#define NtCurrentThread() ( (HANDLE)(LONG_PTR) -2 )
#define ZwCurrentThread() NtCurrentThread()
+#define DPFLTR_ERROR_LEVEL 0
+#define DPFLTR_WARNING_LEVEL 1
+#define DPFLTR_TRACE_LEVEL 2
+#define DPFLTR_INFO_LEVEL 3
+#define DPFLTR_MASK 0x80000000
+
#define MAXIMUM_PROCESSORS 32
#define MAXIMUM_WAIT_OBJECTS 64
extern NTOSAPI CCHAR KeNumberProcessors;
#define PROCESSOR_FEATURE_MAX 64
+#define MAX_WOW64_SHARED_ENTRIES 16
typedef enum _ALTERNATIVE_ARCHITECTURE_TYPE
{
volatile KSYSTEM_TIME TimeZoneBias;
USHORT ImageNumberLow;
USHORT ImageNumberHigh;
- WCHAR NtSystemRoot[ 260 ];
+ WCHAR NtSystemRoot[260];
ULONG MaxStackTraceDepth;
ULONG CryptoExponent;
ULONG TimeZoneId;
ULONG LargePageMinimum;
- ULONG Reserved2[ 7 ];
+ ULONG Reserved2[7];
NT_PRODUCT_TYPE NtProductType;
BOOLEAN ProductTypeIsValid;
ULONG NtMajorVersion;
ULONG NumberOfPhysicalPages;
BOOLEAN SafeBootMode;
ULONG TraceLogging;
- ULONGLONG Fill0;
- ULONGLONG SystemCall[4];
+ ULONG Fill0;
+ ULONGLONG TestRetInstruction;
+ ULONG SystemCall;
+ ULONG SystemCallReturn;
+ ULONGLONG SystemCallPad[3];
union {
volatile KSYSTEM_TIME TickCount;
volatile ULONG64 TickCountQuad;
};
+ ULONG Cookie;
+ LONGLONG ConsoleSessionForegroundProcessId;
+ ULONG Wow64SharedInformation[MAX_WOW64_SHARED_ENTRIES];
+ ULONG UserModeGlobalLogging;
} KUSER_SHARED_DATA, *PKUSER_SHARED_DATA;
/*
(DDKAPI *PKTRANSFER_ROUTINE)(
VOID);
-typedef struct _KAPC {
- CSHORT Type;
- CSHORT Size;
- ULONG Spare0;
- struct _KTHREAD *Thread;
- LIST_ENTRY ApcListEntry;
- PKKERNEL_ROUTINE KernelRoutine;
- PKRUNDOWN_ROUTINE RundownRoutine;
- PKNORMAL_ROUTINE NormalRoutine;
- PVOID NormalContext;
- PVOID SystemArgument1;
- PVOID SystemArgument2;
- CCHAR ApcStateIndex;
- KPROCESSOR_MODE ApcMode;
- BOOLEAN Inserted;
+typedef struct _KAPC
+{
+ UCHAR Type;
+ UCHAR SpareByte0;
+ UCHAR Size;
+ UCHAR SpareByte1;
+ ULONG SpareLong0;
+ struct _KTHREAD *Thread;
+ LIST_ENTRY ApcListEntry;
+ PKKERNEL_ROUTINE KernelRoutine;
+ PKRUNDOWN_ROUTINE RundownRoutine;
+ PKNORMAL_ROUTINE NormalRoutine;
+ PVOID NormalContext;
+ PVOID SystemArgument1;
+ PVOID SystemArgument2;
+ CCHAR ApcStateIndex;
+ KPROCESSOR_MODE ApcMode;
+ BOOLEAN Inserted;
} KAPC, *PKAPC, *RESTRICTED_POINTER PRKAPC;
typedef struct _KDEVICE_QUEUE {
PKDPC BufferChainingDpc;
} WAIT_CONTEXT_BLOCK, *PWAIT_CONTEXT_BLOCK;
-typedef struct _DISPATCHER_HEADER {
- UCHAR Type;
- UCHAR Absolute;
- UCHAR Size;
- UCHAR Inserted;
- LONG SignalState;
- LIST_ENTRY WaitListHead;
+typedef struct _DISPATCHER_HEADER
+{
+ union
+ {
+ struct
+ {
+ UCHAR Type;
+ union
+ {
+ UCHAR Absolute;
+ UCHAR NpxIrql;
+ };
+ union
+ {
+ UCHAR Size;
+ UCHAR Hand;
+ };
+ union
+ {
+ UCHAR Inserted;
+ BOOLEAN DebugActive;
+ };
+ };
+ volatile LONG Lock;
+ };
+ LONG SignalState;
+ LIST_ENTRY WaitListHead;
} DISPATCHER_HEADER, *PDISPATCHER_HEADER;
typedef struct _KEVENT {
#define SL_INVOKE_ON_SUCCESS 0x40
#define SL_INVOKE_ON_ERROR 0x80
+/* IO_STACK_LOCATION.Parameters.ReadWriteControl.WhichSpace */
+
+#define PCI_WHICHSPACE_CONFIG 0x0
+#define PCI_WHICHSPACE_ROM 0x52696350 /* 'PciR' */
+
typedef enum _KEY_INFORMATION_CLASS {
KeyBasicInformation,
KeyNodeInformation,
TraceHandleByNameClass
} TRACE_INFORMATION_CLASS;
+typedef enum _REG_NOTIFY_CLASS
+{
+ RegNtDeleteKey,
+ RegNtPreDeleteKey = RegNtDeleteKey,
+ RegNtSetValueKey,
+ RegNtPreSetValueKey = RegNtSetValueKey,
+ RegNtDeleteValueKey,
+ RegNtPreDeleteValueKey = RegNtDeleteValueKey,
+ RegNtSetInformationKey,
+ RegNtPreSetInformationKey = RegNtSetInformationKey,
+ RegNtRenameKey,
+ RegNtPreRenameKey = RegNtRenameKey,
+ RegNtEnumerateKey,
+ RegNtPreEnumerateKey = RegNtEnumerateKey,
+ RegNtEnumerateValueKey,
+ RegNtPreEnumerateValueKey = RegNtEnumerateValueKey,
+ RegNtQueryKey,
+ RegNtPreQueryKey = RegNtQueryKey,
+ RegNtQueryValueKey,
+ RegNtPreQueryValueKey = RegNtQueryValueKey,
+ RegNtQueryMultipleValueKey,
+ RegNtPreQueryMultipleValueKey = RegNtQueryMultipleValueKey,
+ RegNtPreCreateKey,
+ RegNtPostCreateKey,
+ RegNtPreOpenKey,
+ RegNtPostOpenKey,
+ RegNtKeyHandleClose,
+ RegNtPreKeyHandleClose = RegNtKeyHandleClose,
+ RegNtPostDeleteKey,
+ RegNtPostSetValueKey,
+ RegNtPostDeleteValueKey,
+ RegNtPostSetInformationKey,
+ RegNtPostRenameKey,
+ RegNtPostEnumerateKey,
+ RegNtPostEnumerateValueKey,
+ RegNtPostQueryKey,
+ RegNtPostQueryValueKey,
+ RegNtPostQueryMultipleValueKey,
+ RegNtPostKeyHandleClose,
+ RegNtPreCreateKeyEx,
+ RegNtPostCreateKeyEx,
+ RegNtPreOpenKeyEx,
+ RegNtPostOpenKeyEx
+} REG_NOTIFY_CLASS, *PREG_NOTIFY_CLASS;
+
typedef NTSTATUS
(DDKAPI *PEX_CALLBACK_FUNCTION)(
IN PVOID CallbackContext,
- IN PVOID Argument1,
+ IN REG_NOTIFY_CLASS Argument1,
IN PVOID Argument2);
+typedef struct _REG_DELETE_KEY_INFORMATION
+{
+ PVOID Object;
+} REG_DELETE_KEY_INFORMATION, *PREG_DELETE_KEY_INFORMATION;
+
+typedef struct _REG_SET_VALUE_KEY_INFORMATION
+{
+ PVOID Object;
+ PUNICODE_STRING ValueName;
+ ULONG TitleIndex;
+ ULONG Type;
+ PVOID Data;
+ ULONG DataSize;
+} REG_SET_VALUE_KEY_INFORMATION, *PREG_SET_VALUE_KEY_INFORMATION;
+
+typedef struct _REG_DELETE_VALUE_KEY_INFORMATION
+{
+ PVOID Object;
+ PUNICODE_STRING ValueName;
+} REG_DELETE_VALUE_KEY_INFORMATION, *PREG_DELETE_VALUE_KEY_INFORMATION;
+
+typedef struct _REG_SET_INFORMATION_KEY_INFORMATION
+{
+ PVOID Object;
+ KEY_SET_INFORMATION_CLASS KeySetInformationClass;
+ PVOID KeySetInformation;
+ ULONG KeySetInformationLength;
+} REG_SET_INFORMATION_KEY_INFORMATION, *PREG_SET_INFORMATION_KEY_INFORMATION;
+
+typedef struct _REG_ENUMERATE_KEY_INFORMATION
+{
+ PVOID Object;
+ ULONG Index;
+ KEY_INFORMATION_CLASS KeyInformationClass;
+ PVOID KeyInformation;
+ ULONG Length;
+ PULONG ResultLength;
+} REG_ENUMERATE_KEY_INFORMATION, *PREG_ENUMERATE_KEY_INFORMATION;
+
+typedef struct _REG_ENUMERATE_VALUE_KEY_INFORMATION
+{
+ PVOID Object;
+ ULONG Index;
+ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass;
+ PVOID KeyValueInformation;
+ ULONG Length;
+ PULONG ResultLength;
+} REG_ENUMERATE_VALUE_KEY_INFORMATION, *PREG_ENUMERATE_VALUE_KEY_INFORMATION;
+
+typedef struct _REG_QUERY_KEY_INFORMATION
+{
+ PVOID Object;
+ KEY_INFORMATION_CLASS KeyInformationClass;
+ PVOID KeyInformation;
+ ULONG Length;
+ PULONG ResultLength;
+} REG_QUERY_KEY_INFORMATION, *PREG_QUERY_KEY_INFORMATION;
+
+typedef struct _REG_QUERY_VALUE_KEY_INFORMATION
+{
+ PVOID Object;
+ PUNICODE_STRING ValueName;
+ KEY_VALUE_INFORMATION_CLASS KeyValueInformationClass;
+ PVOID KeyValueInformation;
+ ULONG Length;
+ PULONG ResultLength;
+} REG_QUERY_VALUE_KEY_INFORMATION, *PREG_QUERY_VALUE_KEY_INFORMATION;
+
+typedef struct _REG_QUERY_MULTIPLE_VALUE_KEY_INFORMATION
+{
+ PVOID Object;
+ PKEY_VALUE_ENTRY ValueEntries;
+ ULONG EntryCount;
+ PVOID ValueBuffer;
+ PULONG BufferLength;
+ PULONG RequiredBufferLength;
+} REG_QUERY_MULTIPLE_VALUE_KEY_INFORMATION, *PREG_QUERY_MULTIPLE_VALUE_KEY_INFORMATION;
+
+typedef struct _REG_PRE_CREATE_KEY_INFORMATION
+{
+ PUNICODE_STRING CompleteName;
+} REG_PRE_CREATE_KEY_INFORMATION, *PREG_PRE_CREATE_KEY_INFORMATION;
+
+typedef struct _REG_POST_CREATE_KEY_INFORMATION
+{
+ PUNICODE_STRING CompleteName;
+ PVOID Object;
+ NTSTATUS Status;
+} REG_POST_CREATE_KEY_INFORMATION, *PREG_POST_CREATE_KEY_INFORMATION;
+
+typedef struct _REG_PRE_OPEN_KEY_INFORMATION
+{
+ PUNICODE_STRING CompleteName;
+} REG_PRE_OPEN_KEY_INFORMATION, *PREG_PRE_OPEN_KEY_INFORMATION;
+typedef struct _REG_POST_OPEN_KEY_INFORMATION
+{
+ PUNICODE_STRING CompleteName;
+ PVOID Object;
+ NTSTATUS Status;
+} REG_POST_OPEN_KEY_INFORMATION, *PREG_POST_OPEN_KEY_INFORMATION;
+
+typedef struct _REG_POST_OPERATION_INFORMATION
+{
+ PVOID Object;
+ NTSTATUS Status;
+} REG_POST_OPERATION_INFORMATION,*PREG_POST_OPERATION_INFORMATION;
/*
** Storage structures
#endif /* DBG */
+/* HACK HACK HACK - GCC (or perhaps LD) is messing this up */
+#if defined(_NTSYSTEM_) || defined(__GNUC__)
+#define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag
+#define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag
+#else
+#define NLS_MB_CODE_PAGE_TAG (*NlsMbCodePageTag)
+#define NLS_MB_OEM_CODE_PAGE_TAG (*NlsMbOemCodePageTag)
+#endif /* _NT_SYSTEM */
+
+extern BOOLEAN NTSYSAPI NLS_MB_CODE_PAGE_TAG;
+extern BOOLEAN NTSYSAPI NLS_MB_OEM_CODE_PAGE_TAG;
/*
** Driver support routines
NTOSAPI
ULONG
DDKAPI
-RtlAnsiStringToUnicodeSize(
- IN PANSI_STRING AnsiString);
+RtlxAnsiStringToUnicodeSize(
+ IN PCANSI_STRING AnsiString);
+
+#define RtlAnsiStringToUnicodeSize(STRING) ( \
+ NLS_MB_CODE_PAGE_TAG ? \
+ RtlxAnsiStringToUnicodeSize(STRING) : \
+ ((STRING)->Length + sizeof(ANSI_NULL)) * sizeof(WCHAR) \
+)
NTOSAPI
NTSTATUS
DDKAPI
RtlAppendUnicodeStringToString(
IN OUT PUNICODE_STRING Destination,
- IN PUNICODE_STRING Source);
+ IN PCUNICODE_STRING Source);
NTOSAPI
NTSTATUS
LONG
DDKAPI
RtlCompareUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
+ IN PCUNICODE_STRING String1,
+ IN PCUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive);
-NTOSAPI
+static __inline
LARGE_INTEGER
-DDKAPI
-RtlConvertLongToLargeInteger(
- IN LONG SignedInteger);
+NTAPI_INLINE
+RtlConvertLongToLargeInteger(LONG SignedInteger)
+{
+ LARGE_INTEGER Result;
+
+ Result.QuadPart = SignedInteger;
+ return Result;
+}
NTOSAPI
LUID
DDKAPI
RtlCopyUnicodeString(
IN OUT PUNICODE_STRING DestinationString,
- IN PUNICODE_STRING SourceString);
+ IN PCUNICODE_STRING SourceString);
NTOSAPI
NTSTATUS
BOOLEAN
DDKAPI
RtlPrefixUnicodeString(
- IN PUNICODE_STRING String1,
- IN PUNICODE_STRING String2,
+ IN PCUNICODE_STRING String1,
+ IN PCUNICODE_STRING String2,
IN BOOLEAN CaseInSensitive);
NTOSAPI
RtlUlonglongByteSwap(
IN ULONGLONG Source);
-NTOSAPI
-ULONG
-DDKAPI
-RtlUnicodeStringToAnsiSize(
- IN PUNICODE_STRING UnicodeString);
+#define RtlUnicodeStringToAnsiSize(STRING) ( \
+ NLS_MB_CODE_PAGE_TAG ? \
+ RtlxUnicodeStringToAnsiSize(STRING) : \
+ ((STRING)->Length + sizeof(UNICODE_NULL)) / sizeof(WCHAR) \
+)
NTOSAPI
NTSTATUS
DDKAPI
RtlUnicodeStringToAnsiString(
IN OUT PANSI_STRING DestinationString,
- IN PUNICODE_STRING SourceString,
+ IN PCUNICODE_STRING SourceString,
IN BOOLEAN AllocateDestinationString);
NTOSAPI
NTSTATUS
DDKAPI
RtlUnicodeStringToInteger(
- IN PUNICODE_STRING String,
+ IN PCUNICODE_STRING String,
IN ULONG Base OPTIONAL,
OUT PULONG Value);
BOOLEAN
DDKAPI
RtlValidRelativeSecurityDescriptor(
- IN PISECURITY_DESCRIPTOR_RELATIVE SecurityDescriptorInput,
+ IN PSECURITY_DESCRIPTOR SecurityDescriptorInput,
IN ULONG SecurityDescriptorLength,
IN SECURITY_INFORMATION RequiredInformation);
ULONG
DDKAPI
RtlxUnicodeStringToAnsiSize(
- IN PUNICODE_STRING UnicodeString);
+ IN PCUNICODE_STRING UnicodeString);
/*
* VOID