|
|
/*++
Copyright (c) Microsoft Corporation
Module Name:
ntwow64.h
Abstract:
This module contains headers for fake kernel entrypoints(wow64 BOPS) in ntdll.
Author:
Michael Zoran (mzoran) 22-NOV-1998
Environment:
User Mode only
Revision History:
May 07, 2001 SamerA Added NtWow64GetNativeSystemInformation() July 2002 JayKrell removed NtWow64QuerySection64 added NtWow64QueryInformationProcess64 publish it, ifndef guard, pragma once, subsection ifdef guards
--*/
#ifndef _NTWOW64_
#define _NTWOW64_
#if _MSC_VER > 1000
#pragma once
#endif
#if defined(_NTCSRMSG_)
NTSYSAPINTSTATUSNTAPINtWow64CsrClientConnectToServer( IN PWSTR ObjectDirectory, IN ULONG ServerDllIndex, IN PVOID ConnectionInformation, IN OUT PULONG ConnectionInformationLength OPTIONAL, OUT PBOOLEAN CalledFromServer OPTIONAL );
NTSYSAPINTSTATUSNTAPINtWow64CsrNewThread( VOID );
NTSYSAPINTSTATUSNTAPINtWow64CsrIdentifyAlertableThread( VOID );
NTSYSAPINTSTATUSNTAPINtWow64CsrClientCallServer( IN OUT PCSR_API_MSG m, IN OUT PCSR_CAPTURE_HEADER CaptureBuffer OPTIONAL, IN CSR_API_NUMBER ApiNumber, IN ULONG ArgLength );
NTSYSAPIPCSR_CAPTURE_HEADERNTAPINtWow64CsrAllocateCaptureBuffer( IN ULONG CountMessagePointers, IN ULONG Size );
NTSYSAPIVOIDNTAPINtWow64CsrFreeCaptureBuffer( IN PCSR_CAPTURE_HEADER CaptureBuffer );
NTSYSAPIULONGNTAPINtWow64CsrAllocateMessagePointer( IN OUT PCSR_CAPTURE_HEADER CaptureBuffer, IN ULONG Length, OUT PVOID *Pointer );
NTSYSAPIVOIDNTAPINtWow64CsrCaptureMessageBuffer( IN OUT PCSR_CAPTURE_HEADER CaptureBuffer, IN PVOID Buffer OPTIONAL, IN ULONG Length, OUT PVOID *CapturedBuffer );
NTSYSAPIVOIDNTAPINtWow64CsrCaptureMessageString( IN OUT PCSR_CAPTURE_HEADER CaptureBuffer, IN PCSTR String OPTIONAL, IN ULONG Length, IN ULONG MaximumLength, OUT PSTRING CapturedString );
NTSYSAPINTSTATUSNTAPINtWow64CsrSetPriorityClass( IN HANDLE ProcessHandle, IN OUT PULONG PriorityClass );
NTSYSAPIHANDLENTAPINtWow64CsrGetProcessId( VOID );
#endif /* _NTCSRMSG_ */
#if defined(_NTDBG_)
NTSYSAPINTSTATUSNTAPINtDbgUiConnectToDbg( VOID );
NTSTATUSNtDbgUiWaitStateChange ( OUT PDBGUI_WAIT_STATE_CHANGE StateChange, IN PLARGE_INTEGER Timeout OPTIONAL );
NTSYSAPINTSTATUSNTAPINtDbgUiContinue ( IN PCLIENT_ID AppClientId, IN NTSTATUS ContinueStatus );
NTSYSAPINTSTATUSNTAPINtDbgUiStopDebugging ( IN HANDLE Process );
NTSYSAPINTSTATUSNTAPINtDbgUiDebugActiveProcess ( IN HANDLE Process );
NTSYSAPIVOIDNTAPINtDbgUiRemoteBreakin ( IN PVOID Context );
NTSYSAPIHANDLENTAPINtDbgUiGetThreadDebugObject ( VOID );
#endif /* _NTDBG_ */
// This is used in place of INT 2D
NTSYSAPINTSTATUSNTAPINtWow64DebuggerCall ( IN ULONG ServiceClass, IN ULONG Arg1, IN ULONG Arg2, IN ULONG Arg3, IN ULONG Arg4 );
NTSYSAPINTSTATUSNTAPINtWow64GetNativeSystemInformation( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID NativeSystemInformation, IN ULONG InformationLength, OUT PULONG ReturnLength OPTIONAL );
#if defined(BUILD_WOW6432)
typedef VOID * __ptr64 NATIVE_PVOID;#else
typedef PVOID NATIVE_PVOID;#endif
typedef ULONGLONG SIZE_T64,*PSIZE_T64;
#if defined(BUILD_WOW6432)
#if defined(_NTPSAPI_)
NTSYSAPINTSTATUSNTAPINtWow64QueryInformationProcess64( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL );
#endif
NTSYSAPINTSTATUSNTAPINtWow64ReadVirtualMemory64( IN HANDLE ProcessHandle, IN NATIVE_PVOID BaseAddress, OUT PVOID Buffer, IN SIZE_T64 BufferSize, OUT PSIZE_T64 NumberOfBytesRead OPTIONAL );
#if defined(_NTMMAPI_)
NTSYSAPINTSTATUSNTAPINtWow64QueryVirtualMemory64( IN HANDLE ProcessHandle, IN NATIVE_PVOID BaseAddress, IN MEMORY_INFORMATION_CLASS MemoryInformationClass, OUT PVOID MemoryInformation, IN SIZE_T64 MemoryInformationLength, OUT PSIZE_T64 ReturnLength OPTIONAL );
#endif
#endif
#endif /* _NTWOW64_ */
|
