|
|
dd89bb |
#ifndef _NT_PROCESS_H_
|
|
|
dd89bb |
#define _NT_PROCESS_H_
|
|
|
dd89bb |
|
|
|
414ad3 |
#include "nt_abi.h"
|
|
|
28d040 |
#include "nt_pe.h"
|
|
|
414ad3 |
#include "nt_compiler.h"
|
|
|
dd89bb |
#include "nt_object.h"
|
|
|
dd89bb |
#include "nt_memory.h"
|
|
|
dd89bb |
#include "nt_section.h"
|
|
|
c164ff |
#include "nt_sync.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_process_info_class {
|
|
|
dd89bb |
NT_PROCESS_BASIC_INFORMATION,
|
|
|
dd89bb |
NT_PROCESS_QUOTA_LIMITS,
|
|
|
dd89bb |
NT_PROCESS_IO_COUNTERS,
|
|
|
dd89bb |
NT_PROCESS_VM_COUNTERS,
|
|
|
dd89bb |
NT_PROCESS_TIMES,
|
|
|
dd89bb |
NT_PROCESS_BASE_PRIORITY,
|
|
|
dd89bb |
NT_PROCESS_RAISE_PRIORITY,
|
|
|
dd89bb |
NT_PROCESS_DEBUG_PORT,
|
|
|
dd89bb |
NT_PROCESS_EXCEPTION_PORT,
|
|
|
dd89bb |
NT_PROCESS_ACCESS_TOKEN,
|
|
|
dd89bb |
NT_PROCESS_LDT_INFORMATION,
|
|
|
dd89bb |
NT_PROCESS_LDT_SIZE,
|
|
|
dd89bb |
NT_PROCESS_DEFAULT_HARD_ERROR_MODE,
|
|
|
dd89bb |
NT_PROCESS_IO_PORT_HANDLERS,
|
|
|
dd89bb |
NT_PROCESS_POOLED_USAGE_AND_LIMITS,
|
|
|
dd89bb |
NT_PROCESS_WORKING_SET_WATCH,
|
|
|
dd89bb |
NT_PROCESS_USER_MODE_IOPL,
|
|
|
dd89bb |
NT_PROCESS_ENABLE_ALIGNMENT_FAULT_FIXUP,
|
|
|
dd89bb |
NT_PROCESS_PRIORITY_CLASS,
|
|
|
dd89bb |
NT_PROCESS_WX86_INFORMATION,
|
|
|
dd89bb |
NT_PROCESS_HANDLE_COUNT,
|
|
|
dd89bb |
NT_PROCESS_AFFINITY_MASK,
|
|
|
dd89bb |
NT_PROCESS_PRIORITY_BOOST,
|
|
|
dd89bb |
NT_PROCESS_DEVICE_MAP,
|
|
|
dd89bb |
NT_PROCESS_SESSION_INFORMATION,
|
|
|
dd89bb |
NT_PROCESS_FOREGROUND_INFORMATION,
|
|
|
dd89bb |
NT_PROCESS_WOW64_INFORMATION,
|
|
|
dd89bb |
NT_PROCESS_IMAGE_FILE_NAME
|
|
|
dd89bb |
} nt_process_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_process_create_info_class {
|
|
|
dd89bb |
NT_PROCESS_CREATE_INITIAL_STATE,
|
|
|
dd89bb |
NT_PROCESS_CREATE_FAIL_ON_FILE_OPEN,
|
|
|
dd89bb |
NT_PROCESS_CREATE_FAIL_ON_SECTION_CREATE,
|
|
|
dd89bb |
NT_PROCESS_CREATE_FAIL_EXE_FORMAT,
|
|
|
dd89bb |
NT_PROCESS_CREATE_FAIL_MACHINE_MISMATCH,
|
|
|
dd89bb |
NT_PROCESS_CREATE_FAIL_EXE_NAME,
|
|
|
dd89bb |
NT_PROCESS_CREATE_SUCCESS,
|
|
|
dd89bb |
NT_PROCESS_CREATE_MAXIMUM_STATES,
|
|
|
dd89bb |
} nt_process_create_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
e93c83 |
/* friendly process synchronization opcode indexes */
|
|
|
e93c83 |
typedef enum _nt_process_opcode_idx {
|
|
|
e93c83 |
NT_PROCESS_OPCODE_IDX_FORK,
|
|
|
e93c83 |
NT_PROCESS_OPCODE_IDX_EXECVE,
|
|
|
df4a22 |
NT_PROCESS_OPCODE_IDX_STOPPED,
|
|
|
df4a22 |
NT_PROCESS_OPCODE_IDX_CONTINUED,
|
|
|
edb085 |
NT_PROCESS_OPCODE_IDX_CLIENT,
|
|
|
edb085 |
NT_PROCESS_OPCODE_IDX_SERVER,
|
|
|
e93c83 |
} nt_process_opcode_idx;
|
|
|
e93c83 |
|
|
|
e93c83 |
|
|
|
e93c83 |
|
|
|
dd89bb |
/* special handles */
|
|
|
dd89bb |
#define NT_CURRENT_PROCESS_HANDLE (void *)(uintptr_t)-1
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* process access bits */
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_PROCESS 0x00000080U
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_THREAD 0x00000002U
|
|
|
dd89bb |
#define NT_PROCESS_DUP_HANDLE 0x00000040U
|
|
|
dd89bb |
#define NT_PROCESS_QUERY_INFORMATION 0x00000400U
|
|
|
dd89bb |
#define NT_PROCESS_SET_INFORMATION 0x00000200U
|
|
|
dd89bb |
#define NT_PROCESS_SET_QUOTA 0x00000100U
|
|
|
dd89bb |
#define NT_PROCESS_SUSPEND_RESUME 0x00000800U
|
|
|
dd89bb |
#define NT_PROCESS_TERMINATE 0x00000001U
|
|
|
dd89bb |
#define NT_PROCESS_VM_OPERATION 0x00000008U
|
|
|
dd89bb |
#define NT_PROCESS_VM_READ 0x00000010U
|
|
|
dd89bb |
#define NT_PROCESS_VM_WRITE 0x00000020U
|
|
|
dd89bb |
#define NT_PROCESS_SYNCHRONIZE 0x00100000U
|
|
|
dd89bb |
#define NT_PROCESS_PRESERVE_AUTHZ_LEVEL 0x02000000U
|
|
|
dd89bb |
#define NT_PROCESS_ALL_ACCESS NT_PROCESS_CREATE_PROCESS \
|
|
|
dd89bb |
| NT_PROCESS_CREATE_THREAD \
|
|
|
dd89bb |
| NT_PROCESS_DUP_HANDLE \
|
|
|
dd89bb |
| NT_PROCESS_QUERY_INFORMATION \
|
|
|
dd89bb |
| NT_PROCESS_SET_INFORMATION \
|
|
|
dd89bb |
| NT_PROCESS_SET_QUOTA \
|
|
|
dd89bb |
| NT_PROCESS_SUSPEND_RESUME \
|
|
|
dd89bb |
| NT_PROCESS_TERMINATE \
|
|
|
dd89bb |
| NT_PROCESS_VM_OPERATION \
|
|
|
dd89bb |
| NT_PROCESS_VM_READ \
|
|
|
dd89bb |
| NT_PROCESS_VM_WRITE \
|
|
|
dd89bb |
| NT_PROCESS_SYNCHRONIZE
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* set error mode */
|
|
|
dd89bb |
#define NT_SEM_FAIL_CRITICAL_ERRORS 0x0001
|
|
|
dd89bb |
#define NT_SEM_NO_GP_FAULT_ERROR_BOX 0x0002
|
|
|
dd89bb |
#define NT_SEM_NO_ALIGNMENT_FAULT_EXCEPT 0x0004
|
|
|
dd89bb |
#define NT_SEM_NO_OPEN_FILE_ERROR_BOX 0x8000
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* process priority class (information class) */
|
|
|
dd89bb |
#define NT_PC_IDLE 0x00
|
|
|
dd89bb |
#define NT_PC_NORMAL 0x02
|
|
|
dd89bb |
#define NT_PC_HIGH 0x03
|
|
|
dd89bb |
#define NT_PC_REALTIME 0x04
|
|
|
dd89bb |
#define NT_PC_BELOW_NORMAL 0x05
|
|
|
dd89bb |
#define NT_PC_ABOVE_NORMAL 0x05
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* process device map drive type */
|
|
|
dd89bb |
#define NT_DRIVE_UNKNOWN 0x00
|
|
|
dd89bb |
#define NT_NO_ROOT_DIR 0x01
|
|
|
dd89bb |
#define NT_DRIVE_REMOVABLE 0x02
|
|
|
dd89bb |
#define NT_DRIVE_FIXED 0x03
|
|
|
dd89bb |
#define NT_DRIVE_REMOTE 0x04
|
|
|
dd89bb |
#define NT_DRIVE_CDROM 0x05
|
|
|
dd89bb |
#define NT_DRIVE_RAMDISK 0x06
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* process debug info class mask */
|
|
|
dd89bb |
#define NT_PDI_MODULES 0x0001
|
|
|
dd89bb |
#define NT_PDI_BACKTRACE 0x0002
|
|
|
dd89bb |
#define NT_PDI_HEAPS 0x0004
|
|
|
dd89bb |
#define NT_PDI_HEAP_TAGS 0x0008
|
|
|
dd89bb |
#define NT_PDI_HEAP_BLOCKS 0x0010
|
|
|
dd89bb |
#define NT_PDI_LOCKS 0x0020
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* process debug module information flags */
|
|
|
dd89bb |
#define NT_LDRP_STATIC_LINK 0x00000002
|
|
|
dd89bb |
#define NT_LDRP_IMAGE_DLL 0x00000004
|
|
|
dd89bb |
#define NT_LDRP_LOAD_IN_PROGRESS 0x00001000
|
|
|
dd89bb |
#define NT_LDRP_UNLOAD_IN_PROGRESS 0x00002000
|
|
|
dd89bb |
#define NT_LDRP_ENTRY_PROCESSED 0x00004000
|
|
|
dd89bb |
#define NT_LDRP_ENTRY_INSERTED 0x00008000
|
|
|
dd89bb |
#define NT_LDRP_CURRENT_LOAD 0x00010000
|
|
|
dd89bb |
#define NT_LDRP_FAILED_BUILTIN_LOAD 0x00020000
|
|
|
dd89bb |
#define NT_LDRP_DONT_CALL_FOR_THREADS 0x00040000
|
|
|
dd89bb |
#define NT_LDRP_PROCESS_ATTACH_CALLED 0x00080000
|
|
|
dd89bb |
#define NT_LDRP_DEBUG_SYMBOLS_LOADED 0x00100000
|
|
|
dd89bb |
#define NT_LDRP_IMAGE_NOT_AT_BASE 0x00200000
|
|
|
dd89bb |
#define NT_LDRP_WX86_IGNORE_MACHINETYPE 0x00400000
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* create process info bits */
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_INFO_WRITE_OUTPUT 0x00000001
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_INFO_OBTAIN_OUTPUT 0x20000003
|
|
|
dd89bb |
|
|
|
dd89bb |
/* zw_create_user_process: creation flags */
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_FLAGS_CREATE_THREAD_SUSPENDED (0x00000001)
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_FLAGS_RESET_DEBUG_PORT (0x00000002)
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_FLAGS_INHERIT_HANDLES (0x00000004)
|
|
|
dd89bb |
#define NT_PROCESS_CREATE_FLAGS_NO_OBJECT_SYNC (0x00000100)
|
|
|
dd89bb |
|
|
|
dd89bb |
/* zw_create_user_process: extended parameters */
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_FILE_NAME (0x00020005)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_VIRTUAL_ADDR_RANGES (0x00020007)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_BASE_PRIORITY (0x00020008)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_HARD_ERROR_MODE (0x00020009)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_CONSOLE_FLAGS (0x0002000A)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_INHERITED_HANDLES (0x0002000B)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_PARENT (0x00060000)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_DEBUG (0x00060001)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_SET_TOKEN (0x00060002)
|
|
|
dd89bb |
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_GET_SECTION_IMAGE_INFO (0x00000006)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_GET_CLIENT_ID (0x00010003)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_PARAM_GET_TEB_ADDRESS (0x00010004)
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
c9f661 |
/* nt_startup_info flag bits */
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_SHOW_WINDOW (0x00000001)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_SIZE (0x00000002)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_POSITION (0x00000004)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_COUNT_CHARS (0x00000008)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_FILL_ATTRIBUTE (0x00000010)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_RUN_FULL_SCREEN (0x00000020)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_FORCE_ON_FEEDBACK (0x00000040)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_FORCE_OFF_FEEDBACK (0x00000080)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_STD_HANDLES (0x00000100)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_USE_HOT_KEY (0x00000200)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_TITLE_IS_LINK_NAME (0x00000800)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_TITLE_IS_APP_ID (0x00001000)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_PREVENT_PINNING (0x00002000)
|
|
|
c9f661 |
#define NT_PROCESS_STARTUP_INFO_UNTRUSTED_SOURCE (0x00008000)
|
|
|
c9f661 |
|
|
|
c9f661 |
|
|
|
109012 |
/* foreign process creation flags */
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_DEBUG_PROCESS_TREE (0x00000001)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_DEBUG_ONLY_THIS_PROCESS (0x00000002)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_SUSPENDED (0x00000004)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_DETACHED_PROCESS (0x00000008)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_NEW_CONSOLE (0x00000010)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_NEW_PROCESS_GROUP (0x00000200)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_UNICODE_ENVIRONMENT (0x00000400)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_SEPARATE_WOW_VDM (0x00000800)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_SHARED_WOW_VDM (0x00001000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_INHERIT_PARENT_AFFINITY (0x00010000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_PROTECTED_PROCESS (0x00040000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_EXTENDED_STARTUPINFO_PRESENT (0x00080000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_BREAKAWAY_FROM_JOB (0x01000000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_PRESERVE_CODE_AUTHZ_LEVEL (0x02000000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_DEFAULT_ERROR_MODE (0x04000000)
|
|
|
109012 |
#define NT_PROCESS_INTEROP_FLAG_NO_WINDOW (0x08000000)
|
|
|
109012 |
|
|
|
109012 |
|
|
|
dd89bb |
/* zw_create_user_process: console flag bits */
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_DEFAULT (0x00)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_DO_NOT_USE_HANDLES (0x00)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_HANDLES (0x01)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_USE_ARG_HANDLES (0x02)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDIN (0x04)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDOUT (0x08)
|
|
|
dd89bb |
#define NT_CREATE_PROCESS_EXT_CONSOLE_FLAG_INHERIT_STDERR (0x10)
|
|
|
dd89bb |
|
|
|
ec0b96 |
/* tt_spawn_native_process / tt_spawn_foreign_process flags */
|
|
|
fa26cc |
#define NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_SYSTEM_LIBRARY (0x00000001)
|
|
|
fa26cc |
#define NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_PTY_SERVER (0x00000002)
|
|
|
fa26cc |
#define NT_PROCESS_SPAWN_FLAG_DELEGATE_TO_BRIDGE_PROCESS (0x00000004)
|
|
|
c95ea0 |
#define NT_PROCESS_SPAWN_FLAG_DEBUG_EXECUTION (0x00000010)
|
|
|
c95ea0 |
#define NT_PROCESS_SPAWN_FLAG_DEBUG_SUSPENDED (0x00000020)
|
|
|
ec0b96 |
|
|
|
dd89bb |
/* nt_runtime_data_block flag bits */
|
|
|
dd89bb |
#define NT_RUNTIME_DATA_DUPLICATE_SESSION_HANDLES (0x01)
|
|
|
dd89bb |
|
|
|
7ddcea |
/* nt_runtime_data flag bits */
|
|
|
7ddcea |
#define NT_RUNTIME_DATA_INTEGRAL_PROCESS (0x01)
|
|
|
34a88c |
#define NT_RUNTIME_DATA_DEBUG_SEH_TRAP (0x02)
|
|
|
921b8b |
#define NT_RUNTIME_DATA_DEBUG_NATIVE_CHILDREN (0x04)
|
|
|
921b8b |
#define NT_RUNTIME_DATA_DEBUG_FOREIGN_CHILDREN (0x08)
|
|
|
441756 |
#define NT_RUNTIME_DATA_TTY_TOP_LEVEL (0x10)
|
|
|
7ddcea |
|
|
|
dd89bb |
/* runtime data convenience storage */
|
|
|
e93c83 |
#define NT_RUNTIME_DATA_SYNC_OPCODES (0x08)
|
|
|
dd89bb |
#define NT_RUNTIME_DATA_USER_PTRS (0x10)
|
|
|
dd89bb |
#define NT_RUNTIME_DATA_USER_INT32_SLOTS (0x10)
|
|
|
dd89bb |
#define NT_RUNTIME_DATA_USER_INT64_SLOTS (0x10)
|
|
|
dd89bb |
|
|
|
804edf |
/* friendly process abi guid */
|
|
|
804edf |
#define NT_PROCESS_GUID_UNSPEC {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00}}
|
|
|
804edf |
#define NT_PROCESS_GUID_RTDATA {0x3e43ec84,0x1af1,0x4ede,{0xac,0xd8,0xc3,0xd9,0x20,0xaf,0xc8,0x68}}
|
|
|
804edf |
|
|
|
dd89bb |
/* friendly process guids */
|
|
|
dd89bb |
#define NT_PROCESS_GUID_NTPGRP {0xfa383cc0,0xa25b,0x4448,{0x83,0x45,0x51,0x45,0x4d,0xa8,0x2f,0x30}}
|
|
|
dd89bb |
#define NT_PROCESS_GUID_PIDMAP {0xba054c90,0x8b4f,0x4989,{0xa0,0x52,0x32,0xce,0x41,0x9e,0xbf,0x97}}
|
|
|
dd89bb |
#define NT_PROCESS_GUID_PIDANY {0x431bf6a6,0x65c4,0x4eb0,{0x88,0xca,0x16,0xfe,0xc0,0x18,0xc8,0xb7}}
|
|
|
fc3c8b |
#define NT_PROCESS_GUID_NTPIPC {0xc37f1735,0x693d,0x4695,{0xbc,0x54,0x03,0xfd,0xa2,0x7d,0x43,0x0a}}
|
|
|
dd89bb |
|
|
|
dd89bb |
/* friendly process object directory prefixes */
|
|
|
dd89bb |
#define NT_PROCESS_OBJDIR_PREFIX_NTPGRP {'n','t','p','g','r','p'}
|
|
|
dd89bb |
#define NT_PROCESS_OBJDIR_PREFIX_PIDMAP {'p','i','d','m','a','p'}
|
|
|
dd89bb |
#define NT_PROCESS_OBJDIR_PREFIX_PIDANY {'p','i','d','a','n','y'}
|
|
|
41d417 |
#define NT_PROCESS_OBJDIR_PREFIX_NTPIPC {'n','t','p','i','p','c'}
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_information {
|
|
|
dd89bb |
void * hprocess;
|
|
|
dd89bb |
void * hthread;
|
|
|
dd89bb |
uintptr_t process_id;
|
|
|
dd89bb |
uintptr_t thread_id;
|
|
|
dd89bb |
} nt_process_information, nt_process_info;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_parameters {
|
|
|
dd89bb |
uint32_t alloc_size;
|
|
|
dd89bb |
uint32_t used_size;
|
|
|
dd89bb |
uint32_t flags;
|
|
|
dd89bb |
uint32_t reserved;
|
|
|
dd89bb |
void * hconsole;
|
|
|
dd89bb |
uintptr_t console_flags;
|
|
|
dd89bb |
void * hstdin;
|
|
|
dd89bb |
void * hstdout;
|
|
|
dd89bb |
void * hstderr;
|
|
|
dd89bb |
nt_unicode_string cwd_name;
|
|
|
dd89bb |
void * cwd_handle;
|
|
|
dd89bb |
nt_unicode_string __attr_ptr_size_aligned__ dll_path;
|
|
|
dd89bb |
nt_unicode_string __attr_ptr_size_aligned__ image_file_name;
|
|
|
dd89bb |
nt_unicode_string __attr_ptr_size_aligned__ command_line;
|
|
|
dd89bb |
wchar16_t * environment;
|
|
|
dd89bb |
uint32_t dwx;
|
|
|
dd89bb |
uint32_t dwy;
|
|
|
dd89bb |
uint32_t dwx_size;
|
|
|
dd89bb |
uint32_t dwy_size;
|
|
|
dd89bb |
uint32_t dwx_count_chars;
|
|
|
dd89bb |
uint32_t dwy_count_chars;
|
|
|
dd89bb |
uint32_t dw_fill_attribute;
|
|
|
dd89bb |
uint32_t dw_flags;
|
|
|
dd89bb |
uint32_t wnd_show;
|
|
|
dd89bb |
nt_unicode_string wnd_title;
|
|
|
dd89bb |
nt_unicode_string __attr_ptr_size_aligned__ desktop;
|
|
|
dd89bb |
nt_unicode_string __attr_ptr_size_aligned__ shell_info;
|
|
|
dd89bb |
nt_unicode_string __attr_ptr_size_aligned__ runtime_data;
|
|
|
dd89bb |
} nt_process_parameters;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_peb {
|
|
|
dd89bb |
unsigned char reserved_1st[2];
|
|
|
dd89bb |
unsigned char debugged;
|
|
|
dd89bb |
unsigned char reserved_2nd[1];
|
|
|
dd89bb |
void * reserved_3rd[2];
|
|
|
dd89bb |
struct pe_peb_ldr_data* peb_ldr_data;
|
|
|
dd89bb |
nt_process_parameters * process_params;
|
|
|
dd89bb |
unsigned char reserved_4th[104];
|
|
|
dd89bb |
void * reserved_5th[52];
|
|
|
dd89bb |
void * post_process_init_routine;
|
|
|
dd89bb |
unsigned char reserved_6th[128];
|
|
|
dd89bb |
void * reserved_7th[1];
|
|
|
dd89bb |
uint32_t session_id;
|
|
|
dd89bb |
} nt_peb;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_basic_information {
|
|
|
dd89bb |
int32_t exit_status;
|
|
|
dd89bb |
nt_peb * peb_base_address;
|
|
|
dd89bb |
intptr_t affinity_mask;
|
|
|
dd89bb |
uint32_t base_priority;
|
|
|
dd89bb |
uintptr_t unique_process_id;
|
|
|
dd89bb |
uintptr_t inherited_from_unique_process_id;
|
|
|
dd89bb |
} nt_process_basic_information, nt_pbi;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_access_token {
|
|
|
dd89bb |
void * token;
|
|
|
dd89bb |
void * thread;
|
|
|
dd89bb |
} nt_process_access_token;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_ws_watch_information {
|
|
|
dd89bb |
void * faulting_pc;
|
|
|
dd89bb |
void * faulting_va;
|
|
|
dd89bb |
} nt_process_ws_watch_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_priority_class {
|
|
|
dd89bb |
int32_t foreground;
|
|
|
dd89bb |
uint32_t priority;
|
|
|
dd89bb |
} nt_process_priority_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_device_map_information {
|
|
|
dd89bb |
union {
|
|
|
dd89bb |
struct {
|
|
|
dd89bb |
void * directory_handle;
|
|
|
dd89bb |
} set;
|
|
|
dd89bb |
|
|
|
dd89bb |
struct {
|
|
|
dd89bb |
uint32_t drive_map;
|
|
|
dd89bb |
unsigned char drive_type[32];
|
|
|
dd89bb |
} query;
|
|
|
dd89bb |
};
|
|
|
dd89bb |
} nt_process_device_map_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
baf174 |
typedef struct _nt_process_startup_info {
|
|
|
baf174 |
uint32_t size;
|
|
|
baf174 |
wchar16_t * reserved;
|
|
|
baf174 |
wchar16_t * desktop;
|
|
|
baf174 |
wchar16_t * title;
|
|
|
baf174 |
uint32_t dwx;
|
|
|
baf174 |
uint32_t dwy;
|
|
|
baf174 |
uint32_t dwxsize;
|
|
|
baf174 |
uint32_t dwysize;
|
|
|
baf174 |
uint32_t dwxcntchars;
|
|
|
baf174 |
uint32_t dwycntchars;
|
|
|
baf174 |
uint32_t dwfileattr;
|
|
|
baf174 |
uint32_t dwflags;
|
|
|
baf174 |
uint16_t wndshow;
|
|
|
baf174 |
uint16_t pad;
|
|
|
baf174 |
uint8_t * unknown;
|
|
|
baf174 |
void * hstdin;
|
|
|
baf174 |
void * hstdout;
|
|
|
baf174 |
void * hstderr;
|
|
|
baf174 |
} nt_process_startup_info;
|
|
|
baf174 |
|
|
|
baf174 |
|
|
|
dd89bb |
typedef struct _nt_debug_buffer {
|
|
|
dd89bb |
void * hsection;
|
|
|
dd89bb |
void * section_base;
|
|
|
dd89bb |
void * remote_section_base;
|
|
|
dd89bb |
size_t section_base_delta;
|
|
|
dd89bb |
void * hevent_pair;
|
|
|
dd89bb |
void * unknown[2];
|
|
|
dd89bb |
void * hthread_remote;
|
|
|
dd89bb |
uint32_t info_class_mask;
|
|
|
dd89bb |
size_t info_size;
|
|
|
dd89bb |
size_t allocated_size;
|
|
|
dd89bb |
size_t section_size;
|
|
|
dd89bb |
void * module_information;
|
|
|
dd89bb |
void * back_trace_information;
|
|
|
dd89bb |
void * heap_information;
|
|
|
dd89bb |
void * lock_information;
|
|
|
dd89bb |
void * reserved[8];
|
|
|
dd89bb |
} nt_debug_buffer;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_debug_module_information {
|
|
|
dd89bb |
void * reserved[2];
|
|
|
dd89bb |
size_t base;
|
|
|
dd89bb |
size_t size;
|
|
|
dd89bb |
uint32_t flags;
|
|
|
dd89bb |
uint16_t index;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
uint16_t load_count;
|
|
|
dd89bb |
uint16_t module_name_offset;
|
|
|
dd89bb |
char image_name[256];
|
|
|
dd89bb |
} nt_debug_module_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_debug_heap_information {
|
|
|
dd89bb |
size_t base;
|
|
|
dd89bb |
uint32_t flags;
|
|
|
dd89bb |
uint16_t granularity;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
size_t allocated;
|
|
|
dd89bb |
size_t committed;
|
|
|
dd89bb |
uint32_t tag_count;
|
|
|
dd89bb |
uint32_t block_count;
|
|
|
dd89bb |
void * reserved[7];
|
|
|
dd89bb |
void * tags;
|
|
|
dd89bb |
void * blocks;
|
|
|
dd89bb |
} nt_debug_heap_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_debug_lock_information {
|
|
|
dd89bb |
void * address;
|
|
|
dd89bb |
uint16_t type;
|
|
|
dd89bb |
uint16_t creator_back_trace_index;
|
|
|
dd89bb |
uintptr_t owner_thread_id;
|
|
|
dd89bb |
uint32_t active_count;
|
|
|
dd89bb |
uint32_t contention_count;
|
|
|
dd89bb |
uint32_t entry_count;
|
|
|
dd89bb |
uint32_t recursion_count;
|
|
|
dd89bb |
uint32_t number_of_share_waiters;
|
|
|
dd89bb |
uint32_t number_of_exclusive_waiters;
|
|
|
dd89bb |
} nt_debug_lock_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_executable_image {
|
|
|
dd89bb |
void * hfile;
|
|
|
dd89bb |
void * hsection;
|
|
|
dd89bb |
void * addr;
|
|
|
dd89bb |
size_t size;
|
|
|
dd89bb |
uint16_t characteristics;
|
|
|
dd89bb |
uint16_t magic;
|
|
|
dd89bb |
uint16_t subsystem;
|
|
|
dd89bb |
uint16_t uflags;
|
|
|
dd89bb |
} nt_executable_image;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_session_information {
|
|
|
dd89bb |
uintptr_t session_id;
|
|
|
dd89bb |
} nt_process_session_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_create_process_info {
|
|
|
dd89bb |
size_t size;
|
|
|
dd89bb |
size_t state;
|
|
|
dd89bb |
|
|
|
dd89bb |
union {
|
|
|
dd89bb |
struct {
|
|
|
dd89bb |
uint32_t init_flags;
|
|
|
dd89bb |
uint32_t file_access_ext;
|
|
|
dd89bb |
uintptr_t unused[8];
|
|
|
dd89bb |
} init_state;
|
|
|
dd89bb |
|
|
|
dd89bb |
struct {
|
|
|
dd89bb |
uintptr_t output_flags;
|
|
|
dd89bb |
void * hfile;
|
|
|
dd89bb |
void * hsection;
|
|
|
dd89bb |
uint64_t unknown[6];
|
|
|
dd89bb |
} success_state;
|
|
|
dd89bb |
};
|
|
|
dd89bb |
} nt_create_process_info;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_create_process_ext_param {
|
|
|
dd89bb |
size_t ext_param_type;
|
|
|
dd89bb |
size_t ext_param_size;
|
|
|
dd89bb |
|
|
|
dd89bb |
union {
|
|
|
dd89bb |
uint32_t ext_param_value;
|
|
|
dd89bb |
void * ext_param_addr;
|
|
|
dd89bb |
};
|
|
|
dd89bb |
|
|
|
dd89bb |
size_t ext_param_returned_length;
|
|
|
dd89bb |
} nt_create_process_ext_param;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_create_process_ext_params {
|
|
|
dd89bb |
size_t ext_params_size;
|
|
|
dd89bb |
nt_create_process_ext_param ext_param[];
|
|
|
dd89bb |
} nt_create_process_ext_params;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_user_process_info {
|
|
|
dd89bb |
uint32_t size;
|
|
|
dd89bb |
void * hprocess;
|
|
|
dd89bb |
void * hthread;
|
|
|
dd89bb |
nt_cid cid;
|
|
|
dd89bb |
nt_section_image_information sec_image_info;
|
|
|
dd89bb |
} nt_user_process_info;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_process_alternate_client_id {
|
|
|
dd89bb |
void * hpgrp;
|
|
|
dd89bb |
void * hentry;
|
|
|
dd89bb |
void * hsession;
|
|
|
dd89bb |
void * hdaemon;
|
|
|
f22709 |
void * hpidany;
|
|
|
dd89bb |
void * hevent;
|
|
|
dd89bb |
int32_t tid;
|
|
|
dd89bb |
int32_t pid;
|
|
|
dd89bb |
int32_t pgid;
|
|
|
dd89bb |
int32_t sid;
|
|
|
dd89bb |
uintptr_t reserved[8];
|
|
|
dd89bb |
} nt_process_alternate_client_id, nt_alt_cid;
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_runtime_data {
|
|
|
b7e180 |
nt_guid abi;
|
|
|
dea1aa |
void * hself;
|
|
|
dea1aa |
void * hparent;
|
|
|
dea1aa |
void * himage;
|
|
|
dea1aa |
void * hroot;
|
|
|
8d1217 |
void * hdsodir;
|
|
|
8d1217 |
void * hloader;
|
|
|
de652a |
void * hexec;
|
|
|
de652a |
void * hpeer;
|
|
|
dea1aa |
void * hcwd;
|
|
|
dea1aa |
void * hdrive;
|
|
|
de652a |
void * hldrctx[__SIZEOF_POINTER__>>1];
|
|
|
b8c206 |
/**************************/
|
|
|
b8c206 |
/* loader abi ends here */
|
|
|
b8c206 |
/**************************/
|
|
|
5981d9 |
void * hntpgrpdir;
|
|
|
4e479d |
void * hpidanydir;
|
|
|
5981d9 |
void * hobjanydir;
|
|
|
4e479d |
void * hbnorootdir;
|
|
|
dbeebd |
|
|
|
9faf9a |
void * hsemctl;
|
|
|
9faf9a |
void * hsempid;
|
|
|
9faf9a |
void * hsemctldir;
|
|
|
9faf9a |
void * hsemkeydir;
|
|
|
9faf9a |
void * hsempiddir;
|
|
|
dbeebd |
|
|
|
47f21a |
void * hmsqctl;
|
|
|
47f21a |
void * hmsqpid;
|
|
|
47f21a |
void * hmsqctldir;
|
|
|
47f21a |
void * hmsqkeydir;
|
|
|
47f21a |
void * hmsqpiddir;
|
|
|
dbeebd |
|
|
|
dbeebd |
void * haflctl;
|
|
|
dbeebd |
void * haflpid;
|
|
|
dbeebd |
void * haflctldir;
|
|
|
dbeebd |
void * hafldevdir;
|
|
|
dbeebd |
void * haflpiddir;
|
|
|
dbeebd |
|
|
|
72ef75 |
void * hshmctlroot;
|
|
|
72ef75 |
void * hshmctldir;
|
|
|
db66aa |
void * hshmkeyroot;
|
|
|
db66aa |
void * hshmkeydir;
|
|
|
dbeebd |
|
|
|
72ef75 |
void * htmpfslroot;
|
|
|
72ef75 |
void * htmpfsldir;
|
|
|
dbeebd |
|
|
|
4686df |
void * hkey_ctrlset;
|
|
|
4686df |
void * hkey_tcpip;
|
|
|
4686df |
void * hkey_users;
|
|
|
96f6a0 |
void * hkey_root;
|
|
|
4686df |
|
|
|
dd89bb |
nt_cid cid_self;
|
|
|
dd89bb |
nt_cid cid_parent;
|
|
|
dd89bb |
nt_alt_cid alt_cid_self;
|
|
|
dd89bb |
nt_alt_cid alt_cid_parent;
|
|
|
dbeebd |
|
|
|
7ddcea |
uint32_t flags;
|
|
|
7ddcea |
uint32_t reserved;
|
|
|
dbeebd |
|
|
|
cc8356 |
int32_t umask;
|
|
|
978970 |
uint32_t amask;
|
|
|
cc8356 |
|
|
|
dd89bb |
void * hstdin;
|
|
|
dd89bb |
void * hstdout;
|
|
|
dd89bb |
void * hstderr;
|
|
|
5ea20e |
void * hctty;
|
|
|
dd89bb |
void * hjob;
|
|
|
dd89bb |
void * hsession;
|
|
|
dd89bb |
void * hdebug;
|
|
|
dd89bb |
void * hlog;
|
|
|
dd89bb |
void * hready;
|
|
|
e93c83 |
void * hsync;
|
|
|
e93c83 |
void * hswap;
|
|
|
6336c4 |
void * hserver;
|
|
|
dbeebd |
|
|
|
e3e5a2 |
nt_guid port_guid;
|
|
|
e3e5a2 |
int32_t port_type;
|
|
|
e3e5a2 |
int32_t port_subtype;
|
|
|
e3e5a2 |
uint32_t port_keys[6];
|
|
|
dbeebd |
|
|
|
dd89bb |
nt_guid srv_guid;
|
|
|
dd89bb |
int32_t srv_type;
|
|
|
dd89bb |
int32_t srv_subtype;
|
|
|
dd89bb |
uint32_t srv_keys[6];
|
|
|
dbeebd |
|
|
|
f61917 |
nt_guid tty_guid;
|
|
|
f61917 |
int32_t tty_type;
|
|
|
f61917 |
int32_t tty_subtype;
|
|
|
f61917 |
uint32_t tty_keys[6];
|
|
|
dbeebd |
|
|
|
3b2c11 |
nt_guid grp_guid;
|
|
|
3b2c11 |
int32_t grp_type;
|
|
|
3b2c11 |
int32_t grp_subtype;
|
|
|
3b2c11 |
uint32_t grp_keys[6];
|
|
|
dbeebd |
|
|
|
95cd48 |
nt_guid ppid_guid;
|
|
|
95cd48 |
int32_t ppid_type;
|
|
|
95cd48 |
int32_t ppid_subtype;
|
|
|
95cd48 |
uint32_t ppid_keys[6];
|
|
|
dbeebd |
|
|
|
edb085 |
nt_guid ipc_guid;
|
|
|
edb085 |
int32_t ipc_type;
|
|
|
edb085 |
int32_t ipc_subtype;
|
|
|
edb085 |
uint32_t ipc_keys[6];
|
|
|
dbeebd |
|
|
|
9faf9a |
nt_guid semctl_guid;
|
|
|
9faf9a |
int32_t semctl_type;
|
|
|
9faf9a |
int32_t semctl_subtype;
|
|
|
9faf9a |
uint32_t semctl_keys[6];
|
|
|
dbeebd |
|
|
|
47f21a |
nt_guid msqctl_guid;
|
|
|
47f21a |
int32_t msqctl_type;
|
|
|
47f21a |
int32_t msqctl_subtype;
|
|
|
47f21a |
uint32_t msqctl_keys[6];
|
|
|
dbeebd |
|
|
|
dbeebd |
nt_guid aflctl_guid;
|
|
|
dbeebd |
int32_t aflctl_type;
|
|
|
dbeebd |
int32_t aflctl_subtype;
|
|
|
dbeebd |
uint32_t aflctl_keys[6];
|
|
|
dbeebd |
|
|
|
dd89bb |
int32_t stdin_type;
|
|
|
dd89bb |
int32_t stdout_type;
|
|
|
dd89bb |
int32_t stderr_type;
|
|
|
dd89bb |
int32_t session_type;
|
|
|
dbeebd |
|
|
|
f048be |
uint32_t dbg_level;
|
|
|
f048be |
uint32_t log_level;
|
|
|
dbeebd |
|
|
|
dd89bb |
void * ctx_hsection;
|
|
|
dd89bb |
void * ctx_addr;
|
|
|
dd89bb |
size_t ctx_size;
|
|
|
dd89bb |
size_t ctx_commit;
|
|
|
dd89bb |
ptrdiff_t ctx_offset;
|
|
|
dd89bb |
size_t ctx_counter;
|
|
|
dd89bb |
size_t ctx_meta_size;
|
|
|
dd89bb |
size_t ctx_buffer_size;
|
|
|
dd89bb |
uint32_t ctx_options;
|
|
|
dd89bb |
uint32_t ctx_flags;
|
|
|
dbeebd |
|
|
|
dd89bb |
uint32_t meta_hash;
|
|
|
dd89bb |
uint32_t block_hash;
|
|
|
dbeebd |
|
|
|
dd89bb |
size_t stack_reserve;
|
|
|
dd89bb |
size_t stack_commit;
|
|
|
dd89bb |
size_t heap_reserve;
|
|
|
dd89bb |
size_t heap_commit;
|
|
|
dbeebd |
|
|
|
dd89bb |
int32_t envc;
|
|
|
dd89bb |
int32_t argc;
|
|
|
dd89bb |
char ** argv;
|
|
|
dd89bb |
char ** envp;
|
|
|
dbeebd |
|
|
|
dd89bb |
wchar16_t ** wargv;
|
|
|
dd89bb |
wchar16_t ** wenvp;
|
|
|
dbeebd |
|
|
|
dd89bb |
int32_t peb_envc;
|
|
|
dd89bb |
int32_t peb_argc;
|
|
|
dbeebd |
|
|
|
dd89bb |
wchar16_t ** peb_wargv;
|
|
|
dd89bb |
wchar16_t ** peb_wenvp;
|
|
|
dbeebd |
|
|
|
5ea20e |
uintptr_t ptyin [4];
|
|
|
5ea20e |
uintptr_t ptyout[4];
|
|
|
5ea20e |
uintptr_t ptyerr[4];
|
|
|
5ea20e |
uintptr_t ptyctl[4];
|
|
|
dbeebd |
|
|
|
c73c12 |
uint32_t sa_queue [2];
|
|
|
c73c12 |
uint32_t sa_block [2];
|
|
|
c73c12 |
void * sa_handler[64];
|
|
|
c73c12 |
uintptr_t sa_flags [64];
|
|
|
c73c12 |
uint32_t sa_mask [64][2];
|
|
|
dbeebd |
|
|
|
36a0cc |
uint32_t strace_sys[16];
|
|
|
36a0cc |
uint32_t strace_dbg[16];
|
|
|
36a0cc |
uint32_t strace_os [32];
|
|
|
36a0cc |
|
|
|
c75b7e |
char host_name [64];
|
|
|
c75b7e |
|
|
|
e93c83 |
int32_t opcode[NT_RUNTIME_DATA_SYNC_OPCODES];
|
|
|
dd89bb |
void * uptr [NT_RUNTIME_DATA_USER_PTRS];
|
|
|
dd89bb |
void * uclose[NT_RUNTIME_DATA_USER_PTRS];
|
|
|
dd89bb |
int32_t udat32[NT_RUNTIME_DATA_USER_INT32_SLOTS];
|
|
|
dd89bb |
int64_t udat64[NT_RUNTIME_DATA_USER_INT64_SLOTS];
|
|
|
dbeebd |
|
|
|
dd89bb |
uintptr_t buffer[];
|
|
|
dd89bb |
} nt_runtime_data, nt_rtdata;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_runtime_data_block {
|
|
|
dd89bb |
void * addr;
|
|
|
dd89bb |
size_t size;
|
|
|
dd89bb |
void * remote_addr;
|
|
|
dd89bb |
size_t remote_size;
|
|
|
dd89bb |
int32_t flags;
|
|
|
dd89bb |
} nt_runtime_data_block;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_create_process_params {
|
|
|
dd89bb |
__out void * hprocess;
|
|
|
dd89bb |
__out void * hthread;
|
|
|
dd89bb |
__out nt_client_id cid;
|
|
|
dd89bb |
__out nt_process_basic_information pbi;
|
|
|
dd89bb |
__in void * himage;
|
|
|
dd89bb |
__in wchar16_t * image_name;
|
|
|
dd89bb |
__in wchar16_t * cmd_line;
|
|
|
dd89bb |
__in wchar16_t * environment;
|
|
|
f154f6 |
__in void * hsession;
|
|
|
dd89bb |
__in nt_runtime_data_block * rtblock;
|
|
|
dd89bb |
__in uint32_t desired_access_process;
|
|
|
dd89bb |
__in uint32_t desired_access_thread;
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr_process;
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr_thread;
|
|
|
dd89bb |
__in uint32_t creation_flags_process;
|
|
|
dd89bb |
__in uint32_t creation_flags_thread;
|
|
|
dd89bb |
__in nt_process_parameters * process_params;
|
|
|
dd89bb |
__in_out nt_create_process_info * create_process_info;
|
|
|
dd89bb |
__in nt_create_process_ext_params * create_process_ext_params;
|
|
|
dd89bb |
__in_out uintptr_t * buffer;
|
|
|
dd89bb |
__in size_t buflen;
|
|
|
dd89bb |
} nt_create_process_params;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
c164ff |
typedef struct _nt_spawn_process_params {
|
|
|
c164ff |
__out void * hprocess;
|
|
|
c164ff |
__out void * hthread;
|
|
|
c95ea0 |
__out void * hdbgobj;
|
|
|
c164ff |
__out void * rdata;
|
|
|
c164ff |
__out nt_client_id cid;
|
|
|
c164ff |
__out nt_process_basic_information pbi;
|
|
|
c164ff |
__out nt_event_basic_information eready;
|
|
|
c164ff |
__in nt_runtime_data * rtctx;
|
|
|
29b2c1 |
__in wchar16_t * cwd;
|
|
|
47c06c |
__in void * hcwd;
|
|
|
29b2c1 |
__in void * hroot;
|
|
|
c164ff |
__in void * hsession;
|
|
|
c164ff |
__in void * htoken;
|
|
|
c164ff |
__in void * himage;
|
|
|
c164ff |
__in char * patharg;
|
|
|
2104cf |
__in const char * interp;
|
|
|
c164ff |
__in const char * optarg;
|
|
|
2104cf |
__in const char * script;
|
|
|
c164ff |
__in char ** argv;
|
|
|
c164ff |
__in char ** envp;
|
|
|
c164ff |
__in void * hready;
|
|
|
c164ff |
__in nt_timeout * timeout;
|
|
|
ec0b96 |
__in uint32_t processflags;
|
|
|
ec0b96 |
__in uint32_t threadflags;
|
|
|
ec0b96 |
__in uint32_t spawnflags;
|
|
|
3c39f1 |
__in uint32_t interopflags;
|
|
|
baf174 |
__in nt_process_startup_info * startupinfo;
|
|
|
c164ff |
} nt_spawn_process_params;
|
|
|
c164ff |
|
|
|
c164ff |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_create_process(
|
|
|
dd89bb |
__out void ** hprocess,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr,
|
|
|
dd89bb |
__in void * hinherit_from_process,
|
|
|
dd89bb |
__in unsigned char inherit_handles,
|
|
|
dd89bb |
__in void * hsection __optional,
|
|
|
dd89bb |
__in void * hdebug_port __optional,
|
|
|
dd89bb |
__in void * hexception_port __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* zw_create_user_process: newer OS versions only */
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_create_user_process(
|
|
|
dd89bb |
__out void ** hprocess,
|
|
|
dd89bb |
__out void ** hthread,
|
|
|
dd89bb |
__in uint32_t desired_access_process,
|
|
|
dd89bb |
__in uint32_t desired_access_thread,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr_process __optional,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr_thread __optional,
|
|
|
dd89bb |
__in uint32_t creation_flags_process,
|
|
|
dd89bb |
__in uint32_t creation_flags_thread,
|
|
|
dd89bb |
__in nt_process_parameters * process_params __optional,
|
|
|
dd89bb |
__in_out nt_create_process_info * create_process_info,
|
|
|
dd89bb |
__in nt_create_process_ext_params * create_process_ext_params);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_open_process(
|
|
|
dd89bb |
__out void ** hprocess,
|
|
|
dd89bb |
__in uint32_t desired_access,
|
|
|
dd89bb |
__in nt_object_attributes * obj_attr,
|
|
|
dd89bb |
__in nt_client_id * cid __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_terminate_process(
|
|
|
dd89bb |
__in void * hprocess __optional,
|
|
|
dd89bb |
__in int32_t status);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_information_process(
|
|
|
dd89bb |
__in void * hprocess,
|
|
|
dd89bb |
__in nt_process_info_class process_info_class,
|
|
|
dd89bb |
__out void * process_info,
|
|
|
dd89bb |
__in size_t process_info_length,
|
|
|
dd89bb |
__out uint32_t * returned_length __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_set_information_process(
|
|
|
dd89bb |
__in void * hprocess,
|
|
|
dd89bb |
__in nt_process_info_class process_info_class,
|
|
|
dd89bb |
__in void * process_info,
|
|
|
dd89bb |
__in uint32_t process_info_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_flush_instruction_cache(
|
|
|
dd89bb |
__in void * hprocess,
|
|
|
dd89bb |
__in void * base_addr __optional,
|
|
|
dd89bb |
__in size_t flush_size);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_rtl_create_process_parameters(
|
|
|
dd89bb |
__out nt_process_parameters ** process_params,
|
|
|
dd89bb |
__in nt_unicode_string * image_file,
|
|
|
dd89bb |
__in nt_unicode_string * dll_path __optional,
|
|
|
dd89bb |
__in nt_unicode_string * current_directory __optional,
|
|
|
dd89bb |
__in nt_unicode_string * command_line __optional,
|
|
|
dd89bb |
__in wchar16_t * environment __optional,
|
|
|
dd89bb |
__in nt_unicode_string * window_title __optional,
|
|
|
dd89bb |
__in nt_unicode_string * desktop_info __optional,
|
|
|
dd89bb |
__in nt_unicode_string * shell_info __optional,
|
|
|
dd89bb |
__in nt_unicode_string * runtime_info __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef void * __stdcall ntapi_rtl_normalize_process_params(
|
|
|
dd89bb |
__in nt_process_parameters * process_params);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_rtl_destroy_process_parameters(
|
|
|
dd89bb |
__in nt_process_parameters * process_params);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef nt_debug_buffer * __stdcall ntapi_rtl_create_query_debug_buffer(
|
|
|
dd89bb |
__in size_t size,
|
|
|
dd89bb |
__in int32_t event_pair);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_rtl_destroy_query_debug_buffer(
|
|
|
dd89bb |
__in nt_debug_buffer * debug_buffer);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_rtl_query_process_debug_information(
|
|
|
dd89bb |
__in uintptr_t process_id,
|
|
|
dd89bb |
__in uint32_t debug_info_class_mask,
|
|
|
dd89bb |
__in_out nt_debug_buffer * debug_buffer);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_rtl_clone_user_process(
|
|
|
dd89bb |
__in uint32_t process_flags,
|
|
|
dd89bb |
__in nt_sd * process_sec_desc __optional,
|
|
|
dd89bb |
__in nt_sd * thread_sec_desc __optional,
|
|
|
dd89bb |
__in void * hport_debug __optional,
|
|
|
dd89bb |
__out nt_user_process_info * process_info);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* extensions */
|
|
|
dd89bb |
typedef intptr_t __fastcall ntapi_tt_fork(
|
|
|
dd89bb |
__out void ** hprocess,
|
|
|
dd89bb |
__out void ** hthread);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_create_remote_process_params(
|
|
|
dd89bb |
__in void * hprocess,
|
|
|
dd89bb |
__out nt_process_parameters ** rprocess_params,
|
|
|
dd89bb |
__in nt_unicode_string * image_file,
|
|
|
dd89bb |
__in nt_unicode_string * dll_path __optional,
|
|
|
dd89bb |
__in nt_unicode_string * current_directory __optional,
|
|
|
dd89bb |
__in nt_unicode_string * command_line __optional,
|
|
|
dd89bb |
__in wchar16_t * environment __optional,
|
|
|
dd89bb |
__in nt_unicode_string * window_title __optional,
|
|
|
dd89bb |
__in nt_unicode_string * desktop_info __optional,
|
|
|
dd89bb |
__in nt_unicode_string * shell_info __optional,
|
|
|
dd89bb |
__in nt_unicode_string * runtime_data __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_create_native_process(
|
|
|
dd89bb |
__out nt_create_process_params * params);
|
|
|
dd89bb |
|
|
|
c164ff |
typedef int32_t __stdcall ntapi_tt_spawn_native_process(
|
|
|
c164ff |
__in_out nt_spawn_process_params * sparams);
|
|
|
dd89bb |
|
|
|
d326cc |
typedef int32_t __stdcall ntapi_tt_spawn_foreign_process(
|
|
|
d326cc |
__in_out nt_spawn_process_params * sparams);
|
|
|
d326cc |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_get_runtime_data(
|
|
|
dd89bb |
__out nt_runtime_data ** pdata,
|
|
|
dd89bb |
__in wchar16_t ** argv);
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_init_runtime_data(
|
|
|
dd89bb |
__in_out nt_runtime_data * rtdata);
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_update_runtime_data(
|
|
|
dd89bb |
__in_out nt_runtime_data * rtdata);
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_exec_map_image_as_data(
|
|
|
dd89bb |
__in_out nt_executable_image * image);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_exec_unmap_image(
|
|
|
dd89bb |
__in nt_executable_image * image);
|
|
|
dd89bb |
|
|
|
dd89bb |
#endif
|