+++ /dev/null
-////////////////////////////////////////////////////////////////////
-// Copyright (C) Alexander Telyatnikov, Ivan Keliukh, Yegor Anchishkin, SKIF Software, 1999-2013. Kiev, Ukraine
-// All rights reserved
-// This file was released under the GPLv2 on June 2015.
-////////////////////////////////////////////////////////////////////
-
-//======================================================================
-//
-// NT_Native.h
-//
-//======================================================================
-
-#ifndef __NT_NATIVE_DEFS__H__
-#define __NT_NATIVE_DEFS__H__
-
-#ifdef __cplusplus
-extern "C" {
-#endif //__cplusplus
-
-#include <excpt.h>
-#include <ntdef.h>
-#include <ntstatus.h>
-#include <string.h>
-#include <DEVIOCTL.H>
-#include <NTDDSTOR.H>
-#include <NTDDDISK.H>
-
-typedef struct _KTHREAD *PKTHREAD;
-typedef struct _ETHREAD *PETHREAD;
-typedef struct _EPROCESS *PEPROCESS;
-typedef struct _PEB *PPEB;
-typedef struct _KINTERRUPT *PKINTERRUPT;
-typedef struct _IO_TIMER *PIO_TIMER;
-typedef struct _OBJECT_TYPE *POBJECT_TYPE;
-typedef struct _CALLBACK_OBJECT *PCALLBACK_OBJECT;
-typedef struct _DEVICE_HANDLER_OBJECT *PDEVICE_HANDLER_OBJECT;
-typedef struct _BUS_HANDLER *PBUS_HANDLER;
-
-
-typedef ULONG ACCESS_MASK;
-typedef ACCESS_MASK *PACCESS_MASK;
-
-#define BOOL BOOLEAN
-#define DWORD ULONG
-#define LPVOID PVOID
-#define LPDWORD PULONG
-
-#define APIENTRY __stdcall
-
-#define FASTCALL _fastcall
-
-// end_winnt
-//
-// The following are masks for the predefined standard access types
-//
-
-#define DELETE (0x00010000L)
-#define READ_CONTROL (0x00020000L)
-#define WRITE_DAC (0x00040000L)
-#define WRITE_OWNER (0x00080000L)
-#define SYNCHRONIZE (0x00100000L)
-
-#define STANDARD_RIGHTS_REQUIRED (0x000F0000L)
-
-#define STANDARD_RIGHTS_READ (READ_CONTROL)
-#define STANDARD_RIGHTS_WRITE (READ_CONTROL)
-#define STANDARD_RIGHTS_EXECUTE (READ_CONTROL)
-
-#define STANDARD_RIGHTS_ALL (0x001F0000L)
-
-#define SPECIFIC_RIGHTS_ALL (0x0000FFFFL)
-
-//
-// AccessSystemAcl access type
-//
-
-#define ACCESS_SYSTEM_SECURITY (0x01000000L)
-
-//
-// MaximumAllowed access type
-//
-
-#define MAXIMUM_ALLOWED (0x02000000L)
-
-//
-// These are the generic rights.
-//
-
-#define GENERIC_READ (0x80000000L)
-#define GENERIC_WRITE (0x40000000L)
-#define GENERIC_EXECUTE (0x20000000L)
-#define GENERIC_ALL (0x10000000L)
-
-
-//
-// Subroutines for dealing with the Registry
-//
-
-typedef NTSTATUS (*PRTL_QUERY_REGISTRY_ROUTINE)(
- IN PWSTR ValueName,
- IN ULONG ValueType,
- IN PVOID ValueData,
- IN ULONG ValueLength,
- IN PVOID Context,
- IN PVOID EntryContext
- );
-
-typedef struct _RTL_QUERY_REGISTRY_TABLE {
- PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine;
- ULONG Flags;
- PWSTR Name;
- PVOID EntryContext;
- ULONG DefaultType;
- PVOID DefaultData;
- ULONG DefaultLength;
-
-} RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE;
-
-
-//
-// The following flags specify how the Name field of a RTL_QUERY_REGISTRY_TABLE
-// entry is interpreted. A NULL name indicates the end of the table.
-//
-
-#define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 // Name is a subkey and remainder of
- // table or until next subkey are value
- // names for that subkey to look at.
-
-#define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 // Reset current key to original key for
- // this and all following table entries.
-
-#define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 // Fail if no match found for this table
- // entry.
-
-#define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 // Used to mark a table entry that has no
- // value name, just wants a call out, not
- // an enumeration of all values.
-
-#define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 // Used to suppress the expansion of
- // REG_MULTI_SZ into multiple callouts or
- // to prevent the expansion of environment
- // variable values in REG_EXPAND_SZ
-
-#define RTL_QUERY_REGISTRY_DIRECT 0x00000020 // QueryRoutine field ignored. EntryContext
- // field points to location to store value.
- // For null terminated strings, EntryContext
- // points to UNICODE_STRING structure that
- // that describes maximum size of buffer.
- // If .Buffer field is NULL then a buffer is
- // allocated.
- //
-
-#define RTL_QUERY_REGISTRY_DELETE 0x00000040 // Used to delete value keys after they
- // are queried.
-
-//
-// The following values for the RelativeTo parameter determine what the
-// Path parameter to RtlQueryRegistryValues is relative to.
-//
-
-#define RTL_REGISTRY_ABSOLUTE 0 // Path is a full path
-#define RTL_REGISTRY_SERVICES 1 // \Registry\Machine\System\CurrentControlSet\Services
-#define RTL_REGISTRY_CONTROL 2 // \Registry\Machine\System\CurrentControlSet\Control
-#define RTL_REGISTRY_WINDOWS_NT 3 // \Registry\Machine\Software\Microsoft\Windows NT\CurrentVersion
-#define RTL_REGISTRY_DEVICEMAP 4 // \Registry\Machine\Hardware\DeviceMap
-#define RTL_REGISTRY_USER 5 // \Registry\User\CurrentUser
-#define RTL_REGISTRY_MAXIMUM 6
-#define RTL_REGISTRY_HANDLE 0x40000000 // Low order bits are registry handle
-#define RTL_REGISTRY_OPTIONAL 0x80000000 // Indicates the key node is optional
-
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlCharToInteger (
- PCSZ String,
- ULONG Base,
- PULONG Value
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlIntegerToUnicodeString (
- ULONG Value,
- ULONG Base,
- PUNICODE_STRING String
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToInteger (
- PUNICODE_STRING String,
- ULONG Base,
- PULONG Value
- );
-
-\f
-//
-// String manipulation routines
-//
-
-#ifdef _NTSYSTEM_
-
-#define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
-#define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
-
-#else
-
-#define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
-#define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
-
-#endif // _NTSYSTEM_
-
-extern BOOLEAN NLS_MB_CODE_PAGE_TAG; // TRUE -> Multibyte CP, FALSE -> Singlebyte
-extern BOOLEAN NLS_MB_OEM_CODE_PAGE_TAG; // TRUE -> Multibyte CP, FALSE -> Singlebyte
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitString(
- PSTRING DestinationString,
- PCSZ SourceString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitAnsiString(
- PANSI_STRING DestinationString,
- PCSZ SourceString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlInitUnicodeString(
- PUNICODE_STRING DestinationString,
- PCWSTR SourceString
- );
-
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyString(
- PSTRING DestinationString,
- PSTRING SourceString
- );
-
-NTSYSAPI
-CHAR
-NTAPI
-RtlUpperChar (
- CHAR Character
- );
-
-NTSYSAPI
-LONG
-NTAPI
-RtlCompareString(
- PSTRING String1,
- PSTRING String2,
- BOOLEAN CaseInSensitive
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualString(
- PSTRING String1,
- PSTRING String2,
- BOOLEAN CaseInSensitive
- );
-
-
-NTSYSAPI
-VOID
-NTAPI
-RtlUpperString(
- PSTRING DestinationString,
- PSTRING SourceString
- );
-
-//
-// NLS String functions
-//
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAnsiStringToUnicodeString(
- PUNICODE_STRING DestinationString,
- PANSI_STRING SourceString,
- BOOLEAN AllocateDestinationString
- );
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUnicodeStringToAnsiString(
- PANSI_STRING DestinationString,
- PUNICODE_STRING SourceString,
- BOOLEAN AllocateDestinationString
- );
-
-
-NTSYSAPI
-LONG
-NTAPI
-RtlCompareUnicodeString(
- PUNICODE_STRING String1,
- PUNICODE_STRING String2,
- BOOLEAN CaseInSensitive
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlEqualUnicodeString(
- PUNICODE_STRING String1,
- PUNICODE_STRING String2,
- BOOLEAN CaseInSensitive
- );
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlPrefixUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
- IN BOOLEAN CaseInSensitive
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlUpcaseUnicodeString(
- PUNICODE_STRING DestinationString,
- PUNICODE_STRING SourceString,
- BOOLEAN AllocateDestinationString
- );
-
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyUnicodeString(
- PUNICODE_STRING DestinationString,
- PUNICODE_STRING SourceString
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppendUnicodeStringToString (
- PUNICODE_STRING Destination,
- PUNICODE_STRING Source
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-RtlAppendUnicodeToString (
- PUNICODE_STRING Destination,
- PWSTR Source
- );
-
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFreeUnicodeString(
- PUNICODE_STRING UnicodeString
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFreeAnsiString(
- PANSI_STRING AnsiString
- );
-
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlxAnsiStringToUnicodeSize(
- PANSI_STRING AnsiString
- );
-
-//
-// NTSYSAPI
-// ULONG
-// NTAPI
-// RtlAnsiStringToUnicodeSize(
-// PANSI_STRING AnsiString
-// );
-//
-
-#define RtlAnsiStringToUnicodeSize(STRING) ( \
- NLS_MB_CODE_PAGE_TAG ? \
- RtlxAnsiStringToUnicodeSize(STRING) : \
- ((STRING)->Length + sizeof((UCHAR)NULL)) * sizeof(WCHAR) \
-)
-
-#if DBG
-NTSYSAPI
-VOID
-NTAPI
-RtlAssert(
- PVOID FailedAssertion,
- PVOID FileName,
- ULONG LineNumber,
- PCHAR Message
- );
-
-#define ASSERT( exp ) \
- if (!(exp)) \
- RtlAssert( #exp, __FILE__, __LINE__, NULL )
-
-#define ASSERTMSG( msg, exp ) \
- if (!(exp)) \
- RtlAssert( #exp, __FILE__, __LINE__, msg )
-
-#else
-#define ASSERT( exp )
-#define ASSERTMSG( msg, exp )
-#endif // DBG
-
-//
-// Fast primitives to compare, move, and zero memory
-//
-
-// begin_winnt begin_ntndis
-#if defined(_M_IX86) || defined(_M_MRX000) || defined(_M_ALPHA)
-
-#if defined(_M_MRX000)
-NTSYSAPI
-ULONG
-NTAPI
-RtlEqualMemory (
- CONST VOID *Source1,
- CONST VOID *Source2,
- ULONG Length
- );
-
-#else
-#define RtlEqualMemory(Destination,Source,Length) (!memcmp((Destination),(Source),(Length)))
-#endif
-
-#define RtlMoveMemory(Destination,Source,Length) memmove((Destination),(Source),(Length))
-#define RtlCopyMemory(Destination,Source,Length) memcpy((Destination),(Source),(Length))
-#define RtlFillMemory(Destination,Length,Fill) memset((Destination),(Fill),(Length))
-#define RtlZeroMemory(Destination,Length) memset((Destination),0,(Length))
-
-#else // _M_PPC
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlEqualMemory (
- CONST VOID *Source1,
- CONST VOID *Source2,
- ULONG Length
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyMemory (
- VOID UNALIGNED *Destination,
- CONST VOID UNALIGNED *Source,
- ULONG Length
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlCopyMemory32 (
- VOID UNALIGNED *Destination,
- CONST VOID UNALIGNED *Source,
- ULONG Length
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlMoveMemory (
- VOID UNALIGNED *Destination,
- CONST VOID UNALIGNED *Source,
- ULONG Length
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlFillMemory (
- VOID UNALIGNED *Destination,
- ULONG Length,
- UCHAR Fill
- );
-
-NTSYSAPI
-VOID
-NTAPI
-RtlZeroMemory (
- VOID UNALIGNED *Destination,
- ULONG Length
- );
-#endif
-// end_winnt end_ntndis
-
-NTSYSAPI
-ULONG
-NTAPI
-RtlCompareMemory (
- PVOID Source1,
- PVOID Source2,
- ULONG Length
- );
-
-typedef struct _TIME_FIELDS {
- CSHORT Year; // range [1601...]
- CSHORT Month; // range [1..12]
- CSHORT Day; // range [1..31]
- CSHORT Hour; // range [0..23]
- CSHORT Minute; // range [0..59]
- CSHORT Second; // range [0..59]
- CSHORT Milliseconds;// range [0..999]
- CSHORT Weekday; // range [0..6] == [Sunday..Saturday]
-} TIME_FIELDS;
-typedef TIME_FIELDS *PTIME_FIELDS;
-
-
-NTSYSAPI
-VOID
-NTAPI
-RtlTimeToTimeFields (
- PLARGE_INTEGER Time,
- PTIME_FIELDS TimeFields
- );
-
-//
-// A time field record (Weekday ignored) -> 64 bit Time value
-//
-
-NTSYSAPI
-BOOLEAN
-NTAPI
-RtlTimeFieldsToTime (
- PTIME_FIELDS TimeFields,
- PLARGE_INTEGER Time
- );
-
-//
-// Define the generic mapping array. This is used to denote the
-// mapping of each generic access right to a specific access mask.
-//
-
-typedef struct _GENERIC_MAPPING {
- ACCESS_MASK GenericRead;
- ACCESS_MASK GenericWrite;
- ACCESS_MASK GenericExecute;
- ACCESS_MASK GenericAll;
-} GENERIC_MAPPING;
-typedef GENERIC_MAPPING *PGENERIC_MAPPING;
-
-//
-// Define the various device type values. Note that values used by Microsoft
-// Corporation are in the range 0-32767, and 32768-65535 are reserved for use
-// by customers.
-//
-
-#define DEVICE_TYPE ULONG
-
-//
-// Macro definition for defining IOCTL and FSCTL function control codes. Note
-// that function codes 0-2047 are reserved for Microsoft Corporation, and
-// 2048-4095 are reserved for customers.
-//
-
-#define CTL_CODE( DeviceType, Function, Method, Access ) ( \
- ((DeviceType) << 16) | ((Access) << 14) | ((Function) << 2) | (Method) \
-)
-
-//
-// Define the method codes for how buffers are passed for I/O and FS controls
-//
-
-#define METHOD_BUFFERED 0
-#define METHOD_IN_DIRECT 1
-#define METHOD_OUT_DIRECT 2
-#define METHOD_NEITHER 3
-
-//
-// Define the access check value for any access
-//
-//
-// The FILE_READ_ACCESS and FILE_WRITE_ACCESS constants are also defined in
-// ntioapi.h as FILE_READ_DATA and FILE_WRITE_DATA. The values for these
-// constants *MUST* always be in sync.
-//
-
-
-#define FILE_ANY_ACCESS 0
-#define FILE_READ_ACCESS ( 0x0001 ) // file & pipe
-#define FILE_WRITE_ACCESS ( 0x0002 ) // file & pipe
-
-
-// begin_winnt
-
-//
-// Define access rights to files and directories
-//
-
-//
-// The FILE_READ_DATA and FILE_WRITE_DATA constants are also defined in
-// devioctl.h as FILE_READ_ACCESS and FILE_WRITE_ACCESS. The values for these
-// constants *MUST* always be in sync.
-// The values are redefined in devioctl.h because they must be available to
-// both DOS and NT.
-//
-
-#define FILE_READ_DATA ( 0x0001 ) // file & pipe
-#define FILE_LIST_DIRECTORY ( 0x0001 ) // directory
-
-#define FILE_WRITE_DATA ( 0x0002 ) // file & pipe
-#define FILE_ADD_FILE ( 0x0002 ) // directory
-
-#define FILE_APPEND_DATA ( 0x0004 ) // file
-#define FILE_ADD_SUBDIRECTORY ( 0x0004 ) // directory
-#define FILE_CREATE_PIPE_INSTANCE ( 0x0004 ) // named pipe
-
-#define FILE_READ_EA ( 0x0008 ) // file & directory
-
-#define FILE_WRITE_EA ( 0x0010 ) // file & directory
-
-#define FILE_EXECUTE ( 0x0020 ) // file
-#define FILE_TRAVERSE ( 0x0020 ) // directory
-
-#define FILE_DELETE_CHILD ( 0x0040 ) // directory
-
-#define FILE_READ_ATTRIBUTES ( 0x0080 ) // all
-
-#define FILE_WRITE_ATTRIBUTES ( 0x0100 ) // all
-
-#define FILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | 0x1FF)
-
-#define FILE_GENERIC_READ (STANDARD_RIGHTS_READ |\
- FILE_READ_DATA |\
- FILE_READ_ATTRIBUTES |\
- FILE_READ_EA |\
- SYNCHRONIZE)
-
-
-#define FILE_GENERIC_WRITE (STANDARD_RIGHTS_WRITE |\
- FILE_WRITE_DATA |\
- FILE_WRITE_ATTRIBUTES |\
- FILE_WRITE_EA |\
- FILE_APPEND_DATA |\
- SYNCHRONIZE)
-
-
-#define FILE_GENERIC_EXECUTE (STANDARD_RIGHTS_EXECUTE |\
- FILE_READ_ATTRIBUTES |\
- FILE_EXECUTE |\
- SYNCHRONIZE)
-
-// end_winnt
-
-
-//
-// Define share access rights to files and directories
-//
-
-#define FILE_SHARE_READ 0x00000001 // winnt
-#define FILE_SHARE_WRITE 0x00000002 // winnt
-#define FILE_SHARE_DELETE 0x00000004 // winnt
-#define FILE_SHARE_VALID_FLAGS 0x00000007
-
-//
-// Define the file attributes values
-//
-// Note: 0x00000008 is reserved for use for the old DOS VOLID (volume ID)
-// and is therefore not considered valid in NT.
-//
-// Note: 0x00000010 is reserved for use for the old DOS SUBDIRECTORY flag
-// and is therefore not considered valid in NT. This flag has
-// been disassociated with file attributes since the other flags are
-// protected with READ_ and WRITE_ATTRIBUTES access to the file.
-//
-// Note: Note also that the order of these flags is set to allow both the
-// FAT and the Pinball File Systems to directly set the attributes
-// flags in attributes words without having to pick each flag out
-// individually. The order of these flags should not be changed!
-//
-
-#define FILE_ATTRIBUTE_READONLY 0x00000001 // winnt
-#define FILE_ATTRIBUTE_HIDDEN 0x00000002 // winnt
-#define FILE_ATTRIBUTE_SYSTEM 0x00000004 // winnt
-#define FILE_ATTRIBUTE_DIRECTORY 0x00000010 // winnt
-#define FILE_ATTRIBUTE_ARCHIVE 0x00000020 // winnt
-#define FILE_ATTRIBUTE_NORMAL 0x00000080 // winnt
-#define FILE_ATTRIBUTE_TEMPORARY 0x00000100 // winnt
-#define FILE_ATTRIBUTE_RESERVED0 0x00000200
-#define FILE_ATTRIBUTE_RESERVED1 0x00000400
-#define FILE_ATTRIBUTE_COMPRESSED 0x00000800 // winnt
-#define FILE_ATTRIBUTE_OFFLINE 0x00001000 // winnt
-#define FILE_ATTRIBUTE_PROPERTY_SET 0x00002000
-#define FILE_ATTRIBUTE_VALID_FLAGS 0x00003fb7
-#define FILE_ATTRIBUTE_VALID_SET_FLAGS 0x00003fa7
-
-//
-// Define the create disposition values
-//
-
-#define FILE_SUPERSEDE 0x00000000
-#define FILE_OPEN 0x00000001
-#define FILE_CREATE 0x00000002
-#define FILE_OPEN_IF 0x00000003
-#define FILE_OVERWRITE 0x00000004
-#define FILE_OVERWRITE_IF 0x00000005
-#define FILE_MAXIMUM_DISPOSITION 0x00000005
-
-
-//
-// Define the create/open option flags
-//
-
-#define FILE_DIRECTORY_FILE 0x00000001
-#define FILE_WRITE_THROUGH 0x00000002
-#define FILE_SEQUENTIAL_ONLY 0x00000004
-#define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008
-
-#define FILE_SYNCHRONOUS_IO_ALERT 0x00000010
-#define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020
-#define FILE_NON_DIRECTORY_FILE 0x00000040
-#define FILE_CREATE_TREE_CONNECTION 0x00000080
-
-#define FILE_COMPLETE_IF_OPLOCKED 0x00000100
-#define FILE_NO_EA_KNOWLEDGE 0x00000200
-//UNUSED 0x00000400
-#define FILE_RANDOM_ACCESS 0x00000800
-
-#define FILE_DELETE_ON_CLOSE 0x00001000
-#define FILE_OPEN_BY_FILE_ID 0x00002000
-#define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000
-#define FILE_NO_COMPRESSION 0x00008000
-
-
-#define FILE_RESERVE_OPFILTER 0x00100000
-#define FILE_TRANSACTED_MODE 0x00200000
-#define FILE_OPEN_OFFLINE_FILE 0x00400000
-
-#define FILE_VALID_OPTION_FLAGS 0x007fffff
-#define FILE_VALID_PIPE_OPTION_FLAGS 0x00000032
-#define FILE_VALID_MAILSLOT_OPTION_FLAGS 0x00000032
-#define FILE_VALID_SET_FLAGS 0x00000036
-
-//
-// Define the I/O status information return values for NtCreateFile/NtOpenFile
-//
-
-#define FILE_SUPERSEDED 0x00000000
-#define FILE_OPENED 0x00000001
-#define FILE_CREATED 0x00000002
-#define FILE_OVERWRITTEN 0x00000003
-#define FILE_EXISTS 0x00000004
-#define FILE_DOES_NOT_EXIST 0x00000005
-
-//
-// Define special ByteOffset parameters for read and write operations
-//
-
-#define FILE_WRITE_TO_END_OF_FILE 0xffffffff
-#define FILE_USE_FILE_POINTER_POSITION 0xfffffffe
-
-//
-// Define alignment requirement values
-//
-
-#define FILE_BYTE_ALIGNMENT 0x00000000
-#define FILE_WORD_ALIGNMENT 0x00000001
-#define FILE_LONG_ALIGNMENT 0x00000003
-#define FILE_QUAD_ALIGNMENT 0x00000007
-#define FILE_OCTA_ALIGNMENT 0x0000000f
-#define FILE_32_BYTE_ALIGNMENT 0x0000001f
-#define FILE_64_BYTE_ALIGNMENT 0x0000003f
-#define FILE_128_BYTE_ALIGNMENT 0x0000007f
-#define FILE_256_BYTE_ALIGNMENT 0x000000ff
-#define FILE_512_BYTE_ALIGNMENT 0x000001ff
-
-//
-// Define the maximum length of a filename string
-//
-
-#define MAXIMUM_FILENAME_LENGTH 256
-
-//
-// Define the various device characteristics flags
-//
-
-#define FILE_REMOVABLE_MEDIA 0x00000001
-#define FILE_READ_ONLY_DEVICE 0x00000002
-#define FILE_FLOPPY_DISKETTE 0x00000004
-#define FILE_WRITE_ONCE_MEDIA 0x00000008
-#define FILE_REMOTE_DEVICE 0x00000010
-#define FILE_DEVICE_IS_MOUNTED 0x00000020
-#define FILE_VIRTUAL_VOLUME 0x00000040
-
-#ifndef _FILESYSTEMFSCTL_
-#define _FILESYSTEMFSCTL_
-
-#endif // _FILESYSTEMFSCTL_
-
-//
-// The following is a list of the native file system fsctls followed by
-// additional network file system fsctls. Some values have been
-// decommissioned.
-//
-
-#define FSCTL_REQUEST_OPLOCK_LEVEL_1 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 0, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_OPLOCK_LEVEL_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 1, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_REQUEST_BATCH_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 2, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_ACKNOWLEDGE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 3, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPBATCH_ACK_CLOSE_PENDING CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 4, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_NOTIFY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 5, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_LOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 6, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_UNLOCK_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 7, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_DISMOUNT_VOLUME CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 8, METHOD_BUFFERED, FILE_ANY_ACCESS)
-// decommissioned fsctl value 9
-#define FSCTL_IS_VOLUME_MOUNTED CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 10, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_IS_PATHNAME_VALID CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 11, METHOD_BUFFERED, FILE_ANY_ACCESS) // PATHNAME_BUFFER,
-#define FSCTL_MARK_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 12, METHOD_BUFFERED, FILE_ANY_ACCESS)
-// decommissioned fsctl value 13
-#define FSCTL_QUERY_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 14, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_GET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 15, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_SET_COMPRESSION CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 16, METHOD_BUFFERED, FILE_READ_DATA | FILE_WRITE_DATA)
-// decommissioned fsctl value 17
-// decommissioned fsctl value 18
-#define FSCTL_MARK_AS_SYSTEM_HIVE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 19, METHOD_NEITHER, FILE_ANY_ACCESS)
-#define FSCTL_OPLOCK_BREAK_ACK_NO_2 CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 20, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_INVALIDATE_VOLUMES CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 21, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_QUERY_FAT_BPB CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 22, METHOD_BUFFERED, FILE_ANY_ACCESS) // FSCTL_QUERY_FAT_BPB_BUFFER
-#define FSCTL_REQUEST_FILTER_OPLOCK CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 23, METHOD_BUFFERED, FILE_ANY_ACCESS)
-#define FSCTL_FILESYSTEM_GET_STATISTICS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 24, METHOD_BUFFERED, FILE_ANY_ACCESS) // FILESYSTEM_STATISTICS
-#if(_WIN32_WINNT >= 0x0400)
-#define FSCTL_GET_NTFS_VOLUME_DATA CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 25, METHOD_BUFFERED, FILE_ANY_ACCESS) // NTFS_VOLUME_DATA_BUFFER
-#define FSCTL_GET_NTFS_FILE_RECORD CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 26, METHOD_BUFFERED, FILE_ANY_ACCESS) // NTFS_FILE_RECORD_INPUT_BUFFER, NTFS_FILE_RECORD_OUTPUT_BUFFER
-#define FSCTL_GET_VOLUME_BITMAP CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 27, METHOD_NEITHER, FILE_ANY_ACCESS) // STARTING_LCN_INPUT_BUFFER, VOLUME_BITMAP_BUFFER
-#define FSCTL_GET_RETRIEVAL_POINTERS CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 28, METHOD_NEITHER, FILE_ANY_ACCESS) // STARTING_VCN_INPUT_BUFFER, RETRIEVAL_POINTERS_BUFFER
-#define FSCTL_MOVE_FILE CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 29, METHOD_BUFFERED, FILE_SPECIAL_ACCESS) // MOVE_FILE_DATA,
-#define FSCTL_IS_VOLUME_DIRTY CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 30, METHOD_BUFFERED, FILE_ANY_ACCESS)
-// decomissioned fsctl value 31
-#define FSCTL_ALLOW_EXTENDED_DASD_IO CTL_CODE(FILE_DEVICE_FILE_SYSTEM, 32, METHOD_NEITHER, FILE_ANY_ACCESS)
-#endif /* _WIN32_WINNT >= 0x0400 */
-
-//
-// Define the base asynchronous I/O argument types
-//
-
-typedef struct _IO_STATUS_BLOCK {
- NTSTATUS Status;
- ULONG Information;
-} IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
-
-//
-// Define an Asynchronous Procedure Call from I/O viewpoint
-//
-
-typedef
-VOID
-(*PIO_APC_ROUTINE) (
- IN PVOID ApcContext,
- IN PIO_STATUS_BLOCK IoStatusBlock,
- IN ULONG Reserved
- );
-
-//
-// Define the file information class values
-//
-// WARNING: The order of the following values are assumed by the I/O system.
-// Any changes made here should be reflected there as well.
-//
-
-typedef enum _FILE_INFORMATION_CLASS {
- FileDirectoryInformation = 1,
- FileFullDirectoryInformation,
- FileBothDirectoryInformation,
- FileBasicInformation,
- FileStandardInformation,
- FileInternalInformation,
- FileEaInformation,
- FileAccessInformation,
- FileNameInformation,
- FileRenameInformation,
- FileLinkInformation,
- FileNamesInformation,
- FileDispositionInformation,
- FilePositionInformation,
- FileFullEaInformation,
- FileModeInformation,
- FileAlignmentInformation,
- FileAllInformation,
- FileAllocationInformation,
- FileEndOfFileInformation,
- FileAlternateNameInformation,
- FileStreamInformation,
- FilePipeInformation,
- FilePipeLocalInformation,
- FilePipeRemoteInformation,
- FileMailslotQueryInformation,
- FileMailslotSetInformation,
- FileCompressionInformation,
- FileCopyOnWriteInformation,
- FileCompletionInformation,
- FileMoveClusterInformation,
- FileOleClassIdInformation,
- FileOleStateBitsInformation,
- FileNetworkOpenInformation,
- FileObjectIdInformation,
- FileOleAllInformation,
- FileOleDirectoryInformation,
- FileContentIndexInformation,
- FileInheritContentIndexInformation,
- FileOleInformation,
- FileMaximumInformation
-} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
-
-//
-// Define the various structures which are returned on query operations
-//
-
-typedef struct _FILE_BASIC_INFORMATION {
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- ULONG FileAttributes;
-} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-
-typedef struct _FILE_STANDARD_INFORMATION {
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
-} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-
-typedef struct _FILE_POSITION_INFORMATION {
- LARGE_INTEGER CurrentByteOffset;
-} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
-
-typedef struct _FILE_ALIGNMENT_INFORMATION {
- ULONG AlignmentRequirement;
-} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
-
-typedef struct _FILE_NETWORK_OPEN_INFORMATION {
- LARGE_INTEGER CreationTime;
- LARGE_INTEGER LastAccessTime;
- LARGE_INTEGER LastWriteTime;
- LARGE_INTEGER ChangeTime;
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG FileAttributes;
-} FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
-
-typedef struct _FILE_DISPOSITION_INFORMATION {
- BOOLEAN DeleteFile;
-} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
-
-typedef struct _FILE_END_OF_FILE_INFORMATION {
- LARGE_INTEGER EndOfFile;
-} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
-
-
-typedef struct _FILE_FULL_EA_INFORMATION {
- ULONG NextEntryOffset;
- UCHAR Flags;
- UCHAR EaNameLength;
- USHORT EaValueLength;
- CHAR EaName[1];
-} FILE_FULL_EA_INFORMATION, *PFILE_FULL_EA_INFORMATION;
-
-//
-// Define the file system information class values
-//
-// WARNING: The order of the following values are assumed by the I/O system.
-// Any changes made here should be reflected there as well.
-
-typedef enum _FSINFOCLASS {
- FileFsVolumeInformation = 1,
- FileFsLabelInformation,
- FileFsSizeInformation,
- FileFsDeviceInformation,
- FileFsAttributeInformation,
- FileFsControlInformation,
- FileFsQuotaQueryInformation, // temporary
- FileFsQuotaSetInformation, // temporary
- FileFsMaximumInformation
-} FS_INFORMATION_CLASS, *PFS_INFORMATION_CLASS;
-
-typedef struct _FILE_FS_DEVICE_INFORMATION {
- DEVICE_TYPE DeviceType;
- ULONG Characteristics;
-} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
-
-//
-// Registry Specific Access Rights.
-//
-
-#define KEY_QUERY_VALUE (0x0001)
-#define KEY_SET_VALUE (0x0002)
-#define KEY_CREATE_SUB_KEY (0x0004)
-#define KEY_ENUMERATE_SUB_KEYS (0x0008)
-#define KEY_NOTIFY (0x0010)
-#define KEY_CREATE_LINK (0x0020)
-
-#define KEY_READ ((STANDARD_RIGHTS_READ |\
- KEY_QUERY_VALUE |\
- KEY_ENUMERATE_SUB_KEYS |\
- KEY_NOTIFY) \
- & \
- (~SYNCHRONIZE))
-
-
-#define KEY_WRITE ((STANDARD_RIGHTS_WRITE |\
- KEY_SET_VALUE |\
- KEY_CREATE_SUB_KEY) \
- & \
- (~SYNCHRONIZE))
-
-#define KEY_EXECUTE ((KEY_READ) \
- & \
- (~SYNCHRONIZE))
-
-#define KEY_ALL_ACCESS ((STANDARD_RIGHTS_ALL |\
- KEY_QUERY_VALUE |\
- KEY_SET_VALUE |\
- KEY_CREATE_SUB_KEY |\
- KEY_ENUMERATE_SUB_KEYS |\
- KEY_NOTIFY |\
- KEY_CREATE_LINK) \
- & \
- (~SYNCHRONIZE))
-
-//
-// Open/Create Options
-//
-
-#define REG_OPTION_RESERVED (0x00000000L) // Parameter is reserved
-
-#define REG_OPTION_NON_VOLATILE (0x00000000L) // Key is preserved
- // when system is rebooted
-
-#define REG_OPTION_VOLATILE (0x00000001L) // Key is not preserved
- // when system is rebooted
-
-#define REG_OPTION_CREATE_LINK (0x00000002L) // Created key is a
- // symbolic link
-
-#define REG_OPTION_BACKUP_RESTORE (0x00000004L) // open for backup or restore
- // special access rules
- // privilege required
-
-#define REG_OPTION_OPEN_LINK (0x00000008L) // Open symbolic link
-
-#define REG_LEGAL_OPTION \
- (REG_OPTION_RESERVED |\
- REG_OPTION_NON_VOLATILE |\
- REG_OPTION_VOLATILE |\
- REG_OPTION_CREATE_LINK |\
- REG_OPTION_BACKUP_RESTORE |\
- REG_OPTION_OPEN_LINK)
-
-//
-// Key creation/open disposition
-//
-
-#define REG_CREATED_NEW_KEY (0x00000001L) // New Registry Key created
-#define REG_OPENED_EXISTING_KEY (0x00000002L) // Existing Key opened
-
-//
-// Key restore flags
-//
-
-#define REG_WHOLE_HIVE_VOLATILE (0x00000001L) // Restore whole hive volatile
-#define REG_REFRESH_HIVE (0x00000002L) // Unwind changes to last flush
-#define REG_NO_LAZY_FLUSH (0x00000004L) // Never lazy flush this hive
-
-//
-// Key query structures
-//
-
-typedef struct _KEY_BASIC_INFORMATION {
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG NameLength;
- WCHAR Name[1]; // Variable length string
-} KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION;
-
-typedef struct _KEY_NODE_INFORMATION {
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG ClassOffset;
- ULONG ClassLength;
- ULONG NameLength;
- WCHAR Name[1]; // Variable length string
-// Class[1]; // Variable length string not declared
-} KEY_NODE_INFORMATION, *PKEY_NODE_INFORMATION;
-
-typedef struct _KEY_FULL_INFORMATION {
- LARGE_INTEGER LastWriteTime;
- ULONG TitleIndex;
- ULONG ClassOffset;
- ULONG ClassLength;
- ULONG SubKeys;
- ULONG MaxNameLen;
- ULONG MaxClassLen;
- ULONG Values;
- ULONG MaxValueNameLen;
- ULONG MaxValueDataLen;
- WCHAR Class[1]; // Variable length
-} KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION;
-
-typedef enum _KEY_INFORMATION_CLASS {
- KeyBasicInformation,
- KeyNodeInformation,
- KeyFullInformation
-} KEY_INFORMATION_CLASS;
-
-typedef struct _KEY_WRITE_TIME_INFORMATION {
- LARGE_INTEGER LastWriteTime;
-} KEY_WRITE_TIME_INFORMATION, *PKEY_WRITE_TIME_INFORMATION;
-
-typedef enum _KEY_SET_INFORMATION_CLASS {
- KeyWriteTimeInformation
-} KEY_SET_INFORMATION_CLASS;
-
-//
-// Value entry query structures
-//
-
-typedef struct _KEY_VALUE_BASIC_INFORMATION {
- ULONG TitleIndex;
- ULONG Type;
- ULONG NameLength;
- WCHAR Name[1]; // Variable size
-} KEY_VALUE_BASIC_INFORMATION, *PKEY_VALUE_BASIC_INFORMATION;
-
-typedef struct _KEY_VALUE_FULL_INFORMATION {
- ULONG TitleIndex;
- ULONG Type;
- ULONG DataOffset;
- ULONG DataLength;
- ULONG NameLength;
- WCHAR Name[1]; // Variable size
-// Data[1]; // Variable size data not declared
-} KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION;
-
-typedef struct _KEY_VALUE_PARTIAL_INFORMATION {
- ULONG TitleIndex;
- ULONG Type;
- ULONG DataLength;
- UCHAR Data[1]; // Variable size
-} KEY_VALUE_PARTIAL_INFORMATION, *PKEY_VALUE_PARTIAL_INFORMATION;
-
-typedef struct _KEY_VALUE_ENTRY {
- PUNICODE_STRING ValueName;
- ULONG DataLength;
- ULONG DataOffset;
- ULONG Type;
-} KEY_VALUE_ENTRY, *PKEY_VALUE_ENTRY;
-
-typedef enum _KEY_VALUE_INFORMATION_CLASS {
- KeyValueBasicInformation,
- KeyValueFullInformation,
- KeyValuePartialInformation
-} KEY_VALUE_INFORMATION_CLASS;
-
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtEnumerateKey(
- IN HANDLE KeyHandle,
- IN ULONG Index,
- IN KEY_INFORMATION_CLASS KeyInformationClass,
- IN PVOID KeyInformation,
- IN ULONG Length,
- IN PULONG ResultLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtOpenKey(
- OUT PHANDLE KeyHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtQueryValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass,
- IN PVOID KeyValueInformation,
- IN ULONG Length,
- IN PULONG ResultLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtSetValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName,
- IN ULONG TitleIndex OPTIONAL,
- IN ULONG Type,
- IN PVOID Data,
- IN ULONG DataSize
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtDeleteValueKey(
- IN HANDLE KeyHandle,
- IN PUNICODE_STRING ValueName
- );
-
-
-#define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
-
-//
-// Object Manager Object Type Specific Access Rights.
-//
-
-#define OBJECT_TYPE_CREATE (0x0001)
-
-#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
-
-//
-// Object Manager Directory Specific Access Rights.
-//
-
-#define DIRECTORY_QUERY (0x0001)
-#define DIRECTORY_TRAVERSE (0x0002)
-#define DIRECTORY_CREATE_OBJECT (0x0004)
-#define DIRECTORY_CREATE_SUBDIRECTORY (0x0008)
-
-#define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xF)
-
-//
-// Object Manager Symbolic Link Specific Access Rights.
-//
-
-#define SYMBOLIC_LINK_QUERY (0x0001)
-
-#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
-
-typedef struct _OBJECT_NAME_INFORMATION {
- UNICODE_STRING Name;
-} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
-
-//
-// Section Information Structures.
-//
-
-typedef enum _SECTION_INHERIT {
- ViewShare = 1,
- ViewUnmap = 2
-} SECTION_INHERIT;
-
-//
-// Section Access Rights.
-//
-
-// begin_winnt
-#define SECTION_QUERY 0x0001
-#define SECTION_MAP_WRITE 0x0002
-#define SECTION_MAP_READ 0x0004
-#define SECTION_MAP_EXECUTE 0x0008
-#define SECTION_EXTEND_SIZE 0x0010
-
-#define SECTION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SECTION_QUERY|\
- SECTION_MAP_WRITE | \
- SECTION_MAP_READ | \
- SECTION_MAP_EXECUTE | \
- SECTION_EXTEND_SIZE)
-// end_winnt
-
-#define SEGMENT_ALL_ACCESS SECTION_ALL_ACCESS
-
-#define PAGE_NOACCESS 0x01 // winnt
-#define PAGE_READONLY 0x02 // winnt
-#define PAGE_READWRITE 0x04 // winnt
-#define PAGE_WRITECOPY 0x08 // winnt
-#define PAGE_EXECUTE 0x10 // winnt
-#define PAGE_EXECUTE_READ 0x20 // winnt
-#define PAGE_EXECUTE_READWRITE 0x40 // winnt
-#define PAGE_EXECUTE_WRITECOPY 0x80 // winnt
-#define PAGE_GUARD 0x100 // winnt
-#define PAGE_NOCACHE 0x200 // winnt
-
-#define MEM_COMMIT 0x1000
-#define MEM_RESERVE 0x2000
-#define MEM_DECOMMIT 0x4000
-#define MEM_RELEASE 0x8000
-#define MEM_FREE 0x10000
-#define MEM_PRIVATE 0x20000
-#define MEM_MAPPED 0x40000
-#define MEM_RESET 0x80000
-#define MEM_TOP_DOWN 0x100000
-#define MEM_LARGE_PAGES 0x20000000
-#define SEC_RESERVE 0x4000000
-#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
- 0xFFF)
-
-
-#define MAXIMUM_PROCESSORS 32
-
-// end_winnt
-
-//
-// Thread Specific Access Rights
-//
-
-#define THREAD_TERMINATE (0x0001) // winnt
-#define THREAD_SET_INFORMATION (0x0020) // winnt
-
-#define THREAD_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
- 0x3FF)
-
-//
-// ClientId
-//
-
-typedef struct _CLIENT_ID {
- HANDLE UniqueProcess;
- HANDLE UniqueThread;
-} CLIENT_ID;
-typedef CLIENT_ID *PCLIENT_ID;
-
-//
-// Define the size of the 80387 save area, which is in the context frame.
-//
-
-#define SIZE_OF_80387_REGISTERS 80
-
-//
-// The following flags control the contents of the CONTEXT structure.
-//
-
-#if !defined(RC_INVOKED)
-
-#define CONTEXT_i386 0x00010000 // this assumes that i386 and
-#define CONTEXT_i486 0x00010000 // i486 have identical context records
-
-// end_wx86
-
-#define CONTEXT_CONTROL (CONTEXT_i386 | 0x00000001L) // SS:SP, CS:IP, FLAGS, BP
-#define CONTEXT_INTEGER (CONTEXT_i386 | 0x00000002L) // AX, BX, CX, DX, SI, DI
-#define CONTEXT_SEGMENTS (CONTEXT_i386 | 0x00000004L) // DS, ES, FS, GS
-#define CONTEXT_FLOATING_POINT (CONTEXT_i386 | 0x00000008L) // 387 state
-#define CONTEXT_DEBUG_REGISTERS (CONTEXT_i386 | 0x00000010L) // DB 0-3,6,7
-
-#define CONTEXT_FULL (CONTEXT_CONTROL | CONTEXT_INTEGER |\
- CONTEXT_SEGMENTS)
-
-// begin_wx86
-
-#endif
-
-typedef struct _FLOATING_SAVE_AREA {
- ULONG ControlWord;
- ULONG StatusWord;
- ULONG TagWord;
- ULONG ErrorOffset;
- ULONG ErrorSelector;
- ULONG DataOffset;
- ULONG DataSelector;
- UCHAR RegisterArea[SIZE_OF_80387_REGISTERS];
- ULONG Cr0NpxState;
-} FLOATING_SAVE_AREA;
-
-typedef FLOATING_SAVE_AREA *PFLOATING_SAVE_AREA;
-
-//
-// Context Frame
-//
-// This frame has a several purposes: 1) it is used as an argument to
-// NtContinue, 2) is is used to constuct a call frame for APC delivery,
-// and 3) it is used in the user level thread creation routines.
-//
-// The layout of the record conforms to a standard call frame.
-//
-
-typedef struct _CONTEXT {
-
- //
- // The flags values within this flag control the contents of
- // a CONTEXT record.
- //
- // If the context record is used as an input parameter, then
- // for each portion of the context record controlled by a flag
- // whose value is set, it is assumed that that portion of the
- // context record contains valid context. If the context record
- // is being used to modify a threads context, then only that
- // portion of the threads context will be modified.
- //
- // If the context record is used as an IN OUT parameter to capture
- // the context of a thread, then only those portions of the thread's
- // context corresponding to set flags will be returned.
- //
- // The context record is never used as an OUT only parameter.
- //
-
- ULONG ContextFlags;
-
- //
- // This section is specified/returned if CONTEXT_DEBUG_REGISTERS is
- // set in ContextFlags. Note that CONTEXT_DEBUG_REGISTERS is NOT
- // included in CONTEXT_FULL.
- //
-
- ULONG Dr0;
- ULONG Dr1;
- ULONG Dr2;
- ULONG Dr3;
- ULONG Dr6;
- ULONG Dr7;
-
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_FLOATING_POINT.
- //
-
- FLOATING_SAVE_AREA FloatSave;
-
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_SEGMENTS.
- //
-
- ULONG SegGs;
- ULONG SegFs;
- ULONG SegEs;
- ULONG SegDs;
-
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_INTEGER.
- //
-
- ULONG Edi;
- ULONG Esi;
- ULONG Ebx;
- ULONG Edx;
- ULONG Ecx;
- ULONG Eax;
-
- //
- // This section is specified/returned if the
- // ContextFlags word contians the flag CONTEXT_CONTROL.
- //
-
- ULONG Ebp;
- ULONG Eip;
- ULONG SegCs; // MUST BE SANITIZED
- ULONG EFlags; // MUST BE SANITIZED
- ULONG Esp;
- ULONG SegSs;
-
-} CONTEXT;
-
-
-
-typedef CONTEXT *PCONTEXT;
-
-//
-// Predefined Value Types.
-//
-
-#define REG_NONE ( 0 ) // No value type
-#define REG_SZ ( 1 ) // Unicode nul terminated string
-#define REG_EXPAND_SZ ( 2 ) // Unicode nul terminated string
- // (with environment variable references)
-#define REG_BINARY ( 3 ) // Free form binary
-#define REG_DWORD ( 4 ) // 32-bit number
-#define REG_DWORD_LITTLE_ENDIAN ( 4 ) // 32-bit number (same as REG_DWORD)
-#define REG_DWORD_BIG_ENDIAN ( 5 ) // 32-bit number
-#define REG_LINK ( 6 ) // Symbolic Link (unicode)
-#define REG_MULTI_SZ ( 7 ) // Multiple Unicode strings
-#define REG_RESOURCE_LIST ( 8 ) // Resource list in the resource map
-#define REG_FULL_RESOURCE_DESCRIPTOR ( 9 ) // Resource list in the hardware description
-#define REG_RESOURCE_REQUIREMENTS_LIST ( 10 )
-
-/*
-LONG
-FASTCALL
-InterlockedIncrement(
- IN PLONG Addend
- );
-
-LONG
-FASTCALL
-InterlockedDecrement(
- IN PLONG Addend
- );
-
-LONG
-FASTCALL
-InterlockedExchange(
- IN OUT PLONG Target,
- IN LONG Value
- );
-
-LONG
-FASTCALL
-InterlockedExchangeAdd(
- IN OUT PLONG Addend,
- IN LONG Increment
- );
-
-PVOID
-FASTCALL
-InterlockedCompareExchange(
- IN OUT PVOID *Destination,
- IN PVOID ExChange,
- IN PVOID Comperand
- );
-*/
-//
-// Environment information, which includes command line and
-// image file name
-//
-typedef struct {
- ULONG Unknown[21];
- UNICODE_STRING CommandLine;
- UNICODE_STRING ImageFile;
-} ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION;
-
-//
-// This structure is passed as NtProcessStartup's parameter
-//
-typedef struct {
- ULONG Unknown[3];
- PENVIRONMENT_INFORMATION Environment;
-} STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT;
-
-//
-// Data structure for heap definition. This includes various
-// sizing parameters and callback routines, which, if left NULL,
-// result in default behavior
-//
-typedef struct {
- ULONG Length;
- ULONG Unknown[11];
-} RTL_HEAP_DEFINITION, *PRTL_HEAP_DEFINITION;
-
-//
-// Native NT api function to write something to the boot-time
-// blue screen
-//
-NTSTATUS
-NTAPI
-NtDisplayString(
- PUNICODE_STRING String
- );
-
-//
-// Native applications must kill themselves when done - the job
-// of this native API
-//
-NTSTATUS
-NTAPI
-NtTerminateProcess(
- HANDLE ProcessHandle,
- LONG ExitStatus
- );
-
-//
-// Thread start function
-//
-
-typedef
-VOID
-(*PKSTART_ROUTINE) (
- IN PVOID StartContext
- );
-
-typedef struct StackInfo_t {
- ULONG Unknown1;
- ULONG Unknown2;
- ULONG TopOfStack;
- ULONG OnePageBelowTopOfStack;
- ULONG BottomOfStack;
-} STACKINFO, *PSTACKINFO;
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtCreateThread(
- OUT PHANDLE phThread,
- IN ACCESS_MASK AccessMask,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- IN HANDLE hProcess,
- OUT PCLIENT_ID pClientId,
- IN PCONTEXT pContext,
- OUT PSTACKINFO pStackInfo,
- IN BOOLEAN bSuspended
-);
-
-/*NTSTATUS
-PsCreateSystemThread(
- OUT PHANDLE ThreadHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
- IN HANDLE ProcessHandle OPTIONAL,
- OUT PCLIENT_ID ClientId OPTIONAL,
- IN PKSTART_ROUTINE StartRoutine,
- IN PVOID StartContext
- );
-*/
-NTSTATUS
-NtTerminateThread(
- IN HANDLE ThreadHandle OPTIONAL,
- IN NTSTATUS ExitStatus
- );
-
-/*
-BOOLEAN
-PsGetVersion(
- PULONG MajorVersion OPTIONAL,
- PULONG MinorVersion OPTIONAL,
- PULONG BuildNumber OPTIONAL,
- PUNICODE_STRING CSDVersion OPTIONAL
- );
-
-HANDLE
-PsGetCurrentProcessId( VOID );
-
-HANDLE
-PsGetCurrentThreadId( VOID );
-*/
-//
-// Definition to represent current process
-//
-#define NtCurrentProcess() ( (HANDLE) -1 )
-
-typedef NTSTATUS
-(*PRTL_HEAP_COMMIT_ROUTINE)(
- IN PVOID Base,
- IN OUT PVOID *CommitAddress,
- IN OUT PULONG CommitSize
- );
-
-typedef struct _RTL_HEAP_PARAMETERS {
- ULONG Length;
- ULONG SegmentReserve;
- ULONG SegmentCommit;
- ULONG DeCommitFreeBlockThreshold;
- ULONG DeCommitTotalFreeThreshold;
- ULONG MaximumAllocationSize;
- ULONG VirtualMemoryThreshold;
- ULONG InitialCommit;
- ULONG InitialReserve;
- PRTL_HEAP_COMMIT_ROUTINE CommitRoutine;
- ULONG Reserved[ 2 ];
-} RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS;
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlCreateHeap(
- IN ULONG Flags,
- IN PVOID HeapBase OPTIONAL,
- IN ULONG ReserveSize OPTIONAL,
- IN ULONG CommitSize OPTIONAL,
- IN PVOID Lock OPTIONAL,
- IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL
- );
-
-#define HEAP_NO_SERIALIZE 0x00000001 // winnt
-#define HEAP_GROWABLE 0x00000002 // winnt
-#define HEAP_GENERATE_EXCEPTIONS 0x00000004 // winnt
-#define HEAP_ZERO_MEMORY 0x00000008 // winnt
-#define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 // winnt
-#define HEAP_TAIL_CHECKING_ENABLED 0x00000020 // winnt
-#define HEAP_FREE_CHECKING_ENABLED 0x00000040 // winnt
-#define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 // winnt
-
-#define HEAP_CREATE_ALIGN_16 0x00010000 // winnt Create heap with 16 byte alignment
-#define HEAP_CREATE_ENABLE_TRACING 0x00020000 // winnt Create heap call tracing enabled
-
-#define HEAP_SETTABLE_USER_VALUE 0x00000100
-#define HEAP_SETTABLE_USER_FLAG1 0x00000200
-#define HEAP_SETTABLE_USER_FLAG2 0x00000400
-#define HEAP_SETTABLE_USER_FLAG3 0x00000800
-#define HEAP_SETTABLE_USER_FLAGS 0x00000E00
-
-#define HEAP_CLASS_0 0x00000000 // process heap
-#define HEAP_CLASS_1 0x00001000 // private heap
-#define HEAP_CLASS_2 0x00002000 // Kernel Heap
-#define HEAP_CLASS_3 0x00003000 // GDI heap
-#define HEAP_CLASS_4 0x00004000 // User heap
-#define HEAP_CLASS_5 0x00005000 // Console heap
-#define HEAP_CLASS_6 0x00006000 // User Desktop heap
-#define HEAP_CLASS_7 0x00007000 // Csrss Shared heap
-#define HEAP_CLASS_8 0x00008000 // Csr Port heap
-#define HEAP_CLASS_MASK 0x0000F000
-
-#define HEAP_MAXIMUM_TAG 0x0FFF // winnt
-#define HEAP_GLOBAL_TAG 0x0800
-#define HEAP_PSEUDO_TAG_FLAG 0x8000 // winnt
-#define HEAP_TAG_SHIFT 16 // winnt
-#define HEAP_MAKE_TAG_FLAGS( b, o ) ((ULONG)((b) + ((o) << 16))) // winnt
-#define HEAP_TAG_MASK (HEAP_MAXIMUM_TAG << HEAP_TAG_SHIFT)
-
-#define HEAP_CREATE_VALID_MASK (HEAP_NO_SERIALIZE | \
- HEAP_GROWABLE | \
- HEAP_GENERATE_EXCEPTIONS | \
- HEAP_ZERO_MEMORY | \
- HEAP_REALLOC_IN_PLACE_ONLY | \
- HEAP_TAIL_CHECKING_ENABLED | \
- HEAP_FREE_CHECKING_ENABLED | \
- HEAP_DISABLE_COALESCE_ON_FREE | \
- HEAP_CLASS_MASK | \
- HEAP_CREATE_ALIGN_16 | \
- HEAP_CREATE_ENABLE_TRACING)
-
-NTSYSAPI
-PVOID
-NTAPI
-RtlDestroyHeap(
- IN PVOID HeapHandle
- );
-
-//
-// Heap allocation function (ala "malloc")
-//
-PVOID
-NTAPI
-RtlAllocateHeap(
- HANDLE Heap,
- ULONG Flags,
- ULONG Size
- );
-
-//
-// Heap free function (ala "free")
-//
-BOOLEAN
-NTAPI
-RtlFreeHeap(
- HANDLE Heap,
- ULONG Flags,
- PVOID Address
- );
-
-
-NTSTATUS
-NTAPI
-NtCreateFile(
- OUT PHANDLE FileHandle,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK IoStatusBlock,
- IN PLARGE_INTEGER AllocationSize OPTIONAL,
- IN ULONG FileAttributes,
- IN ULONG ShareAccess,
- IN ULONG CreateDisposition,
- IN ULONG CreateOptions,
- IN PVOID EaBuffer OPTIONAL,
- IN ULONG EaLength
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtOpenFile(
- OUT PHANDLE phFile,
- IN ACCESS_MASK DesiredAccess,
- IN POBJECT_ATTRIBUTES ObjectAttributes,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- IN ULONG ShareMode,
- IN ULONG OpenMode
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtDeviceIoControlFile(
- IN HANDLE hFile,
- IN HANDLE hEvent OPTIONAL,
- IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL,
- IN PVOID IoApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- IN ULONG DeviceIoControlCode,
- IN PVOID InBuffer OPTIONAL,
- IN ULONG InBufferLength,
- OUT PVOID OutBuffer OPTIONAL,
- IN ULONG OutBufferLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtFsControlFile(
- IN HANDLE hFile,
- IN HANDLE hEvent OPTIONAL,
- IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL,
- IN PVOID IoApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- IN ULONG DeviceIoControlCode,
- IN PVOID InBuffer OPTIONAL,
- IN ULONG InBufferLength,
- OUT PVOID OutBuffer OPTIONAL,
- IN ULONG OutBufferLength
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtReadFile(
- IN HANDLE hFile,
- IN HANDLE hEvent OPTIONAL,
- IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL,
- IN PVOID IoApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- OUT PVOID ReadBuffer,
- IN ULONG ReadBufferLength,
- IN PLARGE_INTEGER FileOffset OPTIONAL,
- IN PULONG LockOperationKey
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtWriteFile(
- IN HANDLE hFile,
- IN HANDLE hEvent OPTIONAL,
- IN PIO_APC_ROUTINE IoApcRoutine OPTIONAL,
- IN PVOID IoApcContext OPTIONAL,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- IN PVOID WriteBuffer,
- IN ULONG WriteBufferLength,
- IN PLARGE_INTEGER FileOffset OPTIONAL,
- IN PULONG LockOperationKey OPTIONAL
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtQueryInformationFile(
- IN HANDLE hFile,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- OUT PVOID FileInformationBuffer,
- IN ULONG FileInformationBufferLength,
- IN FILE_INFORMATION_CLASS FileInfoClass
-);
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtSetInformationFile(
- IN HANDLE hFile,
- OUT PIO_STATUS_BLOCK pIoStatusBlock,
- IN PVOID FileInformationBuffer,
- IN ULONG FileInformationBufferLength,
- IN FILE_INFORMATION_CLASS FileInfoClass
-);
-
-NTSTATUS
-NTAPI
-NtClose(
- IN HANDLE Handle
- );
-
-NTSYSAPI
-NTSTATUS
-NTAPI
-NtWaitForSingleObject(
- IN HANDLE hObject,
- IN BOOLEAN bAlertable,
- IN PLARGE_INTEGER Timeout
-);
-
-NTSTATUS
-NTAPI
-NtDelayExecution (
- IN BOOLEAN Alertable,
- IN PLARGE_INTEGER DelayInterval
- );
-
-#ifdef __cplusplus
-};
-#endif //__cplusplus
-
-#endif //__NT_NATIVE_DEFS__H__