#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
+#ifdef __NTOSKRNL__
+extern ULONG EXPORTED NtBuildNumber;
+#else
+extern ULONG IMPORTED NtBuildNumber;
+#endif
// event access mask
#define ObjectAllInformation 3
#define ObjectDataInformation 4
+
// semaphore information
-#define SemaphoreBasicInformation 0
+typedef enum _SEMAPHORE_INFORMATION_CLASS
+{
+ SemaphoreBasicInformation = 0
+} SEMAPHORE_INFORMATION_CLASS;
+
+typedef struct _SEMAPHORE_BASIC_INFORMATION
+{
+ LONG CurrentCount;
+ LONG MaximumCount;
+} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
+
// event information
-#define EventBasicInformation 0
+typedef enum _EVENT_INFORMATION_CLASS
+{
+ EventBasicInformation = 0
+} EVENT_INFORMATION_CLASS;
+
+typedef struct _EVENT_BASIC_INFORMATION
+{
+ EVENT_TYPE EventType;
+ LONG EventState;
+} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
+
// system information
// {Nt|Zw}{Query|Set}SystemInformation
SystemBasicInformation = 0, /* Q */
SystemProcessorInformation = 1, /* Q */
SystemPerformanceInformation = 2, /* Q */
- SystemTimeInformation = 3, /* Q */
- SystemPathInformation = 4,
+ SystemTimeOfDayInformation = 3, /* Q */
+ SystemPathInformation = 4, /* Q (checked build only) */
SystemProcessInformation = 5, /* Q */
- SystemServiceDescriptorTableInfo = 6, /* Q */
- SystemIoConfigInformation = 7, /* Q */
- SystemProcessorTimeInformation = 8, /* Q */
- SystemNtGlobalFlagInformation = 9, /* QS */
- SystemInformation10 = 10,
+ SystemCallCountInfoInformation = 6, /* Q */
+ SystemDeviceInformation = 7, /* Q */
+ SystemProcessorPerformanceInformation = 8, /* Q */
+ SystemFlagsInformation = 9, /* QS */
+ SystemCallTimeInformation = 10,
SystemModuleInformation = 11, /* Q */
- SystemResourceLockInformation = 12, /* Q */
- SystemInformation13 = 13,
- SystemInformation14 = 14,
- SystemInformation15 = 15,
+ SystemLocksInformation = 12, /* Q */
+ SystemStackTraceInformation = 13,
+ SystemPagedPoolInformation = 14,
+ SystemNonPagedPoolInformation = 15,
SystemHandleInformation = 16, /* Q */
SystemObjectInformation = 17, /* Q */
SystemPageFileInformation = 18, /* Q */
- SystemInstructionEmulationInfo = 19, /* Q */
- SystemInformation20 = 20,
- SystemCacheInformation = 21, /* QS */
+ SystemVdmInstemulInformation = 19, /* Q */
+ SystemVdmBopInformation = 20,
+ SystemFileCacheInformation = 21, /* QS */
SystemPoolTagInformation = 22, /* Q (checked build only) */
- SystemProcessorScheduleInfo = 23, /* Q */
- SystemDpcInformation = 24, /* QS */
- SystemInformation25 = 25,
- SystemLoadImage = 26, /* S (callable) */
- SystemUnloadImage = 27, /* S (callable) */
+ SystemInterruptInformation = 23, /* Q */
+ SystemDpcBehaviourInformation = 24, /* QS */
+ SystemFullMemoryInformation = 25,
+ SystemLoadGdiDriverInformation = 26, /* S (callable) */
+ SystemUnloadGdiDriverInformation = 27, /* S (callable) */
SystemTimeAdjustmentInformation = 28, /* QS */
- SystemInformation29 = 29,
- SystemInformation30 = 30,
- SystemInformation31 = 31,
- SystemCrashDumpSectionInfo = 32, /* Q */
- SystemProcessorFaultCountInfo = 33, /* Q */
- SystemCrashDumpStateInfo = 34, /* Q */
- SystemDebuggerInformation = 35, /* Q */
- SystemThreadSwitchCountersInfo = 36, /* Q */
- SystemQuotaInformation = 37, /* QS */
- SystemLoadDriver = 38, /* S */
- SystemPrioritySeparationInfo = 39, /* S */
- SystemInformation40 = 40,
- SystemInformation41 = 41,
- SystemInformation42 = 42,
- SystemInformation43 = 43,
- SystemTimeZoneInformation = 44, /* QS */
+ SystemSummryMemoryInformation = 29,
+ SystemNextEventIdInformation = 30,
+ SystemEventIdsInformation = 31,
+ SystemCrashDumpInformation = 32, /* Q */
+ SystemExceptionInformation = 33, /* Q */
+ SystemCrashDumpStateInformation = 34, /* Q */
+ SystemKernelDebuggerInformation = 35, /* Q */
+ SystemContextSwitchInformation = 36, /* Q */
+ SystemRegistryQuotaInformation = 37, /* QS */
+ SystemExtendServiceTableInformation = 38, /* S */
+ SystemPrioritySeperation = 39, /* S */
+ SystemPlugPlayBusInformation = 40,
+ SystemDockInformation = 41,
+ SystemPowerInformation = 42,
+ SystemProcessorSpeedInformation = 43,
+ SystemCurrentTimeZoneInformation = 44, /* QS */
SystemLookasideInformation = 45, /* Q */
SystemInformationClassMax
typedef
struct _SYSTEM_BASIC_INFORMATION
{
- DWORD AlwaysZero;
- ULONG KeMaximumIncrement;
- ULONG MmPageSize;
- ULONG MmNumberOfPhysicalPages;
- ULONG MmLowestPhysicalPage;
- ULONG MmHighestPhysicalPage;
- PVOID MmLowestUserAddress;
- PVOID MmLowestUserAddress1;
- PVOID MmHighestUserAddress;
- DWORD KeActiveProcessors;
- USHORT KeNumberProcessors;
-
+ ULONG Reserved;
+ ULONG TimerResolution;
+ ULONG PageSize;
+ ULONG NumberOfPhysicalPages;
+ ULONG LowestPhysicalPageNumber;
+ ULONG HighestPhysicalPageNumber;
+ ULONG AllocationGranularity;
+ ULONG MinimumUserModeAddress;
+ ULONG MaximumUserModeAddress;
+ KAFFINITY ActiveProcessorsAffinityMask;
+ CCHAR NumberOfProcessors;
} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
// SystemProcessorInformation (1)
typedef
struct _SYSTEM_PROCESSOR_INFORMATION
{
- USHORT KeProcessorArchitecture;
- USHORT KeProcessorLevel;
- USHORT KeProcessorRevision;
- USHORT AlwaysZero;
- DWORD KeFeatureBits;
-
+ USHORT ProcessorArchitecture;
+ USHORT ProcessorLevel;
+ USHORT ProcessorRevision;
+ USHORT Reserved;
+ ULONG ProcessorFeatureBits;
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
// SystemPerformanceInfo (2)
typedef
-struct _SYSTEM_PERFORMANCE_INFO
+struct _SYSTEM_PERFORMANCE_INFORMATION
{
- LARGE_INTEGER TotalProcessorTime;
+ LARGE_INTEGER IdleProcessorTime;
LARGE_INTEGER IoReadTransferCount;
LARGE_INTEGER IoWriteTransferCount;
LARGE_INTEGER IoOtherTransferCount;
ULONG IoReadOperationCount;
ULONG IoWriteOperationCount;
ULONG IoOtherOperationCount;
- ULONG MmAvailablePages;
- ULONG MmTotalCommitedPages;
- ULONG MmTotalCommitLimit;
- ULONG MmPeakLimit;
- ULONG PageFaults;
- ULONG WriteCopies;
- ULONG TransitionFaults;
- ULONG Unknown1;
- ULONG DemandZeroFaults;
- ULONG PagesInput;
- ULONG PagesRead;
- ULONG Unknown2;
- ULONG Unknown3;
- ULONG PagesOutput;
- ULONG PageWrites;
- ULONG Unknown4;
- ULONG Unknown5;
- ULONG PoolPagedBytes;
- ULONG PoolNonPagedBytes;
+ ULONG AvailablePages;
+ ULONG CommitedPages;
+ ULONG CommitLimit;
+ ULONG PeakCommitment;
+ ULONG PageFaultCount;
+ ULONG CopyOnWriteCount;
+ ULONG TransitionCount;
+ ULONG CacheTransitionCount;
+ ULONG DemandZeroCount;
+ ULONG PageReadCount;
+ ULONG PageReadIoCount;
+ ULONG CacheReadCount;
+ ULONG CacheIoCount;
+ ULONG DirtyPagesWriteCount;
+ ULONG DirtyWriteIoCount;
+ ULONG MappedPagesWriteCount;
+ ULONG MappedWriteIoCount;
+ ULONG PagedPoolPages;
+ ULONG NonPagedPoolPages;
ULONG Unknown6;
ULONG Unknown7;
ULONG Unknown8;
} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;
-// SystemTimeInformation (3)
+// SystemTimeOfDayInformation (3)
typedef
-struct _SYSTEM_TIME_INFORMATION
+struct _SYSTEM_TIMEOFDAY_INFORMATION
{
- TIME KeBootTime;
- TIME KeSystemTime;
- TIME ExpTimeZoneBias;
- ULONG ExpTimeZoneId;
- ULONG Unused;
-
-} SYSTEM_TIME_INFORMATION, *PSYSTEM_TIME_INFORMATION;
+ LARGE_INTEGER BootTime;
+ LARGE_INTEGER CurrentTime;
+ LARGE_INTEGER TimeZoneBias;
+ ULONG TimeZoneId;
+ ULONG Reserved;
+} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
// SystemPathInformation (4)
// IT DOES NOT WORK
} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;
-// SystemProcessThreadInfo (5)
+// SystemProcessInformation (5)
typedef
struct _SYSTEM_THREAD_INFORMATION
{
} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
-// SystemServiceDescriptorTableInfo (6)
+// SystemCallCountInformation (6)
typedef
struct _SYSTEM_SDT_INFORMATION
{
} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;
-// SystemIoConfigInformation (7)
+// SystemDeviceInformation (7)
typedef
-struct _SYSTEM_IOCONFIG_INFORMATION
-{
- ULONG DiskCount;
- ULONG FloppyCount;
- ULONG CdRomCount;
- ULONG TapeCount;
- ULONG SerialCount;
- ULONG ParallelCount;
-
-} SYSTEM_IOCONFIG_INFORMATION, *PSYSTEM_IOCONFIG_INFORMATION;
-
-// SystemProcessorTimeInformation (8)
+struct _SYSTEM_DEVICE_INFORMATION
+{
+ ULONG NumberOfDisks;
+ ULONG NumberOfFloppies;
+ ULONG NumberOfCdRoms;
+ ULONG NumberOfTapes;
+ ULONG NumberOfSerialPorts;
+ ULONG NumberOfParallelPorts;
+} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
+
+// SystemProcessorPerformanceInformation (8)
typedef
struct _SYSTEM_PROCESSORTIME_INFO
{
TIME TotalInterruptTime;
ULONG TotalInterrupts;
ULONG Unused;
-
+
} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;
-// SystemNtGlobalFlagInformation (9)
+// SystemFlagsInformation (9)
typedef
-struct _SYSTEM_GLOBAL_FLAG_INFO
+struct _SYSTEM_FLAGS_INFORMATION
{
- ULONG NtGlobalFlag;
-
-} SYSTEM_GLOBAL_FLAG_INFO, * PSYSTEM_GLOBAL_FLAG_INFO;
-
-// SystemInformation10 (10)
+ ULONG Flags;
+
+} SYSTEM_FLAGS_INFORMATION, * PSYSTEM_FLAGS_INFORMATION;
+
+#define FLG_STOP_ON_EXCEPTION 0x00000001
+#define FLG_SHOW_LDR_SNAPS 0x00000002
+#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
+#define FLG_STOP_ON_HANG_GUI 0x00000008
+#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
+#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
+#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
+#define FLG_HEAP_VALIDATE_ALL 0x00000080
+#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
+#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
+#define FLG_POOL_ENABLE_TAGGING 0x00000400
+#define FLG_HEAP_ENABLE_TAGGING 0x00000800
+#define FLG_USER_STACK_TRACE_DB 0x00001000
+#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
+#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
+#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
+#define FLG_IGNORE_DEBUG_PRIV 0x00010000
+#define FLG_ENABLE_CSRDEBUG 0x00020000
+#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
+#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
+#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
+#define FLG_HEAP_DISABLE_COALESCING 0x00200000
+#define FLG_ENABLE_CLOSE_EXCEPTION 0x00400000
+#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
+#define FLG_UNKNOWN_01000000 0x01000000
+#define FLG_UNKNOWN_02000000 0x02000000
+#define FLG_UNKNOWN_04000000 0x04000000
+#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
+#define FLG_UNKNOWN_10000000 0x10000000
+#define FLG_UNKNOWN_20000000 0x20000000
+#define FLG_UNKNOWN_40000000 0x40000000
+#define FLG_UNKNOWN_80000000 0x80000000
+
+// SystemCallTimeInformation (10)
// UNKNOWN
// SystemModuleInformation (11)
} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
-// SystemResourceLockInformation (12)
+// SystemLocksInformation (12)
typedef
struct _SYSTEM_RESOURCE_LOCK_ENTRY
{
// UNKNOWN
// SystemHandleInformation (16)
-#if 0
-#define OBJECT_TYPE_0 0
-#define OBJECT_TYPE_1 1
-#define OBJECT_TYPE_OBJDIRECTORY 2
-#define OBJECT_TYPE_SYMLINK 3
-#define OBJECT_TYPE_TOKEN 4
-#define OBJECT_TYPE_PROCESS 5
-#define OBJECT_TYPE_THREAD 6
-#define OBJECT_TYPE_EVENT 7
-#define OBJECT_TYPE_8 8
-#define OBJECT_TYPE_MUTANT 9
-#define OBJECT_TYPE_SEMAPHORE 10
-#define OBJECT_TYPE_TIMER 11
-#define OBJECT_TYPE_12 12
-#define OBJECT_TYPE_WINSTATION 13
-#define OBJECT_TYPE_DESKTOP 14
-#define OBJECT_TYPE_SECTION 15
-#define OBJECT_TYPE_KEY 16
-#define OBJECT_TYPE_PORT 17
-#define OBJECT_TYPE_18 18
-#define OBJECT_TYPE_19 19
-#define OBJECT_TYPE_20 20
-#define OBJECT_TYPE_21 21
-#define OBJECT_TYPE_IOCOMPLETION 22
-#define OBJECT_TYPE_FILE 23
-#endif
+// (see ontypes.h)
typedef
struct _SYSTEM_HANDLE_ENTRY
{
{
ULONG Count;
SYSTEM_POOL_TAG_ENTRY PoolEntry [1];
-
+
} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;
// SystemProcessorScheduleInfo (23)
// SystemInformation25 (25)
// UNKNOWN
-// SystemLoadImage (26)
-typedef
-struct _SYSTEM_IMAGE_LOAD
-{
- UNICODE_STRING ModuleFileName IN;
- PVOID BaseAddress OUT;
- PVOID Section OUT;
- PVOID EntryPoint OUT;
- PVOID ExportDirectory OUT;
-
-} SYSTEM_IMAGE_LOAD, *PSYSTEM_IMAGE_LOAD;
-
-// SystemUnloadImage (27)
-typedef
-struct _SYSTEM_IMAGE_UNLOAD
+// SystemLoadGdiDriverInformation (26)
+// SystemUnloadGdiDriverInformation (27)
+typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
{
- PVOID Section IN; /* see SYSTEM_IMAGE_LOAD.ModuleSection */
-
-} SYSTEM_IMAGE_UNLOAD, *PSYSTEM_IMAGE_UNLOAD;
-
+ UNICODE_STRING DriverName;
+ PVOID ImageAddress;
+ PVOID SectionPointer;
+ PVOID EntryPoint;
+// PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
+ PVOID ExportSectionPointer;
+} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
// SystemTimeAdjustmentInformation (28)
// (what is the right one?)
} SYSTEM_DRIVER_LOAD, *PSYSTEM_DRIVER_LOAD;
+// SystemTimeZoneInformation (44)
+typedef
+struct _SYSTEM_TIME_ZONE_INFORMATION
+{
+ LONG Bias;
+ WCHAR StandardName [32];
+ SYSTEMTIME StandardDate;
+ LONG StandardBias;
+ WCHAR DaylightName [32];
+ SYSTEMTIME DaylightDate;
+ LONG DaylightBias;
+} SYSTEM_TIME_ZONE_INFORMATION, * PSYSTEM_TIME_ZONE_INFORMATION;
// memory information
typedef struct _FILE_DISPOSITION_INFORMATION
{
- BOOLEAN DeleteFile;
+ BOOLEAN DoDeleteFile;
} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
typedef struct _FILE_END_OF_FILE_INFORMATION
} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
-// semaphore information
-
-typedef struct _SEMAPHORE_BASIC_INFORMATION
-{
- ULONG CurrentCount;
- ULONG MaximumCount;
-} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
-
-// event information
-
-typedef struct _EVENT_BASIC_INFORMATION
-{
- BOOL AutomaticReset;
- BOOL Signaled;
-} EVENT_BASIC_INFORMATION, *PEVENT_INFORMATION;
//typedef enum _TIMER_TYPE
//{