1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file holds definitions related to the ntdll API. 6 7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__ 8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__ 9 10 #include <windows.h> 11 12 typedef LONG NTSTATUS; 13 #define NT_SUCCESS(st) (st >= 0) 14 15 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) 16 #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) 17 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L) 18 #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L) 19 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) 20 #ifndef STATUS_INVALID_PARAMETER 21 // It is now defined in Windows 2008 SDK. 22 #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL) 23 #endif 24 #define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L) 25 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L) 26 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L) 27 #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L) 28 #define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL) 29 #define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL) 30 #define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL) 31 32 #define CURRENT_PROCESS ((HANDLE) -1) 33 #define CURRENT_THREAD ((HANDLE) -2) 34 #define NtCurrentProcess CURRENT_PROCESS 35 36 typedef struct _UNICODE_STRING { 37 USHORT Length; 38 USHORT MaximumLength; 39 PWSTR Buffer; 40 } UNICODE_STRING; 41 typedef UNICODE_STRING *PUNICODE_STRING; 42 typedef const UNICODE_STRING *PCUNICODE_STRING; 43 44 typedef struct _STRING { 45 USHORT Length; 46 USHORT MaximumLength; 47 PCHAR Buffer; 48 } STRING; 49 typedef STRING *PSTRING; 50 51 typedef STRING ANSI_STRING; 52 typedef PSTRING PANSI_STRING; 53 typedef CONST PSTRING PCANSI_STRING; 54 55 typedef STRING OEM_STRING; 56 typedef PSTRING POEM_STRING; 57 typedef CONST STRING* PCOEM_STRING; 58 59 #define OBJ_CASE_INSENSITIVE 0x00000040L 60 61 typedef struct _OBJECT_ATTRIBUTES { 62 ULONG Length; 63 HANDLE RootDirectory; 64 PUNICODE_STRING ObjectName; 65 ULONG Attributes; 66 PVOID SecurityDescriptor; 67 PVOID SecurityQualityOfService; 68 } OBJECT_ATTRIBUTES; 69 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; 70 71 #define InitializeObjectAttributes(p, n, a, r, s) { \ 72 (p)->Length = sizeof(OBJECT_ATTRIBUTES);\ 73 (p)->RootDirectory = r;\ 74 (p)->Attributes = a;\ 75 (p)->ObjectName = n;\ 76 (p)->SecurityDescriptor = s;\ 77 (p)->SecurityQualityOfService = NULL;\ 78 } 79 80 typedef struct _IO_STATUS_BLOCK { 81 union { 82 NTSTATUS Status; 83 PVOID Pointer; 84 }; 85 ULONG_PTR Information; 86 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 87 88 // ----------------------------------------------------------------------- 89 // File IO 90 91 // Create disposition values. 92 93 #define FILE_SUPERSEDE 0x00000000 94 #define FILE_OPEN 0x00000001 95 #define FILE_CREATE 0x00000002 96 #define FILE_OPEN_IF 0x00000003 97 #define FILE_OVERWRITE 0x00000004 98 #define FILE_OVERWRITE_IF 0x00000005 99 #define FILE_MAXIMUM_DISPOSITION 0x00000005 100 101 // Create/open option flags. 102 103 #define FILE_DIRECTORY_FILE 0x00000001 104 #define FILE_WRITE_THROUGH 0x00000002 105 #define FILE_SEQUENTIAL_ONLY 0x00000004 106 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 107 108 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 109 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 110 #define FILE_NON_DIRECTORY_FILE 0x00000040 111 #define FILE_CREATE_TREE_CONNECTION 0x00000080 112 113 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 114 #define FILE_NO_EA_KNOWLEDGE 0x00000200 115 #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 116 #define FILE_RANDOM_ACCESS 0x00000800 117 118 #define FILE_DELETE_ON_CLOSE 0x00001000 119 #define FILE_OPEN_BY_FILE_ID 0x00002000 120 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 121 #define FILE_NO_COMPRESSION 0x00008000 122 123 #define FILE_RESERVE_OPFILTER 0x00100000 124 #define FILE_OPEN_REPARSE_POINT 0x00200000 125 #define FILE_OPEN_NO_RECALL 0x00400000 126 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 127 128 typedef NTSTATUS (WINAPI *NtCreateFileFunction)( 129 OUT PHANDLE FileHandle, 130 IN ACCESS_MASK DesiredAccess, 131 IN POBJECT_ATTRIBUTES ObjectAttributes, 132 OUT PIO_STATUS_BLOCK IoStatusBlock, 133 IN PLARGE_INTEGER AllocationSize OPTIONAL, 134 IN ULONG FileAttributes, 135 IN ULONG ShareAccess, 136 IN ULONG CreateDisposition, 137 IN ULONG CreateOptions, 138 IN PVOID EaBuffer OPTIONAL, 139 IN ULONG EaLength); 140 141 typedef NTSTATUS (WINAPI *NtOpenFileFunction)( 142 OUT PHANDLE FileHandle, 143 IN ACCESS_MASK DesiredAccess, 144 IN POBJECT_ATTRIBUTES ObjectAttributes, 145 OUT PIO_STATUS_BLOCK IoStatusBlock, 146 IN ULONG ShareAccess, 147 IN ULONG OpenOptions); 148 149 typedef NTSTATUS (WINAPI *NtCloseFunction)( 150 IN HANDLE Handle); 151 152 typedef enum _FILE_INFORMATION_CLASS { 153 FileRenameInformation = 10 154 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; 155 156 typedef struct _FILE_RENAME_INFORMATION { 157 BOOLEAN ReplaceIfExists; 158 HANDLE RootDirectory; 159 ULONG FileNameLength; 160 WCHAR FileName[1]; 161 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 162 163 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)( 164 IN HANDLE FileHandle, 165 OUT PIO_STATUS_BLOCK IoStatusBlock, 166 IN PVOID FileInformation, 167 IN ULONG Length, 168 IN FILE_INFORMATION_CLASS FileInformationClass); 169 170 typedef struct FILE_BASIC_INFORMATION { 171 LARGE_INTEGER CreationTime; 172 LARGE_INTEGER LastAccessTime; 173 LARGE_INTEGER LastWriteTime; 174 LARGE_INTEGER ChangeTime; 175 ULONG FileAttributes; 176 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; 177 178 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)( 179 IN POBJECT_ATTRIBUTES ObjectAttributes, 180 OUT PFILE_BASIC_INFORMATION FileAttributes); 181 182 typedef struct _FILE_NETWORK_OPEN_INFORMATION { 183 LARGE_INTEGER CreationTime; 184 LARGE_INTEGER LastAccessTime; 185 LARGE_INTEGER LastWriteTime; 186 LARGE_INTEGER ChangeTime; 187 LARGE_INTEGER AllocationSize; 188 LARGE_INTEGER EndOfFile; 189 ULONG FileAttributes; 190 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; 191 192 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)( 193 IN POBJECT_ATTRIBUTES ObjectAttributes, 194 OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes); 195 196 // ----------------------------------------------------------------------- 197 // Sections 198 199 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)( 200 OUT PHANDLE SectionHandle, 201 IN ACCESS_MASK DesiredAccess, 202 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 203 IN PLARGE_INTEGER MaximumSize OPTIONAL, 204 IN ULONG SectionPageProtection, 205 IN ULONG AllocationAttributes, 206 IN HANDLE FileHandle OPTIONAL); 207 208 typedef ULONG SECTION_INHERIT; 209 #define ViewShare 1 210 #define ViewUnmap 2 211 212 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)( 213 IN HANDLE SectionHandle, 214 IN HANDLE ProcessHandle, 215 IN OUT PVOID *BaseAddress, 216 IN ULONG_PTR ZeroBits, 217 IN SIZE_T CommitSize, 218 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 219 IN OUT PSIZE_T ViewSize, 220 IN SECTION_INHERIT InheritDisposition, 221 IN ULONG AllocationType, 222 IN ULONG Win32Protect); 223 224 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)( 225 IN HANDLE ProcessHandle, 226 IN PVOID BaseAddress); 227 228 typedef enum _SECTION_INFORMATION_CLASS { 229 SectionBasicInformation = 0, 230 SectionImageInformation 231 } SECTION_INFORMATION_CLASS; 232 233 typedef struct _SECTION_BASIC_INFORMATION { 234 PVOID BaseAddress; 235 ULONG Attributes; 236 LARGE_INTEGER Size; 237 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; 238 239 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)( 240 IN HANDLE SectionHandle, 241 IN SECTION_INFORMATION_CLASS SectionInformationClass, 242 OUT PVOID SectionInformation, 243 IN SIZE_T SectionInformationLength, 244 OUT PSIZE_T ReturnLength OPTIONAL); 245 246 // ----------------------------------------------------------------------- 247 // Process and Thread 248 249 typedef struct _CLIENT_ID { 250 PVOID UniqueProcess; 251 PVOID UniqueThread; 252 } CLIENT_ID, *PCLIENT_ID; 253 254 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) ( 255 OUT PHANDLE ThreadHandle, 256 IN ACCESS_MASK DesiredAccess, 257 IN POBJECT_ATTRIBUTES ObjectAttributes, 258 IN PCLIENT_ID ClientId); 259 260 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) ( 261 OUT PHANDLE ProcessHandle, 262 IN ACCESS_MASK DesiredAccess, 263 IN POBJECT_ATTRIBUTES ObjectAttributes, 264 IN PCLIENT_ID ClientId); 265 266 typedef enum _NT_THREAD_INFORMATION_CLASS { 267 ThreadBasicInformation, 268 ThreadTimes, 269 ThreadPriority, 270 ThreadBasePriority, 271 ThreadAffinityMask, 272 ThreadImpersonationToken, 273 ThreadDescriptorTableEntry, 274 ThreadEnableAlignmentFaultFixup, 275 ThreadEventPair, 276 ThreadQuerySetWin32StartAddress, 277 ThreadZeroTlsCell, 278 ThreadPerformanceCount, 279 ThreadAmILastThread, 280 ThreadIdealProcessor, 281 ThreadPriorityBoost, 282 ThreadSetTlsArrayAddress, 283 ThreadIsIoPending, 284 ThreadHideFromDebugger 285 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS; 286 287 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) ( 288 IN HANDLE ThreadHandle, 289 IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass, 290 IN PVOID ThreadInformation, 291 IN ULONG ThreadInformationLength); 292 293 // Partial definition only: 294 typedef enum _PROCESSINFOCLASS { 295 ProcessBasicInformation = 0, 296 ProcessExecuteFlags = 0x22 297 } PROCESSINFOCLASS; 298 299 typedef PVOID PPEB; 300 typedef PVOID KPRIORITY; 301 302 typedef struct _PROCESS_BASIC_INFORMATION { 303 NTSTATUS ExitStatus; 304 PPEB PebBaseAddress; 305 KAFFINITY AffinityMask; 306 KPRIORITY BasePriority; 307 ULONG UniqueProcessId; 308 ULONG InheritedFromUniqueProcessId; 309 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 310 311 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)( 312 IN HANDLE ProcessHandle, 313 IN PROCESSINFOCLASS ProcessInformationClass, 314 OUT PVOID ProcessInformation, 315 IN ULONG ProcessInformationLength, 316 OUT PULONG ReturnLength OPTIONAL); 317 318 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)( 319 HANDLE ProcessHandle, 320 IN PROCESSINFOCLASS ProcessInformationClass, 321 IN PVOID ProcessInformation, 322 IN ULONG ProcessInformationLength); 323 324 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) ( 325 IN HANDLE ThreadHandle, 326 IN ACCESS_MASK DesiredAccess, 327 IN BOOLEAN OpenAsSelf, 328 OUT PHANDLE TokenHandle); 329 330 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) ( 331 IN HANDLE ThreadHandle, 332 IN ACCESS_MASK DesiredAccess, 333 IN BOOLEAN OpenAsSelf, 334 IN ULONG HandleAttributes, 335 OUT PHANDLE TokenHandle); 336 337 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) ( 338 IN HANDLE ProcessHandle, 339 IN ACCESS_MASK DesiredAccess, 340 OUT PHANDLE TokenHandle); 341 342 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) ( 343 IN HANDLE ProcessHandle, 344 IN ACCESS_MASK DesiredAccess, 345 IN ULONG HandleAttributes, 346 OUT PHANDLE TokenHandle); 347 348 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)( 349 IN HANDLE Process, 350 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 351 IN BOOLEAN CreateSuspended, 352 IN ULONG ZeroBits, 353 IN SIZE_T MaximumStackSize, 354 IN SIZE_T CommittedStackSize, 355 IN LPTHREAD_START_ROUTINE StartAddress, 356 IN PVOID Parameter, 357 OUT PHANDLE Thread, 358 OUT PCLIENT_ID ClientId); 359 360 // ----------------------------------------------------------------------- 361 // Registry 362 363 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)( 364 OUT PHANDLE KeyHandle, 365 IN ACCESS_MASK DesiredAccess, 366 IN POBJECT_ATTRIBUTES ObjectAttributes, 367 IN ULONG TitleIndex, 368 IN PUNICODE_STRING Class OPTIONAL, 369 IN ULONG CreateOptions, 370 OUT PULONG Disposition OPTIONAL); 371 372 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)( 373 OUT PHANDLE KeyHandle, 374 IN ACCESS_MASK DesiredAccess, 375 IN POBJECT_ATTRIBUTES ObjectAttributes); 376 377 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)( 378 OUT PHANDLE KeyHandle, 379 IN ACCESS_MASK DesiredAccess, 380 IN POBJECT_ATTRIBUTES ObjectAttributes, 381 IN DWORD open_options); 382 383 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)( 384 IN HANDLE KeyHandle); 385 386 // ----------------------------------------------------------------------- 387 // Memory 388 389 // Don't really need this structure right now. 390 typedef PVOID PRTL_HEAP_PARAMETERS; 391 392 typedef PVOID (WINAPI *RtlCreateHeapFunction)( 393 IN ULONG Flags, 394 IN PVOID HeapBase OPTIONAL, 395 IN SIZE_T ReserveSize OPTIONAL, 396 IN SIZE_T CommitSize OPTIONAL, 397 IN PVOID Lock OPTIONAL, 398 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); 399 400 typedef PVOID (WINAPI *RtlDestroyHeapFunction)( 401 IN PVOID HeapHandle); 402 403 typedef PVOID (WINAPI *RtlAllocateHeapFunction)( 404 IN PVOID HeapHandle, 405 IN ULONG Flags, 406 IN SIZE_T Size); 407 408 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)( 409 IN PVOID HeapHandle, 410 IN ULONG Flags, 411 IN PVOID HeapBase); 412 413 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) ( 414 IN HANDLE ProcessHandle, 415 IN OUT PVOID *BaseAddress, 416 IN ULONG_PTR ZeroBits, 417 IN OUT PSIZE_T RegionSize, 418 IN ULONG AllocationType, 419 IN ULONG Protect); 420 421 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) ( 422 IN HANDLE ProcessHandle, 423 IN OUT PVOID *BaseAddress, 424 IN OUT PSIZE_T RegionSize, 425 IN ULONG FreeType); 426 427 typedef enum _MEMORY_INFORMATION_CLASS { 428 MemoryBasicInformation = 0, 429 MemoryWorkingSetList, 430 MemorySectionName, 431 MemoryBasicVlmInformation 432 } MEMORY_INFORMATION_CLASS; 433 434 typedef struct _MEMORY_SECTION_NAME { // Information Class 2 435 UNICODE_STRING SectionFileName; 436 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 437 438 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)( 439 IN HANDLE ProcessHandle, 440 IN PVOID BaseAddress, 441 IN MEMORY_INFORMATION_CLASS MemoryInformationClass, 442 OUT PVOID MemoryInformation, 443 IN ULONG MemoryInformationLength, 444 OUT PULONG ReturnLength OPTIONAL); 445 446 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)( 447 IN HANDLE ProcessHandle, 448 IN OUT PVOID* BaseAddress, 449 IN OUT PSIZE_T ProtectSize, 450 IN ULONG NewProtect, 451 OUT PULONG OldProtect); 452 453 // ----------------------------------------------------------------------- 454 // Objects 455 456 typedef enum _OBJECT_INFORMATION_CLASS { 457 ObjectBasicInformation, 458 ObjectNameInformation, 459 ObjectTypeInformation, 460 ObjectAllInformation, 461 ObjectDataInformation 462 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; 463 464 typedef struct _OBJDIR_INFORMATION { 465 UNICODE_STRING ObjectName; 466 UNICODE_STRING ObjectTypeName; 467 BYTE Data[1]; 468 } OBJDIR_INFORMATION; 469 470 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 471 ULONG Attributes; 472 ACCESS_MASK GrantedAccess; 473 ULONG HandleCount; 474 ULONG PointerCount; 475 ULONG Reserved[10]; // reserved for internal use 476 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 477 478 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION { 479 UNICODE_STRING TypeName; 480 ULONG Reserved[22]; // reserved for internal use 481 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 482 483 typedef enum _POOL_TYPE { 484 NonPagedPool, 485 PagedPool, 486 NonPagedPoolMustSucceed, 487 ReservedType, 488 NonPagedPoolCacheAligned, 489 PagedPoolCacheAligned, 490 NonPagedPoolCacheAlignedMustS 491 } POOL_TYPE; 492 493 typedef struct _OBJECT_BASIC_INFORMATION { 494 ULONG Attributes; 495 ACCESS_MASK GrantedAccess; 496 ULONG HandleCount; 497 ULONG PointerCount; 498 ULONG PagedPoolUsage; 499 ULONG NonPagedPoolUsage; 500 ULONG Reserved[3]; 501 ULONG NameInformationLength; 502 ULONG TypeInformationLength; 503 ULONG SecurityDescriptorLength; 504 LARGE_INTEGER CreateTime; 505 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 506 507 typedef struct _OBJECT_TYPE_INFORMATION { 508 UNICODE_STRING Name; 509 ULONG TotalNumberOfObjects; 510 ULONG TotalNumberOfHandles; 511 ULONG TotalPagedPoolUsage; 512 ULONG TotalNonPagedPoolUsage; 513 ULONG TotalNamePoolUsage; 514 ULONG TotalHandleTableUsage; 515 ULONG HighWaterNumberOfObjects; 516 ULONG HighWaterNumberOfHandles; 517 ULONG HighWaterPagedPoolUsage; 518 ULONG HighWaterNonPagedPoolUsage; 519 ULONG HighWaterNamePoolUsage; 520 ULONG HighWaterHandleTableUsage; 521 ULONG InvalidAttributes; 522 GENERIC_MAPPING GenericMapping; 523 ULONG ValidAccess; 524 BOOLEAN SecurityRequired; 525 BOOLEAN MaintainHandleCount; 526 USHORT MaintainTypeList; 527 POOL_TYPE PoolType; 528 ULONG PagedPoolUsage; 529 ULONG NonPagedPoolUsage; 530 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 531 532 typedef enum _SYSTEM_INFORMATION_CLASS { 533 SystemHandleInformation = 16 534 } SYSTEM_INFORMATION_CLASS; 535 536 typedef struct _SYSTEM_HANDLE_INFORMATION { 537 USHORT ProcessId; 538 USHORT CreatorBackTraceIndex; 539 UCHAR ObjectTypeNumber; 540 UCHAR Flags; 541 USHORT Handle; 542 PVOID Object; 543 ACCESS_MASK GrantedAccess; 544 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 545 546 typedef struct _SYSTEM_HANDLE_INFORMATION_EX { 547 ULONG NumberOfHandles; 548 SYSTEM_HANDLE_INFORMATION Information[1]; 549 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 550 551 typedef struct _OBJECT_NAME_INFORMATION { 552 UNICODE_STRING ObjectName; 553 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 554 555 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)( 556 IN HANDLE Handle, 557 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 558 OUT PVOID ObjectInformation OPTIONAL, 559 IN ULONG ObjectInformationLength, 560 OUT PULONG ReturnLength OPTIONAL); 561 562 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)( 563 IN HANDLE SourceProcess, 564 IN HANDLE SourceHandle, 565 IN HANDLE TargetProcess, 566 OUT PHANDLE TargetHandle, 567 IN ACCESS_MASK DesiredAccess, 568 IN ULONG Attributes, 569 IN ULONG Options); 570 571 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)( 572 IN HANDLE HandleToSignal, 573 IN HANDLE HandleToWait, 574 IN BOOLEAN Alertable, 575 IN PLARGE_INTEGER Timeout OPTIONAL); 576 577 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)( 578 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 579 OUT PVOID SystemInformation, 580 IN ULONG SystemInformationLength, 581 OUT PULONG ReturnLength); 582 583 typedef NTSTATUS (WINAPI *NtQueryObject)( 584 IN HANDLE Handle, 585 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 586 OUT PVOID ObjectInformation, 587 IN ULONG ObjectInformationLength, 588 OUT PULONG ReturnLength); 589 590 // ----------------------------------------------------------------------- 591 // Strings 592 593 typedef int (__cdecl *_strnicmpFunction)( 594 IN const char* _Str1, 595 IN const char* _Str2, 596 IN size_t _MaxCount); 597 598 typedef size_t (__cdecl *strlenFunction)( 599 IN const char * _Str); 600 601 typedef size_t (__cdecl *wcslenFunction)( 602 IN const wchar_t* _Str); 603 604 typedef void* (__cdecl *memcpyFunction)( 605 IN void* dest, 606 IN const void* src, 607 IN size_t count); 608 609 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)( 610 IN OUT PUNICODE_STRING DestinationString, 611 IN PANSI_STRING SourceString, 612 IN BOOLEAN AllocateDestinationString); 613 614 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)( 615 IN PCUNICODE_STRING String1, 616 IN PCUNICODE_STRING String2, 617 IN BOOLEAN CaseInSensitive); 618 619 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) ( 620 IN OUT PUNICODE_STRING DestinationString, 621 IN PCWSTR SourceString); 622 623 typedef enum _EVENT_TYPE { 624 NotificationEvent, 625 SynchronizationEvent 626 } EVENT_TYPE, *PEVENT_TYPE; 627 628 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) ( 629 PHANDLE DirectoryHandle, 630 ACCESS_MASK DesiredAccess, 631 POBJECT_ATTRIBUTES ObjectAttributes); 632 633 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) ( 634 HANDLE LinkHandle, 635 PUNICODE_STRING LinkTarget, 636 PULONG ReturnedLength); 637 638 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) ( 639 PHANDLE LinkHandle, 640 ACCESS_MASK DesiredAccess, 641 POBJECT_ATTRIBUTES ObjectAttributes); 642 643 #define DIRECTORY_QUERY 0x0001 644 #define DIRECTORY_TRAVERSE 0x0002 645 #define DIRECTORY_CREATE_OBJECT 0x0004 646 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 647 #define DIRECTORY_ALL_ACCESS 0x000F 648 649 #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__ 650 651