#ifndef __INCLUDE_DDK_ZWTYPES_H
#define __INCLUDE_DDK_ZWTYPES_H
-
-
#define NtCurrentProcess() ( (HANDLE) 0xFFFFFFFF )
#define NtCurrentThread() ( (HANDLE) 0xFFFFFFFE )
+#ifdef __NTOSKRNL__
+extern ULONG EXPORTED NtBuildNumber;
+#else
+extern ULONG IMPORTED NtBuildNumber;
+#endif
// event access mask
//process query / set information class
-#define ProcessBasicInformation 0
-#define ProcessQuotaLimits 1
-#define ProcessIoCounters 2
+#define ProcessBasicInformation 0
+#define ProcessQuotaLimits 1
+#define ProcessIoCounters 2
#define ProcessVmCounters 3
#define ProcessTimes 4
#define ProcessBasePriority 5
#define ProcessWx86Information 19
#define ProcessHandleCount 20
#define ProcessAffinityMask 21
-#define MaxProcessInfoClass 22
+#define ProcessImageFileName 22
+#define MaxProcessInfoClass 23
// thread query / set information class
#define ThreadBasicInformation 0
#define ObjectNameInformation 1
#define ObjectTypeInformation 2
#define ObjectAllInformation 3
-#define ObjectDataInformation 4
+#define ObjectDataInformation 4
+
// semaphore information
-#define SemaphoreBasicInformation 0
+typedef enum _SEMAPHORE_INFORMATION_CLASS
+{
+ SemaphoreBasicInformation = 0
+} SEMAPHORE_INFORMATION_CLASS;
+
+typedef struct _SEMAPHORE_BASIC_INFORMATION
+{
+ LONG CurrentCount;
+ LONG MaximumCount;
+} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
+
// event information
-#define EventBasicInformation 0
+typedef enum _EVENT_INFORMATION_CLASS
+{
+ EventBasicInformation = 0
+} EVENT_INFORMATION_CLASS;
+
+typedef struct _EVENT_BASIC_INFORMATION
+{
+ EVENT_TYPE EventType;
+ LONG EventState;
+} EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION;
+
// system information
+// {Nt|Zw}{Query|Set}SystemInformation
+
+typedef
+enum _SYSTEM_INFORMATION_CLASS
+{
+ SystemInformationClassMin = 0,
+ SystemBasicInformation = 0, /* Q */
+ SystemProcessorInformation = 1, /* Q */
+ SystemPerformanceInformation = 2, /* Q */
+ SystemTimeOfDayInformation = 3, /* Q */
+ SystemPathInformation = 4, /* Q (checked build only) */
+ SystemProcessInformation = 5, /* Q */
+ SystemCallCountInfoInformation = 6, /* Q */
+ SystemDeviceInformation = 7, /* Q */
+ SystemProcessorPerformanceInformation = 8, /* Q */
+ SystemFlagsInformation = 9, /* QS */
+ SystemCallTimeInformation = 10,
+ SystemModuleInformation = 11, /* Q */
+ SystemLocksInformation = 12, /* Q */
+ SystemStackTraceInformation = 13,
+ SystemPagedPoolInformation = 14,
+ SystemNonPagedPoolInformation = 15,
+ SystemHandleInformation = 16, /* Q */
+ SystemObjectInformation = 17, /* Q */
+ SystemPageFileInformation = 18, /* Q */
+ SystemVdmInstemulInformation = 19, /* Q */
+ SystemVdmBopInformation = 20,
+ SystemFileCacheInformation = 21, /* QS */
+ SystemPoolTagInformation = 22, /* Q (checked build only) */
+ SystemInterruptInformation = 23, /* Q */
+ SystemDpcBehaviourInformation = 24, /* QS */
+ SystemFullMemoryInformation = 25,
+ SystemLoadGdiDriverInformation = 26, /* S (callable) */
+ SystemUnloadGdiDriverInformation = 27, /* S (callable) */
+ SystemTimeAdjustmentInformation = 28, /* QS */
+ SystemSummryMemoryInformation = 29,
+ SystemNextEventIdInformation = 30,
+ SystemEventIdsInformation = 31,
+ SystemCrashDumpInformation = 32, /* Q */
+ SystemExceptionInformation = 33, /* Q */
+ SystemCrashDumpStateInformation = 34, /* Q */
+ SystemKernelDebuggerInformation = 35, /* Q */
+ SystemContextSwitchInformation = 36, /* Q */
+ SystemRegistryQuotaInformation = 37, /* QS */
+ SystemExtendServiceTableInformation = 38, /* S */
+ SystemPrioritySeperation = 39, /* S */
+ SystemPlugPlayBusInformation = 40,
+ SystemDockInformation = 41,
+ SystemPowerInformation = 42,
+ SystemProcessorSpeedInformation = 43,
+ SystemCurrentTimeZoneInformation = 44, /* QS */
+ SystemLookasideInformation = 45, /* Q */
+ SystemInformationClassMax
+
+} SYSTEM_INFORMATION_CLASS;
+
+// SystemBasicInformation (0)
+typedef
+struct _SYSTEM_BASIC_INFORMATION
+{
+ ULONG Reserved;
+ ULONG TimerResolution;
+ ULONG PageSize;
+ ULONG NumberOfPhysicalPages;
+ ULONG LowestPhysicalPageNumber;
+ ULONG HighestPhysicalPageNumber;
+ ULONG AllocationGranularity;
+ ULONG MinimumUserModeAddress;
+ ULONG MaximumUserModeAddress;
+ KAFFINITY ActiveProcessorsAffinityMask;
+ CCHAR NumberOfProcessors;
+} SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION;
+
+// SystemProcessorInformation (1)
+typedef
+struct _SYSTEM_PROCESSOR_INFORMATION
+{
+ USHORT ProcessorArchitecture;
+ USHORT ProcessorLevel;
+ USHORT ProcessorRevision;
+ USHORT Reserved;
+ ULONG ProcessorFeatureBits;
+} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
+
+// SystemPerformanceInfo (2)
+typedef
+struct _SYSTEM_PERFORMANCE_INFORMATION
+{
+ LARGE_INTEGER IdleProcessorTime;
+ LARGE_INTEGER IoReadTransferCount;
+ LARGE_INTEGER IoWriteTransferCount;
+ LARGE_INTEGER IoOtherTransferCount;
+ ULONG IoReadOperationCount;
+ ULONG IoWriteOperationCount;
+ ULONG IoOtherOperationCount;
+ ULONG AvailablePages;
+ ULONG CommitedPages;
+ ULONG CommitLimit;
+ ULONG PeakCommitment;
+ ULONG PageFaultCount;
+ ULONG CopyOnWriteCount;
+ ULONG TransitionCount;
+ ULONG CacheTransitionCount;
+ ULONG DemandZeroCount;
+ ULONG PageReadCount;
+ ULONG PageReadIoCount;
+ ULONG CacheReadCount;
+ ULONG CacheIoCount;
+ ULONG DirtyPagesWriteCount;
+ ULONG DirtyWriteIoCount;
+ ULONG MappedPagesWriteCount;
+ ULONG MappedWriteIoCount;
+ ULONG PagedPoolPages;
+ ULONG NonPagedPoolPages;
+ ULONG Unknown6;
+ ULONG Unknown7;
+ ULONG Unknown8;
+ ULONG Unknown9;
+ ULONG MmTotalSystemFreePtes;
+ ULONG MmSystemCodepage;
+ ULONG MmTotalSystemDriverPages;
+ ULONG MmTotalSystemCodePages;
+ ULONG Unknown10;
+ ULONG Unknown11;
+ ULONG Unknown12;
+ ULONG MmSystemCachePage;
+ ULONG MmPagedPoolPage;
+ ULONG MmSystemDriverPage;
+ ULONG CcFastReadNoWait;
+ ULONG CcFastReadWait;
+ ULONG CcFastReadResourceMiss;
+ ULONG CcFastReadNotPossible;
+ ULONG CcFastMdlReadNoWait;
+ ULONG CcFastMdlReadWait;
+ ULONG CcFastMdlReadResourceMiss;
+ ULONG CcFastMdlReadNotPossible;
+ ULONG CcMapDataNoWait;
+ ULONG CcMapDataWait;
+ ULONG CcMapDataNoWaitMiss;
+ ULONG CcMapDataWaitMiss;
+ ULONG CcPinMappedDataCount;
+ ULONG CcPinReadNoWait;
+ ULONG CcPinReadWait;
+ ULONG CcPinReadNoWaitMiss;
+ ULONG CcPinReadWaitMiss;
+ ULONG CcCopyReadNoWait;
+ ULONG CcCopyReadWait;
+ ULONG CcCopyReadNoWaitMiss;
+ ULONG CcCopyReadWaitMiss;
+ ULONG CcMdlReadNoWait;
+ ULONG CcMdlReadWait;
+ ULONG CcMdlReadNoWaitMiss;
+ ULONG CcMdlReadWaitMiss;
+ ULONG CcReadaheadIos;
+ ULONG CcLazyWriteIos;
+ ULONG CcLazyWritePages;
+ ULONG CcDataFlushes;
+ ULONG CcDataPages;
+ ULONG ContextSwitches;
+ ULONG Unknown13;
+ ULONG Unknown14;
+ ULONG SystemCalls;
+
+} SYSTEM_PERFORMANCE_INFO, *PSYSTEM_PERFORMANCE_INFO;
+
+// SystemTimeOfDayInformation (3)
+typedef
+struct _SYSTEM_TIMEOFDAY_INFORMATION
+{
+ LARGE_INTEGER BootTime;
+ LARGE_INTEGER CurrentTime;
+ LARGE_INTEGER TimeZoneBias;
+ ULONG TimeZoneId;
+ ULONG Reserved;
+} SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION;
+
+// SystemPathInformation (4)
+// IT DOES NOT WORK
+typedef
+struct _SYSTEM_PATH_INFORMATION
+{
+ PVOID Dummy;
+
+} SYSTEM_PATH_INFORMATION, * PSYSTEM_PATH_INFORMATION;
+
+// SystemProcessInformation (5)
+typedef
+struct _SYSTEM_THREAD_INFORMATION
+{
+ TIME KernelTime;
+ TIME UserTime;
+ TIME CreateTime;
+ ULONG TickCount;
+ ULONG StartEIP;
+ CLIENT_ID ClientId;
+ ULONG DynamicPriority;
+ ULONG BasePriority;
+ ULONG nSwitches;
+ DWORD State;
+ KWAIT_REASON WaitReason;
+
+} SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION;
+
+typedef
+struct SYSTEM_PROCESS_INFORMATION
+{
+ ULONG RelativeOffset;
+ ULONG ThreadCount;
+ ULONG Unused1 [6];
+ TIME CreateTime;
+ TIME UserTime;
+ TIME KernelTime;
+ UNICODE_STRING Name;
+ ULONG BasePriority;
+ ULONG ProcessId;
+ ULONG ParentProcessId;
+ ULONG HandleCount;
+ ULONG Unused2[2];
+ ULONG PeakVirtualSizeBytes;
+ ULONG TotalVirtualSizeBytes;
+ ULONG PageFaultCount;
+ ULONG PeakWorkingSetSizeBytes;
+ ULONG TotalWorkingSetSizeBytes;
+ ULONG PeakPagedPoolUsagePages;
+ ULONG TotalPagedPoolUsagePages;
+ ULONG PeakNonPagedPoolUsagePages;
+ ULONG TotalNonPagedPoolUsagePages;
+ ULONG TotalPageFileUsageBytes;
+ ULONG PeakPageFileUsageBytes;
+ ULONG TotalPrivateBytes;
+ SYSTEM_THREAD_INFORMATION ThreadSysInfo [1];
+
+} SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION;
+
+// SystemCallCountInformation (6)
+typedef
+struct _SYSTEM_SDT_INFORMATION
+{
+ ULONG BufferLength;
+ ULONG NumberOfSystemServiceTables;
+ ULONG NumberOfServices [1];
+ ULONG ServiceCounters [1];
-#define SystemPerformanceInformation 5
-#define SystemCacheInformation 21
-#define SystemTimeAdjustmentInformation 28
+} SYSTEM_SDT_INFORMATION, *PSYSTEM_SDT_INFORMATION;
+
+// SystemDeviceInformation (7)
+typedef
+struct _SYSTEM_DEVICE_INFORMATION
+{
+ ULONG NumberOfDisks;
+ ULONG NumberOfFloppies;
+ ULONG NumberOfCdRoms;
+ ULONG NumberOfTapes;
+ ULONG NumberOfSerialPorts;
+ ULONG NumberOfParallelPorts;
+} SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION;
+
+// SystemProcessorPerformanceInformation (8)
+typedef
+struct _SYSTEM_PROCESSORTIME_INFO
+{
+ TIME TotalProcessorRunTime;
+ TIME TotalProcessorTime;
+ TIME TotalProcessorUserTime;
+ TIME TotalDPCTime;
+ TIME TotalInterruptTime;
+ ULONG TotalInterrupts;
+ ULONG Unused;
+
+} SYSTEM_PROCESSORTIME_INFO, *PSYSTEM_PROCESSORTIME_INFO;
+
+// SystemFlagsInformation (9)
+typedef
+struct _SYSTEM_FLAGS_INFORMATION
+{
+ ULONG Flags;
+
+} SYSTEM_FLAGS_INFORMATION, * PSYSTEM_FLAGS_INFORMATION;
+
+#define FLG_STOP_ON_EXCEPTION 0x00000001
+#define FLG_SHOW_LDR_SNAPS 0x00000002
+#define FLG_DEBUG_INITIAL_COMMAND 0x00000004
+#define FLG_STOP_ON_HANG_GUI 0x00000008
+#define FLG_HEAP_ENABLE_TAIL_CHECK 0x00000010
+#define FLG_HEAP_ENABLE_FREE_CHECK 0x00000020
+#define FLG_HEAP_VALIDATE_PARAMETERS 0x00000040
+#define FLG_HEAP_VALIDATE_ALL 0x00000080
+#define FLG_POOL_ENABLE_TAIL_CHECK 0x00000100
+#define FLG_POOL_ENABLE_FREE_CHECK 0x00000200
+#define FLG_POOL_ENABLE_TAGGING 0x00000400
+#define FLG_HEAP_ENABLE_TAGGING 0x00000800
+#define FLG_USER_STACK_TRACE_DB 0x00001000
+#define FLG_KERNEL_STACK_TRACE_DB 0x00002000
+#define FLG_MAINTAIN_OBJECT_TYPELIST 0x00004000
+#define FLG_HEAP_ENABLE_TAG_BY_DLL 0x00008000
+#define FLG_IGNORE_DEBUG_PRIV 0x00010000
+#define FLG_ENABLE_CSRDEBUG 0x00020000
+#define FLG_ENABLE_KDEBUG_SYMBOL_LOAD 0x00040000
+#define FLG_DISABLE_PAGE_KERNEL_STACKS 0x00080000
+#define FLG_HEAP_ENABLE_CALL_TRACING 0x00100000
+#define FLG_HEAP_DISABLE_COALESCING 0x00200000
+#define FLG_ENABLE_CLOSE_EXCEPTION 0x00400000
+#define FLG_ENABLE_EXCEPTION_LOGGING 0x00800000
+#define FLG_UNKNOWN_01000000 0x01000000
+#define FLG_UNKNOWN_02000000 0x02000000
+#define FLG_UNKNOWN_04000000 0x04000000
+#define FLG_ENABLE_DBGPRINT_BUFFERING 0x08000000
+#define FLG_UNKNOWN_10000000 0x10000000
+#define FLG_UNKNOWN_20000000 0x20000000
+#define FLG_UNKNOWN_40000000 0x40000000
+#define FLG_UNKNOWN_80000000 0x80000000
+
+// SystemCallTimeInformation (10)
+// UNKNOWN
+
+// SystemModuleInformation (11)
+typedef
+struct _SYSTEM_MODULE_ENTRY
+{
+ ULONG Unused;
+ ULONG Always0;
+ ULONG ModuleBaseAddress;
+ ULONG ModuleSize;
+ ULONG Unknown;
+ ULONG ModuleEntryIndex;
+ USHORT ModuleNameLength; /* Length of module name not including the path, this field contains valid value only for NTOSKRNL module*/
+ USHORT ModulePathLength; /* Length of 'directory path' part of modulename*/
+ CHAR ModuleName [256];
+
+} SYSTEM_MODULE_ENTRY, * PSYSTEM_MODULE_ENTRY;
+
+typedef
+struct _SYSTEM_MODULE_INFORMATION
+{
+ ULONG Count;
+ SYSTEM_MODULE_ENTRY Module [1];
+
+} SYSTEM_MODULE_INFORMATION, *PSYSTEM_MODULE_INFORMATION;
+
+// SystemLocksInformation (12)
+typedef
+struct _SYSTEM_RESOURCE_LOCK_ENTRY
+{
+ ULONG ResourceAddress;
+ ULONG Always1;
+ ULONG Unknown;
+ ULONG ActiveCount;
+ ULONG ContentionCount;
+ ULONG Unused[2];
+ ULONG NumberOfSharedWaiters;
+ ULONG NumberOfExclusiveWaiters;
+
+} SYSTEM_RESOURCE_LOCK_ENTRY, *PSYSTEM_RESOURCE_LOCK_ENTRY;
+
+typedef
+struct _SYSTEM_RESOURCE_LOCK_INFO
+{
+ ULONG Count;
+ SYSTEM_RESOURCE_LOCK_ENTRY Lock [1];
+
+} SYSTEM_RESOURCE_LOCK_INFO, *PSYSTEM_RESOURCE_LOCK_INFO;
+
+// SystemInformation13 (13)
+// UNKNOWN
+
+// SystemInformation14 (14)
+// UNKNOWN
+
+// SystemInformation15 (15)
+// UNKNOWN
+
+// SystemHandleInformation (16)
+// (see ontypes.h)
+typedef
+struct _SYSTEM_HANDLE_ENTRY
+{
+ ULONG OwnerPid;
+ BYTE ObjectType;
+ BYTE HandleFlags;
+ USHORT HandleValue;
+ PVOID ObjectPointer;
+ ULONG AccessMask;
+
+} SYSTEM_HANDLE_ENTRY, *PSYSTEM_HANDLE_ENTRY;
+
+typedef
+struct _SYSTEM_HANDLE_INFORMATION
+{
+ ULONG Count;
+ SYSTEM_HANDLE_ENTRY Handle [1];
+
+} SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
+
+// SystemObjectInformation (17)
+// UNKNOWN
+typedef
+struct _SYSTEM_OBJECT_INFORMATION
+{
+ DWORD Unknown;
+ /* FIXME */
+} SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION;
+
+// SystemPageFileInformation (18)
+typedef
+struct _SYSTEM_PAGEFILE_INFORMATION
+{
+ ULONG RelativeOffset;
+ ULONG CurrentSizePages;
+ ULONG TotalUsedPages;
+ ULONG PeakUsedPages;
+ UNICODE_STRING PagefileFileName;
+
+} SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION;
+
+// SystemInstructionEmulationInfo (19)
+typedef
+struct _SYSTEM_VDM_INFORMATION
+{
+ ULONG VdmSegmentNotPresentCount;
+ ULONG VdmINSWCount;
+ ULONG VdmESPREFIXCount;
+ ULONG VdmCSPREFIXCount;
+ ULONG VdmSSPREFIXCount;
+ ULONG VdmDSPREFIXCount;
+ ULONG VdmFSPREFIXCount;
+ ULONG VdmGSPREFIXCount;
+ ULONG VdmOPER32PREFIXCount;
+ ULONG VdmADDR32PREFIXCount;
+ ULONG VdmINSBCount;
+ ULONG VdmINSWV86Count;
+ ULONG VdmOUTSBCount;
+ ULONG VdmOUTSWCount;
+ ULONG VdmPUSHFCount;
+ ULONG VdmPOPFCount;
+ ULONG VdmINTNNCount;
+ ULONG VdmINTOCount;
+ ULONG VdmIRETCount;
+ ULONG VdmINBIMMCount;
+ ULONG VdmINWIMMCount;
+ ULONG VdmOUTBIMMCount;
+ ULONG VdmOUTWIMMCount;
+ ULONG VdmINBCount;
+ ULONG VdmINWCount;
+ ULONG VdmOUTBCount;
+ ULONG VdmOUTWCount;
+ ULONG VdmLOCKPREFIXCount;
+ ULONG VdmREPNEPREFIXCount;
+ ULONG VdmREPPREFIXCount;
+ ULONG VdmHLTCount;
+ ULONG VdmCLICount;
+ ULONG VdmSTICount;
+ ULONG VdmBopCount;
+
+} SYSTEM_VDM_INFORMATION, *PSYSTEM_VDM_INFORMATION;
+
+// SystemInformation20 (20)
+// UNKNOWN
+
+// SystemCacheInformation (21)
+typedef
+struct _SYSTEM_CACHE_INFORMATION
+{
+ ULONG CurrentSize;
+ ULONG PeakSize;
+ ULONG PageFaultCount;
+ ULONG MinimumWorkingSet;
+ ULONG MaximumWorkingSet;
+ ULONG Unused[4];
+
+} SYSTEM_CACHE_INFORMATION;
+
+// SystemPoolTagInformation (22)
+// found by Klaus P. Gerlicher
+// (implemented only in checked builds)
+typedef
+struct _POOL_TAG_STATS
+{
+ ULONG AllocationCount;
+ ULONG FreeCount;
+ ULONG SizeBytes;
+
+} POOL_TAG_STATS;
+
+typedef
+struct _SYSTEM_POOL_TAG_ENTRY
+{
+ ULONG Tag;
+ POOL_TAG_STATS Paged;
+ POOL_TAG_STATS NonPaged;
+
+} SYSTEM_POOL_TAG_ENTRY, * PSYSTEM_POOL_TAG_ENTRY;
+
+typedef
+struct _SYSTEM_POOL_TAG_INFO
+{
+ ULONG Count;
+ SYSTEM_POOL_TAG_ENTRY PoolEntry [1];
+
+} SYSTEM_POOL_TAG_INFO, *PSYSTEM_POOL_TAG_INFO;
+
+// SystemProcessorScheduleInfo (23)
+typedef
+struct _SYSTEM_PROCESSOR_SCHEDULE_INFO
+{
+ ULONG nContextSwitches;
+ ULONG nDPCQueued;
+ ULONG nDPCRate;
+ ULONG TimerResolution;
+ ULONG nDPCBypasses;
+ ULONG nAPCBypasses;
+
+} SYSTEM_PROCESSOR_SCHEDULE_INFO, *PSYSTEM_PROCESSOR_SCHEDULE_INFO;
+
+// SystemDpcInformation (24)
+typedef
+struct _SYSTEM_DPC_INFORMATION
+{
+ ULONG Unused;
+ ULONG KiMaximumDpcQueueDepth;
+ ULONG KiMinimumDpcRate;
+ ULONG KiAdjustDpcThreshold;
+ ULONG KiIdealDpcRate;
+
+} SYSTEM_DPC_INFORMATION, *PSYSTEM_DPC_INFORMATION;
+
+// SystemInformation25 (25)
+// UNKNOWN
+
+// SystemLoadGdiDriverInformation (26)
+// SystemUnloadGdiDriverInformation (27)
+typedef struct _SYSTEM_GDI_DRIVER_INFORMATION
+{
+ UNICODE_STRING DriverName;
+ PVOID ImageAddress;
+ PVOID SectionPointer;
+ PVOID EntryPoint;
+// PIMAGE_EXPORT_DIRECTORY ExportSectionPointer;
+ PVOID ExportSectionPointer;
+} SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION;
+
+// SystemTimeAdjustmentInformation (28)
+// (what is the right one?)
+#if 0
+typedef
+struct _SYSTEM_TIME_ADJUSTMENT_INFO
+{
+ TIME TimeAdjustment;
+ BOOL TimeAdjustmentDisabled;
+
+} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;
+#else
+typedef
+struct _SYSTEM_TIME_ADJUSTMENT_INFO
+{
+ ULONG KeTimeAdjustment;
+ ULONG KeMaximumIncrement;
+ BOOLEAN KeTimeSynchronization;
+
+} SYSTEM_TIME_ADJUSTMENT_INFO, *PSYSTEM_TIME_ADJUSTMENT_INFO;
+#endif
+
+// SystemProcessorFaultCountInfo (33)
+typedef
+struct _SYSTEM_PROCESSOR_FAULT_INFO
+{
+ ULONG nAlignmentFixup;
+ ULONG nExceptionDispatches;
+ ULONG nFloatingEmulation;
+ ULONG Unknown;
+
+} SYSTEM_PROCESSOR_FAULT_INFO, *PSYSTEM_PROCESSOR_FAULT_INFO;
+
+// SystemCrashDumpStateInfo (34)
+//
+
+// SystemDebuggerInformation (35)
+typedef
+struct _SYSTEM_DEBUGGER_INFO
+{
+ BOOLEAN KdDebuggerEnabled;
+ BOOLEAN KdDebuggerPresent;
+
+} SYSTEM_DEBUGGER_INFO, *PSYSTEM_DEBUGGER_INFO;
+
+// SystemInformation36 (36)
+// UNKNOWN
+
+// SystemQuotaInformation (37)
+typedef
+struct _SYSTEM_QUOTA_INFORMATION
+{
+ ULONG CmpGlobalQuota;
+ ULONG CmpGlobalQuotaUsed;
+ ULONG MmSizeofPagedPoolInBytes;
+
+} SYSTEM_QUOTA_INFORMATION, *PSYSTEM_QUOTA_INFORMATION;
+
+// SystemLoadDriver (38)
+typedef
+struct _SYSTEM_DRIVER_LOAD
+{
+ UNICODE_STRING DriverRegistryEntry;
+
+} SYSTEM_DRIVER_LOAD, *PSYSTEM_DRIVER_LOAD;
+
+// SystemTimeZoneInformation (44)
+typedef
+struct _SYSTEM_TIME_ZONE_INFORMATION
+{
+ LONG Bias;
+ WCHAR StandardName [32];
+ SYSTEMTIME StandardDate;
+ LONG StandardBias;
+ WCHAR DaylightName [32];
+ SYSTEMTIME DaylightDate;
+ LONG DaylightBias;
+
+} SYSTEM_TIME_ZONE_INFORMATION, * PSYSTEM_TIME_ZONE_INFORMATION;
+
+// memory information
+
+#define MemoryBasicInformation 0
// shutdown action
#define WaitAll 0
#define WaitAny 1
-
+
+// number of wait objects
+
+#define THREAD_WAIT_OBJECTS 3
+//#define MAXIMUM_WAIT_OBJECTS 64
+
// key restore flags
-#define REG_WHOLE_HIVE_VOLATILE 1
-#define REG_REFRESH_HIVE 2
+#define REG_WHOLE_HIVE_VOLATILE 1
+#define REG_REFRESH_HIVE 2
// object type access rights
-#define OBJECT_TYPE_CREATE 0x0001
+#define OBJECT_TYPE_CREATE 0x0001
#define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
// directory access rights
// symbolic link access rights
-#define SYMBOLIC_LINK_QUERY 0x0001
+#define SYMBOLIC_LINK_QUERY 0x0001
#define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
-
+
typedef struct _PROCESS_WS_WATCH_INFORMATION
{
PVOID FaultingPc;
typedef struct _PROCESS_BASIC_INFORMATION
{
NTSTATUS ExitStatus;
- PNT_PEB PebBaseAddress;
+ PPEB PebBaseAddress;
KAFFINITY AffinityMask;
KPRIORITY BasePriority;
ULONG UniqueProcessId;
ULONG InheritedFromUniqueProcessId;
} PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
-typedef struct _QUOTA_LIMITS
+typedef struct _QUOTA_LIMITS
{
ULONG PagedPoolLimit;
ULONG NonPagedPoolLimit;
} IO_COUNTERS, *PIO_COUNTERS;
-typedef struct _VM_COUNTERS_
+typedef struct _VM_COUNTERS_
{
ULONG PeakVirtualSize;
ULONG VirtualSize;
} VM_COUNTERS, *PVM_COUNTERS;
-typedef struct _POOLED_USAGE_AND_LIMITS_
+typedef struct _POOLED_USAGE_AND_LIMITS_
{
ULONG PeakPagedPoolUsage;
ULONG PagedPoolUsage;
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
-typedef struct _PROCESS_ACCESS_TOKEN
+typedef struct _PROCESS_ACCESS_TOKEN
{
HANDLE Token;
HANDLE Thread;
} PROCESS_ACCESS_TOKEN, *PPROCESS_ACCESS_TOKEN;
-typedef struct _KERNEL_USER_TIMES
+typedef struct _KERNEL_USER_TIMES
{
TIME CreateTime;
TIME ExitTime;
} THREAD_BASIC_INFORMATION, *PTHREAD_BASIC_INFORMATION;
// object information
-
-typedef struct _OBJECT_NAME_INFORMATION
-{
- UNICODE_STRING Name;
-} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
+typedef struct _OBJECT_NAME_INFORMATION
+{
+ UNICODE_STRING Name;
+} OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
-typedef struct _OBJECT_DATA_INFORMATION
+
+typedef struct _OBJECT_DATA_INFORMATION
{
BOOLEAN bInheritHandle;
BOOLEAN bProtectFromClose;
-} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
+} OBJECT_DATA_INFORMATION, *POBJECT_DATA_INFORMATION;
-typedef struct _OBJECT_TYPE_INFORMATION
+typedef struct _OBJECT_TYPE_INFORMATION
{
UNICODE_STRING Name;
UNICODE_STRING Type;
ULONG ReferenceCount;
} OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
-// system information
+// file information
-typedef struct _SYSTEM_TIME_ADJUSTMENT
+typedef struct _FILE_BASIC_INFORMATION
{
- ULONG TimeAdjustment;
- BOOL TimeAdjustmentDisabled;
-} SYSTEM_TIME_ADJUSTMENT, *PSYSTEM_TIME_ADJUSTMENT;
-
-typedef struct _SYSTEM_CONFIGURATION_INFO {
- union {
- ULONG OemId;
- struct {
- WORD ProcessorArchitecture;
- WORD Reserved;
- } tag1;
- } tag2;
- ULONG PageSize;
- PVOID MinimumApplicationAddress;
- PVOID MaximumApplicationAddress;
- ULONG ActiveProcessorMask;
- ULONG NumberOfProcessors;
- ULONG ProcessorType;
- ULONG AllocationGranularity;
- WORD ProcessorLevel;
- WORD ProcessorRevision;
-} SYSTEM_CONFIGURATION_INFO, *PSYSTEM_CONFIGURATION_INFO;
-
-
-typedef struct _SYSTEM_CACHE_INFORMATION {
- ULONG CurrentSize;
- ULONG PeakSize;
- ULONG PageFaultCount;
- ULONG MinimumWorkingSet;
- ULONG MaximumWorkingSet;
- ULONG Unused[4];
-} SYSTEM_CACHE_INFORMATION;
+ TIME CreationTime;
+ TIME LastAccessTime;
+ TIME LastWriteTime;
+ TIME ChangeTime;
+ ULONG FileAttributes;
+} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-typedef struct _FILE_BASIC_INFORMATION
-{
- TIME CreationTime;
- TIME LastAccessTime;
- TIME LastWriteTime;
- TIME ChangeTime;
- ULONG FileAttributes;
-} FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
-
-typedef struct _FILE_STANDARD_INFORMATION
-{
- LARGE_INTEGER AllocationSize;
- LARGE_INTEGER EndOfFile;
- ULONG NumberOfLinks;
- BOOLEAN DeletePending;
- BOOLEAN Directory;
+typedef struct _FILE_STANDARD_INFORMATION
+{
+ LARGE_INTEGER AllocationSize;
+ LARGE_INTEGER EndOfFile;
+ ULONG NumberOfLinks;
+ BOOLEAN DeletePending;
+ BOOLEAN Directory;
} FILE_STANDARD_INFORMATION, *PFILE_STANDARD_INFORMATION;
-
-typedef struct _FILE_POSITION_INFORMATION
-{
- LARGE_INTEGER CurrentByteOffset;
-} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
-
-typedef struct _FILE_ALIGNMENT_INFORMATION
-{
- ULONG AlignmentRequirement;
-} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
-
+
+typedef struct _FILE_POSITION_INFORMATION
+{
+ LARGE_INTEGER CurrentByteOffset;
+} FILE_POSITION_INFORMATION, *PFILE_POSITION_INFORMATION;
+
+typedef struct _FILE_ALIGNMENT_INFORMATION
+{
+ ULONG AlignmentRequirement;
+} FILE_ALIGNMENT_INFORMATION, *PFILE_ALIGNMENT_INFORMATION;
+
typedef struct _FILE_DISPOSITION_INFORMATION
-{
- BOOLEAN DeleteFile;
-} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
-
+{
+ BOOLEAN DoDeleteFile;
+} FILE_DISPOSITION_INFORMATION, *PFILE_DISPOSITION_INFORMATION;
+
typedef struct _FILE_END_OF_FILE_INFORMATION
-{
- LARGE_INTEGER EndOfFile;
-} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
-
-typedef struct _FILE_NETWORK_OPEN_INFORMATION {
+{
+ LARGE_INTEGER EndOfFile;
+} FILE_END_OF_FILE_INFORMATION, *PFILE_END_OF_FILE_INFORMATION;
+
+typedef struct _FILE_NETWORK_OPEN_INFORMATION
+{
TIME CreationTime;
TIME LastAccessTime;
TIME LastWriteTime;
} FILE_GET_EA_INFORMATION, *PFILE_GET_EA_INFORMATION;
typedef struct _FILE_STREAM_INFORMATION {
- ULONG NextEntryOffset;
- ULONG StreamNameLength;
- LARGE_INTEGER StreamSize;
- LARGE_INTEGER StreamAllocationSize;
- WCHAR StreamName[0];
+ ULONG NextEntryOffset;
+ ULONG StreamNameLength;
+ LARGE_INTEGER StreamSize;
+ LARGE_INTEGER StreamAllocationSize;
+ WCHAR StreamName[0];
} FILE_STREAM_INFORMATION, *PFILE_STREAM_INFORMATION;
typedef struct _FILE_ALLOCATION_INFORMATION {
typedef struct _FILE_RENAME_INFORMATION {
BOOLEAN Replace;
HANDLE RootDir;
- ULONG FileNameLength;
+ ULONG FileNameLength;
WCHAR FileName[0];
} FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
// file system information structures
-typedef struct _FILE_FS_DEVICE_INFORMATION {
- DEVICE_TYPE DeviceType;
- ULONG Characteristics;
+typedef struct _FILE_FS_DEVICE_INFORMATION {
+ DEVICE_TYPE DeviceType;
+ ULONG Characteristics;
} FILE_FS_DEVICE_INFORMATION, *PFILE_FS_DEVICE_INFORMATION;
ULONG FileSystemAttributes;
LONG MaximumComponentNameLength;
ULONG FileSystemNameLength;
- WCHAR FileSystemName[0];
-} FILE_FS_ATTRIBUTE_INFORMATION;
+ WCHAR FileSystemName[0];
+} FILE_FS_ATTRIBUTE_INFORMATION, *PFILE_FS_ATTRIBUTE_INFORMATION;
/*
FileSystemAttributes is one of the following values:
- FILE_CASE_SENSITIVE_SEARCH 0x00000001
+ FILE_CASE_SENSITIVE_SEARCH 0x00000001
FILE_CASE_PRESERVED_NAMES 0x00000002
FILE_UNICODE_ON_DISK 0x00000004
FILE_PERSISTENT_ACLS 0x00000008
// read file scatter / write file scatter
//FIXME I am a win32 struct aswell
-typedef union _FILE_SEGMENT_ELEMENT {
- PVOID Buffer;
- ULONG Alignment;
-}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
+typedef union _FILE_SEGMENT_ELEMENT {
+ PVOID Buffer;
+ ULONG Alignment;
+}FILE_SEGMENT_ELEMENT, *PFILE_SEGMENT_ELEMENT;
// directory information
typedef struct _OBJDIR_INFORMATION {
UNICODE_STRING ObjectName;
UNICODE_STRING ObjectTypeName; // Directory, Device ...
- UCHAR Data[0];
+ UCHAR Data[0];
} OBJDIR_INFORMATION, *POBJDIR_INFORMATION;
*/
typedef struct _FILE_NOTIFY_INFORMATION {
- ULONG NextEntryOffset;
ULONG Action;
ULONG FileNameLength;
WCHAR FileName[0];
*/
-//FIXME: I am a win32 object
-typedef
-VOID
-(*PTIMERAPCROUTINE)(
- LPVOID lpArgToCompletionRoutine,
- DWORD dwTimerLowValue,
- DWORD dwTimerHighValue
- );
-
-// NtProcessStartup parameters
-
-typedef struct _ENVIRONMENT_INFORMATION {
- ULONG Unknown[21];
- UNICODE_STRING CommandLine;
- UNICODE_STRING ImageFile;
-} ENVIRONMENT_INFORMATION, *PENVIRONMENT_INFORMATION;
-
-
-typedef struct _STARTUP_ARGUMENT {
- ULONG Unknown[3];
- PENVIRONMENT_INFORMATION Environment;
-} STARTUP_ARGUMENT, *PSTARTUP_ARGUMENT;
+//FIXME: I am a win32 object
+typedef
+VOID
+(*PTIMERAPCROUTINE)(
+ LPVOID lpArgToCompletionRoutine,
+ DWORD dwTimerLowValue,
+ DWORD dwTimerHighValue
+ );
// File System Control commands ( related to defragging )
#define FSCTL_GET_RETRIEVAL_POINTERS 0x90073
#define FSCTL_MOVE_FILE 0x90074
-typedef struct _MAPPING_PAIR
+typedef struct _MAPPING_PAIR
{
ULONGLONG Vcn;
ULONGLONG Lcn;
{
ULONGLONG StartLcn;
ULONGLONG ClustersToEndOfVol;
- BYTE Map[0]; // variable size
-} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
+ BYTE Map[0]; // variable size
+} BITMAP_DESCRIPTOR, *PBITMAP_DESCRIPTOR;
typedef struct _MOVEFILE_DESCRIPTOR
{
- HANDLE FileHandle;
- ULONG Reserved;
- LARGE_INTEGER StartVcn;
+ HANDLE FileHandle;
+ ULONG Reserved;
+ LARGE_INTEGER StartVcn;
LARGE_INTEGER TargetLcn;
- ULONG NumVcns;
- ULONG Reserved1;
+ ULONG NumVcns;
+ ULONG Reserved1;
} MOVEFILE_DESCRIPTOR, *PMOVEFILE_DESCRIPTOR;
-// semaphore information
-
-typedef struct _SEMAPHORE_BASIC_INFORMATION
-{
- ULONG CurrentCount;
- ULONG MaximumCount;
-} SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION;
-
-// event information
-
-typedef struct _EVENT_BASIC_INFORMATION
-{
- BOOL AutomaticReset;
- BOOL Signaled;
-} EVENT_BASIC_INFORMATION, *PEVENT_INFORMATION;
//typedef enum _TIMER_TYPE
//{
// SynchronizationTimer
//} TIMER_TYPE;
-
-#endif
+typedef
+struct _LPC_PORT_BASIC_INFORMATION
+{
+ DWORD Unknown0;
+ DWORD Unknown1;
+ DWORD Unknown2;
+ DWORD Unknown3;
+ DWORD Unknown4;
+ DWORD Unknown5;
+ DWORD Unknown6;
+ DWORD Unknown7;
+ DWORD Unknown8;
+ DWORD Unknown9;
+ DWORD Unknown10;
+ DWORD Unknown11;
+ DWORD Unknown12;
+ DWORD Unknown13;
+
+} LPC_PORT_BASIC_INFORMATION, * PLPC_PORT_BASIC_INFORMATION;
+
+#endif