1 ////////////////////////////////////////////////////////////////////
2 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
4 // This file was released under the GPLv2 on June 2015.
5 ////////////////////////////////////////////////////////////////////
7 //======================================================================
11 //======================================================================
13 #ifndef __NT_NATIVE_DEFS__H__
14 #define __NT_NATIVE_DEFS__H__
28 typedef struct _KTHREAD
*PKTHREAD
;
29 typedef struct _ETHREAD
*PETHREAD
;
30 typedef struct _EPROCESS
*PEPROCESS
;
31 typedef struct _PEB
*PPEB
;
32 typedef struct _KINTERRUPT
*PKINTERRUPT
;
33 typedef struct _IO_TIMER
*PIO_TIMER
;
34 typedef struct _OBJECT_TYPE
*POBJECT_TYPE
;
35 typedef struct _CALLBACK_OBJECT
*PCALLBACK_OBJECT
;
36 typedef struct _DEVICE_HANDLER_OBJECT
*PDEVICE_HANDLER_OBJECT
;
37 typedef struct _BUS_HANDLER
*PBUS_HANDLER
;
40 typedef ULONG ACCESS_MASK
;
41 typedef ACCESS_MASK
*PACCESS_MASK
;
46 #define LPDWORD PULONG
48 #define APIENTRY __stdcall
50 #define FASTCALL _fastcall
54 // The following are masks for the predefined standard access types
57 #define DELETE (0x00010000L)
58 #define READ_CONTROL (0x00020000L)
59 #define WRITE_DAC (0x00040000L)
60 #define WRITE_OWNER (0x00080000L)
61 #define SYNCHRONIZE (0x00100000L)
63 #define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
65 #define STANDARD_RIGHTS_READ (READ_CONTROL)
66 #define STANDARD_RIGHTS_WRITE (READ_CONTROL)
67 #define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
69 #define STANDARD_RIGHTS_ALL (0x001F0000L)
71 #define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
74 // AccessSystemAcl access type
77 #define ACCESS_SYSTEM_SECURITY (0x01000000L)
80 // MaximumAllowed access type
83 #define MAXIMUM_ALLOWED (0x02000000L)
86 // These are the generic rights.
89 #define GENERIC_READ (0x80000000L)
90 #define GENERIC_WRITE (0x40000000L)
91 #define GENERIC_EXECUTE (0x20000000L)
92 #define GENERIC_ALL (0x10000000L)
96 // Subroutines for dealing with the Registry
99 typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE
)(
103 IN ULONG ValueLength
,
105 IN PVOID EntryContext
108 typedef struct _RTL_QUERY_REGISTRY_TABLE
{
109 PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine
;
117 } RTL_QUERY_REGISTRY_TABLE
, *PRTL_QUERY_REGISTRY_TABLE
;
121 // The following flags specify how the Name field of a RTL_QUERY_REGISTRY_TABLE
122 // entry is interpreted. A NULL name indicates the end of the table.
125 #define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 // Name is a subkey and remainder of
126 // table or until next subkey are value
127 // names for that subkey to look at.
129 #define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 // Reset current key to original key for
130 // this and all following table entries.
132 #define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 // Fail if no match found for this table
135 #define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 // Used to mark a table entry that has no
136 // value name, just wants a call out, not
137 // an enumeration of all values.
139 #define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 // Used to suppress the expansion of
140 // REG_MULTI_SZ into multiple callouts or
141 // to prevent the expansion of environment
142 // variable values in REG_EXPAND_SZ
144 #define RTL_QUERY_REGISTRY_DIRECT 0x00000020 // QueryRoutine field ignored. EntryContext
145 // field points to location to store value.
146 // For null terminated strings, EntryContext
147 // points to UNICODE_STRING structure that
148 // that describes maximum size of buffer.
149 // If .Buffer field is NULL then a buffer is
153 #define RTL_QUERY_REGISTRY_DELETE 0x00000040 // Used to delete value keys after they
157 // The following values for the RelativeTo parameter determine what the
158 // Path parameter to RtlQueryRegistryValues is relative to.
161 #define RTL_REGISTRY_ABSOLUTE 0 // Path is a full path
162 #define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services
163 #define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control
164 #define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
165 #define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap
166 #define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser
167 #define RTL_REGISTRY_MAXIMUM 6
168 #define RTL_REGISTRY_HANDLE 0x40000000 // Low order bits are registry handle
169 #define RTL_REGISTRY_OPTIONAL 0x80000000 // Indicates the key node is optional
185 RtlIntegerToUnicodeString (
188 PUNICODE_STRING String
194 RtlUnicodeStringToInteger (
195 PUNICODE_STRING String
,
202 // String manipulation routines
207 #define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
208 #define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
212 #define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
213 #define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
217 extern BOOLEAN NLS_MB_CODE_PAGE_TAG
; // TRUE -> Multibyte CP, FALSE -> Singlebyte
218 extern BOOLEAN NLS_MB_OEM_CODE_PAGE_TAG
; // TRUE -> Multibyte CP, FALSE -> Singlebyte
224 PSTRING DestinationString
,
232 PANSI_STRING DestinationString
,
239 RtlInitUnicodeString(
240 PUNICODE_STRING DestinationString
,
249 PSTRING DestinationString
,
266 BOOLEAN CaseInSensitive
275 BOOLEAN CaseInSensitive
283 PSTRING DestinationString
,
288 // NLS String functions
294 RtlAnsiStringToUnicodeString(
295 PUNICODE_STRING DestinationString
,
296 PANSI_STRING SourceString
,
297 BOOLEAN AllocateDestinationString
304 RtlUnicodeStringToAnsiString(
305 PANSI_STRING DestinationString
,
306 PUNICODE_STRING SourceString
,
307 BOOLEAN AllocateDestinationString
314 RtlCompareUnicodeString(
315 PUNICODE_STRING String1
,
316 PUNICODE_STRING String2
,
317 BOOLEAN CaseInSensitive
323 RtlEqualUnicodeString(
324 PUNICODE_STRING String1
,
325 PUNICODE_STRING String2
,
326 BOOLEAN CaseInSensitive
332 RtlPrefixUnicodeString(
333 IN PUNICODE_STRING String1
,
334 IN PUNICODE_STRING String2
,
335 IN BOOLEAN CaseInSensitive
341 RtlUpcaseUnicodeString(
342 PUNICODE_STRING DestinationString
,
343 PUNICODE_STRING SourceString
,
344 BOOLEAN AllocateDestinationString
351 RtlCopyUnicodeString(
352 PUNICODE_STRING DestinationString
,
353 PUNICODE_STRING SourceString
359 RtlAppendUnicodeStringToString (
360 PUNICODE_STRING Destination
,
361 PUNICODE_STRING Source
367 RtlAppendUnicodeToString (
368 PUNICODE_STRING Destination
,
376 RtlFreeUnicodeString(
377 PUNICODE_STRING UnicodeString
384 PANSI_STRING AnsiString
391 RtlxAnsiStringToUnicodeSize(
392 PANSI_STRING AnsiString
399 // RtlAnsiStringToUnicodeSize(
400 // PANSI_STRING AnsiString
404 #define RtlAnsiStringToUnicodeSize(STRING) ( \
405 NLS_MB_CODE_PAGE_TAG ? \
406 RtlxAnsiStringToUnicodeSize(STRING) : \
407 ((STRING)->Length + sizeof((UCHAR)NULL)) * sizeof(WCHAR) \
415 PVOID FailedAssertion
,
421 #define ASSERT( exp ) \
423 RtlAssert( #exp, __FILE__, __LINE__, NULL )
425 #define ASSERTMSG( msg, exp ) \
427 RtlAssert( #exp, __FILE__, __LINE__, msg )
430 #define ASSERT( exp )
431 #define ASSERTMSG( msg, exp )
435 // Fast primitives to compare, move, and zero memory
438 // begin_winnt begin_ntndis
439 #if defined(_M_IX86) || defined(_M_MRX000) || defined(_M_ALPHA)
441 #if defined(_M_MRX000)
452 #define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length)))
455 #define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
456 #define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
457 #define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
458 #define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
475 VOID UNALIGNED
*Destination
,
476 CONST VOID UNALIGNED
*Source
,
484 VOID UNALIGNED
*Destination
,
485 CONST VOID UNALIGNED
*Source
,
493 VOID UNALIGNED
*Destination
,
494 CONST VOID UNALIGNED
*Source
,
502 VOID UNALIGNED
*Destination
,
511 VOID UNALIGNED
*Destination
,
515 // end_winnt end_ntndis
526 typedef struct _TIME_FIELDS
{
527 CSHORT Year
; // range [1601...]
528 CSHORT Month
; // range [1..12]
529 CSHORT Day
; // range [1..31]
530 CSHORT Hour
; // range [0..23]
531 CSHORT Minute
; // range [0..59]
532 CSHORT Second
; // range [0..59]
533 CSHORT Milliseconds
;// range [0..999]
534 CSHORT Weekday
; // range [0..6] == [Sunday..Saturday]
536 typedef TIME_FIELDS
*PTIME_FIELDS
;
542 RtlTimeToTimeFields (
544 PTIME_FIELDS TimeFields
548 // A time field record (Weekday ignored) -> 64 bit Time value
554 RtlTimeFieldsToTime (
555 PTIME_FIELDS TimeFields
,
560 // Define the generic mapping array. This is used to denote the
561 // mapping of each generic access right to a specific access mask.
564 typedef struct _GENERIC_MAPPING
{
565 ACCESS_MASK GenericRead
;
566 ACCESS_MASK GenericWrite
;
567 ACCESS_MASK GenericExecute
;
568 ACCESS_MASK GenericAll
;
570 typedef GENERIC_MAPPING
*PGENERIC_MAPPING
;
573 // Define the various device type values. Note that values used by Microsoft
574 // Corporation are in the range 0-32767, and 32768-65535 are reserved for use
578 #define DEVICE_TYPE ULONG
580 #define FILE_DEVICE_BEEP 0x00000001
581 #define FILE_DEVICE_CD_ROM 0x00000002
582 #define FILE_DEVICE_CD_ROM_FILE_SYSTEM 0x00000003
583 #define FILE_DEVICE_CONTROLLER 0x00000004
584 #define FILE_DEVICE_DATALINK 0x00000005
585 #define FILE_DEVICE_DFS 0x00000006
586 #define FILE_DEVICE_DISK 0x00000007
587 #define FILE_DEVICE_DISK_FILE_SYSTEM 0x00000008
588 #define FILE_DEVICE_FILE_SYSTEM 0x00000009
589 #define FILE_DEVICE_INPORT_PORT 0x0000000a
590 #define FILE_DEVICE_KEYBOARD 0x0000000b
591 #define FILE_DEVICE_MAILSLOT 0x0000000c
592 #define FILE_DEVICE_MIDI_IN 0x0000000d
593 #define FILE_DEVICE_MIDI_OUT 0x0000000e
594 #define FILE_DEVICE_MOUSE 0x0000000f
595 #define FILE_DEVICE_MULTI_UNC_PROVIDER 0x00000010
596 #define FILE_DEVICE_NAMED_PIPE 0x00000011
597 #define FILE_DEVICE_NETWORK 0x00000012
598 #define FILE_DEVICE_NETWORK_BROWSER 0x00000013
599 #define FILE_DEVICE_NETWORK_FILE_SYSTEM 0x00000014
600 #define FILE_DEVICE_NULL 0x00000015
601 #define FILE_DEVICE_PARALLEL_PORT 0x00000016
602 #define FILE_DEVICE_PHYSICAL_NETCARD 0x00000017
603 #define FILE_DEVICE_PRINTER 0x00000018
604 #define FILE_DEVICE_SCANNER 0x00000019
605 #define FILE_DEVICE_SERIAL_MOUSE_PORT 0x0000001a
606 #define FILE_DEVICE_SERIAL_PORT 0x0000001b
607 #define FILE_DEVICE_SCREEN 0x0000001c
608 #define FILE_DEVICE_SOUND 0x0000001d
609 #define FILE_DEVICE_STREAMS 0x0000001e
610 #define FILE_DEVICE_TAPE 0x0000001f
611 #define FILE_DEVICE_TAPE_FILE_SYSTEM 0x00000020
612 #define FILE_DEVICE_TRANSPORT 0x00000021
613 #define FILE_DEVICE_UNKNOWN 0x00000022
614 #define FILE_DEVICE_VIDEO 0x00000023
615 #define FILE_DEVICE_VIRTUAL_DISK 0x00000024
616 #define FILE_DEVICE_WAVE_IN 0x00000025
617 #define FILE_DEVICE_WAVE_OUT 0x00000026
618 #define FILE_DEVICE_8042_PORT 0x00000027
619 #define FILE_DEVICE_NETWORK_REDIRECTOR 0x00000028
620 #define FILE_DEVICE_BATTERY 0x00000029
621 #define FILE_DEVICE_BUS_EXTENDER 0x0000002a
622 #define FILE_DEVICE_MODEM 0x0000002b
623 #define FILE_DEVICE_VDM 0x0000002c
625 // Macro definition for defining IOCTL and FSCTL function control codes. Note
626 // that function codes 0-2047 are reserved for Microsoft Corporation, and
627 // 2048-4095 are reserved for customers.
630 #define CTL_CODE( DeviceType, Function, Method, Access ) ( \
631 ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
635 // Define the method codes for how buffers are passed for I/O and FS controls
638 #define METHOD_BUFFERED 0
639 #define METHOD_IN_DIRECT 1
640 #define METHOD_OUT_DIRECT 2
641 #define METHOD_NEITHER 3
644 // Define the access check value for any access
647 // The FILE_READ_ACCESS and FILE_WRITE_ACCESS constants are also defined in
648 // ntioapi.h as FILE_READ_DATA and FILE_WRITE_DATA. The values for these
649 // constants *MUST* always be in sync.
653 #define FILE_ANY_ACCESS 0
654 #define FILE_READ_ACCESS ( 0x0001 ) // file & pipe
655 #define FILE_WRITE_ACCESS ( 0x0002 ) // file & pipe
661 // Define access rights to files and directories
665 // The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
666 // devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
667 // constants *MUST* always be in sync.
668 // The values are redefined in devioctl.h because they must be available to
672 #define FILE_READ_DATA ( 0x0001 ) // file & pipe
673 #define FILE_LIST_DIRECTORY ( 0x0001 ) // directory
675 #define FILE_WRITE_DATA ( 0x0002 ) // file & pipe
676 #define FILE_ADD_FILE ( 0x0002 ) // directory
678 #define FILE_APPEND_DATA ( 0x0004 ) // file
679 #define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory
680 #define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe
682 #define FILE_READ_EA ( 0x0008 ) // file & directory
684 #define FILE_WRITE_EA ( 0x0010 ) // file & directory
686 #define FILE_EXECUTE ( 0x0020 ) // file
687 #define FILE_TRAVERSE ( 0x0020 ) // directory
689 #define FILE_DELETE_CHILD ( 0x0040 ) // directory
691 #define FILE_READ_ATTRIBUTES ( 0x0080 ) // all
693 #define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all
695 #define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
697 #define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
699 FILE_READ_ATTRIBUTES |\
704 #define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
706 FILE_WRITE_ATTRIBUTES |\
712 #define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
713 FILE_READ_ATTRIBUTES |\
721 // Define share access rights to files and directories
724 #define FILE_SHARE_READ 0x00000001 // winnt
725 #define FILE_SHARE_WRITE 0x00000002 // winnt
726 #define FILE_SHARE_DELETE 0x00000004 // winnt
727 #define FILE_SHARE_VALID_FLAGS 0x00000007
730 // Define the file attributes values
732 // Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
733 // and is therefore not considered valid in NT.
735 // Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
736 // and is therefore not considered valid in NT. This flag has
737 // been disassociated with file attributes since the other flags are
738 // protected with READ_ and WRITE_ATTRIBUTES access to the file.
740 // Note: Note also that the order of these flags is set to allow both the
741 // FAT and the Pinball File Systems to directly set the attributes
742 // flags in attributes words without having to pick each flag out
743 // individually. The order of these flags should not be changed!
746 #define FILE_ATTRIBUTE_READONLY 0x00000001 // winnt
747 #define FILE_ATTRIBUTE_HIDDEN 0x00000002 // winnt
748 #define FILE_ATTRIBUTE_SYSTEM 0x00000004 // winnt
749 #define FILE_ATTRIBUTE_DIRECTORY 0x00000010 // winnt
750 #define FILE_ATTRIBUTE_ARCHIVE 0x00000020 // winnt
751 #define FILE_ATTRIBUTE_NORMAL 0x00000080 // winnt
752 #define FILE_ATTRIBUTE_TEMPORARY 0x00000100 // winnt
753 #define FILE_ATTRIBUTE_RESERVED0 0x00000200
754 #define FILE_ATTRIBUTE_RESERVED1 0x00000400
755 #define FILE_ATTRIBUTE_COMPRESSED 0x00000800 // winnt
756 #define FILE_ATTRIBUTE_OFFLINE 0x00001000 // winnt
757 #define FILE_ATTRIBUTE_PROPERTY_SET 0x00002000
758 #define FILE_ATTRIBUTE_VALID_FLAGS 0x00003fb7
759 #define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x00003fa7
762 // Define the create disposition values
765 #define FILE_SUPERSEDE 0x00000000
766 #define FILE_OPEN 0x00000001
767 #define FILE_CREATE 0x00000002
768 #define FILE_OPEN_IF 0x00000003
769 #define FILE_OVERWRITE 0x00000004
770 #define FILE_OVERWRITE_IF 0x00000005
771 #define FILE_MAXIMUM_DISPOSITION 0x00000005
775 // Define the create/open option flags
778 #define FILE_DIRECTORY_FILE 0x00000001
779 #define FILE_WRITE_THROUGH 0x00000002
780 #define FILE_SEQUENTIAL_ONLY 0x00000004
781 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
783 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
784 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
785 #define FILE_NON_DIRECTORY_FILE 0x00000040
786 #define FILE_CREATE_TREE_CONNECTION 0x00000080
788 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100
789 #define FILE_NO_EA_KNOWLEDGE 0x00000200
791 #define FILE_RANDOM_ACCESS 0x00000800
793 #define FILE_DELETE_ON_CLOSE 0x00001000
794 #define FILE_OPEN_BY_FILE_ID 0x00002000
795 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
796 #define FILE_NO_COMPRESSION 0x00008000
799 #define FILE_RESERVE_OPFILTER 0x00100000
800 #define FILE_TRANSACTED_MODE 0x00200000
801 #define FILE_OPEN_OFFLINE_FILE 0x00400000
803 #define FILE_VALID_OPTION_FLAGS 0x007fffff
804 #define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
805 #define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
806 #define FILE_VALID_SET_FLAGS 0x00000036
809 // Define the I/O status information return values for NtCreateFile/NtOpenFile
812 #define FILE_SUPERSEDED 0x00000000
813 #define FILE_OPENED 0x00000001
814 #define FILE_CREATED 0x00000002
815 #define FILE_OVERWRITTEN 0x00000003
816 #define FILE_EXISTS 0x00000004
817 #define FILE_DOES_NOT_EXIST 0x00000005
820 // Define special ByteOffset parameters for read and write operations
823 #define FILE_WRITE_TO_END_OF_FILE 0xffffffff
824 #define FILE_USE_FILE_POINTER_POSITION 0xfffffffe
827 // Define alignment requirement values
830 #define FILE_BYTE_ALIGNMENT 0x00000000
831 #define FILE_WORD_ALIGNMENT 0x00000001
832 #define FILE_LONG_ALIGNMENT 0x00000003
833 #define FILE_QUAD_ALIGNMENT 0x00000007
834 #define FILE_OCTA_ALIGNMENT 0x0000000f
835 #define FILE_32_BYTE_ALIGNMENT 0x0000001f
836 #define FILE_64_BYTE_ALIGNMENT 0x0000003f
837 #define FILE_128_BYTE_ALIGNMENT 0x0000007f
838 #define FILE_256_BYTE_ALIGNMENT 0x000000ff
839 #define FILE_512_BYTE_ALIGNMENT 0x000001ff
842 // Define the maximum length of a filename string
845 #define MAXIMUM_FILENAME_LENGTH 256
848 // Define the various device characteristics flags
851 #define FILE_REMOVABLE_MEDIA 0x00000001
852 #define FILE_READ_ONLY_DEVICE 0x00000002
853 #define FILE_FLOPPY_DISKETTE 0x00000004
854 #define FILE_WRITE_ONCE_MEDIA 0x00000008
855 #define FILE_REMOTE_DEVICE 0x00000010
856 #define FILE_DEVICE_IS_MOUNTED 0x00000020
857 #define FILE_VIRTUAL_VOLUME 0x00000040
859 #ifndef _FILESYSTEMFSCTL_
860 #define _FILESYSTEMFSCTL_
862 #endif // _FILESYSTEMFSCTL_
865 // The following is a list of the native file system fsctls followed by
866 // additional network file system fsctls. Some values have been
870 #define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
871 #define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
872 #define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
873 #define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
874 #define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
875 #define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
876 #define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
877 #define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
878 #define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
879 // decommissioned fsctl value 9
880 #define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
881 #define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) // PATHNAME_BUFFER,
882 #define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
883 // decommissioned fsctl value 13
884 #define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
885 #define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
886 #define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
887 // decommissioned fsctl value 17
888 // decommissioned fsctl value 18
889 #define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
890 #define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
891 #define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
892 #define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) // FSCTL_QUERY_FAT_BPB_BUFFER
893 #define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
894 #define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) // FILESYSTEM_STATISTICS
895 #if(_WIN32_WINNT >= 0x0400)
896 #define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) // NTFS_VOLUME_DATA_BUFFER
897 #define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) // NTFS_FILE_RECORD_INPUT_BUFFER, NTFS_FILE_RECORD_OUTPUT_BUFFER
898 #define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) // STARTING_LCN_INPUT_BUFFER, VOLUME_BITMAP_BUFFER
899 #define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) // STARTING_VCN_INPUT_BUFFER, RETRIEVAL_POINTERS_BUFFER
900 #define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) // MOVE_FILE_DATA,
901 #define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
902 // decomissioned fsctl value 31
903 #define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
904 #endif /* _WIN32_WINNT >= 0x0400 */
907 // Define the base asynchronous I/O argument types
910 typedef struct _IO_STATUS_BLOCK
{
913 } IO_STATUS_BLOCK
, *PIO_STATUS_BLOCK
;
916 // Define an Asynchronous Procedure Call from I/O viewpoint
923 IN PIO_STATUS_BLOCK IoStatusBlock
,
928 // Define the file information class values
930 // WARNING: The order of the following values are assumed by the I/O system.
931 // Any changes made here should be reflected there as well.
934 typedef enum _FILE_INFORMATION_CLASS
{
935 FileDirectoryInformation
= 1,
936 FileFullDirectoryInformation
,
937 FileBothDirectoryInformation
,
938 FileBasicInformation
,
939 FileStandardInformation
,
940 FileInternalInformation
,
942 FileAccessInformation
,
944 FileRenameInformation
,
946 FileNamesInformation
,
947 FileDispositionInformation
,
948 FilePositionInformation
,
949 FileFullEaInformation
,
951 FileAlignmentInformation
,
953 FileAllocationInformation
,
954 FileEndOfFileInformation
,
955 FileAlternateNameInformation
,
956 FileStreamInformation
,
958 FilePipeLocalInformation
,
959 FilePipeRemoteInformation
,
960 FileMailslotQueryInformation
,
961 FileMailslotSetInformation
,
962 FileCompressionInformation
,
963 FileCopyOnWriteInformation
,
964 FileCompletionInformation
,
965 FileMoveClusterInformation
,
966 FileOleClassIdInformation
,
967 FileOleStateBitsInformation
,
968 FileNetworkOpenInformation
,
969 FileObjectIdInformation
,
970 FileOleAllInformation
,
971 FileOleDirectoryInformation
,
972 FileContentIndexInformation
,
973 FileInheritContentIndexInformation
,
975 FileMaximumInformation
976 } FILE_INFORMATION_CLASS
, *PFILE_INFORMATION_CLASS
;
979 // Define the various structures which are returned on query operations
982 typedef struct _FILE_BASIC_INFORMATION
{
983 LARGE_INTEGER CreationTime
;
984 LARGE_INTEGER LastAccessTime
;
985 LARGE_INTEGER LastWriteTime
;
986 LARGE_INTEGER ChangeTime
;
987 ULONG FileAttributes
;
988 } FILE_BASIC_INFORMATION
, *PFILE_BASIC_INFORMATION
;
990 typedef struct _FILE_STANDARD_INFORMATION
{
991 LARGE_INTEGER AllocationSize
;
992 LARGE_INTEGER EndOfFile
;
994 BOOLEAN DeletePending
;
996 } FILE_STANDARD_INFORMATION
, *PFILE_STANDARD_INFORMATION
;
998 typedef struct _FILE_POSITION_INFORMATION
{
999 LARGE_INTEGER CurrentByteOffset
;
1000 } FILE_POSITION_INFORMATION
, *PFILE_POSITION_INFORMATION
;
1002 typedef struct _FILE_ALIGNMENT_INFORMATION
{
1003 ULONG AlignmentRequirement
;
1004 } FILE_ALIGNMENT_INFORMATION
, *PFILE_ALIGNMENT_INFORMATION
;
1006 typedef struct _FILE_NETWORK_OPEN_INFORMATION
{
1007 LARGE_INTEGER CreationTime
;
1008 LARGE_INTEGER LastAccessTime
;
1009 LARGE_INTEGER LastWriteTime
;
1010 LARGE_INTEGER ChangeTime
;
1011 LARGE_INTEGER AllocationSize
;
1012 LARGE_INTEGER EndOfFile
;
1013 ULONG FileAttributes
;
1014 } FILE_NETWORK_OPEN_INFORMATION
, *PFILE_NETWORK_OPEN_INFORMATION
;
1016 typedef struct _FILE_DISPOSITION_INFORMATION
{
1018 } FILE_DISPOSITION_INFORMATION
, *PFILE_DISPOSITION_INFORMATION
;
1020 typedef struct _FILE_END_OF_FILE_INFORMATION
{
1021 LARGE_INTEGER EndOfFile
;
1022 } FILE_END_OF_FILE_INFORMATION
, *PFILE_END_OF_FILE_INFORMATION
;
1025 typedef struct _FILE_FULL_EA_INFORMATION
{
1026 ULONG NextEntryOffset
;
1029 USHORT EaValueLength
;
1031 } FILE_FULL_EA_INFORMATION
, *PFILE_FULL_EA_INFORMATION
;
1034 // Define the file system information class values
1036 // WARNING: The order of the following values are assumed by the I/O system.
1037 // Any changes made here should be reflected there as well.
1039 typedef enum _FSINFOCLASS
{
1040 FileFsVolumeInformation
= 1,
1041 FileFsLabelInformation
,
1042 FileFsSizeInformation
,
1043 FileFsDeviceInformation
,
1044 FileFsAttributeInformation
,
1045 FileFsControlInformation
,
1046 FileFsQuotaQueryInformation
, // temporary
1047 FileFsQuotaSetInformation
, // temporary
1048 FileFsMaximumInformation
1049 } FS_INFORMATION_CLASS
, *PFS_INFORMATION_CLASS
;
1051 typedef struct _FILE_FS_DEVICE_INFORMATION
{
1052 DEVICE_TYPE DeviceType
;
1053 ULONG Characteristics
;
1054 } FILE_FS_DEVICE_INFORMATION
, *PFILE_FS_DEVICE_INFORMATION
;
1057 // Registry Specific Access Rights.
1060 #define KEY_QUERY_VALUE (0x0001)
1061 #define KEY_SET_VALUE (0x0002)
1062 #define KEY_CREATE_SUB_KEY (0x0004)
1063 #define KEY_ENUMERATE_SUB_KEYS (0x0008)
1064 #define KEY_NOTIFY (0x0010)
1065 #define KEY_CREATE_LINK (0x0020)
1067 #define KEY_READ ((STANDARD_RIGHTS_READ |\
1069 KEY_ENUMERATE_SUB_KEYS |\
1075 #define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\
1077 KEY_CREATE_SUB_KEY) \
1081 #define KEY_EXECUTE ((KEY_READ) \
1085 #define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\
1088 KEY_CREATE_SUB_KEY |\
1089 KEY_ENUMERATE_SUB_KEYS |\
1096 // Open/Create Options
1099 #define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved
1101 #define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved
1102 // when system is rebooted
1104 #define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved
1105 // when system is rebooted
1107 #define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a
1110 #define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore
1111 // special access rules
1112 // privilege required
1114 #define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link
1116 #define REG_LEGAL_OPTION \
1117 (REG_OPTION_RESERVED |\
1118 REG_OPTION_NON_VOLATILE |\
1119 REG_OPTION_VOLATILE |\
1120 REG_OPTION_CREATE_LINK |\
1121 REG_OPTION_BACKUP_RESTORE |\
1122 REG_OPTION_OPEN_LINK)
1125 // Key creation/open disposition
1128 #define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created
1129 #define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened
1132 // Key restore flags
1135 #define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile
1136 #define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush
1137 #define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive
1140 // Key query structures
1143 typedef struct _KEY_BASIC_INFORMATION
{
1144 LARGE_INTEGER LastWriteTime
;
1147 WCHAR Name
[1]; // Variable length string
1148 } KEY_BASIC_INFORMATION
, *PKEY_BASIC_INFORMATION
;
1150 typedef struct _KEY_NODE_INFORMATION
{
1151 LARGE_INTEGER LastWriteTime
;
1156 WCHAR Name
[1]; // Variable length string
1157 // Class[1]; // Variable length string not declared
1158 } KEY_NODE_INFORMATION
, *PKEY_NODE_INFORMATION
;
1160 typedef struct _KEY_FULL_INFORMATION
{
1161 LARGE_INTEGER LastWriteTime
;
1169 ULONG MaxValueNameLen
;
1170 ULONG MaxValueDataLen
;
1171 WCHAR Class
[1]; // Variable length
1172 } KEY_FULL_INFORMATION
, *PKEY_FULL_INFORMATION
;
1174 typedef enum _KEY_INFORMATION_CLASS
{
1175 KeyBasicInformation
,
1178 } KEY_INFORMATION_CLASS
;
1180 typedef struct _KEY_WRITE_TIME_INFORMATION
{
1181 LARGE_INTEGER LastWriteTime
;
1182 } KEY_WRITE_TIME_INFORMATION
, *PKEY_WRITE_TIME_INFORMATION
;
1184 typedef enum _KEY_SET_INFORMATION_CLASS
{
1185 KeyWriteTimeInformation
1186 } KEY_SET_INFORMATION_CLASS
;
1189 // Value entry query structures
1192 typedef struct _KEY_VALUE_BASIC_INFORMATION
{
1196 WCHAR Name
[1]; // Variable size
1197 } KEY_VALUE_BASIC_INFORMATION
, *PKEY_VALUE_BASIC_INFORMATION
;
1199 typedef struct _KEY_VALUE_FULL_INFORMATION
{
1205 WCHAR Name
[1]; // Variable size
1206 // Data[1]; // Variable size data not declared
1207 } KEY_VALUE_FULL_INFORMATION
, *PKEY_VALUE_FULL_INFORMATION
;
1209 typedef struct _KEY_VALUE_PARTIAL_INFORMATION
{
1213 UCHAR Data
[1]; // Variable size
1214 } KEY_VALUE_PARTIAL_INFORMATION
, *PKEY_VALUE_PARTIAL_INFORMATION
;
1216 typedef struct _KEY_VALUE_ENTRY
{
1217 PUNICODE_STRING ValueName
;
1221 } KEY_VALUE_ENTRY
, *PKEY_VALUE_ENTRY
;
1223 typedef enum _KEY_VALUE_INFORMATION_CLASS
{
1224 KeyValueBasicInformation
,
1225 KeyValueFullInformation
,
1226 KeyValuePartialInformation
1227 } KEY_VALUE_INFORMATION_CLASS
;
1234 IN HANDLE KeyHandle
,
1236 IN KEY_INFORMATION_CLASS KeyInformationClass
,
1237 IN PVOID KeyInformation
,
1239 IN PULONG ResultLength
1246 OUT PHANDLE KeyHandle
,
1247 IN ACCESS_MASK DesiredAccess
,
1248 IN POBJECT_ATTRIBUTES ObjectAttributes
1255 IN HANDLE KeyHandle
,
1256 IN PUNICODE_STRING ValueName
,
1257 IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass
,
1258 IN PVOID KeyValueInformation
,
1260 IN PULONG ResultLength
1267 IN HANDLE KeyHandle
,
1268 IN PUNICODE_STRING ValueName
,
1269 IN ULONG TitleIndex OPTIONAL
,
1279 IN HANDLE KeyHandle
,
1280 IN PUNICODE_STRING ValueName
1284 #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
1287 // Object Manager Object Type Specific Access Rights.
1290 #define OBJECT_TYPE_CREATE (0x0001)
1292 #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
1295 // Object Manager Directory Specific Access Rights.
1298 #define DIRECTORY_QUERY (0x0001)
1299 #define DIRECTORY_TRAVERSE (0x0002)
1300 #define DIRECTORY_CREATE_OBJECT (0x0004)
1301 #define DIRECTORY_CREATE_SUBDIRECTORY (0x0008)
1303 #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
1306 // Object Manager Symbolic Link Specific Access Rights.
1309 #define SYMBOLIC_LINK_QUERY (0x0001)
1311 #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
1313 typedef struct _OBJECT_NAME_INFORMATION
{
1314 UNICODE_STRING Name
;
1315 } OBJECT_NAME_INFORMATION
, *POBJECT_NAME_INFORMATION
;
1318 // Section Information Structures.
1321 typedef enum _SECTION_INHERIT
{
1327 // Section Access Rights.
1331 #define SECTION_QUERY 0x0001
1332 #define SECTION_MAP_WRITE 0x0002
1333 #define SECTION_MAP_READ 0x0004
1334 #define SECTION_MAP_EXECUTE 0x0008
1335 #define SECTION_EXTEND_SIZE 0x0010
1337 #define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
1338 SECTION_MAP_WRITE | \
1339 SECTION_MAP_READ | \
1340 SECTION_MAP_EXECUTE | \
1341 SECTION_EXTEND_SIZE)
1344 #define SEGMENT_ALL_ACCESS SECTION_ALL_ACCESS
1346 #define PAGE_NOACCESS 0x01 // winnt
1347 #define PAGE_READONLY 0x02 // winnt
1348 #define PAGE_READWRITE 0x04 // winnt
1349 #define PAGE_WRITECOPY 0x08 // winnt
1350 #define PAGE_EXECUTE 0x10 // winnt
1351 #define PAGE_EXECUTE_READ 0x20 // winnt
1352 #define PAGE_EXECUTE_READWRITE 0x40 // winnt
1353 #define PAGE_EXECUTE_WRITECOPY 0x80 // winnt
1354 #define PAGE_GUARD 0x100 // winnt
1355 #define PAGE_NOCACHE 0x200 // winnt
1357 #define MEM_COMMIT 0x1000
1358 #define MEM_RESERVE 0x2000
1359 #define MEM_DECOMMIT 0x4000
1360 #define MEM_RELEASE 0x8000
1361 #define MEM_FREE 0x10000
1362 #define MEM_PRIVATE 0x20000
1363 #define MEM_MAPPED 0x40000
1364 #define MEM_RESET 0x80000
1365 #define MEM_TOP_DOWN 0x100000
1366 #define MEM_LARGE_PAGES 0x20000000
1367 #define SEC_RESERVE 0x4000000
1368 #define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
1372 #define MAXIMUM_PROCESSORS 32
1377 // Thread Specific Access Rights
1380 #define THREAD_TERMINATE (0x0001) // winnt
1381 #define THREAD_SET_INFORMATION (0x0020) // winnt
1383 #define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
1390 typedef struct _CLIENT_ID
{
1391 HANDLE UniqueProcess
;
1392 HANDLE UniqueThread
;
1394 typedef CLIENT_ID
*PCLIENT_ID
;
1397 // Define the size of the 80387 save area, which is in the context frame.
1400 #define SIZE_OF_80387_REGISTERS 80
1403 // The following flags control the contents of the CONTEXT structure.
1406 #if !defined(RC_INVOKED)
1408 #define CONTEXT_i386 0x00010000 // this assumes that i386 and
1409 #define CONTEXT_i486 0x00010000 // i486 have identical context records
1413 #define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
1414 #define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
1415 #define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
1416 #define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
1417 #define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
1419 #define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
1426 typedef struct _FLOATING_SAVE_AREA
{
1431 ULONG ErrorSelector
;
1434 UCHAR RegisterArea
[SIZE_OF_80387_REGISTERS
];
1436 } FLOATING_SAVE_AREA
;
1438 typedef FLOATING_SAVE_AREA
*PFLOATING_SAVE_AREA
;
1443 // This frame has a several purposes: 1) it is used as an argument to
1444 // NtContinue, 2) is is used to constuct a call frame for APC delivery,
1445 // and 3) it is used in the user level thread creation routines.
1447 // The layout of the record conforms to a standard call frame.
1450 typedef struct _CONTEXT
{
1453 // The flags values within this flag control the contents of
1454 // a CONTEXT record.
1456 // If the context record is used as an input parameter, then
1457 // for each portion of the context record controlled by a flag
1458 // whose value is set, it is assumed that that portion of the
1459 // context record contains valid context. If the context record
1460 // is being used to modify a threads context, then only that
1461 // portion of the threads context will be modified.
1463 // If the context record is used as an IN OUT parameter to capture
1464 // the context of a thread, then only those portions of the thread's
1465 // context corresponding to set flags will be returned.
1467 // The context record is never used as an OUT only parameter.
1473 // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
1474 // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
1475 // included in CONTEXT_FULL.
1486 // This section is specified/returned if the
1487 // ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
1490 FLOATING_SAVE_AREA FloatSave
;
1493 // This section is specified/returned if the
1494 // ContextFlags word contians the flag CONTEXT_SEGMENTS.
1503 // This section is specified/returned if the
1504 // ContextFlags word contians the flag CONTEXT_INTEGER.
1515 // This section is specified/returned if the
1516 // ContextFlags word contians the flag CONTEXT_CONTROL.
1521 ULONG SegCs
; // MUST BE SANITIZED
1522 ULONG EFlags
; // MUST BE SANITIZED
1530 typedef CONTEXT
*PCONTEXT
;
1533 // Predefined Value Types.
1536 #define REG_NONE ( 0 ) // No value type
1537 #define REG_SZ ( 1 ) // Unicode nul terminated string
1538 #define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string
1539 // (with environment variable references)
1540 #define REG_BINARY ( 3 ) // Free form binary
1541 #define REG_DWORD ( 4 ) // 32-bit number
1542 #define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD)
1543 #define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number
1544 #define REG_LINK ( 6 ) // Symbolic Link (unicode)
1545 #define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings
1546 #define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map
1547 #define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description
1548 #define REG_RESOURCE_REQUIREMENTS_LIST ( 10 )
1553 InterlockedIncrement(
1559 InterlockedDecrement(
1565 InterlockedExchange(
1566 IN OUT PLONG Target,
1572 InterlockedExchangeAdd(
1573 IN OUT PLONG Addend,
1579 InterlockedCompareExchange(
1580 IN OUT PVOID *Destination,
1586 // Environment information, which includes command line and
1591 UNICODE_STRING CommandLine
;
1592 UNICODE_STRING ImageFile
;
1593 } ENVIRONMENT_INFORMATION
, *PENVIRONMENT_INFORMATION
;
1596 // This structure is passed as NtProcessStartup's parameter
1600 PENVIRONMENT_INFORMATION Environment
;
1601 } STARTUP_ARGUMENT
, *PSTARTUP_ARGUMENT
;
1604 // Data structure for heap definition. This includes various
1605 // sizing parameters and callback routines, which, if left NULL,
1606 // result in default behavior
1611 } RTL_HEAP_DEFINITION
, *PRTL_HEAP_DEFINITION
;
1614 // Native NT api function to write something to the boot-time
1620 PUNICODE_STRING String
1624 // Native applications must kill themselves when done - the job
1625 // of this native API
1630 HANDLE ProcessHandle
,
1635 // Thread start function
1640 (*PKSTART_ROUTINE
) (
1641 IN PVOID StartContext
1644 typedef struct StackInfo_t
{
1648 ULONG OnePageBelowTopOfStack
;
1649 ULONG BottomOfStack
;
1650 } STACKINFO
, *PSTACKINFO
;
1656 OUT PHANDLE phThread
,
1657 IN ACCESS_MASK AccessMask
,
1658 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1660 OUT PCLIENT_ID pClientId
,
1661 IN PCONTEXT pContext
,
1662 OUT PSTACKINFO pStackInfo
,
1663 IN BOOLEAN bSuspended
1667 PsCreateSystemThread(
1668 OUT PHANDLE ThreadHandle,
1669 IN ACCESS_MASK DesiredAccess,
1670 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
1671 IN HANDLE ProcessHandle OPTIONAL,
1672 OUT PCLIENT_ID ClientId OPTIONAL,
1673 IN PKSTART_ROUTINE StartRoutine,
1674 IN PVOID StartContext
1679 IN HANDLE ThreadHandle OPTIONAL
,
1680 IN NTSTATUS ExitStatus
1686 PULONG MajorVersion OPTIONAL,
1687 PULONG MinorVersion OPTIONAL,
1688 PULONG BuildNumber OPTIONAL,
1689 PUNICODE_STRING CSDVersion OPTIONAL
1693 PsGetCurrentProcessId( VOID );
1696 PsGetCurrentThreadId( VOID );
1699 // Definition to represent current process
1701 #define NtCurrentProcess() ( (HANDLE) -1 )
1704 (*PRTL_HEAP_COMMIT_ROUTINE
)(
1706 IN OUT PVOID
*CommitAddress
,
1707 IN OUT PULONG CommitSize
1710 typedef struct _RTL_HEAP_PARAMETERS
{
1712 ULONG SegmentReserve
;
1713 ULONG SegmentCommit
;
1714 ULONG DeCommitFreeBlockThreshold
;
1715 ULONG DeCommitTotalFreeThreshold
;
1716 ULONG MaximumAllocationSize
;
1717 ULONG VirtualMemoryThreshold
;
1718 ULONG InitialCommit
;
1719 ULONG InitialReserve
;
1720 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine
;
1721 ULONG Reserved
[ 2 ];
1722 } RTL_HEAP_PARAMETERS
, *PRTL_HEAP_PARAMETERS
;
1729 IN PVOID HeapBase OPTIONAL
,
1730 IN ULONG ReserveSize OPTIONAL
,
1731 IN ULONG CommitSize OPTIONAL
,
1732 IN PVOID Lock OPTIONAL
,
1733 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
1736 #define HEAP_NO_SERIALIZE 0x00000001 // winnt
1737 #define HEAP_GROWABLE 0x00000002 // winnt
1738 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 // winnt
1739 #define HEAP_ZERO_MEMORY 0x00000008 // winnt
1740 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 // winnt
1741 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 // winnt
1742 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 // winnt
1743 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 // winnt
1745 #define HEAP_CREATE_ALIGN_16 0x00010000 // winnt Create heap with 16 byte alignment
1746 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 // winnt Create heap call tracing enabled
1748 #define HEAP_SETTABLE_USER_VALUE 0x00000100
1749 #define HEAP_SETTABLE_USER_FLAG1 0x00000200
1750 #define HEAP_SETTABLE_USER_FLAG2 0x00000400
1751 #define HEAP_SETTABLE_USER_FLAG3 0x00000800
1752 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00
1754 #define HEAP_CLASS_0 0x00000000 // process heap
1755 #define HEAP_CLASS_1 0x00001000 // private heap
1756 #define HEAP_CLASS_2 0x00002000 // Kernel Heap
1757 #define HEAP_CLASS_3 0x00003000 // GDI heap
1758 #define HEAP_CLASS_4 0x00004000 // User heap
1759 #define HEAP_CLASS_5 0x00005000 // Console heap
1760 #define HEAP_CLASS_6 0x00006000 // User Desktop heap
1761 #define HEAP_CLASS_7 0x00007000 // Csrss Shared heap
1762 #define HEAP_CLASS_8 0x00008000 // Csr Port heap
1763 #define HEAP_CLASS_MASK 0x0000F000
1765 #define HEAP_MAXIMUM_TAG 0x0FFF // winnt
1766 #define HEAP_GLOBAL_TAG 0x0800
1767 #define HEAP_PSEUDO_TAG_FLAG 0x8000 // winnt
1768 #define HEAP_TAG_SHIFT 16 // winnt
1769 #define HEAP_MAKE_TAG_FLAGS( b, o ) ((ULONG)((b) + ((o) << 16))) // winnt
1770 #define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
1772 #define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
1774 HEAP_GENERATE_EXCEPTIONS | \
1775 HEAP_ZERO_MEMORY | \
1776 HEAP_REALLOC_IN_PLACE_ONLY | \
1777 HEAP_TAIL_CHECKING_ENABLED | \
1778 HEAP_FREE_CHECKING_ENABLED | \
1779 HEAP_DISABLE_COALESCE_ON_FREE | \
1781 HEAP_CREATE_ALIGN_16 | \
1782 HEAP_CREATE_ENABLE_TRACING)
1792 // Heap allocation function (ala "malloc")
1803 // Heap free function (ala "free")
1817 OUT PHANDLE FileHandle
,
1818 IN ACCESS_MASK DesiredAccess
,
1819 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1820 OUT PIO_STATUS_BLOCK IoStatusBlock
,
1821 IN PLARGE_INTEGER AllocationSize OPTIONAL
,
1822 IN ULONG FileAttributes
,
1823 IN ULONG ShareAccess
,
1824 IN ULONG CreateDisposition
,
1825 IN ULONG CreateOptions
,
1826 IN PVOID EaBuffer OPTIONAL
,
1835 IN ACCESS_MASK DesiredAccess
,
1836 IN POBJECT_ATTRIBUTES ObjectAttributes
,
1837 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1845 NtDeviceIoControlFile(
1847 IN HANDLE hEvent OPTIONAL
,
1848 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1849 IN PVOID IoApcContext OPTIONAL
,
1850 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1851 IN ULONG DeviceIoControlCode
,
1852 IN PVOID InBuffer OPTIONAL
,
1853 IN ULONG InBufferLength
,
1854 OUT PVOID OutBuffer OPTIONAL
,
1855 IN ULONG OutBufferLength
1863 IN HANDLE hEvent OPTIONAL
,
1864 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1865 IN PVOID IoApcContext OPTIONAL
,
1866 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1867 IN ULONG DeviceIoControlCode
,
1868 IN PVOID InBuffer OPTIONAL
,
1869 IN ULONG InBufferLength
,
1870 OUT PVOID OutBuffer OPTIONAL
,
1871 IN ULONG OutBufferLength
1879 IN HANDLE hEvent OPTIONAL
,
1880 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1881 IN PVOID IoApcContext OPTIONAL
,
1882 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1883 OUT PVOID ReadBuffer
,
1884 IN ULONG ReadBufferLength
,
1885 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1886 IN PULONG LockOperationKey
1894 IN HANDLE hEvent OPTIONAL
,
1895 IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL
,
1896 IN PVOID IoApcContext OPTIONAL
,
1897 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1898 IN PVOID WriteBuffer
,
1899 IN ULONG WriteBufferLength
,
1900 IN PLARGE_INTEGER FileOffset OPTIONAL
,
1901 IN PULONG LockOperationKey OPTIONAL
1907 NtQueryInformationFile(
1909 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1910 OUT PVOID FileInformationBuffer
,
1911 IN ULONG FileInformationBufferLength
,
1912 IN FILE_INFORMATION_CLASS FileInfoClass
1918 NtSetInformationFile(
1920 OUT PIO_STATUS_BLOCK pIoStatusBlock
,
1921 IN PVOID FileInformationBuffer
,
1922 IN ULONG FileInformationBufferLength
,
1923 IN FILE_INFORMATION_CLASS FileInfoClass
1935 NtWaitForSingleObject(
1937 IN BOOLEAN bAlertable
,
1938 IN PLARGE_INTEGER Timeout
1944 IN BOOLEAN Alertable
,
1945 IN PLARGE_INTEGER DelayInterval
1950 #endif //__cplusplus
1952 #endif //__NT_NATIVE_DEFS__H__