You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2696 lines
67 KiB
2696 lines
67 KiB
|
|
/*++ BUILD Version: 0008 // Increment this if a change has global effects
|
|
|
|
Copyright (c) Microsoft Corporation. All rights reserved.
|
|
|
|
Module Name:
|
|
|
|
ntexapi.h
|
|
|
|
Abstract:
|
|
|
|
This module is the header file for the all the system services that
|
|
are contained in the "ex" directory.
|
|
|
|
Author:
|
|
|
|
David N. Cutler (davec) 5-May-1989
|
|
|
|
Revision History:
|
|
|
|
--*/
|
|
|
|
#ifndef _NTEXAPI_
|
|
#define _NTEXAPI_
|
|
|
|
#if _MSC_VER > 1000
|
|
#pragma once
|
|
#endif
|
|
|
|
#ifdef __cplusplus
|
|
extern "C" {
|
|
#endif
|
|
|
|
|
|
//
|
|
// Delay thread execution.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDelayExecution (
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER DelayInterval
|
|
);
|
|
|
|
//
|
|
// Query and set system environment variables.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySystemEnvironmentValue (
|
|
IN PUNICODE_STRING VariableName,
|
|
OUT PWSTR VariableValue,
|
|
IN USHORT ValueLength,
|
|
OUT PUSHORT ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSystemEnvironmentValue (
|
|
IN PUNICODE_STRING VariableName,
|
|
IN PUNICODE_STRING VariableValue
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySystemEnvironmentValueEx (
|
|
IN PUNICODE_STRING VariableName,
|
|
IN LPGUID VendorGuid,
|
|
OUT PVOID Value,
|
|
IN OUT PULONG ValueLength,
|
|
OUT PULONG Attributes OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSystemEnvironmentValueEx (
|
|
IN PUNICODE_STRING VariableName,
|
|
IN LPGUID VendorGuid,
|
|
IN PVOID Value,
|
|
IN ULONG ValueLength,
|
|
IN ULONG Attributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtEnumerateSystemEnvironmentValuesEx (
|
|
IN ULONG InformationClass,
|
|
OUT PVOID Buffer,
|
|
IN OUT PULONG BufferLength
|
|
);
|
|
|
|
// begin_nthal
|
|
|
|
#define VARIABLE_ATTRIBUTE_NON_VOLATILE 0x00000001
|
|
|
|
#define VARIABLE_INFORMATION_NAMES 1
|
|
#define VARIABLE_INFORMATION_VALUES 2
|
|
|
|
typedef struct _VARIABLE_NAME {
|
|
ULONG NextEntryOffset;
|
|
GUID VendorGuid;
|
|
WCHAR Name[ANYSIZE_ARRAY];
|
|
} VARIABLE_NAME, *PVARIABLE_NAME;
|
|
|
|
typedef struct _VARIABLE_NAME_AND_VALUE {
|
|
ULONG NextEntryOffset;
|
|
ULONG ValueOffset;
|
|
ULONG ValueLength;
|
|
ULONG Attributes;
|
|
GUID VendorGuid;
|
|
WCHAR Name[ANYSIZE_ARRAY];
|
|
//UCHAR Value[ANYSIZE_ARRAY];
|
|
} VARIABLE_NAME_AND_VALUE, *PVARIABLE_NAME_AND_VALUE;
|
|
|
|
// end_nthal
|
|
|
|
//
|
|
// Boot entry management APIs.
|
|
//
|
|
|
|
typedef struct _FILE_PATH {
|
|
ULONG Version;
|
|
ULONG Length;
|
|
ULONG Type;
|
|
UCHAR FilePath[ANYSIZE_ARRAY];
|
|
} FILE_PATH, *PFILE_PATH;
|
|
|
|
#define FILE_PATH_VERSION 1
|
|
|
|
#define FILE_PATH_TYPE_ARC 1
|
|
#define FILE_PATH_TYPE_ARC_SIGNATURE 2
|
|
#define FILE_PATH_TYPE_NT 3
|
|
#define FILE_PATH_TYPE_EFI 4
|
|
|
|
#define FILE_PATH_TYPE_MIN FILE_PATH_TYPE_ARC
|
|
#define FILE_PATH_TYPE_MAX FILE_PATH_TYPE_EFI
|
|
|
|
typedef struct _WINDOWS_OS_OPTIONS {
|
|
UCHAR Signature[8];
|
|
ULONG Version;
|
|
ULONG Length;
|
|
ULONG OsLoadPathOffset;
|
|
WCHAR OsLoadOptions[ANYSIZE_ARRAY];
|
|
//FILE_PATH OsLoadPath;
|
|
} WINDOWS_OS_OPTIONS, *PWINDOWS_OS_OPTIONS;
|
|
|
|
#define WINDOWS_OS_OPTIONS_SIGNATURE "WINDOWS"
|
|
|
|
#define WINDOWS_OS_OPTIONS_VERSION 1
|
|
|
|
typedef struct _BOOT_ENTRY {
|
|
ULONG Version;
|
|
ULONG Length;
|
|
ULONG Id;
|
|
ULONG Attributes;
|
|
ULONG FriendlyNameOffset;
|
|
ULONG BootFilePathOffset;
|
|
ULONG OsOptionsLength;
|
|
UCHAR OsOptions[ANYSIZE_ARRAY];
|
|
//WCHAR FriendlyName[ANYSIZE_ARRAY];
|
|
//FILE_PATH BootFilePath;
|
|
} BOOT_ENTRY, *PBOOT_ENTRY;
|
|
|
|
#define BOOT_ENTRY_VERSION 1
|
|
|
|
#define BOOT_ENTRY_ATTRIBUTE_ACTIVE 0x00000001
|
|
#define BOOT_ENTRY_ATTRIBUTE_DEFAULT 0x00000002
|
|
#define BOOT_ENTRY_ATTRIBUTE_WINDOWS 0x00000004
|
|
#define BOOT_ENTRY_ATTRIBUTE_REMOVABLE_MEDIA 0x00000008
|
|
|
|
#define BOOT_ENTRY_ATTRIBUTE_VALID_BITS ( \
|
|
BOOT_ENTRY_ATTRIBUTE_ACTIVE | \
|
|
BOOT_ENTRY_ATTRIBUTE_DEFAULT \
|
|
)
|
|
|
|
typedef struct _BOOT_OPTIONS {
|
|
ULONG Version;
|
|
ULONG Length;
|
|
ULONG Timeout;
|
|
ULONG CurrentBootEntryId;
|
|
ULONG NextBootEntryId;
|
|
WCHAR HeadlessRedirection[ANYSIZE_ARRAY];
|
|
} BOOT_OPTIONS, *PBOOT_OPTIONS;
|
|
|
|
#define BOOT_OPTIONS_VERSION 1
|
|
|
|
#define BOOT_OPTIONS_FIELD_TIMEOUT 0x00000001
|
|
#define BOOT_OPTIONS_FIELD_NEXT_BOOT_ENTRY_ID 0x00000002
|
|
#define BOOT_OPTIONS_FIELD_HEADLESS_REDIRECTION 0x00000004
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAddBootEntry (
|
|
IN PBOOT_ENTRY BootEntry,
|
|
OUT PULONG Id OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDeleteBootEntry (
|
|
IN ULONG Id
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtModifyBootEntry (
|
|
IN PBOOT_ENTRY BootEntry
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtEnumerateBootEntries (
|
|
OUT PVOID Buffer,
|
|
IN OUT PULONG BufferLength
|
|
);
|
|
|
|
typedef struct _BOOT_ENTRY_LIST {
|
|
ULONG NextEntryOffset;
|
|
BOOT_ENTRY BootEntry;
|
|
} BOOT_ENTRY_LIST, *PBOOT_ENTRY_LIST;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryBootEntryOrder (
|
|
OUT PULONG Ids,
|
|
IN OUT PULONG Count
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetBootEntryOrder (
|
|
IN PULONG Ids,
|
|
IN ULONG Count
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryBootOptions (
|
|
OUT PBOOT_OPTIONS BootOptions,
|
|
IN OUT PULONG BootOptionsLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetBootOptions (
|
|
IN PBOOT_OPTIONS BootOptions,
|
|
IN ULONG FieldsToChange
|
|
);
|
|
|
|
#define BOOT_OPTIONS_FIELD_COUNTDOWN 0x00000001
|
|
#define BOOT_OPTIONS_FIELD_NEXT_BOOT_ENTRY_ID 0x00000002
|
|
#define BOOT_OPTIONS_FIELD_HEADLESS_REDIRECTION 0x00000004
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtTranslateFilePath (
|
|
IN PFILE_PATH InputFilePath,
|
|
IN ULONG OutputType,
|
|
OUT PFILE_PATH OutputFilePath,
|
|
IN OUT PULONG OutputFilePathLength
|
|
);
|
|
|
|
//
|
|
// Driver entry management APIs.
|
|
//
|
|
|
|
typedef struct _EFI_DRIVER_ENTRY {
|
|
ULONG Version;
|
|
ULONG Length;
|
|
ULONG Id;
|
|
ULONG FriendlyNameOffset;
|
|
ULONG DriverFilePathOffset;
|
|
//WCHAR FriendlyName[ANYSIZE_ARRAY];
|
|
//FILE_PATH DriverFilePath;
|
|
} EFI_DRIVER_ENTRY, *PEFI_DRIVER_ENTRY;
|
|
|
|
typedef struct _EFI_DRIVER_ENTRY_LIST {
|
|
ULONG NextEntryOffset;
|
|
EFI_DRIVER_ENTRY DriverEntry;
|
|
} EFI_DRIVER_ENTRY_LIST, *PEFI_DRIVER_ENTRY_LIST;
|
|
|
|
#define EFI_DRIVER_ENTRY_VERSION 1
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAddDriverEntry (
|
|
IN PEFI_DRIVER_ENTRY DriverEntry,
|
|
OUT PULONG Id OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDeleteDriverEntry (
|
|
IN ULONG Id
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtModifyDriverEntry (
|
|
IN PEFI_DRIVER_ENTRY DriverEntry
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtEnumerateDriverEntries (
|
|
OUT PVOID Buffer,
|
|
IN OUT PULONG BufferLength
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryDriverEntryOrder (
|
|
OUT PULONG Ids,
|
|
IN OUT PULONG Count
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetDriverEntryOrder (
|
|
IN PULONG Ids,
|
|
IN ULONG Count
|
|
);
|
|
|
|
|
|
// begin_ntifs begin_wdm begin_ntddk
|
|
//
|
|
// Event Specific Access Rights.
|
|
//
|
|
|
|
#define EVENT_QUERY_STATE 0x0001
|
|
#define EVENT_MODIFY_STATE 0x0002 // winnt
|
|
#define EVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) // winnt
|
|
|
|
// end_ntifs end_wdm end_ntddk
|
|
|
|
//
|
|
// Event Information Classes.
|
|
//
|
|
|
|
typedef enum _EVENT_INFORMATION_CLASS {
|
|
EventBasicInformation
|
|
} EVENT_INFORMATION_CLASS;
|
|
|
|
//
|
|
// Event Information Structures.
|
|
//
|
|
|
|
typedef struct _EVENT_BASIC_INFORMATION {
|
|
EVENT_TYPE EventType;
|
|
LONG EventState;
|
|
} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
|
|
|
|
//
|
|
// Event object function definitions.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtClearEvent (
|
|
IN HANDLE EventHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateEvent (
|
|
OUT PHANDLE EventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN EVENT_TYPE EventType,
|
|
IN BOOLEAN InitialState
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenEvent (
|
|
OUT PHANDLE EventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtPulseEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryEvent (
|
|
IN HANDLE EventHandle,
|
|
IN EVENT_INFORMATION_CLASS EventInformationClass,
|
|
OUT PVOID EventInformation,
|
|
IN ULONG EventInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtResetEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetEvent (
|
|
IN HANDLE EventHandle,
|
|
OUT PLONG PreviousState OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetEventBoostPriority (
|
|
IN HANDLE EventHandle
|
|
);
|
|
|
|
|
|
//
|
|
// Event Specific Access Rights.
|
|
//
|
|
|
|
#define EVENT_PAIR_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE)
|
|
|
|
|
|
//
|
|
// Event pair object function definitions.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateEventPair (
|
|
OUT PHANDLE EventPairHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenEventPair(
|
|
OUT PHANDLE EventPairHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWaitLowEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWaitHighEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetLowWaitHighEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetHighWaitLowEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetLowEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetHighEventPair(
|
|
IN HANDLE EventPairHandle
|
|
);
|
|
|
|
|
|
//
|
|
// Mutant Specific Access Rights.
|
|
//
|
|
|
|
// begin_winnt
|
|
#define MUTANT_QUERY_STATE 0x0001
|
|
|
|
#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
|
|
MUTANT_QUERY_STATE)
|
|
// end_winnt
|
|
|
|
//
|
|
// Mutant Information Classes.
|
|
//
|
|
|
|
typedef enum _MUTANT_INFORMATION_CLASS {
|
|
MutantBasicInformation
|
|
} MUTANT_INFORMATION_CLASS;
|
|
|
|
//
|
|
// Mutant Information Structures.
|
|
//
|
|
|
|
typedef struct _MUTANT_BASIC_INFORMATION {
|
|
LONG CurrentCount;
|
|
BOOLEAN OwnedByCaller;
|
|
BOOLEAN AbandonedState;
|
|
} MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION;
|
|
|
|
//
|
|
// Mutant object function definitions.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateMutant (
|
|
OUT PHANDLE MutantHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN BOOLEAN InitialOwner
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenMutant (
|
|
OUT PHANDLE MutantHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryMutant (
|
|
IN HANDLE MutantHandle,
|
|
IN MUTANT_INFORMATION_CLASS MutantInformationClass,
|
|
OUT PVOID MutantInformation,
|
|
IN ULONG MutantInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtReleaseMutant (
|
|
IN HANDLE MutantHandle,
|
|
OUT PLONG PreviousCount OPTIONAL
|
|
);
|
|
|
|
// begin_ntifs begin_wdm begin_ntddk
|
|
//
|
|
// Semaphore Specific Access Rights.
|
|
//
|
|
|
|
#define SEMAPHORE_QUERY_STATE 0x0001
|
|
#define SEMAPHORE_MODIFY_STATE 0x0002 // winnt
|
|
|
|
#define SEMAPHORE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3) // winnt
|
|
|
|
// end_ntifs end_wdm end_ntddk
|
|
|
|
//
|
|
// Semaphore Information Classes.
|
|
//
|
|
|
|
typedef enum _SEMAPHORE_INFORMATION_CLASS {
|
|
SemaphoreBasicInformation
|
|
} SEMAPHORE_INFORMATION_CLASS;
|
|
|
|
//
|
|
// Semaphore Information Structures.
|
|
//
|
|
|
|
typedef struct _SEMAPHORE_BASIC_INFORMATION {
|
|
LONG CurrentCount;
|
|
LONG MaximumCount;
|
|
} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
|
|
|
|
//
|
|
// Semaphore object function definitions.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateSemaphore (
|
|
OUT PHANDLE SemaphoreHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN LONG InitialCount,
|
|
IN LONG MaximumCount
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenSemaphore(
|
|
OUT PHANDLE SemaphoreHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySemaphore (
|
|
IN HANDLE SemaphoreHandle,
|
|
IN SEMAPHORE_INFORMATION_CLASS SemaphoreInformationClass,
|
|
OUT PVOID SemaphoreInformation,
|
|
IN ULONG SemaphoreInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtReleaseSemaphore(
|
|
IN HANDLE SemaphoreHandle,
|
|
IN LONG ReleaseCount,
|
|
OUT PLONG PreviousCount OPTIONAL
|
|
);
|
|
|
|
|
|
// begin_winnt
|
|
//
|
|
// Timer Specific Access Rights.
|
|
//
|
|
|
|
#define TIMER_QUERY_STATE 0x0001
|
|
#define TIMER_MODIFY_STATE 0x0002
|
|
|
|
#define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|\
|
|
TIMER_QUERY_STATE|TIMER_MODIFY_STATE)
|
|
|
|
|
|
// end_winnt
|
|
//
|
|
// Timer Information Classes.
|
|
//
|
|
|
|
typedef enum _TIMER_INFORMATION_CLASS {
|
|
TimerBasicInformation
|
|
} TIMER_INFORMATION_CLASS;
|
|
|
|
//
|
|
// Timer Information Structures.
|
|
//
|
|
|
|
typedef struct _TIMER_BASIC_INFORMATION {
|
|
LARGE_INTEGER RemainingTime;
|
|
BOOLEAN TimerState;
|
|
} TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION;
|
|
|
|
// begin_ntddk
|
|
//
|
|
// Timer APC routine definition.
|
|
//
|
|
|
|
typedef
|
|
VOID
|
|
(*PTIMER_APC_ROUTINE) (
|
|
IN PVOID TimerContext,
|
|
IN ULONG TimerLowValue,
|
|
IN LONG TimerHighValue
|
|
);
|
|
|
|
// end_ntddk
|
|
|
|
//
|
|
// Timer object function definitions.
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateTimer (
|
|
OUT PHANDLE TimerHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN TIMER_TYPE TimerType
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenTimer (
|
|
OUT PHANDLE TimerHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCancelTimer (
|
|
IN HANDLE TimerHandle,
|
|
OUT PBOOLEAN CurrentState OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryTimer (
|
|
IN HANDLE TimerHandle,
|
|
IN TIMER_INFORMATION_CLASS TimerInformationClass,
|
|
OUT PVOID TimerInformation,
|
|
IN ULONG TimerInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetTimer (
|
|
IN HANDLE TimerHandle,
|
|
IN PLARGE_INTEGER DueTime,
|
|
IN PTIMER_APC_ROUTINE TimerApcRoutine OPTIONAL,
|
|
IN PVOID TimerContext OPTIONAL,
|
|
IN BOOLEAN ResumeTimer,
|
|
IN LONG Period OPTIONAL,
|
|
OUT PBOOLEAN PreviousState OPTIONAL
|
|
);
|
|
|
|
//
|
|
// System Time and Timer function definitions
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySystemTime (
|
|
OUT PLARGE_INTEGER SystemTime
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSystemTime (
|
|
IN PLARGE_INTEGER SystemTime,
|
|
OUT PLARGE_INTEGER PreviousTime OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryTimerResolution (
|
|
OUT PULONG MaximumTime,
|
|
OUT PULONG MinimumTime,
|
|
OUT PULONG CurrentTime
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetTimerResolution (
|
|
IN ULONG DesiredTime,
|
|
IN BOOLEAN SetResolution,
|
|
OUT PULONG ActualTime
|
|
);
|
|
|
|
//
|
|
// Locally Unique Identifier (LUID) allocation
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateLocallyUniqueId(
|
|
OUT PLUID Luid
|
|
);
|
|
|
|
|
|
//
|
|
// Universally Unique Identifier (UUID) time allocation
|
|
//
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetUuidSeed (
|
|
IN PCHAR Seed
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAllocateUuids(
|
|
OUT PULARGE_INTEGER Time,
|
|
OUT PULONG Range,
|
|
OUT PULONG Sequence,
|
|
OUT PCHAR Seed
|
|
);
|
|
|
|
|
|
//
|
|
// Profile Object Definitions
|
|
//
|
|
|
|
#define PROFILE_CONTROL 0x0001
|
|
#define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateProfile (
|
|
OUT PHANDLE ProfileHandle,
|
|
IN HANDLE Process OPTIONAL,
|
|
IN PVOID ProfileBase,
|
|
IN SIZE_T ProfileSize,
|
|
IN ULONG BucketSize,
|
|
IN PULONG Buffer,
|
|
IN ULONG BufferSize,
|
|
IN KPROFILE_SOURCE ProfileSource,
|
|
IN KAFFINITY Affinity
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtStartProfile (
|
|
IN HANDLE ProfileHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtStopProfile (
|
|
IN HANDLE ProfileHandle
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetIntervalProfile (
|
|
IN ULONG Interval,
|
|
IN KPROFILE_SOURCE Source
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryIntervalProfile (
|
|
IN KPROFILE_SOURCE ProfileSource,
|
|
OUT PULONG Interval
|
|
);
|
|
|
|
|
|
//
|
|
// Performance Counter Definitions
|
|
//
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryPerformanceCounter (
|
|
OUT PLARGE_INTEGER PerformanceCounter,
|
|
OUT PLARGE_INTEGER PerformanceFrequency OPTIONAL
|
|
);
|
|
|
|
|
|
#define KEYEDEVENT_WAIT 0x0001
|
|
#define KEYEDEVENT_WAKE 0x0002
|
|
#define KEYEDEVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | KEYEDEVENT_WAIT | KEYEDEVENT_WAKE)
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtCreateKeyedEvent (
|
|
OUT PHANDLE KeyedEventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
|
|
IN ULONG Flags
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtOpenKeyedEvent (
|
|
OUT PHANDLE KeyedEventHandle,
|
|
IN ACCESS_MASK DesiredAccess,
|
|
IN POBJECT_ATTRIBUTES ObjectAttributes
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtReleaseKeyedEvent (
|
|
IN HANDLE KeyedEventHandle,
|
|
IN PVOID KeyValue,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtWaitForKeyedEvent (
|
|
IN HANDLE KeyedEventHandle,
|
|
IN PVOID KeyValue,
|
|
IN BOOLEAN Alertable,
|
|
IN PLARGE_INTEGER Timeout OPTIONAL
|
|
);
|
|
|
|
//
|
|
// Nt Api Profile Definitions
|
|
//
|
|
|
|
//
|
|
// Nt Api Profiling data structure
|
|
//
|
|
|
|
typedef struct _NAPDATA {
|
|
ULONG NapLock;
|
|
ULONG Calls;
|
|
ULONG TimingErrors;
|
|
LARGE_INTEGER TotalTime;
|
|
LARGE_INTEGER FirstTime;
|
|
LARGE_INTEGER MaxTime;
|
|
LARGE_INTEGER MinTime;
|
|
} NAPDATA, *PNAPDATA;
|
|
|
|
NTSTATUS
|
|
NapClearData (
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
NapRetrieveData (
|
|
OUT NAPDATA *NapApiData,
|
|
OUT PCHAR **NapApiNames,
|
|
OUT PLARGE_INTEGER *NapCounterFrequency
|
|
);
|
|
|
|
NTSTATUS
|
|
NapGetApiCount (
|
|
OUT PULONG NapApiCount
|
|
);
|
|
|
|
NTSTATUS
|
|
NapPause (
|
|
VOID
|
|
);
|
|
|
|
NTSTATUS
|
|
NapResume (
|
|
VOID
|
|
);
|
|
|
|
|
|
|
|
// begin_ntifs begin_ntddk
|
|
|
|
//
|
|
// Driver Verifier Definitions
|
|
//
|
|
|
|
typedef ULONG_PTR (*PDRIVER_VERIFIER_THUNK_ROUTINE) (
|
|
IN PVOID Context
|
|
);
|
|
|
|
//
|
|
// This structure is passed in by drivers that want to thunk callers of
|
|
// their exports.
|
|
//
|
|
|
|
typedef struct _DRIVER_VERIFIER_THUNK_PAIRS {
|
|
PDRIVER_VERIFIER_THUNK_ROUTINE PristineRoutine;
|
|
PDRIVER_VERIFIER_THUNK_ROUTINE NewRoutine;
|
|
} DRIVER_VERIFIER_THUNK_PAIRS, *PDRIVER_VERIFIER_THUNK_PAIRS;
|
|
|
|
//
|
|
// Driver Verifier flags.
|
|
//
|
|
|
|
#define DRIVER_VERIFIER_SPECIAL_POOLING 0x0001
|
|
#define DRIVER_VERIFIER_FORCE_IRQL_CHECKING 0x0002
|
|
#define DRIVER_VERIFIER_INJECT_ALLOCATION_FAILURES 0x0004
|
|
#define DRIVER_VERIFIER_TRACK_POOL_ALLOCATIONS 0x0008
|
|
#define DRIVER_VERIFIER_IO_CHECKING 0x0010
|
|
|
|
// end_ntifs end_ntddk
|
|
|
|
#define DRIVER_VERIFIER_DEADLOCK_DETECTION 0x0020
|
|
#define DRIVER_VERIFIER_ENHANCED_IO_CHECKING 0x0040
|
|
#define DRIVER_VERIFIER_DMA_VERIFIER 0x0080
|
|
#define DRIVER_VERIFIER_HARDWARE_VERIFICATION 0x0100
|
|
#define DRIVER_VERIFIER_SYSTEM_BIOS_VERIFICATION 0x0200
|
|
#define DRIVER_VERIFIER_EXPOSE_IRP_HISTORY 0x0400
|
|
|
|
|
|
//
|
|
// System Information Classes.
|
|
//
|
|
|
|
typedef enum _SYSTEM_INFORMATION_CLASS {
|
|
SystemBasicInformation,
|
|
SystemProcessorInformation, // obsolete...delete
|
|
SystemPerformanceInformation,
|
|
SystemTimeOfDayInformation,
|
|
SystemPathInformation,
|
|
SystemProcessInformation,
|
|
SystemCallCountInformation,
|
|
SystemDeviceInformation,
|
|
SystemProcessorPerformanceInformation,
|
|
SystemFlagsInformation,
|
|
SystemCallTimeInformation,
|
|
SystemModuleInformation,
|
|
SystemLocksInformation,
|
|
SystemStackTraceInformation,
|
|
SystemPagedPoolInformation,
|
|
SystemNonPagedPoolInformation,
|
|
SystemHandleInformation,
|
|
SystemObjectInformation,
|
|
SystemPageFileInformation,
|
|
SystemVdmInstemulInformation,
|
|
SystemVdmBopInformation,
|
|
SystemFileCacheInformation,
|
|
SystemPoolTagInformation,
|
|
SystemInterruptInformation,
|
|
SystemDpcBehaviorInformation,
|
|
SystemFullMemoryInformation,
|
|
SystemLoadGdiDriverInformation,
|
|
SystemUnloadGdiDriverInformation,
|
|
SystemTimeAdjustmentInformation,
|
|
SystemSummaryMemoryInformation,
|
|
SystemMirrorMemoryInformation,
|
|
SystemPerformanceTraceInformation,
|
|
SystemObsolete0,
|
|
SystemExceptionInformation,
|
|
SystemCrashDumpStateInformation,
|
|
SystemKernelDebuggerInformation,
|
|
SystemContextSwitchInformation,
|
|
SystemRegistryQuotaInformation,
|
|
SystemExtendServiceTableInformation,
|
|
SystemPrioritySeperation,
|
|
SystemVerifierAddDriverInformation,
|
|
SystemVerifierRemoveDriverInformation,
|
|
SystemProcessorIdleInformation,
|
|
SystemLegacyDriverInformation,
|
|
SystemCurrentTimeZoneInformation,
|
|
SystemLookasideInformation,
|
|
SystemTimeSlipNotification,
|
|
SystemSessionCreate,
|
|
SystemSessionDetach,
|
|
SystemSessionInformation,
|
|
SystemRangeStartInformation,
|
|
SystemVerifierInformation,
|
|
SystemVerifierThunkExtend,
|
|
SystemSessionProcessInformation,
|
|
SystemLoadGdiDriverInSystemSpace,
|
|
SystemNumaProcessorMap,
|
|
SystemPrefetcherInformation,
|
|
SystemExtendedProcessInformation,
|
|
SystemRecommendedSharedDataAlignment,
|
|
SystemComPlusPackage,
|
|
SystemNumaAvailableMemory,
|
|
SystemProcessorPowerInformation,
|
|
SystemEmulationBasicInformation,
|
|
SystemEmulationProcessorInformation,
|
|
SystemExtendedHandleInformation,
|
|
SystemLostDelayedWriteInformation,
|
|
SystemBigPoolInformation,
|
|
SystemSessionPoolTagInformation,
|
|
SystemSessionMappedViewInformation,
|
|
SystemHotpatchInformation,
|
|
SystemObjectSecurityMode,
|
|
SystemWatchdogTimerHandler,
|
|
SystemWatchdogTimerInformation,
|
|
SystemLogicalProcessorInformation,
|
|
MaxSystemInfoClass // MaxSystemInfoClass should always be the last enum
|
|
} SYSTEM_INFORMATION_CLASS;
|
|
|
|
//
|
|
// System Information Structures.
|
|
//
|
|
|
|
// begin_winnt
|
|
#define TIME_ZONE_ID_UNKNOWN 0
|
|
#define TIME_ZONE_ID_STANDARD 1
|
|
#define TIME_ZONE_ID_DAYLIGHT 2
|
|
// end_winnt
|
|
|
|
typedef struct _SYSTEM_VDM_INSTEMUL_INFO {
|
|
ULONG SegmentNotPresent ;
|
|
ULONG VdmOpcode0F ;
|
|
ULONG OpcodeESPrefix ;
|
|
ULONG OpcodeCSPrefix ;
|
|
ULONG OpcodeSSPrefix ;
|
|
ULONG OpcodeDSPrefix ;
|
|
ULONG OpcodeFSPrefix ;
|
|
ULONG OpcodeGSPrefix ;
|
|
ULONG OpcodeOPER32Prefix;
|
|
ULONG OpcodeADDR32Prefix;
|
|
ULONG OpcodeINSB ;
|
|
ULONG OpcodeINSW ;
|
|
ULONG OpcodeOUTSB ;
|
|
ULONG OpcodeOUTSW ;
|
|
ULONG OpcodePUSHF ;
|
|
ULONG OpcodePOPF ;
|
|
ULONG OpcodeINTnn ;
|
|
ULONG OpcodeINTO ;
|
|
ULONG OpcodeIRET ;
|
|
ULONG OpcodeINBimm ;
|
|
ULONG OpcodeINWimm ;
|
|
ULONG OpcodeOUTBimm ;
|
|
ULONG OpcodeOUTWimm ;
|
|
ULONG OpcodeINB ;
|
|
ULONG OpcodeINW ;
|
|
ULONG OpcodeOUTB ;
|
|
ULONG OpcodeOUTW ;
|
|
ULONG OpcodeLOCKPrefix ;
|
|
ULONG OpcodeREPNEPrefix ;
|
|
ULONG OpcodeREPPrefix ;
|
|
ULONG OpcodeHLT ;
|
|
ULONG OpcodeCLI ;
|
|
ULONG OpcodeSTI ;
|
|
ULONG BopCount ;
|
|
} SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO;
|
|
|
|
typedef struct _SYSTEM_TIMEOFDAY_INFORMATION {
|
|
LARGE_INTEGER BootTime;
|
|
LARGE_INTEGER CurrentTime;
|
|
LARGE_INTEGER TimeZoneBias;
|
|
ULONG TimeZoneId;
|
|
ULONG Reserved;
|
|
ULONGLONG BootTimeBias;
|
|
ULONGLONG SleepTimeBias;
|
|
} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
|
|
|
|
#if defined(_IA64_)
|
|
typedef ULONG SYSINF_PAGE_COUNT;
|
|
#else
|
|
typedef SIZE_T SYSINF_PAGE_COUNT;
|
|
#endif
|
|
|
|
typedef struct _SYSTEM_BASIC_INFORMATION {
|
|
ULONG Reserved;
|
|
ULONG TimerResolution;
|
|
ULONG PageSize;
|
|
SYSINF_PAGE_COUNT NumberOfPhysicalPages;
|
|
SYSINF_PAGE_COUNT LowestPhysicalPageNumber;
|
|
SYSINF_PAGE_COUNT HighestPhysicalPageNumber;
|
|
ULONG AllocationGranularity;
|
|
ULONG_PTR MinimumUserModeAddress;
|
|
ULONG_PTR MaximumUserModeAddress;
|
|
ULONG_PTR ActiveProcessorsAffinityMask;
|
|
CCHAR NumberOfProcessors;
|
|
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_PROCESSOR_INFORMATION {
|
|
USHORT ProcessorArchitecture;
|
|
USHORT ProcessorLevel;
|
|
USHORT ProcessorRevision;
|
|
USHORT Reserved;
|
|
ULONG ProcessorFeatureBits;
|
|
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION {
|
|
LARGE_INTEGER IdleTime;
|
|
LARGE_INTEGER KernelTime;
|
|
LARGE_INTEGER UserTime;
|
|
LARGE_INTEGER DpcTime; // DEVL only
|
|
LARGE_INTEGER InterruptTime; // DEVL only
|
|
ULONG InterruptCount;
|
|
} SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_PROCESSOR_IDLE_INFORMATION {
|
|
ULONGLONG IdleTime;
|
|
ULONGLONG C1Time;
|
|
ULONGLONG C2Time;
|
|
ULONGLONG C3Time;
|
|
ULONG C1Transitions;
|
|
ULONG C2Transitions;
|
|
ULONG C3Transitions;
|
|
ULONG Padding;
|
|
} SYSTEM_PROCESSOR_IDLE_INFORMATION, *PSYSTEM_PROCESSOR_IDLE_INFORMATION;
|
|
|
|
#define MAXIMUM_NUMA_NODES 16
|
|
|
|
typedef struct _SYSTEM_NUMA_INFORMATION {
|
|
ULONG HighestNodeNumber;
|
|
ULONG Reserved;
|
|
union {
|
|
ULONGLONG ActiveProcessorsAffinityMask[MAXIMUM_NUMA_NODES];
|
|
ULONGLONG AvailableMemory[MAXIMUM_NUMA_NODES];
|
|
};
|
|
} SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION;
|
|
|
|
// begin_winnt
|
|
|
|
typedef enum _LOGICAL_PROCESSOR_RELATIONSHIP {
|
|
RelationProcessorCore,
|
|
RelationNumaNode
|
|
} LOGICAL_PROCESSOR_RELATIONSHIP;
|
|
|
|
#define LTP_PC_SMT 0x1
|
|
|
|
typedef struct _SYSTEM_LOGICAL_PROCESSOR_INFORMATION {
|
|
ULONG_PTR ProcessorMask;
|
|
LOGICAL_PROCESSOR_RELATIONSHIP Relationship;
|
|
union {
|
|
struct {
|
|
UCHAR Flags;
|
|
} ProcessorCore;
|
|
struct {
|
|
ULONG NodeNumber;
|
|
} NumaNode;
|
|
ULONGLONG Reserved[2];
|
|
};
|
|
} SYSTEM_LOGICAL_PROCESSOR_INFORMATION, *PSYSTEM_LOGICAL_PROCESSOR_INFORMATION;
|
|
|
|
// end_winnt
|
|
|
|
typedef struct _SYSTEM_PROCESSOR_POWER_INFORMATION {
|
|
UCHAR CurrentFrequency;
|
|
UCHAR ThermalLimitFrequency;
|
|
UCHAR ConstantThrottleFrequency;
|
|
UCHAR DegradedThrottleFrequency;
|
|
UCHAR LastBusyFrequency;
|
|
UCHAR LastC3Frequency;
|
|
UCHAR LastAdjustedBusyFrequency;
|
|
UCHAR ProcessorMinThrottle;
|
|
UCHAR ProcessorMaxThrottle;
|
|
ULONG NumberOfFrequencies;
|
|
ULONG PromotionCount;
|
|
ULONG DemotionCount;
|
|
ULONG ErrorCount;
|
|
ULONG RetryCount;
|
|
ULONGLONG CurrentFrequencyTime;
|
|
ULONGLONG CurrentProcessorTime;
|
|
ULONGLONG CurrentProcessorIdleTime;
|
|
ULONGLONG LastProcessorTime;
|
|
ULONGLONG LastProcessorIdleTime;
|
|
} SYSTEM_PROCESSOR_POWER_INFORMATION, *PSYSTEM_PROCESSOR_POWER_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION {
|
|
ULONG TimeAdjustment;
|
|
ULONG TimeIncrement;
|
|
BOOLEAN Enable;
|
|
} SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION {
|
|
ULONG TimeAdjustment;
|
|
BOOLEAN Enable;
|
|
} SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_PERFORMANCE_INFORMATION {
|
|
LARGE_INTEGER IdleProcessTime;
|
|
LARGE_INTEGER IoReadTransferCount;
|
|
LARGE_INTEGER IoWriteTransferCount;
|
|
LARGE_INTEGER IoOtherTransferCount;
|
|
ULONG IoReadOperationCount;
|
|
ULONG IoWriteOperationCount;
|
|
ULONG IoOtherOperationCount;
|
|
ULONG AvailablePages;
|
|
SYSINF_PAGE_COUNT CommittedPages;
|
|
SYSINF_PAGE_COUNT CommitLimit;
|
|
SYSINF_PAGE_COUNT PeakCommitment;
|
|
ULONG PageFaultCount;
|
|
ULONG CopyOnWriteCount;
|
|
ULONG TransitionCount;
|
|
ULONG CacheTransitionCount;
|
|
ULONG DemandZeroCount;
|
|
ULONG PageReadCount;
|
|
ULONG PageReadIoCount;
|
|
ULONG CacheReadCount;
|
|
ULONG CacheIoCount;
|
|
ULONG DirtyPagesWriteCount;
|
|
ULONG DirtyWriteIoCount;
|
|
ULONG MappedPagesWriteCount;
|
|
ULONG MappedWriteIoCount;
|
|
ULONG PagedPoolPages;
|
|
ULONG NonPagedPoolPages;
|
|
ULONG PagedPoolAllocs;
|
|
ULONG PagedPoolFrees;
|
|
ULONG NonPagedPoolAllocs;
|
|
ULONG NonPagedPoolFrees;
|
|
ULONG FreeSystemPtes;
|
|
ULONG ResidentSystemCodePage;
|
|
ULONG TotalSystemDriverPages;
|
|
ULONG TotalSystemCodePages;
|
|
ULONG NonPagedPoolLookasideHits;
|
|
ULONG PagedPoolLookasideHits;
|
|
ULONG AvailablePagedPoolPages;
|
|
ULONG ResidentSystemCachePage;
|
|
ULONG ResidentPagedPoolPage;
|
|
ULONG ResidentSystemDriverPage;
|
|
ULONG CcFastReadNoWait;
|
|
ULONG CcFastReadWait;
|
|
ULONG CcFastReadResourceMiss;
|
|
ULONG CcFastReadNotPossible;
|
|
ULONG CcFastMdlReadNoWait;
|
|
ULONG CcFastMdlReadWait;
|
|
ULONG CcFastMdlReadResourceMiss;
|
|
ULONG CcFastMdlReadNotPossible;
|
|
ULONG CcMapDataNoWait;
|
|
ULONG CcMapDataWait;
|
|
ULONG CcMapDataNoWaitMiss;
|
|
ULONG CcMapDataWaitMiss;
|
|
ULONG CcPinMappedDataCount;
|
|
ULONG CcPinReadNoWait;
|
|
ULONG CcPinReadWait;
|
|
ULONG CcPinReadNoWaitMiss;
|
|
ULONG CcPinReadWaitMiss;
|
|
ULONG CcCopyReadNoWait;
|
|
ULONG CcCopyReadWait;
|
|
ULONG CcCopyReadNoWaitMiss;
|
|
ULONG CcCopyReadWaitMiss;
|
|
ULONG CcMdlReadNoWait;
|
|
ULONG CcMdlReadWait;
|
|
ULONG CcMdlReadNoWaitMiss;
|
|
ULONG CcMdlReadWaitMiss;
|
|
ULONG CcReadAheadIos;
|
|
ULONG CcLazyWriteIos;
|
|
ULONG CcLazyWritePages;
|
|
ULONG CcDataFlushes;
|
|
ULONG CcDataPages;
|
|
ULONG ContextSwitches;
|
|
ULONG FirstLevelTbFills;
|
|
ULONG SecondLevelTbFills;
|
|
ULONG SystemCalls;
|
|
} SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_PROCESS_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG NumberOfThreads;
|
|
LARGE_INTEGER SpareLi1;
|
|
LARGE_INTEGER SpareLi2;
|
|
LARGE_INTEGER SpareLi3;
|
|
LARGE_INTEGER CreateTime;
|
|
LARGE_INTEGER UserTime;
|
|
LARGE_INTEGER KernelTime;
|
|
UNICODE_STRING ImageName;
|
|
KPRIORITY BasePriority;
|
|
HANDLE UniqueProcessId;
|
|
HANDLE InheritedFromUniqueProcessId;
|
|
ULONG HandleCount;
|
|
ULONG SessionId;
|
|
ULONG_PTR PageDirectoryBase;
|
|
SIZE_T PeakVirtualSize;
|
|
SIZE_T VirtualSize;
|
|
ULONG PageFaultCount;
|
|
SIZE_T PeakWorkingSetSize;
|
|
SIZE_T WorkingSetSize;
|
|
SIZE_T QuotaPeakPagedPoolUsage;
|
|
SIZE_T QuotaPagedPoolUsage;
|
|
SIZE_T QuotaPeakNonPagedPoolUsage;
|
|
SIZE_T QuotaNonPagedPoolUsage;
|
|
SIZE_T PagefileUsage;
|
|
SIZE_T PeakPagefileUsage;
|
|
SIZE_T PrivatePageCount;
|
|
LARGE_INTEGER ReadOperationCount;
|
|
LARGE_INTEGER WriteOperationCount;
|
|
LARGE_INTEGER OtherOperationCount;
|
|
LARGE_INTEGER ReadTransferCount;
|
|
LARGE_INTEGER WriteTransferCount;
|
|
LARGE_INTEGER OtherTransferCount;
|
|
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION {
|
|
ULONG SessionId;
|
|
ULONG SizeOfBuf;
|
|
PVOID Buffer;
|
|
} SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_THREAD_INFORMATION {
|
|
LARGE_INTEGER KernelTime;
|
|
LARGE_INTEGER UserTime;
|
|
LARGE_INTEGER CreateTime;
|
|
ULONG WaitTime;
|
|
PVOID StartAddress;
|
|
CLIENT_ID ClientId;
|
|
KPRIORITY Priority;
|
|
LONG BasePriority;
|
|
ULONG ContextSwitches;
|
|
ULONG ThreadState;
|
|
ULONG WaitReason;
|
|
} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_EXTENDED_THREAD_INFORMATION {
|
|
SYSTEM_THREAD_INFORMATION ThreadInfo;
|
|
PVOID StackBase;
|
|
PVOID StackLimit;
|
|
PVOID Win32StartAddress;
|
|
ULONG_PTR Reserved1;
|
|
ULONG_PTR Reserved2;
|
|
ULONG_PTR Reserved3;
|
|
ULONG_PTR Reserved4;
|
|
} SYSTEM_EXTENDED_THREAD_INFORMATION, *PSYSTEM_EXTENDED_THREAD_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_MEMORY_INFO {
|
|
PUCHAR StringOffset;
|
|
USHORT ValidCount;
|
|
USHORT TransitionCount;
|
|
USHORT ModifiedCount;
|
|
USHORT PageTableCount;
|
|
} SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO;
|
|
|
|
typedef struct _SYSTEM_MEMORY_INFORMATION {
|
|
ULONG InfoSize;
|
|
ULONG_PTR StringStart;
|
|
SYSTEM_MEMORY_INFO Memory[1];
|
|
} SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_CALL_COUNT_INFORMATION {
|
|
ULONG Length;
|
|
ULONG NumberOfTables;
|
|
//ULONG NumberOfEntries[NumberOfTables];
|
|
//ULONG CallCounts[NumberOfTables][NumberOfEntries];
|
|
} SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_DEVICE_INFORMATION {
|
|
ULONG NumberOfDisks;
|
|
ULONG NumberOfFloppies;
|
|
ULONG NumberOfCdRoms;
|
|
ULONG NumberOfTapes;
|
|
ULONG NumberOfSerialPorts;
|
|
ULONG NumberOfParallelPorts;
|
|
} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
|
|
|
|
|
|
typedef struct _SYSTEM_EXCEPTION_INFORMATION {
|
|
ULONG AlignmentFixupCount;
|
|
ULONG ExceptionDispatchCount;
|
|
ULONG FloatingEmulationCount;
|
|
ULONG ByteWordEmulationCount;
|
|
} SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION;
|
|
|
|
|
|
typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION {
|
|
BOOLEAN KernelDebuggerEnabled;
|
|
BOOLEAN KernelDebuggerNotPresent;
|
|
} SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION {
|
|
ULONG RegistryQuotaAllowed;
|
|
ULONG RegistryQuotaUsed;
|
|
SIZE_T PagedPoolSize;
|
|
} SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_GDI_DRIVER_INFORMATION {
|
|
UNICODE_STRING DriverName;
|
|
PVOID ImageAddress;
|
|
PVOID SectionPointer;
|
|
PVOID EntryPoint;
|
|
PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
|
|
ULONG ImageLength;
|
|
} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
|
|
|
|
#if DEVL
|
|
|
|
typedef struct _SYSTEM_FLAGS_INFORMATION {
|
|
ULONG Flags;
|
|
} SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_CALL_TIME_INFORMATION {
|
|
ULONG Length;
|
|
ULONG TotalCalls;
|
|
LARGE_INTEGER TimeOfCalls[1];
|
|
} SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO {
|
|
USHORT UniqueProcessId;
|
|
USHORT CreatorBackTraceIndex;
|
|
UCHAR ObjectTypeIndex;
|
|
UCHAR HandleAttributes;
|
|
USHORT HandleValue;
|
|
PVOID Object;
|
|
ULONG GrantedAccess;
|
|
} SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO;
|
|
|
|
typedef struct _SYSTEM_HANDLE_INFORMATION {
|
|
ULONG NumberOfHandles;
|
|
SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[ 1 ];
|
|
} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX {
|
|
PVOID Object;
|
|
ULONG_PTR UniqueProcessId;
|
|
ULONG_PTR HandleValue;
|
|
ULONG GrantedAccess;
|
|
USHORT CreatorBackTraceIndex;
|
|
USHORT ObjectTypeIndex;
|
|
ULONG HandleAttributes;
|
|
ULONG Reserved;
|
|
} SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX;
|
|
|
|
typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
|
|
ULONG_PTR NumberOfHandles;
|
|
ULONG_PTR Reserved;
|
|
SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handles[ 1 ];
|
|
} SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
|
|
|
|
typedef struct _SYSTEM_OBJECTTYPE_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG NumberOfObjects;
|
|
ULONG NumberOfHandles;
|
|
ULONG TypeIndex;
|
|
ULONG InvalidAttributes;
|
|
GENERIC_MAPPING GenericMapping;
|
|
ULONG ValidAccessMask;
|
|
ULONG PoolType;
|
|
BOOLEAN SecurityRequired;
|
|
BOOLEAN WaitableObject;
|
|
UNICODE_STRING TypeName;
|
|
} SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_OBJECT_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
PVOID Object;
|
|
HANDLE CreatorUniqueProcess;
|
|
USHORT CreatorBackTraceIndex;
|
|
USHORT Flags;
|
|
LONG PointerCount;
|
|
LONG HandleCount;
|
|
ULONG PagedPoolCharge;
|
|
ULONG NonPagedPoolCharge;
|
|
HANDLE ExclusiveProcessId;
|
|
PVOID SecurityDescriptor;
|
|
OBJECT_NAME_INFORMATION NameInfo;
|
|
} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_PAGEFILE_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG TotalSize;
|
|
ULONG TotalInUse;
|
|
ULONG PeakUsage;
|
|
UNICODE_STRING PageFileName;
|
|
} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_VERIFIER_INFORMATION {
|
|
ULONG NextEntryOffset;
|
|
ULONG Level;
|
|
UNICODE_STRING DriverName;
|
|
|
|
ULONG RaiseIrqls;
|
|
ULONG AcquireSpinLocks;
|
|
ULONG SynchronizeExecutions;
|
|
ULONG AllocationsAttempted;
|
|
|
|
ULONG AllocationsSucceeded;
|
|
ULONG AllocationsSucceededSpecialPool;
|
|
ULONG AllocationsWithNoTag;
|
|
ULONG TrimRequests;
|
|
|
|
ULONG Trims;
|
|
ULONG AllocationsFailed;
|
|
ULONG AllocationsFailedDeliberately;
|
|
ULONG Loads;
|
|
|
|
ULONG Unloads;
|
|
ULONG UnTrackedPool;
|
|
ULONG CurrentPagedPoolAllocations;
|
|
ULONG CurrentNonPagedPoolAllocations;
|
|
|
|
ULONG PeakPagedPoolAllocations;
|
|
ULONG PeakNonPagedPoolAllocations;
|
|
|
|
SIZE_T PagedPoolUsageInBytes;
|
|
SIZE_T NonPagedPoolUsageInBytes;
|
|
SIZE_T PeakPagedPoolUsageInBytes;
|
|
SIZE_T PeakNonPagedPoolUsageInBytes;
|
|
|
|
} SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_FILECACHE_INFORMATION {
|
|
SIZE_T CurrentSize;
|
|
SIZE_T PeakSize;
|
|
ULONG PageFaultCount;
|
|
SIZE_T MinimumWorkingSet;
|
|
SIZE_T MaximumWorkingSet;
|
|
SIZE_T CurrentSizeIncludingTransitionInPages;
|
|
SIZE_T PeakSizeIncludingTransitionInPages;
|
|
ULONG TransitionRePurposeCount;
|
|
ULONG spare[1];
|
|
} SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION;
|
|
|
|
|
|
#define FLG_HOTPATCH_KERNEL 0x80000000
|
|
#define FLG_HOTPATCH_RELOAD_NTDLL 0x40000000
|
|
#define FLG_HOTPATCH_NAME_INFO 0x20000000
|
|
#define FLG_HOTPATCH_RENAME_INFO 0x10000000
|
|
#define FLG_HOTPATCH_MAP_ATOMIC_SWAP 0x08000000
|
|
|
|
#define FLG_HOTPATCH_ACTIVE 0x00000001
|
|
#define FLG_HOTPATCH_STATUS_FLAGS FLG_HOTPATCH_ACTIVE
|
|
|
|
#define FLG_HOTPATCH_VERIFICATION_ERROR 0x00800000
|
|
|
|
typedef struct _HOTPATCH_HOOK_DESCRIPTOR{
|
|
ULONG_PTR TargetAddress;
|
|
PVOID MappedAddress;
|
|
ULONG CodeOffset;
|
|
ULONG CodeSize;
|
|
ULONG OrigCodeOffset;
|
|
ULONG ValidationOffset;
|
|
ULONG ValidationSize;
|
|
}HOTPATCH_HOOK_DESCRIPTOR, *PHOTPATCH_HOOK_DESCRIPTOR;
|
|
|
|
|
|
typedef struct _SYSTEM_HOTPATCH_CODE_INFORMATION {
|
|
|
|
ULONG Flags;
|
|
ULONG InfoSize;
|
|
|
|
union {
|
|
|
|
struct {
|
|
|
|
ULONG DescriptorsCount;
|
|
|
|
HOTPATCH_HOOK_DESCRIPTOR CodeDescriptors[1]; // variable size structure
|
|
|
|
} CodeInfo;
|
|
|
|
struct {
|
|
|
|
USHORT NameOffset;
|
|
USHORT NameLength;
|
|
|
|
} KernelInfo;
|
|
|
|
struct {
|
|
|
|
USHORT NameOffset;
|
|
USHORT NameLength;
|
|
|
|
USHORT TargetNameOffset;
|
|
USHORT TargetNameLength;
|
|
|
|
} UserModeInfo;
|
|
|
|
struct {
|
|
|
|
HANDLE FileHandle1;
|
|
PIO_STATUS_BLOCK IoStatusBlock1;
|
|
PFILE_RENAME_INFORMATION RenameInformation1;
|
|
ULONG RenameInformationLength1;
|
|
HANDLE FileHandle2;
|
|
PIO_STATUS_BLOCK IoStatusBlock2;
|
|
PFILE_RENAME_INFORMATION RenameInformation2;
|
|
ULONG RenameInformationLength2;
|
|
|
|
} RenameInfo;
|
|
|
|
struct {
|
|
|
|
HANDLE ParentDirectory;
|
|
HANDLE ObjectHandle1;
|
|
HANDLE ObjectHandle2;
|
|
|
|
} AtomicSwap;
|
|
};
|
|
|
|
//
|
|
// NOTE Do not add anything after CodeDescriptors array as
|
|
// it is assumed to have a variable size
|
|
//
|
|
|
|
} SYSTEM_HOTPATCH_CODE_INFORMATION, *PSYSTEM_HOTPATCH_CODE_INFORMATION;
|
|
|
|
//
|
|
// Watchdog Timer
|
|
//
|
|
|
|
typedef enum _WATCHDOG_HANDLER_ACTION {
|
|
WdActionSetTimeoutValue,
|
|
WdActionQueryTimeoutValue,
|
|
WdActionResetTimer,
|
|
WdActionStopTimer,
|
|
WdActionStartTimer,
|
|
WdActionSetTriggerAction,
|
|
WdActionQueryTriggerAction,
|
|
WdActionQueryState
|
|
} WATCHDOG_HANDLER_ACTION;
|
|
|
|
typedef enum _WATCHDOG_INFORMATION_CLASS {
|
|
WdInfoTimeoutValue,
|
|
WdInfoResetTimer,
|
|
WdInfoStopTimer,
|
|
WdInfoStartTimer,
|
|
WdInfoTriggerAction,
|
|
WdInfoState
|
|
} WATCHDOG_INFORMATION_CLASS;
|
|
|
|
typedef
|
|
NTSTATUS
|
|
(*PWD_HANDLER)(
|
|
IN WATCHDOG_HANDLER_ACTION Action,
|
|
IN PVOID Context,
|
|
IN OUT PULONG DataValue,
|
|
IN BOOLEAN NoLocks
|
|
);
|
|
|
|
typedef struct _SYSTEM_WATCHDOG_HANDLER_INFORMATION {
|
|
PWD_HANDLER WdHandler;
|
|
PVOID Context;
|
|
} SYSTEM_WATCHDOG_HANDLER_INFORMATION, *PSYSTEM_WATCHDOG_HANDLER_INFORMATION;
|
|
|
|
#define WDSTATE_FIRED 0x00000001
|
|
#define WDSTATE_HARDWARE_ENABLED 0x00000002
|
|
#define WDSTATE_STARTED 0x00000004
|
|
#define WDSTATE_HARDWARE_PRESENT 0x00000008
|
|
|
|
typedef struct _SYSTEM_WATCHDOG_TIMER_INFORMATION {
|
|
WATCHDOG_INFORMATION_CLASS WdInfoClass;
|
|
ULONG DataValue;
|
|
} SYSTEM_WATCHDOG_TIMER_INFORMATION, *PSYSTEM_WATCHDOG_TIMER_INFORMATION;
|
|
|
|
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(push)
|
|
#endif
|
|
#pragma warning(disable:4201) // unnamed struct/union
|
|
|
|
typedef struct _SYSTEM_POOL_ENTRY {
|
|
BOOLEAN Allocated;
|
|
BOOLEAN Spare0;
|
|
USHORT AllocatorBackTraceIndex;
|
|
ULONG Size;
|
|
union {
|
|
UCHAR Tag[4];
|
|
ULONG TagUlong;
|
|
PVOID ProcessChargedQuota;
|
|
};
|
|
} SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY;
|
|
|
|
typedef struct _SYSTEM_POOL_INFORMATION {
|
|
SIZE_T TotalSize;
|
|
PVOID FirstEntry;
|
|
USHORT EntryOverhead;
|
|
BOOLEAN PoolTagPresent;
|
|
BOOLEAN Spare0;
|
|
ULONG NumberOfEntries;
|
|
SYSTEM_POOL_ENTRY Entries[1];
|
|
} SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_POOLTAG {
|
|
union {
|
|
UCHAR Tag[4];
|
|
ULONG TagUlong;
|
|
};
|
|
ULONG PagedAllocs;
|
|
ULONG PagedFrees;
|
|
SIZE_T PagedUsed;
|
|
ULONG NonPagedAllocs;
|
|
ULONG NonPagedFrees;
|
|
SIZE_T NonPagedUsed;
|
|
} SYSTEM_POOLTAG, *PSYSTEM_POOLTAG;
|
|
|
|
typedef struct _SYSTEM_BIGPOOL_ENTRY {
|
|
union {
|
|
PVOID VirtualAddress;
|
|
ULONG_PTR NonPaged : 1; // Set to 1 if entry is nonpaged.
|
|
};
|
|
SIZE_T SizeInBytes;
|
|
union {
|
|
UCHAR Tag[4];
|
|
ULONG TagUlong;
|
|
};
|
|
} SYSTEM_BIGPOOL_ENTRY, *PSYSTEM_BIGPOOL_ENTRY;
|
|
|
|
#if _MSC_VER >= 1200
|
|
#pragma warning(pop)
|
|
#else
|
|
#pragma warning( default : 4201 )
|
|
#endif
|
|
|
|
typedef struct _SYSTEM_POOLTAG_INFORMATION {
|
|
ULONG Count;
|
|
SYSTEM_POOLTAG TagInfo[1];
|
|
} SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_SESSION_POOLTAG_INFORMATION {
|
|
SIZE_T NextEntryOffset;
|
|
ULONG SessionId;
|
|
ULONG Count;
|
|
SYSTEM_POOLTAG TagInfo[1];
|
|
} SYSTEM_SESSION_POOLTAG_INFORMATION, *PSYSTEM_SESSION_POOLTAG_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_BIGPOOL_INFORMATION {
|
|
ULONG Count;
|
|
SYSTEM_BIGPOOL_ENTRY AllocatedInfo[1];
|
|
} SYSTEM_BIGPOOL_INFORMATION, *PSYSTEM_BIGPOOL_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_SESSION_MAPPED_VIEW_INFORMATION {
|
|
SIZE_T NextEntryOffset;
|
|
ULONG SessionId;
|
|
ULONG ViewFailures;
|
|
SIZE_T NumberOfBytesAvailable;
|
|
SIZE_T NumberOfBytesAvailableContiguous;
|
|
} SYSTEM_SESSION_MAPPED_VIEW_INFORMATION, *PSYSTEM_SESSION_MAPPED_VIEW_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION {
|
|
ULONG ContextSwitches;
|
|
ULONG FindAny;
|
|
ULONG FindLast;
|
|
ULONG FindIdeal;
|
|
ULONG IdleAny;
|
|
ULONG IdleCurrent;
|
|
ULONG IdleLast;
|
|
ULONG IdleIdeal;
|
|
ULONG PreemptAny;
|
|
ULONG PreemptCurrent;
|
|
ULONG PreemptLast;
|
|
ULONG SwitchToIdle;
|
|
} SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_INTERRUPT_INFORMATION {
|
|
ULONG ContextSwitches;
|
|
ULONG DpcCount;
|
|
ULONG DpcRate;
|
|
ULONG TimeIncrement;
|
|
ULONG DpcBypassCount;
|
|
ULONG ApcBypassCount;
|
|
} SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION {
|
|
ULONG Spare;
|
|
ULONG DpcQueueDepth;
|
|
ULONG MinimumDpcRate;
|
|
ULONG AdjustDpcThreshold;
|
|
ULONG IdealDpcRate;
|
|
} SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION;
|
|
|
|
#endif // DEVL
|
|
|
|
typedef struct _SYSTEM_LOOKASIDE_INFORMATION {
|
|
USHORT CurrentDepth;
|
|
USHORT MaximumDepth;
|
|
ULONG TotalAllocates;
|
|
ULONG AllocateMisses;
|
|
ULONG TotalFrees;
|
|
ULONG FreeMisses;
|
|
ULONG Type;
|
|
ULONG Tag;
|
|
ULONG Size;
|
|
} SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION;
|
|
|
|
typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION {
|
|
ULONG VetoType;
|
|
UNICODE_STRING VetoList;
|
|
} SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION;
|
|
|
|
// begin_winnt
|
|
|
|
#define PROCESSOR_INTEL_386 386
|
|
#define PROCESSOR_INTEL_486 486
|
|
#define PROCESSOR_INTEL_PENTIUM 586
|
|
#define PROCESSOR_INTEL_IA64 2200
|
|
#define PROCESSOR_AMD_X8664 8664
|
|
#define PROCESSOR_MIPS_R4000 4000 // incl R4101 & R3910 for Windows CE
|
|
#define PROCESSOR_ALPHA_21064 21064
|
|
#define PROCESSOR_PPC_601 601
|
|
#define PROCESSOR_PPC_603 603
|
|
#define PROCESSOR_PPC_604 604
|
|
#define PROCESSOR_PPC_620 620
|
|
#define PROCESSOR_HITACHI_SH3 10003 // Windows CE
|
|
#define PROCESSOR_HITACHI_SH3E 10004 // Windows CE
|
|
#define PROCESSOR_HITACHI_SH4 10005 // Windows CE
|
|
#define PROCESSOR_MOTOROLA_821 821 // Windows CE
|
|
#define PROCESSOR_SHx_SH3 103 // Windows CE
|
|
#define PROCESSOR_SHx_SH4 104 // Windows CE
|
|
#define PROCESSOR_STRONGARM 2577 // Windows CE - 0xA11
|
|
#define PROCESSOR_ARM720 1824 // Windows CE - 0x720
|
|
#define PROCESSOR_ARM820 2080 // Windows CE - 0x820
|
|
#define PROCESSOR_ARM920 2336 // Windows CE - 0x920
|
|
#define PROCESSOR_ARM_7TDMI 70001 // Windows CE
|
|
#define PROCESSOR_OPTIL 0x494f // MSIL
|
|
|
|
#define PROCESSOR_ARCHITECTURE_INTEL 0
|
|
#define PROCESSOR_ARCHITECTURE_MIPS 1
|
|
#define PROCESSOR_ARCHITECTURE_ALPHA 2
|
|
#define PROCESSOR_ARCHITECTURE_PPC 3
|
|
#define PROCESSOR_ARCHITECTURE_SHX 4
|
|
#define PROCESSOR_ARCHITECTURE_ARM 5
|
|
#define PROCESSOR_ARCHITECTURE_IA64 6
|
|
#define PROCESSOR_ARCHITECTURE_ALPHA64 7
|
|
#define PROCESSOR_ARCHITECTURE_MSIL 8
|
|
#define PROCESSOR_ARCHITECTURE_AMD64 9
|
|
#define PROCESSOR_ARCHITECTURE_IA32_ON_WIN64 10
|
|
|
|
#define PROCESSOR_ARCHITECTURE_UNKNOWN 0xFFFF
|
|
|
|
// end_winnt
|
|
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQuerySystemInformation (
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
OUT PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetSystemInformation (
|
|
IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
|
|
IN PVOID SystemInformation,
|
|
IN ULONG SystemInformationLength
|
|
);
|
|
|
|
|
|
//
|
|
// SysDbg APIs are available to user-mode processes via
|
|
// NtSystemDebugControl.
|
|
//
|
|
|
|
typedef enum _SYSDBG_COMMAND {
|
|
SysDbgQueryModuleInformation,
|
|
SysDbgQueryTraceInformation,
|
|
SysDbgSetTracepoint,
|
|
SysDbgSetSpecialCall,
|
|
SysDbgClearSpecialCalls,
|
|
SysDbgQuerySpecialCalls,
|
|
SysDbgBreakPoint,
|
|
SysDbgQueryVersion,
|
|
SysDbgReadVirtual,
|
|
SysDbgWriteVirtual,
|
|
SysDbgReadPhysical,
|
|
SysDbgWritePhysical,
|
|
SysDbgReadControlSpace,
|
|
SysDbgWriteControlSpace,
|
|
SysDbgReadIoSpace,
|
|
SysDbgWriteIoSpace,
|
|
SysDbgReadMsr,
|
|
SysDbgWriteMsr,
|
|
SysDbgReadBusData,
|
|
SysDbgWriteBusData,
|
|
SysDbgCheckLowMemory,
|
|
SysDbgEnableKernelDebugger,
|
|
SysDbgDisableKernelDebugger,
|
|
SysDbgGetAutoKdEnable,
|
|
SysDbgSetAutoKdEnable,
|
|
SysDbgGetPrintBufferSize,
|
|
SysDbgSetPrintBufferSize,
|
|
SysDbgGetKdUmExceptionEnable,
|
|
SysDbgSetKdUmExceptionEnable,
|
|
} SYSDBG_COMMAND, *PSYSDBG_COMMAND;
|
|
|
|
typedef struct _SYSDBG_VIRTUAL {
|
|
PVOID Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
} SYSDBG_VIRTUAL, *PSYSDBG_VIRTUAL;
|
|
|
|
typedef struct _SYSDBG_PHYSICAL {
|
|
PHYSICAL_ADDRESS Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
} SYSDBG_PHYSICAL, *PSYSDBG_PHYSICAL;
|
|
|
|
typedef struct _SYSDBG_CONTROL_SPACE {
|
|
ULONG64 Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
ULONG Processor;
|
|
} SYSDBG_CONTROL_SPACE, *PSYSDBG_CONTROL_SPACE;
|
|
|
|
typedef struct _SYSDBG_IO_SPACE {
|
|
ULONG64 Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
INTERFACE_TYPE InterfaceType;
|
|
ULONG BusNumber;
|
|
ULONG AddressSpace;
|
|
} SYSDBG_IO_SPACE, *PSYSDBG_IO_SPACE;
|
|
|
|
typedef struct _SYSDBG_MSR {
|
|
ULONG Msr;
|
|
ULONG64 Data;
|
|
} SYSDBG_MSR, *PSYSDBG_MSR;
|
|
|
|
typedef struct _SYSDBG_BUS_DATA {
|
|
ULONG Address;
|
|
PVOID Buffer;
|
|
ULONG Request;
|
|
BUS_DATA_TYPE BusDataType;
|
|
ULONG BusNumber;
|
|
ULONG SlotNumber;
|
|
} SYSDBG_BUS_DATA, *PSYSDBG_BUS_DATA;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSystemDebugControl (
|
|
IN SYSDBG_COMMAND Command,
|
|
IN PVOID InputBuffer,
|
|
IN ULONG InputBufferLength,
|
|
OUT PVOID OutputBuffer,
|
|
IN ULONG OutputBufferLength,
|
|
OUT PULONG ReturnLength
|
|
);
|
|
|
|
typedef enum _HARDERROR_RESPONSE_OPTION {
|
|
OptionAbortRetryIgnore,
|
|
OptionOk,
|
|
OptionOkCancel,
|
|
OptionRetryCancel,
|
|
OptionYesNo,
|
|
OptionYesNoCancel,
|
|
OptionShutdownSystem,
|
|
OptionOkNoWait,
|
|
OptionCancelTryContinue
|
|
} HARDERROR_RESPONSE_OPTION;
|
|
|
|
typedef enum _HARDERROR_RESPONSE {
|
|
ResponseReturnToCaller,
|
|
ResponseNotHandled,
|
|
ResponseAbort,
|
|
ResponseCancel,
|
|
ResponseIgnore,
|
|
ResponseNo,
|
|
ResponseOk,
|
|
ResponseRetry,
|
|
ResponseYes,
|
|
ResponseTryAgain,
|
|
ResponseContinue
|
|
} HARDERROR_RESPONSE;
|
|
|
|
#define HARDERROR_PARAMETERS_FLAGSPOS 4
|
|
#define HARDERROR_FLAGS_DEFDESKTOPONLY 0x00020000
|
|
|
|
#define MAXIMUM_HARDERROR_PARAMETERS 5
|
|
|
|
#define HARDERROR_OVERRIDE_ERRORMODE 0x10000000
|
|
|
|
typedef struct _HARDERROR_MSG {
|
|
PORT_MESSAGE h;
|
|
NTSTATUS Status;
|
|
LARGE_INTEGER ErrorTime;
|
|
ULONG ValidResponseOptions;
|
|
ULONG Response;
|
|
ULONG NumberOfParameters;
|
|
ULONG UnicodeStringParameterMask;
|
|
ULONG_PTR Parameters[MAXIMUM_HARDERROR_PARAMETERS];
|
|
} HARDERROR_MSG, *PHARDERROR_MSG;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtRaiseHardError(
|
|
IN NTSTATUS ErrorStatus,
|
|
IN ULONG NumberOfParameters,
|
|
IN ULONG UnicodeStringParameterMask,
|
|
IN PULONG_PTR Parameters,
|
|
IN ULONG ValidResponseOptions,
|
|
OUT PULONG Response
|
|
);
|
|
|
|
// begin_wdm begin_ntddk begin_nthal begin_ntifs
|
|
|
|
//
|
|
// Defined processor features
|
|
//
|
|
|
|
#define PF_FLOATING_POINT_PRECISION_ERRATA 0 // winnt
|
|
#define PF_FLOATING_POINT_EMULATED 1 // winnt
|
|
#define PF_COMPARE_EXCHANGE_DOUBLE 2 // winnt
|
|
#define PF_MMX_INSTRUCTIONS_AVAILABLE 3 // winnt
|
|
#define PF_PPC_MOVEMEM_64BIT_OK 4 // winnt
|
|
#define PF_ALPHA_BYTE_INSTRUCTIONS 5 // winnt
|
|
#define PF_XMMI_INSTRUCTIONS_AVAILABLE 6 // winnt
|
|
#define PF_3DNOW_INSTRUCTIONS_AVAILABLE 7 // winnt
|
|
#define PF_RDTSC_INSTRUCTION_AVAILABLE 8 // winnt
|
|
#define PF_PAE_ENABLED 9 // winnt
|
|
#define PF_XMMI64_INSTRUCTIONS_AVAILABLE 10 // winnt
|
|
|
|
typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE {
|
|
StandardDesign, // None == 0 == standard design
|
|
NEC98x86, // NEC PC98xx series on X86
|
|
EndAlternatives // past end of known alternatives
|
|
} ALTERNATIVE_ARCHITECTURE_TYPE;
|
|
|
|
// correctly define these run-time definitions for non X86 machines
|
|
|
|
#ifndef _X86_
|
|
|
|
#ifndef IsNEC_98
|
|
#define IsNEC_98 (FALSE)
|
|
#endif
|
|
|
|
#ifndef IsNotNEC_98
|
|
#define IsNotNEC_98 (TRUE)
|
|
#endif
|
|
|
|
#ifndef SetNEC_98
|
|
#define SetNEC_98
|
|
#endif
|
|
|
|
#ifndef SetNotNEC_98
|
|
#define SetNotNEC_98
|
|
#endif
|
|
|
|
#endif
|
|
|
|
#define PROCESSOR_FEATURE_MAX 64
|
|
|
|
// end_wdm
|
|
|
|
#if defined(REMOTE_BOOT)
|
|
//
|
|
// Defined system flags.
|
|
//
|
|
|
|
/* the following two lines should be tagged with "winnt" when REMOTE_BOOT is on. */
|
|
#define SYSTEM_FLAG_REMOTE_BOOT_CLIENT 0x00000001
|
|
#define SYSTEM_FLAG_DISKLESS_CLIENT 0x00000002
|
|
#endif // defined(REMOTE_BOOT)
|
|
|
|
//
|
|
// Define data shared between kernel and user mode.
|
|
//
|
|
// N.B. User mode has read only access to this data
|
|
//
|
|
#ifdef _MAC
|
|
#pragma warning( disable : 4121)
|
|
#endif
|
|
|
|
//
|
|
// WARNING: This structure must have exactly the same layout for 32- and
|
|
// 64-bit systems. The layout of this structure cannot change and new
|
|
// fields can only be added to the end of the structure. Deprecated
|
|
// fields cannot be deleted. Platform specific fields are included on
|
|
// all systems.
|
|
//
|
|
// Layout exactness is required for Wow64 support of 32bit applications
|
|
// on Win64 systems.
|
|
//
|
|
// The layout itself cannot change since this sturcture has been exported
|
|
// in ntddk, ntifs.h, and nthal.h for some time.
|
|
//
|
|
|
|
typedef struct _KUSER_SHARED_DATA {
|
|
|
|
//
|
|
// Current low 32-bit of tick count and tick count multiplier.
|
|
//
|
|
// N.B. The tick count is updated each time the clock ticks.
|
|
//
|
|
|
|
ULONG TickCountLowDeprecated;
|
|
ULONG TickCountMultiplier;
|
|
|
|
//
|
|
// Current 64-bit interrupt time in 100ns units.
|
|
//
|
|
|
|
volatile KSYSTEM_TIME InterruptTime;
|
|
|
|
//
|
|
// Current 64-bit system time in 100ns units.
|
|
//
|
|
|
|
volatile KSYSTEM_TIME SystemTime;
|
|
|
|
//
|
|
// Current 64-bit time zone bias.
|
|
//
|
|
|
|
volatile KSYSTEM_TIME TimeZoneBias;
|
|
|
|
//
|
|
// Support image magic number range for the host system.
|
|
//
|
|
// N.B. This is an inclusive range.
|
|
//
|
|
|
|
USHORT ImageNumberLow;
|
|
USHORT ImageNumberHigh;
|
|
|
|
//
|
|
// Copy of system root in Unicode
|
|
//
|
|
|
|
WCHAR NtSystemRoot[ 260 ];
|
|
|
|
//
|
|
// Maximum stack trace depth if tracing enabled.
|
|
//
|
|
|
|
ULONG MaxStackTraceDepth;
|
|
|
|
//
|
|
// Crypto Exponent
|
|
//
|
|
|
|
ULONG CryptoExponent;
|
|
|
|
//
|
|
// TimeZoneId
|
|
//
|
|
|
|
ULONG TimeZoneId;
|
|
|
|
ULONG LargePageMinimum;
|
|
ULONG Reserved2[ 7 ];
|
|
|
|
//
|
|
// product type
|
|
//
|
|
|
|
NT_PRODUCT_TYPE NtProductType;
|
|
BOOLEAN ProductTypeIsValid;
|
|
|
|
//
|
|
// NT Version. Note that each process sees a version from its PEB, but
|
|
// if the process is running with an altered view of the system version,
|
|
// the following two fields are used to correctly identify the version
|
|
//
|
|
|
|
ULONG NtMajorVersion;
|
|
ULONG NtMinorVersion;
|
|
|
|
//
|
|
// Processor Feature Bits
|
|
//
|
|
|
|
BOOLEAN ProcessorFeatures[PROCESSOR_FEATURE_MAX];
|
|
|
|
//
|
|
// Reserved fields - do not use
|
|
//
|
|
ULONG Reserved1;
|
|
ULONG Reserved3;
|
|
|
|
//
|
|
// Time slippage while in debugger
|
|
//
|
|
|
|
volatile ULONG TimeSlip;
|
|
|
|
//
|
|
// Alternative system architecture. Example: NEC PC98xx on x86
|
|
//
|
|
|
|
ALTERNATIVE_ARCHITECTURE_TYPE AlternativeArchitecture;
|
|
|
|
//
|
|
// If the system is an evaluation unit, the following field contains the
|
|
// date and time that the evaluation unit expires. A value of 0 indicates
|
|
// that there is no expiration. A non-zero value is the UTC absolute time
|
|
// that the system expires.
|
|
//
|
|
|
|
LARGE_INTEGER SystemExpirationDate;
|
|
|
|
//
|
|
// Suite Support
|
|
//
|
|
|
|
ULONG SuiteMask;
|
|
|
|
//
|
|
// TRUE if a kernel debugger is connected/enabled
|
|
//
|
|
|
|
BOOLEAN KdDebuggerEnabled;
|
|
|
|
|
|
//
|
|
// Current console session Id. Always zero on non-TS systems
|
|
//
|
|
volatile ULONG ActiveConsoleId;
|
|
|
|
//
|
|
// Force-dismounts cause handles to become invalid. Rather than
|
|
// always probe handles, we maintain a serial number of
|
|
// dismounts that clients can use to see if they need to probe
|
|
// handles.
|
|
//
|
|
|
|
volatile ULONG DismountCount;
|
|
|
|
//
|
|
// This field indicates the status of the 64-bit COM+ package on the system.
|
|
// It indicates whether the Itermediate Language (IL) COM+ images need to
|
|
// use the 64-bit COM+ runtime or the 32-bit COM+ runtime.
|
|
//
|
|
|
|
ULONG ComPlusPackage;
|
|
|
|
//
|
|
// Time in tick count for system-wide last user input across all
|
|
// terminal sessions. For MP performance, it is not updated all
|
|
// the time (e.g. once a minute per session). It is used for idle
|
|
// detection.
|
|
//
|
|
|
|
ULONG LastSystemRITEventTickCount;
|
|
|
|
//
|
|
// Number of physical pages in the system. This can dynamically
|
|
// change as physical memory can be added or removed from a running
|
|
// system.
|
|
//
|
|
|
|
ULONG NumberOfPhysicalPages;
|
|
|
|
//
|
|
// True if the system was booted in safe boot mode.
|
|
//
|
|
|
|
BOOLEAN SafeBootMode;
|
|
|
|
//
|
|
// The following field is used for Heap and CritSec Tracing
|
|
// The last bit is set for Critical Sec Collision tracing and
|
|
// second Last bit is for Heap Tracing
|
|
// Also the first 16 bits are used as counter.
|
|
//
|
|
|
|
ULONG TraceLogging;
|
|
|
|
//
|
|
// Depending on the processor, the code for fast system call
|
|
// will differ, the following buffer is filled with the appropriate
|
|
// code sequence and user mode code will branch through it.
|
|
//
|
|
// (32 bytes, using ULONGLONG for alignment).
|
|
//
|
|
// N.B. The following two fields are only used on 32-bit systems.
|
|
//
|
|
|
|
ULONGLONG Fill0; // alignment
|
|
ULONGLONG SystemCall[4];
|
|
|
|
//
|
|
// The 64-bit tick count.
|
|
//
|
|
|
|
union {
|
|
volatile KSYSTEM_TIME TickCount;
|
|
volatile ULONG64 TickCountQuad;
|
|
};
|
|
|
|
} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
|
|
|
|
#ifdef _MAC
|
|
#pragma warning( default : 4121 )
|
|
#endif
|
|
|
|
// end_ntddk end_nthal end_ntifs
|
|
|
|
#define DOSDEVICE_DRIVE_UNKNOWN 0
|
|
#define DOSDEVICE_DRIVE_CALCULATE 1
|
|
#define DOSDEVICE_DRIVE_REMOVABLE 2
|
|
#define DOSDEVICE_DRIVE_FIXED 3
|
|
#define DOSDEVICE_DRIVE_REMOTE 4
|
|
#define DOSDEVICE_DRIVE_CDROM 5
|
|
#define DOSDEVICE_DRIVE_RAMDISK 6
|
|
|
|
#if defined(USER_SHARED_DATA) && !defined(MIDL_PASS) && !defined(SORTPP_PASS)
|
|
|
|
FORCEINLINE
|
|
ULONGLONG
|
|
NtGetTickCount64(
|
|
VOID
|
|
)
|
|
|
|
{
|
|
|
|
ULARGE_INTEGER TickCount;
|
|
|
|
#if defined(_WIN64)
|
|
|
|
TickCount.QuadPart = USER_SHARED_DATA->TickCountQuad;
|
|
|
|
#else
|
|
|
|
for (;;) {
|
|
TickCount.HighPart = (ULONG) USER_SHARED_DATA->TickCount.High1Time;
|
|
TickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart;
|
|
if (TickCount.HighPart == (ULONG) USER_SHARED_DATA->TickCount.High2Time) {
|
|
break;
|
|
}
|
|
|
|
#if defined(_X86_)
|
|
|
|
_asm { rep nop }
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
return ((UInt32x32To64(TickCount.LowPart,
|
|
USER_SHARED_DATA->TickCountMultiplier) >> 24)
|
|
+ (UInt32x32To64(TickCount.HighPart,
|
|
USER_SHARED_DATA->TickCountMultiplier) << 8));
|
|
}
|
|
|
|
FORCEINLINE
|
|
ULONG
|
|
NtGetTickCount(
|
|
VOID
|
|
)
|
|
|
|
{
|
|
|
|
#if defined(_WIN64)
|
|
|
|
return (ULONG) ((USER_SHARED_DATA->TickCountQuad
|
|
* USER_SHARED_DATA->TickCountMultiplier)
|
|
>> 24);
|
|
|
|
#else
|
|
|
|
ULARGE_INTEGER TickCount;
|
|
|
|
for (;;) {
|
|
TickCount.HighPart = (ULONG) USER_SHARED_DATA->TickCount.High1Time;
|
|
TickCount.LowPart = USER_SHARED_DATA->TickCount.LowPart;
|
|
if (TickCount.HighPart == (ULONG) USER_SHARED_DATA->TickCount.High2Time) {
|
|
break;
|
|
}
|
|
|
|
#if defined(_X86_)
|
|
|
|
_asm { rep nop }
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
return (ULONG) ((UInt32x32To64(TickCount.LowPart,
|
|
USER_SHARED_DATA->TickCountMultiplier) >> 24)
|
|
+ UInt32x32To64(TickCount.HighPart << 8,
|
|
USER_SHARED_DATA->TickCountMultiplier));
|
|
|
|
#endif
|
|
|
|
}
|
|
|
|
#endif // (defined(USER_SHARED_DATA) && !defined(MIDL_PASS) && !defined(SORTPP_PASS))
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryDefaultLocale(
|
|
IN BOOLEAN UserProfile,
|
|
OUT PLCID DefaultLocaleId
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetDefaultLocale(
|
|
IN BOOLEAN UserProfile,
|
|
IN LCID DefaultLocaleId
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInstallUILanguage(
|
|
OUT LANGID *InstallUILanguageId
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryDefaultUILanguage(
|
|
OUT LANGID *DefaultUILanguageId
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetDefaultUILanguage(
|
|
IN LANGID DefaultUILanguageId
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtSetDefaultHardErrorPort(
|
|
IN HANDLE DefaultHardErrorPort
|
|
);
|
|
|
|
typedef enum _SHUTDOWN_ACTION {
|
|
ShutdownNoReboot,
|
|
ShutdownReboot,
|
|
ShutdownPowerOff
|
|
} SHUTDOWN_ACTION;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtShutdownSystem(
|
|
IN SHUTDOWN_ACTION Action
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDisplayString(
|
|
IN PUNICODE_STRING String
|
|
);
|
|
|
|
|
|
//
|
|
// Global flags that can be set to control system behavior.
|
|
// Flag word is 32 bits.
|
|
//
|
|
|
|
#define FLG_STOP_ON_EXCEPTION 0x00000001 // user and kernel mode
|
|
#define FLG_SHOW_LDR_SNAPS 0x00000002 // user and kernel mode
|
|
#define FLG_DEBUG_INITIAL_COMMAND 0x00000004 // kernel mode only up until WINLOGON started
|
|
#define FLG_STOP_ON_HUNG_GUI 0x00000008 // kernel mode only while running
|
|
|
|
#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010 // user mode only
|
|
#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020 // user mode only
|
|
#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040 // user mode only
|
|
#define FLG_HEAP_VALIDATE_ALL 0x00000080 // user mode only
|
|
|
|
#define FLG_APPLICATION_VERIFIER 0x00000100 // user mode only
|
|
#define FLG_POOL_ENABLE_TAGGING 0x00000400 // kernel mode only
|
|
#define FLG_HEAP_ENABLE_TAGGING 0x00000800 // user mode only
|
|
|
|
#define FLG_USER_STACK_TRACE_DB 0x00001000 // x86 user mode only
|
|
#define FLG_KERNEL_STACK_TRACE_DB 0x00002000 // x86 kernel mode only at boot time
|
|
#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000 // kernel mode only at boot time
|
|
#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000 // user mode only
|
|
|
|
#define FLG_DISABLE_STACK_EXTENSION 0x00010000 // user mode only
|
|
#define FLG_ENABLE_CSRDEBUG 0x00020000 // kernel mode only at boot time
|
|
#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000 // kernel mode only
|
|
#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000 // kernel mode only at boot time
|
|
|
|
#define FLG_ENABLE_SYSTEM_CRIT_BREAKS 0x00100000 // user mode only
|
|
#define FLG_HEAP_DISABLE_COALESCING 0x00200000 // user mode only
|
|
#define FLG_ENABLE_CLOSE_EXCEPTIONS 0x00400000 // kernel mode only
|
|
#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000 // kernel mode only
|
|
|
|
#define FLG_ENABLE_HANDLE_TYPE_TAGGING 0x01000000 // kernel mode only
|
|
#define FLG_HEAP_PAGE_ALLOCS 0x02000000 // user mode only
|
|
#define FLG_DEBUG_INITIAL_COMMAND_EX 0x04000000 // kernel mode only up until WINLOGON started
|
|
#define FLG_DISABLE_DBGPRINT 0x08000000 // kernel mode only
|
|
|
|
#define FLG_CRITSEC_EVENT_CREATION 0x10000000 // user mode only, Force early creation of resource events
|
|
#define FLG_LDR_TOP_DOWN 0x20000000 // user mode only, win64 only
|
|
#define FLG_ENABLE_HANDLE_EXCEPTIONS 0x40000000 // kernel mode only
|
|
#define FLG_DISABLE_PROTDLLS 0x80000000 // user mode only (smss/winlogon)
|
|
|
|
#define FLG_VALID_BITS 0xFFFFFDFF
|
|
|
|
#define FLG_USERMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \
|
|
FLG_SHOW_LDR_SNAPS | \
|
|
FLG_HEAP_ENABLE_TAIL_CHECK | \
|
|
FLG_HEAP_ENABLE_FREE_CHECK | \
|
|
FLG_HEAP_VALIDATE_PARAMETERS | \
|
|
FLG_HEAP_VALIDATE_ALL | \
|
|
FLG_APPLICATION_VERIFIER | \
|
|
FLG_HEAP_ENABLE_TAGGING | \
|
|
FLG_USER_STACK_TRACE_DB | \
|
|
FLG_HEAP_ENABLE_TAG_BY_DLL | \
|
|
FLG_DISABLE_STACK_EXTENSION | \
|
|
FLG_ENABLE_SYSTEM_CRIT_BREAKS | \
|
|
FLG_HEAP_DISABLE_COALESCING | \
|
|
FLG_DISABLE_PROTDLLS | \
|
|
FLG_HEAP_PAGE_ALLOCS | \
|
|
FLG_CRITSEC_EVENT_CREATION | \
|
|
FLG_LDR_TOP_DOWN)
|
|
|
|
#define FLG_BOOTONLY_VALID_BITS (FLG_KERNEL_STACK_TRACE_DB | \
|
|
FLG_MAINTAIN_OBJECT_TYPELIST | \
|
|
FLG_ENABLE_CSRDEBUG | \
|
|
FLG_DEBUG_INITIAL_COMMAND | \
|
|
FLG_DEBUG_INITIAL_COMMAND_EX | \
|
|
FLG_DISABLE_PAGE_KERNEL_STACKS)
|
|
|
|
#define FLG_KERNELMODE_VALID_BITS (FLG_STOP_ON_EXCEPTION | \
|
|
FLG_SHOW_LDR_SNAPS | \
|
|
FLG_STOP_ON_HUNG_GUI | \
|
|
FLG_POOL_ENABLE_TAGGING | \
|
|
FLG_ENABLE_KDEBUG_SYMBOL_LOAD | \
|
|
FLG_ENABLE_CLOSE_EXCEPTIONS | \
|
|
FLG_ENABLE_EXCEPTION_LOGGING | \
|
|
FLG_ENABLE_HANDLE_TYPE_TAGGING | \
|
|
FLG_DISABLE_DBGPRINT | \
|
|
FLG_ENABLE_HANDLE_EXCEPTIONS \
|
|
)
|
|
|
|
//
|
|
// Routines for manipulating global atoms stored in kernel space
|
|
//
|
|
|
|
typedef USHORT RTL_ATOM, *PRTL_ATOM;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtAddAtom(
|
|
IN PWSTR AtomName OPTIONAL,
|
|
IN ULONG Length OPTIONAL,
|
|
OUT PRTL_ATOM Atom OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtFindAtom(
|
|
IN PWSTR AtomName,
|
|
IN ULONG Length,
|
|
OUT PRTL_ATOM Atom OPTIONAL
|
|
);
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtDeleteAtom(
|
|
IN RTL_ATOM Atom
|
|
);
|
|
|
|
typedef enum _ATOM_INFORMATION_CLASS {
|
|
AtomBasicInformation,
|
|
AtomTableInformation
|
|
} ATOM_INFORMATION_CLASS;
|
|
|
|
typedef struct _ATOM_BASIC_INFORMATION {
|
|
USHORT UsageCount;
|
|
USHORT Flags;
|
|
USHORT NameLength;
|
|
WCHAR Name[ 1 ];
|
|
} ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION;
|
|
|
|
typedef struct _ATOM_TABLE_INFORMATION {
|
|
ULONG NumberOfAtoms;
|
|
RTL_ATOM Atoms[ 1 ];
|
|
} ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION;
|
|
|
|
NTSYSCALLAPI
|
|
NTSTATUS
|
|
NTAPI
|
|
NtQueryInformationAtom(
|
|
IN RTL_ATOM Atom,
|
|
IN ATOM_INFORMATION_CLASS AtomInformationClass,
|
|
OUT PVOID AtomInformation,
|
|
IN ULONG AtomInformationLength,
|
|
OUT PULONG ReturnLength OPTIONAL
|
|
);
|
|
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|
|
|
|
#endif // _NTEXAPI_
|