├── KrkrzExtract
├── stdafx.h
├── resource.h
├── small.ico
├── stdafx.cpp
├── targetver.h
├── KrkrzExtract.rc
├── KrkrzExtract.aps
├── KrkrzExtract.cpp
├── KrkrzExtract.ico
├── Release
│ ├── vc143.pdb
│ ├── KrkrzExtract.iobj
│ ├── KrkrzExtract.ipdb
│ ├── KrkrzExtract.res
│ ├── KrkrzExtract.tlog
│ │ ├── CL.read.1.tlog
│ │ ├── rc.read.1.tlog
│ │ ├── CL.command.1.tlog
│ │ ├── CL.write.1.tlog
│ │ ├── link.read.1.tlog
│ │ ├── link.write.1.tlog
│ │ ├── rc.command.1.tlog
│ │ ├── rc.write.1.tlog
│ │ ├── link.command.1.tlog
│ │ └── KrkrzExtract.lastbuildstate
│ ├── KrkrzExtract.log
│ └── KrkrzExtract.exe.recipe
├── KrkrzExtract.vcxproj.user
├── README.md
├── ntsmss.h
├── ntnls.h
├── ntxcapi.h
├── KrkrzExtract.vcxproj.filters
├── ntmisc.h
├── phnt.h
├── subprocesstag.h
├── ntkeapi.h
├── phnt_windows.h
├── ntpnpapi.h
├── ntgdi.h
├── ntpoapi.h
├── ntpfapi.h
├── ntdbg.h
├── phnt_ntdef.h
├── KrkrzExtract.vcxproj
├── nttp.h
├── ntobapi.h
└── ntpebteb.h
├── KrkrzInternal
├── stdafx.h
├── tp_stub.h
├── resource.h
├── stdafx.cpp
├── targetver.h
├── CExtractView.h
├── CExtractView.cpp
├── KrkrzInternal.aps
├── KrkrzInternal.cpp
├── KrkrzInternal.def
├── KrkrzInternal.h
├── KrkrzInternal.rc
├── res
│ └── KrkrzInternal.rc2
├── README.md
├── KrkrzInternal.vcxproj.user
├── ntsmss.h
├── ntnls.h
├── ntxcapi.h
├── ntmisc.h
├── KrkrzInternal.vcxproj.filters
├── phnt.h
├── subprocesstag.h
├── ntkeapi.h
├── phnt_windows.h
├── ntpnpapi.h
├── ntgdi.h
├── ntpoapi.h
├── SectionProtector.h
├── ntpfapi.h
├── ntdbg.h
├── phnt_ntdef.h
├── nttp.h
├── ntobapi.h
├── KrkrzInternal.vcxproj
└── ntpebteb.h
├── README.md
├── .gitignore
└── KrkrzExtract.sln
/KrkrzExtract/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/stdafx.h
--------------------------------------------------------------------------------
/KrkrzExtract/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/resource.h
--------------------------------------------------------------------------------
/KrkrzExtract/small.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/small.ico
--------------------------------------------------------------------------------
/KrkrzExtract/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/stdafx.cpp
--------------------------------------------------------------------------------
/KrkrzInternal/stdafx.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/stdafx.h
--------------------------------------------------------------------------------
/KrkrzInternal/tp_stub.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/tp_stub.h
--------------------------------------------------------------------------------
/KrkrzExtract/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/targetver.h
--------------------------------------------------------------------------------
/KrkrzInternal/resource.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/resource.h
--------------------------------------------------------------------------------
/KrkrzInternal/stdafx.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/stdafx.cpp
--------------------------------------------------------------------------------
/KrkrzInternal/targetver.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/targetver.h
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/KrkrzExtract.rc
--------------------------------------------------------------------------------
/KrkrzInternal/CExtractView.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/CExtractView.h
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/KrkrzExtract.aps
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/KrkrzExtract.cpp
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.ico:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/KrkrzExtract.ico
--------------------------------------------------------------------------------
/KrkrzExtract/Release/vc143.pdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/vc143.pdb
--------------------------------------------------------------------------------
/KrkrzInternal/CExtractView.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/CExtractView.cpp
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.aps:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/KrkrzInternal.aps
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.cpp:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/KrkrzInternal.cpp
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.def:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/KrkrzInternal.def
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.h:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/KrkrzInternal.h
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.rc:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/KrkrzInternal.rc
--------------------------------------------------------------------------------
/KrkrzInternal/res/KrkrzInternal.rc2:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzInternal/res/KrkrzInternal.rc2
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.iobj:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.iobj
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.ipdb:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.ipdb
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.res:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.res
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/CL.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/CL.read.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/rc.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/rc.read.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/CL.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/CL.command.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/CL.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/CL.write.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/link.read.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/link.read.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/link.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/link.write.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/rc.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/rc.command.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/rc.write.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/rc.write.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/link.command.1.tlog:
--------------------------------------------------------------------------------
https://raw.githubusercontent.com/xmoezzz/KrkrzExtract/HEAD/KrkrzExtract/Release/KrkrzExtract.tlog/link.command.1.tlog
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.tlog/KrkrzExtract.lastbuildstate:
--------------------------------------------------------------------------------
1 | PlatformToolSet=v143:VCToolArchitecture=Native32Bit:VCToolsVersion=14.30.30705:TargetPlatformVersion=10.0.22000.0:
2 | Release|Win32|D:\dev\KrkrzExtract\|
3 |
--------------------------------------------------------------------------------
/KrkrzExtract/README.md:
--------------------------------------------------------------------------------
1 | # NativeLib-R
2 | ntos internals
3 |
4 | * originally done by `processhacker` and `天野`
5 |
6 | * user mode hook engine
7 | * find out more syscall definitions
8 | * friendly and lightweight syscall wrappers
9 |
10 |
--------------------------------------------------------------------------------
/KrkrzInternal/README.md:
--------------------------------------------------------------------------------
1 | # NativeLib-R
2 | ntos internals
3 |
4 | * originally done by `processhacker` and `天野`
5 |
6 | * user mode hook engine
7 | * find out more syscall definitions
8 | * friendly and lightweight syscall wrappers
9 |
10 |
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.vcxproj.user:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 | KrkrzInternal.rc
5 |
6 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # KrkrzExtract
2 | The next generation of KrkrExtract
3 |
4 | # Warning
5 | * Beta version, unstable now.
6 |
7 | # Why
8 | * Universal unpacker for krkrz
9 | * Make KrkrExtract more simple
10 |
11 | # Support
12 | KrkrzExtract only supports krkrz engine.
13 |
14 | # Build
15 | VS2013
16 |
17 |
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.log:
--------------------------------------------------------------------------------
1 | KrkrzExtract.cpp
2 | Generating code
3 | Previous IPDB not found, fall back to full compilation.
4 | All 82 functions were compiled because no usable IPDB/IOBJ from previous compilation was found.
5 | Finished generating code
6 | KrkrzExtract.vcxproj -> D:\dev\KrkrzExtract\Release\KrkrzExtract.exe
7 |
--------------------------------------------------------------------------------
/KrkrzExtract/Release/KrkrzExtract.exe.recipe:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | D:\dev\KrkrzExtract\Release\KrkrzExtract.exe
6 |
7 |
8 |
9 |
10 |
11 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Prerequisites
2 | *.d
3 |
4 | # Compiled Object files
5 | *.slo
6 | *.lo
7 | *.o
8 | *.obj
9 |
10 | # Precompiled Headers
11 | *.gch
12 | *.pch
13 |
14 | # Compiled Dynamic libraries
15 | *.so
16 | *.dylib
17 |
18 | # Fortran module files
19 | *.mod
20 | *.smod
21 |
22 | # Compiled Static libraries
23 | *.lai
24 | *.la
25 | *.a
26 | *.lib
27 |
28 | # Executables
29 | *.out
30 | *.app
31 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntsmss.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | NTSYSAPI
4 | NTSTATUS
5 | NTAPI
6 | RtlConnectToSm(
7 | _In_ PUNICODE_STRING ApiPortName,
8 | _In_ HANDLE ApiPortHandle,
9 | _In_ DWORD ProcessImageType,
10 | _Out_ PHANDLE SmssConnection
11 | );
12 |
13 | NTSYSAPI
14 | NTSTATUS
15 | NTAPI
16 | RtlSendMsgToSm(
17 | _In_ HANDLE ApiPortHandle,
18 | _In_ PPORT_MESSAGE MessageData
19 | );
20 |
21 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntsmss.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | NTSYSAPI
4 | NTSTATUS
5 | NTAPI
6 | RtlConnectToSm(
7 | _In_ PUNICODE_STRING ApiPortName,
8 | _In_ HANDLE ApiPortHandle,
9 | _In_ DWORD ProcessImageType,
10 | _Out_ PHANDLE SmssConnection
11 | );
12 |
13 | NTSYSAPI
14 | NTSTATUS
15 | NTAPI
16 | RtlSendMsgToSm(
17 | _In_ HANDLE ApiPortHandle,
18 | _In_ PPORT_MESSAGE MessageData
19 | );
20 |
21 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntnls.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define MAXIMUM_LEADBYTES 12
4 |
5 | typedef struct _CPTABLEINFO
6 | {
7 | USHORT CodePage;
8 | USHORT MaximumCharacterSize;
9 | USHORT DefaultChar;
10 | USHORT UniDefaultChar;
11 | USHORT TransDefaultChar;
12 | USHORT TransUniDefaultChar;
13 | USHORT DBCSCodePage;
14 | UCHAR LeadByte[MAXIMUM_LEADBYTES];
15 | PUSHORT MultiByteTable;
16 | PVOID WideCharTable;
17 | PUSHORT DBCSRanges;
18 | PUSHORT DBCSOffsets;
19 | } CPTABLEINFO, *PCPTABLEINFO;
20 |
21 | typedef struct _NLSTABLEINFO
22 | {
23 | CPTABLEINFO OemTableInfo;
24 | CPTABLEINFO AnsiTableInfo;
25 | PUSHORT UpperCaseTable;
26 | PUSHORT LowerCaseTable;
27 | } NLSTABLEINFO, *PNLSTABLEINFO;
28 |
29 | NTSYSAPI USHORT NlsAnsiCodePage;
30 | NTSYSAPI BOOLEAN NlsMbCodePageTag;
31 | NTSYSAPI BOOLEAN NlsMbOemCodePageTag;
32 |
33 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntnls.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define MAXIMUM_LEADBYTES 12
4 |
5 | typedef struct _CPTABLEINFO
6 | {
7 | USHORT CodePage;
8 | USHORT MaximumCharacterSize;
9 | USHORT DefaultChar;
10 | USHORT UniDefaultChar;
11 | USHORT TransDefaultChar;
12 | USHORT TransUniDefaultChar;
13 | USHORT DBCSCodePage;
14 | UCHAR LeadByte[MAXIMUM_LEADBYTES];
15 | PUSHORT MultiByteTable;
16 | PVOID WideCharTable;
17 | PUSHORT DBCSRanges;
18 | PUSHORT DBCSOffsets;
19 | } CPTABLEINFO, *PCPTABLEINFO;
20 |
21 | typedef struct _NLSTABLEINFO
22 | {
23 | CPTABLEINFO OemTableInfo;
24 | CPTABLEINFO AnsiTableInfo;
25 | PUSHORT UpperCaseTable;
26 | PUSHORT LowerCaseTable;
27 | } NLSTABLEINFO, *PNLSTABLEINFO;
28 |
29 | NTSYSAPI USHORT NlsAnsiCodePage;
30 | NTSYSAPI BOOLEAN NlsMbCodePageTag;
31 | NTSYSAPI BOOLEAN NlsMbOemCodePageTag;
32 |
33 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntxcapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | NTSYSAPI
4 | BOOLEAN
5 | NTAPI
6 | RtlDispatchException(
7 | _In_ PEXCEPTION_RECORD ExceptionRecord,
8 | _In_ PCONTEXT ContextRecord
9 | );
10 |
11 | NTSYSAPI
12 | DECLSPEC_NORETURN
13 | VOID
14 | NTAPI
15 | RtlRaiseStatus(
16 | _In_ NTSTATUS Status
17 | );
18 |
19 | NTSYSAPI
20 | VOID
21 | NTAPI
22 | RtlRaiseException(
23 | _In_ PEXCEPTION_RECORD ExceptionRecord
24 | );
25 |
26 | NTSYSCALLAPI
27 | NTSTATUS
28 | NTAPI
29 | NtContinue(
30 | _In_ PCONTEXT ContextRecord,
31 | _In_ BOOLEAN TestAlert
32 | );
33 |
34 | NTSYSCALLAPI
35 | NTSTATUS
36 | NTAPI
37 | NtRaiseException(
38 | _In_ PEXCEPTION_RECORD ExceptionRecord,
39 | _In_ PCONTEXT ContextRecord,
40 | _In_ BOOLEAN FirstChance
41 | );
42 |
43 | __analysis_noreturn
44 | NTSYSCALLAPI
45 | VOID
46 | NTAPI
47 | RtlAssert(
48 | _In_ PVOID VoidFailedAssertion,
49 | _In_ PVOID VoidFileName,
50 | _In_ ULONG LineNumber,
51 | _In_opt_ PSTR MutableMessage
52 | );
53 |
54 | #define RTL_ASSERT(exp) \
55 | ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE)
56 | #define RTL_ASSERTMSG(msg, exp) \
57 | ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE)
58 | #define RTL_SOFT_ASSERT(_exp) \
59 | ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE)
60 | #define RTL_SOFT_ASSERTMSG(_msg, _exp) \
61 | ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE)
62 |
63 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntxcapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | NTSYSAPI
4 | BOOLEAN
5 | NTAPI
6 | RtlDispatchException(
7 | _In_ PEXCEPTION_RECORD ExceptionRecord,
8 | _In_ PCONTEXT ContextRecord
9 | );
10 |
11 | NTSYSAPI
12 | DECLSPEC_NORETURN
13 | VOID
14 | NTAPI
15 | RtlRaiseStatus(
16 | _In_ NTSTATUS Status
17 | );
18 |
19 | NTSYSAPI
20 | VOID
21 | NTAPI
22 | RtlRaiseException(
23 | _In_ PEXCEPTION_RECORD ExceptionRecord
24 | );
25 |
26 | NTSYSCALLAPI
27 | NTSTATUS
28 | NTAPI
29 | NtContinue(
30 | _In_ PCONTEXT ContextRecord,
31 | _In_ BOOLEAN TestAlert
32 | );
33 |
34 | NTSYSCALLAPI
35 | NTSTATUS
36 | NTAPI
37 | NtRaiseException(
38 | _In_ PEXCEPTION_RECORD ExceptionRecord,
39 | _In_ PCONTEXT ContextRecord,
40 | _In_ BOOLEAN FirstChance
41 | );
42 |
43 | __analysis_noreturn
44 | NTSYSCALLAPI
45 | VOID
46 | NTAPI
47 | RtlAssert(
48 | _In_ PVOID VoidFailedAssertion,
49 | _In_ PVOID VoidFileName,
50 | _In_ ULONG LineNumber,
51 | _In_opt_ PSTR MutableMessage
52 | );
53 |
54 | #define RTL_ASSERT(exp) \
55 | ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, NULL), FALSE) : TRUE)
56 | #define RTL_ASSERTMSG(msg, exp) \
57 | ((!(exp)) ? (RtlAssert((PVOID)#exp, (PVOID)__FILE__, __LINE__, msg), FALSE) : TRUE)
58 | #define RTL_SOFT_ASSERT(_exp) \
59 | ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n", __FILE__, __LINE__, #_exp), FALSE) : TRUE)
60 | #define RTL_SOFT_ASSERTMSG(_msg, _exp) \
61 | ((!(_exp)) ? (DbgPrint("%s(%d): Soft assertion failed\n Expression: %s\n Message: %s\n", __FILE__, __LINE__, #_exp, (_msg)), FALSE) : TRUE)
62 |
63 |
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 头文件
20 |
21 |
22 | 头文件
23 |
24 |
25 | 头文件
26 |
27 |
28 |
29 |
30 | 源文件
31 |
32 |
33 | 源文件
34 |
35 |
36 |
37 |
38 | 资源文件
39 |
40 |
41 |
42 |
43 | 资源文件
44 |
45 |
46 | 资源文件
47 |
48 |
49 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntmisc.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // Filter manager
4 |
5 | #define FLT_PORT_CONNECT 0x0001
6 | #define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
7 |
8 | // VDM
9 |
10 | typedef enum _VDMSERVICECLASS
11 | {
12 | VdmStartExecution,
13 | VdmQueueInterrupt,
14 | VdmDelayInterrupt,
15 | VdmInitialize,
16 | VdmFeatures,
17 | VdmSetInt21Handler,
18 | VdmQueryDir,
19 | VdmPrinterDirectIoOpen,
20 | VdmPrinterDirectIoClose,
21 | VdmPrinterInitialize,
22 | VdmSetLdtEntries,
23 | VdmSetProcessLdtInfo,
24 | VdmAdlibEmulation,
25 | VdmPMCliControl,
26 | VdmQueryVdmProcess
27 | } VDMSERVICECLASS, *PVDMSERVICECLASS;
28 |
29 | NTSYSCALLAPI
30 | NTSTATUS
31 | NTAPI
32 | NtVdmControl(
33 | _In_ VDMSERVICECLASS Service,
34 | _Inout_ PVOID ServiceData
35 | );
36 |
37 | // WMI/ETW
38 |
39 | NTSYSCALLAPI
40 | NTSTATUS
41 | NTAPI
42 | NtTraceEvent(
43 | _In_ HANDLE TraceHandle,
44 | _In_ ULONG Flags,
45 | _In_ ULONG FieldSize,
46 | _In_ PVOID Fields
47 | );
48 |
49 |
50 | /*
51 | None = 0,
52 | String = 1,
53 | ExpandString = 2,
54 | Binary = 3,
55 | Dword = 4,
56 | DwordBigEndian = 5,
57 | Link = 6,
58 | MultiString = 7,
59 | ResourceList = 8,
60 | FullResourceDescriptor = 9,
61 | ResourceRequirementsList = 10,
62 | Qword = 11
63 | */
64 |
65 |
66 | #if (NTDDI_VERSION >= NTDDI_VISTA)
67 | // private
68 | NTSYSCALLAPI
69 | NTSTATUS
70 | NTAPI
71 | NtTraceControl(
72 | _In_ ULONG FunctionCode,
73 | _In_reads_bytes_opt_(InBufferLen) PVOID InBuffer,
74 | _In_ ULONG InBufferLen,
75 | _Out_writes_bytes_opt_(OutBufferLen) PVOID OutBuffer,
76 | _In_ ULONG OutBufferLen,
77 | _Out_ PULONG ReturnLength
78 | );
79 | #endif
80 |
81 |
82 | typedef ULONG REGISTRY_VALUE_TYPE;
83 |
84 | NTSYSCALLAPI
85 | NTSTATUS
86 | NTAPI
87 | NtQueryLicenseValue(
88 | _In_ PUNICODE_STRING Name,
89 | _Out_ REGISTRY_VALUE_TYPE* Type,
90 | _Out_writes_bytes_opt_(Length) PVOID Buffer,
91 | _In_ ULONG Length,
92 | _Out_ PULONG ReturnLength
93 | );
94 |
95 |
96 |
97 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntmisc.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // Filter manager
4 |
5 | #define FLT_PORT_CONNECT 0x0001
6 | #define FLT_PORT_ALL_ACCESS (FLT_PORT_CONNECT | STANDARD_RIGHTS_ALL)
7 |
8 | // VDM
9 |
10 | typedef enum _VDMSERVICECLASS
11 | {
12 | VdmStartExecution,
13 | VdmQueueInterrupt,
14 | VdmDelayInterrupt,
15 | VdmInitialize,
16 | VdmFeatures,
17 | VdmSetInt21Handler,
18 | VdmQueryDir,
19 | VdmPrinterDirectIoOpen,
20 | VdmPrinterDirectIoClose,
21 | VdmPrinterInitialize,
22 | VdmSetLdtEntries,
23 | VdmSetProcessLdtInfo,
24 | VdmAdlibEmulation,
25 | VdmPMCliControl,
26 | VdmQueryVdmProcess
27 | } VDMSERVICECLASS, *PVDMSERVICECLASS;
28 |
29 | NTSYSCALLAPI
30 | NTSTATUS
31 | NTAPI
32 | NtVdmControl(
33 | _In_ VDMSERVICECLASS Service,
34 | _Inout_ PVOID ServiceData
35 | );
36 |
37 | // WMI/ETW
38 |
39 | NTSYSCALLAPI
40 | NTSTATUS
41 | NTAPI
42 | NtTraceEvent(
43 | _In_ HANDLE TraceHandle,
44 | _In_ ULONG Flags,
45 | _In_ ULONG FieldSize,
46 | _In_ PVOID Fields
47 | );
48 |
49 |
50 | /*
51 | None = 0,
52 | String = 1,
53 | ExpandString = 2,
54 | Binary = 3,
55 | Dword = 4,
56 | DwordBigEndian = 5,
57 | Link = 6,
58 | MultiString = 7,
59 | ResourceList = 8,
60 | FullResourceDescriptor = 9,
61 | ResourceRequirementsList = 10,
62 | Qword = 11
63 | */
64 |
65 |
66 | #if (NTDDI_VERSION >= NTDDI_VISTA)
67 | // private
68 | NTSYSCALLAPI
69 | NTSTATUS
70 | NTAPI
71 | NtTraceControl(
72 | _In_ ULONG FunctionCode,
73 | _In_reads_bytes_opt_(InBufferLen) PVOID InBuffer,
74 | _In_ ULONG InBufferLen,
75 | _Out_writes_bytes_opt_(OutBufferLen) PVOID OutBuffer,
76 | _In_ ULONG OutBufferLen,
77 | _Out_ PULONG ReturnLength
78 | );
79 | #endif
80 |
81 |
82 | typedef ULONG REGISTRY_VALUE_TYPE;
83 |
84 | NTSYSCALLAPI
85 | NTSTATUS
86 | NTAPI
87 | NtQueryLicenseValue(
88 | _In_ PUNICODE_STRING Name,
89 | _Out_ REGISTRY_VALUE_TYPE* Type,
90 | _Out_writes_bytes_opt_(Length) PVOID Buffer,
91 | _In_ ULONG Length,
92 | _Out_ PULONG ReturnLength
93 | );
94 |
95 |
96 |
97 |
--------------------------------------------------------------------------------
/KrkrzExtract.sln:
--------------------------------------------------------------------------------
1 |
2 | Microsoft Visual Studio Solution File, Format Version 12.00
3 | # Visual Studio 2013
4 | VisualStudioVersion = 12.0.40629.0
5 | MinimumVisualStudioVersion = 10.0.40219.1
6 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KrkrzExtract", "KrkrzExtract\KrkrzExtract.vcxproj", "{2073CE56-C843-4B06-8EF9-B2D612C2CABF}"
7 | EndProject
8 | Project("{8BC9CEB8-8B4A-11D0-8D11-00A0C91BC942}") = "KrkrzInternal", "KrkrzInternal\KrkrzInternal.vcxproj", "{FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}"
9 | EndProject
10 | Global
11 | GlobalSection(SolutionConfigurationPlatforms) = preSolution
12 | Debug|x64 = Debug|x64
13 | Debug|x86 = Debug|x86
14 | Release|x64 = Release|x64
15 | Release|x86 = Release|x86
16 | EndGlobalSection
17 | GlobalSection(ProjectConfigurationPlatforms) = postSolution
18 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Debug|x64.ActiveCfg = Debug|x64
19 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Debug|x64.Build.0 = Debug|x64
20 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Debug|x86.ActiveCfg = Debug|Win32
21 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Debug|x86.Build.0 = Debug|Win32
22 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Release|x64.ActiveCfg = Release|x64
23 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Release|x64.Build.0 = Release|x64
24 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Release|x86.ActiveCfg = Release|Win32
25 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}.Release|x86.Build.0 = Release|Win32
26 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Debug|x64.ActiveCfg = Debug|x64
27 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Debug|x64.Build.0 = Debug|x64
28 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Debug|x86.ActiveCfg = Debug|Win32
29 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Debug|x86.Build.0 = Debug|Win32
30 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Release|x64.ActiveCfg = Release|x64
31 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Release|x64.Build.0 = Release|x64
32 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Release|x86.ActiveCfg = Release|Win32
33 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}.Release|x86.Build.0 = Release|Win32
34 | EndGlobalSection
35 | GlobalSection(SolutionProperties) = preSolution
36 | HideSolutionNode = FALSE
37 | EndGlobalSection
38 | GlobalSection(ExtensibilityGlobals) = postSolution
39 | SolutionGuid = {E16D404C-7F0C-45FE-9102-C479DB06212B}
40 | EndGlobalSection
41 | EndGlobal
42 |
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.vcxproj.filters:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | {4FC737F1-C7A5-4376-A066-2A32D752A2FF}
6 | cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx
7 |
8 |
9 | {93995380-89BD-4b04-88EB-625FBE52EBFB}
10 | h;hh;hpp;hxx;hm;inl;inc;ipp;xsd
11 |
12 |
13 | {67DA6AB6-F800-4c08-8B7A-83BB121AAD01}
14 | rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms
15 |
16 |
17 |
18 |
19 | 源文件
20 |
21 |
22 | 源文件
23 |
24 |
25 | 源文件
26 |
27 |
28 | 源文件
29 |
30 |
31 |
32 |
33 | 源文件
34 |
35 |
36 | 资源文件
37 |
38 |
39 |
40 |
41 | 头文件
42 |
43 |
44 | 头文件
45 |
46 |
47 | 头文件
48 |
49 |
50 | 头文件
51 |
52 |
53 | 头文件
54 |
55 |
56 | 头文件
57 |
58 |
59 | 头文件
60 |
61 |
62 |
63 |
64 | 资源文件
65 |
66 |
67 |
--------------------------------------------------------------------------------
/KrkrzExtract/phnt.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // This header file provides access to NT APIs.
4 |
5 | // Definitions are annotated to indicate their source. If a definition is not annotated, it has been
6 | // retrieved from an official Microsoft source (NT headers, DDK headers, winnt.h).
7 |
8 | // * "winbase" indicates that a definition has been reconstructed from a Win32-ized NT definition in
9 | // winbase.h.
10 | // * "rev" indicates that a definition has been reverse-engineered.
11 | // * "dbg" indicates that a definition has been obtained from a debug message or assertion in a
12 | // checked build of the kernel or file.
13 |
14 | // Reliability:
15 | // 1. No annotation.
16 | // 2. dbg.
17 | // 3. symbols, private. Types may be incorrect.
18 | // 4. winbase. Names and types may be incorrect.
19 | // 5. rev.
20 |
21 | // Version
22 | #include
23 |
24 | #pragma comment(lib,"ntdll.lib")
25 | #pragma comment(lib,"samlib.lib")
26 | #pragma comment(lib,"winsta.lib")
27 |
28 | // Warnings which disabled for compiling
29 | #if _MSC_VER >= 1200
30 | #pragma warning(push)
31 | // nonstandard extension used : nameless struct/union
32 | #pragma warning(disable:4201)
33 | // 'struct_name' : structure was padded due to __declspec(align())
34 | #pragma warning(disable:4324)
35 | // 'enumeration': a forward declaration of an unscoped enumeration must have an
36 | // underlying type (int assumed)
37 | #pragma warning(disable:4471)
38 | #endif
39 |
40 | #ifdef __cplusplus
41 | extern "C" {
42 | #endif
43 |
44 | #include
45 | #include
46 | #include
47 |
48 | #include
49 | #include
50 |
51 | #include
52 |
53 | #include
54 | #include
55 | #include
56 | #include
57 |
58 | #include
59 | #include
60 | #include
61 | #include
62 | #include
63 | #include
64 | #include
65 | #include
66 |
67 | #include
68 | #include
69 | #include
70 | #include
71 |
72 | #include
73 |
74 | #include
75 | #include
76 |
77 | #include
78 |
79 | #include
80 |
81 | #include
82 |
83 | #include
84 |
85 | #ifdef __cplusplus
86 | }
87 | #endif
88 |
89 | #if _MSC_VER >= 1200
90 | #pragma warning(pop)
91 | #endif
92 |
93 |
--------------------------------------------------------------------------------
/KrkrzInternal/phnt.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // This header file provides access to NT APIs.
4 |
5 | // Definitions are annotated to indicate their source. If a definition is not annotated, it has been
6 | // retrieved from an official Microsoft source (NT headers, DDK headers, winnt.h).
7 |
8 | // * "winbase" indicates that a definition has been reconstructed from a Win32-ized NT definition in
9 | // winbase.h.
10 | // * "rev" indicates that a definition has been reverse-engineered.
11 | // * "dbg" indicates that a definition has been obtained from a debug message or assertion in a
12 | // checked build of the kernel or file.
13 |
14 | // Reliability:
15 | // 1. No annotation.
16 | // 2. dbg.
17 | // 3. symbols, private. Types may be incorrect.
18 | // 4. winbase. Names and types may be incorrect.
19 | // 5. rev.
20 |
21 | // Version
22 | #include
23 |
24 | #pragma comment(lib,"ntdll.lib")
25 | #pragma comment(lib,"samlib.lib")
26 | #pragma comment(lib,"winsta.lib")
27 |
28 | // Warnings which disabled for compiling
29 | #if _MSC_VER >= 1200
30 | #pragma warning(push)
31 | // nonstandard extension used : nameless struct/union
32 | #pragma warning(disable:4201)
33 | // 'struct_name' : structure was padded due to __declspec(align())
34 | #pragma warning(disable:4324)
35 | // 'enumeration': a forward declaration of an unscoped enumeration must have an
36 | // underlying type (int assumed)
37 | #pragma warning(disable:4471)
38 | #endif
39 |
40 | #ifdef __cplusplus
41 | extern "C" {
42 | #endif
43 |
44 | #include
45 | #include
46 | #include
47 |
48 | #include
49 | #include
50 |
51 | #include
52 |
53 | #include
54 | #include
55 | #include
56 | #include
57 |
58 | #include
59 | #include
60 | #include
61 | #include
62 | #include
63 | #include
64 | #include
65 | #include
66 |
67 | #include
68 | #include
69 | #include
70 | #include
71 |
72 | #include
73 |
74 | #include
75 | #include
76 |
77 | #include
78 |
79 | #include
80 |
81 | #include
82 |
83 | #include
84 |
85 | #ifdef __cplusplus
86 | }
87 | #endif
88 |
89 | #if _MSC_VER >= 1200
90 | #pragma warning(pop)
91 | #endif
92 |
93 |
--------------------------------------------------------------------------------
/KrkrzExtract/subprocesstag.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | // Subprocess tag information
3 |
4 | typedef enum _TAG_INFO_LEVEL
5 | {
6 | eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG
7 | eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE
8 | eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING
9 | eTagInfoLevelMax
10 | } TAG_INFO_LEVEL;
11 |
12 | typedef enum _TAG_TYPE
13 | {
14 | eTagTypeService = 1,
15 | eTagTypeMax
16 | } TAG_TYPE;
17 |
18 | typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS
19 | {
20 | DWORD dwPid;
21 | DWORD dwTag;
22 | } TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS;
23 |
24 | typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS
25 | {
26 | DWORD eTagType;
27 | LPWSTR pszName;
28 | } TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
29 |
30 | typedef struct _TAG_INFO_NAME_FROM_TAG
31 | {
32 | TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams;
33 | TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams;
34 | } TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG;
35 |
36 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS
37 | {
38 | DWORD dwPid;
39 | LPWSTR pszModule;
40 | } TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
41 |
42 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS
43 | {
44 | DWORD eTagType;
45 | LPWSTR pmszNames;
46 | } TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
47 |
48 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE
49 | {
50 | TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams;
51 | TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams;
52 | } TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE;
53 |
54 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS
55 | {
56 | DWORD dwPid;
57 | } TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
58 |
59 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT
60 | {
61 | DWORD eTagType;
62 | DWORD dwTag;
63 | LPWSTR pszName;
64 | LPWSTR pszGroupName;
65 | } TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT;
66 |
67 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS
68 | {
69 | DWORD cElements;
70 | PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements;
71 | } TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
72 |
73 | typedef struct _TAG_INFO_NAME_TAG_MAPPING
74 | {
75 | TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams;
76 | PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams;
77 | } TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING;
78 |
79 | _Must_inspect_result_
80 | DWORD
81 | WINAPI
82 | I_QueryTagInformation(
83 | _In_opt_ LPCWSTR pszMachineName,
84 | _In_ TAG_INFO_LEVEL eInfoLevel,
85 | _Inout_ PVOID pTagInfo
86 | );
87 |
88 | typedef DWORD (WINAPI *PQUERY_TAG_INFORMATION)(
89 | _In_opt_ LPCWSTR pszMachineName,
90 | _In_ TAG_INFO_LEVEL eInfoLevel,
91 | _Inout_ PVOID pTagInfo
92 | );
93 |
94 |
--------------------------------------------------------------------------------
/KrkrzInternal/subprocesstag.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | // Subprocess tag information
3 |
4 | typedef enum _TAG_INFO_LEVEL
5 | {
6 | eTagInfoLevelNameFromTag = 1, // TAG_INFO_NAME_FROM_TAG
7 | eTagInfoLevelNamesReferencingModule, // TAG_INFO_NAMES_REFERENCING_MODULE
8 | eTagInfoLevelNameTagMapping, // TAG_INFO_NAME_TAG_MAPPING
9 | eTagInfoLevelMax
10 | } TAG_INFO_LEVEL;
11 |
12 | typedef enum _TAG_TYPE
13 | {
14 | eTagTypeService = 1,
15 | eTagTypeMax
16 | } TAG_TYPE;
17 |
18 | typedef struct _TAG_INFO_NAME_FROM_TAG_IN_PARAMS
19 | {
20 | DWORD dwPid;
21 | DWORD dwTag;
22 | } TAG_INFO_NAME_FROM_TAG_IN_PARAMS, *PTAG_INFO_NAME_FROM_TAG_IN_PARAMS;
23 |
24 | typedef struct _TAG_INFO_NAME_FROM_TAG_OUT_PARAMS
25 | {
26 | DWORD eTagType;
27 | LPWSTR pszName;
28 | } TAG_INFO_NAME_FROM_TAG_OUT_PARAMS, *PTAG_INFO_NAME_FROM_TAG_OUT_PARAMS;
29 |
30 | typedef struct _TAG_INFO_NAME_FROM_TAG
31 | {
32 | TAG_INFO_NAME_FROM_TAG_IN_PARAMS InParams;
33 | TAG_INFO_NAME_FROM_TAG_OUT_PARAMS OutParams;
34 | } TAG_INFO_NAME_FROM_TAG, *PTAG_INFO_NAME_FROM_TAG;
35 |
36 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS
37 | {
38 | DWORD dwPid;
39 | LPWSTR pszModule;
40 | } TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS;
41 |
42 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS
43 | {
44 | DWORD eTagType;
45 | LPWSTR pmszNames;
46 | } TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS, *PTAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS;
47 |
48 | typedef struct _TAG_INFO_NAMES_REFERENCING_MODULE
49 | {
50 | TAG_INFO_NAMES_REFERENCING_MODULE_IN_PARAMS InParams;
51 | TAG_INFO_NAMES_REFERENCING_MODULE_OUT_PARAMS OutParams;
52 | } TAG_INFO_NAMES_REFERENCING_MODULE, *PTAG_INFO_NAMES_REFERENCING_MODULE;
53 |
54 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS
55 | {
56 | DWORD dwPid;
57 | } TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_IN_PARAMS;
58 |
59 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_ELEMENT
60 | {
61 | DWORD eTagType;
62 | DWORD dwTag;
63 | LPWSTR pszName;
64 | LPWSTR pszGroupName;
65 | } TAG_INFO_NAME_TAG_MAPPING_ELEMENT, *PTAG_INFO_NAME_TAG_MAPPING_ELEMENT;
66 |
67 | typedef struct _TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS
68 | {
69 | DWORD cElements;
70 | PTAG_INFO_NAME_TAG_MAPPING_ELEMENT pNameTagMappingElements;
71 | } TAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS, *PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS;
72 |
73 | typedef struct _TAG_INFO_NAME_TAG_MAPPING
74 | {
75 | TAG_INFO_NAME_TAG_MAPPING_IN_PARAMS InParams;
76 | PTAG_INFO_NAME_TAG_MAPPING_OUT_PARAMS pOutParams;
77 | } TAG_INFO_NAME_TAG_MAPPING, *PTAG_INFO_NAME_TAG_MAPPING;
78 |
79 | _Must_inspect_result_
80 | DWORD
81 | WINAPI
82 | I_QueryTagInformation(
83 | _In_opt_ LPCWSTR pszMachineName,
84 | _In_ TAG_INFO_LEVEL eInfoLevel,
85 | _Inout_ PVOID pTagInfo
86 | );
87 |
88 | typedef DWORD (WINAPI *PQUERY_TAG_INFORMATION)(
89 | _In_opt_ LPCWSTR pszMachineName,
90 | _In_ TAG_INFO_LEVEL eInfoLevel,
91 | _Inout_ PVOID pTagInfo
92 | );
93 |
94 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntkeapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define LOW_PRIORITY 0 // Lowest thread priority level
4 | #define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level
5 | #define HIGH_PRIORITY 31 // Highest thread priority level
6 | #define MAXIMUM_PRIORITY 32 // Number of thread priority levels
7 |
8 | typedef enum _KTHREAD_STATE
9 | {
10 | Initialized,
11 | Ready,
12 | Running,
13 | Standby,
14 | Terminated,
15 | Waiting,
16 | Transition,
17 | DeferredReady,
18 | GateWaitObsolete,
19 | WaitingForProcessInSwap,
20 | MaximumThreadState
21 | } KTHREAD_STATE, *PKTHREAD_STATE;
22 |
23 | // private
24 | typedef enum _KHETERO_CPU_POLICY
25 | {
26 | KHeteroCpuPolicyAll,
27 | KHeteroCpuPolicyLarge,
28 | KHeteroCpuPolicyLargeOrIdle,
29 | KHeteroCpuPolicySmall,
30 | KHeteroCpuPolicySmallOrIdle,
31 | KHeteroCpuPolicyDynamic,
32 | KHeteroCpuPolicyStaticMax,
33 | KHeteroCpuPolicyBiasedSmall,
34 | KHeteroCpuPolicyBiasedLarge,
35 | KHeteroCpuPolicyDefault,
36 | KHeteroCpuPolicyMax
37 | } KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY;
38 |
39 | typedef enum _KWAIT_REASON
40 | {
41 | Executive,
42 | FreePage,
43 | PageIn,
44 | PoolAllocation,
45 | DelayExecution,
46 | Suspended,
47 | UserRequest,
48 | WrExecutive,
49 | WrFreePage,
50 | WrPageIn,
51 | WrPoolAllocation,
52 | WrDelayExecution,
53 | WrSuspended,
54 | WrUserRequest,
55 | WrEventPair,
56 | WrQueue,
57 | WrLpcReceive,
58 | WrLpcReply,
59 | WrVirtualMemory,
60 | WrPageOut,
61 | WrRendezvous,
62 | WrKeyedEvent,
63 | WrTerminated,
64 | WrProcessInSwap,
65 | WrCpuRateControl,
66 | WrCalloutStack,
67 | WrKernel,
68 | WrResource,
69 | WrPushLock,
70 | WrMutex,
71 | WrQuantumEnd,
72 | WrDispatchInt,
73 | WrPreempted,
74 | WrYieldExecution,
75 | WrFastMutex,
76 | WrGuardedMutex,
77 | WrRundown,
78 | WrAlertByThreadId,
79 | WrDeferredPreempt,
80 | MaximumWaitReason
81 | } KWAIT_REASON, *PKWAIT_REASON;
82 |
83 | typedef enum _KPROFILE_SOURCE
84 | {
85 | ProfileTime,
86 | ProfileAlignmentFixup,
87 | ProfileTotalIssues,
88 | ProfilePipelineDry,
89 | ProfileLoadInstructions,
90 | ProfilePipelineFrozen,
91 | ProfileBranchInstructions,
92 | ProfileTotalNonissues,
93 | ProfileDcacheMisses,
94 | ProfileIcacheMisses,
95 | ProfileCacheMisses,
96 | ProfileBranchMispredictions,
97 | ProfileStoreInstructions,
98 | ProfileFpInstructions,
99 | ProfileIntegerInstructions,
100 | Profile2Issue,
101 | Profile3Issue,
102 | Profile4Issue,
103 | ProfileSpecialInstructions,
104 | ProfileTotalCycles,
105 | ProfileIcacheIssues,
106 | ProfileDcacheAccesses,
107 | ProfileMemoryBarrierCycles,
108 | ProfileLoadLinkedIssues,
109 | ProfileMaximum
110 | } KPROFILE_SOURCE;
111 |
112 | NTSYSCALLAPI
113 | NTSTATUS
114 | NTAPI
115 | NtCallbackReturn(
116 | _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer,
117 | _In_ ULONG OutputLength,
118 | _In_ NTSTATUS Status
119 | );
120 |
121 | #if (NTDDI_VERSION >= NTDDI_VISTA)
122 | NTSYSCALLAPI
123 | VOID
124 | NTAPI
125 | NtFlushProcessWriteBuffers(
126 | VOID
127 | );
128 | #endif
129 |
130 | NTSYSCALLAPI
131 | NTSTATUS
132 | NTAPI
133 | NtQueryDebugFilterState(
134 | _In_ ULONG ComponentId,
135 | _In_ ULONG Level
136 | );
137 |
138 | NTSYSCALLAPI
139 | NTSTATUS
140 | NTAPI
141 | NtSetDebugFilterState(
142 | _In_ ULONG ComponentId,
143 | _In_ ULONG Level,
144 | _In_ BOOLEAN State
145 | );
146 |
147 | NTSYSCALLAPI
148 | NTSTATUS
149 | NTAPI
150 | NtYieldExecution(
151 | VOID
152 | );
153 |
154 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntkeapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define LOW_PRIORITY 0 // Lowest thread priority level
4 | #define LOW_REALTIME_PRIORITY 16 // Lowest realtime priority level
5 | #define HIGH_PRIORITY 31 // Highest thread priority level
6 | #define MAXIMUM_PRIORITY 32 // Number of thread priority levels
7 |
8 | typedef enum _KTHREAD_STATE
9 | {
10 | Initialized,
11 | Ready,
12 | Running,
13 | Standby,
14 | Terminated,
15 | Waiting,
16 | Transition,
17 | DeferredReady,
18 | GateWaitObsolete,
19 | WaitingForProcessInSwap,
20 | MaximumThreadState
21 | } KTHREAD_STATE, *PKTHREAD_STATE;
22 |
23 | // private
24 | typedef enum _KHETERO_CPU_POLICY
25 | {
26 | KHeteroCpuPolicyAll,
27 | KHeteroCpuPolicyLarge,
28 | KHeteroCpuPolicyLargeOrIdle,
29 | KHeteroCpuPolicySmall,
30 | KHeteroCpuPolicySmallOrIdle,
31 | KHeteroCpuPolicyDynamic,
32 | KHeteroCpuPolicyStaticMax,
33 | KHeteroCpuPolicyBiasedSmall,
34 | KHeteroCpuPolicyBiasedLarge,
35 | KHeteroCpuPolicyDefault,
36 | KHeteroCpuPolicyMax
37 | } KHETERO_CPU_POLICY, *PKHETERO_CPU_POLICY;
38 |
39 | typedef enum _KWAIT_REASON
40 | {
41 | Executive,
42 | FreePage,
43 | PageIn,
44 | PoolAllocation,
45 | DelayExecution,
46 | Suspended,
47 | UserRequest,
48 | WrExecutive,
49 | WrFreePage,
50 | WrPageIn,
51 | WrPoolAllocation,
52 | WrDelayExecution,
53 | WrSuspended,
54 | WrUserRequest,
55 | WrEventPair,
56 | WrQueue,
57 | WrLpcReceive,
58 | WrLpcReply,
59 | WrVirtualMemory,
60 | WrPageOut,
61 | WrRendezvous,
62 | WrKeyedEvent,
63 | WrTerminated,
64 | WrProcessInSwap,
65 | WrCpuRateControl,
66 | WrCalloutStack,
67 | WrKernel,
68 | WrResource,
69 | WrPushLock,
70 | WrMutex,
71 | WrQuantumEnd,
72 | WrDispatchInt,
73 | WrPreempted,
74 | WrYieldExecution,
75 | WrFastMutex,
76 | WrGuardedMutex,
77 | WrRundown,
78 | WrAlertByThreadId,
79 | WrDeferredPreempt,
80 | MaximumWaitReason
81 | } KWAIT_REASON, *PKWAIT_REASON;
82 |
83 | typedef enum _KPROFILE_SOURCE
84 | {
85 | ProfileTime,
86 | ProfileAlignmentFixup,
87 | ProfileTotalIssues,
88 | ProfilePipelineDry,
89 | ProfileLoadInstructions,
90 | ProfilePipelineFrozen,
91 | ProfileBranchInstructions,
92 | ProfileTotalNonissues,
93 | ProfileDcacheMisses,
94 | ProfileIcacheMisses,
95 | ProfileCacheMisses,
96 | ProfileBranchMispredictions,
97 | ProfileStoreInstructions,
98 | ProfileFpInstructions,
99 | ProfileIntegerInstructions,
100 | Profile2Issue,
101 | Profile3Issue,
102 | Profile4Issue,
103 | ProfileSpecialInstructions,
104 | ProfileTotalCycles,
105 | ProfileIcacheIssues,
106 | ProfileDcacheAccesses,
107 | ProfileMemoryBarrierCycles,
108 | ProfileLoadLinkedIssues,
109 | ProfileMaximum
110 | } KPROFILE_SOURCE;
111 |
112 | NTSYSCALLAPI
113 | NTSTATUS
114 | NTAPI
115 | NtCallbackReturn(
116 | _In_reads_bytes_opt_(OutputLength) PVOID OutputBuffer,
117 | _In_ ULONG OutputLength,
118 | _In_ NTSTATUS Status
119 | );
120 |
121 | #if (NTDDI_VERSION >= NTDDI_VISTA)
122 | NTSYSCALLAPI
123 | VOID
124 | NTAPI
125 | NtFlushProcessWriteBuffers(
126 | VOID
127 | );
128 | #endif
129 |
130 | NTSYSCALLAPI
131 | NTSTATUS
132 | NTAPI
133 | NtQueryDebugFilterState(
134 | _In_ ULONG ComponentId,
135 | _In_ ULONG Level
136 | );
137 |
138 | NTSYSCALLAPI
139 | NTSTATUS
140 | NTAPI
141 | NtSetDebugFilterState(
142 | _In_ ULONG ComponentId,
143 | _In_ ULONG Level,
144 | _In_ BOOLEAN State
145 | );
146 |
147 | NTSYSCALLAPI
148 | NTSTATUS
149 | NTAPI
150 | NtYieldExecution(
151 | VOID
152 | );
153 |
154 |
--------------------------------------------------------------------------------
/KrkrzExtract/phnt_windows.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | // This header file provides access to Win32, plus NTSTATUS values and some access mask values.
3 |
4 | #include
5 | #include
6 | #include
7 |
8 | #undef STATUS_WAIT_0
9 | #undef STATUS_ABANDONED_WAIT_0
10 | #undef STATUS_USER_APC
11 | #undef STATUS_TIMEOUT
12 | #undef STATUS_PENDING
13 | #undef DBG_EXCEPTION_HANDLED
14 | #undef DBG_CONTINUE
15 | #undef STATUS_SEGMENT_NOTIFICATION
16 | #undef STATUS_FATAL_APP_EXIT
17 | #undef DBG_TERMINATE_THREAD
18 | #undef DBG_TERMINATE_PROCESS
19 | #undef DBG_CONTROL_C
20 | #undef DBG_PRINTEXCEPTION_C
21 | #undef DBG_RIPEXCEPTION
22 | #undef DBG_CONTROL_BREAK
23 | #undef DBG_COMMAND_EXCEPTION
24 | #undef STATUS_GUARD_PAGE_VIOLATION
25 | #undef STATUS_DATATYPE_MISALIGNMENT
26 | #undef STATUS_BREAKPOINT
27 | #undef STATUS_SINGLE_STEP
28 | #undef STATUS_LONGJUMP
29 | #undef STATUS_UNWIND_CONSOLIDATE
30 | #undef DBG_EXCEPTION_NOT_HANDLED
31 | #undef STATUS_ACCESS_VIOLATION
32 | #undef STATUS_IN_PAGE_ERROR
33 | #undef STATUS_INVALID_HANDLE
34 | #undef STATUS_INVALID_PARAMETER
35 | #undef STATUS_NO_MEMORY
36 | #undef STATUS_ILLEGAL_INSTRUCTION
37 | #undef STATUS_NONCONTINUABLE_EXCEPTION
38 | #undef STATUS_INVALID_DISPOSITION
39 | #undef STATUS_ARRAY_BOUNDS_EXCEEDED
40 | #undef STATUS_FLOAT_DENORMAL_OPERAND
41 | #undef STATUS_FLOAT_DIVIDE_BY_ZERO
42 | #undef STATUS_FLOAT_INEXACT_RESULT
43 | #undef STATUS_FLOAT_INVALID_OPERATION
44 | #undef STATUS_FLOAT_OVERFLOW
45 | #undef STATUS_FLOAT_STACK_CHECK
46 | #undef STATUS_FLOAT_UNDERFLOW
47 | #undef STATUS_INTEGER_DIVIDE_BY_ZERO
48 | #undef STATUS_INTEGER_OVERFLOW
49 | #undef STATUS_PRIVILEGED_INSTRUCTION
50 | #undef STATUS_STACK_OVERFLOW
51 | #undef STATUS_DLL_NOT_FOUND
52 | #undef STATUS_ORDINAL_NOT_FOUND
53 | #undef STATUS_ENTRYPOINT_NOT_FOUND
54 | #undef STATUS_CONTROL_C_EXIT
55 | #undef STATUS_DLL_INIT_FAILED
56 | #undef STATUS_FLOAT_MULTIPLE_FAULTS
57 | #undef STATUS_FLOAT_MULTIPLE_TRAPS
58 | #undef STATUS_REG_NAT_CONSUMPTION
59 | #undef STATUS_HEAP_CORRUPTION
60 | #undef STATUS_STACK_BUFFER_OVERRUN
61 | #undef STATUS_INVALID_CRUNTIME_PARAMETER
62 | #undef STATUS_ASSERTION_FAILURE
63 | #undef STATUS_ENCLAVE_VIOLATION
64 |
65 | #undef STATUS_SXS_EARLY_DEACTIVATION
66 | #undef STATUS_SXS_INVALID_DEACTIVATION
67 |
68 | #undef DBG_REPLY_LATER
69 | #undef DBG_PRINTEXCEPTION_WIDE_C
70 |
71 | #include
72 |
73 | typedef double DOUBLE;
74 | typedef GUID *PGUID;
75 |
76 | // Desktop access rights
77 | #define DESKTOP_ALL_ACCESS \
78 | (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \
79 | DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
80 | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \
81 | STANDARD_RIGHTS_REQUIRED)
82 | #define DESKTOP_GENERIC_READ \
83 | (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ)
84 | #define DESKTOP_GENERIC_WRITE \
85 | (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \
86 | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \
87 | STANDARD_RIGHTS_WRITE)
88 | #define DESKTOP_GENERIC_EXECUTE \
89 | (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE)
90 |
91 | // Window station access rights
92 | #define WINSTA_GENERIC_READ \
93 | (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \
94 | WINSTA_READSCREEN | STANDARD_RIGHTS_READ)
95 | #define WINSTA_GENERIC_WRITE \
96 | (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \
97 | STANDARD_RIGHTS_WRITE)
98 | #define WINSTA_GENERIC_EXECUTE \
99 | (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE)
100 |
101 | // WMI access rights
102 | #define WMIGUID_GENERIC_READ \
103 | (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \
104 | STANDARD_RIGHTS_READ)
105 | #define WMIGUID_GENERIC_WRITE \
106 | (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \
107 | STANDARD_RIGHTS_WRITE)
108 | #define WMIGUID_GENERIC_EXECUTE \
109 | (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \
110 | TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \
111 | STANDARD_RIGHTS_EXECUTE)
112 |
113 |
--------------------------------------------------------------------------------
/KrkrzInternal/phnt_windows.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | // This header file provides access to Win32, plus NTSTATUS values and some access mask values.
3 |
4 | #include
5 | #include
6 | #include
7 |
8 | #undef STATUS_WAIT_0
9 | #undef STATUS_ABANDONED_WAIT_0
10 | #undef STATUS_USER_APC
11 | #undef STATUS_TIMEOUT
12 | #undef STATUS_PENDING
13 | #undef DBG_EXCEPTION_HANDLED
14 | #undef DBG_CONTINUE
15 | #undef STATUS_SEGMENT_NOTIFICATION
16 | #undef STATUS_FATAL_APP_EXIT
17 | #undef DBG_TERMINATE_THREAD
18 | #undef DBG_TERMINATE_PROCESS
19 | #undef DBG_CONTROL_C
20 | #undef DBG_PRINTEXCEPTION_C
21 | #undef DBG_RIPEXCEPTION
22 | #undef DBG_CONTROL_BREAK
23 | #undef DBG_COMMAND_EXCEPTION
24 | #undef STATUS_GUARD_PAGE_VIOLATION
25 | #undef STATUS_DATATYPE_MISALIGNMENT
26 | #undef STATUS_BREAKPOINT
27 | #undef STATUS_SINGLE_STEP
28 | #undef STATUS_LONGJUMP
29 | #undef STATUS_UNWIND_CONSOLIDATE
30 | #undef DBG_EXCEPTION_NOT_HANDLED
31 | #undef STATUS_ACCESS_VIOLATION
32 | #undef STATUS_IN_PAGE_ERROR
33 | #undef STATUS_INVALID_HANDLE
34 | #undef STATUS_INVALID_PARAMETER
35 | #undef STATUS_NO_MEMORY
36 | #undef STATUS_ILLEGAL_INSTRUCTION
37 | #undef STATUS_NONCONTINUABLE_EXCEPTION
38 | #undef STATUS_INVALID_DISPOSITION
39 | #undef STATUS_ARRAY_BOUNDS_EXCEEDED
40 | #undef STATUS_FLOAT_DENORMAL_OPERAND
41 | #undef STATUS_FLOAT_DIVIDE_BY_ZERO
42 | #undef STATUS_FLOAT_INEXACT_RESULT
43 | #undef STATUS_FLOAT_INVALID_OPERATION
44 | #undef STATUS_FLOAT_OVERFLOW
45 | #undef STATUS_FLOAT_STACK_CHECK
46 | #undef STATUS_FLOAT_UNDERFLOW
47 | #undef STATUS_INTEGER_DIVIDE_BY_ZERO
48 | #undef STATUS_INTEGER_OVERFLOW
49 | #undef STATUS_PRIVILEGED_INSTRUCTION
50 | #undef STATUS_STACK_OVERFLOW
51 | #undef STATUS_DLL_NOT_FOUND
52 | #undef STATUS_ORDINAL_NOT_FOUND
53 | #undef STATUS_ENTRYPOINT_NOT_FOUND
54 | #undef STATUS_CONTROL_C_EXIT
55 | #undef STATUS_DLL_INIT_FAILED
56 | #undef STATUS_FLOAT_MULTIPLE_FAULTS
57 | #undef STATUS_FLOAT_MULTIPLE_TRAPS
58 | #undef STATUS_REG_NAT_CONSUMPTION
59 | #undef STATUS_HEAP_CORRUPTION
60 | #undef STATUS_STACK_BUFFER_OVERRUN
61 | #undef STATUS_INVALID_CRUNTIME_PARAMETER
62 | #undef STATUS_ASSERTION_FAILURE
63 | #undef STATUS_ENCLAVE_VIOLATION
64 |
65 | #undef STATUS_SXS_EARLY_DEACTIVATION
66 | #undef STATUS_SXS_INVALID_DEACTIVATION
67 |
68 | #undef DBG_REPLY_LATER
69 | #undef DBG_PRINTEXCEPTION_WIDE_C
70 |
71 | #include
72 |
73 | typedef double DOUBLE;
74 | typedef GUID *PGUID;
75 |
76 | // Desktop access rights
77 | #define DESKTOP_ALL_ACCESS \
78 | (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_ENUMERATE | \
79 | DESKTOP_HOOKCONTROL | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | \
80 | DESKTOP_READOBJECTS | DESKTOP_SWITCHDESKTOP | DESKTOP_WRITEOBJECTS | \
81 | STANDARD_RIGHTS_REQUIRED)
82 | #define DESKTOP_GENERIC_READ \
83 | (DESKTOP_ENUMERATE | DESKTOP_READOBJECTS | STANDARD_RIGHTS_READ)
84 | #define DESKTOP_GENERIC_WRITE \
85 | (DESKTOP_CREATEMENU | DESKTOP_CREATEWINDOW | DESKTOP_HOOKCONTROL | \
86 | DESKTOP_JOURNALPLAYBACK | DESKTOP_JOURNALRECORD | DESKTOP_WRITEOBJECTS | \
87 | STANDARD_RIGHTS_WRITE)
88 | #define DESKTOP_GENERIC_EXECUTE \
89 | (DESKTOP_SWITCHDESKTOP | STANDARD_RIGHTS_EXECUTE)
90 |
91 | // Window station access rights
92 | #define WINSTA_GENERIC_READ \
93 | (WINSTA_ENUMDESKTOPS | WINSTA_ENUMERATE | WINSTA_READATTRIBUTES | \
94 | WINSTA_READSCREEN | STANDARD_RIGHTS_READ)
95 | #define WINSTA_GENERIC_WRITE \
96 | (WINSTA_ACCESSCLIPBOARD | WINSTA_CREATEDESKTOP | WINSTA_WRITEATTRIBUTES | \
97 | STANDARD_RIGHTS_WRITE)
98 | #define WINSTA_GENERIC_EXECUTE \
99 | (WINSTA_ACCESSGLOBALATOMS | WINSTA_EXITWINDOWS | STANDARD_RIGHTS_EXECUTE)
100 |
101 | // WMI access rights
102 | #define WMIGUID_GENERIC_READ \
103 | (WMIGUID_QUERY | WMIGUID_NOTIFICATION | WMIGUID_READ_DESCRIPTION | \
104 | STANDARD_RIGHTS_READ)
105 | #define WMIGUID_GENERIC_WRITE \
106 | (WMIGUID_SET | TRACELOG_CREATE_REALTIME | TRACELOG_CREATE_ONDISK | \
107 | STANDARD_RIGHTS_WRITE)
108 | #define WMIGUID_GENERIC_EXECUTE \
109 | (WMIGUID_EXECUTE | TRACELOG_GUID_ENABLE | TRACELOG_LOG_EVENT | \
110 | TRACELOG_ACCESS_REALTIME | TRACELOG_REGISTER_GUIDS | \
111 | STANDARD_RIGHTS_EXECUTE)
112 |
113 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntpnpapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef enum _PLUGPLAY_EVENT_CATEGORY
4 | {
5 | HardwareProfileChangeEvent,
6 | TargetDeviceChangeEvent,
7 | DeviceClassChangeEvent,
8 | CustomDeviceEvent,
9 | DeviceInstallEvent,
10 | DeviceArrivalEvent,
11 | PowerEvent,
12 | VetoEvent,
13 | BlockedDriverEvent,
14 | InvalidIDEvent,
15 | MaxPlugEventCategory
16 | } PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
17 |
18 | typedef struct _PLUGPLAY_EVENT_BLOCK
19 | {
20 | GUID EventGuid;
21 | PLUGPLAY_EVENT_CATEGORY EventCategory;
22 | PULONG Result;
23 | ULONG Flags;
24 | ULONG TotalSize;
25 | PVOID DeviceObject;
26 |
27 | union
28 | {
29 | struct
30 | {
31 | GUID ClassGuid;
32 | WCHAR SymbolicLinkName[1];
33 | } DeviceClass;
34 | struct
35 | {
36 | WCHAR DeviceIds[1];
37 | } TargetDevice;
38 | struct
39 | {
40 | WCHAR DeviceId[1];
41 | } InstallDevice;
42 | struct
43 | {
44 | PVOID NotificationStructure;
45 | WCHAR DeviceIds[1];
46 | } CustomNotification;
47 | struct
48 | {
49 | PVOID Notification;
50 | } ProfileNotification;
51 | struct
52 | {
53 | ULONG NotificationCode;
54 | ULONG NotificationData;
55 | } PowerNotification;
56 | struct
57 | {
58 | PNP_VETO_TYPE VetoType;
59 | WCHAR DeviceIdVetoNameBuffer[1]; // DeviceIdVetoName
60 | } VetoNotification;
61 | struct
62 | {
63 | GUID BlockedDriverGuid;
64 | } BlockedDriverNotification;
65 | struct
66 | {
67 | WCHAR ParentId[1];
68 | } InvalidIDNotification;
69 | } u;
70 | } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
71 |
72 | typedef enum _PLUGPLAY_CONTROL_CLASS
73 | {
74 | PlugPlayControlEnumerateDevice,
75 | PlugPlayControlRegisterNewDevice,
76 | PlugPlayControlDeregisterDevice,
77 | PlugPlayControlInitializeDevice,
78 | PlugPlayControlStartDevice,
79 | PlugPlayControlUnlockDevice,
80 | PlugPlayControlQueryAndRemoveDevice,
81 | PlugPlayControlUserResponse,
82 | PlugPlayControlGenerateLegacyDevice,
83 | PlugPlayControlGetInterfaceDeviceList,
84 | PlugPlayControlProperty,
85 | PlugPlayControlDeviceClassAssociation,
86 | PlugPlayControlGetRelatedDevice,
87 | PlugPlayControlGetInterfaceDeviceAlias,
88 | PlugPlayControlDeviceStatus,
89 | PlugPlayControlGetDeviceDepth,
90 | PlugPlayControlQueryDeviceRelations,
91 | PlugPlayControlTargetDeviceRelation,
92 | PlugPlayControlQueryConflictList,
93 | PlugPlayControlRetrieveDock,
94 | PlugPlayControlResetDevice,
95 | PlugPlayControlHaltDevice,
96 | PlugPlayControlGetBlockedDriverList,
97 | PlugPlayControlGetDeviceInterfaceEnabled,
98 | MaxPlugPlayControl
99 | } PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS;
100 |
101 | #if (NTDDI_VERSION < NTDDI_WIN8)
102 | NTSYSCALLAPI
103 | NTSTATUS
104 | NTAPI
105 | NtGetPlugPlayEvent(
106 | _In_ HANDLE EventHandle,
107 | _In_opt_ PVOID Context,
108 | _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock,
109 | _In_ ULONG EventBufferSize
110 | );
111 | #endif
112 |
113 | NTSYSCALLAPI
114 | NTSTATUS
115 | NTAPI
116 | NtPlugPlayControl(
117 | _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass,
118 | _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData,
119 | _In_ ULONG PnPControlDataLength
120 | );
121 |
122 | #if (NTDDI_VERSION >= NTDDI_WIN7)
123 |
124 | NTSYSCALLAPI
125 | NTSTATUS
126 | NTAPI
127 | NtSerializeBoot(
128 | VOID
129 | );
130 |
131 | NTSYSCALLAPI
132 | NTSTATUS
133 | NTAPI
134 | NtEnableLastKnownGood(
135 | VOID
136 | );
137 |
138 | NTSYSCALLAPI
139 | NTSTATUS
140 | NTAPI
141 | NtDisableLastKnownGood(
142 | VOID
143 | );
144 |
145 | #endif
146 |
147 | #if (NTDDI_VERSION >= NTDDI_VISTA)
148 | NTSYSCALLAPI
149 | NTSTATUS
150 | NTAPI
151 | NtReplacePartitionUnit(
152 | _In_ PUNICODE_STRING TargetInstancePath,
153 | _In_ PUNICODE_STRING SpareInstancePath,
154 | _In_ ULONG Flags
155 | );
156 | #endif
157 |
158 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntpnpapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef enum _PLUGPLAY_EVENT_CATEGORY
4 | {
5 | HardwareProfileChangeEvent,
6 | TargetDeviceChangeEvent,
7 | DeviceClassChangeEvent,
8 | CustomDeviceEvent,
9 | DeviceInstallEvent,
10 | DeviceArrivalEvent,
11 | PowerEvent,
12 | VetoEvent,
13 | BlockedDriverEvent,
14 | InvalidIDEvent,
15 | MaxPlugEventCategory
16 | } PLUGPLAY_EVENT_CATEGORY, *PPLUGPLAY_EVENT_CATEGORY;
17 |
18 | typedef struct _PLUGPLAY_EVENT_BLOCK
19 | {
20 | GUID EventGuid;
21 | PLUGPLAY_EVENT_CATEGORY EventCategory;
22 | PULONG Result;
23 | ULONG Flags;
24 | ULONG TotalSize;
25 | PVOID DeviceObject;
26 |
27 | union
28 | {
29 | struct
30 | {
31 | GUID ClassGuid;
32 | WCHAR SymbolicLinkName[1];
33 | } DeviceClass;
34 | struct
35 | {
36 | WCHAR DeviceIds[1];
37 | } TargetDevice;
38 | struct
39 | {
40 | WCHAR DeviceId[1];
41 | } InstallDevice;
42 | struct
43 | {
44 | PVOID NotificationStructure;
45 | WCHAR DeviceIds[1];
46 | } CustomNotification;
47 | struct
48 | {
49 | PVOID Notification;
50 | } ProfileNotification;
51 | struct
52 | {
53 | ULONG NotificationCode;
54 | ULONG NotificationData;
55 | } PowerNotification;
56 | struct
57 | {
58 | PNP_VETO_TYPE VetoType;
59 | WCHAR DeviceIdVetoNameBuffer[1]; // DeviceIdVetoName
60 | } VetoNotification;
61 | struct
62 | {
63 | GUID BlockedDriverGuid;
64 | } BlockedDriverNotification;
65 | struct
66 | {
67 | WCHAR ParentId[1];
68 | } InvalidIDNotification;
69 | } u;
70 | } PLUGPLAY_EVENT_BLOCK, *PPLUGPLAY_EVENT_BLOCK;
71 |
72 | typedef enum _PLUGPLAY_CONTROL_CLASS
73 | {
74 | PlugPlayControlEnumerateDevice,
75 | PlugPlayControlRegisterNewDevice,
76 | PlugPlayControlDeregisterDevice,
77 | PlugPlayControlInitializeDevice,
78 | PlugPlayControlStartDevice,
79 | PlugPlayControlUnlockDevice,
80 | PlugPlayControlQueryAndRemoveDevice,
81 | PlugPlayControlUserResponse,
82 | PlugPlayControlGenerateLegacyDevice,
83 | PlugPlayControlGetInterfaceDeviceList,
84 | PlugPlayControlProperty,
85 | PlugPlayControlDeviceClassAssociation,
86 | PlugPlayControlGetRelatedDevice,
87 | PlugPlayControlGetInterfaceDeviceAlias,
88 | PlugPlayControlDeviceStatus,
89 | PlugPlayControlGetDeviceDepth,
90 | PlugPlayControlQueryDeviceRelations,
91 | PlugPlayControlTargetDeviceRelation,
92 | PlugPlayControlQueryConflictList,
93 | PlugPlayControlRetrieveDock,
94 | PlugPlayControlResetDevice,
95 | PlugPlayControlHaltDevice,
96 | PlugPlayControlGetBlockedDriverList,
97 | PlugPlayControlGetDeviceInterfaceEnabled,
98 | MaxPlugPlayControl
99 | } PLUGPLAY_CONTROL_CLASS, *PPLUGPLAY_CONTROL_CLASS;
100 |
101 | #if (NTDDI_VERSION < NTDDI_WIN8)
102 | NTSYSCALLAPI
103 | NTSTATUS
104 | NTAPI
105 | NtGetPlugPlayEvent(
106 | _In_ HANDLE EventHandle,
107 | _In_opt_ PVOID Context,
108 | _Out_writes_bytes_(EventBufferSize) PPLUGPLAY_EVENT_BLOCK EventBlock,
109 | _In_ ULONG EventBufferSize
110 | );
111 | #endif
112 |
113 | NTSYSCALLAPI
114 | NTSTATUS
115 | NTAPI
116 | NtPlugPlayControl(
117 | _In_ PLUGPLAY_CONTROL_CLASS PnPControlClass,
118 | _Inout_updates_bytes_(PnPControlDataLength) PVOID PnPControlData,
119 | _In_ ULONG PnPControlDataLength
120 | );
121 |
122 | #if (NTDDI_VERSION >= NTDDI_WIN7)
123 |
124 | NTSYSCALLAPI
125 | NTSTATUS
126 | NTAPI
127 | NtSerializeBoot(
128 | VOID
129 | );
130 |
131 | NTSYSCALLAPI
132 | NTSTATUS
133 | NTAPI
134 | NtEnableLastKnownGood(
135 | VOID
136 | );
137 |
138 | NTSYSCALLAPI
139 | NTSTATUS
140 | NTAPI
141 | NtDisableLastKnownGood(
142 | VOID
143 | );
144 |
145 | #endif
146 |
147 | #if (NTDDI_VERSION >= NTDDI_VISTA)
148 | NTSYSCALLAPI
149 | NTSTATUS
150 | NTAPI
151 | NtReplacePartitionUnit(
152 | _In_ PUNICODE_STRING TargetInstancePath,
153 | _In_ PUNICODE_STRING SpareInstancePath,
154 | _In_ ULONG Flags
155 | );
156 | #endif
157 |
158 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntgdi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define GDI_MAX_HANDLE_COUNT 0x4000
4 |
5 | #define GDI_HANDLE_INDEX_SHIFT 0
6 | #define GDI_HANDLE_INDEX_BITS 16
7 | #define GDI_HANDLE_INDEX_MASK 0xffff
8 |
9 | #define GDI_HANDLE_TYPE_SHIFT 16
10 | #define GDI_HANDLE_TYPE_BITS 5
11 | #define GDI_HANDLE_TYPE_MASK 0x1f
12 |
13 | #define GDI_HANDLE_ALTTYPE_SHIFT 21
14 | #define GDI_HANDLE_ALTTYPE_BITS 2
15 | #define GDI_HANDLE_ALTTYPE_MASK 0x3
16 |
17 | #define GDI_HANDLE_STOCK_SHIFT 23
18 | #define GDI_HANDLE_STOCK_BITS 1
19 | #define GDI_HANDLE_STOCK_MASK 0x1
20 |
21 | #define GDI_HANDLE_UNIQUE_SHIFT 24
22 | #define GDI_HANDLE_UNIQUE_BITS 8
23 | #define GDI_HANDLE_UNIQUE_MASK 0xff
24 |
25 | #define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK)
26 | #define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK)
27 | #define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK)
28 | #define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK)
29 |
30 | #define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index)))
31 |
32 | // GDI server-side types
33 |
34 | #define GDI_DEF_TYPE 0 // invalid handle
35 | #define GDI_DC_TYPE 1
36 | #define GDI_DD_DIRECTDRAW_TYPE 2
37 | #define GDI_DD_SURFACE_TYPE 3
38 | #define GDI_RGN_TYPE 4
39 | #define GDI_SURF_TYPE 5
40 | #define GDI_CLIENTOBJ_TYPE 6
41 | #define GDI_PATH_TYPE 7
42 | #define GDI_PAL_TYPE 8
43 | #define GDI_ICMLCS_TYPE 9
44 | #define GDI_LFONT_TYPE 10
45 | #define GDI_RFONT_TYPE 11
46 | #define GDI_PFE_TYPE 12
47 | #define GDI_PFT_TYPE 13
48 | #define GDI_ICMCXF_TYPE 14
49 | #define GDI_ICMDLL_TYPE 15
50 | #define GDI_BRUSH_TYPE 16
51 | #define GDI_PFF_TYPE 17 // unused
52 | #define GDI_CACHE_TYPE 18 // unused
53 | #define GDI_SPACE_TYPE 19
54 | #define GDI_DBRUSH_TYPE 20 // unused
55 | #define GDI_META_TYPE 21
56 | #define GDI_EFSTATE_TYPE 22
57 | #define GDI_BMFD_TYPE 23 // unused
58 | #define GDI_VTFD_TYPE 24 // unused
59 | #define GDI_TTFD_TYPE 25 // unused
60 | #define GDI_RC_TYPE 26 // unused
61 | #define GDI_TEMP_TYPE 27 // unused
62 | #define GDI_DRVOBJ_TYPE 28
63 | #define GDI_DCIOBJ_TYPE 29 // unused
64 | #define GDI_SPOOL_TYPE 30
65 |
66 | // GDI client-side types
67 |
68 | #define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \
69 | (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT)))
70 | #define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16)
71 |
72 | #define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT)
73 | #define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT)
74 | #define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT)
75 |
76 | #define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT)
77 | #define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT)
78 | #define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT)
79 | #define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT)
80 | #define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT)
81 | #define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT)
82 | #define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT)
83 |
84 | #define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1)
85 | #define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1)
86 | #define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2)
87 | #define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3)
88 | #define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2)
89 | #define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1)
90 | #define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1)
91 |
92 | typedef struct _GDI_HANDLE_ENTRY
93 | {
94 | union
95 | {
96 | PVOID Object;
97 | PVOID NextFree;
98 | };
99 | union
100 | {
101 | struct
102 | {
103 | USHORT ProcessId;
104 | USHORT Lock : 1;
105 | USHORT Count : 15;
106 | };
107 | ULONG Value;
108 | } Owner;
109 | USHORT Unique;
110 | UCHAR Type;
111 | UCHAR Flags;
112 | PVOID UserPointer;
113 | } GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY;
114 |
115 | typedef struct _GDI_SHARED_MEMORY
116 | {
117 | GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
118 | } GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;
119 |
120 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntgdi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define GDI_MAX_HANDLE_COUNT 0x4000
4 |
5 | #define GDI_HANDLE_INDEX_SHIFT 0
6 | #define GDI_HANDLE_INDEX_BITS 16
7 | #define GDI_HANDLE_INDEX_MASK 0xffff
8 |
9 | #define GDI_HANDLE_TYPE_SHIFT 16
10 | #define GDI_HANDLE_TYPE_BITS 5
11 | #define GDI_HANDLE_TYPE_MASK 0x1f
12 |
13 | #define GDI_HANDLE_ALTTYPE_SHIFT 21
14 | #define GDI_HANDLE_ALTTYPE_BITS 2
15 | #define GDI_HANDLE_ALTTYPE_MASK 0x3
16 |
17 | #define GDI_HANDLE_STOCK_SHIFT 23
18 | #define GDI_HANDLE_STOCK_BITS 1
19 | #define GDI_HANDLE_STOCK_MASK 0x1
20 |
21 | #define GDI_HANDLE_UNIQUE_SHIFT 24
22 | #define GDI_HANDLE_UNIQUE_BITS 8
23 | #define GDI_HANDLE_UNIQUE_MASK 0xff
24 |
25 | #define GDI_HANDLE_INDEX(Handle) ((ULONG)(Handle) & GDI_HANDLE_INDEX_MASK)
26 | #define GDI_HANDLE_TYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_TYPE_SHIFT) & GDI_HANDLE_TYPE_MASK)
27 | #define GDI_HANDLE_ALTTYPE(Handle) (((ULONG)(Handle) >> GDI_HANDLE_ALTTYPE_SHIFT) & GDI_HANDLE_ALTTYPE_MASK)
28 | #define GDI_HANDLE_STOCK(Handle) (((ULONG)(Handle) >> GDI_HANDLE_STOCK_SHIFT)) & GDI_HANDLE_STOCK_MASK)
29 |
30 | #define GDI_MAKE_HANDLE(Index, Unique) ((ULONG)(((ULONG)(Unique) << GDI_HANDLE_INDEX_BITS) | (ULONG)(Index)))
31 |
32 | // GDI server-side types
33 |
34 | #define GDI_DEF_TYPE 0 // invalid handle
35 | #define GDI_DC_TYPE 1
36 | #define GDI_DD_DIRECTDRAW_TYPE 2
37 | #define GDI_DD_SURFACE_TYPE 3
38 | #define GDI_RGN_TYPE 4
39 | #define GDI_SURF_TYPE 5
40 | #define GDI_CLIENTOBJ_TYPE 6
41 | #define GDI_PATH_TYPE 7
42 | #define GDI_PAL_TYPE 8
43 | #define GDI_ICMLCS_TYPE 9
44 | #define GDI_LFONT_TYPE 10
45 | #define GDI_RFONT_TYPE 11
46 | #define GDI_PFE_TYPE 12
47 | #define GDI_PFT_TYPE 13
48 | #define GDI_ICMCXF_TYPE 14
49 | #define GDI_ICMDLL_TYPE 15
50 | #define GDI_BRUSH_TYPE 16
51 | #define GDI_PFF_TYPE 17 // unused
52 | #define GDI_CACHE_TYPE 18 // unused
53 | #define GDI_SPACE_TYPE 19
54 | #define GDI_DBRUSH_TYPE 20 // unused
55 | #define GDI_META_TYPE 21
56 | #define GDI_EFSTATE_TYPE 22
57 | #define GDI_BMFD_TYPE 23 // unused
58 | #define GDI_VTFD_TYPE 24 // unused
59 | #define GDI_TTFD_TYPE 25 // unused
60 | #define GDI_RC_TYPE 26 // unused
61 | #define GDI_TEMP_TYPE 27 // unused
62 | #define GDI_DRVOBJ_TYPE 28
63 | #define GDI_DCIOBJ_TYPE 29 // unused
64 | #define GDI_SPOOL_TYPE 30
65 |
66 | // GDI client-side types
67 |
68 | #define GDI_CLIENT_TYPE_FROM_HANDLE(Handle) ((ULONG)(Handle) & ((GDI_HANDLE_ALTTYPE_MASK << GDI_HANDLE_ALTTYPE_SHIFT) | \
69 | (GDI_HANDLE_TYPE_MASK << GDI_HANDLE_TYPE_SHIFT)))
70 | #define GDI_CLIENT_TYPE_FROM_UNIQUE(Unique) GDI_CLIENT_TYPE_FROM_HANDLE((ULONG)(Unique) << 16)
71 |
72 | #define GDI_ALTTYPE_1 (1 << GDI_HANDLE_ALTTYPE_SHIFT)
73 | #define GDI_ALTTYPE_2 (2 << GDI_HANDLE_ALTTYPE_SHIFT)
74 | #define GDI_ALTTYPE_3 (3 << GDI_HANDLE_ALTTYPE_SHIFT)
75 |
76 | #define GDI_CLIENT_BITMAP_TYPE (GDI_SURF_TYPE << GDI_HANDLE_TYPE_SHIFT)
77 | #define GDI_CLIENT_BRUSH_TYPE (GDI_BRUSH_TYPE << GDI_HANDLE_TYPE_SHIFT)
78 | #define GDI_CLIENT_CLIENTOBJ_TYPE (GDI_CLIENTOBJ_TYPE << GDI_HANDLE_TYPE_SHIFT)
79 | #define GDI_CLIENT_DC_TYPE (GDI_DC_TYPE << GDI_HANDLE_TYPE_SHIFT)
80 | #define GDI_CLIENT_FONT_TYPE (GDI_LFONT_TYPE << GDI_HANDLE_TYPE_SHIFT)
81 | #define GDI_CLIENT_PALETTE_TYPE (GDI_PAL_TYPE << GDI_HANDLE_TYPE_SHIFT)
82 | #define GDI_CLIENT_REGION_TYPE (GDI_RGN_TYPE << GDI_HANDLE_TYPE_SHIFT)
83 |
84 | #define GDI_CLIENT_ALTDC_TYPE (GDI_CLIENT_DC_TYPE | GDI_ALTTYPE_1)
85 | #define GDI_CLIENT_DIBSECTION_TYPE (GDI_CLIENT_BITMAP_TYPE | GDI_ALTTYPE_1)
86 | #define GDI_CLIENT_EXTPEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_2)
87 | #define GDI_CLIENT_METADC16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_3)
88 | #define GDI_CLIENT_METAFILE_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_2)
89 | #define GDI_CLIENT_METAFILE16_TYPE (GDI_CLIENT_CLIENTOBJ_TYPE | GDI_ALTTYPE_1)
90 | #define GDI_CLIENT_PEN_TYPE (GDI_CLIENT_BRUSH_TYPE | GDI_ALTTYPE_1)
91 |
92 | typedef struct _GDI_HANDLE_ENTRY
93 | {
94 | union
95 | {
96 | PVOID Object;
97 | PVOID NextFree;
98 | };
99 | union
100 | {
101 | struct
102 | {
103 | USHORT ProcessId;
104 | USHORT Lock : 1;
105 | USHORT Count : 15;
106 | };
107 | ULONG Value;
108 | } Owner;
109 | USHORT Unique;
110 | UCHAR Type;
111 | UCHAR Flags;
112 | PVOID UserPointer;
113 | } GDI_HANDLE_ENTRY, *PGDI_HANDLE_ENTRY;
114 |
115 | typedef struct _GDI_SHARED_MEMORY
116 | {
117 | GDI_HANDLE_ENTRY Handles[GDI_MAX_HANDLE_COUNT];
118 | } GDI_SHARED_MEMORY, *PGDI_SHARED_MEMORY;
119 |
120 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntpoapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef union _POWER_STATE
4 | {
5 | SYSTEM_POWER_STATE SystemState;
6 | DEVICE_POWER_STATE DeviceState;
7 | } POWER_STATE, *PPOWER_STATE;
8 |
9 | typedef enum _POWER_STATE_TYPE
10 | {
11 | SystemPowerState = 0,
12 | DevicePowerState
13 | } POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
14 |
15 | #if (NTDDI_VERSION >= NTDDI_VISTA)
16 | // wdm
17 | typedef struct _SYSTEM_POWER_STATE_CONTEXT
18 | {
19 | union
20 | {
21 | struct
22 | {
23 | ULONG Reserved1 : 8;
24 | ULONG TargetSystemState : 4;
25 | ULONG EffectiveSystemState : 4;
26 | ULONG CurrentSystemState : 4;
27 | ULONG IgnoreHibernationPath : 1;
28 | ULONG PseudoTransition : 1;
29 | ULONG Reserved2 : 10;
30 | };
31 | ULONG ContextAsUlong;
32 | };
33 | } SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT;
34 | #endif
35 |
36 | #if (NTDDI_VERSION >= NTDDI_WIN7)
37 | /** \cond NEVER */ // disable doxygen warning
38 | // wdm
39 | typedef struct _COUNTED_REASON_CONTEXT
40 | {
41 | ULONG Version;
42 | ULONG Flags;
43 | union
44 | {
45 | struct
46 | {
47 | UNICODE_STRING ResourceFileName;
48 | USHORT ResourceReasonId;
49 | ULONG StringCount;
50 | PUNICODE_STRING _Field_size_(StringCount) ReasonStrings;
51 | };
52 | UNICODE_STRING SimpleString;
53 | };
54 | } COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT;
55 | /** \endcond */
56 | #endif
57 |
58 | typedef enum
59 | {
60 | PowerStateSleeping1 = 0,
61 | PowerStateSleeping2 = 1,
62 | PowerStateSleeping3 = 2,
63 | PowerStateSleeping4 = 3,
64 | PowerStateShutdownOff = 4,
65 | PowerStateShutdownReset = 5,
66 | PowerStateSleeping4Firmware = 6,
67 | PowerStateMaximum = 7
68 | } POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE;
69 |
70 | typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)(
71 | _In_ PVOID SystemContext
72 | );
73 |
74 | typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)(
75 | _In_ PVOID Context,
76 | _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler,
77 | _In_ PVOID SystemContext,
78 | _In_ LONG NumberProcessors,
79 | _In_ volatile PLONG Number
80 | );
81 |
82 | typedef struct _POWER_STATE_HANDLER
83 | {
84 | POWER_STATE_HANDLER_TYPE Type;
85 | BOOLEAN RtcWake;
86 | UCHAR Spare[3];
87 | PENTER_STATE_HANDLER Handler;
88 | PVOID Context;
89 | } POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER;
90 |
91 | typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)(
92 | _In_ POWER_STATE_HANDLER_TYPE State,
93 | _In_ PVOID Context,
94 | _In_ BOOLEAN Entering
95 | );
96 |
97 | typedef struct _POWER_STATE_NOTIFY_HANDLER
98 | {
99 | PENTER_STATE_NOTIFY_HANDLER Handler;
100 | PVOID Context;
101 | } POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER;
102 |
103 | typedef struct _PROCESSOR_POWER_INFORMATION
104 | {
105 | ULONG Number;
106 | ULONG MaxMhz;
107 | ULONG CurrentMhz;
108 | ULONG MhzLimit;
109 | ULONG MaxIdleState;
110 | ULONG CurrentIdleState;
111 | } PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION;
112 |
113 | typedef struct _SYSTEM_POWER_INFORMATION
114 | {
115 | ULONG MaxIdlenessAllowed;
116 | ULONG Idleness;
117 | ULONG TimeRemaining;
118 | UCHAR CoolingMode;
119 | } SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;
120 |
121 | NTSYSCALLAPI
122 | NTSTATUS
123 | NTAPI
124 | NtPowerInformation(
125 | _In_ POWER_INFORMATION_LEVEL InformationLevel,
126 | _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
127 | _In_ ULONG InputBufferLength,
128 | _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
129 | _In_ ULONG OutputBufferLength
130 | );
131 |
132 | NTSYSCALLAPI
133 | NTSTATUS
134 | NTAPI
135 | NtSetThreadExecutionState(
136 | _In_ EXECUTION_STATE NewFlags, // ES_* flags
137 | _Out_ EXECUTION_STATE *PreviousFlags
138 | );
139 |
140 | NTSYSCALLAPI
141 | NTSTATUS
142 | NTAPI
143 | NtRequestWakeupLatency(
144 | _In_ LATENCY_TIME latency
145 | );
146 |
147 | NTSYSCALLAPI
148 | NTSTATUS
149 | NTAPI
150 | NtInitiatePowerAction(
151 | _In_ POWER_ACTION SystemAction,
152 | _In_ SYSTEM_POWER_STATE LightestSystemState,
153 | _In_ ULONG Flags, // POWER_ACTION_* flags
154 | _In_ BOOLEAN Asynchronous
155 | );
156 |
157 | NTSYSCALLAPI
158 | NTSTATUS
159 | NTAPI
160 | NtSetSystemPowerState(
161 | _In_ POWER_ACTION SystemAction,
162 | _In_ SYSTEM_POWER_STATE LightestSystemState,
163 | _In_ ULONG Flags // POWER_ACTION_* flags
164 | );
165 |
166 | NTSYSCALLAPI
167 | NTSTATUS
168 | NTAPI
169 | NtGetDevicePowerState(
170 | _In_ HANDLE Device,
171 | _Out_ PDEVICE_POWER_STATE State
172 | );
173 |
174 | NTSYSCALLAPI
175 | BOOLEAN
176 | NTAPI
177 | NtIsSystemResumeAutomatic(
178 | VOID
179 | );
180 |
181 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntpoapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef union _POWER_STATE
4 | {
5 | SYSTEM_POWER_STATE SystemState;
6 | DEVICE_POWER_STATE DeviceState;
7 | } POWER_STATE, *PPOWER_STATE;
8 |
9 | typedef enum _POWER_STATE_TYPE
10 | {
11 | SystemPowerState = 0,
12 | DevicePowerState
13 | } POWER_STATE_TYPE, *PPOWER_STATE_TYPE;
14 |
15 | #if (NTDDI_VERSION >= NTDDI_VISTA)
16 | // wdm
17 | typedef struct _SYSTEM_POWER_STATE_CONTEXT
18 | {
19 | union
20 | {
21 | struct
22 | {
23 | ULONG Reserved1 : 8;
24 | ULONG TargetSystemState : 4;
25 | ULONG EffectiveSystemState : 4;
26 | ULONG CurrentSystemState : 4;
27 | ULONG IgnoreHibernationPath : 1;
28 | ULONG PseudoTransition : 1;
29 | ULONG Reserved2 : 10;
30 | };
31 | ULONG ContextAsUlong;
32 | };
33 | } SYSTEM_POWER_STATE_CONTEXT, *PSYSTEM_POWER_STATE_CONTEXT;
34 | #endif
35 |
36 | #if (NTDDI_VERSION >= NTDDI_WIN7)
37 | /** \cond NEVER */ // disable doxygen warning
38 | // wdm
39 | typedef struct _COUNTED_REASON_CONTEXT
40 | {
41 | ULONG Version;
42 | ULONG Flags;
43 | union
44 | {
45 | struct
46 | {
47 | UNICODE_STRING ResourceFileName;
48 | USHORT ResourceReasonId;
49 | ULONG StringCount;
50 | PUNICODE_STRING _Field_size_(StringCount) ReasonStrings;
51 | };
52 | UNICODE_STRING SimpleString;
53 | };
54 | } COUNTED_REASON_CONTEXT, *PCOUNTED_REASON_CONTEXT;
55 | /** \endcond */
56 | #endif
57 |
58 | typedef enum
59 | {
60 | PowerStateSleeping1 = 0,
61 | PowerStateSleeping2 = 1,
62 | PowerStateSleeping3 = 2,
63 | PowerStateSleeping4 = 3,
64 | PowerStateShutdownOff = 4,
65 | PowerStateShutdownReset = 5,
66 | PowerStateSleeping4Firmware = 6,
67 | PowerStateMaximum = 7
68 | } POWER_STATE_HANDLER_TYPE, *PPOWER_STATE_HANDLER_TYPE;
69 |
70 | typedef NTSTATUS (NTAPI *PENTER_STATE_SYSTEM_HANDLER)(
71 | _In_ PVOID SystemContext
72 | );
73 |
74 | typedef NTSTATUS (NTAPI *PENTER_STATE_HANDLER)(
75 | _In_ PVOID Context,
76 | _In_opt_ PENTER_STATE_SYSTEM_HANDLER SystemHandler,
77 | _In_ PVOID SystemContext,
78 | _In_ LONG NumberProcessors,
79 | _In_ volatile PLONG Number
80 | );
81 |
82 | typedef struct _POWER_STATE_HANDLER
83 | {
84 | POWER_STATE_HANDLER_TYPE Type;
85 | BOOLEAN RtcWake;
86 | UCHAR Spare[3];
87 | PENTER_STATE_HANDLER Handler;
88 | PVOID Context;
89 | } POWER_STATE_HANDLER, *PPOWER_STATE_HANDLER;
90 |
91 | typedef NTSTATUS (NTAPI *PENTER_STATE_NOTIFY_HANDLER)(
92 | _In_ POWER_STATE_HANDLER_TYPE State,
93 | _In_ PVOID Context,
94 | _In_ BOOLEAN Entering
95 | );
96 |
97 | typedef struct _POWER_STATE_NOTIFY_HANDLER
98 | {
99 | PENTER_STATE_NOTIFY_HANDLER Handler;
100 | PVOID Context;
101 | } POWER_STATE_NOTIFY_HANDLER, *PPOWER_STATE_NOTIFY_HANDLER;
102 |
103 | typedef struct _PROCESSOR_POWER_INFORMATION
104 | {
105 | ULONG Number;
106 | ULONG MaxMhz;
107 | ULONG CurrentMhz;
108 | ULONG MhzLimit;
109 | ULONG MaxIdleState;
110 | ULONG CurrentIdleState;
111 | } PROCESSOR_POWER_INFORMATION, *PPROCESSOR_POWER_INFORMATION;
112 |
113 | typedef struct _SYSTEM_POWER_INFORMATION
114 | {
115 | ULONG MaxIdlenessAllowed;
116 | ULONG Idleness;
117 | ULONG TimeRemaining;
118 | UCHAR CoolingMode;
119 | } SYSTEM_POWER_INFORMATION, *PSYSTEM_POWER_INFORMATION;
120 |
121 | NTSYSCALLAPI
122 | NTSTATUS
123 | NTAPI
124 | NtPowerInformation(
125 | _In_ POWER_INFORMATION_LEVEL InformationLevel,
126 | _In_reads_bytes_opt_(InputBufferLength) PVOID InputBuffer,
127 | _In_ ULONG InputBufferLength,
128 | _Out_writes_bytes_opt_(OutputBufferLength) PVOID OutputBuffer,
129 | _In_ ULONG OutputBufferLength
130 | );
131 |
132 | NTSYSCALLAPI
133 | NTSTATUS
134 | NTAPI
135 | NtSetThreadExecutionState(
136 | _In_ EXECUTION_STATE NewFlags, // ES_* flags
137 | _Out_ EXECUTION_STATE *PreviousFlags
138 | );
139 |
140 | NTSYSCALLAPI
141 | NTSTATUS
142 | NTAPI
143 | NtRequestWakeupLatency(
144 | _In_ LATENCY_TIME latency
145 | );
146 |
147 | NTSYSCALLAPI
148 | NTSTATUS
149 | NTAPI
150 | NtInitiatePowerAction(
151 | _In_ POWER_ACTION SystemAction,
152 | _In_ SYSTEM_POWER_STATE LightestSystemState,
153 | _In_ ULONG Flags, // POWER_ACTION_* flags
154 | _In_ BOOLEAN Asynchronous
155 | );
156 |
157 | NTSYSCALLAPI
158 | NTSTATUS
159 | NTAPI
160 | NtSetSystemPowerState(
161 | _In_ POWER_ACTION SystemAction,
162 | _In_ SYSTEM_POWER_STATE LightestSystemState,
163 | _In_ ULONG Flags // POWER_ACTION_* flags
164 | );
165 |
166 | NTSYSCALLAPI
167 | NTSTATUS
168 | NTAPI
169 | NtGetDevicePowerState(
170 | _In_ HANDLE Device,
171 | _Out_ PDEVICE_POWER_STATE State
172 | );
173 |
174 | NTSYSCALLAPI
175 | BOOLEAN
176 | NTAPI
177 | NtIsSystemResumeAutomatic(
178 | VOID
179 | );
180 |
181 |
--------------------------------------------------------------------------------
/KrkrzInternal/SectionProtector.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | #ifndef _SECTIONPROTECTOR_H_00185e71_a85a_4b7a_bc62_08ac6375404c_
3 | #define _SECTIONPROTECTOR_H_00185e71_a85a_4b7a_bc62_08ac6375404c_
4 |
5 | #include
6 |
7 | #if SUPPORT_VA_ARGS_MACRO
8 |
9 | //#define PROTECT_SECTION_(Type, Ptr, ...) for (SectionProtector _cc(Ptr, __VA_ARGS__); _cc ; )
10 |
11 |
12 | #define PROTECT_SECTION_WORKER(Type, Ptr, Name, ...) \
13 | for (SectionProtector _cc(Ptr, __VA_ARGS__); _cc.__Condition; _cc.__Condition = FALSE)
14 |
15 |
16 | #define PROTECT_SECTION__(Type, Ptr, Name, ...) PROTECT_SECTION_WORKER(Type, Ptr, Name, __VA_ARGS__)
17 | #define PROTECT_SECTION_(Type, Ptr, ...) PROTECT_SECTION__(Type, Ptr, MAKE_UNIQUE_NAME(__LINE__), __VA_ARGS__)
18 | #define PROTECT_SECTION(LockPtr, ...) PROTECT_SECTION_(TYPE_OF(LockPtr), LockPtr, __VA_ARGS__)
19 |
20 | #else // no va args
21 |
22 | #define PROTECT_SECTION_(Type, Ptr) for (SectionProtector _cc(Ptr); _cc.__Number != 0 ; --_cc.__Number)
23 | #define PROTECT_SECTION(LockPtr) PROTECT_SECTION_(TYPE_OF(LockPtr), LockPtr)
24 |
25 | #endif // SUPPORT_VA_ARGS_MACRO
26 |
27 | #define PROTECT_SECTION_INLINE ForceInline
28 |
29 | ML_NAMESPACE_BEGIN(SectionProtectorTypes)
30 |
31 | enum
32 | {
33 | SharedLock,
34 | ExclusiveLock,
35 | };
36 |
37 | ML_NAMESPACE_END_(SectionProtectorTypes);
38 |
39 | class SectionProtectorBase
40 | {
41 | public:
42 | BOOL __Condition;
43 |
44 | PROTECT_SECTION_INLINE SectionProtectorBase()
45 | {
46 | __Condition = TRUE;
47 | }
48 | };
49 |
50 | template
51 | class SectionProtector : public SectionProtectorBase
52 | {
53 | private:
54 | SectionProtector(LockType *Lock) {}
55 | };
56 |
57 |
58 | #if ML_KERNEL_MODE
59 |
60 | /************************************************************************
61 | KernelMode
62 | ************************************************************************/
63 |
64 | template <>
65 | class SectionProtector : public SectionProtectorBase
66 | {
67 | public:
68 | KIRQL Irql, Irqlx;
69 | PKSPIN_LOCK SpinLock;
70 |
71 | PROTECT_SECTION_INLINE SectionProtector(PKSPIN_LOCK SpinLock)
72 | {
73 | Irqlx = KeGetCurrentIrql();
74 | if (Irqlx > DISPATCH_LEVEL)
75 | return;
76 |
77 | KeAcquireSpinLock(SpinLock, &Irql);
78 | this->SpinLock = SpinLock;
79 | }
80 |
81 | PROTECT_SECTION_INLINE ~SectionProtector()
82 | {
83 | if (Irqlx > DISPATCH_LEVEL)
84 | return;
85 |
86 | KeReleaseSpinLock(SpinLock, Irql);
87 | }
88 | };
89 |
90 | template <>
91 | class SectionProtector : public SectionProtectorBase
92 | {
93 | public:
94 | KIRQL Irql;
95 | PERESOURCE Resource;
96 |
97 | PROTECT_SECTION_INLINE SectionProtector(PERESOURCE Resource, BOOL Shared = SectionProtectorTypes::SharedLock, BOOL Wait = TRUE)
98 | {
99 | Irql = KeGetCurrentIrql();
100 | if (Irql > APC_LEVEL)
101 | return;
102 |
103 | KeEnterCriticalRegion();
104 | (Shared == SectionProtectorTypes::SharedLock) ? ExAcquireResourceSharedLite(Resource, Wait) : ExAcquireResourceExclusiveLite(Resource, Wait);
105 | this->Resource = Resource;
106 | }
107 |
108 | PROTECT_SECTION_INLINE ~SectionProtector()
109 | {
110 | if (Irql > APC_LEVEL)
111 | return;
112 |
113 | ExReleaseResourceLite(Resource);
114 | KeLeaveCriticalRegion();
115 | }
116 | };
117 |
118 | #else // r3
119 |
120 | template<>
121 | class SectionProtector : public SectionProtectorBase
122 | {
123 | public:
124 | PRTL_CRITICAL_SECTION CriticalSection;
125 |
126 | SectionProtector(PRTL_CRITICAL_SECTION CriticalSection)
127 | {
128 | this->CriticalSection = CriticalSection;
129 | RtlEnterCriticalSection(CriticalSection);
130 | }
131 |
132 | ~SectionProtector()
133 | {
134 | RtlLeaveCriticalSection(this->CriticalSection);
135 | }
136 | };
137 |
138 | template <>
139 | class SectionProtector : public SectionProtectorBase
140 | {
141 | public:
142 | PRTL_RESOURCE Resource;
143 |
144 | PROTECT_SECTION_INLINE SectionProtector(PRTL_RESOURCE Resource, BOOL Shared = TRUE, BOOL Wait = TRUE)
145 | {
146 | Shared ? RtlAcquireResourceShared(Resource, Wait) : RtlAcquireResourceExclusive(Resource, Wait);
147 | this->Resource = Resource;
148 | }
149 |
150 | PROTECT_SECTION_INLINE ~SectionProtector()
151 | {
152 | RtlReleaseResource(Resource);
153 | }
154 | };
155 |
156 | template<>
157 | class SectionProtector : public SectionProtectorBase
158 | {
159 | public:
160 | HANDLE m_Event;
161 |
162 | SectionProtector(HANDLE Event, ULONG_PTR Timeout = INFINITE, BOOL Altertable = FALSE)
163 | {
164 | LARGE_INTEGER TimeOut;
165 |
166 | m_Event = Event;
167 |
168 | FormatTimeOut(&TimeOut, Timeout);
169 | NtWaitForSingleObject(Event, Altertable, &TimeOut);
170 | }
171 |
172 | ~SectionProtector()
173 | {
174 | NtSetEvent(m_Event, NULL);
175 | }
176 | };
177 |
178 | #endif // rx
179 |
180 | #endif // _SECTIONPROTECTOR_H_00185e71_a85a_4b7a_bc62_08ac6375404c_
181 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntpfapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | // begin_private
3 |
4 | // Prefetch
5 |
6 | typedef enum _PF_BOOT_PHASE_ID
7 | {
8 | PfKernelInitPhase = 0,
9 | PfBootDriverInitPhase = 90,
10 | PfSystemDriverInitPhase = 120,
11 | PfSessionManagerInitPhase = 150,
12 | PfSMRegistryInitPhase = 180,
13 | PfVideoInitPhase = 210,
14 | PfPostVideoInitPhase = 240,
15 | PfBootAcceptedRegistryInitPhase = 270,
16 | PfUserShellReadyPhase = 300,
17 | PfMaxBootPhaseId = 900
18 | } PF_BOOT_PHASE_ID;
19 |
20 | typedef enum _PF_ENABLE_STATUS
21 | {
22 | PfSvNotSpecified,
23 | PfSvEnabled,
24 | PfSvDisabled,
25 | PfSvMaxEnableStatus
26 | } PF_ENABLE_STATUS;
27 |
28 | typedef struct _PF_TRACE_LIMITS
29 | {
30 | ULONG MaxNumPages;
31 | ULONG MaxNumSections;
32 | LONGLONG TimerPeriod;
33 | } PF_TRACE_LIMITS, *PPF_TRACE_LIMITS;
34 |
35 | typedef struct _PF_SYSTEM_PREFETCH_PARAMETERS
36 | {
37 | PF_ENABLE_STATUS EnableStatus[2];
38 | PF_TRACE_LIMITS TraceLimits[2];
39 | ULONG MaxNumActiveTraces;
40 | ULONG MaxNumSavedTraces;
41 | WCHAR RootDirPath[32];
42 | WCHAR HostingApplicationList[128];
43 | } PF_SYSTEM_PREFETCH_PARAMETERS, *PPF_SYSTEM_PREFETCH_PARAMETERS;
44 |
45 | #define PF_BOOT_CONTROL_VERSION 1
46 |
47 | typedef struct _PF_BOOT_CONTROL
48 | {
49 | ULONG Version;
50 | ULONG DisableBootPrefetching;
51 | } PF_BOOT_CONTROL, *PPF_BOOT_CONTROL;
52 |
53 | typedef enum _PREFETCHER_INFORMATION_CLASS
54 | {
55 | PrefetcherRetrieveTrace = 1, // q: CHAR[]
56 | PrefetcherSystemParameters, // q: PF_SYSTEM_PREFETCH_PARAMETERS
57 | PrefetcherBootPhase, // s: PF_BOOT_PHASE_ID
58 | PrefetcherRetrieveBootLoaderTrace, // q: CHAR[]
59 | PrefetcherBootControl // s: PF_BOOT_CONTROL
60 | } PREFETCHER_INFORMATION_CLASS;
61 |
62 | #define PREFETCHER_INFORMATION_VERSION 23 // rev
63 | #define PREFETCHER_INFORMATION_MAGIC ('kuhC') // rev
64 |
65 | typedef struct _PREFETCHER_INFORMATION
66 | {
67 | ULONG Version;
68 | ULONG Magic;
69 | PREFETCHER_INFORMATION_CLASS PrefetcherInformationClass;
70 | PVOID PrefetcherInformation;
71 | ULONG PrefetcherInformationLength;
72 | } PREFETCHER_INFORMATION, *PPREFETCHER_INFORMATION;
73 |
74 | // Superfetch
75 |
76 | typedef struct _PF_SYSTEM_SUPERFETCH_PARAMETERS
77 | {
78 | ULONG EnabledComponents;
79 | ULONG BootID;
80 | ULONG SavedSectInfoTracesMax;
81 | ULONG SavedPageAccessTracesMax;
82 | ULONG ScenarioPrefetchTimeoutStandby;
83 | ULONG ScenarioPrefetchTimeoutHibernate;
84 | } PF_SYSTEM_SUPERFETCH_PARAMETERS, *PPF_SYSTEM_SUPERFETCH_PARAMETERS;
85 |
86 | #define PF_PFN_PRIO_REQUEST_VERSION 1
87 | #define PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST 0x1
88 | #define PF_PFN_PRIO_REQUEST_VALID_FLAGS 0x1
89 |
90 | typedef struct _PF_PFN_PRIO_REQUEST
91 | {
92 | ULONG Version;
93 | ULONG RequestFlags;
94 | ULONG_PTR PfnCount;
95 | SYSTEM_MEMORY_LIST_INFORMATION MemInfo;
96 | MMPFN_IDENTITY PageData[256];
97 | } PF_PFN_PRIO_REQUEST, *PPF_PFN_PRIO_REQUEST;
98 |
99 | typedef enum _PFS_PRIVATE_PAGE_SOURCE_TYPE
100 | {
101 | PfsPrivateSourceKernel,
102 | PfsPrivateSourceSession,
103 | PfsPrivateSourceProcess,
104 | PfsPrivateSourceMax
105 | } PFS_PRIVATE_PAGE_SOURCE_TYPE;
106 |
107 | typedef struct _PFS_PRIVATE_PAGE_SOURCE
108 | {
109 | PFS_PRIVATE_PAGE_SOURCE_TYPE Type;
110 | union
111 | {
112 | ULONG SessionId;
113 | ULONG ProcessId;
114 | };
115 | ULONG ImagePathHash;
116 | ULONG_PTR UniqueProcessHash;
117 | } PFS_PRIVATE_PAGE_SOURCE, *PPFS_PRIVATE_PAGE_SOURCE;
118 |
119 | typedef struct _PF_PRIVSOURCE_INFO
120 | {
121 | PFS_PRIVATE_PAGE_SOURCE DbInfo;
122 | PVOID EProcess;
123 | SIZE_T WsPrivatePages;
124 | SIZE_T TotalPrivatePages;
125 | ULONG SessionID;
126 | CHAR ImageName[16];
127 | union {
128 | ULONG_PTR WsSwapPages; // process only PF_PRIVSOURCE_QUERY_WS_SWAP_PAGES.
129 | ULONG_PTR SessionPagedPoolPages; // session only.
130 | ULONG_PTR StoreSizePages; // process only PF_PRIVSOURCE_QUERY_STORE_INFO.
131 | };
132 | ULONG_PTR WsTotalPages; // process/session only.
133 | ULONG DeepFreezeTimeMs; // process only.
134 | ULONG ModernApp : 1; // process only.
135 | ULONG DeepFrozen : 1; // process only. If set, DeepFreezeTimeMs contains the time at which the freeze occurred
136 | ULONG Foreground : 1; // process only.
137 | ULONG PerProcessStore : 1; // process only.
138 | ULONG Spare : 28;
139 | } PF_PRIVSOURCE_INFO, *PPF_PRIVSOURCE_INFO;
140 |
141 | #define PF_PRIVSOURCE_QUERY_REQUEST_VERSION 3
142 |
143 | typedef struct _PF_PRIVSOURCE_QUERY_REQUEST
144 | {
145 | ULONG Version;
146 | ULONG Flags;
147 | ULONG InfoCount;
148 | PF_PRIVSOURCE_INFO InfoArray[1];
149 | } PF_PRIVSOURCE_QUERY_REQUEST, *PPF_PRIVSOURCE_QUERY_REQUEST;
150 |
151 | typedef enum _PF_PHASED_SCENARIO_TYPE
152 | {
153 | PfScenarioTypeNone,
154 | PfScenarioTypeStandby,
155 | PfScenarioTypeHibernate,
156 | PfScenarioTypeFUS,
157 | PfScenarioTypeMax
158 | } PF_PHASED_SCENARIO_TYPE;
159 |
160 | #define PF_SCENARIO_PHASE_INFO_VERSION 4
161 |
162 | typedef struct _PF_SCENARIO_PHASE_INFO
163 | {
164 | ULONG Version;
165 | PF_PHASED_SCENARIO_TYPE ScenType;
166 | ULONG PhaseId;
167 | ULONG SequenceNumber;
168 | ULONG Flags;
169 | ULONG FUSUserId;
170 | } PF_SCENARIO_PHASE_INFO, *PPF_SCENARIO_PHASE_INFO;
171 |
172 | typedef struct _PF_MEMORY_LIST_NODE
173 | {
174 | ULONGLONG Node : 8;
175 | ULONGLONG Spare : 56;
176 | ULONGLONG StandbyLowPageCount;
177 | ULONGLONG StandbyMediumPageCount;
178 | ULONGLONG StandbyHighPageCount;
179 | ULONGLONG FreePageCount;
180 | ULONGLONG ModifiedPageCount;
181 | } PF_MEMORY_LIST_NODE, *PPF_MEMORY_LIST_NODE;
182 |
183 | #define PF_MEMORY_LIST_INFO_VERSION 1
184 |
185 | typedef struct _PF_MEMORY_LIST_INFO
186 | {
187 | ULONG Version;
188 | ULONG Size;
189 | ULONG NodeCount;
190 | PF_MEMORY_LIST_NODE Nodes[1];
191 | } PF_MEMORY_LIST_INFO, *PPF_MEMORY_LIST_INFO;
192 |
193 | typedef struct _PF_PHYSICAL_MEMORY_RANGE
194 | {
195 | ULONG_PTR BasePfn;
196 | ULONG_PTR PageCount;
197 | } PF_PHYSICAL_MEMORY_RANGE, *PPF_PHYSICAL_MEMORY_RANGE;
198 |
199 | #define PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION 1
200 |
201 | typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO
202 | {
203 | ULONG Version;
204 | ULONG RangeCount;
205 | PF_PHYSICAL_MEMORY_RANGE Ranges[1];
206 | } PF_PHYSICAL_MEMORY_RANGE_INFO, *PPF_PHYSICAL_MEMORY_RANGE_INFO;
207 |
208 | // begin_rev
209 |
210 | #define PF_REPURPOSED_BY_PREFETCH_INFO_VERSION 1
211 |
212 | typedef struct _PF_REPURPOSED_BY_PREFETCH_INFO
213 | {
214 | ULONG Version;
215 | ULONG RepurposedByPrefetch;
216 | } PF_REPURPOSED_BY_PREFETCH_INFO, *PPF_REPURPOSED_BY_PREFETCH_INFO;
217 |
218 | // end_rev
219 |
220 | typedef enum _SUPERFETCH_INFORMATION_CLASS
221 | {
222 | SuperfetchRetrieveTrace = 1, // q: CHAR[]
223 | SuperfetchSystemParameters, // q: PF_SYSTEM_SUPERFETCH_PARAMETERS
224 | SuperfetchLogEvent,
225 | SuperfetchGenerateTrace,
226 | SuperfetchPrefetch,
227 | SuperfetchPfnQuery, // q: PF_PFN_PRIO_REQUEST
228 | SuperfetchPfnSetPriority,
229 | SuperfetchPrivSourceQuery, // q: PF_PRIVSOURCE_QUERY_REQUEST
230 | SuperfetchSequenceNumberQuery, // q: ULONG
231 | SuperfetchScenarioPhase, // 10
232 | SuperfetchWorkerPriority,
233 | SuperfetchScenarioQuery, // q: PF_SCENARIO_PHASE_INFO
234 | SuperfetchScenarioPrefetch,
235 | SuperfetchRobustnessControl,
236 | SuperfetchTimeControl,
237 | SuperfetchMemoryListQuery, // q: PF_MEMORY_LIST_INFO
238 | SuperfetchMemoryRangesQuery, // q: PF_PHYSICAL_MEMORY_RANGE_INFO
239 | SuperfetchTracingControl,
240 | SuperfetchTrimWhileAgingControl,
241 | SuperfetchRepurposedByPrefetch, // q: PF_REPURPOSED_BY_PREFETCH_INFO // rev
242 | SuperfetchInformationMax
243 | } SUPERFETCH_INFORMATION_CLASS;
244 |
245 | #define SUPERFETCH_INFORMATION_VERSION 45 // rev
246 | #define SUPERFETCH_INFORMATION_MAGIC ('kuhC') // rev
247 |
248 | typedef struct _SUPERFETCH_INFORMATION
249 | {
250 | _In_ ULONG Version;
251 | _In_ ULONG Magic;
252 | _In_ SUPERFETCH_INFORMATION_CLASS InfoClass;
253 | _Inout_ PVOID Data;
254 | _Inout_ ULONG Length;
255 | } SUPERFETCH_INFORMATION, *PSUPERFETCH_INFORMATION;
256 |
257 | // end_private
258 |
259 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntpfapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 | // begin_private
3 |
4 | // Prefetch
5 |
6 | typedef enum _PF_BOOT_PHASE_ID
7 | {
8 | PfKernelInitPhase = 0,
9 | PfBootDriverInitPhase = 90,
10 | PfSystemDriverInitPhase = 120,
11 | PfSessionManagerInitPhase = 150,
12 | PfSMRegistryInitPhase = 180,
13 | PfVideoInitPhase = 210,
14 | PfPostVideoInitPhase = 240,
15 | PfBootAcceptedRegistryInitPhase = 270,
16 | PfUserShellReadyPhase = 300,
17 | PfMaxBootPhaseId = 900
18 | } PF_BOOT_PHASE_ID;
19 |
20 | typedef enum _PF_ENABLE_STATUS
21 | {
22 | PfSvNotSpecified,
23 | PfSvEnabled,
24 | PfSvDisabled,
25 | PfSvMaxEnableStatus
26 | } PF_ENABLE_STATUS;
27 |
28 | typedef struct _PF_TRACE_LIMITS
29 | {
30 | ULONG MaxNumPages;
31 | ULONG MaxNumSections;
32 | LONGLONG TimerPeriod;
33 | } PF_TRACE_LIMITS, *PPF_TRACE_LIMITS;
34 |
35 | typedef struct _PF_SYSTEM_PREFETCH_PARAMETERS
36 | {
37 | PF_ENABLE_STATUS EnableStatus[2];
38 | PF_TRACE_LIMITS TraceLimits[2];
39 | ULONG MaxNumActiveTraces;
40 | ULONG MaxNumSavedTraces;
41 | WCHAR RootDirPath[32];
42 | WCHAR HostingApplicationList[128];
43 | } PF_SYSTEM_PREFETCH_PARAMETERS, *PPF_SYSTEM_PREFETCH_PARAMETERS;
44 |
45 | #define PF_BOOT_CONTROL_VERSION 1
46 |
47 | typedef struct _PF_BOOT_CONTROL
48 | {
49 | ULONG Version;
50 | ULONG DisableBootPrefetching;
51 | } PF_BOOT_CONTROL, *PPF_BOOT_CONTROL;
52 |
53 | typedef enum _PREFETCHER_INFORMATION_CLASS
54 | {
55 | PrefetcherRetrieveTrace = 1, // q: CHAR[]
56 | PrefetcherSystemParameters, // q: PF_SYSTEM_PREFETCH_PARAMETERS
57 | PrefetcherBootPhase, // s: PF_BOOT_PHASE_ID
58 | PrefetcherRetrieveBootLoaderTrace, // q: CHAR[]
59 | PrefetcherBootControl // s: PF_BOOT_CONTROL
60 | } PREFETCHER_INFORMATION_CLASS;
61 |
62 | #define PREFETCHER_INFORMATION_VERSION 23 // rev
63 | #define PREFETCHER_INFORMATION_MAGIC ('kuhC') // rev
64 |
65 | typedef struct _PREFETCHER_INFORMATION
66 | {
67 | ULONG Version;
68 | ULONG Magic;
69 | PREFETCHER_INFORMATION_CLASS PrefetcherInformationClass;
70 | PVOID PrefetcherInformation;
71 | ULONG PrefetcherInformationLength;
72 | } PREFETCHER_INFORMATION, *PPREFETCHER_INFORMATION;
73 |
74 | // Superfetch
75 |
76 | typedef struct _PF_SYSTEM_SUPERFETCH_PARAMETERS
77 | {
78 | ULONG EnabledComponents;
79 | ULONG BootID;
80 | ULONG SavedSectInfoTracesMax;
81 | ULONG SavedPageAccessTracesMax;
82 | ULONG ScenarioPrefetchTimeoutStandby;
83 | ULONG ScenarioPrefetchTimeoutHibernate;
84 | } PF_SYSTEM_SUPERFETCH_PARAMETERS, *PPF_SYSTEM_SUPERFETCH_PARAMETERS;
85 |
86 | #define PF_PFN_PRIO_REQUEST_VERSION 1
87 | #define PF_PFN_PRIO_REQUEST_QUERY_MEMORY_LIST 0x1
88 | #define PF_PFN_PRIO_REQUEST_VALID_FLAGS 0x1
89 |
90 | typedef struct _PF_PFN_PRIO_REQUEST
91 | {
92 | ULONG Version;
93 | ULONG RequestFlags;
94 | ULONG_PTR PfnCount;
95 | SYSTEM_MEMORY_LIST_INFORMATION MemInfo;
96 | MMPFN_IDENTITY PageData[256];
97 | } PF_PFN_PRIO_REQUEST, *PPF_PFN_PRIO_REQUEST;
98 |
99 | typedef enum _PFS_PRIVATE_PAGE_SOURCE_TYPE
100 | {
101 | PfsPrivateSourceKernel,
102 | PfsPrivateSourceSession,
103 | PfsPrivateSourceProcess,
104 | PfsPrivateSourceMax
105 | } PFS_PRIVATE_PAGE_SOURCE_TYPE;
106 |
107 | typedef struct _PFS_PRIVATE_PAGE_SOURCE
108 | {
109 | PFS_PRIVATE_PAGE_SOURCE_TYPE Type;
110 | union
111 | {
112 | ULONG SessionId;
113 | ULONG ProcessId;
114 | };
115 | ULONG ImagePathHash;
116 | ULONG_PTR UniqueProcessHash;
117 | } PFS_PRIVATE_PAGE_SOURCE, *PPFS_PRIVATE_PAGE_SOURCE;
118 |
119 | typedef struct _PF_PRIVSOURCE_INFO
120 | {
121 | PFS_PRIVATE_PAGE_SOURCE DbInfo;
122 | PVOID EProcess;
123 | SIZE_T WsPrivatePages;
124 | SIZE_T TotalPrivatePages;
125 | ULONG SessionID;
126 | CHAR ImageName[16];
127 | union {
128 | ULONG_PTR WsSwapPages; // process only PF_PRIVSOURCE_QUERY_WS_SWAP_PAGES.
129 | ULONG_PTR SessionPagedPoolPages; // session only.
130 | ULONG_PTR StoreSizePages; // process only PF_PRIVSOURCE_QUERY_STORE_INFO.
131 | };
132 | ULONG_PTR WsTotalPages; // process/session only.
133 | ULONG DeepFreezeTimeMs; // process only.
134 | ULONG ModernApp : 1; // process only.
135 | ULONG DeepFrozen : 1; // process only. If set, DeepFreezeTimeMs contains the time at which the freeze occurred
136 | ULONG Foreground : 1; // process only.
137 | ULONG PerProcessStore : 1; // process only.
138 | ULONG Spare : 28;
139 | } PF_PRIVSOURCE_INFO, *PPF_PRIVSOURCE_INFO;
140 |
141 | #define PF_PRIVSOURCE_QUERY_REQUEST_VERSION 3
142 |
143 | typedef struct _PF_PRIVSOURCE_QUERY_REQUEST
144 | {
145 | ULONG Version;
146 | ULONG Flags;
147 | ULONG InfoCount;
148 | PF_PRIVSOURCE_INFO InfoArray[1];
149 | } PF_PRIVSOURCE_QUERY_REQUEST, *PPF_PRIVSOURCE_QUERY_REQUEST;
150 |
151 | typedef enum _PF_PHASED_SCENARIO_TYPE
152 | {
153 | PfScenarioTypeNone,
154 | PfScenarioTypeStandby,
155 | PfScenarioTypeHibernate,
156 | PfScenarioTypeFUS,
157 | PfScenarioTypeMax
158 | } PF_PHASED_SCENARIO_TYPE;
159 |
160 | #define PF_SCENARIO_PHASE_INFO_VERSION 4
161 |
162 | typedef struct _PF_SCENARIO_PHASE_INFO
163 | {
164 | ULONG Version;
165 | PF_PHASED_SCENARIO_TYPE ScenType;
166 | ULONG PhaseId;
167 | ULONG SequenceNumber;
168 | ULONG Flags;
169 | ULONG FUSUserId;
170 | } PF_SCENARIO_PHASE_INFO, *PPF_SCENARIO_PHASE_INFO;
171 |
172 | typedef struct _PF_MEMORY_LIST_NODE
173 | {
174 | ULONGLONG Node : 8;
175 | ULONGLONG Spare : 56;
176 | ULONGLONG StandbyLowPageCount;
177 | ULONGLONG StandbyMediumPageCount;
178 | ULONGLONG StandbyHighPageCount;
179 | ULONGLONG FreePageCount;
180 | ULONGLONG ModifiedPageCount;
181 | } PF_MEMORY_LIST_NODE, *PPF_MEMORY_LIST_NODE;
182 |
183 | #define PF_MEMORY_LIST_INFO_VERSION 1
184 |
185 | typedef struct _PF_MEMORY_LIST_INFO
186 | {
187 | ULONG Version;
188 | ULONG Size;
189 | ULONG NodeCount;
190 | PF_MEMORY_LIST_NODE Nodes[1];
191 | } PF_MEMORY_LIST_INFO, *PPF_MEMORY_LIST_INFO;
192 |
193 | typedef struct _PF_PHYSICAL_MEMORY_RANGE
194 | {
195 | ULONG_PTR BasePfn;
196 | ULONG_PTR PageCount;
197 | } PF_PHYSICAL_MEMORY_RANGE, *PPF_PHYSICAL_MEMORY_RANGE;
198 |
199 | #define PF_PHYSICAL_MEMORY_RANGE_INFO_VERSION 1
200 |
201 | typedef struct _PF_PHYSICAL_MEMORY_RANGE_INFO
202 | {
203 | ULONG Version;
204 | ULONG RangeCount;
205 | PF_PHYSICAL_MEMORY_RANGE Ranges[1];
206 | } PF_PHYSICAL_MEMORY_RANGE_INFO, *PPF_PHYSICAL_MEMORY_RANGE_INFO;
207 |
208 | // begin_rev
209 |
210 | #define PF_REPURPOSED_BY_PREFETCH_INFO_VERSION 1
211 |
212 | typedef struct _PF_REPURPOSED_BY_PREFETCH_INFO
213 | {
214 | ULONG Version;
215 | ULONG RepurposedByPrefetch;
216 | } PF_REPURPOSED_BY_PREFETCH_INFO, *PPF_REPURPOSED_BY_PREFETCH_INFO;
217 |
218 | // end_rev
219 |
220 | typedef enum _SUPERFETCH_INFORMATION_CLASS
221 | {
222 | SuperfetchRetrieveTrace = 1, // q: CHAR[]
223 | SuperfetchSystemParameters, // q: PF_SYSTEM_SUPERFETCH_PARAMETERS
224 | SuperfetchLogEvent,
225 | SuperfetchGenerateTrace,
226 | SuperfetchPrefetch,
227 | SuperfetchPfnQuery, // q: PF_PFN_PRIO_REQUEST
228 | SuperfetchPfnSetPriority,
229 | SuperfetchPrivSourceQuery, // q: PF_PRIVSOURCE_QUERY_REQUEST
230 | SuperfetchSequenceNumberQuery, // q: ULONG
231 | SuperfetchScenarioPhase, // 10
232 | SuperfetchWorkerPriority,
233 | SuperfetchScenarioQuery, // q: PF_SCENARIO_PHASE_INFO
234 | SuperfetchScenarioPrefetch,
235 | SuperfetchRobustnessControl,
236 | SuperfetchTimeControl,
237 | SuperfetchMemoryListQuery, // q: PF_MEMORY_LIST_INFO
238 | SuperfetchMemoryRangesQuery, // q: PF_PHYSICAL_MEMORY_RANGE_INFO
239 | SuperfetchTracingControl,
240 | SuperfetchTrimWhileAgingControl,
241 | SuperfetchRepurposedByPrefetch, // q: PF_REPURPOSED_BY_PREFETCH_INFO // rev
242 | SuperfetchInformationMax
243 | } SUPERFETCH_INFORMATION_CLASS;
244 |
245 | #define SUPERFETCH_INFORMATION_VERSION 45 // rev
246 | #define SUPERFETCH_INFORMATION_MAGIC ('kuhC') // rev
247 |
248 | typedef struct _SUPERFETCH_INFORMATION
249 | {
250 | _In_ ULONG Version;
251 | _In_ ULONG Magic;
252 | _In_ SUPERFETCH_INFORMATION_CLASS InfoClass;
253 | _Inout_ PVOID Data;
254 | _Inout_ ULONG Length;
255 | } SUPERFETCH_INFORMATION, *PSUPERFETCH_INFORMATION;
256 |
257 | // end_private
258 |
259 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntdbg.h:
--------------------------------------------------------------------------------
1 | // Debugging
2 |
3 | #pragma once
4 |
5 | NTSYSAPI
6 | VOID
7 | NTAPI
8 | DbgUserBreakPoint(
9 | VOID
10 | );
11 |
12 | NTSYSAPI
13 | VOID
14 | NTAPI
15 | DbgBreakPoint(
16 | VOID
17 | );
18 |
19 | NTSYSAPI
20 | VOID
21 | NTAPI
22 | DbgBreakPointWithStatus(
23 | _In_ ULONG Status
24 | );
25 |
26 | #define DBG_STATUS_CONTROL_C 1
27 | #define DBG_STATUS_SYSRQ 2
28 | #define DBG_STATUS_BUGCHECK_FIRST 3
29 | #define DBG_STATUS_BUGCHECK_SECOND 4
30 | #define DBG_STATUS_FATAL 5
31 | #define DBG_STATUS_DEBUG_CONTROL 6
32 | #define DBG_STATUS_WORKER 7
33 |
34 | NTSYSAPI
35 | ULONG
36 | STDAPIVCALLTYPE
37 | DbgPrint(
38 | _In_z_ _Printf_format_string_ PSTR Format,
39 | ...
40 | );
41 |
42 | NTSYSAPI
43 | ULONG
44 | STDAPIVCALLTYPE
45 | DbgPrintEx(
46 | _In_ ULONG ComponentId,
47 | _In_ ULONG Level,
48 | _In_z_ _Printf_format_string_ PSTR Format,
49 | ...
50 | );
51 |
52 | NTSYSAPI
53 | ULONG
54 | NTAPI
55 | vDbgPrintEx(
56 | _In_ ULONG ComponentId,
57 | _In_ ULONG Level,
58 | _In_z_ PCH Format,
59 | _In_ va_list arglist
60 | );
61 |
62 | NTSYSAPI
63 | ULONG
64 | NTAPI
65 | vDbgPrintExWithPrefix(
66 | _In_z_ PCH Prefix,
67 | _In_ ULONG ComponentId,
68 | _In_ ULONG Level,
69 | _In_z_ PCH Format,
70 | _In_ va_list arglist
71 | );
72 |
73 | NTSYSAPI
74 | NTSTATUS
75 | NTAPI
76 | DbgQueryDebugFilterState(
77 | _In_ ULONG ComponentId,
78 | _In_ ULONG Level
79 | );
80 |
81 | NTSYSAPI
82 | NTSTATUS
83 | NTAPI
84 | DbgSetDebugFilterState(
85 | _In_ ULONG ComponentId,
86 | _In_ ULONG Level,
87 | _In_ BOOLEAN State
88 | );
89 |
90 | NTSYSAPI
91 | ULONG
92 | NTAPI
93 | DbgPrompt(
94 | _In_ PCH Prompt,
95 | _Out_writes_bytes_(Length) PCH Response,
96 | _In_ ULONG Length
97 | );
98 |
99 | // Definitions
100 |
101 | typedef struct _DBGKM_EXCEPTION
102 | {
103 | EXCEPTION_RECORD ExceptionRecord;
104 | ULONG FirstChance;
105 | } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
106 |
107 | typedef struct _DBGKM_CREATE_THREAD
108 | {
109 | ULONG SubSystemKey;
110 | PVOID StartAddress;
111 | } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
112 |
113 | typedef struct _DBGKM_CREATE_PROCESS
114 | {
115 | ULONG SubSystemKey;
116 | HANDLE FileHandle;
117 | PVOID BaseOfImage;
118 | ULONG DebugInfoFileOffset;
119 | ULONG DebugInfoSize;
120 | DBGKM_CREATE_THREAD InitialThread;
121 | } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
122 |
123 | typedef struct _DBGKM_EXIT_THREAD
124 | {
125 | NTSTATUS ExitStatus;
126 | } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
127 |
128 | typedef struct _DBGKM_EXIT_PROCESS
129 | {
130 | NTSTATUS ExitStatus;
131 | } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
132 |
133 | typedef struct _DBGKM_LOAD_DLL
134 | {
135 | HANDLE FileHandle;
136 | PVOID BaseOfDll;
137 | ULONG DebugInfoFileOffset;
138 | ULONG DebugInfoSize;
139 | PVOID NamePointer;
140 | } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
141 |
142 | typedef struct _DBGKM_UNLOAD_DLL
143 | {
144 | PVOID BaseAddress;
145 | } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
146 |
147 | typedef enum _DBG_STATE
148 | {
149 | DbgIdle,
150 | DbgReplyPending,
151 | DbgCreateThreadStateChange,
152 | DbgCreateProcessStateChange,
153 | DbgExitThreadStateChange,
154 | DbgExitProcessStateChange,
155 | DbgExceptionStateChange,
156 | DbgBreakpointStateChange,
157 | DbgSingleStepStateChange,
158 | DbgLoadDllStateChange,
159 | DbgUnloadDllStateChange
160 | } DBG_STATE, *PDBG_STATE;
161 |
162 | typedef struct _DBGUI_CREATE_THREAD
163 | {
164 | HANDLE HandleToThread;
165 | DBGKM_CREATE_THREAD NewThread;
166 | } DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
167 |
168 | typedef struct _DBGUI_CREATE_PROCESS
169 | {
170 | HANDLE HandleToProcess;
171 | HANDLE HandleToThread;
172 | DBGKM_CREATE_PROCESS NewProcess;
173 | } DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
174 |
175 | typedef struct _DBGUI_WAIT_STATE_CHANGE
176 | {
177 | DBG_STATE NewState;
178 | CLIENT_ID AppClientId;
179 | union
180 | {
181 | DBGKM_EXCEPTION Exception;
182 | DBGUI_CREATE_THREAD CreateThread;
183 | DBGUI_CREATE_PROCESS CreateProcessInfo;
184 | DBGKM_EXIT_THREAD ExitThread;
185 | DBGKM_EXIT_PROCESS ExitProcess;
186 | DBGKM_LOAD_DLL LoadDll;
187 | DBGKM_UNLOAD_DLL UnloadDll;
188 | } StateInfo;
189 | } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
190 |
191 | #define DEBUG_READ_EVENT 0x0001
192 | #define DEBUG_PROCESS_ASSIGN 0x0002
193 | #define DEBUG_SET_INFORMATION 0x0004
194 | #define DEBUG_QUERY_INFORMATION 0x0008
195 | #define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
196 | DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
197 | DEBUG_QUERY_INFORMATION)
198 |
199 | #define DEBUG_KILL_ON_CLOSE 0x1
200 |
201 | typedef enum _DEBUGOBJECTINFOCLASS
202 | {
203 | DebugObjectUnusedInformation,
204 | DebugObjectKillProcessOnExitInformation,
205 | MaxDebugObjectInfoClass
206 | } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
207 |
208 | // System calls
209 |
210 | NTSYSCALLAPI
211 | NTSTATUS
212 | NTAPI
213 | NtCreateDebugObject(
214 | _Out_ PHANDLE DebugObjectHandle,
215 | _In_ ACCESS_MASK DesiredAccess,
216 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
217 | _In_ ULONG Flags
218 | );
219 |
220 | NTSYSCALLAPI
221 | NTSTATUS
222 | NTAPI
223 | NtDebugActiveProcess(
224 | _In_ HANDLE ProcessHandle,
225 | _In_ HANDLE DebugObjectHandle
226 | );
227 |
228 | NTSYSCALLAPI
229 | NTSTATUS
230 | NTAPI
231 | NtDebugContinue(
232 | _In_ HANDLE DebugObjectHandle,
233 | _In_ PCLIENT_ID ClientId,
234 | _In_ NTSTATUS ContinueStatus
235 | );
236 |
237 | NTSYSCALLAPI
238 | NTSTATUS
239 | NTAPI
240 | NtRemoveProcessDebug(
241 | _In_ HANDLE ProcessHandle,
242 | _In_ HANDLE DebugObjectHandle
243 | );
244 |
245 | NTSYSCALLAPI
246 | NTSTATUS
247 | NTAPI
248 | NtSetInformationDebugObject(
249 | _In_ HANDLE DebugObjectHandle,
250 | _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
251 | _In_ PVOID DebugInformation,
252 | _In_ ULONG DebugInformationLength,
253 | _Out_opt_ PULONG ReturnLength
254 | );
255 |
256 | NTSYSCALLAPI
257 | NTSTATUS
258 | NTAPI
259 | NtWaitForDebugEvent(
260 | _In_ HANDLE DebugObjectHandle,
261 | _In_ BOOLEAN Alertable,
262 | _In_opt_ PLARGE_INTEGER Timeout,
263 | _Out_ PVOID WaitStateChange
264 | );
265 |
266 | // Debugging UI
267 |
268 | NTSYSAPI
269 | NTSTATUS
270 | NTAPI
271 | DbgUiConnectToDbg(
272 | VOID
273 | );
274 |
275 | NTSYSAPI
276 | HANDLE
277 | NTAPI
278 | DbgUiGetThreadDebugObject(
279 | VOID
280 | );
281 |
282 | NTSYSAPI
283 | VOID
284 | NTAPI
285 | DbgUiSetThreadDebugObject(
286 | _In_ HANDLE DebugObject
287 | );
288 |
289 | NTSYSAPI
290 | NTSTATUS
291 | NTAPI
292 | DbgUiWaitStateChange(
293 | _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
294 | _In_opt_ PLARGE_INTEGER Timeout
295 | );
296 |
297 | NTSYSAPI
298 | NTSTATUS
299 | NTAPI
300 | DbgUiContinue(
301 | _In_ PCLIENT_ID AppClientId,
302 | _In_ NTSTATUS ContinueStatus
303 | );
304 |
305 | NTSYSAPI
306 | NTSTATUS
307 | NTAPI
308 | DbgUiStopDebugging(
309 | _In_ HANDLE Process
310 | );
311 |
312 | NTSYSAPI
313 | NTSTATUS
314 | NTAPI
315 | DbgUiDebugActiveProcess(
316 | _In_ HANDLE Process
317 | );
318 |
319 | NTSYSAPI
320 | VOID
321 | NTAPI
322 | DbgUiRemoteBreakin(
323 | _In_ PVOID Context
324 | );
325 |
326 | NTSYSAPI
327 | NTSTATUS
328 | NTAPI
329 | DbgUiIssueRemoteBreakin(
330 | _In_ HANDLE Process
331 | );
332 |
333 | NTSYSAPI
334 | NTSTATUS
335 | NTAPI
336 | DbgUiConvertStateChangeStructure(
337 | _In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
338 | _Out_ LPDEBUG_EVENT DebugEvent
339 | );
340 |
341 | struct _EVENT_FILTER_DESCRIPTOR;
342 |
343 | typedef VOID (NTAPI *PENABLECALLBACK)(
344 | _In_ LPCGUID SourceId,
345 | _In_ ULONG IsEnabled,
346 | _In_ UCHAR Level,
347 | _In_ ULONGLONG MatchAnyKeyword,
348 | _In_ ULONGLONG MatchAllKeyword,
349 | _In_opt_ struct _EVENT_FILTER_DESCRIPTOR *FilterData,
350 | _Inout_opt_ PVOID CallbackContext
351 | );
352 |
353 | typedef ULONGLONG REGHANDLE, *PREGHANDLE;
354 |
355 | NTSYSAPI
356 | NTSTATUS
357 | NTAPI
358 | EtwEventRegister(
359 | _In_ LPCGUID ProviderId,
360 | _In_opt_ PENABLECALLBACK EnableCallback,
361 | _In_opt_ PVOID CallbackContext,
362 | _Out_ PREGHANDLE RegHandle
363 | );
364 |
365 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntdbg.h:
--------------------------------------------------------------------------------
1 | // Debugging
2 |
3 | #pragma once
4 |
5 | NTSYSAPI
6 | VOID
7 | NTAPI
8 | DbgUserBreakPoint(
9 | VOID
10 | );
11 |
12 | NTSYSAPI
13 | VOID
14 | NTAPI
15 | DbgBreakPoint(
16 | VOID
17 | );
18 |
19 | NTSYSAPI
20 | VOID
21 | NTAPI
22 | DbgBreakPointWithStatus(
23 | _In_ ULONG Status
24 | );
25 |
26 | #define DBG_STATUS_CONTROL_C 1
27 | #define DBG_STATUS_SYSRQ 2
28 | #define DBG_STATUS_BUGCHECK_FIRST 3
29 | #define DBG_STATUS_BUGCHECK_SECOND 4
30 | #define DBG_STATUS_FATAL 5
31 | #define DBG_STATUS_DEBUG_CONTROL 6
32 | #define DBG_STATUS_WORKER 7
33 |
34 | NTSYSAPI
35 | ULONG
36 | STDAPIVCALLTYPE
37 | DbgPrint(
38 | _In_z_ _Printf_format_string_ PSTR Format,
39 | ...
40 | );
41 |
42 | NTSYSAPI
43 | ULONG
44 | STDAPIVCALLTYPE
45 | DbgPrintEx(
46 | _In_ ULONG ComponentId,
47 | _In_ ULONG Level,
48 | _In_z_ _Printf_format_string_ PSTR Format,
49 | ...
50 | );
51 |
52 | NTSYSAPI
53 | ULONG
54 | NTAPI
55 | vDbgPrintEx(
56 | _In_ ULONG ComponentId,
57 | _In_ ULONG Level,
58 | _In_z_ PCH Format,
59 | _In_ va_list arglist
60 | );
61 |
62 | NTSYSAPI
63 | ULONG
64 | NTAPI
65 | vDbgPrintExWithPrefix(
66 | _In_z_ PCH Prefix,
67 | _In_ ULONG ComponentId,
68 | _In_ ULONG Level,
69 | _In_z_ PCH Format,
70 | _In_ va_list arglist
71 | );
72 |
73 | NTSYSAPI
74 | NTSTATUS
75 | NTAPI
76 | DbgQueryDebugFilterState(
77 | _In_ ULONG ComponentId,
78 | _In_ ULONG Level
79 | );
80 |
81 | NTSYSAPI
82 | NTSTATUS
83 | NTAPI
84 | DbgSetDebugFilterState(
85 | _In_ ULONG ComponentId,
86 | _In_ ULONG Level,
87 | _In_ BOOLEAN State
88 | );
89 |
90 | NTSYSAPI
91 | ULONG
92 | NTAPI
93 | DbgPrompt(
94 | _In_ PCH Prompt,
95 | _Out_writes_bytes_(Length) PCH Response,
96 | _In_ ULONG Length
97 | );
98 |
99 | // Definitions
100 |
101 | typedef struct _DBGKM_EXCEPTION
102 | {
103 | EXCEPTION_RECORD ExceptionRecord;
104 | ULONG FirstChance;
105 | } DBGKM_EXCEPTION, *PDBGKM_EXCEPTION;
106 |
107 | typedef struct _DBGKM_CREATE_THREAD
108 | {
109 | ULONG SubSystemKey;
110 | PVOID StartAddress;
111 | } DBGKM_CREATE_THREAD, *PDBGKM_CREATE_THREAD;
112 |
113 | typedef struct _DBGKM_CREATE_PROCESS
114 | {
115 | ULONG SubSystemKey;
116 | HANDLE FileHandle;
117 | PVOID BaseOfImage;
118 | ULONG DebugInfoFileOffset;
119 | ULONG DebugInfoSize;
120 | DBGKM_CREATE_THREAD InitialThread;
121 | } DBGKM_CREATE_PROCESS, *PDBGKM_CREATE_PROCESS;
122 |
123 | typedef struct _DBGKM_EXIT_THREAD
124 | {
125 | NTSTATUS ExitStatus;
126 | } DBGKM_EXIT_THREAD, *PDBGKM_EXIT_THREAD;
127 |
128 | typedef struct _DBGKM_EXIT_PROCESS
129 | {
130 | NTSTATUS ExitStatus;
131 | } DBGKM_EXIT_PROCESS, *PDBGKM_EXIT_PROCESS;
132 |
133 | typedef struct _DBGKM_LOAD_DLL
134 | {
135 | HANDLE FileHandle;
136 | PVOID BaseOfDll;
137 | ULONG DebugInfoFileOffset;
138 | ULONG DebugInfoSize;
139 | PVOID NamePointer;
140 | } DBGKM_LOAD_DLL, *PDBGKM_LOAD_DLL;
141 |
142 | typedef struct _DBGKM_UNLOAD_DLL
143 | {
144 | PVOID BaseAddress;
145 | } DBGKM_UNLOAD_DLL, *PDBGKM_UNLOAD_DLL;
146 |
147 | typedef enum _DBG_STATE
148 | {
149 | DbgIdle,
150 | DbgReplyPending,
151 | DbgCreateThreadStateChange,
152 | DbgCreateProcessStateChange,
153 | DbgExitThreadStateChange,
154 | DbgExitProcessStateChange,
155 | DbgExceptionStateChange,
156 | DbgBreakpointStateChange,
157 | DbgSingleStepStateChange,
158 | DbgLoadDllStateChange,
159 | DbgUnloadDllStateChange
160 | } DBG_STATE, *PDBG_STATE;
161 |
162 | typedef struct _DBGUI_CREATE_THREAD
163 | {
164 | HANDLE HandleToThread;
165 | DBGKM_CREATE_THREAD NewThread;
166 | } DBGUI_CREATE_THREAD, *PDBGUI_CREATE_THREAD;
167 |
168 | typedef struct _DBGUI_CREATE_PROCESS
169 | {
170 | HANDLE HandleToProcess;
171 | HANDLE HandleToThread;
172 | DBGKM_CREATE_PROCESS NewProcess;
173 | } DBGUI_CREATE_PROCESS, *PDBGUI_CREATE_PROCESS;
174 |
175 | typedef struct _DBGUI_WAIT_STATE_CHANGE
176 | {
177 | DBG_STATE NewState;
178 | CLIENT_ID AppClientId;
179 | union
180 | {
181 | DBGKM_EXCEPTION Exception;
182 | DBGUI_CREATE_THREAD CreateThread;
183 | DBGUI_CREATE_PROCESS CreateProcessInfo;
184 | DBGKM_EXIT_THREAD ExitThread;
185 | DBGKM_EXIT_PROCESS ExitProcess;
186 | DBGKM_LOAD_DLL LoadDll;
187 | DBGKM_UNLOAD_DLL UnloadDll;
188 | } StateInfo;
189 | } DBGUI_WAIT_STATE_CHANGE, *PDBGUI_WAIT_STATE_CHANGE;
190 |
191 | #define DEBUG_READ_EVENT 0x0001
192 | #define DEBUG_PROCESS_ASSIGN 0x0002
193 | #define DEBUG_SET_INFORMATION 0x0004
194 | #define DEBUG_QUERY_INFORMATION 0x0008
195 | #define DEBUG_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | SYNCHRONIZE | \
196 | DEBUG_READ_EVENT | DEBUG_PROCESS_ASSIGN | DEBUG_SET_INFORMATION | \
197 | DEBUG_QUERY_INFORMATION)
198 |
199 | #define DEBUG_KILL_ON_CLOSE 0x1
200 |
201 | typedef enum _DEBUGOBJECTINFOCLASS
202 | {
203 | DebugObjectUnusedInformation,
204 | DebugObjectKillProcessOnExitInformation,
205 | MaxDebugObjectInfoClass
206 | } DEBUGOBJECTINFOCLASS, *PDEBUGOBJECTINFOCLASS;
207 |
208 | // System calls
209 |
210 | NTSYSCALLAPI
211 | NTSTATUS
212 | NTAPI
213 | NtCreateDebugObject(
214 | _Out_ PHANDLE DebugObjectHandle,
215 | _In_ ACCESS_MASK DesiredAccess,
216 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
217 | _In_ ULONG Flags
218 | );
219 |
220 | NTSYSCALLAPI
221 | NTSTATUS
222 | NTAPI
223 | NtDebugActiveProcess(
224 | _In_ HANDLE ProcessHandle,
225 | _In_ HANDLE DebugObjectHandle
226 | );
227 |
228 | NTSYSCALLAPI
229 | NTSTATUS
230 | NTAPI
231 | NtDebugContinue(
232 | _In_ HANDLE DebugObjectHandle,
233 | _In_ PCLIENT_ID ClientId,
234 | _In_ NTSTATUS ContinueStatus
235 | );
236 |
237 | NTSYSCALLAPI
238 | NTSTATUS
239 | NTAPI
240 | NtRemoveProcessDebug(
241 | _In_ HANDLE ProcessHandle,
242 | _In_ HANDLE DebugObjectHandle
243 | );
244 |
245 | NTSYSCALLAPI
246 | NTSTATUS
247 | NTAPI
248 | NtSetInformationDebugObject(
249 | _In_ HANDLE DebugObjectHandle,
250 | _In_ DEBUGOBJECTINFOCLASS DebugObjectInformationClass,
251 | _In_ PVOID DebugInformation,
252 | _In_ ULONG DebugInformationLength,
253 | _Out_opt_ PULONG ReturnLength
254 | );
255 |
256 | NTSYSCALLAPI
257 | NTSTATUS
258 | NTAPI
259 | NtWaitForDebugEvent(
260 | _In_ HANDLE DebugObjectHandle,
261 | _In_ BOOLEAN Alertable,
262 | _In_opt_ PLARGE_INTEGER Timeout,
263 | _Out_ PVOID WaitStateChange
264 | );
265 |
266 | // Debugging UI
267 |
268 | NTSYSAPI
269 | NTSTATUS
270 | NTAPI
271 | DbgUiConnectToDbg(
272 | VOID
273 | );
274 |
275 | NTSYSAPI
276 | HANDLE
277 | NTAPI
278 | DbgUiGetThreadDebugObject(
279 | VOID
280 | );
281 |
282 | NTSYSAPI
283 | VOID
284 | NTAPI
285 | DbgUiSetThreadDebugObject(
286 | _In_ HANDLE DebugObject
287 | );
288 |
289 | NTSYSAPI
290 | NTSTATUS
291 | NTAPI
292 | DbgUiWaitStateChange(
293 | _Out_ PDBGUI_WAIT_STATE_CHANGE StateChange,
294 | _In_opt_ PLARGE_INTEGER Timeout
295 | );
296 |
297 | NTSYSAPI
298 | NTSTATUS
299 | NTAPI
300 | DbgUiContinue(
301 | _In_ PCLIENT_ID AppClientId,
302 | _In_ NTSTATUS ContinueStatus
303 | );
304 |
305 | NTSYSAPI
306 | NTSTATUS
307 | NTAPI
308 | DbgUiStopDebugging(
309 | _In_ HANDLE Process
310 | );
311 |
312 | NTSYSAPI
313 | NTSTATUS
314 | NTAPI
315 | DbgUiDebugActiveProcess(
316 | _In_ HANDLE Process
317 | );
318 |
319 | NTSYSAPI
320 | VOID
321 | NTAPI
322 | DbgUiRemoteBreakin(
323 | _In_ PVOID Context
324 | );
325 |
326 | NTSYSAPI
327 | NTSTATUS
328 | NTAPI
329 | DbgUiIssueRemoteBreakin(
330 | _In_ HANDLE Process
331 | );
332 |
333 | NTSYSAPI
334 | NTSTATUS
335 | NTAPI
336 | DbgUiConvertStateChangeStructure(
337 | _In_ PDBGUI_WAIT_STATE_CHANGE StateChange,
338 | _Out_ LPDEBUG_EVENT DebugEvent
339 | );
340 |
341 | struct _EVENT_FILTER_DESCRIPTOR;
342 |
343 | typedef VOID (NTAPI *PENABLECALLBACK)(
344 | _In_ LPCGUID SourceId,
345 | _In_ ULONG IsEnabled,
346 | _In_ UCHAR Level,
347 | _In_ ULONGLONG MatchAnyKeyword,
348 | _In_ ULONGLONG MatchAllKeyword,
349 | _In_opt_ struct _EVENT_FILTER_DESCRIPTOR *FilterData,
350 | _Inout_opt_ PVOID CallbackContext
351 | );
352 |
353 | typedef ULONGLONG REGHANDLE, *PREGHANDLE;
354 |
355 | NTSYSAPI
356 | NTSTATUS
357 | NTAPI
358 | EtwEventRegister(
359 | _In_ LPCGUID ProviderId,
360 | _In_opt_ PENABLECALLBACK EnableCallback,
361 | _In_opt_ PVOID CallbackContext,
362 | _Out_ PREGHANDLE RegHandle
363 | );
364 |
365 |
--------------------------------------------------------------------------------
/KrkrzExtract/phnt_ntdef.h:
--------------------------------------------------------------------------------
1 | #ifndef _NTDEF_
2 | #define _NTDEF_
3 |
4 | // This header file provides basic NT types not included in Win32. If you have included winnt.h
5 | // (perhaps indirectly), you must use this file instead of ntdef.h.
6 |
7 | #ifndef NOTHING
8 | #define NOTHING
9 | #endif
10 |
11 | // Basic types
12 |
13 | typedef struct _QUAD
14 | {
15 | union
16 | {
17 | __int64 UseThisFieldToCopy;
18 | double DoNotUseThisField;
19 | };
20 | } QUAD, *PQUAD;
21 |
22 | // This isn't in NT, but it's useful.
23 | typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR
24 | {
25 | ULONG_PTR DoNotUseThisField1;
26 | ULONG_PTR DoNotUseThisField2;
27 | } QUAD_PTR, *PQUAD_PTR;
28 |
29 | typedef ULONG LOGICAL;
30 | typedef ULONG *PLOGICAL;
31 |
32 | typedef _Success_(return >= 0) LONG NTSTATUS;
33 | typedef NTSTATUS *PNTSTATUS;
34 |
35 | // Cardinal types
36 |
37 | typedef char CCHAR;
38 | typedef short CSHORT;
39 | typedef ULONG CLONG;
40 |
41 | typedef CCHAR *PCCHAR;
42 | typedef CSHORT *PCSHORT;
43 | typedef CLONG *PCLONG;
44 |
45 | typedef PCSTR PCSZ;
46 |
47 | // Specific
48 |
49 | typedef UCHAR KIRQL, *PKIRQL;
50 | typedef LONG KPRIORITY;
51 | typedef USHORT RTL_ATOM, *PRTL_ATOM;
52 |
53 | typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
54 |
55 | // NT status macros
56 |
57 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
58 | #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
59 | #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
60 | #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
61 |
62 | #define NT_FACILITY_MASK 0xfff
63 | #define NT_FACILITY_SHIFT 16
64 | #define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK)
65 |
66 | #define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32)
67 | #define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff)
68 |
69 | // Functions
70 |
71 | #ifndef _WIN64
72 | #define FASTCALL __fastcall
73 | #else
74 | #define FASTCALL
75 | #endif
76 |
77 | // Synchronization enumerations
78 |
79 | typedef enum _EVENT_TYPE
80 | {
81 | NotificationEvent,
82 | SynchronizationEvent
83 | } EVENT_TYPE;
84 |
85 | typedef enum _TIMER_TYPE
86 | {
87 | NotificationTimer,
88 | SynchronizationTimer
89 | } TIMER_TYPE;
90 |
91 | typedef enum _WAIT_TYPE
92 | {
93 | WaitAll,
94 | WaitAny,
95 | WaitNotification
96 | } WAIT_TYPE;
97 |
98 | // Strings
99 |
100 | typedef struct _STRING
101 | {
102 | USHORT Length;
103 | USHORT MaximumLength;
104 | _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer;
105 | } STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING;
106 |
107 | typedef const STRING *PCSTRING;
108 | typedef const ANSI_STRING *PCANSI_STRING;
109 | typedef const OEM_STRING *PCOEM_STRING;
110 |
111 | typedef struct _UNICODE_STRING
112 | {
113 | USHORT Length;
114 | USHORT MaximumLength;
115 | _Field_size_bytes_part_(MaximumLength, Length) PCWCH Buffer;
116 | } UNICODE_STRING, *PUNICODE_STRING;
117 |
118 | typedef const UNICODE_STRING *PCUNICODE_STRING;
119 |
120 | #define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s }
121 |
122 | typedef struct _LARGE_UNICODE_STRING
123 | {
124 | ULONG Length;
125 | ULONG MaximumLength : 31;
126 | ULONG Ansi : 1;
127 |
128 | union
129 | {
130 | PWSTR UnicodeBuffer;
131 | PSTR AnsiBuffer;
132 | ULONG64 Buffer;
133 | };
134 |
135 | } LARGE_UNICODE_STRING, *PLARGE_UNICODE_STRING;
136 |
137 | // Balanced tree node
138 |
139 | #define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3
140 |
141 | typedef struct _RTL_BALANCED_NODE
142 | {
143 | union
144 | {
145 | struct _RTL_BALANCED_NODE *Children[2];
146 | struct
147 | {
148 | struct _RTL_BALANCED_NODE *Left;
149 | struct _RTL_BALANCED_NODE *Right;
150 | };
151 | };
152 | union
153 | {
154 | UCHAR Red : 1;
155 | UCHAR Balance : 2;
156 | ULONG_PTR ParentValue;
157 | };
158 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE;
159 |
160 | #define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \
161 | ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK))
162 |
163 | // Portability
164 |
165 | typedef struct _SINGLE_LIST_ENTRY32
166 | {
167 | ULONG Next;
168 | } SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32;
169 |
170 | typedef struct _STRING32
171 | {
172 | USHORT Length;
173 | USHORT MaximumLength;
174 | ULONG Buffer;
175 | } STRING32, *PSTRING32;
176 |
177 | typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32;
178 | typedef STRING32 ANSI_STRING32, *PANSI_STRING32;
179 |
180 | typedef struct _STRING64
181 | {
182 | USHORT Length;
183 | USHORT MaximumLength;
184 | ULONGLONG Buffer;
185 | } STRING64, *PSTRING64;
186 |
187 | typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64;
188 | typedef STRING64 ANSI_STRING64, *PANSI_STRING64;
189 |
190 | // Object attributes
191 |
192 | #define OBJ_INHERIT 0x00000002
193 | #define OBJ_PERMANENT 0x00000010
194 | #define OBJ_EXCLUSIVE 0x00000020
195 | #define OBJ_CASE_INSENSITIVE 0x00000040
196 | #define OBJ_OPENIF 0x00000080
197 | #define OBJ_OPENLINK 0x00000100
198 | #define OBJ_KERNEL_HANDLE 0x00000200
199 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400
200 | #define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800
201 | #define OBJ_DONT_REPARSE 0x00001000
202 | #define OBJ_VALID_ATTRIBUTES 0x00001ff2
203 |
204 | typedef struct _OBJECT_ATTRIBUTES
205 | {
206 | ULONG Length;
207 | HANDLE RootDirectory;
208 | PUNICODE_STRING ObjectName;
209 | ULONG Attributes;
210 | PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR;
211 | PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE
212 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
213 |
214 | typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
215 |
216 | #define InitializeObjectAttributes(p, n, a, r, s) { \
217 | (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
218 | (p)->RootDirectory = r; \
219 | (p)->Attributes = a; \
220 | (p)->ObjectName = n; \
221 | (p)->SecurityDescriptor = s; \
222 | (p)->SecurityQualityOfService = NULL; \
223 | }
224 |
225 | #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL }
226 | #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
227 |
228 | #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
229 |
230 | // Portability
231 |
232 | typedef struct _OBJECT_ATTRIBUTES64
233 | {
234 | ULONG Length;
235 | ULONG64 RootDirectory;
236 | ULONG64 ObjectName;
237 | ULONG Attributes;
238 | ULONG64 SecurityDescriptor;
239 | ULONG64 SecurityQualityOfService;
240 | } OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64;
241 |
242 | typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64;
243 |
244 | typedef struct _OBJECT_ATTRIBUTES32
245 | {
246 | ULONG Length;
247 | ULONG RootDirectory;
248 | ULONG ObjectName;
249 | ULONG Attributes;
250 | ULONG SecurityDescriptor;
251 | ULONG SecurityQualityOfService;
252 | } OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32;
253 |
254 | typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32;
255 |
256 | // Product types
257 |
258 | typedef enum _NT_PRODUCT_TYPE
259 | {
260 | NtProductWinNt = 1,
261 | NtProductLanManNt,
262 | NtProductServer
263 | } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
264 |
265 | typedef enum _SUITE_TYPE
266 | {
267 | SmallBusiness,
268 | Enterprise,
269 | BackOffice,
270 | CommunicationServer,
271 | TerminalServer,
272 | SmallBusinessRestricted,
273 | EmbeddedNT,
274 | DataCenter,
275 | SingleUserTS,
276 | Personal,
277 | Blade,
278 | EmbeddedRestricted,
279 | SecurityAppliance,
280 | StorageServer,
281 | ComputeServer,
282 | WHServer,
283 | PhoneNT,
284 | MaxSuiteType
285 | } SUITE_TYPE;
286 |
287 | // Specific
288 |
289 | typedef struct _CLIENT_ID
290 | {
291 | HANDLE UniqueProcess;
292 | HANDLE UniqueThread;
293 | } CLIENT_ID, *PCLIENT_ID;
294 |
295 | typedef struct _CLIENT_ID32
296 | {
297 | ULONG UniqueProcess;
298 | ULONG UniqueThread;
299 | } CLIENT_ID32, *PCLIENT_ID32;
300 |
301 | typedef struct _CLIENT_ID64
302 | {
303 | ULONGLONG UniqueProcess;
304 | ULONGLONG UniqueThread;
305 | } CLIENT_ID64, *PCLIENT_ID64;
306 |
307 | #include
308 |
309 | typedef struct _KSYSTEM_TIME
310 | {
311 | ULONG LowPart;
312 | LONG High1Time;
313 | LONG High2Time;
314 | } KSYSTEM_TIME, *PKSYSTEM_TIME;
315 |
316 | #include
317 |
318 | #endif
319 |
320 |
--------------------------------------------------------------------------------
/KrkrzInternal/phnt_ntdef.h:
--------------------------------------------------------------------------------
1 | #ifndef _NTDEF_
2 | #define _NTDEF_
3 |
4 | // This header file provides basic NT types not included in Win32. If you have included winnt.h
5 | // (perhaps indirectly), you must use this file instead of ntdef.h.
6 |
7 | #ifndef NOTHING
8 | #define NOTHING
9 | #endif
10 |
11 | // Basic types
12 |
13 | typedef struct _QUAD
14 | {
15 | union
16 | {
17 | __int64 UseThisFieldToCopy;
18 | double DoNotUseThisField;
19 | };
20 | } QUAD, *PQUAD;
21 |
22 | // This isn't in NT, but it's useful.
23 | typedef struct DECLSPEC_ALIGN(MEMORY_ALLOCATION_ALIGNMENT) _QUAD_PTR
24 | {
25 | ULONG_PTR DoNotUseThisField1;
26 | ULONG_PTR DoNotUseThisField2;
27 | } QUAD_PTR, *PQUAD_PTR;
28 |
29 | typedef ULONG LOGICAL;
30 | typedef ULONG *PLOGICAL;
31 |
32 | typedef _Success_(return >= 0) LONG NTSTATUS;
33 | typedef NTSTATUS *PNTSTATUS;
34 |
35 | // Cardinal types
36 |
37 | typedef char CCHAR;
38 | typedef short CSHORT;
39 | typedef ULONG CLONG;
40 |
41 | typedef CCHAR *PCCHAR;
42 | typedef CSHORT *PCSHORT;
43 | typedef CLONG *PCLONG;
44 |
45 | typedef PCSTR PCSZ;
46 |
47 | // Specific
48 |
49 | typedef UCHAR KIRQL, *PKIRQL;
50 | typedef LONG KPRIORITY;
51 | typedef USHORT RTL_ATOM, *PRTL_ATOM;
52 |
53 | typedef LARGE_INTEGER PHYSICAL_ADDRESS, *PPHYSICAL_ADDRESS;
54 |
55 | // NT status macros
56 |
57 | #define NT_SUCCESS(Status) (((NTSTATUS)(Status)) >= 0)
58 | #define NT_INFORMATION(Status) ((((ULONG)(Status)) >> 30) == 1)
59 | #define NT_WARNING(Status) ((((ULONG)(Status)) >> 30) == 2)
60 | #define NT_ERROR(Status) ((((ULONG)(Status)) >> 30) == 3)
61 |
62 | #define NT_FACILITY_MASK 0xfff
63 | #define NT_FACILITY_SHIFT 16
64 | #define NT_FACILITY(Status) ((((ULONG)(Status)) >> NT_FACILITY_SHIFT) & NT_FACILITY_MASK)
65 |
66 | #define NT_NTWIN32(Status) (NT_FACILITY(Status) == FACILITY_NTWIN32)
67 | #define WIN32_FROM_NTSTATUS(Status) (((ULONG)(Status)) & 0xffff)
68 |
69 | // Functions
70 |
71 | #ifndef _WIN64
72 | #define FASTCALL __fastcall
73 | #else
74 | #define FASTCALL
75 | #endif
76 |
77 | // Synchronization enumerations
78 |
79 | typedef enum _EVENT_TYPE
80 | {
81 | NotificationEvent,
82 | SynchronizationEvent
83 | } EVENT_TYPE;
84 |
85 | typedef enum _TIMER_TYPE
86 | {
87 | NotificationTimer,
88 | SynchronizationTimer
89 | } TIMER_TYPE;
90 |
91 | typedef enum _WAIT_TYPE
92 | {
93 | WaitAll,
94 | WaitAny,
95 | WaitNotification
96 | } WAIT_TYPE;
97 |
98 | // Strings
99 |
100 | typedef struct _STRING
101 | {
102 | USHORT Length;
103 | USHORT MaximumLength;
104 | _Field_size_bytes_part_opt_(MaximumLength, Length) PCHAR Buffer;
105 | } STRING, *PSTRING, ANSI_STRING, *PANSI_STRING, OEM_STRING, *POEM_STRING;
106 |
107 | typedef const STRING *PCSTRING;
108 | typedef const ANSI_STRING *PCANSI_STRING;
109 | typedef const OEM_STRING *PCOEM_STRING;
110 |
111 | typedef struct _UNICODE_STRING
112 | {
113 | USHORT Length;
114 | USHORT MaximumLength;
115 | _Field_size_bytes_part_(MaximumLength, Length) PCWCH Buffer;
116 | } UNICODE_STRING, *PUNICODE_STRING;
117 |
118 | typedef const UNICODE_STRING *PCUNICODE_STRING;
119 |
120 | #define RTL_CONSTANT_STRING(s) { sizeof(s) - sizeof((s)[0]), sizeof(s), s }
121 |
122 | typedef struct _LARGE_UNICODE_STRING
123 | {
124 | ULONG Length;
125 | ULONG MaximumLength : 31;
126 | ULONG Ansi : 1;
127 |
128 | union
129 | {
130 | PWSTR UnicodeBuffer;
131 | PSTR AnsiBuffer;
132 | ULONG64 Buffer;
133 | };
134 |
135 | } LARGE_UNICODE_STRING, *PLARGE_UNICODE_STRING;
136 |
137 | // Balanced tree node
138 |
139 | #define RTL_BALANCED_NODE_RESERVED_PARENT_MASK 3
140 |
141 | typedef struct _RTL_BALANCED_NODE
142 | {
143 | union
144 | {
145 | struct _RTL_BALANCED_NODE *Children[2];
146 | struct
147 | {
148 | struct _RTL_BALANCED_NODE *Left;
149 | struct _RTL_BALANCED_NODE *Right;
150 | };
151 | };
152 | union
153 | {
154 | UCHAR Red : 1;
155 | UCHAR Balance : 2;
156 | ULONG_PTR ParentValue;
157 | };
158 | } RTL_BALANCED_NODE, *PRTL_BALANCED_NODE;
159 |
160 | #define RTL_BALANCED_NODE_GET_PARENT_POINTER(Node) \
161 | ((PRTL_BALANCED_NODE)((Node)->ParentValue & ~RTL_BALANCED_NODE_RESERVED_PARENT_MASK))
162 |
163 | // Portability
164 |
165 | typedef struct _SINGLE_LIST_ENTRY32
166 | {
167 | ULONG Next;
168 | } SINGLE_LIST_ENTRY32, *PSINGLE_LIST_ENTRY32;
169 |
170 | typedef struct _STRING32
171 | {
172 | USHORT Length;
173 | USHORT MaximumLength;
174 | ULONG Buffer;
175 | } STRING32, *PSTRING32;
176 |
177 | typedef STRING32 UNICODE_STRING32, *PUNICODE_STRING32;
178 | typedef STRING32 ANSI_STRING32, *PANSI_STRING32;
179 |
180 | typedef struct _STRING64
181 | {
182 | USHORT Length;
183 | USHORT MaximumLength;
184 | ULONGLONG Buffer;
185 | } STRING64, *PSTRING64;
186 |
187 | typedef STRING64 UNICODE_STRING64, *PUNICODE_STRING64;
188 | typedef STRING64 ANSI_STRING64, *PANSI_STRING64;
189 |
190 | // Object attributes
191 |
192 | #define OBJ_INHERIT 0x00000002
193 | #define OBJ_PERMANENT 0x00000010
194 | #define OBJ_EXCLUSIVE 0x00000020
195 | #define OBJ_CASE_INSENSITIVE 0x00000040
196 | #define OBJ_OPENIF 0x00000080
197 | #define OBJ_OPENLINK 0x00000100
198 | #define OBJ_KERNEL_HANDLE 0x00000200
199 | #define OBJ_FORCE_ACCESS_CHECK 0x00000400
200 | #define OBJ_IGNORE_IMPERSONATED_DEVICEMAP 0x00000800
201 | #define OBJ_DONT_REPARSE 0x00001000
202 | #define OBJ_VALID_ATTRIBUTES 0x00001ff2
203 |
204 | typedef struct _OBJECT_ATTRIBUTES
205 | {
206 | ULONG Length;
207 | HANDLE RootDirectory;
208 | PUNICODE_STRING ObjectName;
209 | ULONG Attributes;
210 | PVOID SecurityDescriptor; // PSECURITY_DESCRIPTOR;
211 | PVOID SecurityQualityOfService; // PSECURITY_QUALITY_OF_SERVICE
212 | } OBJECT_ATTRIBUTES, *POBJECT_ATTRIBUTES;
213 |
214 | typedef const OBJECT_ATTRIBUTES *PCOBJECT_ATTRIBUTES;
215 |
216 | #define InitializeObjectAttributes(p, n, a, r, s) { \
217 | (p)->Length = sizeof(OBJECT_ATTRIBUTES); \
218 | (p)->RootDirectory = r; \
219 | (p)->Attributes = a; \
220 | (p)->ObjectName = n; \
221 | (p)->SecurityDescriptor = s; \
222 | (p)->SecurityQualityOfService = NULL; \
223 | }
224 |
225 | #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) { sizeof(OBJECT_ATTRIBUTES), NULL, n, a, NULL, NULL }
226 | #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a)
227 |
228 | #define OBJ_NAME_PATH_SEPARATOR ((WCHAR)L'\\')
229 |
230 | // Portability
231 |
232 | typedef struct _OBJECT_ATTRIBUTES64
233 | {
234 | ULONG Length;
235 | ULONG64 RootDirectory;
236 | ULONG64 ObjectName;
237 | ULONG Attributes;
238 | ULONG64 SecurityDescriptor;
239 | ULONG64 SecurityQualityOfService;
240 | } OBJECT_ATTRIBUTES64, *POBJECT_ATTRIBUTES64;
241 |
242 | typedef const OBJECT_ATTRIBUTES64 *PCOBJECT_ATTRIBUTES64;
243 |
244 | typedef struct _OBJECT_ATTRIBUTES32
245 | {
246 | ULONG Length;
247 | ULONG RootDirectory;
248 | ULONG ObjectName;
249 | ULONG Attributes;
250 | ULONG SecurityDescriptor;
251 | ULONG SecurityQualityOfService;
252 | } OBJECT_ATTRIBUTES32, *POBJECT_ATTRIBUTES32;
253 |
254 | typedef const OBJECT_ATTRIBUTES32 *PCOBJECT_ATTRIBUTES32;
255 |
256 | // Product types
257 |
258 | typedef enum _NT_PRODUCT_TYPE
259 | {
260 | NtProductWinNt = 1,
261 | NtProductLanManNt,
262 | NtProductServer
263 | } NT_PRODUCT_TYPE, *PNT_PRODUCT_TYPE;
264 |
265 | typedef enum _SUITE_TYPE
266 | {
267 | SmallBusiness,
268 | Enterprise,
269 | BackOffice,
270 | CommunicationServer,
271 | TerminalServer,
272 | SmallBusinessRestricted,
273 | EmbeddedNT,
274 | DataCenter,
275 | SingleUserTS,
276 | Personal,
277 | Blade,
278 | EmbeddedRestricted,
279 | SecurityAppliance,
280 | StorageServer,
281 | ComputeServer,
282 | WHServer,
283 | PhoneNT,
284 | MaxSuiteType
285 | } SUITE_TYPE;
286 |
287 | // Specific
288 |
289 | typedef struct _CLIENT_ID
290 | {
291 | HANDLE UniqueProcess;
292 | HANDLE UniqueThread;
293 | } CLIENT_ID, *PCLIENT_ID;
294 |
295 | typedef struct _CLIENT_ID32
296 | {
297 | ULONG UniqueProcess;
298 | ULONG UniqueThread;
299 | } CLIENT_ID32, *PCLIENT_ID32;
300 |
301 | typedef struct _CLIENT_ID64
302 | {
303 | ULONGLONG UniqueProcess;
304 | ULONGLONG UniqueThread;
305 | } CLIENT_ID64, *PCLIENT_ID64;
306 |
307 | #include
308 |
309 | typedef struct _KSYSTEM_TIME
310 | {
311 | ULONG LowPart;
312 | LONG High1Time;
313 | LONG High2Time;
314 | } KSYSTEM_TIME, *PKSYSTEM_TIME;
315 |
316 | #include
317 |
318 | #endif
319 |
320 |
--------------------------------------------------------------------------------
/KrkrzExtract/KrkrzExtract.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 12.0
23 | {2073CE56-C843-4B06-8EF9-B2D612C2CABF}
24 | Win32Proj
25 | KrkrzExtract
26 | 10.0
27 |
28 |
29 |
30 | Application
31 | true
32 | v143
33 | Unicode
34 |
35 |
36 | Application
37 | false
38 | v143
39 | true
40 | Unicode
41 |
42 |
43 | Application
44 | true
45 | v143
46 | Unicode
47 |
48 |
49 | Application
50 | false
51 | v143
52 | true
53 | Unicode
54 |
55 |
56 |
57 |
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 | true
75 |
76 |
77 | true
78 |
79 |
80 | false
81 | $(ProjectDir);$(IncludePath)
82 |
83 |
84 | false
85 |
86 |
87 |
88 | Use
89 | Level3
90 | Disabled
91 | true
92 | WIN32;_DEBUG;_WINDOWS;%(PreprocessorDefinitions)
93 | true
94 |
95 |
96 | Windows
97 | true
98 |
99 |
100 |
101 |
102 | Use
103 | Level3
104 | Disabled
105 | true
106 | _DEBUG;_WINDOWS;%(PreprocessorDefinitions)
107 | true
108 |
109 |
110 | Windows
111 | true
112 |
113 |
114 |
115 |
116 | Use
117 | Level3
118 | MaxSpeed
119 | true
120 | true
121 | true
122 | WIN32;NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
123 | true
124 | MultiThreaded
125 |
126 |
127 | Windows
128 | true
129 | true
130 | true
131 |
132 |
133 |
134 |
135 | NotUsing
136 | Level3
137 | MaxSpeed
138 | true
139 | true
140 | true
141 | NDEBUG;_WINDOWS;%(PreprocessorDefinitions)
142 | true
143 | MultiThreaded
144 |
145 |
146 | Windows
147 | true
148 | true
149 | true
150 |
151 |
152 |
153 |
154 |
155 |
156 |
157 |
158 |
159 |
160 | Create
161 | Create
162 | Create
163 | Create
164 |
165 |
166 |
167 |
168 |
169 |
170 |
171 |
172 |
173 |
174 |
175 |
176 |
--------------------------------------------------------------------------------
/KrkrzExtract/nttp.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // Some types are already defined in winnt.h.
4 |
5 | typedef struct _TP_ALPC TP_ALPC, *PTP_ALPC;
6 |
7 | // private
8 | typedef VOID (NTAPI *PTP_ALPC_CALLBACK)(
9 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
10 | _Inout_opt_ PVOID Context,
11 | _In_ PTP_ALPC Alpc
12 | );
13 |
14 | // rev
15 | typedef VOID (NTAPI *PTP_ALPC_CALLBACK_EX)(
16 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
17 | _Inout_opt_ PVOID Context,
18 | _In_ PTP_ALPC Alpc,
19 | _In_ PVOID ApcContext
20 | );
21 |
22 | #if (NTDDI_VERSION >= NTDDI_VISTA)
23 |
24 | // private
25 | _Check_return_
26 | NTSYSAPI
27 | NTSTATUS
28 | NTAPI
29 | TpAllocPool(
30 | _Out_ PTP_POOL *PoolReturn,
31 | _Reserved_ PVOID Reserved
32 | );
33 |
34 | // winbase:CloseThreadpool
35 | NTSYSAPI
36 | VOID
37 | NTAPI
38 | TpReleasePool(
39 | _Inout_ PTP_POOL Pool
40 | );
41 |
42 | // winbase:SetThreadpoolThreadMaximum
43 | NTSYSAPI
44 | VOID
45 | NTAPI
46 | TpSetPoolMaxThreads(
47 | _Inout_ PTP_POOL Pool,
48 | _In_ LONG MaxThreads
49 | );
50 |
51 | // private
52 | NTSYSAPI
53 | NTSTATUS
54 | NTAPI
55 | TpSetPoolMinThreads(
56 | _Inout_ PTP_POOL Pool,
57 | _In_ LONG MinThreads
58 | );
59 |
60 | #if (NTDDI_VERSION >= NTDDI_WIN7)
61 | // rev
62 | NTSYSAPI
63 | NTSTATUS
64 | NTAPI
65 | TpQueryPoolStackInformation(
66 | _In_ PTP_POOL Pool,
67 | _Out_ PTP_POOL_STACK_INFORMATION PoolStackInformation
68 | );
69 | #endif
70 |
71 | #if (NTDDI_VERSION >= NTDDI_WIN7)
72 | // rev
73 | NTSYSAPI
74 | NTSTATUS
75 | NTAPI
76 | TpSetPoolStackInformation(
77 | _Inout_ PTP_POOL Pool,
78 | _In_ PTP_POOL_STACK_INFORMATION PoolStackInformation
79 | );
80 | #endif
81 |
82 | // private
83 | _Check_return_
84 | NTSYSAPI
85 | NTSTATUS
86 | NTAPI
87 | TpAllocCleanupGroup(
88 | _Out_ PTP_CLEANUP_GROUP *CleanupGroupReturn
89 | );
90 |
91 | // winbase:CloseThreadpoolCleanupGroup
92 | NTSYSAPI
93 | VOID
94 | NTAPI
95 | TpReleaseCleanupGroup(
96 | _Inout_ PTP_CLEANUP_GROUP CleanupGroup
97 | );
98 |
99 | // winbase:CloseThreadpoolCleanupGroupMembers
100 | NTSYSAPI
101 | VOID
102 | NTAPI
103 | TpReleaseCleanupGroupMembers(
104 | _Inout_ PTP_CLEANUP_GROUP CleanupGroup,
105 | _In_ LOGICAL CancelPendingCallbacks,
106 | _Inout_opt_ PVOID CleanupParameter
107 | );
108 |
109 | // winbase:SetEventWhenCallbackReturns
110 | NTSYSAPI
111 | VOID
112 | NTAPI
113 | TpCallbackSetEventOnCompletion(
114 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
115 | _In_ HANDLE Event
116 | );
117 |
118 | // winbase:ReleaseSemaphoreWhenCallbackReturns
119 | NTSYSAPI
120 | VOID
121 | NTAPI
122 | TpCallbackReleaseSemaphoreOnCompletion(
123 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
124 | _In_ HANDLE Semaphore,
125 | _In_ LONG ReleaseCount
126 | );
127 |
128 | // winbase:ReleaseMutexWhenCallbackReturns
129 | NTSYSAPI
130 | VOID
131 | NTAPI
132 | TpCallbackReleaseMutexOnCompletion(
133 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
134 | _In_ HANDLE Mutex
135 | );
136 |
137 | // winbase:LeaveCriticalSectionWhenCallbackReturns
138 | NTSYSAPI
139 | VOID
140 | NTAPI
141 | TpCallbackLeaveCriticalSectionOnCompletion(
142 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
143 | _Inout_ PRTL_CRITICAL_SECTION CriticalSection
144 | );
145 |
146 | // winbase:FreeLibraryWhenCallbackReturns
147 | NTSYSAPI
148 | VOID
149 | NTAPI
150 | TpCallbackUnloadDllOnCompletion(
151 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
152 | _In_ PVOID DllHandle
153 | );
154 |
155 | // winbase:CallbackMayRunLong
156 | NTSYSAPI
157 | NTSTATUS
158 | NTAPI
159 | TpCallbackMayRunLong(
160 | _Inout_ PTP_CALLBACK_INSTANCE Instance
161 | );
162 |
163 | // winbase:DisassociateCurrentThreadFromCallback
164 | NTSYSAPI
165 | VOID
166 | NTAPI
167 | TpDisassociateCallback(
168 | _Inout_ PTP_CALLBACK_INSTANCE Instance
169 | );
170 |
171 | // winbase:TrySubmitThreadpoolCallback
172 | _Check_return_
173 | NTSYSAPI
174 | NTSTATUS
175 | NTAPI
176 | TpSimpleTryPost(
177 | _In_ PTP_SIMPLE_CALLBACK Callback,
178 | _Inout_opt_ PVOID Context,
179 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
180 | );
181 |
182 | // private
183 | _Check_return_
184 | NTSYSAPI
185 | NTSTATUS
186 | NTAPI
187 | TpAllocWork(
188 | _Out_ PTP_WORK *WorkReturn,
189 | _In_ PTP_WORK_CALLBACK Callback,
190 | _Inout_opt_ PVOID Context,
191 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
192 | );
193 |
194 | // winbase:CloseThreadpoolWork
195 | NTSYSAPI
196 | VOID
197 | NTAPI
198 | TpReleaseWork(
199 | _Inout_ PTP_WORK Work
200 | );
201 |
202 | // winbase:SubmitThreadpoolWork
203 | NTSYSAPI
204 | VOID
205 | NTAPI
206 | TpPostWork(
207 | _Inout_ PTP_WORK Work
208 | );
209 |
210 | // winbase:WaitForThreadpoolWorkCallbacks
211 | NTSYSAPI
212 | VOID
213 | NTAPI
214 | TpWaitForWork(
215 | _Inout_ PTP_WORK Work,
216 | _In_ LOGICAL CancelPendingCallbacks
217 | );
218 |
219 | // private
220 | _Check_return_
221 | NTSYSAPI
222 | NTSTATUS
223 | NTAPI
224 | TpAllocTimer(
225 | _Out_ PTP_TIMER *Timer,
226 | _In_ PTP_TIMER_CALLBACK Callback,
227 | _Inout_opt_ PVOID Context,
228 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
229 | );
230 |
231 | // winbase:CloseThreadpoolTimer
232 | NTSYSAPI
233 | VOID
234 | NTAPI
235 | TpReleaseTimer(
236 | _Inout_ PTP_TIMER Timer
237 | );
238 |
239 | // winbase:SetThreadpoolTimer
240 | NTSYSAPI
241 | VOID
242 | NTAPI
243 | TpSetTimer(
244 | _Inout_ PTP_TIMER Timer,
245 | _In_opt_ PLARGE_INTEGER DueTime,
246 | _In_ LONG Period,
247 | _In_opt_ LONG WindowLength
248 | );
249 |
250 | // winbase:IsThreadpoolTimerSet
251 | NTSYSAPI
252 | LOGICAL
253 | NTAPI
254 | TpIsTimerSet(
255 | _In_ PTP_TIMER Timer
256 | );
257 |
258 | // winbase:WaitForThreadpoolTimerCallbacks
259 | NTSYSAPI
260 | VOID
261 | NTAPI
262 | TpWaitForTimer(
263 | _Inout_ PTP_TIMER Timer,
264 | _In_ LOGICAL CancelPendingCallbacks
265 | );
266 |
267 | // private
268 | _Check_return_
269 | NTSYSAPI
270 | NTSTATUS
271 | NTAPI
272 | TpAllocWait(
273 | _Out_ PTP_WAIT *WaitReturn,
274 | _In_ PTP_WAIT_CALLBACK Callback,
275 | _Inout_opt_ PVOID Context,
276 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
277 | );
278 |
279 | // winbase:CloseThreadpoolWait
280 | NTSYSAPI
281 | VOID
282 | NTAPI
283 | TpReleaseWait(
284 | _Inout_ PTP_WAIT Wait
285 | );
286 |
287 | // winbase:SetThreadpoolWait
288 | NTSYSAPI
289 | VOID
290 | NTAPI
291 | TpSetWait(
292 | _Inout_ PTP_WAIT Wait,
293 | _In_opt_ HANDLE Handle,
294 | _In_opt_ PLARGE_INTEGER Timeout
295 | );
296 |
297 | // winbase:WaitForThreadpoolWaitCallbacks
298 | NTSYSAPI
299 | VOID
300 | NTAPI
301 | TpWaitForWait(
302 | _Inout_ PTP_WAIT Wait,
303 | _In_ LOGICAL CancelPendingCallbacks
304 | );
305 |
306 | // private
307 | typedef VOID (NTAPI *PTP_IO_CALLBACK)(
308 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
309 | _Inout_opt_ PVOID Context,
310 | _In_ PVOID ApcContext,
311 | _In_ PIO_STATUS_BLOCK IoSB,
312 | _In_ PTP_IO Io
313 | );
314 |
315 | // private
316 | _Check_return_
317 | NTSYSAPI
318 | NTSTATUS
319 | NTAPI
320 | TpAllocIoCompletion(
321 | _Out_ PTP_IO *IoReturn,
322 | _In_ HANDLE File,
323 | _In_ PTP_IO_CALLBACK Callback,
324 | _Inout_opt_ PVOID Context,
325 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
326 | );
327 |
328 | // winbase:CloseThreadpoolIo
329 | NTSYSAPI
330 | VOID
331 | NTAPI
332 | TpReleaseIoCompletion(
333 | _Inout_ PTP_IO Io
334 | );
335 |
336 | // winbase:StartThreadpoolIo
337 | NTSYSAPI
338 | VOID
339 | NTAPI
340 | TpStartAsyncIoOperation(
341 | _Inout_ PTP_IO Io
342 | );
343 |
344 | // winbase:CancelThreadpoolIo
345 | NTSYSAPI
346 | VOID
347 | NTAPI
348 | TpCancelAsyncIoOperation(
349 | _Inout_ PTP_IO Io
350 | );
351 |
352 | // winbase:WaitForThreadpoolIoCallbacks
353 | NTSYSAPI
354 | VOID
355 | NTAPI
356 | TpWaitForIoCompletion(
357 | _Inout_ PTP_IO Io,
358 | _In_ LOGICAL CancelPendingCallbacks
359 | );
360 |
361 | // private
362 | NTSYSAPI
363 | NTSTATUS
364 | NTAPI
365 | TpAllocAlpcCompletion(
366 | _Out_ PTP_ALPC *AlpcReturn,
367 | _In_ HANDLE AlpcPort,
368 | _In_ PTP_ALPC_CALLBACK Callback,
369 | _Inout_opt_ PVOID Context,
370 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
371 | );
372 |
373 | #if (NTDDI_VERSION >= NTDDI_WIN7)
374 | // rev
375 | NTSYSAPI
376 | NTSTATUS
377 | NTAPI
378 | TpAllocAlpcCompletionEx(
379 | _Out_ PTP_ALPC *AlpcReturn,
380 | _In_ HANDLE AlpcPort,
381 | _In_ PTP_ALPC_CALLBACK_EX Callback,
382 | _Inout_opt_ PVOID Context,
383 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
384 | );
385 | #endif
386 |
387 | // private
388 | NTSYSAPI
389 | VOID
390 | NTAPI
391 | TpReleaseAlpcCompletion(
392 | _Inout_ PTP_ALPC Alpc
393 | );
394 |
395 | // private
396 | NTSYSAPI
397 | VOID
398 | NTAPI
399 | TpWaitForAlpcCompletion(
400 | _Inout_ PTP_ALPC Alpc
401 | );
402 |
403 | // private
404 | typedef enum _TP_TRACE_TYPE
405 | {
406 | TpTraceThreadPriority = 1,
407 | TpTraceThreadAffinity,
408 | MaxTpTraceType
409 | } TP_TRACE_TYPE;
410 |
411 | // private
412 | NTSYSAPI
413 | VOID
414 | NTAPI
415 | TpCaptureCaller(
416 | _In_ TP_TRACE_TYPE Type
417 | );
418 |
419 | // private
420 | NTSYSAPI
421 | VOID
422 | NTAPI
423 | TpCheckTerminateWorker(
424 | _In_ HANDLE Thread
425 | );
426 |
427 | #endif
428 |
429 |
--------------------------------------------------------------------------------
/KrkrzInternal/nttp.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | // Some types are already defined in winnt.h.
4 |
5 | typedef struct _TP_ALPC TP_ALPC, *PTP_ALPC;
6 |
7 | // private
8 | typedef VOID (NTAPI *PTP_ALPC_CALLBACK)(
9 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
10 | _Inout_opt_ PVOID Context,
11 | _In_ PTP_ALPC Alpc
12 | );
13 |
14 | // rev
15 | typedef VOID (NTAPI *PTP_ALPC_CALLBACK_EX)(
16 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
17 | _Inout_opt_ PVOID Context,
18 | _In_ PTP_ALPC Alpc,
19 | _In_ PVOID ApcContext
20 | );
21 |
22 | #if (NTDDI_VERSION >= NTDDI_VISTA)
23 |
24 | // private
25 | _Check_return_
26 | NTSYSAPI
27 | NTSTATUS
28 | NTAPI
29 | TpAllocPool(
30 | _Out_ PTP_POOL *PoolReturn,
31 | _Reserved_ PVOID Reserved
32 | );
33 |
34 | // winbase:CloseThreadpool
35 | NTSYSAPI
36 | VOID
37 | NTAPI
38 | TpReleasePool(
39 | _Inout_ PTP_POOL Pool
40 | );
41 |
42 | // winbase:SetThreadpoolThreadMaximum
43 | NTSYSAPI
44 | VOID
45 | NTAPI
46 | TpSetPoolMaxThreads(
47 | _Inout_ PTP_POOL Pool,
48 | _In_ LONG MaxThreads
49 | );
50 |
51 | // private
52 | NTSYSAPI
53 | NTSTATUS
54 | NTAPI
55 | TpSetPoolMinThreads(
56 | _Inout_ PTP_POOL Pool,
57 | _In_ LONG MinThreads
58 | );
59 |
60 | #if (NTDDI_VERSION >= NTDDI_WIN7)
61 | // rev
62 | NTSYSAPI
63 | NTSTATUS
64 | NTAPI
65 | TpQueryPoolStackInformation(
66 | _In_ PTP_POOL Pool,
67 | _Out_ PTP_POOL_STACK_INFORMATION PoolStackInformation
68 | );
69 | #endif
70 |
71 | #if (NTDDI_VERSION >= NTDDI_WIN7)
72 | // rev
73 | NTSYSAPI
74 | NTSTATUS
75 | NTAPI
76 | TpSetPoolStackInformation(
77 | _Inout_ PTP_POOL Pool,
78 | _In_ PTP_POOL_STACK_INFORMATION PoolStackInformation
79 | );
80 | #endif
81 |
82 | // private
83 | _Check_return_
84 | NTSYSAPI
85 | NTSTATUS
86 | NTAPI
87 | TpAllocCleanupGroup(
88 | _Out_ PTP_CLEANUP_GROUP *CleanupGroupReturn
89 | );
90 |
91 | // winbase:CloseThreadpoolCleanupGroup
92 | NTSYSAPI
93 | VOID
94 | NTAPI
95 | TpReleaseCleanupGroup(
96 | _Inout_ PTP_CLEANUP_GROUP CleanupGroup
97 | );
98 |
99 | // winbase:CloseThreadpoolCleanupGroupMembers
100 | NTSYSAPI
101 | VOID
102 | NTAPI
103 | TpReleaseCleanupGroupMembers(
104 | _Inout_ PTP_CLEANUP_GROUP CleanupGroup,
105 | _In_ LOGICAL CancelPendingCallbacks,
106 | _Inout_opt_ PVOID CleanupParameter
107 | );
108 |
109 | // winbase:SetEventWhenCallbackReturns
110 | NTSYSAPI
111 | VOID
112 | NTAPI
113 | TpCallbackSetEventOnCompletion(
114 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
115 | _In_ HANDLE Event
116 | );
117 |
118 | // winbase:ReleaseSemaphoreWhenCallbackReturns
119 | NTSYSAPI
120 | VOID
121 | NTAPI
122 | TpCallbackReleaseSemaphoreOnCompletion(
123 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
124 | _In_ HANDLE Semaphore,
125 | _In_ LONG ReleaseCount
126 | );
127 |
128 | // winbase:ReleaseMutexWhenCallbackReturns
129 | NTSYSAPI
130 | VOID
131 | NTAPI
132 | TpCallbackReleaseMutexOnCompletion(
133 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
134 | _In_ HANDLE Mutex
135 | );
136 |
137 | // winbase:LeaveCriticalSectionWhenCallbackReturns
138 | NTSYSAPI
139 | VOID
140 | NTAPI
141 | TpCallbackLeaveCriticalSectionOnCompletion(
142 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
143 | _Inout_ PRTL_CRITICAL_SECTION CriticalSection
144 | );
145 |
146 | // winbase:FreeLibraryWhenCallbackReturns
147 | NTSYSAPI
148 | VOID
149 | NTAPI
150 | TpCallbackUnloadDllOnCompletion(
151 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
152 | _In_ PVOID DllHandle
153 | );
154 |
155 | // winbase:CallbackMayRunLong
156 | NTSYSAPI
157 | NTSTATUS
158 | NTAPI
159 | TpCallbackMayRunLong(
160 | _Inout_ PTP_CALLBACK_INSTANCE Instance
161 | );
162 |
163 | // winbase:DisassociateCurrentThreadFromCallback
164 | NTSYSAPI
165 | VOID
166 | NTAPI
167 | TpDisassociateCallback(
168 | _Inout_ PTP_CALLBACK_INSTANCE Instance
169 | );
170 |
171 | // winbase:TrySubmitThreadpoolCallback
172 | _Check_return_
173 | NTSYSAPI
174 | NTSTATUS
175 | NTAPI
176 | TpSimpleTryPost(
177 | _In_ PTP_SIMPLE_CALLBACK Callback,
178 | _Inout_opt_ PVOID Context,
179 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
180 | );
181 |
182 | // private
183 | _Check_return_
184 | NTSYSAPI
185 | NTSTATUS
186 | NTAPI
187 | TpAllocWork(
188 | _Out_ PTP_WORK *WorkReturn,
189 | _In_ PTP_WORK_CALLBACK Callback,
190 | _Inout_opt_ PVOID Context,
191 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
192 | );
193 |
194 | // winbase:CloseThreadpoolWork
195 | NTSYSAPI
196 | VOID
197 | NTAPI
198 | TpReleaseWork(
199 | _Inout_ PTP_WORK Work
200 | );
201 |
202 | // winbase:SubmitThreadpoolWork
203 | NTSYSAPI
204 | VOID
205 | NTAPI
206 | TpPostWork(
207 | _Inout_ PTP_WORK Work
208 | );
209 |
210 | // winbase:WaitForThreadpoolWorkCallbacks
211 | NTSYSAPI
212 | VOID
213 | NTAPI
214 | TpWaitForWork(
215 | _Inout_ PTP_WORK Work,
216 | _In_ LOGICAL CancelPendingCallbacks
217 | );
218 |
219 | // private
220 | _Check_return_
221 | NTSYSAPI
222 | NTSTATUS
223 | NTAPI
224 | TpAllocTimer(
225 | _Out_ PTP_TIMER *Timer,
226 | _In_ PTP_TIMER_CALLBACK Callback,
227 | _Inout_opt_ PVOID Context,
228 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
229 | );
230 |
231 | // winbase:CloseThreadpoolTimer
232 | NTSYSAPI
233 | VOID
234 | NTAPI
235 | TpReleaseTimer(
236 | _Inout_ PTP_TIMER Timer
237 | );
238 |
239 | // winbase:SetThreadpoolTimer
240 | NTSYSAPI
241 | VOID
242 | NTAPI
243 | TpSetTimer(
244 | _Inout_ PTP_TIMER Timer,
245 | _In_opt_ PLARGE_INTEGER DueTime,
246 | _In_ LONG Period,
247 | _In_opt_ LONG WindowLength
248 | );
249 |
250 | // winbase:IsThreadpoolTimerSet
251 | NTSYSAPI
252 | LOGICAL
253 | NTAPI
254 | TpIsTimerSet(
255 | _In_ PTP_TIMER Timer
256 | );
257 |
258 | // winbase:WaitForThreadpoolTimerCallbacks
259 | NTSYSAPI
260 | VOID
261 | NTAPI
262 | TpWaitForTimer(
263 | _Inout_ PTP_TIMER Timer,
264 | _In_ LOGICAL CancelPendingCallbacks
265 | );
266 |
267 | // private
268 | _Check_return_
269 | NTSYSAPI
270 | NTSTATUS
271 | NTAPI
272 | TpAllocWait(
273 | _Out_ PTP_WAIT *WaitReturn,
274 | _In_ PTP_WAIT_CALLBACK Callback,
275 | _Inout_opt_ PVOID Context,
276 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
277 | );
278 |
279 | // winbase:CloseThreadpoolWait
280 | NTSYSAPI
281 | VOID
282 | NTAPI
283 | TpReleaseWait(
284 | _Inout_ PTP_WAIT Wait
285 | );
286 |
287 | // winbase:SetThreadpoolWait
288 | NTSYSAPI
289 | VOID
290 | NTAPI
291 | TpSetWait(
292 | _Inout_ PTP_WAIT Wait,
293 | _In_opt_ HANDLE Handle,
294 | _In_opt_ PLARGE_INTEGER Timeout
295 | );
296 |
297 | // winbase:WaitForThreadpoolWaitCallbacks
298 | NTSYSAPI
299 | VOID
300 | NTAPI
301 | TpWaitForWait(
302 | _Inout_ PTP_WAIT Wait,
303 | _In_ LOGICAL CancelPendingCallbacks
304 | );
305 |
306 | // private
307 | typedef VOID (NTAPI *PTP_IO_CALLBACK)(
308 | _Inout_ PTP_CALLBACK_INSTANCE Instance,
309 | _Inout_opt_ PVOID Context,
310 | _In_ PVOID ApcContext,
311 | _In_ PIO_STATUS_BLOCK IoSB,
312 | _In_ PTP_IO Io
313 | );
314 |
315 | // private
316 | _Check_return_
317 | NTSYSAPI
318 | NTSTATUS
319 | NTAPI
320 | TpAllocIoCompletion(
321 | _Out_ PTP_IO *IoReturn,
322 | _In_ HANDLE File,
323 | _In_ PTP_IO_CALLBACK Callback,
324 | _Inout_opt_ PVOID Context,
325 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
326 | );
327 |
328 | // winbase:CloseThreadpoolIo
329 | NTSYSAPI
330 | VOID
331 | NTAPI
332 | TpReleaseIoCompletion(
333 | _Inout_ PTP_IO Io
334 | );
335 |
336 | // winbase:StartThreadpoolIo
337 | NTSYSAPI
338 | VOID
339 | NTAPI
340 | TpStartAsyncIoOperation(
341 | _Inout_ PTP_IO Io
342 | );
343 |
344 | // winbase:CancelThreadpoolIo
345 | NTSYSAPI
346 | VOID
347 | NTAPI
348 | TpCancelAsyncIoOperation(
349 | _Inout_ PTP_IO Io
350 | );
351 |
352 | // winbase:WaitForThreadpoolIoCallbacks
353 | NTSYSAPI
354 | VOID
355 | NTAPI
356 | TpWaitForIoCompletion(
357 | _Inout_ PTP_IO Io,
358 | _In_ LOGICAL CancelPendingCallbacks
359 | );
360 |
361 | // private
362 | NTSYSAPI
363 | NTSTATUS
364 | NTAPI
365 | TpAllocAlpcCompletion(
366 | _Out_ PTP_ALPC *AlpcReturn,
367 | _In_ HANDLE AlpcPort,
368 | _In_ PTP_ALPC_CALLBACK Callback,
369 | _Inout_opt_ PVOID Context,
370 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
371 | );
372 |
373 | #if (NTDDI_VERSION >= NTDDI_WIN7)
374 | // rev
375 | NTSYSAPI
376 | NTSTATUS
377 | NTAPI
378 | TpAllocAlpcCompletionEx(
379 | _Out_ PTP_ALPC *AlpcReturn,
380 | _In_ HANDLE AlpcPort,
381 | _In_ PTP_ALPC_CALLBACK_EX Callback,
382 | _Inout_opt_ PVOID Context,
383 | _In_opt_ PTP_CALLBACK_ENVIRON CallbackEnviron
384 | );
385 | #endif
386 |
387 | // private
388 | NTSYSAPI
389 | VOID
390 | NTAPI
391 | TpReleaseAlpcCompletion(
392 | _Inout_ PTP_ALPC Alpc
393 | );
394 |
395 | // private
396 | NTSYSAPI
397 | VOID
398 | NTAPI
399 | TpWaitForAlpcCompletion(
400 | _Inout_ PTP_ALPC Alpc
401 | );
402 |
403 | // private
404 | typedef enum _TP_TRACE_TYPE
405 | {
406 | TpTraceThreadPriority = 1,
407 | TpTraceThreadAffinity,
408 | MaxTpTraceType
409 | } TP_TRACE_TYPE;
410 |
411 | // private
412 | NTSYSAPI
413 | VOID
414 | NTAPI
415 | TpCaptureCaller(
416 | _In_ TP_TRACE_TYPE Type
417 | );
418 |
419 | // private
420 | NTSYSAPI
421 | VOID
422 | NTAPI
423 | TpCheckTerminateWorker(
424 | _In_ HANDLE Thread
425 | );
426 |
427 | #endif
428 |
429 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntobapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define OBJECT_TYPE_CREATE 0x0001
4 | #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
5 |
6 | #define DIRECTORY_QUERY 0x0001
7 | #define DIRECTORY_TRAVERSE 0x0002
8 | #define DIRECTORY_CREATE_OBJECT 0x0004
9 | #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
10 | #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xf)
11 |
12 | #define SYMBOLIC_LINK_QUERY 0x0001
13 | #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
14 |
15 | #define OBJ_PROTECT_CLOSE 0x00000001
16 | #ifndef OBJ_INHERIT
17 | #define OBJ_INHERIT 0x00000002
18 | #endif
19 | #define OBJ_AUDIT_OBJECT_CLOSE 0x00000004
20 |
21 | typedef enum _OBJECT_INFORMATION_CLASS
22 | {
23 | ObjectBasicInformation, // OBJECT_BASIC_INFORMATION
24 | ObjectNameInformation, // OBJECT_NAME_INFORMATION
25 | ObjectTypeInformation, // OBJECT_TYPE_INFORMATION
26 | ObjectTypesInformation, // OBJECT_TYPES_INFORMATION
27 | ObjectHandleFlagInformation, // OBJECT_HANDLE_FLAG_INFORMATION
28 | ObjectSessionInformation,
29 | ObjectSessionObjectInformation,
30 | MaxObjectInfoClass
31 | } OBJECT_INFORMATION_CLASS;
32 |
33 | typedef struct _OBJECT_BASIC_INFORMATION
34 | {
35 | ULONG Attributes;
36 | ACCESS_MASK GrantedAccess;
37 | ULONG HandleCount;
38 | ULONG PointerCount;
39 | ULONG PagedPoolCharge;
40 | ULONG NonPagedPoolCharge;
41 | ULONG Reserved[3];
42 | ULONG NameInfoSize;
43 | ULONG TypeInfoSize;
44 | ULONG SecurityDescriptorSize;
45 | LARGE_INTEGER CreationTime;
46 | } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
47 |
48 | typedef struct _OBJECT_NAME_INFORMATION
49 | {
50 | UNICODE_STRING Name;
51 | } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
52 |
53 | typedef struct _OBJECT_TYPE_INFORMATION
54 | {
55 | UNICODE_STRING TypeName;
56 | ULONG TotalNumberOfObjects;
57 | ULONG TotalNumberOfHandles;
58 | ULONG TotalPagedPoolUsage;
59 | ULONG TotalNonPagedPoolUsage;
60 | ULONG TotalNamePoolUsage;
61 | ULONG TotalHandleTableUsage;
62 | ULONG HighWaterNumberOfObjects;
63 | ULONG HighWaterNumberOfHandles;
64 | ULONG HighWaterPagedPoolUsage;
65 | ULONG HighWaterNonPagedPoolUsage;
66 | ULONG HighWaterNamePoolUsage;
67 | ULONG HighWaterHandleTableUsage;
68 | ULONG InvalidAttributes;
69 | GENERIC_MAPPING GenericMapping;
70 | ULONG ValidAccessMask;
71 | BOOLEAN SecurityRequired;
72 | BOOLEAN MaintainHandleCount;
73 | UCHAR TypeIndex; // since WINBLUE
74 | CHAR ReservedByte;
75 | ULONG PoolType;
76 | ULONG DefaultPagedPoolCharge;
77 | ULONG DefaultNonPagedPoolCharge;
78 | } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
79 |
80 | typedef struct _OBJECT_TYPES_INFORMATION
81 | {
82 | ULONG NumberOfTypes;
83 | } OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
84 |
85 | typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
86 | {
87 | BOOLEAN Inherit;
88 | BOOLEAN ProtectFromClose;
89 | } OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION;
90 |
91 | // Objects, handles
92 |
93 | NTSYSCALLAPI
94 | NTSTATUS
95 | NTAPI
96 | NtQueryObject(
97 | _In_opt_ HANDLE Handle,
98 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
99 | _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
100 | _In_ ULONG ObjectInformationLength,
101 | _Out_opt_ PULONG ReturnLength
102 | );
103 |
104 |
105 | NTSYSCALLAPI
106 | NTSTATUS
107 | NTAPI
108 | ZwQueryObject(
109 | _In_opt_ HANDLE Handle,
110 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
111 | _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
112 | _In_ ULONG ObjectInformationLength,
113 | _Out_opt_ PULONG ReturnLength
114 | );
115 |
116 |
117 | NTSYSCALLAPI
118 | NTSTATUS
119 | NTAPI
120 | NtSetInformationObject(
121 | _In_ HANDLE Handle,
122 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
123 | _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation,
124 | _In_ ULONG ObjectInformationLength
125 | );
126 |
127 | #define DUPLICATE_CLOSE_SOURCE 0x00000001
128 | #define DUPLICATE_SAME_ACCESS 0x00000002
129 | #define DUPLICATE_SAME_ATTRIBUTES 0x00000004
130 |
131 | NTSYSCALLAPI
132 | NTSTATUS
133 | NTAPI
134 | NtDuplicateObject(
135 | _In_ HANDLE SourceProcessHandle,
136 | _In_ HANDLE SourceHandle,
137 | _In_opt_ HANDLE TargetProcessHandle,
138 | _Out_opt_ PHANDLE TargetHandle,
139 | _In_ ACCESS_MASK DesiredAccess,
140 | _In_ ULONG HandleAttributes,
141 | _In_ ULONG Options
142 | );
143 |
144 |
145 |
146 | NTSYSCALLAPI
147 | NTSTATUS
148 | NTAPI
149 | ZwDuplicateObject(
150 | _In_ HANDLE SourceProcessHandle,
151 | _In_ HANDLE SourceHandle,
152 | _In_opt_ HANDLE TargetProcessHandle,
153 | _Out_opt_ PHANDLE TargetHandle,
154 | _In_ ACCESS_MASK DesiredAccess,
155 | _In_ ULONG HandleAttributes,
156 | _In_ ULONG Options
157 | );
158 |
159 |
160 |
161 | NTSYSCALLAPI
162 | NTSTATUS
163 | NTAPI
164 | NtMakeTemporaryObject(
165 | _In_ HANDLE Handle
166 | );
167 |
168 | NTSYSCALLAPI
169 | NTSTATUS
170 | NTAPI
171 | NtMakePermanentObject(
172 | _In_ HANDLE Handle
173 | );
174 |
175 | NTSYSCALLAPI
176 | NTSTATUS
177 | NTAPI
178 | NtSignalAndWaitForSingleObject(
179 | _In_ HANDLE SignalHandle,
180 | _In_ HANDLE WaitHandle,
181 | _In_ BOOLEAN Alertable,
182 | _In_opt_ PLARGE_INTEGER Timeout
183 | );
184 |
185 | NTSYSCALLAPI
186 | NTSTATUS
187 | NTAPI
188 | NtWaitForSingleObject(
189 | _In_ HANDLE Handle,
190 | _In_ BOOLEAN Alertable,
191 | _In_opt_ PLARGE_INTEGER Timeout
192 | );
193 |
194 | NTSYSCALLAPI
195 | NTSTATUS
196 | NTAPI
197 | NtWaitForMultipleObjects(
198 | _In_ ULONG Count,
199 | _In_reads_(Count) HANDLE Handles[],
200 | _In_ WAIT_TYPE WaitType,
201 | _In_ BOOLEAN Alertable,
202 | _In_opt_ PLARGE_INTEGER Timeout
203 | );
204 |
205 | #if (NTDDI_VERSION >= NTDDI_WS03)
206 | NTSYSCALLAPI
207 | NTSTATUS
208 | NTAPI
209 | NtWaitForMultipleObjects32(
210 | _In_ ULONG Count,
211 | _In_reads_(Count) LONG Handles[],
212 | _In_ WAIT_TYPE WaitType,
213 | _In_ BOOLEAN Alertable,
214 | _In_opt_ PLARGE_INTEGER Timeout
215 | );
216 | #endif
217 |
218 | NTSYSCALLAPI
219 | NTSTATUS
220 | NTAPI
221 | NtSetSecurityObject(
222 | _In_ HANDLE Handle,
223 | _In_ SECURITY_INFORMATION SecurityInformation,
224 | _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
225 | );
226 |
227 | NTSYSCALLAPI
228 | NTSTATUS
229 | NTAPI
230 | NtQuerySecurityObject(
231 | _In_ HANDLE Handle,
232 | _In_ SECURITY_INFORMATION SecurityInformation,
233 | _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
234 | _In_ ULONG Length,
235 | _Out_ PULONG LengthNeeded
236 | );
237 |
238 | NTSYSCALLAPI
239 | NTSTATUS
240 | NTAPI
241 | NtClose(
242 | _In_ HANDLE Handle
243 | );
244 |
245 | NTSYSCALLAPI
246 | NTSTATUS
247 | NTAPI
248 | ZwClose(
249 | _In_ HANDLE Handle
250 | );
251 |
252 | #if (NTDDI_VERSION >= NTDDI_WIN10)
253 | NTSYSCALLAPI
254 | NTSTATUS
255 | NTAPI
256 | NtCompareObjects(
257 | _In_ HANDLE FirstObjectHandle,
258 | _In_ HANDLE SecondObjectHandle
259 | );
260 | #endif
261 |
262 | // Directory objects
263 |
264 | NTSYSCALLAPI
265 | NTSTATUS
266 | NTAPI
267 | NtCreateDirectoryObject(
268 | _Out_ PHANDLE DirectoryHandle,
269 | _In_ ACCESS_MASK DesiredAccess,
270 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
271 | );
272 |
273 | #if (NTDDI_VERSION >= NTDDI_WIN8)
274 | NTSYSCALLAPI
275 | NTSTATUS
276 | NTAPI
277 | NtCreateDirectoryObjectEx(
278 | _Out_ PHANDLE DirectoryHandle,
279 | _In_ ACCESS_MASK DesiredAccess,
280 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
281 | _In_ HANDLE ShadowDirectoryHandle,
282 | _In_ ULONG Flags
283 | );
284 | #endif
285 |
286 | NTSYSCALLAPI
287 | NTSTATUS
288 | NTAPI
289 | NtOpenDirectoryObject(
290 | _Out_ PHANDLE DirectoryHandle,
291 | _In_ ACCESS_MASK DesiredAccess,
292 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
293 | );
294 |
295 | typedef struct _OBJECT_DIRECTORY_INFORMATION
296 | {
297 | UNICODE_STRING Name;
298 | UNICODE_STRING TypeName;
299 | } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
300 |
301 | NTSYSCALLAPI
302 | NTSTATUS
303 | NTAPI
304 | NtQueryDirectoryObject(
305 | _In_ HANDLE DirectoryHandle,
306 | _Out_writes_bytes_opt_(Length) PVOID Buffer,
307 | _In_ ULONG Length,
308 | _In_ BOOLEAN ReturnSingleEntry,
309 | _In_ BOOLEAN RestartScan,
310 | _Inout_ PULONG Context,
311 | _Out_opt_ PULONG ReturnLength
312 | );
313 |
314 |
315 | NTSYSCALLAPI
316 | NTSTATUS
317 | NTAPI
318 | NtQueryDirectoryFileEx(
319 | _In_ HANDLE FileHandle,
320 | _In_opt_ HANDLE Event,
321 | _In_opt_ struct IO_APC_ROUTINE *ApcRoutine,
322 | _In_opt_ PVOID ApcContext,
323 | _Out_ PIO_STATUS_BLOCK IoStatusBlock,
324 | _Out_writes_bytes_(Length) PVOID FileInformation,
325 | _In_ ULONG Length,
326 | _In_ FILE_INFORMATION_CLASS FileInformationClass,
327 | _In_ ULONG QueryFlags,
328 | _In_opt_ PUNICODE_STRING FileName
329 | );
330 |
331 | // Private namespaces
332 |
333 | #if (NTDDI_VERSION >= NTDDI_VISTA)
334 |
335 | NTSYSCALLAPI
336 | NTSTATUS
337 | NTAPI
338 | NtCreatePrivateNamespace(
339 | _Out_ PHANDLE NamespaceHandle,
340 | _In_ ACCESS_MASK DesiredAccess,
341 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
342 | _In_ PVOID BoundaryDescriptor
343 | );
344 |
345 | NTSYSCALLAPI
346 | NTSTATUS
347 | NTAPI
348 | NtOpenPrivateNamespace(
349 | _Out_ PHANDLE NamespaceHandle,
350 | _In_ ACCESS_MASK DesiredAccess,
351 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
352 | _In_ PVOID BoundaryDescriptor
353 | );
354 |
355 | NTSYSCALLAPI
356 | NTSTATUS
357 | NTAPI
358 | NtDeletePrivateNamespace(
359 | _In_ HANDLE NamespaceHandle
360 | );
361 |
362 | #endif
363 |
364 | // Symbolic links
365 |
366 | NTSYSCALLAPI
367 | NTSTATUS
368 | NTAPI
369 | NtCreateSymbolicLinkObject(
370 | _Out_ PHANDLE LinkHandle,
371 | _In_ ACCESS_MASK DesiredAccess,
372 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
373 | _In_ PUNICODE_STRING LinkTarget
374 | );
375 |
376 | NTSYSCALLAPI
377 | NTSTATUS
378 | NTAPI
379 | NtOpenSymbolicLinkObject(
380 | _Out_ PHANDLE LinkHandle,
381 | _In_ ACCESS_MASK DesiredAccess,
382 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
383 | );
384 |
385 | NTSYSCALLAPI
386 | NTSTATUS
387 | NTAPI
388 | NtQuerySymbolicLinkObject(
389 | _In_ HANDLE LinkHandle,
390 | _Inout_ PUNICODE_STRING LinkTarget,
391 | _Out_opt_ PULONG ReturnedLength
392 | );
393 |
394 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntobapi.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | #define OBJECT_TYPE_CREATE 0x0001
4 | #define OBJECT_TYPE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
5 |
6 | #define DIRECTORY_QUERY 0x0001
7 | #define DIRECTORY_TRAVERSE 0x0002
8 | #define DIRECTORY_CREATE_OBJECT 0x0004
9 | #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
10 | #define DIRECTORY_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0xf)
11 |
12 | #define SYMBOLIC_LINK_QUERY 0x0001
13 | #define SYMBOLIC_LINK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | 0x1)
14 |
15 | #define OBJ_PROTECT_CLOSE 0x00000001
16 | #ifndef OBJ_INHERIT
17 | #define OBJ_INHERIT 0x00000002
18 | #endif
19 | #define OBJ_AUDIT_OBJECT_CLOSE 0x00000004
20 |
21 | typedef enum _OBJECT_INFORMATION_CLASS
22 | {
23 | ObjectBasicInformation, // OBJECT_BASIC_INFORMATION
24 | ObjectNameInformation, // OBJECT_NAME_INFORMATION
25 | ObjectTypeInformation, // OBJECT_TYPE_INFORMATION
26 | ObjectTypesInformation, // OBJECT_TYPES_INFORMATION
27 | ObjectHandleFlagInformation, // OBJECT_HANDLE_FLAG_INFORMATION
28 | ObjectSessionInformation,
29 | ObjectSessionObjectInformation,
30 | MaxObjectInfoClass
31 | } OBJECT_INFORMATION_CLASS;
32 |
33 | typedef struct _OBJECT_BASIC_INFORMATION
34 | {
35 | ULONG Attributes;
36 | ACCESS_MASK GrantedAccess;
37 | ULONG HandleCount;
38 | ULONG PointerCount;
39 | ULONG PagedPoolCharge;
40 | ULONG NonPagedPoolCharge;
41 | ULONG Reserved[3];
42 | ULONG NameInfoSize;
43 | ULONG TypeInfoSize;
44 | ULONG SecurityDescriptorSize;
45 | LARGE_INTEGER CreationTime;
46 | } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
47 |
48 | typedef struct _OBJECT_NAME_INFORMATION
49 | {
50 | UNICODE_STRING Name;
51 | } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
52 |
53 | typedef struct _OBJECT_TYPE_INFORMATION
54 | {
55 | UNICODE_STRING TypeName;
56 | ULONG TotalNumberOfObjects;
57 | ULONG TotalNumberOfHandles;
58 | ULONG TotalPagedPoolUsage;
59 | ULONG TotalNonPagedPoolUsage;
60 | ULONG TotalNamePoolUsage;
61 | ULONG TotalHandleTableUsage;
62 | ULONG HighWaterNumberOfObjects;
63 | ULONG HighWaterNumberOfHandles;
64 | ULONG HighWaterPagedPoolUsage;
65 | ULONG HighWaterNonPagedPoolUsage;
66 | ULONG HighWaterNamePoolUsage;
67 | ULONG HighWaterHandleTableUsage;
68 | ULONG InvalidAttributes;
69 | GENERIC_MAPPING GenericMapping;
70 | ULONG ValidAccessMask;
71 | BOOLEAN SecurityRequired;
72 | BOOLEAN MaintainHandleCount;
73 | UCHAR TypeIndex; // since WINBLUE
74 | CHAR ReservedByte;
75 | ULONG PoolType;
76 | ULONG DefaultPagedPoolCharge;
77 | ULONG DefaultNonPagedPoolCharge;
78 | } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
79 |
80 | typedef struct _OBJECT_TYPES_INFORMATION
81 | {
82 | ULONG NumberOfTypes;
83 | } OBJECT_TYPES_INFORMATION, *POBJECT_TYPES_INFORMATION;
84 |
85 | typedef struct _OBJECT_HANDLE_FLAG_INFORMATION
86 | {
87 | BOOLEAN Inherit;
88 | BOOLEAN ProtectFromClose;
89 | } OBJECT_HANDLE_FLAG_INFORMATION, *POBJECT_HANDLE_FLAG_INFORMATION;
90 |
91 | // Objects, handles
92 |
93 | NTSYSCALLAPI
94 | NTSTATUS
95 | NTAPI
96 | NtQueryObject(
97 | _In_opt_ HANDLE Handle,
98 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
99 | _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
100 | _In_ ULONG ObjectInformationLength,
101 | _Out_opt_ PULONG ReturnLength
102 | );
103 |
104 |
105 | NTSYSCALLAPI
106 | NTSTATUS
107 | NTAPI
108 | ZwQueryObject(
109 | _In_opt_ HANDLE Handle,
110 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
111 | _Out_writes_bytes_opt_(ObjectInformationLength) PVOID ObjectInformation,
112 | _In_ ULONG ObjectInformationLength,
113 | _Out_opt_ PULONG ReturnLength
114 | );
115 |
116 |
117 | NTSYSCALLAPI
118 | NTSTATUS
119 | NTAPI
120 | NtSetInformationObject(
121 | _In_ HANDLE Handle,
122 | _In_ OBJECT_INFORMATION_CLASS ObjectInformationClass,
123 | _In_reads_bytes_(ObjectInformationLength) PVOID ObjectInformation,
124 | _In_ ULONG ObjectInformationLength
125 | );
126 |
127 | #define DUPLICATE_CLOSE_SOURCE 0x00000001
128 | #define DUPLICATE_SAME_ACCESS 0x00000002
129 | #define DUPLICATE_SAME_ATTRIBUTES 0x00000004
130 |
131 | NTSYSCALLAPI
132 | NTSTATUS
133 | NTAPI
134 | NtDuplicateObject(
135 | _In_ HANDLE SourceProcessHandle,
136 | _In_ HANDLE SourceHandle,
137 | _In_opt_ HANDLE TargetProcessHandle,
138 | _Out_opt_ PHANDLE TargetHandle,
139 | _In_ ACCESS_MASK DesiredAccess,
140 | _In_ ULONG HandleAttributes,
141 | _In_ ULONG Options
142 | );
143 |
144 |
145 |
146 | NTSYSCALLAPI
147 | NTSTATUS
148 | NTAPI
149 | ZwDuplicateObject(
150 | _In_ HANDLE SourceProcessHandle,
151 | _In_ HANDLE SourceHandle,
152 | _In_opt_ HANDLE TargetProcessHandle,
153 | _Out_opt_ PHANDLE TargetHandle,
154 | _In_ ACCESS_MASK DesiredAccess,
155 | _In_ ULONG HandleAttributes,
156 | _In_ ULONG Options
157 | );
158 |
159 |
160 |
161 | NTSYSCALLAPI
162 | NTSTATUS
163 | NTAPI
164 | NtMakeTemporaryObject(
165 | _In_ HANDLE Handle
166 | );
167 |
168 | NTSYSCALLAPI
169 | NTSTATUS
170 | NTAPI
171 | NtMakePermanentObject(
172 | _In_ HANDLE Handle
173 | );
174 |
175 | NTSYSCALLAPI
176 | NTSTATUS
177 | NTAPI
178 | NtSignalAndWaitForSingleObject(
179 | _In_ HANDLE SignalHandle,
180 | _In_ HANDLE WaitHandle,
181 | _In_ BOOLEAN Alertable,
182 | _In_opt_ PLARGE_INTEGER Timeout
183 | );
184 |
185 | NTSYSCALLAPI
186 | NTSTATUS
187 | NTAPI
188 | NtWaitForSingleObject(
189 | _In_ HANDLE Handle,
190 | _In_ BOOLEAN Alertable,
191 | _In_opt_ PLARGE_INTEGER Timeout
192 | );
193 |
194 | NTSYSCALLAPI
195 | NTSTATUS
196 | NTAPI
197 | NtWaitForMultipleObjects(
198 | _In_ ULONG Count,
199 | _In_reads_(Count) HANDLE Handles[],
200 | _In_ WAIT_TYPE WaitType,
201 | _In_ BOOLEAN Alertable,
202 | _In_opt_ PLARGE_INTEGER Timeout
203 | );
204 |
205 | #if (NTDDI_VERSION >= NTDDI_WS03)
206 | NTSYSCALLAPI
207 | NTSTATUS
208 | NTAPI
209 | NtWaitForMultipleObjects32(
210 | _In_ ULONG Count,
211 | _In_reads_(Count) LONG Handles[],
212 | _In_ WAIT_TYPE WaitType,
213 | _In_ BOOLEAN Alertable,
214 | _In_opt_ PLARGE_INTEGER Timeout
215 | );
216 | #endif
217 |
218 | NTSYSCALLAPI
219 | NTSTATUS
220 | NTAPI
221 | NtSetSecurityObject(
222 | _In_ HANDLE Handle,
223 | _In_ SECURITY_INFORMATION SecurityInformation,
224 | _In_ PSECURITY_DESCRIPTOR SecurityDescriptor
225 | );
226 |
227 | NTSYSCALLAPI
228 | NTSTATUS
229 | NTAPI
230 | NtQuerySecurityObject(
231 | _In_ HANDLE Handle,
232 | _In_ SECURITY_INFORMATION SecurityInformation,
233 | _Out_writes_bytes_opt_(Length) PSECURITY_DESCRIPTOR SecurityDescriptor,
234 | _In_ ULONG Length,
235 | _Out_ PULONG LengthNeeded
236 | );
237 |
238 | NTSYSCALLAPI
239 | NTSTATUS
240 | NTAPI
241 | NtClose(
242 | _In_ HANDLE Handle
243 | );
244 |
245 | NTSYSCALLAPI
246 | NTSTATUS
247 | NTAPI
248 | ZwClose(
249 | _In_ HANDLE Handle
250 | );
251 |
252 | #if (NTDDI_VERSION >= NTDDI_WIN10)
253 | NTSYSCALLAPI
254 | NTSTATUS
255 | NTAPI
256 | NtCompareObjects(
257 | _In_ HANDLE FirstObjectHandle,
258 | _In_ HANDLE SecondObjectHandle
259 | );
260 | #endif
261 |
262 | // Directory objects
263 |
264 | NTSYSCALLAPI
265 | NTSTATUS
266 | NTAPI
267 | NtCreateDirectoryObject(
268 | _Out_ PHANDLE DirectoryHandle,
269 | _In_ ACCESS_MASK DesiredAccess,
270 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
271 | );
272 |
273 | #if (NTDDI_VERSION >= NTDDI_WIN8)
274 | NTSYSCALLAPI
275 | NTSTATUS
276 | NTAPI
277 | NtCreateDirectoryObjectEx(
278 | _Out_ PHANDLE DirectoryHandle,
279 | _In_ ACCESS_MASK DesiredAccess,
280 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
281 | _In_ HANDLE ShadowDirectoryHandle,
282 | _In_ ULONG Flags
283 | );
284 | #endif
285 |
286 | NTSYSCALLAPI
287 | NTSTATUS
288 | NTAPI
289 | NtOpenDirectoryObject(
290 | _Out_ PHANDLE DirectoryHandle,
291 | _In_ ACCESS_MASK DesiredAccess,
292 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
293 | );
294 |
295 | typedef struct _OBJECT_DIRECTORY_INFORMATION
296 | {
297 | UNICODE_STRING Name;
298 | UNICODE_STRING TypeName;
299 | } OBJECT_DIRECTORY_INFORMATION, *POBJECT_DIRECTORY_INFORMATION;
300 |
301 | NTSYSCALLAPI
302 | NTSTATUS
303 | NTAPI
304 | NtQueryDirectoryObject(
305 | _In_ HANDLE DirectoryHandle,
306 | _Out_writes_bytes_opt_(Length) PVOID Buffer,
307 | _In_ ULONG Length,
308 | _In_ BOOLEAN ReturnSingleEntry,
309 | _In_ BOOLEAN RestartScan,
310 | _Inout_ PULONG Context,
311 | _Out_opt_ PULONG ReturnLength
312 | );
313 |
314 |
315 | NTSYSCALLAPI
316 | NTSTATUS
317 | NTAPI
318 | NtQueryDirectoryFileEx(
319 | _In_ HANDLE FileHandle,
320 | _In_opt_ HANDLE Event,
321 | _In_opt_ struct IO_APC_ROUTINE *ApcRoutine,
322 | _In_opt_ PVOID ApcContext,
323 | _Out_ PIO_STATUS_BLOCK IoStatusBlock,
324 | _Out_writes_bytes_(Length) PVOID FileInformation,
325 | _In_ ULONG Length,
326 | _In_ FILE_INFORMATION_CLASS FileInformationClass,
327 | _In_ ULONG QueryFlags,
328 | _In_opt_ PUNICODE_STRING FileName
329 | );
330 |
331 | // Private namespaces
332 |
333 | #if (NTDDI_VERSION >= NTDDI_VISTA)
334 |
335 | NTSYSCALLAPI
336 | NTSTATUS
337 | NTAPI
338 | NtCreatePrivateNamespace(
339 | _Out_ PHANDLE NamespaceHandle,
340 | _In_ ACCESS_MASK DesiredAccess,
341 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
342 | _In_ PVOID BoundaryDescriptor
343 | );
344 |
345 | NTSYSCALLAPI
346 | NTSTATUS
347 | NTAPI
348 | NtOpenPrivateNamespace(
349 | _Out_ PHANDLE NamespaceHandle,
350 | _In_ ACCESS_MASK DesiredAccess,
351 | _In_opt_ POBJECT_ATTRIBUTES ObjectAttributes,
352 | _In_ PVOID BoundaryDescriptor
353 | );
354 |
355 | NTSYSCALLAPI
356 | NTSTATUS
357 | NTAPI
358 | NtDeletePrivateNamespace(
359 | _In_ HANDLE NamespaceHandle
360 | );
361 |
362 | #endif
363 |
364 | // Symbolic links
365 |
366 | NTSYSCALLAPI
367 | NTSTATUS
368 | NTAPI
369 | NtCreateSymbolicLinkObject(
370 | _Out_ PHANDLE LinkHandle,
371 | _In_ ACCESS_MASK DesiredAccess,
372 | _In_ POBJECT_ATTRIBUTES ObjectAttributes,
373 | _In_ PUNICODE_STRING LinkTarget
374 | );
375 |
376 | NTSYSCALLAPI
377 | NTSTATUS
378 | NTAPI
379 | NtOpenSymbolicLinkObject(
380 | _Out_ PHANDLE LinkHandle,
381 | _In_ ACCESS_MASK DesiredAccess,
382 | _In_ POBJECT_ATTRIBUTES ObjectAttributes
383 | );
384 |
385 | NTSYSCALLAPI
386 | NTSTATUS
387 | NTAPI
388 | NtQuerySymbolicLinkObject(
389 | _In_ HANDLE LinkHandle,
390 | _Inout_ PUNICODE_STRING LinkTarget,
391 | _Out_opt_ PULONG ReturnedLength
392 | );
393 |
394 |
--------------------------------------------------------------------------------
/KrkrzInternal/KrkrzInternal.vcxproj:
--------------------------------------------------------------------------------
1 |
2 |
3 |
4 |
5 | Debug
6 | Win32
7 |
8 |
9 | Release
10 | Win32
11 |
12 |
13 | Debug
14 | x64
15 |
16 |
17 | Release
18 | x64
19 |
20 |
21 |
22 | 12.0
23 | {FC771FF5-F3B7-4739-B3EE-9DAD84C169D6}
24 | MFCDLLProj
25 | KrkrzInternal
26 | 10.0
27 |
28 |
29 |
30 | DynamicLibrary
31 | true
32 | v143
33 | Unicode
34 | Static
35 |
36 |
37 | DynamicLibrary
38 | false
39 | v143
40 | true
41 | Unicode
42 | Static
43 |
44 |
45 | DynamicLibrary
46 | true
47 | v143
48 | Unicode
49 | Static
50 |
51 |
52 | DynamicLibrary
53 | false
54 | v143
55 | true
56 | Unicode
57 | Static
58 |
59 |
60 |
61 |
62 |
63 |
64 |
65 |
66 |
67 |
68 |
69 |
70 |
71 |
72 |
73 |
74 |
75 |
76 |
77 |
78 | true
79 |
80 |
81 | true
82 |
83 |
84 | false
85 | KrkrzExtract
86 |
87 |
88 | false
89 |
90 |
91 |
92 | Use
93 | Level3
94 | Disabled
95 | WIN32;_WINDOWS;_DEBUG;_USRDLL;%(PreprocessorDefinitions)
96 |
97 |
98 | Windows
99 | .\KrkrzInternal.def
100 |
101 |
102 | false
103 | _DEBUG;%(PreprocessorDefinitions)
104 |
105 |
106 | 0x0804
107 | _DEBUG;%(PreprocessorDefinitions)
108 | $(IntDir);%(AdditionalIncludeDirectories)
109 |
110 |
111 |
112 |
113 | Use
114 | Level3
115 | Disabled
116 | _WINDOWS;_DEBUG;_USRDLL;%(PreprocessorDefinitions)
117 |
118 |
119 | Windows
120 | .\KrkrzInternal.def
121 |
122 |
123 | false
124 | _DEBUG;%(PreprocessorDefinitions)
125 |
126 |
127 | 0x0804
128 | _DEBUG;%(PreprocessorDefinitions)
129 | $(IntDir);%(AdditionalIncludeDirectories)
130 |
131 |
132 |
133 |
134 | NotUsing
135 | Level3
136 | MaxSpeed
137 | true
138 | true
139 | WIN32;_WINDOWS;NDEBUG;_USRDLL;%(PreprocessorDefinitions)
140 |
141 |
142 | Windows
143 | true
144 | true
145 | .\KrkrzInternal.def
146 |
147 |
148 | false
149 | NDEBUG;%(PreprocessorDefinitions)
150 |
151 |
152 | 0x0804
153 | NDEBUG;%(PreprocessorDefinitions)
154 | $(IntDir);%(AdditionalIncludeDirectories)
155 |
156 |
157 |
158 |
159 | NotUsing
160 | Level3
161 | MaxSpeed
162 | true
163 | true
164 | _WINDOWS;NDEBUG;_USRDLL;%(PreprocessorDefinitions)
165 |
166 |
167 | Windows
168 | true
169 | true
170 | .\KrkrzInternal.def
171 |
172 |
173 | false
174 | NDEBUG;%(PreprocessorDefinitions)
175 |
176 |
177 | 0x0804
178 | NDEBUG;%(PreprocessorDefinitions)
179 | $(IntDir);%(AdditionalIncludeDirectories)
180 |
181 |
182 |
183 |
184 |
185 |
186 | Create
187 | Create
188 | Create
189 | Create
190 |
191 |
192 |
193 |
194 |
195 |
196 |
197 |
198 |
199 |
200 |
201 |
202 |
203 |
204 |
205 |
206 |
207 |
208 |
209 |
210 |
211 |
212 |
213 |
214 |
215 |
216 |
217 |
--------------------------------------------------------------------------------
/KrkrzExtract/ntpebteb.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef struct _RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
4 | typedef struct _RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
5 |
6 | // private
7 | typedef struct _ACTIVATION_CONTEXT_STACK
8 | {
9 | struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* ActiveFrame;
10 | LIST_ENTRY FrameListCache;
11 | ULONG Flags;
12 | ULONG NextCookieSequenceNumber;
13 | ULONG StackId;
14 | } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
15 |
16 | // private
17 | typedef struct _API_SET_NAMESPACE
18 | {
19 | ULONG Version;
20 | ULONG Size;
21 | ULONG Flags;
22 | ULONG Count;
23 | ULONG EntryOffset;
24 | ULONG HashOffset;
25 | ULONG HashFactor;
26 | } API_SET_NAMESPACE, *PAPI_SET_NAMESPACE;
27 |
28 | // private
29 | typedef struct _API_SET_HASH_ENTRY
30 | {
31 | ULONG Hash;
32 | ULONG Index;
33 | } API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY;
34 |
35 | // private
36 | typedef struct _API_SET_NAMESPACE_ENTRY
37 | {
38 | ULONG Flags;
39 | ULONG NameOffset;
40 | ULONG NameLength;
41 | ULONG HashedLength;
42 | ULONG ValueOffset;
43 | ULONG ValueCount;
44 | } API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY;
45 |
46 | // private
47 | typedef struct _API_SET_VALUE_ENTRY
48 | {
49 | ULONG Flags;
50 | ULONG NameOffset;
51 | ULONG NameLength;
52 | ULONG ValueOffset;
53 | ULONG ValueLength;
54 | } API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY;
55 |
56 | // symbols
57 | typedef struct _PEB
58 | {
59 | BOOLEAN InheritedAddressSpace;
60 | BOOLEAN ReadImageFileExecOptions;
61 | BOOLEAN BeingDebugged;
62 | union
63 | {
64 | BOOLEAN BitField;
65 | struct
66 | {
67 | BOOLEAN ImageUsesLargePages : 1;
68 | BOOLEAN IsProtectedProcess : 1;
69 | BOOLEAN IsImageDynamicallyRelocated : 1;
70 | BOOLEAN SkipPatchingUser32Forwarders : 1;
71 | BOOLEAN IsPackagedProcess : 1;
72 | BOOLEAN IsAppContainer : 1;
73 | BOOLEAN IsProtectedProcessLight : 1;
74 | BOOLEAN IsLongPathAwareProcess : 1;
75 | };
76 | };
77 |
78 | HANDLE Mutant;
79 |
80 | PVOID ImageBaseAddress;
81 | PPEB_LDR_DATA Ldr;
82 | PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
83 | PVOID SubSystemData;
84 | PVOID ProcessHeap;
85 | PRTL_CRITICAL_SECTION FastPebLock;
86 | PVOID IFEOKey;
87 | PSLIST_HEADER AtlThunkSListPtr;
88 | union
89 | {
90 | ULONG CrossProcessFlags;
91 | struct
92 | {
93 | ULONG ProcessInJob : 1;
94 | ULONG ProcessInitializing : 1;
95 | ULONG ProcessUsingVEH : 1;
96 | ULONG ProcessUsingVCH : 1;
97 | ULONG ProcessUsingFTH : 1;
98 | ULONG ProcessPreviouslyThrottled : 1;
99 | ULONG ProcessCurrentlyThrottled : 1;
100 | ULONG ReservedBits0 : 25;
101 | };
102 | };
103 | union
104 | {
105 | PVOID KernelCallbackTable;
106 | PVOID UserSharedInfoPtr;
107 | };
108 | ULONG SystemReserved[1];
109 | ULONG AtlThunkSListPtr32;
110 | PAPI_SET_NAMESPACE ApiSetMap;
111 | ULONG TlsExpansionCounter;
112 | PVOID TlsBitmap;
113 | ULONG TlsBitmapBits[2];
114 |
115 | PVOID ReadOnlySharedMemoryBase;
116 | PVOID SharedData; // HotpatchInformation
117 | PVOID *ReadOnlyStaticServerData;
118 |
119 | PVOID AnsiCodePageData; // PCPTABLEINFO
120 | PVOID OemCodePageData; // PCPTABLEINFO
121 | PVOID UnicodeCaseTableData; // PNLSTABLEINFO
122 |
123 | ULONG NumberOfProcessors;
124 | ULONG NtGlobalFlag;
125 |
126 | ULARGE_INTEGER CriticalSectionTimeout;
127 | SIZE_T HeapSegmentReserve;
128 | SIZE_T HeapSegmentCommit;
129 | SIZE_T HeapDeCommitTotalFreeThreshold;
130 | SIZE_T HeapDeCommitFreeBlockThreshold;
131 |
132 | ULONG NumberOfHeaps;
133 | ULONG MaximumNumberOfHeaps;
134 | PVOID *ProcessHeaps; // PHEAP
135 |
136 | PVOID GdiSharedHandleTable;
137 | PVOID ProcessStarterHelper;
138 | ULONG GdiDCAttributeList;
139 |
140 | PRTL_CRITICAL_SECTION LoaderLock;
141 |
142 | ULONG OSMajorVersion;
143 | ULONG OSMinorVersion;
144 | USHORT OSBuildNumber;
145 | USHORT OSCSDVersion;
146 | ULONG OSPlatformId;
147 | ULONG ImageSubsystem;
148 | ULONG ImageSubsystemMajorVersion;
149 | ULONG ImageSubsystemMinorVersion;
150 | ULONG_PTR ActiveProcessAffinityMask;
151 | GDI_HANDLE_BUFFER GdiHandleBuffer;
152 | PVOID PostProcessInitRoutine;
153 |
154 | PVOID TlsExpansionBitmap;
155 | ULONG TlsExpansionBitmapBits[32];
156 |
157 | ULONG SessionId;
158 |
159 | ULARGE_INTEGER AppCompatFlags;
160 | ULARGE_INTEGER AppCompatFlagsUser;
161 | PVOID pShimData;
162 | PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA
163 |
164 | UNICODE_STRING CSDVersion;
165 |
166 | PVOID ActivationContextData; // ACTIVATION_CONTEXT_DATA
167 | PVOID ProcessAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
168 | PVOID SystemDefaultActivationContextData; // ACTIVATION_CONTEXT_DATA
169 | PVOID SystemAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
170 |
171 | SIZE_T MinimumStackCommit;
172 |
173 | PVOID *FlsCallback;
174 | LIST_ENTRY FlsListHead;
175 | PVOID FlsBitmap;
176 | ULONG FlsBitmapBits[FLS_MAXIMUM_AVAILABLE / (sizeof(ULONG) * 8)];
177 | ULONG FlsHighIndex;
178 |
179 | PVOID WerRegistrationData;
180 | PVOID WerShipAssertPtr;
181 | PVOID pUnused; // pContextData
182 | PVOID pImageHeaderHash;
183 | union
184 | {
185 | ULONG TracingFlags;
186 | struct
187 | {
188 | ULONG HeapTracingEnabled : 1;
189 | ULONG CritSecTracingEnabled : 1;
190 | ULONG LibLoaderTracingEnabled : 1;
191 | ULONG SpareTracingBits : 29;
192 | };
193 | };
194 | ULONGLONG CsrServerReadOnlySharedMemoryBase;
195 | PRTL_CRITICAL_SECTION TppWorkerpListLock;
196 | LIST_ENTRY TppWorkerpList;
197 | PVOID WaitOnAddressHashTable[128];
198 | PVOID TelemetryCoverageHeader; // REDSTONE3
199 | ULONG CloudFileFlags;
200 | ULONG CloudFileDiagFlags; // REDSTONE4
201 | CHAR PlaceholderCompatibilityMode;
202 | CHAR PlaceholderCompatibilityModeReserved[7];
203 | } PEB, *PPEB;
204 |
205 | #ifdef _WIN64
206 | C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0);
207 | //C_ASSERT(sizeof(PEB) == 0x7B0); // REDSTONE3
208 | C_ASSERT(sizeof(PEB) == 0x7B8); // REDSTONE4
209 | #else
210 | C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4);
211 | //C_ASSERT(sizeof(PEB) == 0x468); // REDSTONE3
212 | C_ASSERT(sizeof(PEB) == 0x470);
213 | #endif
214 |
215 |
216 |
217 | #ifndef _LDT_ENTRY_DEFINED
218 | #define _LDT_ENTRY_DEFINED
219 |
220 | typedef struct _LDT_ENTRY {
221 | WORD LimitLow;
222 | WORD BaseLow;
223 | union {
224 | struct {
225 | BYTE BaseMid;
226 | BYTE Flags1; // Declare as bytes to avoid alignment
227 | BYTE Flags2; // Problems.
228 | BYTE BaseHi;
229 | } Bytes;
230 | struct {
231 | DWORD BaseMid : 8;
232 | DWORD Type : 5;
233 | DWORD Dpl : 2;
234 | DWORD Pres : 1;
235 | DWORD LimitHi : 4;
236 | DWORD Sys : 1;
237 | DWORD Reserved_0 : 1;
238 | DWORD Default_Big : 1;
239 | DWORD Granularity : 1;
240 | DWORD BaseHi : 8;
241 | } Bits;
242 | } HighWord;
243 | } LDT_ENTRY, *PLDT_ENTRY;
244 |
245 | #endif
246 |
247 | typedef struct _DESCRIPTOR_TABLE_ENTRY {
248 | ULONG Selector;
249 | LDT_ENTRY Descriptor;
250 | } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
251 |
252 | #define GDI_BATCH_BUFFER_SIZE 310
253 |
254 | typedef struct _GDI_TEB_BATCH
255 | {
256 | ULONG Offset;
257 | ULONG_PTR HDC;
258 | ULONG Buffer[GDI_BATCH_BUFFER_SIZE];
259 | } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
260 |
261 | typedef struct _TEB_ACTIVE_FRAME_CONTEXT
262 | {
263 | ULONG Flags;
264 | PSTR FrameName;
265 | } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
266 |
267 | typedef struct _TEB_ACTIVE_FRAME
268 | {
269 | ULONG Flags;
270 | struct _TEB_ACTIVE_FRAME *Previous;
271 | PTEB_ACTIVE_FRAME_CONTEXT Context;
272 | } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
273 |
274 | typedef struct _TEB
275 | {
276 | NT_TIB NtTib;
277 |
278 | PVOID EnvironmentPointer;
279 | CLIENT_ID ClientId;
280 | PVOID ActiveRpcHandle;
281 | PVOID ThreadLocalStoragePointer;
282 | PPEB ProcessEnvironmentBlock;
283 |
284 | ULONG LastErrorValue;
285 | ULONG CountOfOwnedCriticalSections;
286 | PVOID CsrClientThread;
287 | PVOID Win32ThreadInfo;
288 | ULONG User32Reserved[26];
289 | ULONG UserReserved[5];
290 | PVOID WOW32Reserved;
291 | LCID CurrentLocale;
292 | ULONG FpSoftwareStatusRegister;
293 | PVOID ReservedForDebuggerInstrumentation[16];
294 | #ifdef _WIN64
295 | PVOID SystemReserved1[30];
296 | #else
297 | PVOID SystemReserved1[26];
298 | #endif
299 |
300 | CHAR PlaceholderCompatibilityMode;
301 | CHAR PlaceholderReserved[11];
302 | ULONG ProxiedProcessId;
303 | ACTIVATION_CONTEXT_STACK ActivationStack;
304 |
305 | UCHAR WorkingOnBehalfTicket[8];
306 | NTSTATUS ExceptionCode;
307 |
308 | PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
309 | ULONG_PTR InstrumentationCallbackSp;
310 | ULONG_PTR InstrumentationCallbackPreviousPc;
311 | ULONG_PTR InstrumentationCallbackPreviousSp;
312 | #ifdef _WIN64
313 | ULONG TxFsContext;
314 | #endif
315 |
316 | BOOLEAN InstrumentationCallbackDisabled;
317 | #ifndef _WIN64
318 | UCHAR SpareBytes[23];
319 | ULONG TxFsContext;
320 | #endif
321 | GDI_TEB_BATCH GdiTebBatch;
322 | CLIENT_ID RealClientId;
323 | HANDLE GdiCachedProcessHandle;
324 | ULONG GdiClientPID;
325 | ULONG GdiClientTID;
326 | PVOID GdiThreadLocalInfo;
327 | ULONG_PTR Win32ClientInfo[62];
328 | PVOID glDispatchTable[233];
329 | ULONG_PTR glReserved1[29];
330 | PVOID glReserved2;
331 | PVOID glSectionInfo;
332 | PVOID glSection;
333 | PVOID glTable;
334 | PVOID glCurrentRC;
335 | PVOID glContext;
336 |
337 | NTSTATUS LastStatusValue;
338 | UNICODE_STRING StaticUnicodeString;
339 | WCHAR StaticUnicodeBuffer[261];
340 |
341 | PVOID DeallocationStack;
342 | PVOID TlsSlots[64];
343 | LIST_ENTRY TlsLinks;
344 |
345 | PVOID Vdm;
346 | PVOID ReservedForNtRpc;
347 | PVOID DbgSsReserved[2];
348 |
349 | ULONG HardErrorMode;
350 | #ifdef _WIN64
351 | PVOID Instrumentation[11];
352 | #else
353 | PVOID Instrumentation[9];
354 | #endif
355 | GUID ActivityId;
356 |
357 | PVOID SubProcessTag;
358 | PVOID PerflibData;
359 | PVOID EtwTraceData;
360 | PVOID WinSockData;
361 | ULONG GdiBatchCount;
362 |
363 | union
364 | {
365 | PROCESSOR_NUMBER CurrentIdealProcessor;
366 | ULONG IdealProcessorValue;
367 | struct
368 | {
369 | UCHAR ReservedPad0;
370 | UCHAR ReservedPad1;
371 | UCHAR ReservedPad2;
372 | UCHAR IdealProcessor;
373 | };
374 | };
375 |
376 | ULONG GuaranteedStackBytes;
377 | PVOID ReservedForPerf;
378 | PVOID ReservedForOle;
379 | ULONG WaitingOnLoaderLock;
380 | PVOID SavedPriorityState;
381 | ULONG_PTR ReservedForCodeCoverage;
382 | PVOID ThreadPoolData;
383 | PVOID *TlsExpansionSlots;
384 | #ifdef _WIN64
385 | PVOID DeallocationBStore;
386 | PVOID BStoreLimit;
387 | #endif
388 | ULONG MuiGeneration;
389 | ULONG IsImpersonating;
390 | PVOID NlsCache;
391 | PVOID pShimData;
392 | USHORT HeapVirtualAffinity;
393 | USHORT LowFragHeapDataSlot;
394 | HANDLE CurrentTransactionHandle;
395 | PTEB_ACTIVE_FRAME ActiveFrame;
396 | PVOID FlsData;
397 |
398 | PVOID PreferredLanguages;
399 | PVOID UserPrefLanguages;
400 | PVOID MergedPrefLanguages;
401 | ULONG MuiImpersonation;
402 |
403 | union
404 | {
405 | USHORT CrossTebFlags;
406 | USHORT SpareCrossTebBits : 16;
407 | };
408 | union
409 | {
410 | USHORT SameTebFlags;
411 | struct
412 | {
413 | USHORT SafeThunkCall : 1;
414 | USHORT InDebugPrint : 1;
415 | USHORT HasFiberData : 1;
416 | USHORT SkipThreadAttach : 1;
417 | USHORT WerInShipAssertCode : 1;
418 | USHORT RanProcessInit : 1;
419 | USHORT ClonedThread : 1;
420 | USHORT SuppressDebugMsg : 1;
421 | USHORT DisableUserStackWalk : 1;
422 | USHORT RtlExceptionAttached : 1;
423 | USHORT InitialThread : 1;
424 | USHORT SessionAware : 1;
425 | USHORT LoadOwner : 1;
426 | USHORT LoaderWorker : 1;
427 | USHORT SkipLoaderInit : 1;
428 | USHORT SpareSameTebBits : 1;
429 | };
430 | };
431 |
432 | PVOID TxnScopeEnterCallback;
433 | PVOID TxnScopeExitCallback;
434 | PVOID TxnScopeContext;
435 | ULONG LockCount;
436 | LONG WowTebOffset;
437 | PVOID ResourceRetValue;
438 | PVOID ReservedForWdf;
439 | ULONGLONG ReservedForCrt;
440 | GUID EffectiveContainerId;
441 | } TEB, *PTEB;
442 |
443 |
--------------------------------------------------------------------------------
/KrkrzInternal/ntpebteb.h:
--------------------------------------------------------------------------------
1 | #pragma once
2 |
3 | typedef struct _RTL_USER_PROCESS_PARAMETERS *PRTL_USER_PROCESS_PARAMETERS;
4 | typedef struct _RTL_CRITICAL_SECTION *PRTL_CRITICAL_SECTION;
5 |
6 | // private
7 | typedef struct _ACTIVATION_CONTEXT_STACK
8 | {
9 | struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME* ActiveFrame;
10 | LIST_ENTRY FrameListCache;
11 | ULONG Flags;
12 | ULONG NextCookieSequenceNumber;
13 | ULONG StackId;
14 | } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK;
15 |
16 | // private
17 | typedef struct _API_SET_NAMESPACE
18 | {
19 | ULONG Version;
20 | ULONG Size;
21 | ULONG Flags;
22 | ULONG Count;
23 | ULONG EntryOffset;
24 | ULONG HashOffset;
25 | ULONG HashFactor;
26 | } API_SET_NAMESPACE, *PAPI_SET_NAMESPACE;
27 |
28 | // private
29 | typedef struct _API_SET_HASH_ENTRY
30 | {
31 | ULONG Hash;
32 | ULONG Index;
33 | } API_SET_HASH_ENTRY, *PAPI_SET_HASH_ENTRY;
34 |
35 | // private
36 | typedef struct _API_SET_NAMESPACE_ENTRY
37 | {
38 | ULONG Flags;
39 | ULONG NameOffset;
40 | ULONG NameLength;
41 | ULONG HashedLength;
42 | ULONG ValueOffset;
43 | ULONG ValueCount;
44 | } API_SET_NAMESPACE_ENTRY, *PAPI_SET_NAMESPACE_ENTRY;
45 |
46 | // private
47 | typedef struct _API_SET_VALUE_ENTRY
48 | {
49 | ULONG Flags;
50 | ULONG NameOffset;
51 | ULONG NameLength;
52 | ULONG ValueOffset;
53 | ULONG ValueLength;
54 | } API_SET_VALUE_ENTRY, *PAPI_SET_VALUE_ENTRY;
55 |
56 | // symbols
57 | typedef struct _PEB
58 | {
59 | BOOLEAN InheritedAddressSpace;
60 | BOOLEAN ReadImageFileExecOptions;
61 | BOOLEAN BeingDebugged;
62 | union
63 | {
64 | BOOLEAN BitField;
65 | struct
66 | {
67 | BOOLEAN ImageUsesLargePages : 1;
68 | BOOLEAN IsProtectedProcess : 1;
69 | BOOLEAN IsImageDynamicallyRelocated : 1;
70 | BOOLEAN SkipPatchingUser32Forwarders : 1;
71 | BOOLEAN IsPackagedProcess : 1;
72 | BOOLEAN IsAppContainer : 1;
73 | BOOLEAN IsProtectedProcessLight : 1;
74 | BOOLEAN IsLongPathAwareProcess : 1;
75 | };
76 | };
77 |
78 | HANDLE Mutant;
79 |
80 | PVOID ImageBaseAddress;
81 | PPEB_LDR_DATA Ldr;
82 | PRTL_USER_PROCESS_PARAMETERS ProcessParameters;
83 | PVOID SubSystemData;
84 | PVOID ProcessHeap;
85 | PRTL_CRITICAL_SECTION FastPebLock;
86 | PVOID IFEOKey;
87 | PSLIST_HEADER AtlThunkSListPtr;
88 | union
89 | {
90 | ULONG CrossProcessFlags;
91 | struct
92 | {
93 | ULONG ProcessInJob : 1;
94 | ULONG ProcessInitializing : 1;
95 | ULONG ProcessUsingVEH : 1;
96 | ULONG ProcessUsingVCH : 1;
97 | ULONG ProcessUsingFTH : 1;
98 | ULONG ProcessPreviouslyThrottled : 1;
99 | ULONG ProcessCurrentlyThrottled : 1;
100 | ULONG ReservedBits0 : 25;
101 | };
102 | };
103 | union
104 | {
105 | PVOID KernelCallbackTable;
106 | PVOID UserSharedInfoPtr;
107 | };
108 | ULONG SystemReserved[1];
109 | ULONG AtlThunkSListPtr32;
110 | PAPI_SET_NAMESPACE ApiSetMap;
111 | ULONG TlsExpansionCounter;
112 | PVOID TlsBitmap;
113 | ULONG TlsBitmapBits[2];
114 |
115 | PVOID ReadOnlySharedMemoryBase;
116 | PVOID SharedData; // HotpatchInformation
117 | PVOID *ReadOnlyStaticServerData;
118 |
119 | PVOID AnsiCodePageData; // PCPTABLEINFO
120 | PVOID OemCodePageData; // PCPTABLEINFO
121 | PVOID UnicodeCaseTableData; // PNLSTABLEINFO
122 |
123 | ULONG NumberOfProcessors;
124 | ULONG NtGlobalFlag;
125 |
126 | ULARGE_INTEGER CriticalSectionTimeout;
127 | SIZE_T HeapSegmentReserve;
128 | SIZE_T HeapSegmentCommit;
129 | SIZE_T HeapDeCommitTotalFreeThreshold;
130 | SIZE_T HeapDeCommitFreeBlockThreshold;
131 |
132 | ULONG NumberOfHeaps;
133 | ULONG MaximumNumberOfHeaps;
134 | PVOID *ProcessHeaps; // PHEAP
135 |
136 | PVOID GdiSharedHandleTable;
137 | PVOID ProcessStarterHelper;
138 | ULONG GdiDCAttributeList;
139 |
140 | PRTL_CRITICAL_SECTION LoaderLock;
141 |
142 | ULONG OSMajorVersion;
143 | ULONG OSMinorVersion;
144 | USHORT OSBuildNumber;
145 | USHORT OSCSDVersion;
146 | ULONG OSPlatformId;
147 | ULONG ImageSubsystem;
148 | ULONG ImageSubsystemMajorVersion;
149 | ULONG ImageSubsystemMinorVersion;
150 | ULONG_PTR ActiveProcessAffinityMask;
151 | GDI_HANDLE_BUFFER GdiHandleBuffer;
152 | PVOID PostProcessInitRoutine;
153 |
154 | PVOID TlsExpansionBitmap;
155 | ULONG TlsExpansionBitmapBits[32];
156 |
157 | ULONG SessionId;
158 |
159 | ULARGE_INTEGER AppCompatFlags;
160 | ULARGE_INTEGER AppCompatFlagsUser;
161 | PVOID pShimData;
162 | PVOID AppCompatInfo; // APPCOMPAT_EXE_DATA
163 |
164 | UNICODE_STRING CSDVersion;
165 |
166 | PVOID ActivationContextData; // ACTIVATION_CONTEXT_DATA
167 | PVOID ProcessAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
168 | PVOID SystemDefaultActivationContextData; // ACTIVATION_CONTEXT_DATA
169 | PVOID SystemAssemblyStorageMap; // ASSEMBLY_STORAGE_MAP
170 |
171 | SIZE_T MinimumStackCommit;
172 |
173 | PVOID *FlsCallback;
174 | LIST_ENTRY FlsListHead;
175 | PVOID FlsBitmap;
176 | ULONG FlsBitmapBits[FLS_MAXIMUM_AVAILABLE / (sizeof(ULONG) * 8)];
177 | ULONG FlsHighIndex;
178 |
179 | PVOID WerRegistrationData;
180 | PVOID WerShipAssertPtr;
181 | PVOID pUnused; // pContextData
182 | PVOID pImageHeaderHash;
183 | union
184 | {
185 | ULONG TracingFlags;
186 | struct
187 | {
188 | ULONG HeapTracingEnabled : 1;
189 | ULONG CritSecTracingEnabled : 1;
190 | ULONG LibLoaderTracingEnabled : 1;
191 | ULONG SpareTracingBits : 29;
192 | };
193 | };
194 | ULONGLONG CsrServerReadOnlySharedMemoryBase;
195 | PRTL_CRITICAL_SECTION TppWorkerpListLock;
196 | LIST_ENTRY TppWorkerpList;
197 | PVOID WaitOnAddressHashTable[128];
198 | PVOID TelemetryCoverageHeader; // REDSTONE3
199 | ULONG CloudFileFlags;
200 | ULONG CloudFileDiagFlags; // REDSTONE4
201 | CHAR PlaceholderCompatibilityMode;
202 | CHAR PlaceholderCompatibilityModeReserved[7];
203 | } PEB, *PPEB;
204 |
205 | #ifdef _WIN64
206 | C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x2C0);
207 | //C_ASSERT(sizeof(PEB) == 0x7B0); // REDSTONE3
208 | C_ASSERT(sizeof(PEB) == 0x7B8); // REDSTONE4
209 | #else
210 | C_ASSERT(FIELD_OFFSET(PEB, SessionId) == 0x1D4);
211 | //C_ASSERT(sizeof(PEB) == 0x468); // REDSTONE3
212 | C_ASSERT(sizeof(PEB) == 0x470);
213 | #endif
214 |
215 |
216 |
217 | #ifndef _LDT_ENTRY_DEFINED
218 | #define _LDT_ENTRY_DEFINED
219 |
220 | typedef struct _LDT_ENTRY {
221 | WORD LimitLow;
222 | WORD BaseLow;
223 | union {
224 | struct {
225 | BYTE BaseMid;
226 | BYTE Flags1; // Declare as bytes to avoid alignment
227 | BYTE Flags2; // Problems.
228 | BYTE BaseHi;
229 | } Bytes;
230 | struct {
231 | DWORD BaseMid : 8;
232 | DWORD Type : 5;
233 | DWORD Dpl : 2;
234 | DWORD Pres : 1;
235 | DWORD LimitHi : 4;
236 | DWORD Sys : 1;
237 | DWORD Reserved_0 : 1;
238 | DWORD Default_Big : 1;
239 | DWORD Granularity : 1;
240 | DWORD BaseHi : 8;
241 | } Bits;
242 | } HighWord;
243 | } LDT_ENTRY, *PLDT_ENTRY;
244 |
245 | #endif
246 |
247 | typedef struct _DESCRIPTOR_TABLE_ENTRY {
248 | ULONG Selector;
249 | LDT_ENTRY Descriptor;
250 | } DESCRIPTOR_TABLE_ENTRY, *PDESCRIPTOR_TABLE_ENTRY;
251 |
252 | #define GDI_BATCH_BUFFER_SIZE 310
253 |
254 | typedef struct _GDI_TEB_BATCH
255 | {
256 | ULONG Offset;
257 | ULONG_PTR HDC;
258 | ULONG Buffer[GDI_BATCH_BUFFER_SIZE];
259 | } GDI_TEB_BATCH, *PGDI_TEB_BATCH;
260 |
261 | typedef struct _TEB_ACTIVE_FRAME_CONTEXT
262 | {
263 | ULONG Flags;
264 | PSTR FrameName;
265 | } TEB_ACTIVE_FRAME_CONTEXT, *PTEB_ACTIVE_FRAME_CONTEXT;
266 |
267 | typedef struct _TEB_ACTIVE_FRAME
268 | {
269 | ULONG Flags;
270 | struct _TEB_ACTIVE_FRAME *Previous;
271 | PTEB_ACTIVE_FRAME_CONTEXT Context;
272 | } TEB_ACTIVE_FRAME, *PTEB_ACTIVE_FRAME;
273 |
274 | typedef struct _TEB
275 | {
276 | NT_TIB NtTib;
277 |
278 | PVOID EnvironmentPointer;
279 | CLIENT_ID ClientId;
280 | PVOID ActiveRpcHandle;
281 | PVOID ThreadLocalStoragePointer;
282 | PPEB ProcessEnvironmentBlock;
283 |
284 | ULONG LastErrorValue;
285 | ULONG CountOfOwnedCriticalSections;
286 | PVOID CsrClientThread;
287 | PVOID Win32ThreadInfo;
288 | ULONG User32Reserved[26];
289 | ULONG UserReserved[5];
290 | PVOID WOW32Reserved;
291 | LCID CurrentLocale;
292 | ULONG FpSoftwareStatusRegister;
293 | PVOID ReservedForDebuggerInstrumentation[16];
294 | #ifdef _WIN64
295 | PVOID SystemReserved1[30];
296 | #else
297 | PVOID SystemReserved1[26];
298 | #endif
299 |
300 | CHAR PlaceholderCompatibilityMode;
301 | CHAR PlaceholderReserved[11];
302 | ULONG ProxiedProcessId;
303 | ACTIVATION_CONTEXT_STACK ActivationStack;
304 |
305 | UCHAR WorkingOnBehalfTicket[8];
306 | NTSTATUS ExceptionCode;
307 |
308 | PACTIVATION_CONTEXT_STACK ActivationContextStackPointer;
309 | ULONG_PTR InstrumentationCallbackSp;
310 | ULONG_PTR InstrumentationCallbackPreviousPc;
311 | ULONG_PTR InstrumentationCallbackPreviousSp;
312 | #ifdef _WIN64
313 | ULONG TxFsContext;
314 | #endif
315 |
316 | BOOLEAN InstrumentationCallbackDisabled;
317 | #ifndef _WIN64
318 | UCHAR SpareBytes[23];
319 | ULONG TxFsContext;
320 | #endif
321 | GDI_TEB_BATCH GdiTebBatch;
322 | CLIENT_ID RealClientId;
323 | HANDLE GdiCachedProcessHandle;
324 | ULONG GdiClientPID;
325 | ULONG GdiClientTID;
326 | PVOID GdiThreadLocalInfo;
327 | ULONG_PTR Win32ClientInfo[62];
328 | PVOID glDispatchTable[233];
329 | ULONG_PTR glReserved1[29];
330 | PVOID glReserved2;
331 | PVOID glSectionInfo;
332 | PVOID glSection;
333 | PVOID glTable;
334 | PVOID glCurrentRC;
335 | PVOID glContext;
336 |
337 | NTSTATUS LastStatusValue;
338 | UNICODE_STRING StaticUnicodeString;
339 | WCHAR StaticUnicodeBuffer[261];
340 |
341 | PVOID DeallocationStack;
342 | PVOID TlsSlots[64];
343 | LIST_ENTRY TlsLinks;
344 |
345 | PVOID Vdm;
346 | PVOID ReservedForNtRpc;
347 | PVOID DbgSsReserved[2];
348 |
349 | ULONG HardErrorMode;
350 | #ifdef _WIN64
351 | PVOID Instrumentation[11];
352 | #else
353 | PVOID Instrumentation[9];
354 | #endif
355 | GUID ActivityId;
356 |
357 | PVOID SubProcessTag;
358 | PVOID PerflibData;
359 | PVOID EtwTraceData;
360 | PVOID WinSockData;
361 | ULONG GdiBatchCount;
362 |
363 | union
364 | {
365 | PROCESSOR_NUMBER CurrentIdealProcessor;
366 | ULONG IdealProcessorValue;
367 | struct
368 | {
369 | UCHAR ReservedPad0;
370 | UCHAR ReservedPad1;
371 | UCHAR ReservedPad2;
372 | UCHAR IdealProcessor;
373 | };
374 | };
375 |
376 | ULONG GuaranteedStackBytes;
377 | PVOID ReservedForPerf;
378 | PVOID ReservedForOle;
379 | ULONG WaitingOnLoaderLock;
380 | PVOID SavedPriorityState;
381 | ULONG_PTR ReservedForCodeCoverage;
382 | PVOID ThreadPoolData;
383 | PVOID *TlsExpansionSlots;
384 | #ifdef _WIN64
385 | PVOID DeallocationBStore;
386 | PVOID BStoreLimit;
387 | #endif
388 | ULONG MuiGeneration;
389 | ULONG IsImpersonating;
390 | PVOID NlsCache;
391 | PVOID pShimData;
392 | USHORT HeapVirtualAffinity;
393 | USHORT LowFragHeapDataSlot;
394 | HANDLE CurrentTransactionHandle;
395 | PTEB_ACTIVE_FRAME ActiveFrame;
396 | PVOID FlsData;
397 |
398 | PVOID PreferredLanguages;
399 | PVOID UserPrefLanguages;
400 | PVOID MergedPrefLanguages;
401 | ULONG MuiImpersonation;
402 |
403 | union
404 | {
405 | USHORT CrossTebFlags;
406 | USHORT SpareCrossTebBits : 16;
407 | };
408 | union
409 | {
410 | USHORT SameTebFlags;
411 | struct
412 | {
413 | USHORT SafeThunkCall : 1;
414 | USHORT InDebugPrint : 1;
415 | USHORT HasFiberData : 1;
416 | USHORT SkipThreadAttach : 1;
417 | USHORT WerInShipAssertCode : 1;
418 | USHORT RanProcessInit : 1;
419 | USHORT ClonedThread : 1;
420 | USHORT SuppressDebugMsg : 1;
421 | USHORT DisableUserStackWalk : 1;
422 | USHORT RtlExceptionAttached : 1;
423 | USHORT InitialThread : 1;
424 | USHORT SessionAware : 1;
425 | USHORT LoadOwner : 1;
426 | USHORT LoaderWorker : 1;
427 | USHORT SkipLoaderInit : 1;
428 | USHORT SpareSameTebBits : 1;
429 | };
430 | };
431 |
432 | PVOID TxnScopeEnterCallback;
433 | PVOID TxnScopeExitCallback;
434 | PVOID TxnScopeContext;
435 | ULONG LockCount;
436 | LONG WowTebOffset;
437 | PVOID ResourceRetValue;
438 | PVOID ReservedForWdf;
439 | ULONGLONG ReservedForCrt;
440 | GUID EffectiveContainerId;
441 | } TEB, *PTEB;
442 |
443 |
--------------------------------------------------------------------------------