Home | History | Annotate | Download | only in src
      1 // Copyright 2013 The Chromium Authors. All rights reserved.
      2 // Use of this source code is governed by a BSD-style license that can be
      3 // found in the LICENSE file.
      4 
      5 // This file holds definitions related to the ntdll API.
      6 
      7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__
      8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__
      9 
     10 #include <windows.h>
     11 
     12 typedef LONG NTSTATUS;
     13 #define NT_SUCCESS(st) (st >= 0)
     14 
     15 #define STATUS_SUCCESS                ((NTSTATUS)0x00000000L)
     16 #define STATUS_BUFFER_OVERFLOW        ((NTSTATUS)0x80000005L)
     17 #define STATUS_UNSUCCESSFUL           ((NTSTATUS)0xC0000001L)
     18 #define STATUS_NOT_IMPLEMENTED        ((NTSTATUS)0xC0000002L)
     19 #define STATUS_INFO_LENGTH_MISMATCH   ((NTSTATUS)0xC0000004L)
     20 #ifndef STATUS_INVALID_PARAMETER
     21 // It is now defined in Windows 2008 SDK.
     22 #define STATUS_INVALID_PARAMETER      ((NTSTATUS)0xC000000DL)
     23 #endif
     24 #define STATUS_CONFLICTING_ADDRESSES  ((NTSTATUS)0xC0000018L)
     25 #define STATUS_ACCESS_DENIED          ((NTSTATUS)0xC0000022L)
     26 #define STATUS_BUFFER_TOO_SMALL       ((NTSTATUS)0xC0000023L)
     27 #define STATUS_OBJECT_NAME_NOT_FOUND  ((NTSTATUS)0xC0000034L)
     28 #define STATUS_PROCEDURE_NOT_FOUND    ((NTSTATUS)0xC000007AL)
     29 #define STATUS_INVALID_IMAGE_FORMAT   ((NTSTATUS)0xC000007BL)
     30 #define STATUS_NO_TOKEN               ((NTSTATUS)0xC000007CL)
     31 
     32 #define CURRENT_PROCESS ((HANDLE) -1)
     33 #define CURRENT_THREAD  ((HANDLE) -2)
     34 #define NtCurrentProcess CURRENT_PROCESS
     35 
     36 typedef struct _UNICODE_STRING {
     37   USHORT Length;
     38   USHORT MaximumLength;
     39   PWSTR  Buffer;
     40 } UNICODE_STRING;
     41 typedef UNICODE_STRING *PUNICODE_STRING;
     42 typedef const UNICODE_STRING *PCUNICODE_STRING;
     43 
     44 typedef struct _STRING {
     45   USHORT Length;
     46   USHORT MaximumLength;
     47   PCHAR Buffer;
     48 } STRING;
     49 typedef STRING *PSTRING;
     50 
     51 typedef STRING ANSI_STRING;
     52 typedef PSTRING PANSI_STRING;
     53 typedef CONST PSTRING PCANSI_STRING;
     54 
     55 typedef STRING OEM_STRING;
     56 typedef PSTRING POEM_STRING;
     57 typedef CONST STRING* PCOEM_STRING;
     58 
     59 #define OBJ_CASE_INSENSITIVE 0x00000040L
     60 
     61 typedef struct _OBJECT_ATTRIBUTES {
     62   ULONG Length;
     63   HANDLE RootDirectory;
     64   PUNICODE_STRING ObjectName;
     65   ULONG Attributes;
     66   PVOID SecurityDescriptor;
     67   PVOID SecurityQualityOfService;
     68 } OBJECT_ATTRIBUTES;
     69 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES;
     70 
     71 #define InitializeObjectAttributes(p, n, a, r, s) { \
     72   (p)->Length = sizeof(OBJECT_ATTRIBUTES);\
     73   (p)->RootDirectory = r;\
     74   (p)->Attributes = a;\
     75   (p)->ObjectName = n;\
     76   (p)->SecurityDescriptor = s;\
     77   (p)->SecurityQualityOfService = NULL;\
     78 }
     79 
     80 typedef struct _IO_STATUS_BLOCK {
     81   union {
     82     NTSTATUS Status;
     83     PVOID Pointer;
     84   };
     85   ULONG_PTR Information;
     86 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK;
     87 
     88 // -----------------------------------------------------------------------
     89 // File IO
     90 
     91 // Create disposition values.
     92 
     93 #define FILE_SUPERSEDE                          0x00000000
     94 #define FILE_OPEN                               0x00000001
     95 #define FILE_CREATE                             0x00000002
     96 #define FILE_OPEN_IF                            0x00000003
     97 #define FILE_OVERWRITE                          0x00000004
     98 #define FILE_OVERWRITE_IF                       0x00000005
     99 #define FILE_MAXIMUM_DISPOSITION                0x00000005
    100 
    101 // Create/open option flags.
    102 
    103 #define FILE_DIRECTORY_FILE                     0x00000001
    104 #define FILE_WRITE_THROUGH                      0x00000002
    105 #define FILE_SEQUENTIAL_ONLY                    0x00000004
    106 #define FILE_NO_INTERMEDIATE_BUFFERING          0x00000008
    107 
    108 #define FILE_SYNCHRONOUS_IO_ALERT               0x00000010
    109 #define FILE_SYNCHRONOUS_IO_NONALERT            0x00000020
    110 #define FILE_NON_DIRECTORY_FILE                 0x00000040
    111 #define FILE_CREATE_TREE_CONNECTION             0x00000080
    112 
    113 #define FILE_COMPLETE_IF_OPLOCKED               0x00000100
    114 #define FILE_NO_EA_KNOWLEDGE                    0x00000200
    115 #define FILE_OPEN_REMOTE_INSTANCE               0x00000400
    116 #define FILE_RANDOM_ACCESS                      0x00000800
    117 
    118 #define FILE_DELETE_ON_CLOSE                    0x00001000
    119 #define FILE_OPEN_BY_FILE_ID                    0x00002000
    120 #define FILE_OPEN_FOR_BACKUP_INTENT             0x00004000
    121 #define FILE_NO_COMPRESSION                     0x00008000
    122 
    123 #define FILE_RESERVE_OPFILTER                   0x00100000
    124 #define FILE_OPEN_REPARSE_POINT                 0x00200000
    125 #define FILE_OPEN_NO_RECALL                     0x00400000
    126 #define FILE_OPEN_FOR_FREE_SPACE_QUERY          0x00800000
    127 
    128 typedef NTSTATUS (WINAPI *NtCreateFileFunction)(
    129   OUT PHANDLE FileHandle,
    130   IN ACCESS_MASK DesiredAccess,
    131   IN POBJECT_ATTRIBUTES ObjectAttributes,
    132   OUT PIO_STATUS_BLOCK IoStatusBlock,
    133   IN PLARGE_INTEGER AllocationSize OPTIONAL,
    134   IN ULONG FileAttributes,
    135   IN ULONG ShareAccess,
    136   IN ULONG CreateDisposition,
    137   IN ULONG CreateOptions,
    138   IN PVOID EaBuffer OPTIONAL,
    139   IN ULONG EaLength);
    140 
    141 typedef NTSTATUS (WINAPI *NtOpenFileFunction)(
    142   OUT PHANDLE FileHandle,
    143   IN ACCESS_MASK DesiredAccess,
    144   IN POBJECT_ATTRIBUTES ObjectAttributes,
    145   OUT PIO_STATUS_BLOCK IoStatusBlock,
    146   IN ULONG ShareAccess,
    147   IN ULONG OpenOptions);
    148 
    149 typedef NTSTATUS (WINAPI *NtCloseFunction)(
    150   IN HANDLE Handle);
    151 
    152 typedef enum _FILE_INFORMATION_CLASS {
    153   FileRenameInformation = 10
    154 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS;
    155 
    156 typedef struct _FILE_RENAME_INFORMATION {
    157   BOOLEAN ReplaceIfExists;
    158   HANDLE RootDirectory;
    159   ULONG FileNameLength;
    160   WCHAR FileName[1];
    161 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION;
    162 
    163 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)(
    164   IN HANDLE FileHandle,
    165   OUT PIO_STATUS_BLOCK IoStatusBlock,
    166   IN PVOID FileInformation,
    167   IN ULONG Length,
    168   IN FILE_INFORMATION_CLASS FileInformationClass);
    169 
    170 typedef struct FILE_BASIC_INFORMATION {
    171   LARGE_INTEGER CreationTime;
    172   LARGE_INTEGER LastAccessTime;
    173   LARGE_INTEGER LastWriteTime;
    174   LARGE_INTEGER ChangeTime;
    175   ULONG FileAttributes;
    176 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION;
    177 
    178 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)(
    179   IN POBJECT_ATTRIBUTES ObjectAttributes,
    180   OUT PFILE_BASIC_INFORMATION FileAttributes);
    181 
    182 typedef struct _FILE_NETWORK_OPEN_INFORMATION {
    183   LARGE_INTEGER CreationTime;
    184   LARGE_INTEGER LastAccessTime;
    185   LARGE_INTEGER LastWriteTime;
    186   LARGE_INTEGER ChangeTime;
    187   LARGE_INTEGER AllocationSize;
    188   LARGE_INTEGER EndOfFile;
    189   ULONG FileAttributes;
    190 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION;
    191 
    192 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)(
    193   IN POBJECT_ATTRIBUTES ObjectAttributes,
    194   OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes);
    195 
    196 // -----------------------------------------------------------------------
    197 // Sections
    198 
    199 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)(
    200   OUT PHANDLE SectionHandle,
    201   IN ACCESS_MASK DesiredAccess,
    202   IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL,
    203   IN PLARGE_INTEGER MaximumSize OPTIONAL,
    204   IN ULONG SectionPageProtection,
    205   IN ULONG AllocationAttributes,
    206   IN HANDLE FileHandle OPTIONAL);
    207 
    208 typedef ULONG SECTION_INHERIT;
    209 #define ViewShare 1
    210 #define ViewUnmap 2
    211 
    212 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)(
    213   IN HANDLE SectionHandle,
    214   IN HANDLE ProcessHandle,
    215   IN OUT PVOID *BaseAddress,
    216   IN ULONG_PTR ZeroBits,
    217   IN SIZE_T CommitSize,
    218   IN OUT PLARGE_INTEGER SectionOffset OPTIONAL,
    219   IN OUT PSIZE_T ViewSize,
    220   IN SECTION_INHERIT InheritDisposition,
    221   IN ULONG AllocationType,
    222   IN ULONG Win32Protect);
    223 
    224 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)(
    225   IN HANDLE ProcessHandle,
    226   IN PVOID BaseAddress);
    227 
    228 typedef enum _SECTION_INFORMATION_CLASS {
    229   SectionBasicInformation = 0,
    230   SectionImageInformation
    231 } SECTION_INFORMATION_CLASS;
    232 
    233 typedef struct _SECTION_BASIC_INFORMATION {
    234   PVOID BaseAddress;
    235   ULONG Attributes;
    236   LARGE_INTEGER Size;
    237 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION;
    238 
    239 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)(
    240   IN HANDLE SectionHandle,
    241   IN SECTION_INFORMATION_CLASS SectionInformationClass,
    242   OUT PVOID SectionInformation,
    243   IN SIZE_T SectionInformationLength,
    244   OUT PSIZE_T ReturnLength OPTIONAL);
    245 
    246 // -----------------------------------------------------------------------
    247 // Process and Thread
    248 
    249 typedef struct _CLIENT_ID {
    250   PVOID UniqueProcess;
    251   PVOID UniqueThread;
    252 } CLIENT_ID, *PCLIENT_ID;
    253 
    254 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) (
    255   OUT PHANDLE ThreadHandle,
    256   IN ACCESS_MASK DesiredAccess,
    257   IN POBJECT_ATTRIBUTES ObjectAttributes,
    258   IN PCLIENT_ID ClientId);
    259 
    260 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) (
    261   OUT PHANDLE ProcessHandle,
    262   IN ACCESS_MASK DesiredAccess,
    263   IN POBJECT_ATTRIBUTES ObjectAttributes,
    264   IN PCLIENT_ID ClientId);
    265 
    266 typedef enum _NT_THREAD_INFORMATION_CLASS {
    267   ThreadBasicInformation,
    268   ThreadTimes,
    269   ThreadPriority,
    270   ThreadBasePriority,
    271   ThreadAffinityMask,
    272   ThreadImpersonationToken,
    273   ThreadDescriptorTableEntry,
    274   ThreadEnableAlignmentFaultFixup,
    275   ThreadEventPair,
    276   ThreadQuerySetWin32StartAddress,
    277   ThreadZeroTlsCell,
    278   ThreadPerformanceCount,
    279   ThreadAmILastThread,
    280   ThreadIdealProcessor,
    281   ThreadPriorityBoost,
    282   ThreadSetTlsArrayAddress,
    283   ThreadIsIoPending,
    284   ThreadHideFromDebugger
    285 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS;
    286 
    287 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) (
    288   IN HANDLE ThreadHandle,
    289   IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass,
    290   IN PVOID ThreadInformation,
    291   IN ULONG ThreadInformationLength);
    292 
    293 // Partial definition only:
    294 typedef enum _PROCESSINFOCLASS {
    295   ProcessBasicInformation = 0,
    296   ProcessExecuteFlags = 0x22
    297 } PROCESSINFOCLASS;
    298 
    299 typedef PVOID PPEB;
    300 typedef PVOID KPRIORITY;
    301 
    302 typedef struct _PROCESS_BASIC_INFORMATION {
    303   NTSTATUS ExitStatus;
    304   PPEB PebBaseAddress;
    305   KAFFINITY AffinityMask;
    306   KPRIORITY BasePriority;
    307   ULONG UniqueProcessId;
    308   ULONG InheritedFromUniqueProcessId;
    309 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION;
    310 
    311 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)(
    312   IN HANDLE ProcessHandle,
    313   IN PROCESSINFOCLASS ProcessInformationClass,
    314   OUT PVOID ProcessInformation,
    315   IN ULONG ProcessInformationLength,
    316   OUT PULONG ReturnLength OPTIONAL);
    317 
    318 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)(
    319   HANDLE ProcessHandle,
    320   IN PROCESSINFOCLASS ProcessInformationClass,
    321   IN PVOID ProcessInformation,
    322   IN ULONG ProcessInformationLength);
    323 
    324 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) (
    325   IN HANDLE ThreadHandle,
    326   IN ACCESS_MASK DesiredAccess,
    327   IN BOOLEAN OpenAsSelf,
    328   OUT PHANDLE TokenHandle);
    329 
    330 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) (
    331   IN HANDLE ThreadHandle,
    332   IN ACCESS_MASK DesiredAccess,
    333   IN BOOLEAN OpenAsSelf,
    334   IN ULONG HandleAttributes,
    335   OUT PHANDLE TokenHandle);
    336 
    337 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) (
    338   IN HANDLE ProcessHandle,
    339   IN ACCESS_MASK DesiredAccess,
    340   OUT PHANDLE TokenHandle);
    341 
    342 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) (
    343   IN HANDLE ProcessHandle,
    344   IN ACCESS_MASK DesiredAccess,
    345   IN ULONG HandleAttributes,
    346   OUT PHANDLE TokenHandle);
    347 
    348 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)(
    349   IN HANDLE Process,
    350   IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor,
    351   IN BOOLEAN CreateSuspended,
    352   IN ULONG ZeroBits,
    353   IN SIZE_T MaximumStackSize,
    354   IN SIZE_T CommittedStackSize,
    355   IN LPTHREAD_START_ROUTINE StartAddress,
    356   IN PVOID Parameter,
    357   OUT PHANDLE Thread,
    358   OUT PCLIENT_ID ClientId);
    359 
    360 // -----------------------------------------------------------------------
    361 // Registry
    362 
    363 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)(
    364   OUT PHANDLE KeyHandle,
    365   IN ACCESS_MASK DesiredAccess,
    366   IN POBJECT_ATTRIBUTES ObjectAttributes,
    367   IN ULONG TitleIndex,
    368   IN PUNICODE_STRING Class OPTIONAL,
    369   IN ULONG CreateOptions,
    370   OUT PULONG Disposition OPTIONAL);
    371 
    372 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)(
    373   OUT PHANDLE KeyHandle,
    374   IN ACCESS_MASK DesiredAccess,
    375   IN POBJECT_ATTRIBUTES ObjectAttributes);
    376 
    377 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)(
    378   OUT PHANDLE KeyHandle,
    379   IN ACCESS_MASK DesiredAccess,
    380   IN POBJECT_ATTRIBUTES ObjectAttributes,
    381   IN DWORD open_options);
    382 
    383 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)(
    384   IN HANDLE KeyHandle);
    385 
    386 // -----------------------------------------------------------------------
    387 // Memory
    388 
    389 // Don't really need this structure right now.
    390 typedef PVOID PRTL_HEAP_PARAMETERS;
    391 
    392 typedef PVOID (WINAPI *RtlCreateHeapFunction)(
    393   IN ULONG Flags,
    394   IN PVOID HeapBase OPTIONAL,
    395   IN SIZE_T ReserveSize OPTIONAL,
    396   IN SIZE_T CommitSize OPTIONAL,
    397   IN PVOID Lock OPTIONAL,
    398   IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL);
    399 
    400 typedef PVOID (WINAPI *RtlDestroyHeapFunction)(
    401   IN PVOID HeapHandle);
    402 
    403 typedef PVOID (WINAPI *RtlAllocateHeapFunction)(
    404   IN PVOID HeapHandle,
    405   IN ULONG Flags,
    406   IN SIZE_T Size);
    407 
    408 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)(
    409   IN PVOID HeapHandle,
    410   IN ULONG Flags,
    411   IN PVOID HeapBase);
    412 
    413 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) (
    414   IN HANDLE ProcessHandle,
    415   IN OUT PVOID *BaseAddress,
    416   IN ULONG_PTR ZeroBits,
    417   IN OUT PSIZE_T RegionSize,
    418   IN ULONG AllocationType,
    419   IN ULONG Protect);
    420 
    421 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) (
    422   IN HANDLE ProcessHandle,
    423   IN OUT PVOID *BaseAddress,
    424   IN OUT PSIZE_T RegionSize,
    425   IN ULONG FreeType);
    426 
    427 typedef enum _MEMORY_INFORMATION_CLASS {
    428   MemoryBasicInformation = 0,
    429   MemoryWorkingSetList,
    430   MemorySectionName,
    431   MemoryBasicVlmInformation
    432 } MEMORY_INFORMATION_CLASS;
    433 
    434 typedef struct _MEMORY_SECTION_NAME {  // Information Class 2
    435   UNICODE_STRING SectionFileName;
    436 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME;
    437 
    438 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)(
    439   IN HANDLE ProcessHandle,
    440   IN PVOID BaseAddress,
    441   IN MEMORY_INFORMATION_CLASS MemoryInformationClass,
    442   OUT PVOID MemoryInformation,
    443   IN ULONG MemoryInformationLength,
    444   OUT PULONG ReturnLength OPTIONAL);
    445 
    446 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)(
    447   IN HANDLE ProcessHandle,
    448   IN OUT PVOID* BaseAddress,
    449   IN OUT PSIZE_T ProtectSize,
    450   IN ULONG NewProtect,
    451   OUT PULONG OldProtect);
    452 
    453 // -----------------------------------------------------------------------
    454 // Objects
    455 
    456 typedef enum _OBJECT_INFORMATION_CLASS {
    457   ObjectBasicInformation,
    458   ObjectNameInformation,
    459   ObjectTypeInformation,
    460   ObjectAllInformation,
    461   ObjectDataInformation
    462 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS;
    463 
    464 typedef struct _OBJDIR_INFORMATION {
    465   UNICODE_STRING ObjectName;
    466   UNICODE_STRING ObjectTypeName;
    467   BYTE Data[1];
    468 } OBJDIR_INFORMATION;
    469 
    470 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION {
    471   ULONG Attributes;
    472   ACCESS_MASK GrantedAccess;
    473   ULONG HandleCount;
    474   ULONG PointerCount;
    475   ULONG Reserved[10];    // reserved for internal use
    476 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION;
    477 
    478 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION {
    479   UNICODE_STRING TypeName;
    480   ULONG Reserved[22];    // reserved for internal use
    481 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION;
    482 
    483 typedef enum _POOL_TYPE {
    484   NonPagedPool,
    485   PagedPool,
    486   NonPagedPoolMustSucceed,
    487   ReservedType,
    488   NonPagedPoolCacheAligned,
    489   PagedPoolCacheAligned,
    490   NonPagedPoolCacheAlignedMustS
    491 } POOL_TYPE;
    492 
    493 typedef struct _OBJECT_BASIC_INFORMATION {
    494   ULONG Attributes;
    495   ACCESS_MASK GrantedAccess;
    496   ULONG HandleCount;
    497   ULONG PointerCount;
    498   ULONG PagedPoolUsage;
    499   ULONG NonPagedPoolUsage;
    500   ULONG Reserved[3];
    501   ULONG NameInformationLength;
    502   ULONG TypeInformationLength;
    503   ULONG SecurityDescriptorLength;
    504   LARGE_INTEGER CreateTime;
    505 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION;
    506 
    507 typedef struct _OBJECT_TYPE_INFORMATION {
    508   UNICODE_STRING Name;
    509   ULONG TotalNumberOfObjects;
    510   ULONG TotalNumberOfHandles;
    511   ULONG TotalPagedPoolUsage;
    512   ULONG TotalNonPagedPoolUsage;
    513   ULONG TotalNamePoolUsage;
    514   ULONG TotalHandleTableUsage;
    515   ULONG HighWaterNumberOfObjects;
    516   ULONG HighWaterNumberOfHandles;
    517   ULONG HighWaterPagedPoolUsage;
    518   ULONG HighWaterNonPagedPoolUsage;
    519   ULONG HighWaterNamePoolUsage;
    520   ULONG HighWaterHandleTableUsage;
    521   ULONG InvalidAttributes;
    522   GENERIC_MAPPING GenericMapping;
    523   ULONG ValidAccess;
    524   BOOLEAN SecurityRequired;
    525   BOOLEAN MaintainHandleCount;
    526   USHORT MaintainTypeList;
    527   POOL_TYPE PoolType;
    528   ULONG PagedPoolUsage;
    529   ULONG NonPagedPoolUsage;
    530 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION;
    531 
    532 typedef enum _SYSTEM_INFORMATION_CLASS {
    533   SystemHandleInformation = 16
    534 } SYSTEM_INFORMATION_CLASS;
    535 
    536 typedef struct _SYSTEM_HANDLE_INFORMATION {
    537   USHORT ProcessId;
    538   USHORT CreatorBackTraceIndex;
    539   UCHAR ObjectTypeNumber;
    540   UCHAR Flags;
    541   USHORT Handle;
    542   PVOID Object;
    543   ACCESS_MASK GrantedAccess;
    544 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION;
    545 
    546 typedef struct _SYSTEM_HANDLE_INFORMATION_EX {
    547   ULONG NumberOfHandles;
    548   SYSTEM_HANDLE_INFORMATION Information[1];
    549 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX;
    550 
    551 typedef struct _OBJECT_NAME_INFORMATION {
    552   UNICODE_STRING ObjectName;
    553 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION;
    554 
    555 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)(
    556   IN HANDLE Handle,
    557   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
    558   OUT PVOID ObjectInformation OPTIONAL,
    559   IN ULONG ObjectInformationLength,
    560   OUT PULONG ReturnLength OPTIONAL);
    561 
    562 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)(
    563   IN HANDLE SourceProcess,
    564   IN HANDLE SourceHandle,
    565   IN HANDLE TargetProcess,
    566   OUT PHANDLE TargetHandle,
    567   IN ACCESS_MASK DesiredAccess,
    568   IN ULONG Attributes,
    569   IN ULONG Options);
    570 
    571 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)(
    572   IN HANDLE HandleToSignal,
    573   IN HANDLE HandleToWait,
    574   IN BOOLEAN Alertable,
    575   IN PLARGE_INTEGER Timeout OPTIONAL);
    576 
    577 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)(
    578   IN SYSTEM_INFORMATION_CLASS SystemInformationClass,
    579   OUT PVOID SystemInformation,
    580   IN ULONG SystemInformationLength,
    581   OUT PULONG ReturnLength);
    582 
    583 typedef NTSTATUS (WINAPI *NtQueryObject)(
    584   IN HANDLE Handle,
    585   IN OBJECT_INFORMATION_CLASS ObjectInformationClass,
    586   OUT PVOID ObjectInformation,
    587   IN ULONG ObjectInformationLength,
    588   OUT PULONG ReturnLength);
    589 
    590 // -----------------------------------------------------------------------
    591 // Strings
    592 
    593 typedef int (__cdecl *_strnicmpFunction)(
    594   IN const char* _Str1,
    595   IN const char* _Str2,
    596   IN size_t _MaxCount);
    597 
    598 typedef size_t  (__cdecl *strlenFunction)(
    599   IN const char * _Str);
    600 
    601 typedef size_t (__cdecl *wcslenFunction)(
    602   IN const wchar_t* _Str);
    603 
    604 typedef void* (__cdecl *memcpyFunction)(
    605   IN void* dest,
    606   IN const void* src,
    607   IN size_t count);
    608 
    609 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)(
    610   IN OUT PUNICODE_STRING  DestinationString,
    611   IN PANSI_STRING  SourceString,
    612   IN BOOLEAN  AllocateDestinationString);
    613 
    614 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)(
    615   IN PCUNICODE_STRING  String1,
    616   IN PCUNICODE_STRING  String2,
    617   IN BOOLEAN  CaseInSensitive);
    618 
    619 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) (
    620   IN OUT PUNICODE_STRING DestinationString,
    621   IN PCWSTR SourceString);
    622 
    623 typedef enum _EVENT_TYPE {
    624   NotificationEvent,
    625   SynchronizationEvent
    626 } EVENT_TYPE, *PEVENT_TYPE;
    627 
    628 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) (
    629     PHANDLE DirectoryHandle,
    630     ACCESS_MASK DesiredAccess,
    631     POBJECT_ATTRIBUTES ObjectAttributes);
    632 
    633 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) (
    634     HANDLE LinkHandle,
    635     PUNICODE_STRING LinkTarget,
    636     PULONG ReturnedLength);
    637 
    638 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) (
    639     PHANDLE LinkHandle,
    640     ACCESS_MASK DesiredAccess,
    641     POBJECT_ATTRIBUTES ObjectAttributes);
    642 
    643 #define DIRECTORY_QUERY               0x0001
    644 #define DIRECTORY_TRAVERSE            0x0002
    645 #define DIRECTORY_CREATE_OBJECT       0x0004
    646 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008
    647 #define DIRECTORY_ALL_ACCESS          0x000F
    648 
    649 #endif  // SANDBOX_WIN_SRC_NT_INTERNALS_H__
    650 
    651