1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file holds definitions related to the ntdll API. 6 7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__ 8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__ 9 10 #include <windows.h> 11 12 typedef LONG NTSTATUS; 13 #define NT_SUCCESS(st) (st >= 0) 14 15 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) 16 #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) 17 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L) 18 #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L) 19 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) 20 #ifndef STATUS_INVALID_PARAMETER 21 // It is now defined in Windows 2008 SDK. 22 #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL) 23 #endif 24 #define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L) 25 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L) 26 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L) 27 #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L) 28 #define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L) 29 #define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL) 30 #define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL) 31 #define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL) 32 33 #define CURRENT_PROCESS ((HANDLE) -1) 34 #define CURRENT_THREAD ((HANDLE) -2) 35 #define NtCurrentProcess CURRENT_PROCESS 36 37 typedef struct _UNICODE_STRING { 38 USHORT Length; 39 USHORT MaximumLength; 40 PWSTR Buffer; 41 } UNICODE_STRING; 42 typedef UNICODE_STRING *PUNICODE_STRING; 43 typedef const UNICODE_STRING *PCUNICODE_STRING; 44 45 typedef struct _STRING { 46 USHORT Length; 47 USHORT MaximumLength; 48 PCHAR Buffer; 49 } STRING; 50 typedef STRING *PSTRING; 51 52 typedef STRING ANSI_STRING; 53 typedef PSTRING PANSI_STRING; 54 typedef CONST PSTRING PCANSI_STRING; 55 56 typedef STRING OEM_STRING; 57 typedef PSTRING POEM_STRING; 58 typedef CONST STRING* PCOEM_STRING; 59 60 #define OBJ_CASE_INSENSITIVE 0x00000040L 61 62 typedef struct _OBJECT_ATTRIBUTES { 63 ULONG Length; 64 HANDLE RootDirectory; 65 PUNICODE_STRING ObjectName; 66 ULONG Attributes; 67 PVOID SecurityDescriptor; 68 PVOID SecurityQualityOfService; 69 } OBJECT_ATTRIBUTES; 70 typedef OBJECT_ATTRIBUTES *POBJECT_ATTRIBUTES; 71 72 #define InitializeObjectAttributes(p, n, a, r, s) { \ 73 (p)->Length = sizeof(OBJECT_ATTRIBUTES);\ 74 (p)->RootDirectory = r;\ 75 (p)->Attributes = a;\ 76 (p)->ObjectName = n;\ 77 (p)->SecurityDescriptor = s;\ 78 (p)->SecurityQualityOfService = NULL;\ 79 } 80 81 typedef struct _IO_STATUS_BLOCK { 82 union { 83 NTSTATUS Status; 84 PVOID Pointer; 85 }; 86 ULONG_PTR Information; 87 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 88 89 // ----------------------------------------------------------------------- 90 // File IO 91 92 // Create disposition values. 93 94 #define FILE_SUPERSEDE 0x00000000 95 #define FILE_OPEN 0x00000001 96 #define FILE_CREATE 0x00000002 97 #define FILE_OPEN_IF 0x00000003 98 #define FILE_OVERWRITE 0x00000004 99 #define FILE_OVERWRITE_IF 0x00000005 100 #define FILE_MAXIMUM_DISPOSITION 0x00000005 101 102 // Create/open option flags. 103 104 #define FILE_DIRECTORY_FILE 0x00000001 105 #define FILE_WRITE_THROUGH 0x00000002 106 #define FILE_SEQUENTIAL_ONLY 0x00000004 107 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 108 109 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 110 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 111 #define FILE_NON_DIRECTORY_FILE 0x00000040 112 #define FILE_CREATE_TREE_CONNECTION 0x00000080 113 114 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 115 #define FILE_NO_EA_KNOWLEDGE 0x00000200 116 #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 117 #define FILE_RANDOM_ACCESS 0x00000800 118 119 #define FILE_DELETE_ON_CLOSE 0x00001000 120 #define FILE_OPEN_BY_FILE_ID 0x00002000 121 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 122 #define FILE_NO_COMPRESSION 0x00008000 123 124 #define FILE_RESERVE_OPFILTER 0x00100000 125 #define FILE_OPEN_REPARSE_POINT 0x00200000 126 #define FILE_OPEN_NO_RECALL 0x00400000 127 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 128 129 // Create/open result values. These are the disposition values returned on the 130 // io status information. 131 #define FILE_SUPERSEDED 0x00000000 132 #define FILE_OPENED 0x00000001 133 #define FILE_CREATED 0x00000002 134 #define FILE_OVERWRITTEN 0x00000003 135 #define FILE_EXISTS 0x00000004 136 #define FILE_DOES_NOT_EXIST 0x00000005 137 138 typedef NTSTATUS (WINAPI *NtCreateFileFunction)( 139 OUT PHANDLE FileHandle, 140 IN ACCESS_MASK DesiredAccess, 141 IN POBJECT_ATTRIBUTES ObjectAttributes, 142 OUT PIO_STATUS_BLOCK IoStatusBlock, 143 IN PLARGE_INTEGER AllocationSize OPTIONAL, 144 IN ULONG FileAttributes, 145 IN ULONG ShareAccess, 146 IN ULONG CreateDisposition, 147 IN ULONG CreateOptions, 148 IN PVOID EaBuffer OPTIONAL, 149 IN ULONG EaLength); 150 151 typedef NTSTATUS (WINAPI *NtOpenFileFunction)( 152 OUT PHANDLE FileHandle, 153 IN ACCESS_MASK DesiredAccess, 154 IN POBJECT_ATTRIBUTES ObjectAttributes, 155 OUT PIO_STATUS_BLOCK IoStatusBlock, 156 IN ULONG ShareAccess, 157 IN ULONG OpenOptions); 158 159 typedef NTSTATUS (WINAPI *NtCloseFunction)( 160 IN HANDLE Handle); 161 162 typedef enum _FILE_INFORMATION_CLASS { 163 FileRenameInformation = 10 164 } FILE_INFORMATION_CLASS, *PFILE_INFORMATION_CLASS; 165 166 typedef struct _FILE_RENAME_INFORMATION { 167 BOOLEAN ReplaceIfExists; 168 HANDLE RootDirectory; 169 ULONG FileNameLength; 170 WCHAR FileName[1]; 171 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 172 173 typedef NTSTATUS (WINAPI *NtSetInformationFileFunction)( 174 IN HANDLE FileHandle, 175 OUT PIO_STATUS_BLOCK IoStatusBlock, 176 IN PVOID FileInformation, 177 IN ULONG Length, 178 IN FILE_INFORMATION_CLASS FileInformationClass); 179 180 typedef struct FILE_BASIC_INFORMATION { 181 LARGE_INTEGER CreationTime; 182 LARGE_INTEGER LastAccessTime; 183 LARGE_INTEGER LastWriteTime; 184 LARGE_INTEGER ChangeTime; 185 ULONG FileAttributes; 186 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; 187 188 typedef NTSTATUS (WINAPI *NtQueryAttributesFileFunction)( 189 IN POBJECT_ATTRIBUTES ObjectAttributes, 190 OUT PFILE_BASIC_INFORMATION FileAttributes); 191 192 typedef struct _FILE_NETWORK_OPEN_INFORMATION { 193 LARGE_INTEGER CreationTime; 194 LARGE_INTEGER LastAccessTime; 195 LARGE_INTEGER LastWriteTime; 196 LARGE_INTEGER ChangeTime; 197 LARGE_INTEGER AllocationSize; 198 LARGE_INTEGER EndOfFile; 199 ULONG FileAttributes; 200 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; 201 202 typedef NTSTATUS (WINAPI *NtQueryFullAttributesFileFunction)( 203 IN POBJECT_ATTRIBUTES ObjectAttributes, 204 OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes); 205 206 // ----------------------------------------------------------------------- 207 // Sections 208 209 typedef NTSTATUS (WINAPI *NtCreateSectionFunction)( 210 OUT PHANDLE SectionHandle, 211 IN ACCESS_MASK DesiredAccess, 212 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 213 IN PLARGE_INTEGER MaximumSize OPTIONAL, 214 IN ULONG SectionPageProtection, 215 IN ULONG AllocationAttributes, 216 IN HANDLE FileHandle OPTIONAL); 217 218 typedef ULONG SECTION_INHERIT; 219 #define ViewShare 1 220 #define ViewUnmap 2 221 222 typedef NTSTATUS (WINAPI *NtMapViewOfSectionFunction)( 223 IN HANDLE SectionHandle, 224 IN HANDLE ProcessHandle, 225 IN OUT PVOID *BaseAddress, 226 IN ULONG_PTR ZeroBits, 227 IN SIZE_T CommitSize, 228 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 229 IN OUT PSIZE_T ViewSize, 230 IN SECTION_INHERIT InheritDisposition, 231 IN ULONG AllocationType, 232 IN ULONG Win32Protect); 233 234 typedef NTSTATUS (WINAPI *NtUnmapViewOfSectionFunction)( 235 IN HANDLE ProcessHandle, 236 IN PVOID BaseAddress); 237 238 typedef enum _SECTION_INFORMATION_CLASS { 239 SectionBasicInformation = 0, 240 SectionImageInformation 241 } SECTION_INFORMATION_CLASS; 242 243 typedef struct _SECTION_BASIC_INFORMATION { 244 PVOID BaseAddress; 245 ULONG Attributes; 246 LARGE_INTEGER Size; 247 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; 248 249 typedef NTSTATUS (WINAPI *NtQuerySectionFunction)( 250 IN HANDLE SectionHandle, 251 IN SECTION_INFORMATION_CLASS SectionInformationClass, 252 OUT PVOID SectionInformation, 253 IN SIZE_T SectionInformationLength, 254 OUT PSIZE_T ReturnLength OPTIONAL); 255 256 // ----------------------------------------------------------------------- 257 // Process and Thread 258 259 typedef struct _CLIENT_ID { 260 PVOID UniqueProcess; 261 PVOID UniqueThread; 262 } CLIENT_ID, *PCLIENT_ID; 263 264 typedef NTSTATUS (WINAPI *NtOpenThreadFunction) ( 265 OUT PHANDLE ThreadHandle, 266 IN ACCESS_MASK DesiredAccess, 267 IN POBJECT_ATTRIBUTES ObjectAttributes, 268 IN PCLIENT_ID ClientId); 269 270 typedef NTSTATUS (WINAPI *NtOpenProcessFunction) ( 271 OUT PHANDLE ProcessHandle, 272 IN ACCESS_MASK DesiredAccess, 273 IN POBJECT_ATTRIBUTES ObjectAttributes, 274 IN PCLIENT_ID ClientId); 275 276 typedef enum _NT_THREAD_INFORMATION_CLASS { 277 ThreadBasicInformation, 278 ThreadTimes, 279 ThreadPriority, 280 ThreadBasePriority, 281 ThreadAffinityMask, 282 ThreadImpersonationToken, 283 ThreadDescriptorTableEntry, 284 ThreadEnableAlignmentFaultFixup, 285 ThreadEventPair, 286 ThreadQuerySetWin32StartAddress, 287 ThreadZeroTlsCell, 288 ThreadPerformanceCount, 289 ThreadAmILastThread, 290 ThreadIdealProcessor, 291 ThreadPriorityBoost, 292 ThreadSetTlsArrayAddress, 293 ThreadIsIoPending, 294 ThreadHideFromDebugger 295 } NT_THREAD_INFORMATION_CLASS, *PNT_THREAD_INFORMATION_CLASS; 296 297 typedef NTSTATUS (WINAPI *NtSetInformationThreadFunction) ( 298 IN HANDLE ThreadHandle, 299 IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass, 300 IN PVOID ThreadInformation, 301 IN ULONG ThreadInformationLength); 302 303 // Partial definition only: 304 typedef enum _PROCESSINFOCLASS { 305 ProcessBasicInformation = 0, 306 ProcessExecuteFlags = 0x22 307 } PROCESSINFOCLASS; 308 309 typedef PVOID PPEB; 310 typedef PVOID KPRIORITY; 311 312 typedef struct _PROCESS_BASIC_INFORMATION { 313 NTSTATUS ExitStatus; 314 PPEB PebBaseAddress; 315 KAFFINITY AffinityMask; 316 KPRIORITY BasePriority; 317 ULONG UniqueProcessId; 318 ULONG InheritedFromUniqueProcessId; 319 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 320 321 typedef NTSTATUS (WINAPI *NtQueryInformationProcessFunction)( 322 IN HANDLE ProcessHandle, 323 IN PROCESSINFOCLASS ProcessInformationClass, 324 OUT PVOID ProcessInformation, 325 IN ULONG ProcessInformationLength, 326 OUT PULONG ReturnLength OPTIONAL); 327 328 typedef NTSTATUS (WINAPI *NtSetInformationProcessFunction)( 329 HANDLE ProcessHandle, 330 IN PROCESSINFOCLASS ProcessInformationClass, 331 IN PVOID ProcessInformation, 332 IN ULONG ProcessInformationLength); 333 334 typedef NTSTATUS (WINAPI *NtOpenThreadTokenFunction) ( 335 IN HANDLE ThreadHandle, 336 IN ACCESS_MASK DesiredAccess, 337 IN BOOLEAN OpenAsSelf, 338 OUT PHANDLE TokenHandle); 339 340 typedef NTSTATUS (WINAPI *NtOpenThreadTokenExFunction) ( 341 IN HANDLE ThreadHandle, 342 IN ACCESS_MASK DesiredAccess, 343 IN BOOLEAN OpenAsSelf, 344 IN ULONG HandleAttributes, 345 OUT PHANDLE TokenHandle); 346 347 typedef NTSTATUS (WINAPI *NtOpenProcessTokenFunction) ( 348 IN HANDLE ProcessHandle, 349 IN ACCESS_MASK DesiredAccess, 350 OUT PHANDLE TokenHandle); 351 352 typedef NTSTATUS (WINAPI *NtOpenProcessTokenExFunction) ( 353 IN HANDLE ProcessHandle, 354 IN ACCESS_MASK DesiredAccess, 355 IN ULONG HandleAttributes, 356 OUT PHANDLE TokenHandle); 357 358 typedef NTSTATUS (WINAPI * RtlCreateUserThreadFunction)( 359 IN HANDLE Process, 360 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 361 IN BOOLEAN CreateSuspended, 362 IN ULONG ZeroBits, 363 IN SIZE_T MaximumStackSize, 364 IN SIZE_T CommittedStackSize, 365 IN LPTHREAD_START_ROUTINE StartAddress, 366 IN PVOID Parameter, 367 OUT PHANDLE Thread, 368 OUT PCLIENT_ID ClientId); 369 370 // ----------------------------------------------------------------------- 371 // Registry 372 373 typedef NTSTATUS (WINAPI *NtCreateKeyFunction)( 374 OUT PHANDLE KeyHandle, 375 IN ACCESS_MASK DesiredAccess, 376 IN POBJECT_ATTRIBUTES ObjectAttributes, 377 IN ULONG TitleIndex, 378 IN PUNICODE_STRING Class OPTIONAL, 379 IN ULONG CreateOptions, 380 OUT PULONG Disposition OPTIONAL); 381 382 typedef NTSTATUS (WINAPI *NtOpenKeyFunction)( 383 OUT PHANDLE KeyHandle, 384 IN ACCESS_MASK DesiredAccess, 385 IN POBJECT_ATTRIBUTES ObjectAttributes); 386 387 typedef NTSTATUS (WINAPI *NtOpenKeyExFunction)( 388 OUT PHANDLE KeyHandle, 389 IN ACCESS_MASK DesiredAccess, 390 IN POBJECT_ATTRIBUTES ObjectAttributes, 391 IN DWORD open_options); 392 393 typedef NTSTATUS (WINAPI *NtDeleteKeyFunction)( 394 IN HANDLE KeyHandle); 395 396 // ----------------------------------------------------------------------- 397 // Memory 398 399 // Don't really need this structure right now. 400 typedef PVOID PRTL_HEAP_PARAMETERS; 401 402 typedef PVOID (WINAPI *RtlCreateHeapFunction)( 403 IN ULONG Flags, 404 IN PVOID HeapBase OPTIONAL, 405 IN SIZE_T ReserveSize OPTIONAL, 406 IN SIZE_T CommitSize OPTIONAL, 407 IN PVOID Lock OPTIONAL, 408 IN PRTL_HEAP_PARAMETERS Parameters OPTIONAL); 409 410 typedef PVOID (WINAPI *RtlDestroyHeapFunction)( 411 IN PVOID HeapHandle); 412 413 typedef PVOID (WINAPI *RtlAllocateHeapFunction)( 414 IN PVOID HeapHandle, 415 IN ULONG Flags, 416 IN SIZE_T Size); 417 418 typedef BOOLEAN (WINAPI *RtlFreeHeapFunction)( 419 IN PVOID HeapHandle, 420 IN ULONG Flags, 421 IN PVOID HeapBase); 422 423 typedef NTSTATUS (WINAPI *NtAllocateVirtualMemoryFunction) ( 424 IN HANDLE ProcessHandle, 425 IN OUT PVOID *BaseAddress, 426 IN ULONG_PTR ZeroBits, 427 IN OUT PSIZE_T RegionSize, 428 IN ULONG AllocationType, 429 IN ULONG Protect); 430 431 typedef NTSTATUS (WINAPI *NtFreeVirtualMemoryFunction) ( 432 IN HANDLE ProcessHandle, 433 IN OUT PVOID *BaseAddress, 434 IN OUT PSIZE_T RegionSize, 435 IN ULONG FreeType); 436 437 typedef enum _MEMORY_INFORMATION_CLASS { 438 MemoryBasicInformation = 0, 439 MemoryWorkingSetList, 440 MemorySectionName, 441 MemoryBasicVlmInformation 442 } MEMORY_INFORMATION_CLASS; 443 444 typedef struct _MEMORY_SECTION_NAME { // Information Class 2 445 UNICODE_STRING SectionFileName; 446 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 447 448 typedef NTSTATUS (WINAPI *NtQueryVirtualMemoryFunction)( 449 IN HANDLE ProcessHandle, 450 IN PVOID BaseAddress, 451 IN MEMORY_INFORMATION_CLASS MemoryInformationClass, 452 OUT PVOID MemoryInformation, 453 IN ULONG MemoryInformationLength, 454 OUT PULONG ReturnLength OPTIONAL); 455 456 typedef NTSTATUS (WINAPI *NtProtectVirtualMemoryFunction)( 457 IN HANDLE ProcessHandle, 458 IN OUT PVOID* BaseAddress, 459 IN OUT PSIZE_T ProtectSize, 460 IN ULONG NewProtect, 461 OUT PULONG OldProtect); 462 463 // ----------------------------------------------------------------------- 464 // Objects 465 466 typedef enum _OBJECT_INFORMATION_CLASS { 467 ObjectBasicInformation, 468 ObjectNameInformation, 469 ObjectTypeInformation, 470 ObjectAllInformation, 471 ObjectDataInformation 472 } OBJECT_INFORMATION_CLASS, *POBJECT_INFORMATION_CLASS; 473 474 typedef struct _OBJDIR_INFORMATION { 475 UNICODE_STRING ObjectName; 476 UNICODE_STRING ObjectTypeName; 477 BYTE Data[1]; 478 } OBJDIR_INFORMATION; 479 480 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 481 ULONG Attributes; 482 ACCESS_MASK GrantedAccess; 483 ULONG HandleCount; 484 ULONG PointerCount; 485 ULONG Reserved[10]; // reserved for internal use 486 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 487 488 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION { 489 UNICODE_STRING TypeName; 490 ULONG Reserved[22]; // reserved for internal use 491 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 492 493 typedef enum _POOL_TYPE { 494 NonPagedPool, 495 PagedPool, 496 NonPagedPoolMustSucceed, 497 ReservedType, 498 NonPagedPoolCacheAligned, 499 PagedPoolCacheAligned, 500 NonPagedPoolCacheAlignedMustS 501 } POOL_TYPE; 502 503 typedef struct _OBJECT_BASIC_INFORMATION { 504 ULONG Attributes; 505 ACCESS_MASK GrantedAccess; 506 ULONG HandleCount; 507 ULONG PointerCount; 508 ULONG PagedPoolUsage; 509 ULONG NonPagedPoolUsage; 510 ULONG Reserved[3]; 511 ULONG NameInformationLength; 512 ULONG TypeInformationLength; 513 ULONG SecurityDescriptorLength; 514 LARGE_INTEGER CreateTime; 515 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 516 517 typedef struct _OBJECT_TYPE_INFORMATION { 518 UNICODE_STRING Name; 519 ULONG TotalNumberOfObjects; 520 ULONG TotalNumberOfHandles; 521 ULONG TotalPagedPoolUsage; 522 ULONG TotalNonPagedPoolUsage; 523 ULONG TotalNamePoolUsage; 524 ULONG TotalHandleTableUsage; 525 ULONG HighWaterNumberOfObjects; 526 ULONG HighWaterNumberOfHandles; 527 ULONG HighWaterPagedPoolUsage; 528 ULONG HighWaterNonPagedPoolUsage; 529 ULONG HighWaterNamePoolUsage; 530 ULONG HighWaterHandleTableUsage; 531 ULONG InvalidAttributes; 532 GENERIC_MAPPING GenericMapping; 533 ULONG ValidAccess; 534 BOOLEAN SecurityRequired; 535 BOOLEAN MaintainHandleCount; 536 USHORT MaintainTypeList; 537 POOL_TYPE PoolType; 538 ULONG PagedPoolUsage; 539 ULONG NonPagedPoolUsage; 540 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 541 542 typedef enum _SYSTEM_INFORMATION_CLASS { 543 SystemHandleInformation = 16 544 } SYSTEM_INFORMATION_CLASS; 545 546 typedef struct _SYSTEM_HANDLE_INFORMATION { 547 USHORT ProcessId; 548 USHORT CreatorBackTraceIndex; 549 UCHAR ObjectTypeNumber; 550 UCHAR Flags; 551 USHORT Handle; 552 PVOID Object; 553 ACCESS_MASK GrantedAccess; 554 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 555 556 typedef struct _SYSTEM_HANDLE_INFORMATION_EX { 557 ULONG NumberOfHandles; 558 SYSTEM_HANDLE_INFORMATION Information[1]; 559 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 560 561 typedef struct _OBJECT_NAME_INFORMATION { 562 UNICODE_STRING ObjectName; 563 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 564 565 typedef NTSTATUS (WINAPI *NtQueryObjectFunction)( 566 IN HANDLE Handle, 567 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 568 OUT PVOID ObjectInformation OPTIONAL, 569 IN ULONG ObjectInformationLength, 570 OUT PULONG ReturnLength OPTIONAL); 571 572 typedef NTSTATUS (WINAPI *NtDuplicateObjectFunction)( 573 IN HANDLE SourceProcess, 574 IN HANDLE SourceHandle, 575 IN HANDLE TargetProcess, 576 OUT PHANDLE TargetHandle, 577 IN ACCESS_MASK DesiredAccess, 578 IN ULONG Attributes, 579 IN ULONG Options); 580 581 typedef NTSTATUS (WINAPI *NtSignalAndWaitForSingleObjectFunction)( 582 IN HANDLE HandleToSignal, 583 IN HANDLE HandleToWait, 584 IN BOOLEAN Alertable, 585 IN PLARGE_INTEGER Timeout OPTIONAL); 586 587 typedef NTSTATUS (WINAPI *NtQuerySystemInformation)( 588 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 589 OUT PVOID SystemInformation, 590 IN ULONG SystemInformationLength, 591 OUT PULONG ReturnLength); 592 593 typedef NTSTATUS (WINAPI *NtQueryObject)( 594 IN HANDLE Handle, 595 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 596 OUT PVOID ObjectInformation, 597 IN ULONG ObjectInformationLength, 598 OUT PULONG ReturnLength); 599 600 // ----------------------------------------------------------------------- 601 // Strings 602 603 typedef int (__cdecl *_strnicmpFunction)( 604 IN const char* _Str1, 605 IN const char* _Str2, 606 IN size_t _MaxCount); 607 608 typedef size_t (__cdecl *strlenFunction)( 609 IN const char * _Str); 610 611 typedef size_t (__cdecl *wcslenFunction)( 612 IN const wchar_t* _Str); 613 614 typedef void* (__cdecl *memcpyFunction)( 615 IN void* dest, 616 IN const void* src, 617 IN size_t count); 618 619 typedef NTSTATUS (WINAPI *RtlAnsiStringToUnicodeStringFunction)( 620 IN OUT PUNICODE_STRING DestinationString, 621 IN PANSI_STRING SourceString, 622 IN BOOLEAN AllocateDestinationString); 623 624 typedef LONG (WINAPI *RtlCompareUnicodeStringFunction)( 625 IN PCUNICODE_STRING String1, 626 IN PCUNICODE_STRING String2, 627 IN BOOLEAN CaseInSensitive); 628 629 typedef VOID (WINAPI *RtlInitUnicodeStringFunction) ( 630 IN OUT PUNICODE_STRING DestinationString, 631 IN PCWSTR SourceString); 632 633 typedef enum _EVENT_TYPE { 634 NotificationEvent, 635 SynchronizationEvent 636 } EVENT_TYPE, *PEVENT_TYPE; 637 638 typedef NTSTATUS (WINAPI* NtOpenDirectoryObjectFunction) ( 639 PHANDLE DirectoryHandle, 640 ACCESS_MASK DesiredAccess, 641 POBJECT_ATTRIBUTES ObjectAttributes); 642 643 typedef NTSTATUS (WINAPI* NtQuerySymbolicLinkObjectFunction) ( 644 HANDLE LinkHandle, 645 PUNICODE_STRING LinkTarget, 646 PULONG ReturnedLength); 647 648 typedef NTSTATUS (WINAPI* NtOpenSymbolicLinkObjectFunction) ( 649 PHANDLE LinkHandle, 650 ACCESS_MASK DesiredAccess, 651 POBJECT_ATTRIBUTES ObjectAttributes); 652 653 #define DIRECTORY_QUERY 0x0001 654 #define DIRECTORY_TRAVERSE 0x0002 655 #define DIRECTORY_CREATE_OBJECT 0x0004 656 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 657 #define DIRECTORY_ALL_ACCESS 0x000F 658 659 #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__ 660 661
