/*++ BUILD Version: 0008 // Increment this if a change has global effects Copyright (c) Microsoft Corporation. All rights reserved. Module Name: ntexapi.h Abstract: This module is the header file for the all the system services that are contained in the "ex" directory. Author: David N. Cutler (davec) 5-May-1989 Revision History: --*/ #ifndef _NTEXAPI_ #define _NTEXAPI_ #if _MSC_VER > 1000 #pragma once #endif #ifdef __cplusplus extern "C" { #endif // // Delay thread execution. // NTSYSCALLAPI NTSTATUS NTAPI NtDelayExecution ( IN BOOLEAN Alertable, IN PLARGE_INTEGER DelayInterval ); // // Query and set system environment variables. // NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValue ( IN PUNICODE_STRING VariableName, OUT PWSTR VariableValue, IN USHORT ValueLength, OUT PUSHORT ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemEnvironmentValue ( IN PUNICODE_STRING VariableName, IN PUNICODE_STRING VariableValue ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemEnvironmentValueEx ( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, OUT PVOID Value, IN OUT PULONG ValueLength, OUT PULONG Attributes OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemEnvironmentValueEx ( IN PUNICODE_STRING VariableName, IN LPGUID VendorGuid, IN PVOID Value, IN ULONG ValueLength, IN ULONG Attributes ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateSystemEnvironmentValuesEx ( IN ULONG InformationClass, OUT PVOID Buffer, IN OUT PULONG BufferLength ); // begin_nthal #define VARIABLE_ATTRIBUTE_NON_VOLATILE 0x00000001 #define VARIABLE_INFORMATION_NAMES 1 #define VARIABLE_INFORMATION_VALUES 2 typedef struct _VARIABLE_NAME { ULONG NextEntryOffset; GUID VendorGuid; WCHAR Name[ANYSIZE_ARRAY]; } VARIABLE_NAME, *PVARIABLE_NAME; typedef struct _VARIABLE_NAME_AND_VALUE { ULONG NextEntryOffset; ULONG ValueOffset; ULONG ValueLength; ULONG Attributes; GUID VendorGuid; WCHAR Name[ANYSIZE_ARRAY]; //UCHAR Value[ANYSIZE_ARRAY]; } VARIABLE_NAME_AND_VALUE, *PVARIABLE_NAME_AND_VALUE; // end_nthal // // Boot entry management APIs. // typedef struct _FILE_PATH { ULONG Version; ULONG Length; ULONG Type; UCHAR FilePath[ANYSIZE_ARRAY]; } FILE_PATH, *PFILE_PATH; #define FILE_PATH_VERSION 1 #define FILE_PATH_TYPE_ARC 1 #define FILE_PATH_TYPE_ARC_SIGNATURE 2 #define FILE_PATH_TYPE_NT 3 #define FILE_PATH_TYPE_EFI 4 #define FILE_PATH_TYPE_MIN FILE_PATH_TYPE_ARC #define FILE_PATH_TYPE_MAX FILE_PATH_TYPE_EFI typedef struct _WINDOWS_OS_OPTIONS { UCHAR Signature[8]; ULONG Version; ULONG Length; ULONG OsLoadPathOffset; WCHAR OsLoadOptions[ANYSIZE_ARRAY]; //FILE_PATH OsLoadPath; } WINDOWS_OS_OPTIONS, *PWINDOWS_OS_OPTIONS; #define WINDOWS_OS_OPTIONS_SIGNATURE "WINDOWS" #define WINDOWS_OS_OPTIONS_VERSION 1 typedef struct _BOOT_ENTRY { ULONG Version; ULONG Length; ULONG Id; ULONG Attributes; ULONG FriendlyNameOffset; ULONG BootFilePathOffset; ULONG OsOptionsLength; UCHAR OsOptions[ANYSIZE_ARRAY]; //WCHAR FriendlyName[ANYSIZE_ARRAY]; //FILE_PATH BootFilePath; } BOOT_ENTRY, *PBOOT_ENTRY; #define BOOT_ENTRY_VERSION 1 #define BOOT_ENTRY_ATTRIBUTE_ACTIVE 0x00000001 #define BOOT_ENTRY_ATTRIBUTE_DEFAULT 0x00000002 #define BOOT_ENTRY_ATTRIBUTE_WINDOWS 0x00000004 #define BOOT_ENTRY_ATTRIBUTE_REMOVABLE_MEDIA 0x00000008 #define BOOT_ENTRY_ATTRIBUTE_VALID_BITS ( \ BOOT_ENTRY_ATTRIBUTE_ACTIVE | \ BOOT_ENTRY_ATTRIBUTE_DEFAULT \ ) typedef struct _BOOT_OPTIONS { ULONG Version; ULONG Length; ULONG Timeout; ULONG CurrentBootEntryId; ULONG NextBootEntryId; WCHAR HeadlessRedirection[ANYSIZE_ARRAY]; } BOOT_OPTIONS, *PBOOT_OPTIONS; #define BOOT_OPTIONS_VERSION 1 #define BOOT_OPTIONS_FIELD_TIMEOUT 0x00000001 #define BOOT_OPTIONS_FIELD_NEXT_BOOT_ENTRY_ID 0x00000002 #define BOOT_OPTIONS_FIELD_HEADLESS_REDIRECTION 0x00000004 NTSYSCALLAPI NTSTATUS NTAPI NtAddBootEntry ( IN PBOOT_ENTRY BootEntry, OUT PULONG Id OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteBootEntry ( IN ULONG Id ); NTSYSCALLAPI NTSTATUS NTAPI NtModifyBootEntry ( IN PBOOT_ENTRY BootEntry ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateBootEntries ( OUT PVOID Buffer, IN OUT PULONG BufferLength ); typedef struct _BOOT_ENTRY_LIST { ULONG NextEntryOffset; BOOT_ENTRY BootEntry; } BOOT_ENTRY_LIST, *PBOOT_ENTRY_LIST; NTSYSCALLAPI NTSTATUS NTAPI NtQueryBootEntryOrder ( OUT PULONG Ids, IN OUT PULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtSetBootEntryOrder ( IN PULONG Ids, IN ULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryBootOptions ( OUT PBOOT_OPTIONS BootOptions, IN OUT PULONG BootOptionsLength ); NTSYSCALLAPI NTSTATUS NTAPI NtSetBootOptions ( IN PBOOT_OPTIONS BootOptions, IN ULONG FieldsToChange ); #define BOOT_OPTIONS_FIELD_COUNTDOWN 0x00000001 #define BOOT_OPTIONS_FIELD_NEXT_BOOT_ENTRY_ID 0x00000002 #define BOOT_OPTIONS_FIELD_HEADLESS_REDIRECTION 0x00000004 NTSYSCALLAPI NTSTATUS NTAPI NtTranslateFilePath ( IN PFILE_PATH InputFilePath, IN ULONG OutputType, OUT PFILE_PATH OutputFilePath, IN OUT PULONG OutputFilePathLength ); // // Driver entry management APIs. // typedef struct _EFI_DRIVER_ENTRY { ULONG Version; ULONG Length; ULONG Id; ULONG FriendlyNameOffset; ULONG DriverFilePathOffset; //WCHAR FriendlyName[ANYSIZE_ARRAY]; //FILE_PATH DriverFilePath; } EFI_DRIVER_ENTRY, *PEFI_DRIVER_ENTRY; typedef struct _EFI_DRIVER_ENTRY_LIST { ULONG NextEntryOffset; EFI_DRIVER_ENTRY DriverEntry; } EFI_DRIVER_ENTRY_LIST, *PEFI_DRIVER_ENTRY_LIST; #define EFI_DRIVER_ENTRY_VERSION 1 NTSYSCALLAPI NTSTATUS NTAPI NtAddDriverEntry ( IN PEFI_DRIVER_ENTRY DriverEntry, OUT PULONG Id OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteDriverEntry ( IN ULONG Id ); NTSYSCALLAPI NTSTATUS NTAPI NtModifyDriverEntry ( IN PEFI_DRIVER_ENTRY DriverEntry ); NTSYSCALLAPI NTSTATUS NTAPI NtEnumerateDriverEntries ( OUT PVOID Buffer, IN OUT PULONG BufferLength ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDriverEntryOrder ( OUT PULONG Ids, IN OUT PULONG Count ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDriverEntryOrder ( IN PULONG Ids, IN ULONG Count ); // begin_ntifs begin_wdm begin_ntddk // // Event Specific Access Rights. // #define EVENT_QUERY_STATE 0x0001 #define EVENT_MODIFY_STATE 0x0002 // winnt #define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) // winnt // end_ntifs end_wdm end_ntddk // // Event Information Classes. // typedef enum _EVENT_INFORMATION_CLASS { EventBasicInformation } EVENT_INFORMATION_CLASS; // // Event Information Structures. // typedef struct _EVENT_BASIC_INFORMATION { EVENT_TYPE EventType; LONG EventState; } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; // // Event object function definitions. // NTSYSCALLAPI NTSTATUS NTAPI NtClearEvent ( IN HANDLE EventHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtCreateEvent ( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN EVENT_TYPE EventType, IN BOOLEAN InitialState ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenEvent ( OUT PHANDLE EventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtPulseEvent ( IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryEvent ( IN HANDLE EventHandle, IN EVENT_INFORMATION_CLASS EventInformationClass, OUT PVOID EventInformation, IN ULONG EventInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtResetEvent ( IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetEvent ( IN HANDLE EventHandle, OUT PLONG PreviousState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetEventBoostPriority ( IN HANDLE EventHandle ); // // Event Specific Access Rights. // #define EVENT_PAIR_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE) // // Event pair object function definitions. // NTSYSCALLAPI NTSTATUS NTAPI NtCreateEventPair ( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenEventPair( OUT PHANDLE EventPairHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetLowWaitHighEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetHighWaitLowEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetLowEventPair( IN HANDLE EventPairHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetHighEventPair( IN HANDLE EventPairHandle ); // // Mutant Specific Access Rights. // // begin_winnt #define MUTANT_QUERY_STATE 0x0001 #define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\ MUTANT_QUERY_STATE) // end_winnt // // Mutant Information Classes. // typedef enum _MUTANT_INFORMATION_CLASS { MutantBasicInformation } MUTANT_INFORMATION_CLASS; // // Mutant Information Structures. // typedef struct _MUTANT_BASIC_INFORMATION { LONG CurrentCount; BOOLEAN OwnedByCaller; BOOLEAN AbandonedState; } MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION; // // Mutant object function definitions. // NTSYSCALLAPI NTSTATUS NTAPI NtCreateMutant ( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN BOOLEAN InitialOwner ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenMutant ( OUT PHANDLE MutantHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryMutant ( IN HANDLE MutantHandle, IN MUTANT_INFORMATION_CLASS MutantInformationClass, OUT PVOID MutantInformation, IN ULONG MutantInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtReleaseMutant ( IN HANDLE MutantHandle, OUT PLONG PreviousCount OPTIONAL ); // begin_ntifs begin_wdm begin_ntddk // // Semaphore Specific Access Rights. // #define SEMAPHORE_QUERY_STATE 0x0001 #define SEMAPHORE_MODIFY_STATE 0x0002 // winnt #define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) // winnt // end_ntifs end_wdm end_ntddk // // Semaphore Information Classes. // typedef enum _SEMAPHORE_INFORMATION_CLASS { SemaphoreBasicInformation } SEMAPHORE_INFORMATION_CLASS; // // Semaphore Information Structures. // typedef struct _SEMAPHORE_BASIC_INFORMATION { LONG CurrentCount; LONG MaximumCount; } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION; // // Semaphore object function definitions. // NTSYSCALLAPI NTSTATUS NTAPI NtCreateSemaphore ( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN LONG InitialCount, IN LONG MaximumCount ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenSemaphore( OUT PHANDLE SemaphoreHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtQuerySemaphore ( IN HANDLE SemaphoreHandle, IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass, OUT PVOID SemaphoreInformation, IN ULONG SemaphoreInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtReleaseSemaphore( IN HANDLE SemaphoreHandle, IN LONG ReleaseCount, OUT PLONG PreviousCount OPTIONAL ); // begin_winnt // // Timer Specific Access Rights. // #define TIMER_QUERY_STATE 0x0001 #define TIMER_MODIFY_STATE 0x0002 #define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\ TIMER_QUERY_STATE|TIMER_MODIFY_STATE) // end_winnt // // Timer Information Classes. // typedef enum _TIMER_INFORMATION_CLASS { TimerBasicInformation } TIMER_INFORMATION_CLASS; // // Timer Information Structures. // typedef struct _TIMER_BASIC_INFORMATION { LARGE_INTEGER RemainingTime; BOOLEAN TimerState; } TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION; // begin_ntddk // // Timer APC routine definition. // typedef VOID (*PTIMER_APC_ROUTINE) ( IN PVOID TimerContext, IN ULONG TimerLowValue, IN LONG TimerHighValue ); // end_ntddk // // Timer object function definitions. // NTSYSCALLAPI NTSTATUS NTAPI NtCreateTimer ( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN TIMER_TYPE TimerType ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenTimer ( OUT PHANDLE TimerHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtCancelTimer ( IN HANDLE TimerHandle, OUT PBOOLEAN CurrentState OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryTimer ( IN HANDLE TimerHandle, IN TIMER_INFORMATION_CLASS TimerInformationClass, OUT PVOID TimerInformation, IN ULONG TimerInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetTimer ( IN HANDLE TimerHandle, IN PLARGE_INTEGER DueTime, IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL, IN PVOID TimerContext OPTIONAL, IN BOOLEAN ResumeTimer, IN LONG Period OPTIONAL, OUT PBOOLEAN PreviousState OPTIONAL ); // // System Time and Timer function definitions // NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemTime ( OUT PLARGE_INTEGER SystemTime ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemTime ( IN PLARGE_INTEGER SystemTime, OUT PLARGE_INTEGER PreviousTime OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryTimerResolution ( OUT PULONG MaximumTime, OUT PULONG MinimumTime, OUT PULONG CurrentTime ); NTSYSCALLAPI NTSTATUS NTAPI NtSetTimerResolution ( IN ULONG DesiredTime, IN BOOLEAN SetResolution, OUT PULONG ActualTime ); // // Locally Unique Identifier (LUID) allocation // NTSYSCALLAPI NTSTATUS NTAPI NtAllocateLocallyUniqueId( OUT PLUID Luid ); // // Universally Unique Identifier (UUID) time allocation // NTSYSCALLAPI NTSTATUS NTAPI NtSetUuidSeed ( IN PCHAR Seed ); NTSYSCALLAPI NTSTATUS NTAPI NtAllocateUuids( OUT PULARGE_INTEGER Time, OUT PULONG Range, OUT PULONG Sequence, OUT PCHAR Seed ); // // Profile Object Definitions // #define PROFILE_CONTROL 0x0001 #define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL) NTSYSCALLAPI NTSTATUS NTAPI NtCreateProfile ( OUT PHANDLE ProfileHandle, IN HANDLE Process OPTIONAL, IN PVOID ProfileBase, IN SIZE_T ProfileSize, IN ULONG BucketSize, IN PULONG Buffer, IN ULONG BufferSize, IN KPROFILE_SOURCE ProfileSource, IN KAFFINITY Affinity ); NTSYSCALLAPI NTSTATUS NTAPI NtStartProfile ( IN HANDLE ProfileHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtStopProfile ( IN HANDLE ProfileHandle ); NTSYSCALLAPI NTSTATUS NTAPI NtSetIntervalProfile ( IN ULONG Interval, IN KPROFILE_SOURCE Source ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryIntervalProfile ( IN KPROFILE_SOURCE ProfileSource, OUT PULONG Interval ); // // Performance Counter Definitions // NTSYSCALLAPI NTSTATUS NTAPI NtQueryPerformanceCounter ( OUT PLARGE_INTEGER PerformanceCounter, OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL ); #define KEYEDEVENT_WAIT 0x0001 #define KEYEDEVENT_WAKE 0x0002 #define KEYEDEVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE) NTSYSCALLAPI NTSTATUS NTAPI NtCreateKeyedEvent ( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, IN ULONG Flags ); NTSYSCALLAPI NTSTATUS NTAPI NtOpenKeyedEvent ( OUT PHANDLE KeyedEventHandle, IN ACCESS_MASK DesiredAccess, IN POBJECT_ATTRIBUTES ObjectAttributes ); NTSYSCALLAPI NTSTATUS NTAPI NtReleaseKeyedEvent ( IN HANDLE KeyedEventHandle, IN PVOID KeyValue, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtWaitForKeyedEvent ( IN HANDLE KeyedEventHandle, IN PVOID KeyValue, IN BOOLEAN Alertable, IN PLARGE_INTEGER Timeout OPTIONAL ); // // Nt Api Profile Definitions // // // Nt Api Profiling data structure // typedef struct _NAPDATA { ULONG NapLock; ULONG Calls; ULONG TimingErrors; LARGE_INTEGER TotalTime; LARGE_INTEGER FirstTime; LARGE_INTEGER MaxTime; LARGE_INTEGER MinTime; } NAPDATA, *PNAPDATA; NTSTATUS NapClearData ( VOID ); NTSTATUS NapRetrieveData ( OUT NAPDATA *NapApiData, OUT PCHAR **NapApiNames, OUT PLARGE_INTEGER *NapCounterFrequency ); NTSTATUS NapGetApiCount ( OUT PULONG NapApiCount ); NTSTATUS NapPause ( VOID ); NTSTATUS NapResume ( VOID ); // begin_ntifs begin_ntddk // // Driver Verifier Definitions // typedef ULONG_PTR (*PDRIVER_VERIFIER_THUNK_ROUTINE) ( IN PVOID Context ); // // This structure is passed in by drivers that want to thunk callers of // their exports. // typedef struct _DRIVER_VERIFIER_THUNK_PAIRS { PDRIVER_VERIFIER_THUNK_ROUTINE PristineRoutine; PDRIVER_VERIFIER_THUNK_ROUTINE NewRoutine; } DRIVER_VERIFIER_THUNK_PAIRS, *PDRIVER_VERIFIER_THUNK_PAIRS; // // Driver Verifier flags. // #define DRIVER_VERIFIER_SPECIAL_POOLING 0x0001 #define DRIVER_VERIFIER_FORCE_IRQL_CHECKING 0x0002 #define DRIVER_VERIFIER_INJECT_ALLOCATION_FAILURES 0x0004 #define DRIVER_VERIFIER_TRACK_POOL_ALLOCATIONS 0x0008 #define DRIVER_VERIFIER_IO_CHECKING 0x0010 // end_ntifs end_ntddk #define DRIVER_VERIFIER_DEADLOCK_DETECTION 0x0020 #define DRIVER_VERIFIER_ENHANCED_IO_CHECKING 0x0040 #define DRIVER_VERIFIER_DMA_VERIFIER 0x0080 #define DRIVER_VERIFIER_HARDWARE_VERIFICATION 0x0100 #define DRIVER_VERIFIER_SYSTEM_BIOS_VERIFICATION 0x0200 #define DRIVER_VERIFIER_EXPOSE_IRP_HISTORY 0x0400 // // System Information Classes. // typedef enum _SYSTEM_INFORMATION_CLASS { SystemBasicInformation, SystemProcessorInformation, // obsolete...delete SystemPerformanceInformation, SystemTimeOfDayInformation, SystemPathInformation, SystemProcessInformation, SystemCallCountInformation, SystemDeviceInformation, SystemProcessorPerformanceInformation, SystemFlagsInformation, SystemCallTimeInformation, SystemModuleInformation, SystemLocksInformation, SystemStackTraceInformation, SystemPagedPoolInformation, SystemNonPagedPoolInformation, SystemHandleInformation, SystemObjectInformation, SystemPageFileInformation, SystemVdmInstemulInformation, SystemVdmBopInformation, SystemFileCacheInformation, SystemPoolTagInformation, SystemInterruptInformation, SystemDpcBehaviorInformation, SystemFullMemoryInformation, SystemLoadGdiDriverInformation, SystemUnloadGdiDriverInformation, SystemTimeAdjustmentInformation, SystemSummaryMemoryInformation, SystemMirrorMemoryInformation, SystemPerformanceTraceInformation, SystemObsolete0, SystemExceptionInformation, SystemCrashDumpStateInformation, SystemKernelDebuggerInformation, SystemContextSwitchInformation, SystemRegistryQuotaInformation, SystemExtendServiceTableInformation, SystemPrioritySeperation, SystemVerifierAddDriverInformation, SystemVerifierRemoveDriverInformation, SystemProcessorIdleInformation, SystemLegacyDriverInformation, SystemCurrentTimeZoneInformation, SystemLookasideInformation, SystemTimeSlipNotification, SystemSessionCreate, SystemSessionDetach, SystemSessionInformation, SystemRangeStartInformation, SystemVerifierInformation, SystemVerifierThunkExtend, SystemSessionProcessInformation, SystemLoadGdiDriverInSystemSpace, SystemNumaProcessorMap, SystemPrefetcherInformation, SystemExtendedProcessInformation, SystemRecommendedSharedDataAlignment, SystemComPlusPackage, SystemNumaAvailableMemory, SystemProcessorPowerInformation, SystemEmulationBasicInformation, SystemEmulationProcessorInformation, SystemExtendedHandleInformation, SystemLostDelayedWriteInformation, SystemBigPoolInformation, SystemSessionPoolTagInformation, SystemSessionMappedViewInformation, SystemHotpatchInformation, SystemObjectSecurityMode, SystemWatchdogTimerHandler, SystemWatchdogTimerInformation, SystemLogicalProcessorInformation, MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum } SYSTEM_INFORMATION_CLASS; // // System Information Structures. // // begin_winnt #define TIME_ZONE_ID_UNKNOWN 0 #define TIME_ZONE_ID_STANDARD 1 #define TIME_ZONE_ID_DAYLIGHT 2 // end_winnt typedef struct _SYSTEM_VDM_INSTEMUL_INFO { ULONG SegmentNotPresent ; ULONG VdmOpcode0F ; ULONG OpcodeESPrefix ; ULONG OpcodeCSPrefix ; ULONG OpcodeSSPrefix ; ULONG OpcodeDSPrefix ; ULONG OpcodeFSPrefix ; ULONG OpcodeGSPrefix ; ULONG OpcodeOPER32Prefix; ULONG OpcodeADDR32Prefix; ULONG OpcodeINSB ; ULONG OpcodeINSW ; ULONG OpcodeOUTSB ; ULONG OpcodeOUTSW ; ULONG OpcodePUSHF ; ULONG OpcodePOPF ; ULONG OpcodeINTnn ; ULONG OpcodeINTO ; ULONG OpcodeIRET ; ULONG OpcodeINBimm ; ULONG OpcodeINWimm ; ULONG OpcodeOUTBimm ; ULONG OpcodeOUTWimm ; ULONG OpcodeINB ; ULONG OpcodeINW ; ULONG OpcodeOUTB ; ULONG OpcodeOUTW ; ULONG OpcodeLOCKPrefix ; ULONG OpcodeREPNEPrefix ; ULONG OpcodeREPPrefix ; ULONG OpcodeHLT ; ULONG OpcodeCLI ; ULONG OpcodeSTI ; ULONG BopCount ; } SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO; typedef struct _SYSTEM_TIMEOFDAY_INFORMATION { LARGE_INTEGER BootTime; LARGE_INTEGER CurrentTime; LARGE_INTEGER TimeZoneBias; ULONG TimeZoneId; ULONG Reserved; ULONGLONG BootTimeBias; ULONGLONG SleepTimeBias; } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; #if defined(_IA64_) typedef ULONG SYSINF_PAGE_COUNT; #else typedef SIZE_T SYSINF_PAGE_COUNT; #endif typedef struct _SYSTEM_BASIC_INFORMATION { ULONG Reserved; ULONG TimerResolution; ULONG PageSize; SYSINF_PAGE_COUNT NumberOfPhysicalPages; SYSINF_PAGE_COUNT LowestPhysicalPageNumber; SYSINF_PAGE_COUNT HighestPhysicalPageNumber; ULONG AllocationGranularity; ULONG_PTR MinimumUserModeAddress; ULONG_PTR MaximumUserModeAddress; ULONG_PTR ActiveProcessorsAffinityMask; CCHAR NumberOfProcessors; } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; typedef struct _SYSTEM_PROCESSOR_INFORMATION { USHORT ProcessorArchitecture; USHORT ProcessorLevel; USHORT ProcessorRevision; USHORT Reserved; ULONG ProcessorFeatureBits; } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleTime; LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER DpcTime; // DEVL only LARGE_INTEGER InterruptTime; // DEVL only ULONG InterruptCount; } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; typedef struct _SYSTEM_PROCESSOR_IDLE_INFORMATION { ULONGLONG IdleTime; ULONGLONG C1Time; ULONGLONG C2Time; ULONGLONG C3Time; ULONG C1Transitions; ULONG C2Transitions; ULONG C3Transitions; ULONG Padding; } SYSTEM_PROCESSOR_IDLE_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_INFORMATION; #define MAXIMUM_NUMA_NODES 16 typedef struct _SYSTEM_NUMA_INFORMATION { ULONG HighestNodeNumber; ULONG Reserved; union { ULONGLONG ActiveProcessorsAffinityMask[MAXIMUM_NUMA_NODES]; ULONGLONG AvailableMemory[MAXIMUM_NUMA_NODES]; }; } SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION; // begin_winnt typedef enum _LOGICAL_PROCESSOR_RELATIONSHIP { RelationProcessorCore, RelationNumaNode } LOGICAL_PROCESSOR_RELATIONSHIP; #define LTP_PC_SMT 0x1 typedef struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION { ULONG_PTR ProcessorMask; LOGICAL_PROCESSOR_RELATIONSHIP Relationship; union { struct { UCHAR Flags; } ProcessorCore; struct { ULONG NodeNumber; } NumaNode; ULONGLONG Reserved[2]; }; } SYSTEM_LOGICAL_PROCESSOR_INFORMATION, *PSYSTEM_LOGICAL_PROCESSOR_INFORMATION; // end_winnt typedef struct _SYSTEM_PROCESSOR_POWER_INFORMATION { UCHAR CurrentFrequency; UCHAR ThermalLimitFrequency; UCHAR ConstantThrottleFrequency; UCHAR DegradedThrottleFrequency; UCHAR LastBusyFrequency; UCHAR LastC3Frequency; UCHAR LastAdjustedBusyFrequency; UCHAR ProcessorMinThrottle; UCHAR ProcessorMaxThrottle; ULONG NumberOfFrequencies; ULONG PromotionCount; ULONG DemotionCount; ULONG ErrorCount; ULONG RetryCount; ULONGLONG CurrentFrequencyTime; ULONGLONG CurrentProcessorTime; ULONGLONG CurrentProcessorIdleTime; ULONGLONG LastProcessorTime; ULONGLONG LastProcessorIdleTime; } SYSTEM_PROCESSOR_POWER_INFORMATION, *PSYSTEM_PROCESSOR_POWER_INFORMATION; typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION { ULONG TimeAdjustment; ULONG TimeIncrement; BOOLEAN Enable; } SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION; typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION { ULONG TimeAdjustment; BOOLEAN Enable; } SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION; typedef struct _SYSTEM_PERFORMANCE_INFORMATION { LARGE_INTEGER IdleProcessTime; LARGE_INTEGER IoReadTransferCount; LARGE_INTEGER IoWriteTransferCount; LARGE_INTEGER IoOtherTransferCount; ULONG IoReadOperationCount; ULONG IoWriteOperationCount; ULONG IoOtherOperationCount; ULONG AvailablePages; SYSINF_PAGE_COUNT CommittedPages; SYSINF_PAGE_COUNT CommitLimit; SYSINF_PAGE_COUNT PeakCommitment; ULONG PageFaultCount; ULONG CopyOnWriteCount; ULONG TransitionCount; ULONG CacheTransitionCount; ULONG DemandZeroCount; ULONG PageReadCount; ULONG PageReadIoCount; ULONG CacheReadCount; ULONG CacheIoCount; ULONG DirtyPagesWriteCount; ULONG DirtyWriteIoCount; ULONG MappedPagesWriteCount; ULONG MappedWriteIoCount; ULONG PagedPoolPages; ULONG NonPagedPoolPages; ULONG PagedPoolAllocs; ULONG PagedPoolFrees; ULONG NonPagedPoolAllocs; ULONG NonPagedPoolFrees; ULONG FreeSystemPtes; ULONG ResidentSystemCodePage; ULONG TotalSystemDriverPages; ULONG TotalSystemCodePages; ULONG NonPagedPoolLookasideHits; ULONG PagedPoolLookasideHits; ULONG AvailablePagedPoolPages; ULONG ResidentSystemCachePage; ULONG ResidentPagedPoolPage; ULONG ResidentSystemDriverPage; ULONG CcFastReadNoWait; ULONG CcFastReadWait; ULONG CcFastReadResourceMiss; ULONG CcFastReadNotPossible; ULONG CcFastMdlReadNoWait; ULONG CcFastMdlReadWait; ULONG CcFastMdlReadResourceMiss; ULONG CcFastMdlReadNotPossible; ULONG CcMapDataNoWait; ULONG CcMapDataWait; ULONG CcMapDataNoWaitMiss; ULONG CcMapDataWaitMiss; ULONG CcPinMappedDataCount; ULONG CcPinReadNoWait; ULONG CcPinReadWait; ULONG CcPinReadNoWaitMiss; ULONG CcPinReadWaitMiss; ULONG CcCopyReadNoWait; ULONG CcCopyReadWait; ULONG CcCopyReadNoWaitMiss; ULONG CcCopyReadWaitMiss; ULONG CcMdlReadNoWait; ULONG CcMdlReadWait; ULONG CcMdlReadNoWaitMiss; ULONG CcMdlReadWaitMiss; ULONG CcReadAheadIos; ULONG CcLazyWriteIos; ULONG CcLazyWritePages; ULONG CcDataFlushes; ULONG CcDataPages; ULONG ContextSwitches; ULONG FirstLevelTbFills; ULONG SecondLevelTbFills; ULONG SystemCalls; } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; typedef struct _SYSTEM_PROCESS_INFORMATION { ULONG NextEntryOffset; ULONG NumberOfThreads; LARGE_INTEGER SpareLi1; LARGE_INTEGER SpareLi2; LARGE_INTEGER SpareLi3; LARGE_INTEGER CreateTime; LARGE_INTEGER UserTime; LARGE_INTEGER KernelTime; UNICODE_STRING ImageName; KPRIORITY BasePriority; HANDLE UniqueProcessId; HANDLE InheritedFromUniqueProcessId; ULONG HandleCount; ULONG SessionId; ULONG_PTR PageDirectoryBase; SIZE_T PeakVirtualSize; SIZE_T VirtualSize; ULONG PageFaultCount; SIZE_T PeakWorkingSetSize; SIZE_T WorkingSetSize; SIZE_T QuotaPeakPagedPoolUsage; SIZE_T QuotaPagedPoolUsage; SIZE_T QuotaPeakNonPagedPoolUsage; SIZE_T QuotaNonPagedPoolUsage; SIZE_T PagefileUsage; SIZE_T PeakPagefileUsage; SIZE_T PrivatePageCount; LARGE_INTEGER ReadOperationCount; LARGE_INTEGER WriteOperationCount; LARGE_INTEGER OtherOperationCount; LARGE_INTEGER ReadTransferCount; LARGE_INTEGER WriteTransferCount; LARGE_INTEGER OtherTransferCount; } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION { ULONG SessionId; ULONG SizeOfBuf; PVOID Buffer; } SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION; typedef struct _SYSTEM_THREAD_INFORMATION { LARGE_INTEGER KernelTime; LARGE_INTEGER UserTime; LARGE_INTEGER CreateTime; ULONG WaitTime; PVOID StartAddress; CLIENT_ID ClientId; KPRIORITY Priority; LONG BasePriority; ULONG ContextSwitches; ULONG ThreadState; ULONG WaitReason; } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION { SYSTEM_THREAD_INFORMATION ThreadInfo; PVOID StackBase; PVOID StackLimit; PVOID Win32StartAddress; ULONG_PTR Reserved1; ULONG_PTR Reserved2; ULONG_PTR Reserved3; ULONG_PTR Reserved4; } SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION; typedef struct _SYSTEM_MEMORY_INFO { PUCHAR StringOffset; USHORT ValidCount; USHORT TransitionCount; USHORT ModifiedCount; USHORT PageTableCount; } SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO; typedef struct _SYSTEM_MEMORY_INFORMATION { ULONG InfoSize; ULONG_PTR StringStart; SYSTEM_MEMORY_INFO Memory[1]; } SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION; typedef struct _SYSTEM_CALL_COUNT_INFORMATION { ULONG Length; ULONG NumberOfTables; //ULONG NumberOfEntries[NumberOfTables]; //ULONG CallCounts[NumberOfTables][NumberOfEntries]; } SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION; typedef struct _SYSTEM_DEVICE_INFORMATION { ULONG NumberOfDisks; ULONG NumberOfFloppies; ULONG NumberOfCdRoms; ULONG NumberOfTapes; ULONG NumberOfSerialPorts; ULONG NumberOfParallelPorts; } SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION; typedef struct _SYSTEM_EXCEPTION_INFORMATION { ULONG AlignmentFixupCount; ULONG ExceptionDispatchCount; ULONG FloatingEmulationCount; ULONG ByteWordEmulationCount; } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION { BOOLEAN KernelDebuggerEnabled; BOOLEAN KernelDebuggerNotPresent; } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION { ULONG RegistryQuotaAllowed; ULONG RegistryQuotaUsed; SIZE_T PagedPoolSize; } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; typedef struct _SYSTEM_GDI_DRIVER_INFORMATION { UNICODE_STRING DriverName; PVOID ImageAddress; PVOID SectionPointer; PVOID EntryPoint; PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; ULONG ImageLength; } SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION; #if DEVL typedef struct _SYSTEM_FLAGS_INFORMATION { ULONG Flags; } SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION; typedef struct _SYSTEM_CALL_TIME_INFORMATION { ULONG Length; ULONG TotalCalls; LARGE_INTEGER TimeOfCalls[1]; } SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION; typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO { USHORT UniqueProcessId; USHORT CreatorBackTraceIndex; UCHAR ObjectTypeIndex; UCHAR HandleAttributes; USHORT HandleValue; PVOID Object; ULONG GrantedAccess; } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; typedef struct _SYSTEM_HANDLE_INFORMATION { ULONG NumberOfHandles; SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[ 1 ]; } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX { PVOID Object; ULONG_PTR UniqueProcessId; ULONG_PTR HandleValue; ULONG GrantedAccess; USHORT CreatorBackTraceIndex; USHORT ObjectTypeIndex; ULONG HandleAttributes; ULONG Reserved; } SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; typedef struct _SYSTEM_HANDLE_INFORMATION_EX { ULONG_PTR NumberOfHandles; ULONG_PTR Reserved; SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[ 1 ]; } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; typedef struct _SYSTEM_OBJECTTYPE_INFORMATION { ULONG NextEntryOffset; ULONG NumberOfObjects; ULONG NumberOfHandles; ULONG TypeIndex; ULONG InvalidAttributes; GENERIC_MAPPING GenericMapping; ULONG ValidAccessMask; ULONG PoolType; BOOLEAN SecurityRequired; BOOLEAN WaitableObject; UNICODE_STRING TypeName; } SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION; typedef struct _SYSTEM_OBJECT_INFORMATION { ULONG NextEntryOffset; PVOID Object; HANDLE CreatorUniqueProcess; USHORT CreatorBackTraceIndex; USHORT Flags; LONG PointerCount; LONG HandleCount; ULONG PagedPoolCharge; ULONG NonPagedPoolCharge; HANDLE ExclusiveProcessId; PVOID SecurityDescriptor; OBJECT_NAME_INFORMATION NameInfo; } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; typedef struct _SYSTEM_PAGEFILE_INFORMATION { ULONG NextEntryOffset; ULONG TotalSize; ULONG TotalInUse; ULONG PeakUsage; UNICODE_STRING PageFileName; } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; typedef struct _SYSTEM_VERIFIER_INFORMATION { ULONG NextEntryOffset; ULONG Level; UNICODE_STRING DriverName; ULONG RaiseIrqls; ULONG AcquireSpinLocks; ULONG SynchronizeExecutions; ULONG AllocationsAttempted; ULONG AllocationsSucceeded; ULONG AllocationsSucceededSpecialPool; ULONG AllocationsWithNoTag; ULONG TrimRequests; ULONG Trims; ULONG AllocationsFailed; ULONG AllocationsFailedDeliberately; ULONG Loads; ULONG Unloads; ULONG UnTrackedPool; ULONG CurrentPagedPoolAllocations; ULONG CurrentNonPagedPoolAllocations; ULONG PeakPagedPoolAllocations; ULONG PeakNonPagedPoolAllocations; SIZE_T PagedPoolUsageInBytes; SIZE_T NonPagedPoolUsageInBytes; SIZE_T PeakPagedPoolUsageInBytes; SIZE_T PeakNonPagedPoolUsageInBytes; } SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION; typedef struct _SYSTEM_FILECACHE_INFORMATION { SIZE_T CurrentSize; SIZE_T PeakSize; ULONG PageFaultCount; SIZE_T MinimumWorkingSet; SIZE_T MaximumWorkingSet; SIZE_T CurrentSizeIncludingTransitionInPages; SIZE_T PeakSizeIncludingTransitionInPages; ULONG TransitionRePurposeCount; ULONG spare[1]; } SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION; #define FLG_HOTPATCH_KERNEL 0x80000000 #define FLG_HOTPATCH_RELOAD_NTDLL 0x40000000 #define FLG_HOTPATCH_NAME_INFO 0x20000000 #define FLG_HOTPATCH_RENAME_INFO 0x10000000 #define FLG_HOTPATCH_MAP_ATOMIC_SWAP 0x08000000 #define FLG_HOTPATCH_ACTIVE 0x00000001 #define FLG_HOTPATCH_STATUS_FLAGS FLG_HOTPATCH_ACTIVE #define FLG_HOTPATCH_VERIFICATION_ERROR 0x00800000 typedef struct _HOTPATCH_HOOK_DESCRIPTOR{ ULONG_PTR TargetAddress; PVOID MappedAddress; ULONG CodeOffset; ULONG CodeSize; ULONG OrigCodeOffset; ULONG ValidationOffset; ULONG ValidationSize; }HOTPATCH_HOOK_DESCRIPTOR, *PHOTPATCH_HOOK_DESCRIPTOR; typedef struct _SYSTEM_HOTPATCH_CODE_INFORMATION { ULONG Flags; ULONG InfoSize; union { struct { ULONG DescriptorsCount; HOTPATCH_HOOK_DESCRIPTOR CodeDescriptors[1]; // variable size structure } CodeInfo; struct { USHORT NameOffset; USHORT NameLength; } KernelInfo; struct { USHORT NameOffset; USHORT NameLength; USHORT TargetNameOffset; USHORT TargetNameLength; } UserModeInfo; struct { HANDLE FileHandle1; PIO_STATUS_BLOCK IoStatusBlock1; PFILE_RENAME_INFORMATION RenameInformation1; ULONG RenameInformationLength1; HANDLE FileHandle2; PIO_STATUS_BLOCK IoStatusBlock2; PFILE_RENAME_INFORMATION RenameInformation2; ULONG RenameInformationLength2; } RenameInfo; struct { HANDLE ParentDirectory; HANDLE ObjectHandle1; HANDLE ObjectHandle2; } AtomicSwap; }; // // NOTE Do not add anything after CodeDescriptors array as // it is assumed to have a variable size // } SYSTEM_HOTPATCH_CODE_INFORMATION, *PSYSTEM_HOTPATCH_CODE_INFORMATION; // // Watchdog Timer // typedef enum _WATCHDOG_HANDLER_ACTION { WdActionSetTimeoutValue, WdActionQueryTimeoutValue, WdActionResetTimer, WdActionStopTimer, WdActionStartTimer, WdActionSetTriggerAction, WdActionQueryTriggerAction, WdActionQueryState } WATCHDOG_HANDLER_ACTION; typedef enum _WATCHDOG_INFORMATION_CLASS { WdInfoTimeoutValue, WdInfoResetTimer, WdInfoStopTimer, WdInfoStartTimer, WdInfoTriggerAction, WdInfoState } WATCHDOG_INFORMATION_CLASS; typedef NTSTATUS (*PWD_HANDLER)( IN WATCHDOG_HANDLER_ACTION Action, IN PVOID Context, IN OUT PULONG DataValue, IN BOOLEAN NoLocks ); typedef struct _SYSTEM_WATCHDOG_HANDLER_INFORMATION { PWD_HANDLER WdHandler; PVOID Context; } SYSTEM_WATCHDOG_HANDLER_INFORMATION, *PSYSTEM_WATCHDOG_HANDLER_INFORMATION; #define WDSTATE_FIRED 0x00000001 #define WDSTATE_HARDWARE_ENABLED 0x00000002 #define WDSTATE_STARTED 0x00000004 #define WDSTATE_HARDWARE_PRESENT 0x00000008 typedef struct _SYSTEM_WATCHDOG_TIMER_INFORMATION { WATCHDOG_INFORMATION_CLASS WdInfoClass; ULONG DataValue; } SYSTEM_WATCHDOG_TIMER_INFORMATION, *PSYSTEM_WATCHDOG_TIMER_INFORMATION; #if _MSC_VER >= 1200 #pragma warning(push) #endif #pragma warning(disable:4201) // unnamed struct/union typedef struct _SYSTEM_POOL_ENTRY { BOOLEAN Allocated; BOOLEAN Spare0; USHORT AllocatorBackTraceIndex; ULONG Size; union { UCHAR Tag[4]; ULONG TagUlong; PVOID ProcessChargedQuota; }; } SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY; typedef struct _SYSTEM_POOL_INFORMATION { SIZE_T TotalSize; PVOID FirstEntry; USHORT EntryOverhead; BOOLEAN PoolTagPresent; BOOLEAN Spare0; ULONG NumberOfEntries; SYSTEM_POOL_ENTRY Entries[1]; } SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION; typedef struct _SYSTEM_POOLTAG { union { UCHAR Tag[4]; ULONG TagUlong; }; ULONG PagedAllocs; ULONG PagedFrees; SIZE_T PagedUsed; ULONG NonPagedAllocs; ULONG NonPagedFrees; SIZE_T NonPagedUsed; } SYSTEM_POOLTAG, *PSYSTEM_POOLTAG; typedef struct _SYSTEM_BIGPOOL_ENTRY { union { PVOID VirtualAddress; ULONG_PTR NonPaged : 1; // Set to 1 if entry is nonpaged. }; SIZE_T SizeInBytes; union { UCHAR Tag[4]; ULONG TagUlong; }; } SYSTEM_BIGPOOL_ENTRY, *PSYSTEM_BIGPOOL_ENTRY; #if _MSC_VER >= 1200 #pragma warning(pop) #else #pragma warning( default : 4201 ) #endif typedef struct _SYSTEM_POOLTAG_INFORMATION { ULONG Count; SYSTEM_POOLTAG TagInfo[1]; } SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION; typedef struct _SYSTEM_SESSION_POOLTAG_INFORMATION { SIZE_T NextEntryOffset; ULONG SessionId; ULONG Count; SYSTEM_POOLTAG TagInfo[1]; } SYSTEM_SESSION_POOLTAG_INFORMATION, *PSYSTEM_SESSION_POOLTAG_INFORMATION; typedef struct _SYSTEM_BIGPOOL_INFORMATION { ULONG Count; SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1]; } SYSTEM_BIGPOOL_INFORMATION, *PSYSTEM_BIGPOOL_INFORMATION; typedef struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION { SIZE_T NextEntryOffset; ULONG SessionId; ULONG ViewFailures; SIZE_T NumberOfBytesAvailable; SIZE_T NumberOfBytesAvailableContiguous; } SYSTEM_SESSION_MAPPED_VIEW_INFORMATION, *PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION; typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION { ULONG ContextSwitches; ULONG FindAny; ULONG FindLast; ULONG FindIdeal; ULONG IdleAny; ULONG IdleCurrent; ULONG IdleLast; ULONG IdleIdeal; ULONG PreemptAny; ULONG PreemptCurrent; ULONG PreemptLast; ULONG SwitchToIdle; } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; typedef struct _SYSTEM_INTERRUPT_INFORMATION { ULONG ContextSwitches; ULONG DpcCount; ULONG DpcRate; ULONG TimeIncrement; ULONG DpcBypassCount; ULONG ApcBypassCount; } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION; typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION { ULONG Spare; ULONG DpcQueueDepth; ULONG MinimumDpcRate; ULONG AdjustDpcThreshold; ULONG IdealDpcRate; } SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION; #endif // DEVL typedef struct _SYSTEM_LOOKASIDE_INFORMATION { USHORT CurrentDepth; USHORT MaximumDepth; ULONG TotalAllocates; ULONG AllocateMisses; ULONG TotalFrees; ULONG FreeMisses; ULONG Type; ULONG Tag; ULONG Size; } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION { ULONG VetoType; UNICODE_STRING VetoList; } SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION; // begin_winnt #define PROCESSOR_INTEL_386 386 #define PROCESSOR_INTEL_486 486 #define PROCESSOR_INTEL_PENTIUM 586 #define PROCESSOR_INTEL_IA64 2200 #define PROCESSOR_AMD_X8664 8664 #define PROCESSOR_MIPS_R4000 4000 // incl R4101 & R3910 for Windows CE #define PROCESSOR_ALPHA_21064 21064 #define PROCESSOR_PPC_601 601 #define PROCESSOR_PPC_603 603 #define PROCESSOR_PPC_604 604 #define PROCESSOR_PPC_620 620 #define PROCESSOR_HITACHI_SH3 10003 // Windows CE #define PROCESSOR_HITACHI_SH3E 10004 // Windows CE #define PROCESSOR_HITACHI_SH4 10005 // Windows CE #define PROCESSOR_MOTOROLA_821 821 // Windows CE #define PROCESSOR_SHx_SH3 103 // Windows CE #define PROCESSOR_SHx_SH4 104 // Windows CE #define PROCESSOR_STRONGARM 2577 // Windows CE - 0xA11 #define PROCESSOR_ARM720 1824 // Windows CE - 0x720 #define PROCESSOR_ARM820 2080 // Windows CE - 0x820 #define PROCESSOR_ARM920 2336 // Windows CE - 0x920 #define PROCESSOR_ARM_7TDMI 70001 // Windows CE #define PROCESSOR_OPTIL 0x494f // MSIL #define PROCESSOR_ARCHITECTURE_INTEL 0 #define PROCESSOR_ARCHITECTURE_MIPS 1 #define PROCESSOR_ARCHITECTURE_ALPHA 2 #define PROCESSOR_ARCHITECTURE_PPC 3 #define PROCESSOR_ARCHITECTURE_SHX 4 #define PROCESSOR_ARCHITECTURE_ARM 5 #define PROCESSOR_ARCHITECTURE_IA64 6 #define PROCESSOR_ARCHITECTURE_ALPHA64 7 #define PROCESSOR_ARCHITECTURE_MSIL 8 #define PROCESSOR_ARCHITECTURE_AMD64 9 #define PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 10 #define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF // end_winnt NTSYSCALLAPI NTSTATUS NTAPI NtQuerySystemInformation ( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, OUT PVOID SystemInformation, IN ULONG SystemInformationLength, OUT PULONG ReturnLength OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtSetSystemInformation ( IN SYSTEM_INFORMATION_CLASS SystemInformationClass, IN PVOID SystemInformation, IN ULONG SystemInformationLength ); // // SysDbg APIs are available to user-mode processes via // NtSystemDebugControl. // typedef enum _SYSDBG_COMMAND { SysDbgQueryModuleInformation, SysDbgQueryTraceInformation, SysDbgSetTracepoint, SysDbgSetSpecialCall, SysDbgClearSpecialCalls, SysDbgQuerySpecialCalls, SysDbgBreakPoint, SysDbgQueryVersion, SysDbgReadVirtual, SysDbgWriteVirtual, SysDbgReadPhysical, SysDbgWritePhysical, SysDbgReadControlSpace, SysDbgWriteControlSpace, SysDbgReadIoSpace, SysDbgWriteIoSpace, SysDbgReadMsr, SysDbgWriteMsr, SysDbgReadBusData, SysDbgWriteBusData, SysDbgCheckLowMemory, SysDbgEnableKernelDebugger, SysDbgDisableKernelDebugger, SysDbgGetAutoKdEnable, SysDbgSetAutoKdEnable, SysDbgGetPrintBufferSize, SysDbgSetPrintBufferSize, SysDbgGetKdUmExceptionEnable, SysDbgSetKdUmExceptionEnable, } SYSDBG_COMMAND, *PSYSDBG_COMMAND; typedef struct _SYSDBG_VIRTUAL { PVOID Address; PVOID Buffer; ULONG Request; } SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL; typedef struct _SYSDBG_PHYSICAL { PHYSICAL_ADDRESS Address; PVOID Buffer; ULONG Request; } SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL; typedef struct _SYSDBG_CONTROL_SPACE { ULONG64 Address; PVOID Buffer; ULONG Request; ULONG Processor; } SYSDBG_CONTROL_SPACE, *PSYSDBG_CONTROL_SPACE; typedef struct _SYSDBG_IO_SPACE { ULONG64 Address; PVOID Buffer; ULONG Request; INTERFACE_TYPE InterfaceType; ULONG BusNumber; ULONG AddressSpace; } SYSDBG_IO_SPACE, *PSYSDBG_IO_SPACE; typedef struct _SYSDBG_MSR { ULONG Msr; ULONG64 Data; } SYSDBG_MSR, *PSYSDBG_MSR; typedef struct _SYSDBG_BUS_DATA { ULONG Address; PVOID Buffer; ULONG Request; BUS_DATA_TYPE BusDataType; ULONG BusNumber; ULONG SlotNumber; } SYSDBG_BUS_DATA, *PSYSDBG_BUS_DATA; NTSYSCALLAPI NTSTATUS NTAPI NtSystemDebugControl ( IN SYSDBG_COMMAND Command, IN PVOID InputBuffer, IN ULONG InputBufferLength, OUT PVOID OutputBuffer, IN ULONG OutputBufferLength, OUT PULONG ReturnLength ); typedef enum _HARDERROR_RESPONSE_OPTION { OptionAbortRetryIgnore, OptionOk, OptionOkCancel, OptionRetryCancel, OptionYesNo, OptionYesNoCancel, OptionShutdownSystem, OptionOkNoWait, OptionCancelTryContinue } HARDERROR_RESPONSE_OPTION; typedef enum _HARDERROR_RESPONSE { ResponseReturnToCaller, ResponseNotHandled, ResponseAbort, ResponseCancel, ResponseIgnore, ResponseNo, ResponseOk, ResponseRetry, ResponseYes, ResponseTryAgain, ResponseContinue } HARDERROR_RESPONSE; #define HARDERROR_PARAMETERS_FLAGSPOS 4 #define HARDERROR_FLAGS_DEFDESKTOPONLY 0x00020000 #define MAXIMUM_HARDERROR_PARAMETERS 5 #define HARDERROR_OVERRIDE_ERRORMODE 0x10000000 typedef struct _HARDERROR_MSG { PORT_MESSAGE h; NTSTATUS Status; LARGE_INTEGER ErrorTime; ULONG ValidResponseOptions; ULONG Response; ULONG NumberOfParameters; ULONG UnicodeStringParameterMask; ULONG_PTR Parameters[MAXIMUM_HARDERROR_PARAMETERS]; } HARDERROR_MSG, *PHARDERROR_MSG; NTSYSCALLAPI NTSTATUS NTAPI NtRaiseHardError( IN NTSTATUS ErrorStatus, IN ULONG NumberOfParameters, IN ULONG UnicodeStringParameterMask, IN PULONG_PTR Parameters, IN ULONG ValidResponseOptions, OUT PULONG Response ); // begin_wdm begin_ntddk begin_nthal begin_ntifs // // Defined processor features // #define PF_FLOATING_POINT_PRECISION_ERRATA 0 // winnt #define PF_FLOATING_POINT_EMULATED 1 // winnt #define PF_COMPARE_EXCHANGE_DOUBLE 2 // winnt #define PF_MMX_INSTRUCTIONS_AVAILABLE 3 // winnt #define PF_PPC_MOVEMEM_64BIT_OK 4 // winnt #define PF_ALPHA_BYTE_INSTRUCTIONS 5 // winnt #define PF_XMMI_INSTRUCTIONS_AVAILABLE 6 // winnt #define PF_3DNOW_INSTRUCTIONS_AVAILABLE 7 // winnt #define PF_RDTSC_INSTRUCTION_AVAILABLE 8 // winnt #define PF_PAE_ENABLED 9 // winnt #define PF_XMMI64_INSTRUCTIONS_AVAILABLE 10 // winnt typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE { StandardDesign, // None == 0 == standard design NEC98x86, // NEC PC98xx series on X86 EndAlternatives // past end of known alternatives } ALTERNATIVE_ARCHITECTURE_TYPE; // correctly define these run-time definitions for non X86 machines #ifndef _X86_ #ifndef IsNEC_98 #define IsNEC_98 (FALSE) #endif #ifndef IsNotNEC_98 #define IsNotNEC_98 (TRUE) #endif #ifndef SetNEC_98 #define SetNEC_98 #endif #ifndef SetNotNEC_98 #define SetNotNEC_98 #endif #endif #define PROCESSOR_FEATURE_MAX 64 // end_wdm #if defined(REMOTE_BOOT) // // Defined system flags. // /* the following two lines should be tagged with "winnt" when REMOTE_BOOT is on. */ #define SYSTEM_FLAG_REMOTE_BOOT_CLIENT 0x00000001 #define SYSTEM_FLAG_DISKLESS_CLIENT 0x00000002 #endif // defined(REMOTE_BOOT) // // Define data shared between kernel and user mode. // // N.B. User mode has read only access to this data // #ifdef _MAC #pragma warning( disable : 4121) #endif // // WARNING: This structure must have exactly the same layout for 32- and // 64-bit systems. The layout of this structure cannot change and new // fields can only be added to the end of the structure. Deprecated // fields cannot be deleted. Platform specific fields are included on // all systems. // // Layout exactness is required for Wow64 support of 32bit applications // on Win64 systems. // // The layout itself cannot change since this sturcture has been exported // in ntddk, ntifs.h, and nthal.h for some time. // typedef struct _KUSER_SHARED_DATA { // // Current low 32-bit of tick count and tick count multiplier. // // N.B. The tick count is updated each time the clock ticks. // ULONG TickCountLowDeprecated; ULONG TickCountMultiplier; // // Current 64-bit interrupt time in 100ns units. // volatile KSYSTEM_TIME InterruptTime; // // Current 64-bit system time in 100ns units. // volatile KSYSTEM_TIME SystemTime; // // Current 64-bit time zone bias. // volatile KSYSTEM_TIME TimeZoneBias; // // Support image magic number range for the host system. // // N.B. This is an inclusive range. // USHORT ImageNumberLow; USHORT ImageNumberHigh; // // Copy of system root in Unicode // WCHAR NtSystemRoot[ 260 ]; // // Maximum stack trace depth if tracing enabled. // ULONG MaxStackTraceDepth; // // Crypto Exponent // ULONG CryptoExponent; // // TimeZoneId // ULONG TimeZoneId; ULONG LargePageMinimum; ULONG Reserved2[ 7 ]; // // product type // NT_PRODUCT_TYPE NtProductType; BOOLEAN ProductTypeIsValid; // // NT Version. Note that each process sees a version from its PEB, but // if the process is running with an altered view of the system version, // the following two fields are used to correctly identify the version // ULONG NtMajorVersion; ULONG NtMinorVersion; // // Processor Feature Bits // BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX]; // // Reserved fields - do not use // ULONG Reserved1; ULONG Reserved3; // // Time slippage while in debugger // volatile ULONG TimeSlip; // // Alternative system architecture. Example: NEC PC98xx on x86 // ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture; // // If the system is an evaluation unit, the following field contains the // date and time that the evaluation unit expires. A value of 0 indicates // that there is no expiration. A non-zero value is the UTC absolute time // that the system expires. // LARGE_INTEGER SystemExpirationDate; // // Suite Support // ULONG SuiteMask; // // TRUE if a kernel debugger is connected/enabled // BOOLEAN KdDebuggerEnabled; // // Current console session Id. Always zero on non-TS systems // volatile ULONG ActiveConsoleId; // // Force-dismounts cause handles to become invalid. Rather than // always probe handles, we maintain a serial number of // dismounts that clients can use to see if they need to probe // handles. // volatile ULONG DismountCount; // // This field indicates the status of the 64-bit COM+ package on the system. // It indicates whether the Itermediate Language (IL) COM+ images need to // use the 64-bit COM+ runtime or the 32-bit COM+ runtime. // ULONG ComPlusPackage; // // Time in tick count for system-wide last user input across all // terminal sessions. For MP performance, it is not updated all // the time (e.g. once a minute per session). It is used for idle // detection. // ULONG LastSystemRITEventTickCount; // // Number of physical pages in the system. This can dynamically // change as physical memory can be added or removed from a running // system. // ULONG NumberOfPhysicalPages; // // True if the system was booted in safe boot mode. // BOOLEAN SafeBootMode; // // The following field is used for Heap and CritSec Tracing // The last bit is set for Critical Sec Collision tracing and // second Last bit is for Heap Tracing // Also the first 16 bits are used as counter. // ULONG TraceLogging; // // Depending on the processor, the code for fast system call // will differ, the following buffer is filled with the appropriate // code sequence and user mode code will branch through it. // // (32 bytes, using ULONGLONG for alignment). // // N.B. The following two fields are only used on 32-bit systems. // ULONGLONG Fill0; // alignment ULONGLONG SystemCall[4]; // // The 64-bit tick count. // union { volatile KSYSTEM_TIME TickCount; volatile ULONG64 TickCountQuad; }; } KUSER_SHARED_DATA, *PKUSER_SHARED_DATA; #ifdef _MAC #pragma warning( default : 4121 ) #endif // end_ntddk end_nthal end_ntifs #define DOSDEVICE_DRIVE_UNKNOWN 0 #define DOSDEVICE_DRIVE_CALCULATE 1 #define DOSDEVICE_DRIVE_REMOVABLE 2 #define DOSDEVICE_DRIVE_FIXED 3 #define DOSDEVICE_DRIVE_REMOTE 4 #define DOSDEVICE_DRIVE_CDROM 5 #define DOSDEVICE_DRIVE_RAMDISK 6 #if defined(USER_SHARED_DATA) && !defined(MIDL_PASS) && !defined(SORTPP_PASS) FORCEINLINE ULONGLONG NtGetTickCount64( VOID ) { ULARGE_INTEGER TickCount; #if defined(_WIN64) TickCount.QuadPart = USER_SHARED_DATA->TickCountQuad; #else for (;;) { TickCount.HighPart = (ULONG) USER_SHARED_DATA->TickCount.High1Time; TickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart; if (TickCount.HighPart == (ULONG) USER_SHARED_DATA->TickCount.High2Time) { break; } #if defined(_X86_) _asm { rep nop } #endif } #endif return ((UInt32x32To64(TickCount.LowPart, USER_SHARED_DATA->TickCountMultiplier) >> 24) + (UInt32x32To64(TickCount.HighPart, USER_SHARED_DATA->TickCountMultiplier) << 8)); } FORCEINLINE ULONG NtGetTickCount( VOID ) { #if defined(_WIN64) return (ULONG) ((USER_SHARED_DATA->TickCountQuad * USER_SHARED_DATA->TickCountMultiplier) >> 24); #else ULARGE_INTEGER TickCount; for (;;) { TickCount.HighPart = (ULONG) USER_SHARED_DATA->TickCount.High1Time; TickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart; if (TickCount.HighPart == (ULONG) USER_SHARED_DATA->TickCount.High2Time) { break; } #if defined(_X86_) _asm { rep nop } #endif } return (ULONG) ((UInt32x32To64(TickCount.LowPart, USER_SHARED_DATA->TickCountMultiplier) >> 24) + UInt32x32To64(TickCount.HighPart << 8, USER_SHARED_DATA->TickCountMultiplier)); #endif } #endif // (defined(USER_SHARED_DATA) && !defined(MIDL_PASS) && !defined(SORTPP_PASS)) NTSYSCALLAPI NTSTATUS NTAPI NtQueryDefaultLocale( IN BOOLEAN UserProfile, OUT PLCID DefaultLocaleId ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDefaultLocale( IN BOOLEAN UserProfile, IN LCID DefaultLocaleId ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryInstallUILanguage( OUT LANGID *InstallUILanguageId ); NTSYSCALLAPI NTSTATUS NTAPI NtQueryDefaultUILanguage( OUT LANGID *DefaultUILanguageId ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDefaultUILanguage( IN LANGID DefaultUILanguageId ); NTSYSCALLAPI NTSTATUS NTAPI NtSetDefaultHardErrorPort( IN HANDLE DefaultHardErrorPort ); typedef enum _SHUTDOWN_ACTION { ShutdownNoReboot, ShutdownReboot, ShutdownPowerOff } SHUTDOWN_ACTION; NTSYSCALLAPI NTSTATUS NTAPI NtShutdownSystem( IN SHUTDOWN_ACTION Action ); NTSYSCALLAPI NTSTATUS NTAPI NtDisplayString( IN PUNICODE_STRING String ); // // Global flags that can be set to control system behavior. // Flag word is 32 bits. // #define FLG_STOP_ON_EXCEPTION 0x00000001 // user and kernel mode #define FLG_SHOW_LDR_SNAPS 0x00000002 // user and kernel mode #define FLG_DEBUG_INITIAL_COMMAND 0x00000004 // kernel mode only up until WINLOGON started #define FLG_STOP_ON_HUNG_GUI 0x00000008 // kernel mode only while running #define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 // user mode only #define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 // user mode only #define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 // user mode only #define FLG_HEAP_VALIDATE_ALL 0x00000080 // user mode only #define FLG_APPLICATION_VERIFIER 0x00000100 // user mode only #define FLG_POOL_ENABLE_TAGGING 0x00000400 // kernel mode only #define FLG_HEAP_ENABLE_TAGGING 0x00000800 // user mode only #define FLG_USER_STACK_TRACE_DB 0x00001000 // x86 user mode only #define FLG_KERNEL_STACK_TRACE_DB 0x00002000 // x86 kernel mode only at boot time #define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 // kernel mode only at boot time #define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 // user mode only #define FLG_DISABLE_STACK_EXTENSION 0x00010000 // user mode only #define FLG_ENABLE_CSRDEBUG 0x00020000 // kernel mode only at boot time #define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 // kernel mode only #define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 // kernel mode only at boot time #define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000 // user mode only #define FLG_HEAP_DISABLE_COALESCING 0x00200000 // user mode only #define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 // kernel mode only #define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 // kernel mode only #define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 // kernel mode only #define FLG_HEAP_PAGE_ALLOCS 0x02000000 // user mode only #define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 // kernel mode only up until WINLOGON started #define FLG_DISABLE_DBGPRINT 0x08000000 // kernel mode only #define FLG_CRITSEC_EVENT_CREATION 0x10000000 // user mode only, Force early creation of resource events #define FLG_LDR_TOP_DOWN 0x20000000 // user mode only, win64 only #define FLG_ENABLE_HANDLE_EXCEPTIONS 0x40000000 // kernel mode only #define FLG_DISABLE_PROTDLLS 0x80000000 // user mode only (smss/winlogon) #define FLG_VALID_BITS 0xFFFFFDFF #define FLG_USERMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \ FLG_SHOW_LDR_SNAPS | \ FLG_HEAP_ENABLE_TAIL_CHECK | \ FLG_HEAP_ENABLE_FREE_CHECK | \ FLG_HEAP_VALIDATE_PARAMETERS | \ FLG_HEAP_VALIDATE_ALL | \ FLG_APPLICATION_VERIFIER | \ FLG_HEAP_ENABLE_TAGGING | \ FLG_USER_STACK_TRACE_DB | \ FLG_HEAP_ENABLE_TAG_BY_DLL | \ FLG_DISABLE_STACK_EXTENSION | \ FLG_ENABLE_SYSTEM_CRIT_BREAKS | \ FLG_HEAP_DISABLE_COALESCING | \ FLG_DISABLE_PROTDLLS | \ FLG_HEAP_PAGE_ALLOCS | \ FLG_CRITSEC_EVENT_CREATION | \ FLG_LDR_TOP_DOWN) #define FLG_BOOTONLY_VALID_BITS (FLG_KERNEL_STACK_TRACE_DB | \ FLG_MAINTAIN_OBJECT_TYPELIST | \ FLG_ENABLE_CSRDEBUG | \ FLG_DEBUG_INITIAL_COMMAND | \ FLG_DEBUG_INITIAL_COMMAND_EX | \ FLG_DISABLE_PAGE_KERNEL_STACKS) #define FLG_KERNELMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \ FLG_SHOW_LDR_SNAPS | \ FLG_STOP_ON_HUNG_GUI | \ FLG_POOL_ENABLE_TAGGING | \ FLG_ENABLE_KDEBUG_SYMBOL_LOAD | \ FLG_ENABLE_CLOSE_EXCEPTIONS | \ FLG_ENABLE_EXCEPTION_LOGGING | \ FLG_ENABLE_HANDLE_TYPE_TAGGING | \ FLG_DISABLE_DBGPRINT | \ FLG_ENABLE_HANDLE_EXCEPTIONS \ ) // // Routines for manipulating global atoms stored in kernel space // typedef USHORT RTL_ATOM, *PRTL_ATOM; NTSYSCALLAPI NTSTATUS NTAPI NtAddAtom( IN PWSTR AtomName OPTIONAL, IN ULONG Length OPTIONAL, OUT PRTL_ATOM Atom OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtFindAtom( IN PWSTR AtomName, IN ULONG Length, OUT PRTL_ATOM Atom OPTIONAL ); NTSYSCALLAPI NTSTATUS NTAPI NtDeleteAtom( IN RTL_ATOM Atom ); typedef enum _ATOM_INFORMATION_CLASS { AtomBasicInformation, AtomTableInformation } ATOM_INFORMATION_CLASS; typedef struct _ATOM_BASIC_INFORMATION { USHORT UsageCount; USHORT Flags; USHORT NameLength; WCHAR Name[ 1 ]; } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; typedef struct _ATOM_TABLE_INFORMATION { ULONG NumberOfAtoms; RTL_ATOM Atoms[ 1 ]; } ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION; NTSYSCALLAPI NTSTATUS NTAPI NtQueryInformationAtom( IN RTL_ATOM Atom, IN ATOM_INFORMATION_CLASS AtomInformationClass, OUT PVOID AtomInformation, IN ULONG AtomInformationLength, OUT PULONG ReturnLength OPTIONAL ); #ifdef __cplusplus } #endif #endif // _NTEXAPI_