#ifndef __INCLUDE_DDK_ZWTYPES_H
#define __INCLUDE_DDK_ZWTYPES_H
-#ifndef PROTO_LPC
-/* Added by David Welch at 09/04/99 */
-typedef struct _PORT_MSG_DATA
-{
- ULONG DataLength;
- PVOID Data;
- HANDLE ReplyPort;
-} PORT_MSG_DATA, *PPORT_MSG_DATA;
-
-#else
-/* Added by EA on 199906160051 */
-typedef
-enum {
- LpcMessageTypeUnknown, /* invalid */
- LpcMessageTypeBase, /* <256 bytes */
- LpcMessageTypeLarge, /* >255 bytes */
- LpcMessageTypeFast, /* 3.51 GDI */
- LpcMessageTypeMaximum
-
-} LPC_MESSAGE_TYPE;
-
-typedef
-struct _LPC_REPLY
-{
- DWORD ReplyValue;
-
-} LPC_REPLY, * PLPC_REPLY;
-
-typedef
-struct _LPC_MESSAGE
-{
- LPC_MESSAGE_TYPE Type;
- ULONG Length;
- PVOID Buffer; /* Page aligned! */
- DWORD Flags; /* To be defined */
-
-} LPC_MESSAGE, * PLPC_MESSAGE;
-#endif /* ndef PROTO_LPC */
-
#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
//process query / set information class
-#define ProcessBasicInformation 0
-#define ProcessQuotaLimits 1
-#define ProcessIoCounters 2
+#define ProcessBasicInformation 0
+#define ProcessQuotaLimits 1
+#define ProcessIoCounters 2
#define ProcessVmCounters 3
#define ProcessTimes 4
#define ProcessBasePriority 5
#define ProcessWx86Information 19
#define ProcessHandleCount 20
#define ProcessAffinityMask 21
-#define MaxProcessInfoClass 22
+#define ProcessImageFileName 22
+#define MaxProcessInfoClass 23
// thread query / set information class
#define ThreadBasicInformation 0
#define ObjectNameInformation 1
#define ObjectTypeInformation 2
#define ObjectAllInformation 3
-#define ObjectDataInformation 4
+#define ObjectDataInformation 4
// semaphore information
#define EventBasicInformation 0
// system information
+// {Nt|Zw}{Query|Set}SystemInformation
+
+typedef
+enum _SYSTEM_INFORMATION_CLASS
+{
+ SystemInformationClassMin = 0,
+ SystemBasicInformation = 0, /* Q */
+ SystemProcessorInformation = 1, /* Q */
+ SystemPerformanceInformation = 2, /* Q */
+ SystemTimeInformation = 3, /* Q */
+ SystemPathInformation = 4,
+ SystemProcessInformation = 5, /* Q */
+ SystemServiceDescriptorTableInfo = 6, /* Q */
+ SystemIoConfigInformation = 7, /* Q */
+ SystemProcessorTimeInformation = 8, /* Q */
+ SystemNtGlobalFlagInformation = 9, /* QS */
+ SystemInformation10 = 10,
+ SystemModuleInformation = 11, /* Q */
+ SystemResourceLockInformation = 12, /* Q */
+ SystemInformation13 = 13,
+ SystemInformation14 = 14,
+ SystemInformation15 = 15,
+ SystemHandleInformation = 16, /* Q */
+ SystemObjectInformation = 17, /* Q */
+ SystemPageFileInformation = 18, /* Q */
+ SystemInstructionEmulationInfo = 19, /* Q */
+ SystemInformation20 = 20,
+ SystemCacheInformation = 21, /* QS */
+ SystemPoolTagInformation = 22, /* Q (checked build only) */
+ SystemProcessorScheduleInfo = 23, /* Q */
+ SystemDpcInformation = 24, /* QS */
+ SystemInformation25 = 25,
+ SystemLoadImage = 26, /* S (callable) */
+ SystemUnloadImage = 27, /* S (callable) */
+ SystemTimeAdjustmentInformation = 28, /* QS */
+ SystemInformation29 = 29,
+ SystemInformation30 = 30,
+ SystemInformation31 = 31,
+ SystemCrashDumpSectionInfo = 32, /* Q */
+ SystemProcessorFaultCountInfo = 33, /* Q */
+ SystemCrashDumpStateInfo = 34, /* Q */
+ SystemDebuggerInformation = 35, /* Q */
+ SystemThreadSwitchCountersInfo = 36, /* Q */
+ SystemQuotaInformation = 37, /* QS */
+ SystemLoadDriver = 38, /* S */
+ SystemPrioritySeparationInfo = 39, /* S */
+ SystemInformation40 = 40,
+ SystemInformation41 = 41,
+ SystemInformation42 = 42,
+ SystemInformation43 = 43,
+ SystemTimeZoneInformation = 44, /* QS */
+ SystemLookasideInformation = 45, /* Q */
+ SystemInformationClassMax
+
+} SYSTEM_INFORMATION_CLASS;
+
+// SystemBasicInformation (0)
+typedef
+struct _SYSTEM_BASIC_INFORMATION
+{
+ DWORD AlwaysZero;
+ ULONG KeMaximumIncrement;
+ ULONG MmPageSize;
+ ULONG MmNumberOfPhysicalPages;
+ ULONG MmLowestPhysicalPage;
+ ULONG MmHighestPhysicalPage;
+ PVOID MmLowestUserAddress;
+ PVOID MmLowestUserAddress1;
+ PVOID MmHighestUserAddress;
+ DWORD KeActiveProcessors;
+ USHORT KeNumberProcessors;
+
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
+
+// SystemProcessorInformation (1)
+typedef
+struct _SYSTEM_PROCESSOR_INFORMATION
+{
+ USHORT KeProcessorArchitecture;
+ USHORT KeProcessorLevel;
+ USHORT KeProcessorRevision;
+ USHORT AlwaysZero;
+ DWORD KeFeatureBits;
+
+} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
+
+// SystemPerformanceInfo (2)
+typedef
+struct _SYSTEM_PERFORMANCE_INFO
+{
+ LARGE_INTEGER TotalProcessorTime;
+ LARGE_INTEGER IoReadTransferCount;
+ LARGE_INTEGER IoWriteTransferCount;
+ LARGE_INTEGER IoOtherTransferCount;
+ ULONG IoReadOperationCount;
+ ULONG IoWriteOperationCount;
+ ULONG IoOtherOperationCount;
+ ULONG MmAvailablePages;
+ ULONG MmTotalCommitedPages;
+ ULONG MmTotalCommitLimit;
+ ULONG MmPeakLimit;
+ ULONG PageFaults;
+ ULONG WriteCopies;
+ ULONG TransitionFaults;
+ ULONG Unknown1;
+ ULONG DemandZeroFaults;
+ ULONG PagesInput;
+ ULONG PagesRead;
+ ULONG Unknown2;
+ ULONG Unknown3;
+ ULONG PagesOutput;
+ ULONG PageWrites;
+ ULONG Unknown4;
+ ULONG Unknown5;
+ ULONG PoolPagedBytes;
+ ULONG PoolNonPagedBytes;
+ ULONG Unknown6;
+ ULONG Unknown7;
+ ULONG Unknown8;
+ ULONG Unknown9;
+ ULONG MmTotalSystemFreePtes;
+ ULONG MmSystemCodepage;
+ ULONG MmTotalSystemDriverPages;
+ ULONG MmTotalSystemCodePages;
+ ULONG Unknown10;
+ ULONG Unknown11;
+ ULONG Unknown12;
+ ULONG MmSystemCachePage;
+ ULONG MmPagedPoolPage;
+ ULONG MmSystemDriverPage;
+ ULONG CcFastReadNoWait;
+ ULONG CcFastReadWait;
+ ULONG CcFastReadResourceMiss;
+ ULONG CcFastReadNotPossible;
+ ULONG CcFastMdlReadNoWait;
+ ULONG CcFastMdlReadWait;
+ ULONG CcFastMdlReadResourceMiss;
+ ULONG CcFastMdlReadNotPossible;
+ ULONG CcMapDataNoWait;
+ ULONG CcMapDataWait;
+ ULONG CcMapDataNoWaitMiss;
+ ULONG CcMapDataWaitMiss;
+ ULONG CcPinMappedDataCount;
+ ULONG CcPinReadNoWait;
+ ULONG CcPinReadWait;
+ ULONG CcPinReadNoWaitMiss;
+ ULONG CcPinReadWaitMiss;
+ ULONG CcCopyReadNoWait;
+ ULONG CcCopyReadWait;
+ ULONG CcCopyReadNoWaitMiss;
+ ULONG CcCopyReadWaitMiss;
+ ULONG CcMdlReadNoWait;
+ ULONG CcMdlReadWait;
+ ULONG CcMdlReadNoWaitMiss;
+ ULONG CcMdlReadWaitMiss;
+ ULONG CcReadaheadIos;
+ ULONG CcLazyWriteIos;
+ ULONG CcLazyWritePages;
+ ULONG CcDataFlushes;
+ ULONG CcDataPages;
+ ULONG ContextSwitches;
+ ULONG Unknown13;
+ ULONG Unknown14;
+ ULONG SystemCalls;
+
+} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;
+
+// SystemTimeInformation (3)
+typedef
+struct _SYSTEM_TIME_INFORMATION
+{
+ TIME KeBootTime;
+ TIME KeSystemTime;
+ TIME ExpTimeZoneBias;
+ ULONG ExpTimeZoneId;
+ ULONG Unused;
+
+} SYSTEM_TIME_INFORMATION, *PSYSTEM_TIME_INFORMATION;
+
+// SystemPathInformation (4)
+// IT DOES NOT WORK
+typedef
+struct _SYSTEM_PATH_INFORMATION
+{
+ PVOID Dummy;
+
+} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;
+
+// SystemProcessThreadInfo (5)
+typedef
+struct _SYSTEM_THREAD_INFORMATION
+{
+ TIME KernelTime;
+ TIME UserTime;
+ TIME CreateTime;
+ ULONG TickCount;
+ ULONG StartEIP;
+ CLIENT_ID ClientId;
+ ULONG DynamicPriority;
+ ULONG BasePriority;
+ ULONG nSwitches;
+ DWORD State;
+ KWAIT_REASON WaitReason;
+
+} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
+
+typedef
+struct SYSTEM_PROCESS_INFORMATION
+{
+ ULONG RelativeOffset;
+ ULONG ThreadCount;
+ ULONG Unused1 [6];
+ TIME CreateTime;
+ TIME UserTime;
+ TIME KernelTime;
+ UNICODE_STRING Name;
+ ULONG BasePriority;
+ ULONG ProcessId;
+ ULONG ParentProcessId;
+ ULONG HandleCount;
+ ULONG Unused2[2];
+ ULONG PeakVirtualSizeBytes;
+ ULONG TotalVirtualSizeBytes;
+ ULONG PageFaultCount;
+ ULONG PeakWorkingSetSizeBytes;
+ ULONG TotalWorkingSetSizeBytes;
+ ULONG PeakPagedPoolUsagePages;
+ ULONG TotalPagedPoolUsagePages;
+ ULONG PeakNonPagedPoolUsagePages;
+ ULONG TotalNonPagedPoolUsagePages;
+ ULONG TotalPageFileUsageBytes;
+ ULONG PeakPageFileUsageBytes;
+ ULONG TotalPrivateBytes;
+ SYSTEM_THREAD_INFORMATION ThreadSysInfo [1];
+
+} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
+
+// SystemServiceDescriptorTableInfo (6)
+typedef
+struct _SYSTEM_SDT_INFORMATION
+{
+ ULONG BufferLength;
+ ULONG NumberOfSystemServiceTables;
+ ULONG NumberOfServices [1];
+ ULONG ServiceCounters [1];
+
+} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;
-#define SystemPerformanceInformation 5
-#define SystemCacheInformation 21
-#define SystemTimeAdjustmentInformation 28
+// SystemIoConfigInformation (7)
+typedef
+struct _SYSTEM_IOCONFIG_INFORMATION
+{
+ ULONG DiskCount;
+ ULONG FloppyCount;
+ ULONG CdRomCount;
+ ULONG TapeCount;
+ ULONG SerialCount;
+ ULONG ParallelCount;
+
+} SYSTEM_IOCONFIG_INFORMATION, *PSYSTEM_IOCONFIG_INFORMATION;
+
+// SystemProcessorTimeInformation (8)
+typedef
+struct _SYSTEM_PROCESSORTIME_INFO
+{
+ TIME TotalProcessorRunTime;
+ TIME TotalProcessorTime;
+ TIME TotalProcessorUserTime;
+ TIME TotalDPCTime;
+ TIME TotalInterruptTime;
+ ULONG TotalInterrupts;
+ ULONG Unused;
+
+} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;
+
+// SystemNtGlobalFlagInformation (9)
+typedef
+struct _SYSTEM_GLOBAL_FLAG_INFO
+{
+ ULONG NtGlobalFlag;
+
+} SYSTEM_GLOBAL_FLAG_INFO, * PSYSTEM_GLOBAL_FLAG_INFO;
+
+// SystemInformation10 (10)
+// UNKNOWN
+
+// SystemModuleInformation (11)
+typedef
+struct _SYSTEM_MODULE_ENTRY
+{
+ ULONG Unused;
+ ULONG Always0;
+ ULONG ModuleBaseAddress;
+ ULONG ModuleSize;
+ ULONG Unknown;
+ ULONG ModuleEntryIndex;
+ USHORT ModuleNameLength; /* Length of module name not including the path, this field contains valid value only for NTOSKRNL module*/
+ USHORT ModulePathLength; /* Length of 'directory path' part of modulename*/
+ CHAR ModuleName [256];
+
+} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;
+
+typedef
+struct _SYSTEM_MODULE_INFORMATION
+{
+ ULONG Count;
+ SYSTEM_MODULE_ENTRY Module [1];
+
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
+
+// SystemResourceLockInformation (12)
+typedef
+struct _SYSTEM_RESOURCE_LOCK_ENTRY
+{
+ ULONG ResourceAddress;
+ ULONG Always1;
+ ULONG Unknown;
+ ULONG ActiveCount;
+ ULONG ContentionCount;
+ ULONG Unused[2];
+ ULONG NumberOfSharedWaiters;
+ ULONG NumberOfExclusiveWaiters;
+
+} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;
+
+typedef
+struct _SYSTEM_RESOURCE_LOCK_INFO
+{
+ ULONG Count;
+ SYSTEM_RESOURCE_LOCK_ENTRY Lock [1];
+
+} SYSTEM_RESOURCE_LOCK_INFO, *PSYSTEM_RESOURCE_LOCK_INFO;
+
+// SystemInformation13 (13)
+// UNKNOWN
+
+// SystemInformation14 (14)
+// UNKNOWN
+
+// SystemInformation15 (15)
+// UNKNOWN
+
+// SystemHandleInformation (16)
+#if 0
+#define OBJECT_TYPE_0 0
+#define OBJECT_TYPE_1 1
+#define OBJECT_TYPE_OBJDIRECTORY 2
+#define OBJECT_TYPE_SYMLINK 3
+#define OBJECT_TYPE_TOKEN 4
+#define OBJECT_TYPE_PROCESS 5
+#define OBJECT_TYPE_THREAD 6
+#define OBJECT_TYPE_EVENT 7
+#define OBJECT_TYPE_8 8
+#define OBJECT_TYPE_MUTANT 9
+#define OBJECT_TYPE_SEMAPHORE 10
+#define OBJECT_TYPE_TIMER 11
+#define OBJECT_TYPE_12 12
+#define OBJECT_TYPE_WINSTATION 13
+#define OBJECT_TYPE_DESKTOP 14
+#define OBJECT_TYPE_SECTION 15
+#define OBJECT_TYPE_KEY 16
+#define OBJECT_TYPE_PORT 17
+#define OBJECT_TYPE_18 18
+#define OBJECT_TYPE_19 19
+#define OBJECT_TYPE_20 20
+#define OBJECT_TYPE_21 21
+#define OBJECT_TYPE_IOCOMPLETION 22
+#define OBJECT_TYPE_FILE 23
+#endif
+typedef
+struct _SYSTEM_HANDLE_ENTRY
+{
+ ULONG OwnerPid;
+ BYTE ObjectType;
+ BYTE HandleFlags;
+ USHORT HandleValue;
+ PVOID ObjectPointer;
+ ULONG AccessMask;
+
+} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;
+
+typedef
+struct _SYSTEM_HANDLE_INFORMATION
+{
+ ULONG Count;
+ SYSTEM_HANDLE_ENTRY Handle [1];
+
+} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
+
+// SystemObjectInformation (17)
+// UNKNOWN
+typedef
+struct _SYSTEM_OBJECT_INFORMATION
+{
+ DWORD Unknown;
+ /* FIXME */
+} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
+
+// SystemPageFileInformation (18)
+typedef
+struct _SYSTEM_PAGEFILE_INFORMATION
+{
+ ULONG RelativeOffset;
+ ULONG CurrentSizePages;
+ ULONG TotalUsedPages;
+ ULONG PeakUsedPages;
+ UNICODE_STRING PagefileFileName;
+
+} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
+
+// SystemInstructionEmulationInfo (19)
+typedef
+struct _SYSTEM_VDM_INFORMATION
+{
+ ULONG VdmSegmentNotPresentCount;
+ ULONG VdmINSWCount;
+ ULONG VdmESPREFIXCount;
+ ULONG VdmCSPREFIXCount;
+ ULONG VdmSSPREFIXCount;
+ ULONG VdmDSPREFIXCount;
+ ULONG VdmFSPREFIXCount;
+ ULONG VdmGSPREFIXCount;
+ ULONG VdmOPER32PREFIXCount;
+ ULONG VdmADDR32PREFIXCount;
+ ULONG VdmINSBCount;
+ ULONG VdmINSWV86Count;
+ ULONG VdmOUTSBCount;
+ ULONG VdmOUTSWCount;
+ ULONG VdmPUSHFCount;
+ ULONG VdmPOPFCount;
+ ULONG VdmINTNNCount;
+ ULONG VdmINTOCount;
+ ULONG VdmIRETCount;
+ ULONG VdmINBIMMCount;
+ ULONG VdmINWIMMCount;
+ ULONG VdmOUTBIMMCount;
+ ULONG VdmOUTWIMMCount;
+ ULONG VdmINBCount;
+ ULONG VdmINWCount;
+ ULONG VdmOUTBCount;
+ ULONG VdmOUTWCount;
+ ULONG VdmLOCKPREFIXCount;
+ ULONG VdmREPNEPREFIXCount;
+ ULONG VdmREPPREFIXCount;
+ ULONG VdmHLTCount;
+ ULONG VdmCLICount;
+ ULONG VdmSTICount;
+ ULONG VdmBopCount;
+
+} SYSTEM_VDM_INFORMATION, *PSYSTEM_VDM_INFORMATION;
+
+// SystemInformation20 (20)
+// UNKNOWN
+
+// SystemCacheInformation (21)
+typedef
+struct _SYSTEM_CACHE_INFORMATION
+{
+ ULONG CurrentSize;
+ ULONG PeakSize;
+ ULONG PageFaultCount;
+ ULONG MinimumWorkingSet;
+ ULONG MaximumWorkingSet;
+ ULONG Unused[4];
+
+} SYSTEM_CACHE_INFORMATION;
+
+// SystemPoolTagInformation (22)
+// found by Klaus P. Gerlicher
+// (implemented only in checked builds)
+typedef
+struct _POOL_TAG_STATS
+{
+ ULONG AllocationCount;
+ ULONG FreeCount;
+ ULONG SizeBytes;
+
+} POOL_TAG_STATS;
+
+typedef
+struct _SYSTEM_POOL_TAG_ENTRY
+{
+ ULONG Tag;
+ POOL_TAG_STATS Paged;
+ POOL_TAG_STATS NonPaged;
+
+} SYSTEM_POOL_TAG_ENTRY, * PSYSTEM_POOL_TAG_ENTRY;
+
+typedef
+struct _SYSTEM_POOL_TAG_INFO
+{
+ ULONG Count;
+ SYSTEM_POOL_TAG_ENTRY PoolEntry [1];
+
+} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;
+
+// SystemProcessorScheduleInfo (23)
+typedef
+struct _SYSTEM_PROCESSOR_SCHEDULE_INFO
+{
+ ULONG nContextSwitches;
+ ULONG nDPCQueued;
+ ULONG nDPCRate;
+ ULONG TimerResolution;
+ ULONG nDPCBypasses;
+ ULONG nAPCBypasses;
+
+} SYSTEM_PROCESSOR_SCHEDULE_INFO, *PSYSTEM_PROCESSOR_SCHEDULE_INFO;
+
+// SystemDpcInformation (24)
+typedef
+struct _SYSTEM_DPC_INFORMATION
+{
+ ULONG Unused;
+ ULONG KiMaximumDpcQueueDepth;
+ ULONG KiMinimumDpcRate;
+ ULONG KiAdjustDpcThreshold;
+ ULONG KiIdealDpcRate;
+
+} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
+
+// SystemInformation25 (25)
+// UNKNOWN
+
+// SystemLoadImage (26)
+typedef
+struct _SYSTEM_IMAGE_LOAD
+{
+ UNICODE_STRING ModuleFileName IN;
+ PVOID BaseAddress OUT;
+ PVOID Section OUT;
+ PVOID EntryPoint OUT;
+ PVOID ExportDirectory OUT;
+
+} SYSTEM_IMAGE_LOAD, *PSYSTEM_IMAGE_LOAD;
+
+// SystemUnloadImage (27)
+typedef
+struct _SYSTEM_IMAGE_UNLOAD
+{
+ PVOID Section IN; /* see SYSTEM_IMAGE_LOAD.ModuleSection */
+
+} SYSTEM_IMAGE_UNLOAD, *PSYSTEM_IMAGE_UNLOAD;
+
+
+// SystemTimeAdjustmentInformation (28)
+// (what is the right one?)
+#if 0
+typedef
+struct _SYSTEM_TIME_ADJUSTMENT_INFO
+{
+ TIME TimeAdjustment;
+ BOOL TimeAdjustmentDisabled;
+
+} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;
+#else
+typedef
+struct _SYSTEM_TIME_ADJUSTMENT_INFO
+{
+ ULONG KeTimeAdjustment;
+ ULONG KeMaximumIncrement;
+ BOOLEAN KeTimeSynchronization;
+
+} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;
+#endif
+
+// SystemProcessorFaultCountInfo (33)
+typedef
+struct _SYSTEM_PROCESSOR_FAULT_INFO
+{
+ ULONG nAlignmentFixup;
+ ULONG nExceptionDispatches;
+ ULONG nFloatingEmulation;
+ ULONG Unknown;
+
+} SYSTEM_PROCESSOR_FAULT_INFO, *PSYSTEM_PROCESSOR_FAULT_INFO;
+
+// SystemCrashDumpStateInfo (34)
+//
+
+// SystemDebuggerInformation (35)
+typedef
+struct _SYSTEM_DEBUGGER_INFO
+{
+ BOOLEAN KdDebuggerEnabled;
+ BOOLEAN KdDebuggerPresent;
+
+} SYSTEM_DEBUGGER_INFO, *PSYSTEM_DEBUGGER_INFO;
+
+// SystemInformation36 (36)
+// UNKNOWN
+
+// SystemQuotaInformation (37)
+typedef
+struct _SYSTEM_QUOTA_INFORMATION
+{
+ ULONG CmpGlobalQuota;
+ ULONG CmpGlobalQuotaUsed;
+ ULONG MmSizeofPagedPoolInBytes;
+
+} SYSTEM_QUOTA_INFORMATION, *PSYSTEM_QUOTA_INFORMATION;
+
+// SystemLoadDriver (38)
+typedef
+struct _SYSTEM_DRIVER_LOAD
+{
+ UNICODE_STRING DriverRegistryEntry;
+
+} SYSTEM_DRIVER_LOAD, *PSYSTEM_DRIVER_LOAD;
+
+
+
+// memory information
+
+#define MemoryBasicInformation 0
// shutdown action
#define WaitAll 0
#define WaitAny 1
-
+
+// number of wait objects
+
+#define THREAD_WAIT_OBJECTS 3
+//#define MAXIMUM_WAIT_OBJECTS 64
+
// key restore flags
-#define REG_WHOLE_HIVE_VOLATILE 1
-#define REG_REFRESH_HIVE 2
+#define REG_WHOLE_HIVE_VOLATILE 1
+#define REG_REFRESH_HIVE 2
// object type access rights
-#define OBJECT_TYPE_CREATE 0x0001
+#define OBJECT_TYPE_CREATE 0x0001
#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
// directory access rights
// symbolic link access rights
-#define SYMBOLIC_LINK_QUERY 0x0001
+#define SYMBOLIC_LINK_QUERY 0x0001
#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
-
+
typedef struct _PROCESS_WS_WATCH_INFORMATION
{
PVOID FaultingPc;
typedef struct _PROCESS_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
- PNT_PEB PebBaseAddress;
+ PPEB PebBaseAddress;
KAFFINITY AffinityMask;
KPRIORITY BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
-typedef struct _QUOTA_LIMITS
+typedef struct _QUOTA_LIMITS
{
ULONG PagedPoolLimit;
ULONG NonPagedPoolLimit;
} IO_COUNTERS, *PIO_COUNTERS;
-typedef struct _VM_COUNTERS_
+typedef struct _VM_COUNTERS_
{
ULONG PeakVirtualSize;
ULONG VirtualSize;
} VM_COUNTERS, *PVM_COUNTERS;
-typedef struct _POOLED_USAGE_AND_LIMITS_
+typedef struct _POOLED_USAGE_AND_LIMITS_
{
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
-typedef struct _PROCESS_ACCESS_TOKEN
+typedef struct _PROCESS_ACCESS_TOKEN
{
HANDLE Token;
HANDLE Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
-typedef struct _KERNEL_USER_TIMES
+typedef struct _KERNEL_USER_TIMES
{
TIME CreateTime;
TIME ExitTime;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
// object information
-
-typedef struct _OBJECT_NAME_INFORMATION
-{
- UNICODE_STRING Name;
-} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
+
+typedef struct _OBJECT_NAME_INFORMATION
+{
+ UNICODE_STRING Name;
+} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
-typedef struct _OBJECT_DATA_INFORMATION
+typedef struct _OBJECT_DATA_INFORMATION
{
BOOLEAN bInheritHandle;
BOOLEAN bProtectFromClose;
-} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
+} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
-typedef struct _OBJECT_TYPE_INFORMATION
+typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING Name;
UNICODE_STRING Type;
ULONG ReferenceCount;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
-// system information
+// file information
-typedef struct _SYSTEM_TIME_ADJUSTMENT
+typedef struct _FILE_BASIC_INFORMATION
{
- ULONG TimeAdjustment;
- BOOL TimeAdjustmentDisabled;
-} SYSTEM_TIME_ADJUSTMENT, *PSYSTEM_TIME_ADJUSTMENT;
-
-typedef struct _SYSTEM_CONFIGURATION_INFO {
- union {
- ULONG OemId;
- struct {
- WORD ProcessorArchitecture;
- WORD Reserved;
- } tag1;
- } tag2;
- ULONG PageSize;
- PVOID MinimumApplicationAddress;
- PVOID MaximumApplicationAddress;
- ULONG ActiveProcessorMask;
- ULONG NumberOfProcessors;
- ULONG ProcessorType;
- ULONG AllocationGranularity;
- WORD ProcessorLevel;
- WORD ProcessorRevision;
-} SYSTEM_CONFIGURATION_INFO, *PSYSTEM_CONFIGURATION_INFO;
-
-
-typedef struct _SYSTEM_CACHE_INFORMATION {
- ULONG CurrentSize;
- ULONG PeakSize;
- ULONG PageFaultCount;
- ULONG MinimumWorkingSet;
- ULONG MaximumWorkingSet;
- ULONG Unused[4];
-} SYSTEM_CACHE_INFORMATION;
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ ULONG FileAttributes;
+} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-typedef struct _FILE_BASIC_INFORMATION
-{
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- ULONG FileAttributes;
-} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-
-typedef struct _FILE_STANDARD_INFORMATION
-{
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
+typedef struct _FILE_STANDARD_INFORMATION
+{
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG NumberOfLinks;
+ BOOLEAN DeletePending;
+ BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-
-typedef struct _FILE_POSITION_INFORMATION
-{
- LARGE_INTEGER CurrentByteOffset;
-} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
-
-typedef struct _FILE_ALIGNMENT_INFORMATION
-{
- ULONG AlignmentRequirement;
-} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
-
+
+typedef struct _FILE_POSITION_INFORMATION
+{
+ LARGE_INTEGER CurrentByteOffset;
+} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
+
+typedef struct _FILE_ALIGNMENT_INFORMATION
+{
+ ULONG AlignmentRequirement;
+} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
+
typedef struct _FILE_DISPOSITION_INFORMATION
-{
- BOOLEAN DeleteFile;
-} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
-
+{
+ BOOLEAN DeleteFile;
+} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
+
typedef struct _FILE_END_OF_FILE_INFORMATION
-{
- LARGE_INTEGER EndOfFile;
-} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
-
-typedef struct _FILE_NETWORK_OPEN_INFORMATION {
+{
+ LARGE_INTEGER EndOfFile;
+} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
+
+typedef struct _FILE_NETWORK_OPEN_INFORMATION
+{
TIME CreationTime;
TIME LastAccessTime;
TIME LastWriteTime;
} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
typedef struct _FILE_STREAM_INFORMATION {
- ULONG NextEntryOffset;
- ULONG StreamNameLength;
- LARGE_INTEGER StreamSize;
- LARGE_INTEGER StreamAllocationSize;
- WCHAR StreamName[0];
+ ULONG NextEntryOffset;
+ ULONG StreamNameLength;
+ LARGE_INTEGER StreamSize;
+ LARGE_INTEGER StreamAllocationSize;
+ WCHAR StreamName[0];
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
typedef struct _FILE_ALLOCATION_INFORMATION {
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN Replace;
HANDLE RootDir;
- ULONG FileNameLength;
+ ULONG FileNameLength;
WCHAR FileName[0];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
// file system information structures
-typedef struct _FILE_FS_DEVICE_INFORMATION {
- DEVICE_TYPE DeviceType;
- ULONG Characteristics;
+typedef struct _FILE_FS_DEVICE_INFORMATION {
+ DEVICE_TYPE DeviceType;
+ ULONG Characteristics;
} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
ULONG FileSystemAttributes;
LONG MaximumComponentNameLength;
ULONG FileSystemNameLength;
- WCHAR FileSystemName[0];
+ WCHAR FileSystemName[0];
} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
/*
FileSystemAttributes is one of the following values:
- FILE_CASE_SENSITIVE_SEARCH 0x00000001
+ FILE_CASE_SENSITIVE_SEARCH 0x00000001
FILE_CASE_PRESERVED_NAMES 0x00000002
FILE_UNICODE_ON_DISK 0x00000004
FILE_PERSISTENT_ACLS 0x00000008
// read file scatter / write file scatter
//FIXME I am a win32 struct aswell
-typedef union _FILE_SEGMENT_ELEMENT {
- PVOID Buffer;
- ULONG Alignment;
-}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
+typedef union _FILE_SEGMENT_ELEMENT {
+ PVOID Buffer;
+ ULONG Alignment;
+}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
// directory information
typedef struct _OBJDIR_INFORMATION {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName; // Directory, Device ...
- UCHAR Data[0];
+ UCHAR Data[0];
} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;
*/
-//FIXME: I am a win32 object
-typedef
-VOID
-(*PTIMERAPCROUTINE)(
- LPVOID lpArgToCompletionRoutine,
- DWORD dwTimerLowValue,
- DWORD dwTimerHighValue
- );
-
-// NtProcessStartup parameters
-
-typedef struct _ENVIRONMENT_INFORMATION {
- ULONG Unknown[21];
- UNICODE_STRING CommandLine;
- UNICODE_STRING ImageFile;
-} ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION;
-
-
-typedef struct _STARTUP_ARGUMENT {
- ULONG Unknown[3];
- PENVIRONMENT_INFORMATION Environment;
-} STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT;
+//FIXME: I am a win32 object
+typedef
+VOID
+(*PTIMERAPCROUTINE)(
+ LPVOID lpArgToCompletionRoutine,
+ DWORD dwTimerLowValue,
+ DWORD dwTimerHighValue
+ );
// File System Control commands ( related to defragging )
#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073
#define FSCTL_MOVE_FILE 0x90074
-typedef struct _MAPPING_PAIR
+typedef struct _MAPPING_PAIR
{
ULONGLONG Vcn;
ULONGLONG Lcn;
{
ULONGLONG StartLcn;
ULONGLONG ClustersToEndOfVol;
- BYTE Map[0]; // variable size
-} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
+ BYTE Map[0]; // variable size
+} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
typedef struct _MOVEFILE_DESCRIPTOR
{
- HANDLE FileHandle;
- ULONG Reserved;
- LARGE_INTEGER StartVcn;
+ HANDLE FileHandle;
+ ULONG Reserved;
+ LARGE_INTEGER StartVcn;
LARGE_INTEGER TargetLcn;
- ULONG NumVcns;
- ULONG Reserved1;
+ ULONG NumVcns;
+ ULONG Reserved1;
} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
// event information
-typedef struct _EVENT_BASIC_INFORMATION
+typedef struct _EVENT_BASIC_INFORMATION
{
BOOL AutomaticReset;
BOOL Signaled;
// SynchronizationTimer
//} TIMER_TYPE;
-typedef
+typedef
struct _LPC_PORT_BASIC_INFORMATION
{
DWORD Unknown0;
} LPC_PORT_BASIC_INFORMATION, * PLPC_PORT_BASIC_INFORMATION;
-#endif
+#endif