Update phnt headers
This commit is contained in:
zeffy
@@ -107,7 +107,8 @@ typedef struct _DBGUI_WAIT_STATE_CHANGE
|
||||
|
||||
typedef enum _DEBUGOBJECTINFOCLASS
|
||||
{
|
||||
DebugObjectFlags = 1,
|
||||
DebugObjectUnusedInformation,
|
||||
DebugObjectKillProcessOnExitInformation,
|
||||
MaxDebugObjectInfoClass
|
||||
} DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
|
||||
|
||||
|
||||
@@ -1394,13 +1394,13 @@ typedef enum _SYSTEM_INFORMATION_CLASS
|
||||
SystemSecureDumpEncryptionInformation,
|
||||
SystemWriteConstraintInformation, // SYSTEM_WRITE_CONSTRAINT_INFORMATION
|
||||
SystemKernelVaShadowInformation, // SYSTEM_KERNEL_VA_SHADOW_INFORMATION
|
||||
SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // REDSTONE4
|
||||
SystemHypervisorSharedPageInformation, // SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION // since REDSTONE4
|
||||
SystemFirmwareBootPerformanceInformation,
|
||||
SystemCodeIntegrityVerificationInformation,
|
||||
SystemCodeIntegrityVerificationInformation, // SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION
|
||||
SystemFirmwarePartitionInformation, // 200
|
||||
SystemSpeculationControlInformation, // SYSTEM_SPECULATION_CONTROL_INFORMATION // (CVE-2017-5715) REDSTONE3 and above.
|
||||
SystemDmaGuardPolicyInformation,
|
||||
SystemEnclaveLaunchControlInformation,
|
||||
SystemDmaGuardPolicyInformation, // SYSTEM_DMA_GUARD_POLICY_INFORMATION
|
||||
SystemEnclaveLaunchControlInformation, // SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION
|
||||
MaxSystemInfoClass
|
||||
} SYSTEM_INFORMATION_CLASS;
|
||||
|
||||
@@ -1424,7 +1424,7 @@ typedef struct _SYSTEM_PROCESSOR_INFORMATION
|
||||
USHORT ProcessorArchitecture;
|
||||
USHORT ProcessorLevel;
|
||||
USHORT ProcessorRevision;
|
||||
USHORT ProcessorCount;
|
||||
USHORT MaximumProcessors;
|
||||
ULONG ProcessorFeatureBits;
|
||||
} SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION;
|
||||
|
||||
@@ -1845,6 +1845,11 @@ typedef enum _EVENT_TRACE_INFORMATION_CLASS
|
||||
EventTraceSoftRestartInformation, // EVENT_TRACE_SOFT_RESTART_INFORMATION
|
||||
EventTraceLastBranchConfigurationInformation, // REDSTONE3
|
||||
EventTraceLastBranchEventListInformation,
|
||||
EventTraceProfileSourceAddInformation, // EVENT_TRACE_PROFILE_ADD_INFORMATION // REDSTONE4
|
||||
EventTraceProfileSourceRemoveInformation, // EVENT_TRACE_PROFILE_REMOVE_INFORMATION
|
||||
EventTraceProcessorTraceConfigurationInformation,
|
||||
EventTraceProcessorTraceEventListInformation,
|
||||
EventTraceCoverageSamplerInformation, // EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION
|
||||
MaxEventTraceInfoClass
|
||||
} EVENT_TRACE_INFORMATION_CLASS;
|
||||
|
||||
@@ -1955,6 +1960,36 @@ typedef struct _EVENT_TRACE_SOFT_RESTART_INFORMATION
|
||||
WCHAR FileName[1];
|
||||
} EVENT_TRACE_SOFT_RESTART_INFORMATION, *PEVENT_TRACE_SOFT_RESTART_INFORMATION;
|
||||
|
||||
typedef struct _EVENT_TRACE_PROFILE_ADD_INFORMATION
|
||||
{
|
||||
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
|
||||
BOOLEAN PerfEvtEventSelect;
|
||||
BOOLEAN PerfEvtUnitSelect;
|
||||
ULONG PerfEvtType;
|
||||
ULONG CpuInfoHierarchy[0x3];
|
||||
ULONG InitialInterval;
|
||||
BOOLEAN AllowsHalt;
|
||||
BOOLEAN Persist;
|
||||
WCHAR ProfileSourceDescription[0x1];
|
||||
} EVENT_TRACE_PROFILE_ADD_INFORMATION, *PEVENT_TRACE_PROFILE_ADD_INFORMATION;
|
||||
|
||||
typedef struct _EVENT_TRACE_PROFILE_REMOVE_INFORMATION
|
||||
{
|
||||
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
|
||||
KPROFILE_SOURCE ProfileSource;
|
||||
ULONG CpuInfoHierarchy[0x3];
|
||||
} EVENT_TRACE_PROFILE_REMOVE_INFORMATION, *PEVENT_TRACE_PROFILE_REMOVE_INFORMATION;
|
||||
|
||||
typedef struct _EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION
|
||||
{
|
||||
EVENT_TRACE_INFORMATION_CLASS EventTraceInformationClass;
|
||||
BOOLEAN CoverageSamplerInformationClass;
|
||||
UCHAR MajorVersion;
|
||||
UCHAR MinorVersion;
|
||||
UCHAR Reserved;
|
||||
HANDLE SamplerHandle;
|
||||
} EVENT_TRACE_COVERAGE_SAMPLER_INFORMATION, *PEVENT_TRACE_COVERAGE_SAMPLER_INFORMATION;
|
||||
|
||||
typedef struct _SYSTEM_EXCEPTION_INFORMATION
|
||||
{
|
||||
ULONG AlignmentFixupCount;
|
||||
@@ -2256,7 +2291,17 @@ typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION
|
||||
{
|
||||
GUID BootIdentifier;
|
||||
FIRMWARE_TYPE FirmwareType;
|
||||
union
|
||||
{
|
||||
ULONGLONG BootFlags;
|
||||
struct
|
||||
{
|
||||
ULONGLONG DbgMenuOsSelection : 1; // REDSTONE4
|
||||
ULONGLONG DbgHiberBoot : 1;
|
||||
ULONGLONG DbgSoftBoot : 1;
|
||||
ULONGLONG DbgMeasuredLaunch : 1;
|
||||
};
|
||||
};
|
||||
} SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION;
|
||||
|
||||
// private
|
||||
@@ -2788,6 +2833,7 @@ typedef enum _SYSTEM_PROCESS_CLASSIFICATION
|
||||
SystemProcessClassificationSystem,
|
||||
SystemProcessClassificationSecureSystem,
|
||||
SystemProcessClassificationMemCompression,
|
||||
SystemProcessClassificationRegistry, // REDSTONE4
|
||||
SystemProcessClassificationMaximum
|
||||
} SYSTEM_PROCESS_CLASSIFICATION;
|
||||
|
||||
@@ -3007,6 +3053,7 @@ typedef struct _SYSTEM_MEMORY_USAGE_INFORMATION
|
||||
typedef struct _SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION
|
||||
{
|
||||
HANDLE ImageFile;
|
||||
ULONG Type; // REDSTONE4
|
||||
} SYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION, *PSYSTEM_CODEINTEGRITY_CERTIFICATE_INFORMATION;
|
||||
|
||||
// private
|
||||
@@ -3021,8 +3068,8 @@ typedef struct _SYSTEM_PHYSICAL_MEMORY_INFORMATION
|
||||
typedef enum _SYSTEM_ACTIVITY_MODERATION_STATE
|
||||
{
|
||||
SystemActivityModerationStateSystemManaged,
|
||||
SystemActivityModerationStateAlwaysThrottled,
|
||||
SystemActivityModerationStateNeverThrottled,
|
||||
SystemActivityModerationStateUserManagedAllowThrottling,
|
||||
SystemActivityModerationStateUserManagedDisableThrottling,
|
||||
MaxSystemActivityModerationState
|
||||
} SYSTEM_ACTIVITY_MODERATION_STATE;
|
||||
|
||||
@@ -3065,9 +3112,11 @@ typedef struct _SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION
|
||||
ULONG Locked : 1;
|
||||
ULONG Unlockable : 1;
|
||||
ULONG UnlockApplied : 1;
|
||||
ULONG Reserved : 29;
|
||||
ULONG UnlockIdValid : 1; // REDSTONE4
|
||||
ULONG Reserved : 28;
|
||||
};
|
||||
};
|
||||
UCHAR UnlockId[32]; // REDSTONE4
|
||||
} SYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION, *PSYSTEM_CODEINTEGRITY_UNLOCK_INFORMATION;
|
||||
|
||||
// private
|
||||
@@ -3098,11 +3147,21 @@ typedef struct _SYSTEM_KERNEL_VA_SHADOW_INFORMATION
|
||||
ULONG KvaShadowUserGlobal : 1;
|
||||
ULONG KvaShadowPcid : 1;
|
||||
ULONG KvaShadowInvpcid : 1;
|
||||
ULONG Reserved : 28;
|
||||
ULONG KvaShadowRequired : 1; // REDSTONE4
|
||||
ULONG KvaShadowRequiredAvailable : 1;
|
||||
ULONG Reserved : 26;
|
||||
};
|
||||
};
|
||||
} SYSTEM_KERNEL_VA_SHADOW_INFORMATION, *PSYSTEM_KERNEL_VA_SHADOW_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION
|
||||
{
|
||||
HANDLE FileHandle;
|
||||
ULONG ImageSize;
|
||||
PVOID Image;
|
||||
} SYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION, *PSYSTEM_CODEINTEGRITYVERIFICATION_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _SYSTEM_HYPERVISOR_SHARED_PAGE_INFORMATION
|
||||
{
|
||||
@@ -3130,6 +3189,18 @@ typedef struct _SYSTEM_SPECULATION_CONTROL_INFORMATION
|
||||
};
|
||||
} SYSTEM_SPECULATION_CONTROL_INFORMATION, *PSYSTEM_SPECULATION_CONTROL_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _SYSTEM_DMA_GUARD_POLICY_INFORMATION
|
||||
{
|
||||
BOOLEAN DmaGuardPolicyEnabled;
|
||||
} SYSTEM_DMA_GUARD_POLICY_INFORMATION, *PSYSTEM_DMA_GUARD_POLICY_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION
|
||||
{
|
||||
UCHAR EnclaveLaunchSigner[32];
|
||||
} SYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION, *PSYSTEM_ENCLAVE_LAUNCH_CONTROL_INFORMATION;
|
||||
|
||||
#if (PHNT_MODE != PHNT_MODE_KERNEL)
|
||||
|
||||
NTSYSCALLAPI
|
||||
@@ -3284,7 +3355,8 @@ typedef union _SYSDBG_LIVEDUMP_CONTROL_FLAGS
|
||||
ULONG UseDumpStorageStack : 1;
|
||||
ULONG CompressMemoryPagesData : 1;
|
||||
ULONG IncludeUserSpaceMemoryPages : 1;
|
||||
ULONG Reserved : 29;
|
||||
ULONG AbortIfMemoryPressure : 1; // REDSTONE4
|
||||
ULONG Reserved : 28;
|
||||
};
|
||||
ULONG AsUlong;
|
||||
} SYSDBG_LIVEDUMP_CONTROL_FLAGS, *PSYSDBG_LIVEDUMP_CONTROL_FLAGS;
|
||||
@@ -3980,12 +4052,15 @@ NtDisplayString(
|
||||
_In_ PUNICODE_STRING String
|
||||
);
|
||||
|
||||
// Boot graphics
|
||||
|
||||
#if (PHNT_VERSION >= PHNT_WIN7)
|
||||
// rev
|
||||
NTSYSCALLAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtDrawText(
|
||||
_In_ PUNICODE_STRING String
|
||||
_In_ PUNICODE_STRING Text
|
||||
);
|
||||
#endif
|
||||
|
||||
|
||||
@@ -243,6 +243,8 @@ typedef enum _FILE_INFORMATION_CLASS
|
||||
FileDesiredStorageClassInformation, // FILE_DESIRED_STORAGE_CLASS_INFORMATION // since REDSTONE2
|
||||
FileStatInformation, // FILE_STAT_INFORMATION
|
||||
FileMemoryPartitionInformation, // FILE_MEMORY_PARTITION_INFORMATION // since REDSTONE3
|
||||
FileStatLxInformation, // FILE_STAT_LX_INFORMATION // since REDSTONE4
|
||||
FileCaseSensitiveInformation, // FILE_CASE_SENSITIVE_INFORMATION
|
||||
FileMaximumInformation
|
||||
} FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
|
||||
|
||||
@@ -711,6 +713,34 @@ typedef struct _FILE_MEMORY_PARTITION_INFORMATION
|
||||
} Flags;
|
||||
} FILE_MEMORY_PARTITION_INFORMATION, *PFILE_MEMORY_PARTITION_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _FILE_STAT_LX_INFORMATION
|
||||
{
|
||||
LARGE_INTEGER FileId;
|
||||
LARGE_INTEGER CreationTime;
|
||||
LARGE_INTEGER LastAccessTime;
|
||||
LARGE_INTEGER LastWriteTime;
|
||||
LARGE_INTEGER ChangeTime;
|
||||
LARGE_INTEGER AllocationSize;
|
||||
LARGE_INTEGER EndOfFile;
|
||||
ULONG FileAttributes;
|
||||
ULONG ReparseTag;
|
||||
ULONG NumberOfLinks;
|
||||
ULONG EffectiveAccess;
|
||||
ULONG LxFlags;
|
||||
ULONG LxUid;
|
||||
ULONG LxGid;
|
||||
ULONG LxMode;
|
||||
ULONG LxDeviceIdMajor;
|
||||
ULONG LxDeviceIdMinor;
|
||||
} FILE_STAT_LX_INFORMATION, *PFILE_STAT_LX_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _FILE_CASE_SENSITIVE_INFORMATION
|
||||
{
|
||||
ULONG Flags;
|
||||
} FILE_CASE_SENSITIVE_INFORMATION, *PFILE_CASE_SENSITIVE_INFORMATION;
|
||||
|
||||
// NtQueryDirectoryFile types
|
||||
|
||||
typedef struct _FILE_DIRECTORY_INFORMATION
|
||||
|
||||
@@ -720,6 +720,7 @@ LdrEnumerateLoadedModules(
|
||||
_In_ PVOID Context
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrOpenImageFileOptionsKey(
|
||||
@@ -728,6 +729,7 @@ LdrOpenImageFileOptionsKey(
|
||||
_Out_ PHANDLE NewKeyHandle
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrQueryImageFileKeyOption(
|
||||
@@ -739,6 +741,7 @@ LdrQueryImageFileKeyOption(
|
||||
_Out_opt_ PULONG ReturnedLength
|
||||
);
|
||||
|
||||
NTSYSAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
LdrQueryImageFileExecutionOptions(
|
||||
|
||||
@@ -1,18 +1,6 @@
|
||||
#ifndef _NTMISC_H
|
||||
#define _NTMISC_H
|
||||
|
||||
// Boot graphics
|
||||
|
||||
#if (PHNT_VERSION >= PHNT_WIN7)
|
||||
// rev
|
||||
NTSYSCALLAPI
|
||||
NTSTATUS
|
||||
NTAPI
|
||||
NtDrawText(
|
||||
_In_ PUNICODE_STRING Text
|
||||
);
|
||||
#endif
|
||||
|
||||
// Filter manager
|
||||
|
||||
#define FLT_PORT_CONNECT 0x0001
|
||||
|
||||
@@ -75,7 +75,7 @@ typedef enum _MEMORY_INFORMATION_CLASS
|
||||
MemoryImageInformation, // MEMORY_IMAGE_INFORMATION
|
||||
MemoryRegionInformationEx,
|
||||
MemoryPrivilegedBasicInformation,
|
||||
MemoryEnclaveImageInformation, // since REDSTONE3
|
||||
MemoryEnclaveImageInformation, // MEMORY_ENCLAVE_IMAGE_INFORMATION // since REDSTONE3
|
||||
MemoryBasicInformationCapped
|
||||
} MEMORY_INFORMATION_CLASS;
|
||||
#else
|
||||
@@ -216,12 +216,20 @@ typedef struct _MEMORY_IMAGE_INFORMATION
|
||||
{
|
||||
ULONG ImagePartialMap : 1;
|
||||
ULONG ImageNotExecutable : 1;
|
||||
ULONG ImageSigningLevel : 1; // REDSTONE3
|
||||
ULONG Reserved : 30;
|
||||
ULONG ImageSigningLevel : 4; // REDSTONE3
|
||||
ULONG Reserved : 26;
|
||||
};
|
||||
};
|
||||
} MEMORY_IMAGE_INFORMATION, *PMEMORY_IMAGE_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _MEMORY_ENCLAVE_IMAGE_INFORMATION
|
||||
{
|
||||
MEMORY_IMAGE_INFORMATION ImageInfo;
|
||||
UCHAR UniqueID[32];
|
||||
UCHAR AuthorID[32];
|
||||
} MEMORY_ENCLAVE_IMAGE_INFORMATION, *PMEMORY_ENCLAVE_IMAGE_INFORMATION;
|
||||
|
||||
#define MMPFNLIST_ZERO 0
|
||||
#define MMPFNLIST_FREE 1
|
||||
#define MMPFNLIST_STANDBY 2
|
||||
@@ -663,7 +671,8 @@ typedef enum _MEMORY_PARTITION_INFORMATION_CLASS
|
||||
SystemMemoryPartitionAddPagefile, // s: MEMORY_PARTITION_PAGEFILE_INFORMATION
|
||||
SystemMemoryPartitionCombineMemory, // q; s: MEMORY_PARTITION_PAGE_COMBINE_INFORMATION
|
||||
SystemMemoryPartitionInitialAddMemory, // q; s: MEMORY_PARTITION_INITIAL_ADD_INFORMATION
|
||||
SystemMemoryPartitionGetMemoryEvents // MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION // since REDSTONE2
|
||||
SystemMemoryPartitionGetMemoryEvents, // MEMORY_PARTITION_MEMORY_EVENTS_INFORMATION // since REDSTONE2
|
||||
SystemMemoryPartitionMax
|
||||
} MEMORY_PARTITION_INFORMATION_CLASS;
|
||||
|
||||
// private
|
||||
|
||||
@@ -84,8 +84,8 @@ typedef struct _PEB
|
||||
PVOID SubSystemData;
|
||||
PVOID ProcessHeap;
|
||||
PRTL_CRITICAL_SECTION FastPebLock;
|
||||
PVOID AtlThunkSListPtr;
|
||||
PVOID IFEOKey;
|
||||
PSLIST_HEADER AtlThunkSListPtr;
|
||||
union
|
||||
{
|
||||
ULONG CrossProcessFlags;
|
||||
@@ -193,19 +193,24 @@ typedef struct _PEB
|
||||
};
|
||||
};
|
||||
ULONGLONG CsrServerReadOnlySharedMemoryBase;
|
||||
PVOID TppWorkerpListLock;
|
||||
PRTL_CRITICAL_SECTION TppWorkerpListLock;
|
||||
LIST_ENTRY TppWorkerpList;
|
||||
PVOID WaitOnAddressHashTable[128];
|
||||
PVOID TelemetryCoverageHeader; // REDSTONE3
|
||||
ULONG CloudFileFlags;
|
||||
ULONG CloudFileDiagFlags; // REDSTONE4
|
||||
CHAR PlaceholderCompatibilityMode;
|
||||
CHAR PlaceholderCompatibilityModeReserved[7];
|
||||
} PEB, *PPEB;
|
||||
|
||||
#ifdef _WIN64
|
||||
C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0);
|
||||
C_ASSERT(sizeof(PEB) == 0x7B0);
|
||||
//C_ASSERT(sizeof(PEB) == 0x7B0); // REDSTONE3
|
||||
C_ASSERT(sizeof(PEB) == 0x7B8); // REDSTONE4
|
||||
#else
|
||||
C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4);
|
||||
C_ASSERT(sizeof(PEB) == 0x468);
|
||||
//C_ASSERT(sizeof(PEB) == 0x468); // REDSTONE3
|
||||
C_ASSERT(sizeof(PEB) == 0x470);
|
||||
#endif
|
||||
|
||||
#define GDI_BATCH_BUFFER_SIZE 310
|
||||
|
||||
@@ -105,7 +105,7 @@ typedef enum _PROCESSINFOCLASS
|
||||
ProcessBasePriority, // s: KPRIORITY
|
||||
ProcessRaisePriority, // s: ULONG
|
||||
ProcessDebugPort, // q: HANDLE
|
||||
ProcessExceptionPort, // s: HANDLE
|
||||
ProcessExceptionPort, // s: PROCESS_EXCEPTION_PORT
|
||||
ProcessAccessToken, // s: PROCESS_ACCESS_TOKEN
|
||||
ProcessLdtInformation, // qs: PROCESS_LDT_INFORMATION // 10
|
||||
ProcessLdtSize, // s: PROCESS_LDT_SIZE
|
||||
@@ -132,12 +132,12 @@ typedef enum _PROCESSINFOCLASS
|
||||
ProcessHandleTracing, // q: PROCESS_HANDLE_TRACING_QUERY; s: size 0 disables, otherwise enables
|
||||
ProcessIoPriority, // qs: IO_PRIORITY_HINT
|
||||
ProcessExecuteFlags, // qs: ULONG
|
||||
ProcessResourceManagement,
|
||||
ProcessResourceManagement, // ProcessTlsInformation // PROCESS_TLS_INFORMATION
|
||||
ProcessCookie, // q: ULONG
|
||||
ProcessImageInformation, // q: SECTION_IMAGE_INFORMATION
|
||||
ProcessCycleTime, // q: PROCESS_CYCLE_TIME_INFORMATION // since VISTA
|
||||
ProcessPagePriority, // q: ULONG
|
||||
ProcessInstrumentationCallback, // 40
|
||||
ProcessPagePriority, // q: PAGE_PRIORITY_INFORMATION
|
||||
ProcessInstrumentationCallback, // qs: PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION // 40
|
||||
ProcessThreadStackAllocation, // s: PROCESS_STACK_ALLOCATION_INFORMATION, PROCESS_STACK_ALLOCATION_INFORMATION_EX
|
||||
ProcessWorkingSetWatchEx, // q: PROCESS_WS_WATCH_INFORMATION_EX[]
|
||||
ProcessImageFileNameWin32, // q: UNICODE_STRING
|
||||
@@ -146,7 +146,7 @@ typedef enum _PROCESSINFOCLASS
|
||||
ProcessMemoryAllocationMode, // qs: PROCESS_MEMORY_ALLOCATION_MODE
|
||||
ProcessGroupInformation, // q: USHORT[]
|
||||
ProcessTokenVirtualizationEnabled, // s: ULONG
|
||||
ProcessConsoleHostProcess, // q: ULONG_PTR
|
||||
ProcessConsoleHostProcess, // q: ULONG_PTR // ProcessOwnerInformation
|
||||
ProcessWindowInformation, // q: PROCESS_WINDOW_INFORMATION // 50
|
||||
ProcessHandleInformation, // q: PROCESS_HANDLE_SNAPSHOT_INFORMATION // since WIN8
|
||||
ProcessMitigationPolicy, // s: PROCESS_MITIGATION_POLICY_INFORMATION
|
||||
@@ -187,6 +187,9 @@ typedef enum _PROCESSINFOCLASS
|
||||
ProcessEnableReadWriteVmLogging, // PROCESS_READWRITEVM_LOGGING_INFORMATION
|
||||
ProcessUptimeInformation, // PROCESS_UPTIME_INFORMATION
|
||||
ProcessImageSection,
|
||||
ProcessDebugAuthInformation, // since REDSTONE4
|
||||
ProcessSystemResourceManagement, // PROCESS_SYSTEM_RESOURCE_MANAGEMENT
|
||||
ProcessSequenceNumber, // q: ULONGLONG
|
||||
MaxProcessInfoClass
|
||||
} PROCESSINFOCLASS;
|
||||
#endif
|
||||
@@ -353,6 +356,15 @@ typedef struct _POOLED_USAGE_AND_LIMITS
|
||||
SIZE_T PagefileLimit;
|
||||
} POOLED_USAGE_AND_LIMITS, *PPOOLED_USAGE_AND_LIMITS;
|
||||
|
||||
#define PROCESS_EXCEPTION_PORT_ALL_STATE_BITS 0x00000003
|
||||
#define PROCESS_EXCEPTION_PORT_ALL_STATE_FLAGS ((ULONG_PTR)((1UL << PROCESS_EXCEPTION_PORT_ALL_STATE_BITS) - 1))
|
||||
|
||||
typedef struct _PROCESS_EXCEPTION_PORT
|
||||
{
|
||||
_In_ HANDLE ExceptionPortHandle; // Handle to the exception port. No particular access required.
|
||||
_Inout_ ULONG StateFlags; // Miscellaneous state flags to be cached along with the exception port in the kernel.
|
||||
} PROCESS_EXCEPTION_PORT, *PPROCESS_EXCEPTION_PORT;
|
||||
|
||||
typedef struct _PROCESS_ACCESS_TOKEN
|
||||
{
|
||||
HANDLE Token; // needs TOKEN_ASSIGN_PRIMARY access
|
||||
@@ -448,6 +460,8 @@ typedef struct _PROCESS_SESSION_INFORMATION
|
||||
ULONG SessionId;
|
||||
} PROCESS_SESSION_INFORMATION, *PPROCESS_SESSION_INFORMATION;
|
||||
|
||||
#define PROCESS_HANDLE_EXCEPTIONS_ENABLED 0x00000001
|
||||
|
||||
#define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_DISABLED 0x00000000
|
||||
#define PROCESS_HANDLE_RAISE_EXCEPTION_ON_INVALID_HANDLE_CLOSE_ENABLED 0x00000001
|
||||
|
||||
@@ -487,6 +501,42 @@ typedef struct _PROCESS_HANDLE_TRACING_QUERY
|
||||
|
||||
#endif
|
||||
|
||||
// private
|
||||
typedef struct _THREAD_TLS_INFORMATION
|
||||
{
|
||||
ULONG Flags;
|
||||
PVOID NewTlsData;
|
||||
PVOID OldTlsData;
|
||||
HANDLE ThreadId;
|
||||
} THREAD_TLS_INFORMATION, *PTHREAD_TLS_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef enum _PROCESS_TLS_INFORMATION_TYPE
|
||||
{
|
||||
ProcessTlsReplaceIndex,
|
||||
ProcessTlsReplaceVector,
|
||||
MaxProcessTlsOperation
|
||||
} PROCESS_TLS_INFORMATION_TYPE, *PPROCESS_TLS_INFORMATION_TYPE;
|
||||
|
||||
// private
|
||||
typedef struct _PROCESS_TLS_INFORMATION
|
||||
{
|
||||
ULONG Flags;
|
||||
ULONG OperationType;
|
||||
ULONG ThreadDataCount;
|
||||
ULONG TlsIndex;
|
||||
ULONG PreviousCount;
|
||||
THREAD_TLS_INFORMATION ThreadData[1];
|
||||
} PROCESS_TLS_INFORMATION, *PPROCESS_TLS_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION
|
||||
{
|
||||
ULONG Version;
|
||||
ULONG Reserved;
|
||||
PVOID Callback;
|
||||
} PROCESS_INSTRUMENTATION_CALLBACK_INFORMATION, *PPROCESS_INSTRUMENTATION_CALLBACK_INFORMATION;
|
||||
|
||||
// private
|
||||
typedef struct _PROCESS_STACK_ALLOCATION_INFORMATION
|
||||
{
|
||||
@@ -757,17 +807,19 @@ typedef struct _MANAGE_WRITES_TO_EXECUTABLE_MEMORY
|
||||
ULONG Spare : 22;
|
||||
} MANAGE_WRITES_TO_EXECUTABLE_MEMORY, *PMANAGE_WRITES_TO_EXECUTABLE_MEMORY;
|
||||
|
||||
typedef struct _PROCESS_READWRITEVM_LOGGING_INFORMATION
|
||||
#define PROCESS_READWRITEVM_LOGGING_ENABLE_READVM 1
|
||||
#define PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM 2
|
||||
#define PROCESS_READWRITEVM_LOGGING_ENABLE_READVM_V 1UL
|
||||
#define PROCESS_READWRITEVM_LOGGING_ENABLE_WRITEVM_V 2UL
|
||||
|
||||
typedef union _PROCESS_READWRITEVM_LOGGING_INFORMATION
|
||||
{
|
||||
union
|
||||
{
|
||||
BOOLEAN Flags;
|
||||
UCHAR Flags;
|
||||
struct
|
||||
{
|
||||
BOOLEAN EnableReadVmLogging : 1;
|
||||
BOOLEAN EnableWriteVmLogging : 1;
|
||||
BOOLEAN Unused : 6;
|
||||
};
|
||||
UCHAR EnableReadVmLogging : 1;
|
||||
UCHAR EnableWriteVmLogging : 1;
|
||||
UCHAR Unused : 6;
|
||||
};
|
||||
} PROCESS_READWRITEVM_LOGGING_INFORMATION, *PPROCESS_READWRITEVM_LOGGING_INFORMATION;
|
||||
|
||||
@@ -788,6 +840,16 @@ typedef struct _PROCESS_UPTIME_INFORMATION
|
||||
};
|
||||
} PROCESS_UPTIME_INFORMATION, *PPROCESS_UPTIME_INFORMATION;
|
||||
|
||||
typedef union _PROCESS_SYSTEM_RESOURCE_MANAGEMENT
|
||||
{
|
||||
ULONG Flags;
|
||||
struct
|
||||
{
|
||||
ULONG Foreground : 1;
|
||||
ULONG Reserved : 31;
|
||||
};
|
||||
} PROCESS_SYSTEM_RESOURCE_MANAGEMENT, *PPROCESS_SYSTEM_RESOURCE_MANAGEMENT;
|
||||
|
||||
// end_private
|
||||
|
||||
#endif
|
||||
@@ -1008,6 +1070,7 @@ NtResumeProcess(
|
||||
#define NtCurrentProcessToken() ((HANDLE)(LONG_PTR)-4)
|
||||
#define NtCurrentThreadToken() ((HANDLE)(LONG_PTR)-5)
|
||||
#define NtCurrentEffectiveToken() ((HANDLE)(LONG_PTR)-6)
|
||||
#define NtCurrentSilo() ((HANDLE)(LONG_PTR)-1)
|
||||
|
||||
// Not NT, but useful.
|
||||
#define NtCurrentProcessId() (NtCurrentTeb()->ClientId.UniqueProcess)
|
||||
@@ -1471,7 +1534,8 @@ typedef enum _PS_MITIGATION_OPTION
|
||||
PS_MITIGATION_OPTION_EXPORT_ADDRESS_FILTER_PLUS,
|
||||
PS_MITIGATION_OPTION_RESTRICT_CHILD_PROCESS_CREATION,
|
||||
PS_MITIGATION_OPTION_IMPORT_ADDRESS_FILTER,
|
||||
PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION
|
||||
PS_MITIGATION_OPTION_MODULE_TAMPERING_PROTECTION,
|
||||
PS_MITIGATION_OPTION_RESTRICT_INDIRECT_BRANCH_PREDICTION
|
||||
} PS_MITIGATION_OPTION;
|
||||
|
||||
// windows-internals-book:"Chapter 5"
|
||||
|
||||
@@ -3236,6 +3236,15 @@ RtlDoesFileExists_U(
|
||||
_In_ PWSTR FileName
|
||||
);
|
||||
|
||||
#if (PHNT_VERSION >= PHNT_REDSTONE2)
|
||||
NTSYSAPI
|
||||
PCWSTR
|
||||
NTAPI
|
||||
RtlGetNtSystemRoot(
|
||||
VOID
|
||||
);
|
||||
#endif
|
||||
|
||||
// Heaps
|
||||
|
||||
typedef struct _RTL_HEAP_ENTRY
|
||||
|
||||
@@ -36,6 +36,7 @@
|
||||
#define PHNT_REDSTONE 102
|
||||
#define PHNT_REDSTONE2 103
|
||||
#define PHNT_REDSTONE3 104
|
||||
#define PHNT_REDSTONE4 105
|
||||
|
||||
#ifndef PHNT_MODE
|
||||
#define PHNT_MODE PHNT_MODE_USER
|
||||
|
||||
@@ -213,6 +213,8 @@ typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
|
||||
#define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL }
|
||||
#define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
|
||||
|
||||
#define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
|
||||
|
||||
// Portability
|
||||
|
||||
typedef struct _OBJECT_ATTRIBUTES64
|
||||
|
||||
Reference in New Issue
Block a user