedef struct _FILE_INTERNAL_INFORMATION // 6
326 {
327 LARGE_INTEGER IndexNumber;
328 } FILE_INTERNAL_INFORMATION, *PFILE_INTERNAL_INFORMATION;
329
330 typedef struct _FILE_EA_INFORMATION // 7
331 {
332 ULONG EaSize;
333 } FILE_EA_INFORMATION, *PFILE_EA_INFORMATION;
334
335 typedef struct _FILE_ACCESS_INFORMATION // 8
336 {
337 ACCESS_MASK AccessFlags;
338 } FILE_ACCESS_INFORMATION, *PFILE_ACCESS_INFORMATION;
339
340 typedef struct _FILE_NAME_INFORMATION // 9, 21, 40
341 {
342 ULONG FileNameLength;
343 WCHAR FileName[1];
344 } FILE_NAME_INFORMATION, *PFILE_NAME_INFORMATION;
345
346 typedef struct _FILE_RENAME_INFORMATION // 10, 56, 65, 66
347 {
348 union
349 {
350 BOOLEAN ReplaceIfExists; // FileRenameInformation
351 ULONG Flags; // FileRenameInformationEx
352 };
353 HANDLE RootDirectory;
354 ULONG FileNameLength;
355 WCHAR FileName[1];
356 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
357
358 typedef struct _FILE_LINK_INFORMATION // 11, 57, 72, 73
359 {
360 union
361 {
362 BOOLEAN ReplaceIfExists; // FileLinkInformation
363 ULONG Flags; // FileLinkInformationEx
364 };
365 HANDLE RootDirectory;
366 ULONG FileNameLength;
367 WCHAR FileName[1];
368 } FILE_LINK_INFORMATION, *PFILE_LINK_INFORMATION;
369
370 typedef struct _FILE_NAMES_INFORMATION // 12
371 {
372 ULONG NextEntryOffset;
373 ULONG FileIndex;
374 ULONG FileNameLength;
375 WCHAR FileName[1];
376 } FILE_NAMES_INFORMATION, *PFILE_NAMES_INFORMATION;
377
378 typedef struct _FILE_DISPOSITION_INFORMATION // 13
379 {
380 BOOLEAN DeleteFile;
381 } FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
382
383 typedef struct _FILE_POSITION_INFORMATION // 14
384 {
385 LARGE_INTEGER CurrentByteOffset;
386 } FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
387
388 typedef struct _FILE_MODE_INFORMATION // 16
389 {
390 ULONG Mode;
391 } FILE_MODE_INFORMATION, *PFILE_MODE_INFORMATION;
392
393 typedef struct _FILE_ALIGNMENT_INFORMATION // 17
394 {
395 ULONG AlignmentRequirement;
396 } FILE_ALIGNMENT_INFORMATION;
397
398 typedef struct _FILE_ALL_INFORMATION { // 18
399 FILE_BASIC_INFORMATION BasicInformation;
400 FILE_STANDARD_INFORMATION StandardInformation;
401 FILE_INTERNAL_INFORMATION InternalInformation;
402 FILE_EA_INFORMATION EaInformation;
403 FILE_ACCESS_INFORMATION AccessInformation;
404 FILE_POSITION_INFORMATION PositionInformation;
405 FILE_MODE_INFORMATION ModeInformation;
406 FILE_ALIGNMENT_INFORMATION AlignmentInformation;
407 FILE_NAME_INFORMATION NameInformation;
408 } FILE_ALL_INFORMATION, *PFILE_ALL_INFORMATION;
409
410 typedef struct _FILE_ALLOCATION_INFORMATION // 19
411 {
412 LARGE_INTEGER AllocationSize;
413 } FILE_ALLOCATION_INFORMATION, *PFILE_ALLOCATION_INFORMATION;
414
415 typedef struct _FILE_END_OF_FILE_INFORMATION // 20
416 {
417 LARGE_INTEGER EndOfFile;
418 } FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
419
420 typedef struct _FILE_PIPE_INFORMATION // 23
421 {
422 ULONG ReadMode;
423 ULONG CompletionMode;
424 } FILE_PIPE_INFORMATION, *PFILE_PIPE_INFORMATION;
425
426 typedef struct _FILE_PIPE_LOCAL_INFORMATION // 24
427 {
428 ULONG NamedPipeType;
429 ULONG NamedPipeConfiguration;
430 ULONG MaximumInstances;
431 ULONG CurrentInstances;
432 ULONG InboundQuota;
433 ULONG ReadDataAvailable;
434 ULONG OutboundQuota;
435 ULONG WriteQuotaAvailable;
436 ULONG NamedPipeState;
437 ULONG NamedPipeEnd;
438 } FILE_PIPE_LOCAL_INFORMATION, *PFILE_PIPE_LOCAL_INFORMATION;
439
440 typedef struct _FILE_COMPRESSION_INFORMATION // 28
441 {
442 LARGE_INTEGER CompressedFileSize;
443 USHORT CompressionFormat;
444 UCHAR CompressionUnitShift;
445 UCHAR ChunkShift;
446 UCHAR ClusterShift;
447 UCHAR Reserved[3];
448 } FILE_COMPRESSION_INFORMATION, *PFILE_COMPRESSION_INFORMATION;
449
450 typedef struct _FILE_NETWORK_OPEN_INFORMATION // 34
451 {
452 LARGE_INTEGER CreationTime;
453 LARGE_INTEGER LastAccessTime;
454 LARGE_INTEGER LastWriteTime;
455 LARGE_INTEGER ChangeTime;
456 LARGE_INTEGER AllocationSize;
457 LARGE_INTEGER EndOfFile;
458 ULONG FileAttributes;
459 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
460
461 typedef struct _FILE_ID_BOTH_DIR_INFORMATION // 37
462 {
463 ULONG NextEntryOffset;
464 ULONG FileIndex;
465 LARGE_INTEGER CreationTime;
466 LARGE_INTEGER LastAccessTime;
467 LARGE_INTEGER LastWriteTime;
468 LARGE_INTEGER ChangeTime;
469 LARGE_INTEGER EndOfFile;
470 LARGE_INTEGER AllocationSize;
471 ULONG FileAttributes;
472 ULONG FileNameLength;
473 ULONG EaSize;
474 CCHAR ShortNameLength;
475 WCHAR ShortName[12];
476 LARGE_INTEGER FileId;
477 WCHAR FileName[1];
478 } FILE_ID_BOTH_DIR_INFORMATION, *PFILE_ID_BOTH_DIR_INFORMATION;
479
480 typedef struct _FILE_PROCESS_IDS_USING_FILE_INFORMATION // 47
481 {
482 ULONG NumberOfProcessIdsInList;
483 ULONG_PTR ProcessIdList[1];
484 } FILE_PROCESS_IDS_USING_FILE_INFORMATION,
485 *PFILE_PROCESS_IDS_USING_FILE_INFORMATION;
486
487 typedef struct _FILE_DISPOSITION_INFORMATION_EX // 64
488 {
489 ULONG Flags;
490 } FILE_DISPOSITION_INFORMATION_EX, *PFILE_DISPOSITION_INFORMATION_EX;
491
492 typedef struct _FILE_STAT_INFORMATION // 68
493 {
494 LARGE_INTEGER FileId;
495 LARGE_INTEGER CreationTime;
496 LARGE_INTEGER LastAccessTime;
497 LARGE_INTEGER LastWriteTime;
498 LARGE_INTEGER ChangeTime;
499 LARGE_INTEGER AllocationSize;
500 LARGE_INTEGER EndOfFile;
501 ULONG FileAttributes;
502 ULONG ReparseTag;
503 ULONG NumberOfLinks;
504 ACCESS_MASK EffectiveAccess;
505 } FILE_STAT_INFORMATION, *PFILE_STAT_INFORMATION;
506
507 typedef struct _FILE_CASE_SENSITIVE_INFORMATION // 71
508 {
509 ULONG Flags;
510 } FILE_CASE_SENSITIVE_INFORMATION, *PFILE_CASE_SENSITIVE_INFORMATION;
511
512 enum {
513 FILE_LINK_REPLACE_IF_EXISTS = 0x01,
514 FILE_LINK_POSIX_SEMANTICS = 0x02,
515 FILE_LINK_SUPPRESS_STORAGE_RESERVE_INHERITANCE = 0x08,
516 FILE_LINK_NO_INCREASE_AVAILABLE_SPACE = 0x10,
517 FILE_LINK_NO_DECREASE_AVAILABLE_SPACE = 0x20,
518 FILE_LINK_PRESERVE_AVAILABLE_SPACE = 0x30,
519 FILE_LINK_IGNORE_READONLY_ATTRIBUTE = 0x40
520 };
521
522 enum {
523 FILE_DISPOSITION_DO_NOT_DELETE = 0x00,
524 FILE_DISPOSITION_DELETE = 0x01,
525 FILE_DISPOSITION_POSIX_SEMANTICS = 0x02,
526 FILE_DISPOSITION_FORCE_IMAGE_SECTION_CHECK = 0x04,
527 FILE_DISPOSITION_ON_CLOSE = 0x08,
528 FILE_DISPOSITION_IGNORE_READONLY_ATTRIBUTE = 0x10,
529 };
530
531 enum
532 {
533 FILE_RENAME_REPLACE_IF_EXISTS = 0x01,
534 FILE_RENAME_POSIX_SEMANTICS = 0x02,
535 FILE_RENAME_SUPPRESS_PIN_STATE_INHERITANCE = 0x04,
536 FILE_RENAME_SUPPRESS_STORAGE_RESERVE_INHERITANCE = 0x08,
537 FILE_RENAME_NO_INCREASE_AVAILABLE_SPACE = 0x10,
538 FILE_RENAME_NO_DECREASE_AVAILABLE_SPACE = 0x20,
539 FILE_RENAME_PRESERVE_AVAILABLE_SPACE = 0x30,
540 FILE_RENAME_IGNORE_READONLY_ATTRIBUTE = 0x40
541 };
542
543 #if (__MINGW64_VERSION_MAJOR < 11)
544 enum
545 {
546 FILE_CS_FLAG_CASE_SENSITIVE_DIR = 0x01
547 };
548 #endif
549
550 enum
551 {
552 FILE_PIPE_QUEUE_OPERATION = 0,
553 FILE_PIPE_COMPLETE_OPERATION = 1
554 };
555
556 enum
557 {
558 FILE_PIPE_BYTE_STREAM_MODE = 0,
559 FILE_PIPE_MESSAGE_MODE = 1
560 };
561
562 enum
563 {
564 FILE_PIPE_DISCONNECTED_STATE = 1,
565 FILE_PIPE_LISTENING_STATE = 2,
566 FILE_PIPE_CONNECTED_STATE = 3,
567 FILE_PIPE_CLOSING_STATE = 4
568 };
569
570 enum
571 {
572 FILE_PIPE_INBOUND = 0,
573 FILE_PIPE_OUTBOUND = 1,
574 FILE_PIPE_FULL_DUPLEX = 2
575 };
576
577 enum
578 {
579 FILE_PIPE_CLIENT_END = 0,
580 FILE_PIPE_SERVER_END = 1
581 };
582
583 enum
584 {
585 FILE_PIPE_BYTE_STREAM_TYPE = 0,
586 FILE_PIPE_MESSAGE_TYPE = 1,
587 FILE_PIPE_REJECT_REMOTE_CLIENTS = 2
588 };
589
590 typedef struct _FILE_PIPE_PEEK_BUFFER {
591 ULONG NamedPipeState;
592 ULONG ReadDataAvailable;
593 ULONG NumberOfMessages;
594 ULONG MessageLength;
595 CHAR Data[1];
596 } FILE_PIPE_PEEK_BUFFER, *PFILE_PIPE_PEEK_BUFFER;
597
598 typedef struct _FILE_PIPE_WAIT_FOR_BUFFER {
599 LARGE_INTEGER Timeout;
600 ULONG NameLength;
601 BOOLEAN TimeoutSpecified;
602 WCHAR Name[1];
603 } FILE_PIPE_WAIT_FOR_BUFFER, *PFILE_PIPE_WAIT_FOR_BUFFER;
604
605 typedef enum _SYSTEM_INFORMATION_CLASS
606 {
607 SystemBasicInformation = 0,
608 SystemPerformanceInformation = 2,
609 SystemTimeOfDayInformation = 3,
610 SystemProcessInformation = 5,
611 SystemProcessorPerformanceInformation = 8,
612 SystemHandleInformation = 16,
613 SystemPagefileInformation = 18,
614 SystemProcessIdInformation = 0x58,
615 /* There are a lot more of these... */
616 } SYSTEM_INFORMATION_CLASS;
617
618 typedef struct _SYSTEM_BASIC_INFORMATION
619 {
620 ULONG Unknown;
621 ULONG MaximumIncrement;
622 ULONG PhysicalPageSize;
623 ULONG NumberOfPhysicalPages;
624 ULONG LowestPhysicalPage;
625 ULONG HighestPhysicalPage;
626 ULONG AllocationGranularity;
627 ULONG_PTR LowestUserAddress;
628 ULONG_PTR HighestUserAddress;
629 ULONG_PTR ActiveProcessors;
630 UCHAR NumberProcessors;
631 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
632
633 typedef struct _SYSTEM_PAGEFILE_INFORMATION
634 {
635 ULONG NextEntryOffset;
636 ULONG CurrentSize;
637 ULONG TotalUsed;
638 ULONG PeakUsed;
639 UNICODE_STRING FileName;
640 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
641
642 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION
643 {
644 LARGE_INTEGER IdleTime;
645 LARGE_INTEGER KernelTime;
646 LARGE_INTEGER UserTime;
647 LARGE_INTEGER DpcTime;
648 LARGE_INTEGER InterruptTime;
649 ULONG InterruptCount;
650 } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
651
652 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO
653 {
654 USHORT UniqueProcessId;
655 USHORT CreatorBackTraceIndex;
656 UCHAR ObjectTypeIndex;
657 UCHAR HandleAttributes;
658 USHORT HandleValue;
659 PVOID Object;
660 ULONG GrantedAccess;
661 } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
662
663 typedef struct _SYSTEM_HANDLE_INFORMATION
664 {
665 ULONG NumberOfHandles;
666 SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1];
667 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
668
669 typedef LONG KPRIORITY;
670
671 typedef struct _VM_COUNTERS
672 {
673 SIZE_T PeakVirtualSize;
674 SIZE_T VirtualSize;
675 ULONG PageFaultCount;
676 SIZE_T PeakWorkingSetSize;
677 SIZE_T WorkingSetSize;
678 SIZE_T QuotaPeakPagedPoolUsage;
679 SIZE_T QuotaPagedPoolUsage;
680 SIZE_T QuotaPeakNonPagedPoolUsage;
681 SIZE_T QuotaNonPagedPoolUsage;
682 SIZE_T PagefileUsage;
683 SIZE_T PeakPagefileUsage;
684 } VM_COUNTERS, *PVM_COUNTERS;
685
686 typedef struct _CLIENT_ID
687 {
688 HANDLE UniqueProcess;
689 HANDLE UniqueThread;
690 } CLIENT_ID, *PCLIENT_ID;
691
692 typedef enum
693 {
694 StateInitialized,
695 StateReady,
696 StateRunning,
697 StateStandby,
698 StateTerminated,
699 StateWait,
700 StateTransition,
701 StateUnknown,
702 } THREAD_STATE;
703
704 typedef enum
705 {
706 Executive,
707 FreePage,
708 PageIn,
709 PoolAllocation,
710 DelayExecution,
711 Suspended,
712 UserRequest,
713 WrExecutive,
714 WrFreePage,
715 WrPageIn,
716 WrPoolAllocation,
717 WrDelayExecution,
718 WrSuspended,
719 WrUserRequest,
720 WrEventPair,
721 WrQueue,
722 WrLpcReceive,
723 WrLpcReply,
724 WrVirtualMemory,
725 WrPageOut,
726 WrRendezvous,
727 Spare2,
728 Spare3,
729 Spare4,
730 Spare5,
731 Spare6,
732 WrKernel,
733 MaximumWaitReason
734 } KWAIT_REASON;
735
736 typedef struct _SYSTEM_THREADS
737 {
738 LARGE_INTEGER KernelTime;
739 LARGE_INTEGER UserTime;
740 LARGE_INTEGER CreateTime;
741 ULONG WaitTime;
742 PVOID StartAddress;
743 CLIENT_ID ClientId;
744 KPRIORITY Priority;
745 KPRIORITY BasePriority;
746 ULONG ContextSwitchCount;
747 THREAD_STATE State;
748 KWAIT_REASON WaitReason;
749 DWORD Reserved;
750 } SYSTEM_THREADS, *PSYSTEM_THREADS;
751
752 typedef struct _SYSTEM_PROCESS_INFORMATION
753 {
754 ULONG NextEntryOffset;
755 ULONG NumberOfThreads;
756 ULONG Reserved1[6];
757 LARGE_INTEGER CreateTime;
758 LARGE_INTEGER UserTime;
759 LARGE_INTEGER KernelTime;
760 UNICODE_STRING ImageName;
761 KPRIORITY BasePriority;
762 HANDLE UniqueProcessId;
763 HANDLE InheritedFromUniqueProcessId;
764 ULONG HandleCount;
765 ULONG SessionId;
766 ULONG PageDirectoryBase;
767 VM_COUNTERS VirtualMemoryCounters;
768 SIZE_T PrivatePageCount;
769 IO_COUNTERS IoCounters;
770 SYSTEM_THREADS Threads[1];
771 } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
772
773 typedef struct _SYSTEM_PERFORMANCE_INFORMATION
774 {
775 LARGE_INTEGER IdleTime;
776 LARGE_INTEGER ReadTransferCount;
777 LARGE_INTEGER WriteTransferCount;
778 LARGE_INTEGER OtherTransferCount;
779 ULONG ReadOperationCount;
780 ULONG WriteOperationCount;
781 ULONG OtherOperationCount;
782 ULONG AvailablePages;
783 ULONG TotalCommittedPages;
784 ULONG TotalCommitLimit;
785 ULONG PeakCommitment;
786 ULONG PageFaults;
787 ULONG WriteCopyFaults;
788 ULONG TransitionFaults;
789 ULONG Reserved1;
790 ULONG DemandZeroFaults;
791 ULONG PagesRead;
792 ULONG PageReadIos;
793 ULONG Reserved2[2];
794 ULONG PagefilePagesWritten;
795 ULONG PagefilePageWriteIos;
796 ULONG MappedFilePagesWritten;
797 ULONG MappedFilePageWriteIos;
798 ULONG PagedPoolUsage;
799 ULONG NonPagedPoolUsage;
800 ULONG PagedPoolAllocs;
801 ULONG PagedPoolFrees;
802 ULONG NonPagedPoolAllocs;
803 ULONG NonPagedPoolFrees;
804 ULONG TotalFreeSystemPtes;
805 ULONG SystemCodePage;
806 ULONG TotalSystemDriverPages;
807 ULONG TotalSystemCodePages;
808 ULONG SmallNonPagedLookasideListAllocateHits;
809 ULONG SmallPagedLookasideListAllocateHits;
810 ULONG Reserved3;
811 ULONG MmSystemCachePage;
812 ULONG PagedPoolPage;
813 ULONG SystemDriverPage;
814 ULONG FastReadNoWait;
815 ULONG FastReadWait;
816 ULONG FastReadResourceMiss;
817 ULONG FastReadNotPossible;
818 ULONG FastMdlReadNoWait;
819 ULONG FastMdlReadWait;
820 ULONG FastMdlReadResourceMiss;
821 ULONG FastMdlReadNotPossible;
822 ULONG MapDataNoWait;
823 ULONG MapDataWait;
824 ULONG MapDataNoWaitMiss;
825 ULONG MapDataWaitMiss;
826 ULONG PinMappedDataCount;
827 ULONG PinReadNoWait;
828 ULONG PinReadWait;
829 ULONG PinReadNoWaitMiss;
830 ULONG PinReadWaitMiss;
831 ULONG CopyReadNoWait;
832 ULONG CopyReadWait;
833 ULONG CopyReadNoWaitMiss;
834 ULONG CopyReadWaitMiss;
835 ULONG MdlReadNoWait;
836 ULONG MdlReadWait;
837 ULONG MdlReadNoWaitMiss;
838 ULONG MdlReadWaitMiss;
839 ULONG ReadAheadIos;
840 ULONG LazyWriteIos;
841 ULONG LazyWritePages;
842 ULONG DataFlushes;
843 ULONG DataPages;
844 ULONG ContextSwitches;
845 ULONG FirstLevelTbFills;
846 ULONG SecondLevelTbFills;
847 ULONG SystemCalls;
848 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
849
850 typedef struct _SYSTEM_TIMEOFDAY_INFORMATION
851 {
852 LARGE_INTEGER BootTime;
853 LARGE_INTEGER CurrentTime;
854 LARGE_INTEGER TimeZoneBias;
855 ULONG CurrentTimeZoneId;
856 BYTE Reserved1[20]; /* Per MSDN. Always 0. */
857 } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
858
859 typedef struct _SYSTEM_PROCESS_ID_INFORMATION
860 {
861 PVOID ProcessId;
862 UNICODE_STRING ImageName;
863 } SYSTEM_PROCESS_ID_INFORMATION, *PSYSTEM_PROCESS_ID_INFORMATION;
864
865 typedef enum _PROCESSINFOCLASS
866 {
867 ProcessBasicInformation = 0,
868 ProcessQuotaLimits = 1,
869 ProcessVmCounters = 3,
870 ProcessTimes = 4,
871 ProcessSessionInformation = 24,
872 ProcessWow64Information = 26,
873 ProcessImageFileName = 27,
874 ProcessDebugFlags = 31,
875 ProcessHandleInformation = 51 /* Since Win8 */
876 } PROCESSINFOCLASS;
877
878 typedef struct _PROCESS_HANDLE_TABLE_ENTRY_INFO
879 {
880 HANDLE HandleValue;
881 ULONG_PTR HandleCount;
882 ULONG_PTR PointerCount;
883 ULONG GrantedAccess;
884 ULONG ObjectTypeIndex;
885 ULONG HandleAttributes;
886 ULONG Reserved;
887 } PROCESS_HANDLE_TABLE_ENTRY_INFO, *PPROCESS_HANDLE_TABLE_ENTRY_INFO;
888
889 typedef struct _PROCESS_HANDLE_SNAPSHOT_INFORMATION
890 {
891 ULONG_PTR NumberOfHandles;
892 ULONG_PTR Reserved;
893 PROCESS_HANDLE_TABLE_ENTRY_INFO Handles[1];
894 } PROCESS_HANDLE_SNAPSHOT_INFORMATION, *PPROCESS_HANDLE_SNAPSHOT_INFORMATION;
895
896 typedef struct _DEBUG_BUFFER
897 {
898 HANDLE SectionHandle;
899 PVOID SectionBase;
900 PVOID RemoteSectionBase;
901 ULONG_PTR SectionBaseDelta;
902 HANDLE EventPairHandle;
903 ULONG_PTR Unknown[2];
904 HANDLE RemoteThreadHandle;
905 ULONG InfoClassMask;
906 ULONG_PTR SizeOfInfo;
907 ULONG_PTR AllocatedSize;
908 ULONG_PTR SectionSize;
909 PVOID ModuleInformation;
910 PVOID BackTraceInformation;
911 PVOID HeapInformation;
912 PVOID LockInformation;
913 PVOID Reserved[8];
914 } DEBUG_BUFFER, *PDEBUG_BUFFER;
915
916 typedef struct _DEBUG_HEAP_INFORMATION
917 {
918 ULONG_PTR Base;
919 ULONG Flags;
920 USHORT Granularity;
921 USHORT Unknown;
922 ULONG_PTR Allocated;
923 ULONG_PTR Committed;
924 ULONG TagCount;
925 ULONG BlockCount;
926 ULONG Reserved[7];
927 PVOID Tags;
928 PVOID Blocks;
929 } DEBUG_HEAP_INFORMATION, *PDEBUG_HEAP_INFORMATION;
930
931 typedef struct _DEBUG_HEAP_ARRAY
932 {
933 ULONG Count;
934 DEBUG_HEAP_INFORMATION Heaps[1];
935 } DEBUG_HEAP_ARRAY, *PDEBUG_HEAP_ARRAY;
936
937 typedef struct _DEBUG_HEAP_BLOCK
938 {
939 ULONG_PTR Size;
940 ULONG Flags;
941 ULONG_PTR Committed;
942 ULONG_PTR Address;
943 } DEBUG_HEAP_BLOCK, *PDEBUG_HEAP_BLOCK;
944
945 typedef struct _DEBUG_MODULE_INFORMATION
946 {
947 ULONG_PTR Reserved[2];
948 ULONG_PTR Base;
949 ULONG Size;
950 ULONG Flags;
951 USHORT Index;
952 USHORT Unknown;
953 USHORT LoadCount;
954 USHORT ModuleNameOffset;
955 CHAR ImageName[256];
956 } DEBUG_MODULE_INFORMATION, *PDEBUG_MODULE_INFORMATION;
957
958 typedef struct _DEBUG_MODULE_ARRAY
959 {
960 ULONG Count;
961 DEBUG_MODULE_INFORMATION Modules[1];
962 } DEBUG_MODULE_ARRAY, *PDEBUG_MODULE_ARRAY;
963
964 typedef struct _KERNEL_USER_TIMES
965 {
966 LARGE_INTEGER CreateTime;
967 LARGE_INTEGER ExitTime;
968 LARGE_INTEGER KernelTime;
969 LARGE_INTEGER UserTime;
970 } KERNEL_USER_TIMES, *PKERNEL_USER_TIMES;
971
972 typedef struct _LDR_DATA_TABLE_ENTRY
973 {
974 /* Heads up! The pointers within the LIST_ENTRYs don't point to the
975 start of the next LDR_DATA_TABLE_ENTRY, but rather they point to the
976 start of their respective LIST_ENTRY *within* LDR_DATA_TABLE_ENTRY. */
977 LIST_ENTRY InLoadOrderLinks;
978 LIST_ENTRY InMemoryOrderLinks;
979 LIST_ENTRY InInitializationOrderLinks;
980 PVOID DllBase;
981 PVOID EntryPoint;
982 ULONG SizeOfImage;
983 UNICODE_STRING FullDllName;
984 UNICODE_STRING BaseDllName;
985 ULONG Flags;
986 USHORT LoadCount;
987 /* More follows. Left out since it's just not used. The aforementioned
988 part of the structure is stable from at least NT4 up to Windows 11. */
989 } LDR_DATA_TABLE_ENTRY, *PLDR_DATA_TABLE_ENTRY;
990
991 typedef struct _PEB_LDR_DATA
992 {
993 ULONG Length;
994 BOOLEAN Initialized;
995 PVOID SsHandle;
996 /* Heads up! The pointers within the LIST_ENTRYs don't point to the
997 start of the next LDR_DATA_TABLE_ENTRY, but rather they point to the
998 start of their respective LIST_ENTRY *within* LDR_DATA_TABLE_ENTRY. */
999 LIST_ENTRY InLoadOrderModuleList;
1000 LIST_ENTRY InMemoryOrderModuleList;
1001 LIST_ENTRY InInitializationOrderModuleList;
1002 PVOID EntryInProgress;
1003 } PEB_LDR_DATA, *PPEB_LDR_DATA;
1004
1005 typedef struct _RTL_USER_PROCESS_PARAMETERS
1006 {
1007 ULONG AllocationSize;
1008 ULONG Size;
1009 ULONG Flags;
1010 ULONG DebugFlags;
1011 HANDLE hConsole;
1012 ULONG ProcessGroup;
1013 HANDLE hStdInput;
1014 HANDLE hStdOutput;
1015 HANDLE hStdError;
1016 UNICODE_STRING CurrentDirectoryName;
1017 HANDLE CurrentDirectoryHandle;
1018 UNICODE_STRING DllPath;
1019 UNICODE_STRING ImagePathName;
1020 UNICODE_STRING CommandLine;
1021 PWSTR Environment;
1022 ULONG dwX;
1023 ULONG dwY;
1024 ULONG dwXSize;
1025 ULONG dwYSize;
1026 ULONG dwXCountChars;
1027 ULONG dwYCountChars;
1028 ULONG dwFillAttribute;
1029 ULONG dwFlags;
1030 ULONG wShowWindow;
1031 UNICODE_STRING WindowTitle;
1032 UNICODE_STRING DesktopInfo;
1033 UNICODE_STRING ShellInfo;
1034 UNICODE_STRING RuntimeInfo;
1035 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS;
1036
1037 typedef struct _PEB
1038 {
1039 BYTE Reserved1[2];
1040 BYTE BeingDebugged;
1041 BYTE Reserved2[1];
1042 PVOID Reserved3[2];
1043 PPEB_LDR_DATA Ldr;
1044 PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
1045 PVOID Reserved4;
1046 PVOID ProcessHeap;
1047 PRTL_CRITICAL_SECTION FastPebLock;
1048 PVOID Reserved5[2];
1049 ULONG EnvironmentUpdateCount;
1050 BYTE Reserved6[228];
1051 PVOID Reserved7[49];
1052 ULONG SessionId;
1053 /* A lot more follows... */
1054 } PEB, *PPEB;
1055
1056 typedef struct _GDI_TEB_BATCH
1057 {
1058 ULONG Offset;
1059 HANDLE HDC;
1060 ULONG Buffer[0x136];
1061 } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
1062
1063 typedef struct _TEB
1064 {
1065 NT_TIB Tib;
1066 PVOID EnvironmentPointer;
1067 CLIENT_ID ClientId;
1068 PVOID ActiveRpcHandle;
1069 PVOID ThreadLocalStoragePointer;
1070 PPEB Peb;
1071 ULONG LastErrorValue;
1072 ULONG CountOfOwnedCriticalSections;
1073 PVOID CsrClientThread;
1074 PVOID Win32ThreadInfo;
1075 ULONG User32Reserved[26];
1076 ULONG UserReserved[5];
1077 PVOID WOW32Reserved;
1078 LCID CurrentLocale;
1079 ULONG FpSoftwareStatusRegister;
1080 PVOID SystemReserved1[54];
1081 LONG ExceptionCode;
1082 PVOID ActivationContextStackPointer;
1083 UCHAR SpareBytes1[0x30 - 3 * sizeof(PVOID)];
1084 ULONG TxFsContext;
1085 GDI_TEB_BATCH GdiTebBatch;
1086 CLIENT_ID RealClientId;
1087 PVOID GdiCachedProcessHandle;
1088 ULONG GdiClientPID;
1089 ULONG GdiClientTID;
1090 PVOID GdiThreadLocalInfo;
1091 SIZE_T Win32ClientInfo[62];
1092 PVOID glDispatchTable[233];
1093 SIZE_T glReserved1[29];
1094 PVOID glReserved2;
1095 PVOID glSectionInfo;
1096 PVOID glSection;
1097 PVOID glTable;
1098 PVOID glCurrentRC;
1099 PVOID glContext;
1100 ULONG LastStatusValue;
1101 UNICODE_STRING StaticUnicodeString;
1102 WCHAR StaticUnicodeBuffer[261];
1103 PVOID DeallocationStack;
1104 PVOID TlsSlots[64];
1105 BYTE Reserved3[8];
1106 PVOID Reserved4[26];
1107 PVOID ReservedForOle;
1108 PVOID Reserved5[4];
1109 PVOID TlsExpansionSlots;
1110 /* A lot more follows... */
1111 } TEB, *PTEB;
1112
1113 typedef struct _KSYSTEM_TIME
1114 {
1115 ULONG LowPart;
1116 LONG High1Time;
1117 LONG High2Time;
1118 } KSYSTEM_TIME, *PKSYSTEM_TIME;
1119
1120 typedef struct _KUSER_SHARED_DATA
1121 {
1122 BYTE Reserved1[0x08];
1123 KSYSTEM_TIME InterruptTime;
1124 BYTE Reserved2[0x2c8];
1125 ULONG DismountCount;
1126 BYTE Reserved3[0xd0];
1127 UINT64 InterruptTimeBias;
1128 } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
1129
1130 typedef struct _PROCESS_BASIC_INFORMATION
1131 {
1132 NTSTATUS ExitStatus;
1133 PPEB PebBaseAddress;
1134 KAFFINITY AffinityMask;
1135 KPRIORITY BasePriority;
1136 ULONG_PTR UniqueProcessId;
1137 ULONG_PTR InheritedFromUniqueProcessId;
1138 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
1139
1140 typedef struct _PROCESS_SESSION_INFORMATION
1141 {
1142 ULONG SessionId;
1143 } PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
1144
1145 typedef enum _MEMORY_INFORMATION_CLASS
1146 {
1147 MemoryBasicInformation,
1148 MemoryWorkingSetList,
1149 MemorySectionName,
1150 MemoryBasicVlmInformation
1151 } MEMORY_INFORMATION_CLASS;
1152
1153 typedef struct _MEMORY_WORKING_SET_LIST
1154 {
1155 ULONG NumberOfPages;
1156 ULONG_PTR WorkingSetList[1];
1157 } MEMORY_WORKING_SET_LIST, *PMEMORY_WORKING_SET_LIST;
1158
1159 typedef struct _MEMORY_SECTION_NAME
1160 {
1161 UNICODE_STRING SectionFileName;
1162 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
1163
1164 typedef struct _FILE_FS_DEVICE_INFORMATION
1165 {
1166 ULONG DeviceType;
1167 ULONG Characteristics;
1168 } FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
1169
1170 typedef struct _FILE_FS_ATTRIBUTE_INFORMATION
1171 {
1172 ULONG FileSystemAttributes;
1173 ULONG MaximumComponentNameLength;
1174 ULONG FileSystemNameLength;
1175 WCHAR FileSystemName[1];
1176 } FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
1177
1178 #pragma pack(push,4)
1179 typedef struct _FILE_FS_VOLUME_INFORMATION
1180 {
1181 LARGE_INTEGER VolumeCreationTime;
1182 ULONG VolumeSerialNumber;
1183 ULONG VolumeLabelLength;
1184 BOOLEAN SupportsObjects;
1185 BOOLEAN __dummy;
1186 WCHAR VolumeLabel[1];
1187 } FILE_FS_VOLUME_INFORMATION, *PFILE_FS_VOLUME_INFORMATION;
1188 #pragma pack(pop)
1189
1190 typedef struct _FILE_FS_SIZE_INFORMATION
1191 {
1192 LARGE_INTEGER TotalAllocationUnits;
1193 LARGE_INTEGER AvailableAllocationUnits;
1194 ULONG SectorsPerAllocationUnit;
1195 ULONG BytesPerSector;
1196 } FILE_FS_SIZE_INFORMATION, *PFILE_FS_SIZE_INFORMATION;
1197
1198 typedef struct _FILE_FS_CONTROL_INFORMATION {
1199 LARGE_INTEGER FreeSpaceStartFiltering;
1200 LARGE_INTEGER FreeSpaceThreshold;
1201 LARGE_INTEGER FreeSpaceStopFiltering;
1202 LARGE_INTEGER DefaultQuotaThreshold;
1203 LARGE_INTEGER DefaultQuotaLimit;
1204 ULONG FileSystemControlFlags;
1205 } FILE_FS_CONTROL_INFORMATION, *PFILE_FS_CONTROL_INFORMATION;
1206
1207 typedef struct _FILE_FS_FULL_SIZE_INFORMATION
1208 {
1209 LARGE_INTEGER TotalAllocationUnits;
1210 LARGE_INTEGER CallerAvailableAllocationUnits;
1211 LARGE_INTEGER ActualAvailableAllocationUnits;
1212 ULONG SectorsPerAllocationUnit;
1213 ULONG BytesPerSector;
1214 } FILE_FS_FULL_SIZE_INFORMATION, *PFILE_FS_FULL_SIZE_INFORMATION;
1215
1216 typedef struct _FILE_FS_OBJECTID_INFORMATION
1217 {
1218 UCHAR ObjectId[16];
1219 UCHAR ExtendedInfo[48];
1220 } FILE_FS_OBJECTID_INFORMATION, *PFILE_FS_OBJECTID_INFORMATION;
1221
1222 typedef struct _FILE_FS_SECTOR_SIZE_INFORMATION
1223 {
1224 ULONG LogicalBytesPerSector;
1225 ULONG PhysicalBytesPerSectorForAtomicity;
1226 ULONG PhysicalBytesPerSectorForPerformance;
1227 ULONG FileSystemEffectivePhysicalBytesPerSectorForAtomicity;
1228 ULONG Flags;
1229 ULONG ByteOffsetForSectorAlignment;
1230 ULONG ByteOffsetForPartitionAlignment;
1231 } FILE_FS_SECTOR_SIZE_INFORMATION, *PFILE_FS_SECTOR_SIZE_INFORMATION;
1232
1233 typedef struct _FILE_FS_VOLUME_FLAGS_INFORMATION {
1234 ULONG Flags;
1235 } FILE_FS_VOLUME_FLAGS_INFORMATION, *PFILE_FS_VOLUME_FLAGS_INFORMATION;
1236
1237 typedef enum _FSINFOCLASS {
1238 FileFsVolumeInformation = 1,
1239 FileFsLabelInformation,
1240 FileFsSizeInformation,
1241 FileFsDeviceInformation,
1242 FileFsAttributeInformation,
1243 FileFsControlInformation,
1244 FileFsFullSizeInformation,
1245 FileFsObjectIdInformation,
1246 FileFsDriverPathInformation,
1247 FileFsVolumeFlagsInformation,
1248 FileFsSectorSizeInformation,
1249 FileFsDataCopyInformation,
1250 FileFsMetadataSizeInformation,
1251 FileFsFullSizeInformationEx,
1252 FileFsMaximumInformation
1253 } FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
1254
1255 typedef enum _OBJECT_INFORMATION_CLASS
1256 {
1257 ObjectBasicInformation = 0,
1258 ObjectNameInformation = 1,
1259 ObjectHandleInformation = 4
1260 // and many more
1261 } OBJECT_INFORMATION_CLASS;
1262
1263 typedef struct _OBJECT_BASIC_INFORMATION
1264 {
1265 ULONG Attributes;
1266 ACCESS_MASK GrantedAccess;
1267 ULONG HandleCount;
1268 ULONG PointerCount;
1269 ULONG PagedPoolUsage;
1270 ULONG NonPagedPoolUsage;
1271 ULONG Reserved[3];
1272 ULONG NameInformationLength;
1273 ULONG TypeInformationLength;
1274 ULONG SecurityDescriptorLength;
1275 LARGE_INTEGER CreateTime;
1276 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
1277
1278 typedef struct _OBJECT_NAME_INFORMATION
1279 {
1280 UNICODE_STRING Name;
1281 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
1282
1283 typedef struct _DIRECTORY_BASIC_INFORMATION
1284 {
1285 UNICODE_STRING ObjectName;
1286 UNICODE_STRING ObjectTypeName;
1287 } DIRECTORY_BASIC_INFORMATION, *PDIRECTORY_BASIC_INFORMATION;
1288
1289 typedef struct _FILE_GET_QUOTA_INFORMATION {
1290 ULONG NextEntryOffset;
1291 ULONG SidLength;
1292 SID Sid;
1293 } FILE_GET_QUOTA_INFORMATION, *PFILE_GET_QUOTA_INFORMATION;
1294
1295 typedef struct _FILE_QUOTA_INFORMATION {
1296 ULONG NextEntryOffset;
1297 ULONG SidLength;
1298 LARGE_INTEGER ChangeTime;
1299 LARGE_INTEGER QuotaUsed;
1300 LARGE_INTEGER QuotaThreshold;
1301 LARGE_INTEGER QuotaLimit;
1302 SID Sid;
1303 } FILE_QUOTA_INFORMATION, *PFILE_QUOTA_INFORMATION;
1304
1305 typedef struct _FILE_GET_EA_INFORMATION
1306 {
1307 ULONG NextEntryOffset;
1308 UCHAR EaNameLength;
1309 CHAR EaName[1];
1310 } FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
1311
1312 typedef struct _FILE_FULL_EA_INFORMATION
1313 {
1314 ULONG NextEntryOffset;
1315 UCHAR Flags;
1316 UCHAR EaNameLength;
1317 USHORT EaValueLength;
1318 CHAR EaName[1];
1319 } FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
1320
1321 typedef struct _FILE_MAILSLOT_SET_INFORMATION
1322 {
1323 LARGE_INTEGER ReadTimeout;
1324 } FILE_MAILSLOT_SET_INFORMATION, *PFILE_MAILSLOT_SET_INFORMATION;
1325
1326 typedef struct _IO_STATUS_BLOCK
1327 {
1328 union {
1329 NTSTATUS Status;
1330 PVOID Pointer;
1331 };
1332 ULONG_PTR Information;
1333 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
1334
1335 typedef VOID (*PIO_APC_ROUTINE)(PVOID, PIO_STATUS_BLOCK, ULONG);
1336
1337 typedef struct _EVENT_BASIC_INFORMATION
1338 {
1339 EVENT_TYPE EventType;
1340 LONG SignalState;
1341 } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
1342
1343 typedef enum _EVENT_INFORMATION_CLASS
1344 {
1345 EventBasicInformation = 0
1346 } EVENT_INFORMATION_CLASS, *PEVENT_INFORMATION_CLASS;
1347
1348 typedef struct _SEMAPHORE_BASIC_INFORMATION
1349 {
1350 LONG CurrentCount;
1351 LONG MaximumCount;
1352 } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
1353
1354 typedef enum _SEMAPHORE_INFORMATION_CLASS
1355 {
1356 SemaphoreBasicInformation = 0
1357 } SEMAPHORE_INFORMATION_CLASS, *PSEMAPHORE_INFORMATION_CLASS;
1358
1359 typedef enum _THREADINFOCLASS
1360 {
1361 ThreadBasicInformation = 0,
1362 ThreadTimes = 1,
1363 ThreadImpersonationToken = 5,
1364 ThreadQuerySetWin32StartAddress = 9
1365 } THREADINFOCLASS, *PTHREADINFOCLASS;
1366
1367 typedef struct _THREAD_BASIC_INFORMATION
1368 {
1369 NTSTATUS ExitStatus;
1370 PNT_TIB TebBaseAddress;
1371 CLIENT_ID ClientId;
1372 KAFFINITY AffinityMask;
1373 KPRIORITY Priority;
1374 KPRIORITY BasePriority;
1375 } THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
1376
1377 typedef enum _TIMER_INFORMATION_CLASS {
1378 TimerBasicInformation = 0
1379 } TIMER_INFORMATION_CLASS, *PTIMER_INFORMATION_CLASS;
1380
1381 typedef struct _TIMER_BASIC_INFORMATION {
1382 LARGE_INTEGER TimeRemaining;
1383 BOOLEAN SignalState;
1384 } TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
1385
1386 typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE)
1387 (PWSTR, ULONG, PVOID, ULONG, PVOID, PVOID);
1388
1389 typedef struct _RTL_QUERY_REGISTRY_TABLE
1390 {
1391 PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
1392 ULONG Flags;
1393 PCWSTR Name;
1394 PVOID EntryContext;
1395 ULONG DefaultType;
1396 PVOID DefaultData;
1397 ULONG DefaultLength;
1398 } RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
1399
1400 typedef enum _KEY_VALUE_INFORMATION_CLASS
1401 {
1402 KeyValueBasicInformation = 0,
1403 KeyValueFullInformation,
1404 KeyValuePartialInformation
1405 } KEY_VALUE_INFORMATION_CLASS, *PKEY_VALUE_INFORMATION_CLASS;
1406
1407 typedef struct _KEY_VALUE_PARTIAL_INFORMATION
1408 {
1409 ULONG TitleIndex;
1410 ULONG Type;
1411 ULONG DataLength;
1412 UCHAR Data[1];
1413 } KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
1414
1415 typedef enum _SECTION_INHERIT
1416 {
1417 ViewShare = 1,
1418 ViewUnmap = 2
1419 } SECTION_INHERIT;
1420
1421 typedef VOID (APIENTRY *PTIMER_APC_ROUTINE)(PVOID, ULONG, ULONG);
1422
1423 typedef struct _SCOPE_TABLE
1424 {
1425 ULONG Count;
1426 struct
1427 {
1428 ULONG BeginAddress;
1429 ULONG EndAddress;
1430 ULONG HandlerAddress;
1431 ULONG JumpTarget;
1432 } ScopeRecord[1];
1433 } SCOPE_TABLE, *PSCOPE_TABLE;
1434
1435 #ifdef __cplusplus
1436 /* This is the mapping of the KUSER_SHARED_DATA structure into the user
1437 address space on BOTH architectures, 32 and 64 bit!
1438 We need it here to access the current DismountCount and InterruptTime. */
1439 static volatile KUSER_SHARED_DATA &SharedUserData
1440 = *(volatile KUSER_SHARED_DATA *) 0x7ffe0000;
1441
1442 /* Function declarations for ntdll.dll. These don't appear in any
1443 standard Win32 header. */
1444
1445 extern "C"
1446 {
1447 #endif
1448 NTSTATUS NtAccessCheck (PSECURITY_DESCRIPTOR, HANDLE, ACCESS_MASK,
1449 PGENERIC_MAPPING, PPRIVILEGE_SET, PULONG,
1450 PACCESS_MASK, PNTSTATUS);
1451 NTSTATUS NtAdjustPrivilegesToken (HANDLE, BOOLEAN, PTOKEN_PRIVILEGES, ULONG,
1452 PTOKEN_PRIVILEGES, PULONG);
1453 NTSTATUS NtAllocateLocallyUniqueId (PLUID);
1454 NTSTATUS NtAssignProcessToJobObject (HANDLE, HANDLE);
1455 NTSTATUS NtCancelTimer (HANDLE, PBOOLEAN);
1456 NTSTATUS NtClose (HANDLE);
1457 NTSTATUS NtCommitTransaction (HANDLE, BOOLEAN);
1458 NTSTATUS NtCreateDirectoryObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1459 NTSTATUS NtCreateEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, EVENT_TYPE,
1460 BOOLEAN);
1461 NTSTATUS NtCreateFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
1462 PIO_STATUS_BLOCK, PLARGE_INTEGER, ULONG, ULONG, ULONG,
1463 ULONG, PVOID, ULONG);
1464 NTSTATUS NtCreateJobObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1465 NTSTATUS NtCreateKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, ULONG,
1466 PUNICODE_STRING, ULONG, PULONG);
1467 NTSTATUS NtCreateMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN);
1468 NTSTATUS NtCreateNamedPipeFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
1469 PIO_STATUS_BLOCK, ULONG, ULONG, ULONG, ULONG,
1470 ULONG, ULONG, ULONG, ULONG, ULONG,
1471 PLARGE_INTEGER);
1472 NTSTATUS NtCreateSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
1473 PLARGE_INTEGER, ULONG, ULONG, HANDLE);
1474 NTSTATUS NtCreateSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, LONG,
1475 LONG);
1476 NTSTATUS NtCreateSymbolicLinkObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
1477 PUNICODE_STRING);
1478 NTSTATUS NtCreateTimer (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, TIMER_TYPE);
1479 NTSTATUS NtCreateTransaction (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
1480 LPGUID, HANDLE, ULONG, ULONG, ULONG,
1481 PLARGE_INTEGER, PUNICODE_STRING);
1482 NTSTATUS NtDuplicateToken (HANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES, BOOLEAN,
1483 TOKEN_TYPE, PHANDLE);
1484 NTSTATUS NtFsControlFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
1485 PIO_STATUS_BLOCK, ULONG, PVOID, ULONG, PVOID,
1486 ULONG);
1487 NTSTATUS NtFlushBuffersFile (HANDLE, PIO_STATUS_BLOCK);
1488 NTSTATUS NtLockFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK,
1489 PLARGE_INTEGER, PLARGE_INTEGER, ULONG, BOOLEAN, BOOLEAN);
1490 NTSTATUS NtLockVirtualMemory (HANDLE, PVOID *, PSIZE_T, ULONG);
1491 NTSTATUS NtMapViewOfSection (HANDLE, HANDLE, PVOID *, ULONG_PTR, SIZE_T,
1492 PLARGE_INTEGER, PSIZE_T, SECTION_INHERIT, ULONG,
1493 ULONG);
1494 NTSTATUS NtMapViewOfSectionEx (HANDLE, HANDLE, PVOID *, PLARGE_INTEGER,
1495 PSIZE_T, ULONG, ULONG, PMEM_EXTENDED_PARAMETER,
1496 ULONG);
1497 NTSTATUS NtOpenDirectoryObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1498 NTSTATUS NtOpenEvent (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1499 NTSTATUS NtOpenFile (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES,
1500 PIO_STATUS_BLOCK, ULONG, ULONG);
1501 NTSTATUS NtOpenJobObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1502 NTSTATUS NtOpenKey (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1503 NTSTATUS NtOpenMutant (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1504 NTSTATUS NtOpenProcessToken (HANDLE, ACCESS_MASK, PHANDLE);
1505 NTSTATUS NtOpenThreadToken (HANDLE, ACCESS_MASK, BOOLEAN, PHANDLE);
1506 NTSTATUS NtOpenSection (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1507 NTSTATUS NtOpenSemaphore (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1508 NTSTATUS NtOpenSymbolicLinkObject (PHANDLE, ACCESS_MASK, POBJECT_ATTRIBUTES);
1509 /* WARNING! Don't rely on the timestamp information returned by
1510 NtQueryAttributesFile. Only the DOS file attribute info is reliable. */
1511 NTSTATUS NtPrivilegeCheck (HANDLE, PPRIVILEGE_SET, PBOOLEAN);
1512 NTSTATUS NtQueryAttributesFile (POBJECT_ATTRIBUTES, PFILE_BASIC_INFORMATION);
1513 NTSTATUS NtQueryDirectoryFile(HANDLE, HANDLE, PVOID, PVOID, PIO_STATUS_BLOCK,
1514 PVOID, ULONG, FILE_INFORMATION_CLASS, BOOLEAN,
1515 PUNICODE_STRING, BOOLEAN);
1516 NTSTATUS NtQueryDirectoryObject (HANDLE, PVOID, ULONG, BOOLEAN, BOOLEAN,
1517 PULONG, PULONG);
1518 NTSTATUS NtQueryEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG, BOOLEAN,
1519 PVOID, ULONG, PULONG, BOOLEAN);
1520 NTSTATUS NtQueryEvent (HANDLE, EVENT_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1521 NTSTATUS NtQueryInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
1522 FILE_INFORMATION_CLASS);
1523 NTSTATUS NtQueryInformationJobObject (HANDLE, JOBOBJECTINFOCLASS, PVOID,
1524 ULONG, PULONG);
1525 NTSTATUS NtQueryInformationProcess (HANDLE, PROCESSINFOCLASS, PVOID, ULONG,
1526 PULONG);
1527 NTSTATUS NtQueryInformationThread (HANDLE, THREADINFOCLASS, PVOID, ULONG,
1528 PULONG);
1529 NTSTATUS NtQueryInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, PVOID,
1530 ULONG, PULONG);
1531 NTSTATUS NtQueryObject (HANDLE, OBJECT_INFORMATION_CLASS, PVOID, ULONG,
1532 PULONG);
1533 NTSTATUS NtQueryQuotaInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
1534 BOOLEAN, PVOID, ULONG, PSID, BOOLEAN);
1535 NTSTATUS NtQuerySemaphore (HANDLE, SEMAPHORE_INFORMATION_CLASS, PVOID, ULONG,
1536 PULONG);
1537 NTSTATUS NtQuerySystemInformation (SYSTEM_INFORMATION_CLASS, PVOID, ULONG,
1538 PULONG);
1539 NTSTATUS NtQuerySystemTime (PLARGE_INTEGER);
1540 NTSTATUS NtQuerySecurityObject (HANDLE, SECURITY_INFORMATION,
1541 PSECURITY_DESCRIPTOR, ULONG, PULONG);
1542 NTSTATUS NtQuerySymbolicLinkObject (HANDLE, PUNICODE_STRING, PULONG);
1543 NTSTATUS NtQueryTimer (HANDLE, TIMER_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1544 NTSTATUS NtQueryTimerResolution (PULONG, PULONG, PULONG);
1545 NTSTATUS NtQueryValueKey (HANDLE, PUNICODE_STRING,
1546 KEY_VALUE_INFORMATION_CLASS, PVOID, ULONG, PULONG);
1547 NTSTATUS NtQueryVirtualMemory (HANDLE, PVOID, MEMORY_INFORMATION_CLASS, PVOID,
1548 SIZE_T, PSIZE_T);
1549 NTSTATUS NtQueryVolumeInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
1550 FS_INFORMATION_CLASS);
1551 NTSTATUS NtReadFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID, PIO_STATUS_BLOCK,
1552 PVOID, ULONG, PLARGE_INTEGER, PULONG);
1553 NTSTATUS NtRollbackTransaction (HANDLE, BOOLEAN);
1554 NTSTATUS NtSetEaFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG);
1555 NTSTATUS NtSetEvent (HANDLE, PULONG);
1556 NTSTATUS NtSetInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
1557 FILE_INFORMATION_CLASS);
1558 NTSTATUS NtSetInformationJobObject (HANDLE, JOBOBJECTINFOCLASS, PVOID, ULONG);
1559 NTSTATUS NtSetInformationThread (HANDLE, THREADINFOCLASS, PVOID, ULONG);
1560 NTSTATUS NtSetInformationToken (HANDLE, TOKEN_INFORMATION_CLASS, PVOID,
1561 ULONG);
1562 NTSTATUS NtSetQuotaInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG);
1563 NTSTATUS NtSetSecurityObject (HANDLE, SECURITY_INFORMATION,
1564 PSECURITY_DESCRIPTOR);
1565 NTSTATUS NtSetTimer (HANDLE, PLARGE_INTEGER, PTIMER_APC_ROUTINE, PVOID,
1566 BOOLEAN, LONG, PBOOLEAN);
1567 NTSTATUS NtSetValueKey (HANDLE, PUNICODE_STRING, ULONG, ULONG, PVOID, ULONG);
1568 NTSTATUS NtSetVolumeInformationFile (HANDLE, PIO_STATUS_BLOCK, PVOID, ULONG,
1569 FS_INFORMATION_CLASS);
1570 NTSTATUS NtUnlockFile (HANDLE, PIO_STATUS_BLOCK, PLARGE_INTEGER,
1571 PLARGE_INTEGER, ULONG);
1572 NTSTATUS NtUnlockVirtualMemory (HANDLE, PVOID *, PSIZE_T, ULONG);
1573 NTSTATUS NtUnmapViewOfSection (HANDLE, PVOID);
1574 NTSTATUS NtWaitForSingleObject (HANDLE, BOOLEAN, PLARGE_INTEGER);
1575 NTSTATUS NtWriteFile (HANDLE, HANDLE, PIO_APC_ROUTINE, PVOID,
1576 PIO_STATUS_BLOCK, PVOID, ULONG, PLARGE_INTEGER, PULONG);
1577 NTSTATUS RtlAbsoluteToSelfRelativeSD (PSECURITY_DESCRIPTOR,
1578 PSECURITY_DESCRIPTOR, PULONG);
1579 NTSTATUS RtlAddAccessAllowedAce (PACL, ULONG, ACCESS_MASK, PSID);
1580 NTSTATUS RtlAddAccessAllowedAceEx (PACL, ULONG, ULONG, ACCESS_MASK, PSID);
1581 NTSTATUS RtlAddAccessDeniedAce (PACL, ULONG, ACCESS_MASK, PSID);
1582 NTSTATUS RtlAddAccessDeniedAceEx (PACL, ULONG, ULONG, ACCESS_MASK, PSID);
1583 NTSTATUS RtlAddAce (PACL, ULONG, ULONG, PVOID, ULONG);
1584 PVOID RtlAllocateHeap (PVOID, ULONG, SIZE_T);
1585 NTSTATUS RtlAnsiStringToUnicodeString (PUNICODE_STRING, PANSI_STRING,
1586 BOOLEAN);
1587 NTSTATUS RtlAppendUnicodeToString (PUNICODE_STRING, PCWSTR);
1588 NTSTATUS RtlAppendUnicodeStringToString (PUNICODE_STRING, PUNICODE_STRING);
1589 NTSTATUS RtlCheckRegistryKey (ULONG, PCWSTR);
1590 LONG RtlCompareUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
1591 NTSTATUS RtlConvertSidToUnicodeString (PUNICODE_STRING, PSID, BOOLEAN);
1592 NTSTATUS RtlConvertToAutoInheritSecurityObject (PSECURITY_DESCRIPTOR,
1593 PSECURITY_DESCRIPTOR,
1594 PSECURITY_DESCRIPTOR *,
1595 GUID *, BOOLEAN,
1596 PGENERIC_MAPPING);
1597 NTSTATUS RtlCopySid (ULONG, PSID, PSID);
1598 VOID RtlCopyUnicodeString (PUNICODE_STRING, PUNICODE_STRING);
1599 NTSTATUS RtlCreateAcl (PACL, ULONG, ULONG);
1600 PDEBUG_BUFFER RtlCreateQueryDebugBuffer (ULONG, BOOLEAN);
1601 NTSTATUS RtlCreateSecurityDescriptor (PSECURITY_DESCRIPTOR, ULONG);
1602 /* Don't use this function! It's almost always wrong! */
1603 // BOOLEAN RtlCreateUnicodeStringFromAsciiz (PUNICODE_STRING, PCSTR);
1604 NTSTATUS RtlDeleteSecurityObject (PSECURITY_DESCRIPTOR *);
1605 NTSTATUS RtlDestroyQueryDebugBuffer (PDEBUG_BUFFER);
1606 NTSTATUS RtlDowncaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
1607 NTSTATUS RtlEnterCriticalSection (PRTL_CRITICAL_SECTION);
1608 BOOLEAN RtlEqualPrefixSid (PSID, PSID);
1609 BOOLEAN RtlEqualSid (PSID, PSID);
1610 BOOLEAN RtlEqualUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
1611 BOOLEAN RtlFreeHeap (HANDLE, ULONG, PVOID);
1612 VOID RtlFreeUnicodeString (PUNICODE_STRING);
1613 BOOLEAN RtlFirstFreeAce (PACL, PVOID *);
1614 NTSTATUS RtlGetAce (PACL, ULONG, PVOID);
1615 NTSTATUS RtlGetControlSecurityDescriptor (PSECURITY_DESCRIPTOR,
1616 PSECURITY_DESCRIPTOR_CONTROL,
1617 PULONG);
1618 HANDLE RtlGetCurrentTransaction ();
1619 NTSTATUS RtlGetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, PBOOLEAN, PACL *,
1620 PBOOLEAN);
1621 NTSTATUS RtlGetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
1622 PBOOLEAN);
1623 NTSTATUS RtlGetNtVersionNumbers (LPDWORD, LPDWORD, LPDWORD);
1624 NTSTATUS RtlGetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID *,
1625 PBOOLEAN);
1626 NTSTATUS RtlGetVersion (PRTL_OSVERSIONINFOEXW);
1627 PSID_IDENTIFIER_AUTHORITY RtlIdentifierAuthoritySid (PSID);
1628 VOID RtlInitAnsiString (PANSI_STRING, PCSTR);
1629 NTSTATUS RtlInitializeSid (PSID, PSID_IDENTIFIER_AUTHORITY, UCHAR);
1630 VOID RtlInitUnicodeString (PUNICODE_STRING, PCWSTR);
1631 NTSTATUS RtlLeaveCriticalSection (PRTL_CRITICAL_SECTION);
1632 ULONG RtlLengthSecurityDescriptor (PSECURITY_DESCRIPTOR);
1633 ULONG RtlLengthSid (PSID);
1634 ULONG RtlNtStatusToDosError (NTSTATUS);
1635 BOOLEAN RtlPrefixUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
1636 NTSTATUS RtlQueryProcessDebugInformation (ULONG, ULONG, PDEBUG_BUFFER);
1637 NTSTATUS RtlQueryRegistryValues (ULONG, PCWSTR, PRTL_QUERY_REGISTRY_TABLE,
1638 PVOID, PVOID);
1639 VOID RtlReleasePebLock ();
1640 NTSTATUS RtlSetCurrentDirectory_U (PUNICODE_STRING);
1641 BOOLEAN RtlSetCurrentTransaction (HANDLE);
1642 NTSTATUS RtlSetControlSecurityDescriptor (PSECURITY_DESCRIPTOR,
1643 SECURITY_DESCRIPTOR_CONTROL,
1644 SECURITY_DESCRIPTOR_CONTROL);
1645 NTSTATUS RtlSetDaclSecurityDescriptor (PSECURITY_DESCRIPTOR, BOOLEAN, PACL,
1646 BOOLEAN);
1647 NTSTATUS RtlSetGroupSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID, BOOLEAN);
1648 NTSTATUS RtlSetOwnerSecurityDescriptor (PSECURITY_DESCRIPTOR, PSID, BOOLEAN);
1649 CHAR RtlSetProcessPlaceholderCompatibilityMode (CHAR);
1650 PUCHAR RtlSubAuthorityCountSid (PSID);
1651 PULONG RtlSubAuthoritySid (PSID, ULONG);
1652 ULONG RtlUnicodeStringToAnsiSize (PUNICODE_STRING);
1653 NTSTATUS RtlUnicodeStringToAnsiString (PANSI_STRING, PUNICODE_STRING,
1654 BOOLEAN);
1655 WCHAR RtlUpcaseUnicodeChar (WCHAR);
1656 NTSTATUS RtlUpcaseUnicodeString (PUNICODE_STRING, PUNICODE_STRING, BOOLEAN);
1657 NTSTATUS RtlWriteRegistryValue (ULONG, PCWSTR, PCWSTR, ULONG, PVOID, ULONG);
1658
1659 #ifdef __cplusplus
1660 /* A few Rtl functions are either actually macros, or they just don't
1661 exist even though they would be a big help. We implement them here,
1662 partly as inline functions. */
1663
1664 /* RtlInitEmptyUnicodeString is defined as a macro in wdm.h, but that file
1665 is missing entirely in w32api. */
1666
1667 inline
1668 VOID RtlInitEmptyUnicodeString(PUNICODE_STRING dest, PWSTR buf, USHORT len)
1669 {
1670 dest->Length = 0;
1671 dest->MaximumLength = len;
1672 dest->Buffer = buf;
1673 }
1674 /* Like RtlInitEmptyUnicodeString, but initialize Length to len, too.
1675 This is for instance useful when creating a UNICODE_STRING from an
1676 NtQueryInformationFile info buffer, where the length of the filename
1677 is known, but you can't rely on the string being 0-terminated.
1678 If you know it's 0-terminated, just use RtlInitUnicodeString(). */
1679 inline
1680 VOID RtlInitCountedUnicodeString (PUNICODE_STRING dest, PCWSTR buf,
1681 USHORT len)
1682 {
1683 dest->Length = dest->MaximumLength = len;
1684 dest->Buffer = (PWSTR) buf;
1685 }
1686 /* Split path into dirname and basename part. This function does not
1687 copy anything! It just initializes the dirname and basename
1688 UNICODE_STRINGs so that their Buffer members point to the right spot
1689 into path's Buffer, and the Length (and MaximumLength) members are set
1690 to match the dirname part and the basename part.
1691 Note that dirname's Length is set so that it also includes the trailing
1692 backslash. If you don't need it, just subtract sizeof(WCHAR) from
1693 dirname.Length. */
1694 inline
1695 VOID RtlSplitUnicodePath (PUNICODE_STRING path, PUNICODE_STRING dirname,
1696 PUNICODE_STRING basename)
1697 {
1698 USHORT len = path->Length / sizeof (WCHAR);
1699 while (len > 0 && path->Buffer[--len] != L'\\')
1700 ;
1701 ++len;
1702 if (dirname)
1703 RtlInitCountedUnicodeString (dirname, path->Buffer, len * sizeof (WCHAR));
1704 if (basename)
1705 RtlInitCountedUnicodeString (basename, &path->Buffer[len],
1706 path->Length - len * sizeof (WCHAR));
1707 }
1708 /* Check if prefix is a prefix of path. */
1709 inline
1710 BOOLEAN RtlEqualUnicodePathPrefix (PUNICODE_STRING path,
1711 PUNICODE_STRING prefix,
1712 BOOLEAN caseinsensitive)
1713 {
1714 UNICODE_STRING p;
1715
1716 RtlInitCountedUnicodeString (&p, path->Buffer,
1717 prefix->Length < path->Length
1718 ? prefix->Length : path->Length);
1719 return RtlEqualUnicodeString (&p, prefix, caseinsensitive);
1720 }
1721 /* Check if suffix is a suffix of path. */
1722 inline
1723 BOOL RtlEqualUnicodePathSuffix (PUNICODE_STRING path,
1724 PUNICODE_STRING suffix,
1725 BOOLEAN caseinsensitive)
1726 {
1727 UNICODE_STRING p;
1728
1729 if (suffix->Length < path->Length)
1730 RtlInitCountedUnicodeString (&p, (PWCHAR) ((PBYTE) path->Buffer
1731 + path->Length - suffix->Length),
1732 suffix->Length);
1733 else
1734 RtlInitCountedUnicodeString (&p, path->Buffer, path->Length);
1735 return RtlEqualUnicodeString (&p, suffix, caseinsensitive);
1736 }
1737 /* Implemented in strfuncs.cc. Create a Hex UNICODE_STRING from a given
1738 64 bit integer value. If append is TRUE, append the hex string,
1739 otherwise overwrite dest. Returns either STATUS_SUCCESS, or
1740 STATUS_BUFFER_OVERFLOW, if the unicode buffer is too small (hasn't
1741 room for 16 WCHARs). */
1742 NTSTATUS RtlInt64ToHexUnicodeString (ULONGLONG value, PUNICODE_STRING dest,
1743 BOOLEAN append);
1744 /* Set file attributes. Don't change file times. */
1745 inline
1746 NTSTATUS NtSetAttributesFile (HANDLE h, ULONG attr)
1747 {
1748 IO_STATUS_BLOCK io;
1749 FILE_BASIC_INFORMATION fbi;
1750 fbi.CreationTime.QuadPart = fbi.LastAccessTime.QuadPart =
1751 fbi.LastWriteTime.QuadPart = fbi.ChangeTime.QuadPart = 0LL;
1752 fbi.FileAttributes = attr ?: FILE_ATTRIBUTE_NORMAL;
1753 return NtSetInformationFile(h, &io, &fbi, sizeof fbi, FileBasicInformation);
1754 }
1755
1756 /* This test for a signalled event is twice as fast as calling
1757 WaitForSingleObject (event, 0). */
1758 inline
1759 BOOL IsEventSignalled (HANDLE event)
1760 {
1761 EVENT_BASIC_INFORMATION ebi;
1762 return NT_SUCCESS (NtQueryEvent (event, EventBasicInformation,
1763 &ebi, sizeof ebi, NULL))
1764 && ebi.SignalState != 0;
1765
1766 }
1767
1768 static inline void
1769 start_transaction (HANDLE &old_trans, HANDLE &trans)
1770 {
1771 NTSTATUS status = NtCreateTransaction (&trans,
1772 SYNCHRONIZE | TRANSACTION_ALL_ACCESS,
1773 NULL, NULL, NULL, 0, 0, 0, NULL, NULL);
1774 if (NT_SUCCESS (status))
1775 {
1776 old_trans = RtlGetCurrentTransaction ();
1777 RtlSetCurrentTransaction (trans);
1778 }
1779 else
1780 old_trans = trans = NULL;
1781 }
1782
1783 static inline NTSTATUS
1784 stop_transaction (NTSTATUS status, HANDLE old_trans, HANDLE &trans)
1785 {
1786 RtlSetCurrentTransaction (old_trans);
1787 if (NT_SUCCESS (status))
1788 status = NtCommitTransaction (trans, TRUE);
1789 else
1790 status = NtRollbackTransaction (trans, TRUE);
1791 NtClose (trans);
1792 trans = NULL;
1793 return status;
1794 }
1795 }
1796
1797 /* This is for pseudo console workaround. ClosePseudoConsole()
1798 seems to have a bug that one internal handle remains opend.
1799 This causes handle leak. To close this handle, it is needed
1800 to access internal of HPCON. HPCON_INTERNAL is defined for
1801 this purpose. The structure of internal of HPCON is not
1802 documented. Refer to: https://github.com/Biswa96/XConPty */
1803 typedef struct _HPCON_INTERNAL
1804 {
1805 HANDLE hWritePipe;
1806 HANDLE hConDrvReference;
1807 HANDLE hConHostProcess;
1808 } HPCON_INTERNAL;
1809 #endif