1 ////////////////////////////////////////////////////////////////////
2 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
4 // This file was released under the GPLv2 on June 2015.
5 ////////////////////////////////////////////////////////////////////
7 //======================================================================
11 //======================================================================
13 #ifndef __NT_NATIVE_DEFS__H__
14 #define __NT_NATIVE_DEFS__H__
28 typedef struct _KTHREAD
*PKTHREAD
;
29 typedef struct _ETHREAD
*PETHREAD
;
30 typedef struct _EPROCESS
*PEPROCESS
;
31 typedef struct _PEB
*PPEB
;
32 typedef struct _KINTERRUPT
*PKINTERRUPT
;
33 typedef struct _IO_TIMER
*PIO_TIMER
;
34 typedef struct _OBJECT_TYPE
*POBJECT_TYPE
;
35 typedef struct _CALLBACK_OBJECT
*PCALLBACK_OBJECT
;
36 typedef struct _DEVICE_HANDLER_OBJECT
*PDEVICE_HANDLER_OBJECT
;
37 typedef struct _BUS_HANDLER
*PBUS_HANDLER
;
40 typedef ULONG ACCESS_MASK
;
41 typedef ACCESS_MASK
*PACCESS_MASK
;
46 #define LPDWORD PULONG
48 #define APIENTRY __stdcall
50 #define FASTCALL _fastcall
54 // The following are masks for the predefined standard access types
57 #define DELETE (0x00010000L)
58 #define READ_CONTROL (0x00020000L)
59 #define WRITE_DAC (0x00040000L)
60 #define WRITE_OWNER (0x00080000L)
61 #define SYNCHRONIZE (0x00100000L)
63 #define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
65 #define STANDARD_RIGHTS_READ (READ_CONTROL)
66 #define STANDARD_RIGHTS_WRITE (READ_CONTROL)
67 #define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
69 #define STANDARD_RIGHTS_ALL (0x001F0000L)
71 #define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
74 // AccessSystemAcl access type
77 #define ACCESS_SYSTEM_SECURITY (0x01000000L)
80 // MaximumAllowed access type
83 #define MAXIMUM_ALLOWED (0x02000000L)
86 // These are the generic rights.
89 #define GENERIC_READ (0x80000000L)
90 #define GENERIC_WRITE (0x40000000L)
91 #define GENERIC_EXECUTE (0x20000000L)
92 #define GENERIC_ALL (0x10000000L)
96 // Subroutines for dealing with the Registry
99 typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE
)(
103 IN ULONG ValueLength
,
105 IN PVOID EntryContext
108 typedef struct _RTL_QUERY_REGISTRY_TABLE
{
109 PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine
;
117 } RTL_QUERY_REGISTRY_TABLE
, *PRTL_QUERY_REGISTRY_TABLE
;
121 // The following flags specify how the Name field of a RTL_QUERY_REGISTRY_TABLE
122 // entry is interpreted. A NULL name indicates the end of the table.
125 #define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 // Name is a subkey and remainder of
126 // table or until next subkey are value
127 // names for that subkey to look at.
129 #define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 // Reset current key to original key for
130 // this and all following table entries.
132 #define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 // Fail if no match found for this table
135 #define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 // Used to mark a table entry that has no
136 // value name, just wants a call out, not
137 // an enumeration of all values.
139 #define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 // Used to suppress the expansion of
140 // REG_MULTI_SZ into multiple callouts or
141 // to prevent the expansion of environment
142 // variable values in REG_EXPAND_SZ
144 #define RTL_QUERY_REGISTRY_DIRECT 0x00000020 // QueryRoutine field ignored. EntryContext
145 // field points to location to store value.
146 // For null terminated strings, EntryContext
147 // points to UNICODE_STRING structure that
148 // that describes maximum size of buffer.
149 // If .Buffer field is NULL then a buffer is
153 #define RTL_QUERY_REGISTRY_DELETE 0x00000040 // Used to delete value keys after they
157 // The following values for the RelativeTo parameter determine what the
158 // Path parameter to RtlQueryRegistryValues is relative to.
161 #define RTL_REGISTRY_ABSOLUTE 0 // Path is a full path
162 #define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services
163 #define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control
164 #define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
165 #define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap
166 #define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser
167 #define RTL_REGISTRY_MAXIMUM 6
168 #define RTL_REGISTRY_HANDLE 0x40000000 // Low order bits are registry handle
169 #define RTL_REGISTRY_OPTIONAL 0x80000000 // Indicates the key node is optional
185 RtlIntegerToUnicodeString (
188 PUNICODE_STRING String
194 RtlUnicodeStringToInteger (
195 PUNICODE_STRING String
,
202 // String manipulation routines
207 #define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
208 #define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
212 #define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
213 #define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
217 extern BOOLEAN NLS_MB_CODE_PAGE_TAG
; // TRUE -> Multibyte CP, FALSE -> Singlebyte
218 extern BOOLEAN NLS_MB_OEM_CODE_PAGE_TAG
; // TRUE -> Multibyte CP, FALSE -> Singlebyte
224 PSTRING DestinationString
,
232 PANSI_STRING DestinationString
,
239 RtlInitUnicodeString(
240 PUNICODE_STRING DestinationString
,
249 PSTRING DestinationString
,
266 BOOLEAN CaseInSensitive
275 BOOLEAN CaseInSensitive
283 PSTRING DestinationString
,
288 // NLS String functions
294 RtlAnsiStringToUnicodeString(
295 PUNICODE_STRING DestinationString
,
296 PANSI_STRING SourceString
,
297 BOOLEAN AllocateDestinationString
304 RtlUnicodeStringToAnsiString(
305 PANSI_STRING DestinationString
,
306 PUNICODE_STRING SourceString
,
307 BOOLEAN AllocateDestinationString
314 RtlCompareUnicodeString(
315 PUNICODE_STRING String1
,
316 PUNICODE_STRING String2
,
317 BOOLEAN CaseInSensitive
323 RtlEqualUnicodeString(
324 PUNICODE_STRING String1
,
325 PUNICODE_STRING String2
,
326 BOOLEAN CaseInSensitive
332 RtlPrefixUnicodeString(
333 IN PUNICODE_STRING String1
,
334 IN PUNICODE_STRING String2
,
335 IN BOOLEAN CaseInSensitive
341 RtlUpcaseUnicodeString(
342 PUNICODE_STRING DestinationString
,
343 PUNICODE_STRING SourceString
,
344 BOOLEAN AllocateDestinationString
351 RtlCopyUnicodeString(
352 PUNICODE_STRING DestinationString
,
353 PUNICODE_STRING SourceString
359 RtlAppendUnicodeStringToString (
360 PUNICODE_STRING Destination
,
361 PUNICODE_STRING Source
367 RtlAppendUnicodeToString (
368 PUNICODE_STRING Destination
,
376 RtlFreeUnicodeString(
377 PUNICODE_STRING UnicodeString
384 PANSI_STRING AnsiString
391 RtlxAnsiStringToUnicodeSize(
392 PANSI_STRING AnsiString
399 // RtlAnsiStringToUnicodeSize(
400 // PANSI_STRING AnsiString
404 #define RtlAnsiStringToUnicodeSize(STRING) ( \
405 NLS_MB_CODE_PAGE_TAG ? \
406 RtlxAnsiStringToUnicodeSize(STRING) : \
407 ((STRING)->Length + sizeof((UCHAR)NULL)) * sizeof(WCHAR) \
415 PVOID FailedAssertion
,
421 #define ASSERT( exp ) \
423 RtlAssert( #exp, __FILE__, __LINE__, NULL )
425 #define ASSERTMSG( msg, exp ) \
427 RtlAssert( #exp, __FILE__, __LINE__, msg )
430 #define ASSERT( exp )
431 #define ASSERTMSG( msg, exp )
435 // Fast primitives to compare, move, and zero memory
438 // begin_winnt begin_ntndis
439 #if defined(_M_IX86) || defined(_M_MRX000) || defined(_M_ALPHA)
441 #if defined(_M_MRX000)
452 #define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length)))
455 #define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
456 #define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
457 #define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
458 #define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
475 VOID UNALIGNED
*Destination
,
476 CONST VOID UNALIGNED
*Source
,
484 VOID UNALIGNED
*Destination
,
485 CONST VOID UNALIGNED
*Source
,
493 VOID UNALIGNED
*Destination
,
494 CONST VOID UNALIGNED
*Source
,
502 VOID UNALIGNED
*Destination
,
511 VOID UNALIGNED
*Destination
,
515 // end_winnt end_ntndis
526 typedef struct _TIME_FIELDS
{
527 CSHORT Year
; // range [1601...]
528 CSHORT Month
; // range [1..12]
529 CSHORT Day
; // range [1..31]
530 CSHORT Hour
; // range [0..23]
531 CSHORT Minute
; // range [0..59]
532 CSHORT Second
; // range [0..59]
533 CSHORT Milliseconds
;// range [0..999]
534 CSHORT Weekday
; // range [0..6] == [Sunday..Saturday]
536 typedef TIME_FIELDS
*PTIME_FIELDS
;
542 RtlTimeToTimeFields (
544 PTIME_FIELDS TimeFields
548 // A time field record (Weekday ignored) -> 64 bit Time value
554 RtlTimeFieldsToTime (
555 PTIME_FIELDS TimeFields
,
560 // Define the generic mapping array. This is used to denote the
561 // mapping of each generic access right to a specific access mask.
564 typedef struct _GENERIC_MAPPING
{
565 ACCESS_MASK GenericRead
;
566 ACCESS_MASK GenericWrite
;
567 ACCESS_MASK GenericExecute
;
568 ACCESS_MASK GenericAll
;
570 typedef GENERIC_MAPPING
*PGENERIC_MAPPING
;
573 // Define the various device type values. Note that values used by Microsoft
574 // Corporation are in the range 0-32767, and 32768-65535 are reserved for use
578 #define DEVICE_TYPE ULONG
581 // Macro definition for defining IOCTL and FSCTL function control codes. Note
582 // that function codes 0-2047 are reserved for Microsoft Corporation, and
583 // 2048-4095 are reserved for customers.
586 #define CTL_CODE( DeviceType, Function, Method, Access ) ( \
587 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
591 // Define the method codes for how buffers are passed for I/O and FS controls
594 #define METHOD_BUFFERED 0
595 #define METHOD_IN_DIRECT 1
596 #define METHOD_OUT_DIRECT 2
597 #define METHOD_NEITHER 3
600 // Define the access check value for any access
603 // The FILE_READ_ACCESS and FILE_WRITE_ACCESS constants are also defined in
604 // ntioapi.h as FILE_READ_DATA and FILE_WRITE_DATA. The values for these
605 // constants *MUST* always be in sync.
609 #define FILE_ANY_ACCESS 0
610 #define FILE_READ_ACCESS ( 0x0001 ) // file & pipe
611 #define FILE_WRITE_ACCESS ( 0x0002 ) // file & pipe
617 // Define access rights to files and directories
621 // The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
622 // devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
623 // constants *MUST* always be in sync.
624 // The values are redefined in devioctl.h because they must be available to
628 #define FILE_READ_DATA ( 0x0001 ) // file & pipe
629 #define FILE_LIST_DIRECTORY ( 0x0001 ) // directory
631 #define FILE_WRITE_DATA ( 0x0002 ) // file & pipe
632 #define FILE_ADD_FILE ( 0x0002 ) // directory
634 #define FILE_APPEND_DATA ( 0x0004 ) // file
635 #define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory
636 #define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe
638 #define FILE_READ_EA ( 0x0008 ) // file & directory
640 #define FILE_WRITE_EA ( 0x0010 ) // file & directory
642 #define FILE_EXECUTE ( 0x0020 ) // file
643 #define FILE_TRAVERSE ( 0x0020 ) // directory
645 #define FILE_DELETE_CHILD ( 0x0040 ) // directory
647 #define FILE_READ_ATTRIBUTES ( 0x0080 ) // all
649 #define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all
651 #define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
653 #define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
655 FILE_READ_ATTRIBUTES |\
660 #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
662 FILE_WRITE_ATTRIBUTES |\
668 #define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
669 FILE_READ_ATTRIBUTES |\
677 // Define share access rights to files and directories
680 #define FILE_SHARE_READ 0x00000001 // winnt
681 #define FILE_SHARE_WRITE 0x00000002 // winnt
682 #define FILE_SHARE_DELETE 0x00000004 // winnt
683 #define FILE_SHARE_VALID_FLAGS 0x00000007
686 // Define the file attributes values
688 // Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
689 // and is therefore not considered valid in NT.
691 // Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
692 // and is therefore not considered valid in NT. This flag has
693 // been disassociated with file attributes since the other flags are
694 // protected with READ_ and WRITE_ATTRIBUTES access to the file.
696 // Note: Note also that the order of these flags is set to allow both the
697 // FAT and the Pinball File Systems to directly set the attributes
698 // flags in attributes words without having to pick each flag out
699 // individually. The order of these flags should not be changed!
702 #define FILE_ATTRIBUTE_READONLY 0x00000001 // winnt
703 #define FILE_ATTRIBUTE_HIDDEN 0x00000002 // winnt
704 #define FILE_ATTRIBUTE_SYSTEM 0x00000004 // winnt
705 #define FILE_ATTRIBUTE_DIRECTORY 0x00000010 // winnt
706 #define FILE_ATTRIBUTE_ARCHIVE 0x00000020 // winnt
707 #define FILE_ATTRIBUTE_NORMAL 0x00000080 // winnt
708 #define FILE_ATTRIBUTE_TEMPORARY 0x00000100 // winnt
709 #define FILE_ATTRIBUTE_RESERVED0 0x00000200
710 #define FILE_ATTRIBUTE_RESERVED1 0x00000400
711 #define FILE_ATTRIBUTE_COMPRESSED 0x00000800 // winnt
712 #define FILE_ATTRIBUTE_OFFLINE 0x00001000 // winnt
713 #define FILE_ATTRIBUTE_PROPERTY_SET 0x00002000
714 #define FILE_ATTRIBUTE_VALID_FLAGS 0x00003fb7
715 #define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x00003fa7
718 // Define the create disposition values
721 #define FILE_SUPERSEDE 0x00000000
722 #define FILE_OPEN 0x00000001
723 #define FILE_CREATE 0x00000002
724 #define FILE_OPEN_IF 0x00000003
725 #define FILE_OVERWRITE 0x00000004
726 #define FILE_OVERWRITE_IF 0x00000005
727 #define FILE_MAXIMUM_DISPOSITION 0x00000005
731 // Define the create/open option flags
734 #define FILE_DIRECTORY_FILE 0x00000001
735 #define FILE_WRITE_THROUGH 0x00000002
736 #define FILE_SEQUENTIAL_ONLY 0x00000004
737 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
739 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
740 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
741 #define FILE_NON_DIRECTORY_FILE 0x00000040
742 #define FILE_CREATE_TREE_CONNECTION 0x00000080
744 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
745 #define FILE_NO_EA_KNOWLEDGE 0x00000200
747 #define FILE_RANDOM_ACCESS 0x00000800
749 #define FILE_DELETE_ON_CLOSE 0x00001000
750 #define FILE_OPEN_BY_FILE_ID 0x00002000
751 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
752 #define FILE_NO_COMPRESSION 0x00008000
755 #define FILE_RESERVE_OPFILTER 0x00100000
756 #define FILE_TRANSACTED_MODE 0x00200000
757 #define FILE_OPEN_OFFLINE_FILE 0x00400000
759 #define FILE_VALID_OPTION_FLAGS 0x007fffff
760 #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
761 #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
762 #define FILE_VALID_SET_FLAGS 0x00000036
765 // Define the I/O status information return values for NtCreateFile/NtOpenFile
768 #define FILE_SUPERSEDED 0x00000000
769 #define FILE_OPENED 0x00000001
770 #define FILE_CREATED 0x00000002
771 #define FILE_OVERWRITTEN 0x00000003
772 #define FILE_EXISTS 0x00000004
773 #define FILE_DOES_NOT_EXIST 0x00000005
776 // Define special ByteOffset parameters for read and write operations
779 #define FILE_WRITE_TO_END_OF_FILE 0xffffffff
780 #define FILE_USE_FILE_POINTER_POSITION 0xfffffffe
783 // Define alignment requirement values
786 #define FILE_BYTE_ALIGNMENT 0x00000000
787 #define FILE_WORD_ALIGNMENT 0x00000001
788 #define FILE_LONG_ALIGNMENT 0x00000003
789 #define FILE_QUAD_ALIGNMENT 0x00000007
790 #define FILE_OCTA_ALIGNMENT 0x0000000f
791 #define FILE_32_BYTE_ALIGNMENT 0x0000001f
792 #define FILE_64_BYTE_ALIGNMENT 0x0000003f
793 #define FILE_128_BYTE_ALIGNMENT 0x0000007f
794 #define FILE_256_BYTE_ALIGNMENT 0x000000ff
795 #define FILE_512_BYTE_ALIGNMENT 0x000001ff
798 // Define the maximum length of a filename string
801 #define MAXIMUM_FILENAME_LENGTH 256
804 // Define the various device characteristics flags
807 #define FILE_REMOVABLE_MEDIA 0x00000001
808 #define FILE_READ_ONLY_DEVICE 0x00000002
809 #define FILE_FLOPPY_DISKETTE 0x00000004
810 #define FILE_WRITE_ONCE_MEDIA 0x00000008
811 #define FILE_REMOTE_DEVICE 0x00000010
812 #define FILE_DEVICE_IS_MOUNTED 0x00000020
813 #define FILE_VIRTUAL_VOLUME 0x00000040
815 #ifndef _FILESYSTEMFSCTL_
816 #define _FILESYSTEMFSCTL_
818 #endif // _FILESYSTEMFSCTL_
821 // The following is a list of the native file system fsctls followed by
822 // additional network file system fsctls. Some values have been
826 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
827 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
828 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
829 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
830 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
831 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
832 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
833 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
834 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
835 // decommissioned fsctl value 9
836 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
837 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) // PATHNAME_BUFFER,
838 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
839 // decommissioned fsctl value 13
840 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
841 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
842 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
843 // decommissioned fsctl value 17
844 // decommissioned fsctl value 18
845 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
846 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
847 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
848 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) // FSCTL_QUERY_FAT_BPB_BUFFER
849 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
850 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) // FILESYSTEM_STATISTICS
851 #if(_WIN32_WINNT >= 0x0400)
852 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) // NTFS_VOLUME_DATA_BUFFER
853 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) // NTFS_FILE_RECORD_INPUT_BUFFER, NTFS_FILE_RECORD_OUTPUT_BUFFER
854 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) // STARTING_LCN_INPUT_BUFFER, VOLUME_BITMAP_BUFFER
855 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) // STARTING_VCN_INPUT_BUFFER, RETRIEVAL_POINTERS_BUFFER
856 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) // MOVE_FILE_DATA,
857 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
858 // decomissioned fsctl value 31
859 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
860 #endif /* _WIN32_WINNT >= 0x0400 */
863 // Define the base asynchronous I/O argument types
866 typedef struct _IO_STATUS_BLOCK
{
869 } IO_STATUS_BLOCK
, *PIO_STATUS_BLOCK
;
872 // Define an Asynchronous Procedure Call from I/O viewpoint
879 IN PIO_STATUS_BLOCK IoStatusBlock
,
884 // Define the file information class values
886 // WARNING: The order of the following values are assumed by the I/O system.
887 // Any changes made here should be reflected there as well.
890 typedef enum _FILE_INFORMATION_CLASS
{
891 FileDirectoryInformation
= 1,
892 FileFullDirectoryInformation
,
893 FileBothDirectoryInformation
,
894 FileBasicInformation
,
895 FileStandardInformation
,
896 FileInternalInformation
,
898 FileAccessInformation
,
900 FileRenameInformation
,
902 FileNamesInformation
,
903 FileDispositionInformation
,
904 FilePositionInformation
,
905 FileFullEaInformation
,
907 FileAlignmentInformation
,
909 FileAllocationInformation
,
910 FileEndOfFileInformation
,
911 FileAlternateNameInformation
,
912 FileStreamInformation
,
914 FilePipeLocalInformation
,
915 FilePipeRemoteInformation
,
916 FileMailslotQueryInformation
,
917 FileMailslotSetInformation
,
918 FileCompressionInformation
,
919 FileCopyOnWriteInformation
,
920 FileCompletionInformation
,
921 FileMoveClusterInformation
,
922 FileOleClassIdInformation
,
923 FileOleStateBitsInformation
,
924 FileNetworkOpenInformation
,
925 FileObjectIdInformation
,
926 FileOleAllInformation
,
927 FileOleDirectoryInformation
,
928 FileContentIndexInformation
,
929 FileInheritContentIndexInformation
,
931 FileMaximumInformation
932 } FILE_INFORMATION_CLASS
, *PFILE_INFORMATION_CLASS
;
935 // Define the various structures which are returned on query operations
938 typedef struct _FILE_BASIC_INFORMATION
{
939 LARGE_INTEGER CreationTime
;
940 LARGE_INTEGER LastAccessTime
;
941 LARGE_INTEGER LastWriteTime
;
942 LARGE_INTEGER ChangeTime
;
943 ULONG FileAttributes
;
944 } FILE_BASIC_INFORMATION
, *PFILE_BASIC_INFORMATION
;
946 typedef struct _FILE_STANDARD_INFORMATION
{
947 LARGE_INTEGER AllocationSize
;
948 LARGE_INTEGER EndOfFile
;
950 BOOLEAN DeletePending
;
952 } FILE_STANDARD_INFORMATION
, *PFILE_STANDARD_INFORMATION
;
954 typedef struct _FILE_POSITION_INFORMATION
{
955 LARGE_INTEGER CurrentByteOffset
;
956 } FILE_POSITION_INFORMATION
, *PFILE_POSITION_INFORMATION
;
958 typedef struct _FILE_ALIGNMENT_INFORMATION
{
959 ULONG AlignmentRequirement
;
960 } FILE_ALIGNMENT_INFORMATION
, *PFILE_ALIGNMENT_INFORMATION
;
962 typedef struct _FILE_NETWORK_OPEN_INFORMATION
{
963 LARGE_INTEGER CreationTime
;
964 LARGE_INTEGER LastAccessTime
;
965 LARGE_INTEGER LastWriteTime
;
966 LARGE_INTEGER ChangeTime
;
967 LARGE_INTEGER AllocationSize
;
968 LARGE_INTEGER EndOfFile
;
969 ULONG FileAttributes
;
970 } FILE_NETWORK_OPEN_INFORMATION
, *PFILE_NETWORK_OPEN_INFORMATION
;
972 typedef struct _FILE_DISPOSITION_INFORMATION
{
974 } FILE_DISPOSITION_INFORMATION
, *PFILE_DISPOSITION_INFORMATION
;
976 typedef struct _FILE_END_OF_FILE_INFORMATION
{
977 LARGE_INTEGER EndOfFile
;
978 } FILE_END_OF_FILE_INFORMATION
, *PFILE_END_OF_FILE_INFORMATION
;
981 typedef struct _FILE_FULL_EA_INFORMATION
{
982 ULONG NextEntryOffset
;
985 USHORT EaValueLength
;
987 } FILE_FULL_EA_INFORMATION
, *PFILE_FULL_EA_INFORMATION
;
990 // Define the file system information class values
992 // WARNING: The order of the following values are assumed by the I/O system.
993 // Any changes made here should be reflected there as well.
995 typedef enum _FSINFOCLASS
{
996 FileFsVolumeInformation
= 1,
997 FileFsLabelInformation
,
998 FileFsSizeInformation
,
999 FileFsDeviceInformation
,
1000 FileFsAttributeInformation
,
1001 FileFsControlInformation
,
1002 FileFsQuotaQueryInformation
, // temporary
1003 FileFsQuotaSetInformation
, // temporary
1004 FileFsMaximumInformation
1005 } FS_INFORMATION_CLASS
, *PFS_INFORMATION_CLASS
;
1007 typedef struct _FILE_FS_DEVICE_INFORMATION
{
1008 DEVICE_TYPE DeviceType
;
1009 ULONG Characteristics
;
1010 } FILE_FS_DEVICE_INFORMATION
, *PFILE_FS_DEVICE_INFORMATION
;
1013 // Registry Specific Access Rights.
1016 #define KEY_QUERY_VALUE (0x0001)
1017 #define KEY_SET_VALUE (0x0002)
1018 #define KEY_CREATE_SUB_KEY (0x0004)
1019 #define KEY_ENUMERATE_SUB_KEYS (0x0008)
1020 #define KEY_NOTIFY (0x0010)
1021 #define KEY_CREATE_LINK (0x0020)
1023 #define KEY_READ ((STANDARD_RIGHTS_READ |\
1025 KEY_ENUMERATE_SUB_KEYS |\
1031 #define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\
1033 KEY_CREATE_SUB_KEY) \
1037 #define KEY_EXECUTE ((KEY_READ) \
1041 #define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\
1044 KEY_CREATE_SUB_KEY |\
1045 KEY_ENUMERATE_SUB_KEYS |\
1052 // Open/Create Options
1055 #define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved
1057 #define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved
1058 // when system is rebooted
1060 #define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved
1061 // when system is rebooted
1063 #define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a
1066 #define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore
1067 // special access rules
1068 // privilege required
1070 #define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link
1072 #define REG_LEGAL_OPTION \
1073 (REG_OPTION_RESERVED |\
1074 REG_OPTION_NON_VOLATILE |\
1075 REG_OPTION_VOLATILE |\
1076 REG_OPTION_CREATE_LINK |\
1077 REG_OPTION_BACKUP_RESTORE |\
1078 REG_OPTION_OPEN_LINK)
1081 // Key creation/open disposition
1084 #define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created
1085 #define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened
1088 // Key restore flags
1091 #define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile
1092 #define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush
1093 #define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive
1096 // Key query structures
1099 typedef struct _KEY_BASIC_INFORMATION
{
1100 LARGE_INTEGER LastWriteTime
;
1103 WCHAR Name
[1]; // Variable length string
1104 } KEY_BASIC_INFORMATION
, *PKEY_BASIC_INFORMATION
;
1106 typedef struct _KEY_NODE_INFORMATION
{
1107 LARGE_INTEGER LastWriteTime
;
1112 WCHAR Name
[1]; // Variable length string
1113 // Class[1]; // Variable length string not declared
1114 } KEY_NODE_INFORMATION
, *PKEY_NODE_INFORMATION
;
1116 typedef struct _KEY_FULL_INFORMATION
{
1117 LARGE_INTEGER LastWriteTime
;
1125 ULONG MaxValueNameLen
;
1126 ULONG MaxValueDataLen
;
1127 WCHAR Class
[1]; // Variable length
1128 } KEY_FULL_INFORMATION
, *PKEY_FULL_INFORMATION
;
1130 typedef enum _KEY_INFORMATION_CLASS
{
1131 KeyBasicInformation
,
1134 } KEY_INFORMATION_CLASS
;
1136 typedef struct _KEY_WRITE_TIME_INFORMATION
{
1137 LARGE_INTEGER LastWriteTime
;
1138 } KEY_WRITE_TIME_INFORMATION
, *PKEY_WRITE_TIME_INFORMATION
;
1140 typedef enum _KEY_SET_INFORMATION_CLASS
{
1141 KeyWriteTimeInformation
1142 } KEY_SET_INFORMATION_CLASS
;
1145 // Value entry query structures
1148 typedef struct _KEY_VALUE_BASIC_INFORMATION
{
1152 WCHAR Name
[1]; // Variable size
1153 } KEY_VALUE_BASIC_INFORMATION
, *PKEY_VALUE_BASIC_INFORMATION
;
1155 typedef struct _KEY_VALUE_FULL_INFORMATION
{
1161 WCHAR Name
[1]; // Variable size
1162 // Data[1]; // Variable size data not declared
1163 } KEY_VALUE_FULL_INFORMATION
, *PKEY_VALUE_FULL_INFORMATION
;
1165 typedef struct _KEY_VALUE_PARTIAL_INFORMATION
{
1169 UCHAR Data
[1]; // Variable size
1170 } KEY_VALUE_PARTIAL_INFORMATION
, *PKEY_VALUE_PARTIAL_INFORMATION
;
1172 typedef struct _KEY_VALUE_ENTRY
{
1173 PUNICODE_STRING ValueName
;
1177 } KEY_VALUE_ENTRY
, *PKEY_VALUE_ENTRY
;
1179 typedef enum _KEY_VALUE_INFORMATION_CLASS
{
1180 KeyValueBasicInformation
,
1181 KeyValueFullInformation
,
1182 KeyValuePartialInformation
1183 } KEY_VALUE_INFORMATION_CLASS
;
1190 IN HANDLE KeyHandle
,
1192 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1193 IN PVOID KeyInformation
,
1195 IN PULONG ResultLength
1202 OUT PHANDLE KeyHandle
,
1203 IN ACCESS_MASK DesiredAccess
,
1204 IN POBJECT_ATTRIBUTES ObjectAttributes
1211 IN HANDLE KeyHandle
,
1212 IN PUNICODE_STRING ValueName
,
1213 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1214 IN PVOID KeyValueInformation
,
1216 IN PULONG ResultLength
1223 IN HANDLE KeyHandle
,
1224 IN PUNICODE_STRING ValueName
,
1225 IN ULONG TitleIndex OPTIONAL
,
1235 IN HANDLE KeyHandle
,
1236 IN PUNICODE_STRING ValueName
1240 #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
1243 // Object Manager Object Type Specific Access Rights.
1246 #define OBJECT_TYPE_CREATE (0x0001)
1248 #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
1251 // Object Manager Directory Specific Access Rights.
1254 #define DIRECTORY_QUERY (0x0001)
1255 #define DIRECTORY_TRAVERSE (0x0002)
1256 #define DIRECTORY_CREATE_OBJECT (0x0004)
1257 #define DIRECTORY_CREATE_SUBDIRECTORY (0x0008)
1259 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
1262 // Object Manager Symbolic Link Specific Access Rights.
1265 #define SYMBOLIC_LINK_QUERY (0x0001)
1267 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
1269 typedef struct _OBJECT_NAME_INFORMATION
{
1270 UNICODE_STRING Name
;
1271 } OBJECT_NAME_INFORMATION
, *POBJECT_NAME_INFORMATION
;
1274 // Section Information Structures.
1277 typedef enum _SECTION_INHERIT
{
1283 // Section Access Rights.
1287 #define SECTION_QUERY 0x0001
1288 #define SECTION_MAP_WRITE 0x0002
1289 #define SECTION_MAP_READ 0x0004
1290 #define SECTION_MAP_EXECUTE 0x0008
1291 #define SECTION_EXTEND_SIZE 0x0010
1293 #define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
1294 SECTION_MAP_WRITE | \
1295 SECTION_MAP_READ | \
1296 SECTION_MAP_EXECUTE | \
1297 SECTION_EXTEND_SIZE)
1300 #define SEGMENT_ALL_ACCESS SECTION_ALL_ACCESS
1302 #define PAGE_NOACCESS 0x01 // winnt
1303 #define PAGE_READONLY 0x02 // winnt
1304 #define PAGE_READWRITE 0x04 // winnt
1305 #define PAGE_WRITECOPY 0x08 // winnt
1306 #define PAGE_EXECUTE 0x10 // winnt
1307 #define PAGE_EXECUTE_READ 0x20 // winnt
1308 #define PAGE_EXECUTE_READWRITE 0x40 // winnt
1309 #define PAGE_EXECUTE_WRITECOPY 0x80 // winnt
1310 #define PAGE_GUARD 0x100 // winnt
1311 #define PAGE_NOCACHE 0x200 // winnt
1313 #define MEM_COMMIT 0x1000
1314 #define MEM_RESERVE 0x2000
1315 #define MEM_DECOMMIT 0x4000
1316 #define MEM_RELEASE 0x8000
1317 #define MEM_FREE 0x10000
1318 #define MEM_PRIVATE 0x20000
1319 #define MEM_MAPPED 0x40000
1320 #define MEM_RESET 0x80000
1321 #define MEM_TOP_DOWN 0x100000
1322 #define MEM_LARGE_PAGES 0x20000000
1323 #define SEC_RESERVE 0x4000000
1324 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
1328 #define MAXIMUM_PROCESSORS 32
1333 // Thread Specific Access Rights
1336 #define THREAD_TERMINATE (0x0001) // winnt
1337 #define THREAD_SET_INFORMATION (0x0020) // winnt
1339 #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
1346 typedef struct _CLIENT_ID
{
1347 HANDLE UniqueProcess
;
1348 HANDLE UniqueThread
;
1350 typedef CLIENT_ID
*PCLIENT_ID
;
1353 // Define the size of the 80387 save area, which is in the context frame.
1356 #define SIZE_OF_80387_REGISTERS 80
1359 // The following flags control the contents of the CONTEXT structure.
1362 #if !defined(RC_INVOKED)
1364 #define CONTEXT_i386 0x00010000 // this assumes that i386 and
1365 #define CONTEXT_i486 0x00010000 // i486 have identical context records
1369 #define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
1370 #define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
1371 #define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
1372 #define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
1373 #define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
1375 #define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
1382 typedef struct _FLOATING_SAVE_AREA
{
1387 ULONG ErrorSelector
;
1390 UCHAR RegisterArea
[SIZE_OF_80387_REGISTERS
];
1392 } FLOATING_SAVE_AREA
;
1394 typedef FLOATING_SAVE_AREA
*PFLOATING_SAVE_AREA
;
1399 // This frame has a several purposes: 1) it is used as an argument to
1400 // NtContinue, 2) is is used to constuct a call frame for APC delivery,
1401 // and 3) it is used in the user level thread creation routines.
1403 // The layout of the record conforms to a standard call frame.
1406 typedef struct _CONTEXT
{
1409 // The flags values within this flag control the contents of
1410 // a CONTEXT record.
1412 // If the context record is used as an input parameter, then
1413 // for each portion of the context record controlled by a flag
1414 // whose value is set, it is assumed that that portion of the
1415 // context record contains valid context. If the context record
1416 // is being used to modify a threads context, then only that
1417 // portion of the threads context will be modified.
1419 // If the context record is used as an IN OUT parameter to capture
1420 // the context of a thread, then only those portions of the thread's
1421 // context corresponding to set flags will be returned.
1423 // The context record is never used as an OUT only parameter.
1429 // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
1430 // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
1431 // included in CONTEXT_FULL.
1442 // This section is specified/returned if the
1443 // ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
1446 FLOATING_SAVE_AREA FloatSave
;
1449 // This section is specified/returned if the
1450 // ContextFlags word contians the flag CONTEXT_SEGMENTS.
1459 // This section is specified/returned if the
1460 // ContextFlags word contians the flag CONTEXT_INTEGER.
1471 // This section is specified/returned if the
1472 // ContextFlags word contians the flag CONTEXT_CONTROL.
1477 ULONG SegCs
; // MUST BE SANITIZED
1478 ULONG EFlags
; // MUST BE SANITIZED
1486 typedef CONTEXT
*PCONTEXT
;
1489 // Predefined Value Types.
1492 #define REG_NONE ( 0 ) // No value type
1493 #define REG_SZ ( 1 ) // Unicode nul terminated string
1494 #define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string
1495 // (with environment variable references)
1496 #define REG_BINARY ( 3 ) // Free form binary
1497 #define REG_DWORD ( 4 ) // 32-bit number
1498 #define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD)
1499 #define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number
1500 #define REG_LINK ( 6 ) // Symbolic Link (unicode)
1501 #define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings
1502 #define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map
1503 #define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description
1504 #define REG_RESOURCE_REQUIREMENTS_LIST ( 10 )
1509 InterlockedIncrement(
1515 InterlockedDecrement(
1521 InterlockedExchange(
1522 IN OUT PLONG Target,
1528 InterlockedExchangeAdd(
1529 IN OUT PLONG Addend,
1535 InterlockedCompareExchange(
1536 IN OUT PVOID *Destination,
1542 // Environment information, which includes command line and
1547 UNICODE_STRING CommandLine
;
1548 UNICODE_STRING ImageFile
;
1549 } ENVIRONMENT_INFORMATION
, *PENVIRONMENT_INFORMATION
;
1552 // This structure is passed as NtProcessStartup's parameter
1556 PENVIRONMENT_INFORMATION Environment
;
1557 } STARTUP_ARGUMENT
, *PSTARTUP_ARGUMENT
;
1560 // Data structure for heap definition. This includes various
1561 // sizing parameters and callback routines, which, if left NULL,
1562 // result in default behavior
1567 } RTL_HEAP_DEFINITION
, *PRTL_HEAP_DEFINITION
;
1570 // Native NT api function to write something to the boot-time
1576 PUNICODE_STRING String
1580 // Native applications must kill themselves when done - the job
1581 // of this native API
1586 HANDLE ProcessHandle
,
1591 // Thread start function
1596 (*PKSTART_ROUTINE
) (
1597 IN PVOID StartContext
1600 typedef struct StackInfo_t
{
1604 ULONG OnePageBelowTopOfStack
;
1605 ULONG BottomOfStack
;
1606 } STACKINFO
, *PSTACKINFO
;
1612 OUT PHANDLE phThread
,
1613 IN ACCESS_MASK AccessMask
,
1614 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1616 OUT PCLIENT_ID pClientId
,
1617 IN PCONTEXT pContext
,
1618 OUT PSTACKINFO pStackInfo
,
1619 IN BOOLEAN bSuspended
1623 PsCreateSystemThread(
1624 OUT PHANDLE ThreadHandle,
1625 IN ACCESS_MASK DesiredAccess,
1626 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1627 IN HANDLE ProcessHandle OPTIONAL,
1628 OUT PCLIENT_ID ClientId OPTIONAL,
1629 IN PKSTART_ROUTINE StartRoutine,
1630 IN PVOID StartContext
1635 IN HANDLE ThreadHandle OPTIONAL
,
1636 IN NTSTATUS ExitStatus
1642 PULONG MajorVersion OPTIONAL,
1643 PULONG MinorVersion OPTIONAL,
1644 PULONG BuildNumber OPTIONAL,
1645 PUNICODE_STRING CSDVersion OPTIONAL
1649 PsGetCurrentProcessId( VOID );
1652 PsGetCurrentThreadId( VOID );
1655 // Definition to represent current process
1657 #define NtCurrentProcess() ( (HANDLE) -1 )
1660 (*PRTL_HEAP_COMMIT_ROUTINE
)(
1662 IN OUT PVOID
*CommitAddress
,
1663 IN OUT PULONG CommitSize
1666 typedef struct _RTL_HEAP_PARAMETERS
{
1668 ULONG SegmentReserve
;
1669 ULONG SegmentCommit
;
1670 ULONG DeCommitFreeBlockThreshold
;
1671 ULONG DeCommitTotalFreeThreshold
;
1672 ULONG MaximumAllocationSize
;
1673 ULONG VirtualMemoryThreshold
;
1674 ULONG InitialCommit
;
1675 ULONG InitialReserve
;
1676 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
1677 ULONG Reserved
[ 2 ];
1678 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
1685 IN PVOID HeapBase OPTIONAL
,
1686 IN ULONG ReserveSize OPTIONAL
,
1687 IN ULONG CommitSize OPTIONAL
,
1688 IN PVOID Lock OPTIONAL
,
1689 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
1692 #define HEAP_NO_SERIALIZE 0x00000001 // winnt
1693 #define HEAP_GROWABLE 0x00000002 // winnt
1694 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 // winnt
1695 #define HEAP_ZERO_MEMORY 0x00000008 // winnt
1696 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 // winnt
1697 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 // winnt
1698 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 // winnt
1699 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 // winnt
1701 #define HEAP_CREATE_ALIGN_16 0x00010000 // winnt Create heap with 16 byte alignment
1702 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 // winnt Create heap call tracing enabled
1704 #define HEAP_SETTABLE_USER_VALUE 0x00000100
1705 #define HEAP_SETTABLE_USER_FLAG1 0x00000200
1706 #define HEAP_SETTABLE_USER_FLAG2 0x00000400
1707 #define HEAP_SETTABLE_USER_FLAG3 0x00000800
1708 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00
1710 #define HEAP_CLASS_0 0x00000000 // process heap
1711 #define HEAP_CLASS_1 0x00001000 // private heap
1712 #define HEAP_CLASS_2 0x00002000 // Kernel Heap
1713 #define HEAP_CLASS_3 0x00003000 // GDI heap
1714 #define HEAP_CLASS_4 0x00004000 // User heap
1715 #define HEAP_CLASS_5 0x00005000 // Console heap
1716 #define HEAP_CLASS_6 0x00006000 // User Desktop heap
1717 #define HEAP_CLASS_7 0x00007000 // Csrss Shared heap
1718 #define HEAP_CLASS_8 0x00008000 // Csr Port heap
1719 #define HEAP_CLASS_MASK 0x0000F000
1721 #define HEAP_MAXIMUM_TAG 0x0FFF // winnt
1722 #define HEAP_GLOBAL_TAG 0x0800
1723 #define HEAP_PSEUDO_TAG_FLAG 0x8000 // winnt
1724 #define HEAP_TAG_SHIFT 16 // winnt
1725 #define HEAP_MAKE_TAG_FLAGS( b, o ) ((ULONG)((b) + ((o) << 16))) // winnt
1726 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
1728 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
1730 HEAP_GENERATE_EXCEPTIONS | \
1731 HEAP_ZERO_MEMORY | \
1732 HEAP_REALLOC_IN_PLACE_ONLY | \
1733 HEAP_TAIL_CHECKING_ENABLED | \
1734 HEAP_FREE_CHECKING_ENABLED | \
1735 HEAP_DISABLE_COALESCE_ON_FREE | \
1737 HEAP_CREATE_ALIGN_16 | \
1738 HEAP_CREATE_ENABLE_TRACING)
1748 // Heap allocation function (ala "malloc")
1759 // Heap free function (ala "free")
1773 OUT PHANDLE FileHandle
,
1774 IN ACCESS_MASK DesiredAccess
,
1775 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1776 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1777 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
1778 IN ULONG FileAttributes
,
1779 IN ULONG ShareAccess
,
1780 IN ULONG CreateDisposition
,
1781 IN ULONG CreateOptions
,
1782 IN PVOID EaBuffer OPTIONAL
,
1791 IN ACCESS_MASK DesiredAccess
,
1792 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1793 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1801 NtDeviceIoControlFile(
1803 IN HANDLE hEvent OPTIONAL
,
1804 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1805 IN PVOID IoApcContext OPTIONAL
,
1806 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1807 IN ULONG DeviceIoControlCode
,
1808 IN PVOID InBuffer OPTIONAL
,
1809 IN ULONG InBufferLength
,
1810 OUT PVOID OutBuffer OPTIONAL
,
1811 IN ULONG OutBufferLength
1819 IN HANDLE hEvent OPTIONAL
,
1820 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1821 IN PVOID IoApcContext OPTIONAL
,
1822 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1823 IN ULONG DeviceIoControlCode
,
1824 IN PVOID InBuffer OPTIONAL
,
1825 IN ULONG InBufferLength
,
1826 OUT PVOID OutBuffer OPTIONAL
,
1827 IN ULONG OutBufferLength
1835 IN HANDLE hEvent OPTIONAL
,
1836 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1837 IN PVOID IoApcContext OPTIONAL
,
1838 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1839 OUT PVOID ReadBuffer
,
1840 IN ULONG ReadBufferLength
,
1841 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1842 IN PULONG LockOperationKey
1850 IN HANDLE hEvent OPTIONAL
,
1851 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1852 IN PVOID IoApcContext OPTIONAL
,
1853 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1854 IN PVOID WriteBuffer
,
1855 IN ULONG WriteBufferLength
,
1856 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1857 IN PULONG LockOperationKey OPTIONAL
1863 NtQueryInformationFile(
1865 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1866 OUT PVOID FileInformationBuffer
,
1867 IN ULONG FileInformationBufferLength
,
1868 IN FILE_INFORMATION_CLASS FileInfoClass
1874 NtSetInformationFile(
1876 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1877 IN PVOID FileInformationBuffer
,
1878 IN ULONG FileInformationBufferLength
,
1879 IN FILE_INFORMATION_CLASS FileInfoClass
1891 NtWaitForSingleObject(
1893 IN BOOLEAN bAlertable
,
1894 IN PLARGE_INTEGER Timeout
1900 IN BOOLEAN Alertable
,
1901 IN PLARGE_INTEGER DelayInterval
1906 #endif //__cplusplus
1908 #endif //__NT_NATIVE_DEFS__H__