|
|
/************************************************************************
* * * winternl.h -- This module defines the internal NT APIs and data * * structures that are intended for the use only by internal core * * Windows components. These APIs and data structures may change * * at any time. * * * * These APIs and data structures are subject to changes from one * * Windows release to another Windows release. To maintain the * * compatiblity of your application, avoid using these APIs and * * data structures. * * * * The appropriate mechanism for accessing the functions defined in * * this header is to use LoadLibrary() for ntdll.dll and * * GetProcAddress() for the particular function. By using this * * approach, your application will be more resilient to changes * * for these functions between Windows releases. If a function * * prototype does change, then GetProcAddress() for that function * * might detect the change and fail the function call, which your * * application will be able to detect. GetProcAddress() may not * * be able to detect all signature changes, thus avoid using these * * internal functions. Instead, your application should use the * * appropriate Win32 function that provides equivalent or similiar * * functionality. * * * * Copyright (c) Microsoft Corp. All rights reserved. * * * ************************************************************************/
#ifndef _WINTERNL_
#define _WINTERNL_
#if (_WIN32_WINNT >= 0x0500)
#include <windef.h>
#ifdef __cplusplus
extern "C" { #endif
//
// The PEB and TEB structures are subject to changes between Windows
// releases, thus the fields offsets may change as well as the Reserved
// fields. The Reserved fields are reserved for use only by the Windows
// operating systems. Do not assume a maximum size for the structures.
//
//
// Instead of using the BeingDebugged field, use the Win32 APIs
// IsDebuggerPresent, CheckRemoteDebuggerPresent
// Instead of using the SessionId field, use the Win32 APIs
// GetCurrentProcessId and ProcessIdToSessionId
// Sample x86 assembly code that gets the SessionId (subject to change
// between Windows releases, use the Win32 APIs to make your application
// resilient to changes)
// mov eax,fs:[00000018]
// mov eax,[eax+0x30]
// mov eax,[eax+0x1d4]
//
typedef struct _PEB { BYTE Reserved1[2]; BYTE BeingDebugged; BYTE Reserved2[229]; PVOID Reserved3[59]; ULONG SessionId; } PEB, *PPEB;
//
// Instead of using the Tls fields, use the Win32 TLS APIs
// TlsAlloc, TlsGetValue, TlsSetValue, TlsFree
//
// Instead of using the ReservedForOle field, use the COM API
// CoGetContextToken
//
typedef struct _TEB { BYTE Reserved1[1952]; PVOID Reserved2[412]; PVOID TlsSlots[64]; BYTE Reserved3[8]; PVOID Reserved4[26]; PVOID ReservedForOle; // Windows 2000 only
PVOID Reserved5[4]; PVOID TlsExpansionSlots; } TEB; typedef TEB *PTEB;
//
// These data structures and type definitions are needed for compilation and
// use of the internal Windows APIs defined in this header.
//
typedef LONG NTSTATUS;
typedef CONST char *PCSZ;
typedef struct _STRING { USHORT Length; USHORT MaximumLength; PCHAR Buffer; } STRING; typedef STRING *PSTRING;
typedef STRING ANSI_STRING; typedef PSTRING PANSI_STRING; typedef PSTRING PCANSI_STRING;
typedef STRING OEM_STRING; typedef PSTRING POEM_STRING; typedef CONST STRING* PCOEM_STRING;
typedef struct _UNICODE_STRING { USHORT Length; USHORT MaximumLength; PWSTR Buffer; } UNICODE_STRING; typedef UNICODE_STRING *PUNICODE_STRING; typedef const UNICODE_STRING *PCUNICODE_STRING;
typedef struct _OBJECT_ATTRIBUTES { ULONG Length; HANDLE RootDirectory; PUNICODE_STRING ObjectName; ULONG Attributes; PVOID SecurityDescriptor; PVOID SecurityQualityOfService; } OBJECT_ATTRIBUTES; typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
typedef struct _IO_STATUS_BLOCK { union { NTSTATUS Status; PVOID Pointer; };
ULONG_PTR Information; } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
typedef VOID (NTAPI *PIO_APC_ROUTINE) ( IN PVOID ApcContext, IN PIO_STATUS_BLOCK IoStatusBlock, IN ULONG Reserved );
#if defined(_M_IA64)
typedef struct _FRAME_POINTERS { ULONGLONG MemoryStackFp; ULONGLONG BackingStoreFp; } FRAME_POINTERS, *PFRAME_POINTERS;
#define UNWIND_HISTORY_TABLE_SIZE 12
typedef struct _RUNTIME_FUNCTION { ULONG BeginAddress; ULONG EndAddress; ULONG UnwindInfoAddress; } RUNTIME_FUNCTION, *PRUNTIME_FUNCTION;
typedef struct _UNWIND_HISTORY_TABLE_ENTRY { ULONG64 ImageBase; ULONG64 Gp; PRUNTIME_FUNCTION FunctionEntry; } UNWIND_HISTORY_TABLE_ENTRY, *PUNWIND_HISTORY_TABLE_ENTRY;
typedef struct _UNWIND_HISTORY_TABLE { ULONG Count; UCHAR Search; ULONG64 LowAddress; ULONG64 HighAddress; UNWIND_HISTORY_TABLE_ENTRY Entry[UNWIND_HISTORY_TABLE_SIZE]; } UNWIND_HISTORY_TABLE, *PUNWIND_HISTORY_TABLE;
#endif // _M_IA64
typedef struct _PROCESS_BASIC_INFORMATION { PVOID Reserved1; PPEB PebBaseAddress; PVOID Reserved2[2]; ULONG_PTR UniqueProcessId; PVOID Reserved3; } PROCESS_BASIC_INFORMATION; typedef PROCESS_BASIC_INFORMATION *PPROCESS_BASIC_INFORMATION;
typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER Reserved1[2]; ULONG Reserved2; } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
typedef struct _SYSTEM_PROCESS_INFORMATION { ULONG NextEntryOffset; BYTE Reserved1[52]; PVOID Reserved2[3]; HANDLE UniqueProcessId; PVOID Reserved3; ULONG HandleCount; BYTE Reserved4[4]; PVOID Reserved5[11]; SIZE_T PeakPagefileUsage; SIZE_T PrivatePageCount; LARGE_INTEGER Reserved6[6]; } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { ULONG RegistryQuotaAllowed; ULONG RegistryQuotaUsed; PVOID Reserved1; } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
typedef struct _SYSTEM_BASIC_INFORMATION { BYTE Reserved1[24]; PVOID Reserved2[4]; CCHAR NumberOfProcessors; } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
typedef struct _SYSTEM_TIMEOFDAY_INFORMATION { BYTE Reserved1[48]; } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
typedef struct _SYSTEM_PERFORMANCE_INFORMATION { BYTE Reserved1[312]; } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
typedef struct _SYSTEM_EXCEPTION_INFORMATION { BYTE Reserved1[16]; } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
typedef struct _SYSTEM_LOOKASIDE_INFORMATION { BYTE Reserved1[32]; } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
typedef struct _SYSTEM_INTERRUPT_INFORMATION { BYTE Reserved1[24]; } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
typedef enum _FILE_INFORMATION_CLASS { FileDirectoryInformation = 1 } FILE_INFORMATION_CLASS;
typedef enum _PROCESSINFOCLASS { ProcessBasicInformation = 0, ProcessWow64Information = 26 } PROCESSINFOCLASS;
typedef enum _THREADINFOCLASS { ThreadIsIoPending = 16 } THREADINFOCLASS;
typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation = 0, SystemPerformanceInformation = 2, SystemTimeOfDayInformation = 3, SystemProcessInformation = 5, SystemProcessorPerformanceInformation = 8, SystemInterruptInformation = 23, SystemExceptionInformation = 33, SystemRegistryQuotaInformation = 37, SystemLookasideInformation = 45 } SYSTEM_INFORMATION_CLASS;
#if (_WIN32_WINNT >= 0x0501)
//
// use the WTS API instead
// WTSGetActiveConsoleSessionId
// The active console id is cached as a volatile ULONG in a constant
// memory location. This x86 memory location is subject to changes between
// Windows releases. Use the WTS API to make your application resilient to
// changes.
//
#define INTERNAL_TS_ACTIVE_CONSOLE_ID ( *((volatile ULONG*)(0x7ffe02d8)) )
#endif // (_WIN32_WINNT >= 0x0501)
//
// These functions are intended for use by internal core Windows components
// since these functions may change between Windows releases.
//
#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
//
// use the Win32 API instead
// CloseHandle
//
NTSTATUS NtClose ( IN HANDLE Handle );
//
// use the Win32 API instead
// CreateFile
//
NTSTATUS NtCreateFile ( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN PLARGE_INTEGER AllocationSize OPTIONAL, IN ULONG FileAttributes, IN ULONG ShareAccess, IN ULONG CreateDisposition, IN ULONG CreateOptions, IN PVOID EaBuffer OPTIONAL, IN ULONG EaLength );
//
// use the Win32 API instead
// CreateFile
//
NTSTATUS NtOpenFile ( OUT PHANDLE FileHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG ShareAccess, IN ULONG OpenOptions );
//
// use the Win32 API instead
// DeviceIoControl
//
NTSTATUS NtDeviceIoControlFile ( IN HANDLE FileHandle, IN HANDLE Event OPTIONAL, IN PIO_APC_ROUTINE ApcRoutine OPTIONAL, IN PVOID ApcContext OPTIONAL, OUT PIO_STATUS_BLOCK IoStatusBlock, IN ULONG IoControlCode, IN PVOID InputBuffer OPTIONAL, IN ULONG InputBufferLength, OUT PVOID OutputBuffer OPTIONAL, IN ULONG OutputBufferLength );
//
// use the Win32 API instead
// WaitForSingleObjectEx
//
NTSTATUS NtWaitForSingleObject ( IN HANDLE Handle, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL );
//
// use the Win32 API instead
// CheckNameLegalDOS8Dot3
//
BOOLEAN RtlIsNameLegalDOS8Dot3 ( IN PUNICODE_STRING Name, IN OUT POEM_STRING OemName OPTIONAL, IN OUT PBOOLEAN NameContainsSpaces OPTIONAL );
//
// This function might be needed for some of the internal Windows functions,
// defined in this header file.
//
ULONG RtlNtStatusToDosError ( NTSTATUS Status );
//
// use the Win32 APIs instead
// GetProcessHandleCount
// GetProcessId
//
NTSTATUS NtQueryInformationProcess ( IN HANDLE ProcessHandle, IN PROCESSINFOCLASS ProcessInformationClass, OUT PVOID ProcessInformation, IN ULONG ProcessInformationLength, OUT PULONG ReturnLength OPTIONAL );
//
// use the Win32 API instead
// GetThreadIOPendingFlag
//
NTSTATUS NtQueryInformationThread ( IN HANDLE ThreadHandle, IN THREADINFOCLASS ThreadInformationClass, OUT PVOID ThreadInformation, IN ULONG ThreadInformationLength, OUT PULONG ReturnLength OPTIONAL );
//
// use the Win32 APIs instead
// GetSystemRegistryQuota
// GetSystemTimes
// use the CryptoAPIs instead for generating random data
// CryptGenRandom
//
NTSTATUS NtQuerySystemInformation ( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL );
//
// use the Win32 API instead
// GetSystemTimeAsFileTime
//
NTSTATUS NtQuerySystemTime ( OUT PLARGE_INTEGER SystemTime );
//
// use the Win32 API instead
// LocalFileTimeToFileTime
//
NTSTATUS RtlLocalTimeToSystemTime ( IN PLARGE_INTEGER LocalTime, OUT PLARGE_INTEGER SystemTime );
//
// use the Win32 API instead
// SystemTimeToFileTime to convert to FILETIME structures
// copy the resulting FILETIME structures to ULARGE_INTEGER structures
// perform the calculation
//
BOOLEAN RtlTimeToSecondsSince1970 ( PLARGE_INTEGER Time, PULONG ElapsedSeconds );
//
// These APIs might be need for some of the internal Windows functions,
// defined in this header file.
//
VOID RtlFreeAnsiString ( PANSI_STRING AnsiString );
VOID RtlFreeUnicodeString ( PUNICODE_STRING UnicodeString );
VOID RtlFreeOemString( POEM_STRING OemString );
VOID RtlInitString ( PSTRING DestinationString, PCSZ SourceString );
VOID RtlInitAnsiString ( PANSI_STRING DestinationString, PCSZ SourceString );
VOID RtlInitUnicodeString ( PUNICODE_STRING DestinationString, PCWSTR SourceString );
NTSTATUS RtlAnsiStringToUnicodeString ( PUNICODE_STRING DestinationString, PCANSI_STRING SourceString, BOOLEAN AllocateDestinationString );
NTSTATUS RtlUnicodeStringToAnsiString ( PANSI_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString );
NTSTATUS RtlUnicodeStringToOemString( POEM_STRING DestinationString, PCUNICODE_STRING SourceString, BOOLEAN AllocateDestinationString );
//
// Use the Win32 API instead
// WideCharToMultiByte
// set CodePage to CP_ACP
// set cbMultiByte to 0
//
NTSTATUS RtlUnicodeToMultiByteSize( PULONG BytesInMultiByteString, IN PWSTR UnicodeString, ULONG BytesInUnicodeString );
//
// Use the C runtime function instead
// strtol
//
NTSTATUS RtlCharToInteger ( PCSZ String, ULONG Base, PULONG Value );
//
// use the Win32 API instead
// ConvertSidToStringSid
//
NTSTATUS RtlConvertSidToUnicodeString ( PUNICODE_STRING UnicodeString, PSID Sid, BOOLEAN AllocateDestinationString );
//
// use the CryptoAPIs instead
// CryptGenRandom
//
ULONG RtlUniform ( PULONG Seed );
//
// Use the default built-in system exception handling instead of these
// functions
//
VOID RtlUnwind ( IN PVOID TargetFrame OPTIONAL, IN PVOID TargetIp OPTIONAL, IN PEXCEPTION_RECORD ExceptionRecord OPTIONAL, IN PVOID ReturnValue );
#if defined(_M_IA64)
VOID RtlUnwind2 ( IN FRAME_POINTERS TargetFrame OPTIONAL, IN PVOID TargetIp OPTIONAL, IN PEXCEPTION_RECORD ExceptionRecord OPTIONAL, IN PVOID ReturnValue, IN PCONTEXT ContextRecord );
VOID RtlUnwindEx ( IN FRAME_POINTERS TargetFrame OPTIONAL, IN PVOID TargetIp OPTIONAL, IN PEXCEPTION_RECORD ExceptionRecord OPTIONAL, IN PVOID ReturnValue, IN PCONTEXT ContextRecord, IN PUNWIND_HISTORY_TABLE HistoryTable OPTIONAL );
#endif // _M_IA64
#define LOGONID_CURRENT ((ULONG)-1)
#define SERVERNAME_CURRENT ((HANDLE)NULL)
typedef enum _WINSTATIONINFOCLASS { WinStationInformation = 8 } WINSTATIONINFOCLASS;
typedef struct _WINSTATIONINFORMATIONW { BYTE Reserved2[70]; ULONG LogonId; BYTE Reserved3[1140]; } WINSTATIONINFORMATIONW, * PWINSTATIONINFORMATIONW;
//
// this function is implemented in winsta.dll (you need to loadlibrary to call this function)
// this internal function retrives the LogonId (also called SessionId) for the current process
// You should avoid using this function as it can change. you can retrieve the same information
// Using public api WTSQuerySessionInformation. Pass WTSSessionId as the WTSInfoClass parameter
//
typedef BOOLEAN (WINAPI * PWINSTATIONQUERYINFORMATIONW)( HANDLE, ULONG, WINSTATIONINFOCLASS, PVOID, ULONG, PULONG );
#ifdef __cplusplus
} #endif
#endif // (_WIN32_WINNT >= 0x0500)
#endif // _WINTERNL_
|