#define IO_COMPLETION_QUERY_STATE 0x0001
#define IO_COMPLETION_MODIFY_STATE 0x0002
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define IO_COMPLETION_QUERY_STATE 0x0001
#define IO_COMPLETION_MODIFY_STATE 0x0002
#define IO_COMPLETION_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0x3)
#define PROCESS_TERMINATE 1
#define PROCESS_CREATE_THREAD 2
#define PROCESS_SET_SESSIONID 4
#define PROCESS_TERMINATE 1
#define PROCESS_CREATE_THREAD 2
#define PROCESS_SET_SESSIONID 4
#define PROCESS_SUSPEND_RESUME 2048
#define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0xFFF)
#define PROCESS_SUSPEND_RESUME 2048
#define PROCESS_QUERY_LIMITED_INFORMATION 0x1000
#define PROCESS_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|0xFFF)
#define PROCESS_DUP_HANDLE 64
#define THREAD_TERMINATE 1
#define THREAD_SUSPEND_RESUME 2
#define THREAD_GET_CONTEXT 8
#define THREAD_SET_CONTEXT 16
#define THREAD_SET_INFORMATION 32
#define PROCESS_DUP_HANDLE 64
#define THREAD_TERMINATE 1
#define THREAD_SUSPEND_RESUME 2
#define THREAD_GET_CONTEXT 8
#define THREAD_SET_CONTEXT 16
#define THREAD_SET_INFORMATION 32
#define THREAD_QUERY_INFORMATION 64
#define THREAD_SET_THREAD_TOKEN 128
#define THREAD_IMPERSONATE 256
#define THREAD_DIRECT_IMPERSONATION 0x200
#define THREAD_QUERY_INFORMATION 64
#define THREAD_SET_THREAD_TOKEN 128
#define THREAD_IMPERSONATE 256
#define THREAD_DIRECT_IMPERSONATION 0x200
#define MUTANT_QUERY_STATE 0x0001
#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|MUTANT_QUERY_STATE)
#define TIMER_QUERY_STATE 0x0001
#define MUTANT_QUERY_STATE 0x0001
#define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED|SYNCHRONIZE|MUTANT_QUERY_STATE)
#define TIMER_QUERY_STATE 0x0001
#define THREAD_BASE_PRIORITY_MAX 2
#define THREAD_BASE_PRIORITY_MIN (-2)
#define THREAD_BASE_PRIORITY_IDLE (-15)
#define THREAD_BASE_PRIORITY_MAX 2
#define THREAD_BASE_PRIORITY_MIN (-2)
#define THREAD_BASE_PRIORITY_IDLE (-15)
/*
* To prevent gcc compiler warnings, bracket these defines when initialising
* a SID_IDENTIFIER_AUTHORITY, eg.
/*
* To prevent gcc compiler warnings, bracket these defines when initialising
* a SID_IDENTIFIER_AUTHORITY, eg.
#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
#define SE_CREATE_GLOBAL_NAME TEXT("SeCreateGlobalPrivilege")
#define SE_CHANGE_NOTIFY_NAME TEXT("SeChangeNotifyPrivilege")
#define SE_REMOTE_SHUTDOWN_NAME TEXT("SeRemoteShutdownPrivilege")
#define SE_CREATE_GLOBAL_NAME TEXT("SeCreateGlobalPrivilege")
#define SE_GROUP_MANDATORY 1
#define SE_GROUP_ENABLED_BY_DEFAULT 2
#define SE_GROUP_ENABLED 4
#define SE_GROUP_MANDATORY 1
#define SE_GROUP_ENABLED_BY_DEFAULT 2
#define SE_GROUP_ENABLED 4
#define SE_GROUP_USE_FOR_DENY_ONLY 16
#define SE_GROUP_LOGON_ID 3221225472U
#define SE_GROUP_RESOURCE 536870912
#define SE_GROUP_USE_FOR_DENY_ONLY 16
#define SE_GROUP_LOGON_ID 3221225472U
#define SE_GROUP_RESOURCE 536870912
#define LANG_NEUTRAL 0x00
#define LANG_INVARIANT 0x7f
#define LANG_AFRIKAANS 0x36
#define LANG_NEUTRAL 0x00
#define LANG_INVARIANT 0x7f
#define LANG_AFRIKAANS 0x36
#define MEM_WRITE_WATCH 0x200000 /* 98/Me */
#define MEM_PHYSICAL 0x400000
#define MEM_4MB_PAGES 0x80000000
#define MEM_WRITE_WATCH 0x200000 /* 98/Me */
#define MEM_PHYSICAL 0x400000
#define MEM_4MB_PAGES 0x80000000
#define MEM_IMAGE SEC_IMAGE
#define SEC_NO_CHANGE 0x00400000
#define SEC_FILE 0x00800000
#define MEM_IMAGE SEC_IMAGE
#define SEC_NO_CHANGE 0x00400000
#define SEC_FILE 0x00800000
#define SEC_RESERVE 0x04000000
#define SEC_COMMIT 0x08000000
#define SEC_NOCACHE 0x10000000
#define SEC_RESERVE 0x04000000
#define SEC_COMMIT 0x08000000
#define SEC_NOCACHE 0x10000000
#define SECTION_EXTEND_SIZE 16
#define SECTION_MAP_READ 4
#define SECTION_MAP_WRITE 2
#define SECTION_EXTEND_SIZE 16
#define SECTION_MAP_READ 4
#define SECTION_MAP_WRITE 2
#define SECTION_MAP_EXECUTE 8
#define SECTION_ALL_ACCESS 0xf001f
#define WRITE_WATCH_FLAG_RESET 0x01
#define SECTION_MAP_EXECUTE 8
#define SECTION_ALL_ACCESS 0xf001f
#define WRITE_WATCH_FLAG_RESET 0x01
ACCESS_MASK GenericExecute;
ACCESS_MASK GenericAll;
} GENERIC_MAPPING, *PGENERIC_MAPPING;
ACCESS_MASK GenericExecute;
ACCESS_MASK GenericAll;
} GENERIC_MAPPING, *PGENERIC_MAPPING;
GUID InheritedObjectType;
DWORD SidStart;
} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
GUID InheritedObjectType;
DWORD SidStart;
} SYSTEM_ALARM_CALLBACK_OBJECT_ACE, *PSYSTEM_ALARM_CALLBACK_OBJECT_ACE;
BOOLEAN EffectiveOnly;
SECURITY_IMPERSONATION_LEVEL Level;
} SE_IMPERSONATION_STATE,*PSE_IMPERSONATION_STATE;
BOOLEAN EffectiveOnly;
SECURITY_IMPERSONATION_LEVEL Level;
} SE_IMPERSONATION_STATE,*PSE_IMPERSONATION_STATE;
typedef struct _SID_IDENTIFIER_AUTHORITY {
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
typedef struct _SID_IDENTIFIER_AUTHORITY {
BYTE Value[6];
} SID_IDENTIFIER_AUTHORITY,*PSID_IDENTIFIER_AUTHORITY,*LPSID_IDENTIFIER_AUTHORITY;
typedef enum _SID_NAME_USE {
SidTypeUser=1,SidTypeGroup,SidTypeDomain,SidTypeAlias,
SidTypeWellKnownGroup,SidTypeDeletedAccount,SidTypeInvalid,
typedef enum _SID_NAME_USE {
SidTypeUser=1,SidTypeGroup,SidTypeDomain,SidTypeAlias,
SidTypeWellKnownGroup,SidTypeDeletedAccount,SidTypeInvalid,
DWORD NumberOfBlocks;
MESSAGE_RESOURCE_BLOCK Blocks[1];
} MESSAGE_RESOURCE_DATA,*PMESSAGE_RESOURCE_DATA;
DWORD NumberOfBlocks;
MESSAGE_RESOURCE_BLOCK Blocks[1];
} MESSAGE_RESOURCE_DATA,*PMESSAGE_RESOURCE_DATA;
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
typedef struct _LIST_ENTRY {
struct _LIST_ENTRY *Flink;
struct _LIST_ENTRY *Blink;
#define JOB_OBJECT_ASSIGN_PROCESS 1
#define JOB_OBJECT_SET_ATTRIBUTES 2
#define JOB_OBJECT_QUERY 4
#define JOB_OBJECT_ASSIGN_PROCESS 1
#define JOB_OBJECT_SET_ATTRIBUTES 2
#define JOB_OBJECT_QUERY 4
DWORD UIRestrictionsClass;
} JOBOBJECT_BASIC_UI_RESTRICTIONS,*PJOBOBJECT_BASIC_UI_RESTRICTIONS;
DWORD UIRestrictionsClass;
} JOBOBJECT_BASIC_UI_RESTRICTIONS,*PJOBOBJECT_BASIC_UI_RESTRICTIONS;
PTOKEN_PRIVILEGES PrivilegesToDelete;
PTOKEN_GROUPS RestrictedSids;
} JOBOBJECT_SECURITY_LIMIT_INFORMATION,*PJOBOBJECT_SECURITY_LIMIT_INFORMATION;
PTOKEN_PRIVILEGES PrivilegesToDelete;
PTOKEN_GROUPS RestrictedSids;
} JOBOBJECT_SECURITY_LIMIT_INFORMATION,*PJOBOBJECT_SECURITY_LIMIT_INFORMATION;
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
{
return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
}
FORCEINLINE struct _TEB * NtCurrentTeb(VOID)
{
return (struct _TEB *)__readgsqword(FIELD_OFFSET(NT_TIB, Self));
}