1 ////////////////////////////////////////////////////////////////////
2 // Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
4 // This file was released under the GPLv2 on June 2015.
5 ////////////////////////////////////////////////////////////////////
7 #ifndef __NTDDK_EX__H__
8 #define __NTDDK_EX__H__
10 typedef enum _SYSTEM_INFORMATION_CLASS
{
11 SystemBasicInformation
,
12 SystemProcessorInformation
,
13 SystemPerformanceInformation
,
14 SystemTimeOfDayInformation
,
15 SystemPathInformation
,
16 SystemProcessInformation
,
17 SystemCallCountInformation
,
18 SystemDeviceInformation
,
19 SystemProcessorPerformanceInformation
,
20 SystemFlagsInformation
,
21 SystemCallTimeInformation
,
22 SystemModuleInformation
,
23 SystemLocksInformation
,
24 SystemStackTraceInformation
,
25 SystemPagedPoolInformation
,
26 SystemNonPagedPoolInformation
,
27 SystemHandleInformation
,
28 SystemObjectInformation
,
29 SystemPageFileInformation
,
30 SystemVdmInstemulInformation
,
31 SystemVdmBopInformation
,
32 SystemFileCacheInformation
,
33 SystemPoolTagInformation
,
34 SystemInterruptInformation
,
35 SystemDpcBehaviorInformation
,
36 SystemFullMemoryInformation
,
37 SystemLoadGdiDriverInformation
,
38 SystemUnloadGdiDriverInformation
,
39 SystemTimeAdjustmentInformation
,
40 SystemSummaryMemoryInformation
,
41 SystemNextEventIdInformation
,
42 SystemEventIdsInformation
,
43 SystemCrashDumpInformation
,
44 SystemExceptionInformation
,
45 SystemCrashDumpStateInformation
,
46 SystemKernelDebuggerInformation
,
47 SystemContextSwitchInformation
,
48 SystemRegistryQuotaInformation
,
49 SystemExtendServiceTableInformation
,
50 SystemPrioritySeperation
,
51 SystemPlugPlayBusInformation
,
52 SystemDockInformation
,
53 #if !defined PO_CB_SYSTEM_POWER_POLICY
54 SystemPowerInformation
,
56 _SystemPowerInformation
,
58 SystemProcessorSpeedInformation
,
59 SystemCurrentTimeZoneInformation
,
60 SystemLookasideInformation
61 } SYSTEM_INFORMATION_CLASS
;
67 ZwQuerySystemInformation(
68 IN SYSTEM_INFORMATION_CLASS SystemInfoClass
,
69 OUT PVOID SystemInfoBuffer
,
70 IN ULONG SystemInfoBufferSize
,
71 OUT PULONG BytesReturned OPTIONAL
74 typedef struct _SYSTEM_MODULE_ENTRY
78 PVOID ModuleBaseAddress
;
81 ULONG ModuleEntryIndex
;
82 USHORT ModuleNameLength
;
83 USHORT ModuleNameOffset
;
84 CHAR ModuleName
[256];
85 } SYSTEM_MODULE_ENTRY
, * PSYSTEM_MODULE_ENTRY
;
87 typedef struct _SYSTEM_MODULE_INFORMATION
90 SYSTEM_MODULE_ENTRY Module
[1];
91 } SYSTEM_MODULE_INFORMATION
, *PSYSTEM_MODULE_INFORMATION
;
93 typedef unsigned short WORD
;
94 typedef unsigned int BOOL
;
95 typedef unsigned long DWORD
;
96 typedef unsigned char BYTE
;
99 typedef struct _IMAGE_DOS_HEADER
{ // DOS .EXE header
100 WORD e_magic
; // Magic number
101 WORD e_cblp
; // Bytes on last page of file
102 WORD e_cp
; // Pages in file
103 WORD e_crlc
; // Relocations
104 WORD e_cparhdr
; // Size of header in paragraphs
105 WORD e_minalloc
; // Minimum extra paragraphs needed
106 WORD e_maxalloc
; // Maximum extra paragraphs needed
107 WORD e_ss
; // Initial (relative) SS value
108 WORD e_sp
; // Initial SP value
109 WORD e_csum
; // Checksum
110 WORD e_ip
; // Initial IP value
111 WORD e_cs
; // Initial (relative) CS value
112 WORD e_lfarlc
; // File address of relocation table
113 WORD e_ovno
; // Overlay number
114 WORD e_res
[4]; // Reserved words
115 WORD e_oemid
; // OEM identifier (for e_oeminfo)
116 WORD e_oeminfo
; // OEM information; e_oemid specific
117 WORD e_res2
[10]; // Reserved words
118 LONG e_lfanew
; // File address of new exe header
119 } IMAGE_DOS_HEADER
, *PIMAGE_DOS_HEADER
;
121 typedef struct _IMAGE_FILE_HEADER
{
123 WORD NumberOfSections
;
125 DWORD PointerToSymbolTable
;
126 DWORD NumberOfSymbols
;
127 WORD SizeOfOptionalHeader
;
128 WORD Characteristics
;
129 } IMAGE_FILE_HEADER
, *PIMAGE_FILE_HEADER
;
131 typedef struct _IMAGE_DATA_DIRECTORY
{
132 DWORD VirtualAddress
;
134 } IMAGE_DATA_DIRECTORY
, *PIMAGE_DATA_DIRECTORY
;
135 #define IMAGE_NUMBEROF_DIRECTORY_ENTRIES 16
138 typedef struct _IMAGE_OPTIONAL_HEADER
{
144 BYTE MajorLinkerVersion
;
145 BYTE MinorLinkerVersion
;
147 DWORD SizeOfInitializedData
;
148 DWORD SizeOfUninitializedData
;
149 DWORD AddressOfEntryPoint
;
154 // NT additional fields.
158 DWORD SectionAlignment
;
160 WORD MajorOperatingSystemVersion
;
161 WORD MinorOperatingSystemVersion
;
162 WORD MajorImageVersion
;
163 WORD MinorImageVersion
;
164 WORD MajorSubsystemVersion
;
165 WORD MinorSubsystemVersion
;
166 DWORD Win32VersionValue
;
171 WORD DllCharacteristics
;
172 DWORD SizeOfStackReserve
;
173 DWORD SizeOfStackCommit
;
174 DWORD SizeOfHeapReserve
;
175 DWORD SizeOfHeapCommit
;
177 DWORD NumberOfRvaAndSizes
;
178 IMAGE_DATA_DIRECTORY DataDirectory
[IMAGE_NUMBEROF_DIRECTORY_ENTRIES
];
179 } IMAGE_OPTIONAL_HEADER32
, *PIMAGE_OPTIONAL_HEADER32
;
181 typedef struct _IMAGE_NT_HEADERS
{
183 IMAGE_FILE_HEADER FileHeader
;
184 IMAGE_OPTIONAL_HEADER32 OptionalHeader
;
185 } IMAGE_NT_HEADERS32
, *PIMAGE_NT_HEADERS32
;
186 typedef IMAGE_NT_HEADERS32 IMAGE_NT_HEADERS
;
188 typedef PIMAGE_NT_HEADERS32 PIMAGE_NT_HEADERS
;
191 #define IMAGE_DIRECTORY_ENTRY_EXPORT 0 // Export Directory
193 typedef struct _IMAGE_EXPORT_DIRECTORY
{
194 DWORD Characteristics
;
200 DWORD NumberOfFunctions
;
202 DWORD AddressOfFunctions
; // RVA from base of image
203 DWORD AddressOfNames
; // RVA from base of image
204 DWORD AddressOfNameOrdinals
; // RVA from base of image
205 } IMAGE_EXPORT_DIRECTORY
, *PIMAGE_EXPORT_DIRECTORY
;
207 #define IOCTL_DISK_GET_PARTITION_INFO_EX CTL_CODE(IOCTL_DISK_BASE, 0x0012, METHOD_BUFFERED, FILE_ANY_ACCESS)
208 #define IOCTL_DISK_GET_DRIVE_LAYOUT_EX CTL_CODE(IOCTL_DISK_BASE, 0x0014, METHOD_BUFFERED, FILE_ANY_ACCESS)
209 #define IOCTL_DISK_GET_DRIVE_GEOMETRY_EX CTL_CODE(IOCTL_DISK_BASE, 0x0028, METHOD_BUFFERED, FILE_ANY_ACCESS)
211 #define IOCTL_STORAGE_LOAD_MEDIA2 CTL_CODE(IOCTL_STORAGE_BASE, 0x0203, METHOD_BUFFERED, FILE_ANY_ACCESS)
212 #define IOCTL_STORAGE_GET_MEDIA_TYPES_EX CTL_CODE(IOCTL_STORAGE_BASE, 0x0301, METHOD_BUFFERED, FILE_ANY_ACCESS)
213 #define IOCTL_STORAGE_CHECK_VERIFY2 CTL_CODE(IOCTL_STORAGE_BASE, 0x0200, METHOD_BUFFERED, FILE_ANY_ACCESS)
215 #endif //__NTDDK_EX__H__