|
 |
dd89bb |
#ifndef _NT_SYSINFO_H_
|
|
|
dd89bb |
#define _NT_SYSINFO_H_
|
|
|
dd89bb |
|
|
|
414ad3 |
#include "nt_abi.h"
|
|
|
dd89bb |
#include "nt_object.h"
|
|
|
dd89bb |
#include "nt_memory.h"
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_system_info_class {
|
|
|
dd89bb |
NT_SYSTEM_INFORMATION_CLASS_MIN = 0,
|
|
|
dd89bb |
NT_SYSTEM_BASIC_INFORMATION = 0,
|
|
|
dd89bb |
NT_SYSTEM_PROCESSOR_INFORMATION = 1,
|
|
|
dd89bb |
NT_SYSTEM_PERFORMANCE_INFORMATION = 2,
|
|
|
dd89bb |
NT_SYSTEM_TIME_OF_DAY_INFORMATION = 3,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED1 = 4,
|
|
|
dd89bb |
NT_SYSTEM_PROCESS_INFORMATION = 5,
|
|
|
3d5fe9 |
NT_SYSTEM_PROCESS_AND_THREAD_INFORMATION = 5,
|
|
|
dd89bb |
NT_SYSTEM_CALL_COUNTS = 6,
|
|
|
dd89bb |
NT_SYSTEM_DEVICE_INFORMATION = 7,
|
|
|
dd89bb |
NT_SYSTEM_PROCESSOR_TIMES = 8,
|
|
|
dd89bb |
NT_SYSTEM_GLOBAL_FLAG = 9,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED2 = 10,
|
|
|
dd89bb |
NT_SYSTEM_CALL_TIME_INFORMATION = 10,
|
|
|
dd89bb |
NT_SYSTEM_MODULE_INFORMATION = 11,
|
|
|
dd89bb |
NT_SYSTEM_LOCK_INFORMATION = 12,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED3 = 13,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED4 = 14,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED5 = 15,
|
|
|
dd89bb |
NT_SYSTEM_HANDLE_INFORMATION = 16,
|
|
|
dd89bb |
NT_SYSTEM_OBJECT_INFORMATION = 17,
|
|
|
dd89bb |
NT_SYSTEM_PAGE_FILE_INFORMATION = 18,
|
|
|
dd89bb |
NT_SYSTEM_INSTRUCTION_EMULATION_COUNTS = 19,
|
|
|
dd89bb |
NT_SYSTEM_INVALID_INFO_CLASS1 = 20,
|
|
|
dd89bb |
NT_SYSTEM_CACHE_INFORMATION = 21,
|
|
|
dd89bb |
NT_SYSTEM_POOL_TAG_INFORMATION = 22,
|
|
|
dd89bb |
NT_SYSTEM_PROCESSOR_STATISTICS = 23,
|
|
|
dd89bb |
NT_SYSTEM_DPC_INFORMATION = 24,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED6 = 25,
|
|
|
dd89bb |
NT_SYSTEM_LOAD_IMAGE = 26,
|
|
|
dd89bb |
NT_SYSTEM_UNLOAD_IMAGE = 27,
|
|
|
dd89bb |
NT_SYSTEM_TIME_ADJUSTMENT = 28,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED7 = 29,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED8 = 30,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED9 = 31,
|
|
|
dd89bb |
NT_SYSTEM_CRASH_DUMP_INFORMATION = 32,
|
|
|
dd89bb |
NT_SYSTEM_EXCEPTION_INFORMATION = 33,
|
|
|
dd89bb |
NT_SYSTEM_CRASH_DUMP_STATE_INFORMATION = 34,
|
|
|
dd89bb |
NT_SYSTEM_KERNEL_DEBUGGER_INFORMATION = 35,
|
|
|
dd89bb |
NT_SYSTEM_CONTEXT_SWITCH_INFORMATION = 36,
|
|
|
dd89bb |
NT_SYSTEM_REGISTRY_QUOTA_INFORMATION = 37,
|
|
|
dd89bb |
NT_SYSTEM_LOAD_AND_CALL_IMAGE = 38,
|
|
|
dd89bb |
NT_SYSTEM_PRIORITY_SEPARATION = 39,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED10 = 40,
|
|
|
dd89bb |
NT_SYSTEM_NOT_IMPLEMENTED11 = 41,
|
|
|
dd89bb |
NT_SYSTEM_INVALID_INFO_CLASS2 = 42,
|
|
|
dd89bb |
NT_SYSTEM_INVALID_INFO_CLASS3 = 43,
|
|
|
dd89bb |
NT_SYSTEM_CURRENT_TIME_ZONE_INFORMATION = 44,
|
|
|
dd89bb |
NT_SYSTEM_TIME_ZONE_INFORMATION = 44,
|
|
|
dd89bb |
NT_SYSTEM_LOOKASIDE_INFORMATION = 45,
|
|
|
dd89bb |
NT_SYSTEM_SET_TIME_SLIP_EVENT = 46,
|
|
|
dd89bb |
NT_SYSTEM_CREATE_SESSION = 47,
|
|
|
dd89bb |
NT_SYSTEM_DELETE_SESSION = 48,
|
|
|
dd89bb |
NT_SYSTEM_INVALID_INFO_CLASS4 = 49,
|
|
|
dd89bb |
NT_SYSTEM_RANGE_START_INFORMATION = 50,
|
|
|
dd89bb |
NT_SYSTEM_VERIFIER_INFORMATION = 51,
|
|
|
dd89bb |
NT_SYSTEM_ADD_VERIFIER = 52,
|
|
|
dd89bb |
NT_SYSTEM_SESSION_PROCESSES_INFORMATION = 53,
|
|
|
dd89bb |
NT_SYSTEM_INFORMATION_CLASS_MAX
|
|
|
dd89bb |
} nt_system_info_class;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_thread_state {
|
|
|
dd89bb |
NT_THREAD_STATE_INITIALIZED = 0,
|
|
|
dd89bb |
NT_THREAD_STATE_READY = 1,
|
|
|
dd89bb |
NT_THREAD_STATE_RUNNING = 2,
|
|
|
dd89bb |
NT_THREAD_STATE_STANDBY = 3,
|
|
|
dd89bb |
NT_THREAD_STATE_TERMINATED = 4,
|
|
|
dd89bb |
NT_THREAD_STATE_WAIT = 5,
|
|
|
dd89bb |
NT_THREAD_STATE_TRANSITION = 6,
|
|
|
dd89bb |
NT_THREAD_STATE_UNKNOWN = 7
|
|
|
dd89bb |
} nt_thread_state;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_kwait_reason {
|
|
|
dd89bb |
NT_KWAIT_EXECUTIVE = 0,
|
|
|
dd89bb |
NT_KWAIT_FREE_PAGE = 1,
|
|
|
dd89bb |
NT_KWAIT_PAGE_IN = 2,
|
|
|
dd89bb |
NT_KWAIT_POOL_ALLOCATION = 3,
|
|
|
dd89bb |
NT_KWAIT_DELAY_EXECUTION = 4,
|
|
|
dd89bb |
NT_KWAIT_SUSPENDED = 5,
|
|
|
dd89bb |
NT_KWAIT_USER_REQUEST = 6,
|
|
|
dd89bb |
NT_KWAIT_WR_EXECUTIVE = 7,
|
|
|
dd89bb |
NT_KWAIT_WR_FREE_PAGE = 8,
|
|
|
dd89bb |
NT_KWAIT_WR_PAGE_IN = 9,
|
|
|
dd89bb |
NT_KWAIT_WR_POOL_ALLOCATION = 10,
|
|
|
dd89bb |
NT_KWAIT_WR_DELAY_EXECUTION = 11,
|
|
|
dd89bb |
NT_KWAIT_WR_SUSPENDED = 12,
|
|
|
dd89bb |
NT_KWAIT_WR_USER_REQUEST = 13,
|
|
|
dd89bb |
NT_KWAIT_WR_EVENT_PAIR = 14,
|
|
|
dd89bb |
NT_KWAIT_WR_QUEUE = 15,
|
|
|
dd89bb |
NT_KWAIT_WR_LPC_RECEIVE = 16,
|
|
|
dd89bb |
NT_KWAIT_WR_LPC_REPLY = 17,
|
|
|
dd89bb |
NT_KWAIT_WR_VIRTUAL_MEMORY = 18,
|
|
|
dd89bb |
NT_KWAIT_WR_PAGE_OUT = 19,
|
|
|
dd89bb |
NT_KWAIT_WR_RENDEZVOUS = 20,
|
|
|
dd89bb |
NT_KWAIT_SPARE2 = 21,
|
|
|
dd89bb |
NT_KWAIT_SPARE3 = 22,
|
|
|
dd89bb |
NT_KWAIT_SPARE4 = 23,
|
|
|
dd89bb |
NT_KWAIT_SPARE5 = 24,
|
|
|
dd89bb |
NT_KWAIT_WR_CALLOUT_STACK = 25,
|
|
|
dd89bb |
NT_KWAIT_WR_KERNEL = 26,
|
|
|
dd89bb |
NT_KWAIT_WR_RESOURCE = 27,
|
|
|
dd89bb |
NT_KWAIT_WR_PUSH_LOCK = 28,
|
|
|
dd89bb |
NT_KWAIT_WR_MUTEX = 29,
|
|
|
dd89bb |
NT_KWAIT_WR_QUANTUM_END = 30,
|
|
|
dd89bb |
NT_KWAIT_WR_DISPATCH_INT = 31,
|
|
|
dd89bb |
NT_KWAIT_WR_PREEMPTED = 32,
|
|
|
dd89bb |
NT_KWAIT_WR_YIELD_EXECUTION = 33,
|
|
|
dd89bb |
NT_KWAIT_WR_FAST_MUTEX = 34,
|
|
|
dd89bb |
NT_KWAIT_WR_GUARDED_MUTEX = 35,
|
|
|
dd89bb |
NT_KWAIT_WR_RUNDOWN = 36,
|
|
|
dd89bb |
NT_KWAIT_MAXIMUM_WAIT_REASON = 37
|
|
|
dd89bb |
} nt_kwait_reason;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_pool_type {
|
|
|
dd89bb |
NT_NON_PAGED_POOL,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_EXECUTE = 0x0000 + NT_NON_PAGED_POOL,
|
|
|
dd89bb |
NT_PAGED_POOL,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_MUST_SUCCEED = 0x0002 + NT_NON_PAGED_POOL,
|
|
|
dd89bb |
NT_DONT_USE_THIS_TYPE,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL,
|
|
|
dd89bb |
NT_PAGED_POOL_CACHE_ALIGNED,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_CACHE_ALIGNED_MUST_S = 0x0006 + NT_NON_PAGED_POOL,
|
|
|
dd89bb |
NT_MAX_POOL_TYPE,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_BASE = 0x0000,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_BASE_MUST_SUCCEED = 0x0002 + NT_NON_PAGED_POOL_BASE,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_BASE_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL_BASE,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_BASE_CACHE_ALIGNED_MUST_S = 0x0006 + NT_NON_PAGED_POOL_BASE,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_SESSION = 0x0020,
|
|
|
dd89bb |
NT_PAGED_POOL_SESSION = 0x0001 + NT_NON_PAGED_POOL_SESSION,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_MUST_SUCCEED_SESSION = 0x0001 + NT_PAGED_POOL_SESSION,
|
|
|
dd89bb |
NT_DONT_USE_THIS_TYPE_SESSION = 0x0001 + NT_NON_PAGED_POOL_MUST_SUCCEED_SESSION,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_CACHE_ALIGNED_SESSION = 0x0001 + NT_DONT_USE_THIS_TYPE_SESSION,
|
|
|
dd89bb |
NT_PAGED_POOL_CACHE_ALIGNED_SESSION = 0x0001 + NT_NON_PAGED_POOL_CACHE_ALIGNED_SESSION,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_CACHE_ALIGNED_MUST_S_SESSION = 0x0001 + NT_PAGED_POOL_CACHE_ALIGNED_SESSION,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_NX = 0x0200,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_NX_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL_NX,
|
|
|
dd89bb |
NT_NON_PAGED_POOL_SESSION_NX = 0x0020 + NT_NON_PAGED_POOL_NX
|
|
|
dd89bb |
} nt_pool_type;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_shutdown_action {
|
|
|
dd89bb |
NT_SHUTDOWN_NO_REBOOT,
|
|
|
dd89bb |
NT_SHUTDOWN_REBOOT,
|
|
|
dd89bb |
NT_SHUTDOWN_POWER_OFF
|
|
|
dd89bb |
} nt_shutdown_action;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef enum _nt_debug_control_code {
|
|
|
dd89bb |
NT_DEBUG_GET_TRACE_INFORMATION = 1,
|
|
|
dd89bb |
NT_DEBUG_SET_INTERNAL_BREAKPOINT,
|
|
|
dd89bb |
NT_DEBUG_SET_SPECIAL_CALL,
|
|
|
dd89bb |
NT_DEBUG_CLEAR_SPECIAL_CALLS,
|
|
|
dd89bb |
NT_DEBUG_QUERY_SPECIAL_CALLS,
|
|
|
dd89bb |
NT_DEBUG_DBG_BREAK_POINT,
|
|
|
dd89bb |
NT_DEBUG_MAXIMUM
|
|
|
dd89bb |
} nt_debug_control_code;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* nt_system_global_flag constants */
|
|
|
dd89bb |
#define NT_FLGSTOP_ON_EXCEPTION (uint32_t)0x00000001
|
|
|
dd89bb |
#define NT_FLGSHOW_LDR_SNAPS (uint32_t)0x00000002
|
|
|
dd89bb |
#define NT_FLGDEBUG_INITIAL_COMMAND (uint32_t)0x00000004
|
|
|
dd89bb |
#define NT_FLGSTOP_ON_HUNG_GUI (uint32_t)0x00000008
|
|
|
dd89bb |
#define NT_FLGHEAP_ENABLE_TAIL_CHECK (uint32_t)0x00000010
|
|
|
dd89bb |
#define NT_FLGHEAP_ENABLE_FREE_CHECK (uint32_t)0x00000020
|
|
|
dd89bb |
#define NT_FLGHEAP_VALIDATE_PARAMETERS (uint32_t)0x00000040
|
|
|
dd89bb |
#define NT_FLGHEAP_VALIDATE_ALL (uint32_t)0x00000080
|
|
|
dd89bb |
#define NT_FLGPOOL_ENABLE_TAIL_CHECK (uint32_t)0x00000100
|
|
|
dd89bb |
#define NT_FLGPOOL_ENABLE_FREE_CHECK (uint32_t)0x00000200
|
|
|
dd89bb |
#define NT_FLGPOOL_ENABLE_TAGGING (uint32_t)0x00000400
|
|
|
dd89bb |
#define NT_FLGHEAP_ENABLE_TAGGING (uint32_t)0x00000800
|
|
|
dd89bb |
#define NT_FLGUSER_STACK_TRACE_DB (uint32_t)0x00001000
|
|
|
dd89bb |
#define NT_FLGKERNEL_STACK_TRACE_DB (uint32_t)0x00002000
|
|
|
dd89bb |
#define NT_FLGMAINTAIN_OBJECT_TYPELIST (uint32_t)0x00004000
|
|
|
dd89bb |
#define NT_FLGHEAP_ENABLE_TAG_BY_DLL (uint32_t)0x00008000
|
|
|
dd89bb |
#define NT_FLGIGNORE_DEBUG_PRIV (uint32_t)0x00010000
|
|
|
dd89bb |
#define NT_FLGENABLE_CSRDEBUG (uint32_t)0x00020000
|
|
|
dd89bb |
#define NT_FLGENABLE_KDEBUG_SYMBOL_LOAD (uint32_t)0x00040000
|
|
|
dd89bb |
#define NT_FLGDISABLE_PAGE_KERNEL_STACKS (uint32_t)0x00080000
|
|
|
dd89bb |
#define NT_FLGHEAP_ENABLE_CALL_TRACING (uint32_t)0x00100000
|
|
|
dd89bb |
#define NT_FLGHEAP_DISABLE_COALESCING (uint32_t)0x00200000
|
|
|
dd89bb |
#define NT_FLGENABLE_CLOSE_EXCEPTIONS (uint32_t)0x00400000
|
|
|
dd89bb |
#define NT_FLGENABLE_EXCEPTION_LOGGING (uint32_t)0x00800000
|
|
|
dd89bb |
#define NT_FLGENABLE_DBGPRINT_BUFFERING (uint32_t)0x08000000
|
|
|
dd89bb |
|
|
|
dd89bb |
/* nt_system_handle_information constants */
|
|
|
dd89bb |
/* FIXME: verify that these values are indeed reversed when compared with the flags returned by zw_query_object */
|
|
|
dd89bb |
#define NT_HANDLE_PROTECT_FROM_CLOSE (unsigned char)0x01
|
|
|
dd89bb |
#define NT_HANDLE_INHERIT (unsigned char)0x02
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
/* nt_system_object flag constants */
|
|
|
dd89bb |
#define NT_FLG_SYSTEM_OBJECT_KERNEL_MODE (uint32_t)0x02
|
|
|
dd89bb |
#define NT_FLG_SYSTEM_OBJECT_CREATOR_INFO (uint32_t)0x04
|
|
|
dd89bb |
#define NT_FLG_SYSTEM_OBJECT_EXCLUSIVE (uint32_t)0x08
|
|
|
dd89bb |
#define NT_FLG_SYSTEM_OBJECT_PERMANENT (uint32_t)0x10
|
|
|
dd89bb |
#define NT_FLG_SYSTEM_OBJECT_DEFAULT_SECURITY_QUOTA (uint32_t)0x20
|
|
|
dd89bb |
#define NT_FLG_SYSTEM_OBJECT_SINGLE_HANDLE_ENTRY (uint32_t)0x40
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_information_snapshot {
|
|
|
3b05e8 |
void * buffer;
|
|
|
dd89bb |
void * pcurrent;
|
|
|
dd89bb |
size_t info_len;
|
|
|
dd89bb |
size_t max_len;
|
|
|
dd89bb |
nt_system_info_class sys_info_class;
|
|
|
dd89bb |
} nt_system_information_snapshot;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_basic_information {
|
|
|
dd89bb |
uint32_t unknown;
|
|
|
dd89bb |
uint32_t max_increment;
|
|
|
dd89bb |
uint32_t physical_page_size;
|
|
|
dd89bb |
uint32_t physical_page_count;
|
|
|
dd89bb |
uint32_t physical_page_lowest;
|
|
|
dd89bb |
uint32_t physical_page_highest;
|
|
|
dd89bb |
uint32_t allocation_granularity;
|
|
|
dd89bb |
uint32_t user_address_lowest;
|
|
|
dd89bb |
uint32_t user_address_highest;
|
|
|
dd89bb |
uint32_t active_processors;
|
|
|
dd89bb |
unsigned char processor_count;
|
|
|
dd89bb |
} nt_system_basic_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_processor_information {
|
|
|
dd89bb |
uint16_t processor_architecture;
|
|
|
dd89bb |
uint16_t processor_level;
|
|
|
dd89bb |
uint16_t processor_revision;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
uint32_t feature_bits;
|
|
|
dd89bb |
} nt_system_processor_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_performance_information {
|
|
|
dd89bb |
nt_large_integer idle_time;
|
|
|
dd89bb |
nt_large_integer read_transfer_count;
|
|
|
dd89bb |
nt_large_integer write_transfer_count;
|
|
|
dd89bb |
nt_large_integer other_transfer_count;
|
|
|
dd89bb |
uint32_t read_operation_count;
|
|
|
dd89bb |
uint32_t write_operation_count;
|
|
|
dd89bb |
uint32_t other_operation_count;
|
|
|
dd89bb |
uint32_t available_pages;
|
|
|
dd89bb |
uint32_t total_committed_pages;
|
|
|
dd89bb |
uint32_t total_commit_limit;
|
|
|
dd89bb |
uint32_t peak_commitment;
|
|
|
dd89bb |
uint32_t page_faults;
|
|
|
dd89bb |
uint32_t write_copy_faults;
|
|
|
dd89bb |
uint32_t transition_faults;
|
|
|
dd89bb |
uint32_t cache_transition_faults;
|
|
|
dd89bb |
uint32_t demand_zero_faults;
|
|
|
dd89bb |
uint32_t pages_read;
|
|
|
dd89bb |
uint32_t page_read_ios;
|
|
|
dd89bb |
uint32_t cache_reads;
|
|
|
dd89bb |
uint32_t cache_ios;
|
|
|
dd89bb |
uint32_t pagefile_pages_written;
|
|
|
dd89bb |
uint32_t pagefile_page_write_ios;
|
|
|
dd89bb |
uint32_t mapped_file_pages_written;
|
|
|
dd89bb |
uint32_t mapped_file_page_write_ios;
|
|
|
dd89bb |
uint32_t paged_pool_usage;
|
|
|
dd89bb |
uint32_t non_paged_pool_usage;
|
|
|
dd89bb |
uint32_t paged_pool_allocs;
|
|
|
dd89bb |
uint32_t paged_pool_frees;
|
|
|
dd89bb |
uint32_t non_paged_pool_allocs;
|
|
|
dd89bb |
uint32_t non_paged_pool_frees;
|
|
|
dd89bb |
uint32_t total_free_system_ptes;
|
|
|
dd89bb |
uint32_t system_code_page;
|
|
|
dd89bb |
uint32_t total_system_driver_pages;
|
|
|
dd89bb |
uint32_t total_system_code_pages;
|
|
|
dd89bb |
uint32_t small_non_paged_lookaside_list_allocate_hits;
|
|
|
dd89bb |
uint32_t small_paged_lookaside_list_allocate_hits;
|
|
|
dd89bb |
uint32_t reserved3;
|
|
|
dd89bb |
uint32_t mm_system_cache_page;
|
|
|
dd89bb |
uint32_t paged_pool_page;
|
|
|
dd89bb |
uint32_t system_driver_page;
|
|
|
dd89bb |
uint32_t fast_read_no_wait;
|
|
|
dd89bb |
uint32_t fast_read_wait;
|
|
|
dd89bb |
uint32_t fast_read_resource_miss;
|
|
|
dd89bb |
uint32_t fast_read_not_possible;
|
|
|
dd89bb |
uint32_t fast_mdl_read_no_wait;
|
|
|
dd89bb |
uint32_t fast_mdl_read_wait;
|
|
|
dd89bb |
uint32_t fast_mdl_read_resource_miss;
|
|
|
dd89bb |
uint32_t fast_mdl_read_not_possible;
|
|
|
dd89bb |
uint32_t map_data_no_wait;
|
|
|
dd89bb |
uint32_t map_data_wait;
|
|
|
dd89bb |
uint32_t map_data_no_wait_miss;
|
|
|
dd89bb |
uint32_t map_data_wait_miss;
|
|
|
dd89bb |
uint32_t pin_mapped_data_count;
|
|
|
dd89bb |
uint32_t pin_read_no_wait;
|
|
|
dd89bb |
uint32_t pin_read_wait;
|
|
|
dd89bb |
uint32_t pin_read_no_wait_miss;
|
|
|
dd89bb |
uint32_t pin_read_wait_miss;
|
|
|
dd89bb |
uint32_t copy_read_no_wait;
|
|
|
dd89bb |
uint32_t copy_read_wait;
|
|
|
dd89bb |
uint32_t copy_read_no_wait_miss;
|
|
|
dd89bb |
uint32_t copy_read_wait_miss;
|
|
|
dd89bb |
uint32_t mdl_read_no_wait;
|
|
|
dd89bb |
uint32_t mdl_read_wait;
|
|
|
dd89bb |
uint32_t mdl_read_no_wait_miss;
|
|
|
dd89bb |
uint32_t mdl_read_wait_miss;
|
|
|
dd89bb |
uint32_t read_ahead_ios;
|
|
|
dd89bb |
uint32_t lazy_write_ios;
|
|
|
dd89bb |
uint32_t lazy_write_pages;
|
|
|
dd89bb |
uint32_t data_flushes;
|
|
|
dd89bb |
uint32_t data_pages;
|
|
|
dd89bb |
uint32_t context_switches;
|
|
|
dd89bb |
uint32_t first_level_tb_fills;
|
|
|
dd89bb |
uint32_t second_level_tb_fills;
|
|
|
dd89bb |
uint32_t system_calls;
|
|
|
dd89bb |
} nt_system_performance_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_time_of_day_information {
|
|
|
dd89bb |
nt_large_integer boot_time;
|
|
|
dd89bb |
nt_large_integer current_time;
|
|
|
dd89bb |
nt_large_integer time_zone_bias;
|
|
|
dd89bb |
uint32_t current_time_zone_id;
|
|
|
dd89bb |
} nt_system_time_of_day_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_threads {
|
|
|
dd89bb |
nt_large_integer kernel_time;
|
|
|
dd89bb |
nt_large_integer user_time;
|
|
|
dd89bb |
nt_large_integer create_time;
|
|
|
dd89bb |
uint32_t wait_time;
|
|
|
dd89bb |
void * start_address;
|
|
|
dd89bb |
nt_client_id client_id;
|
|
|
dd89bb |
uint32_t priority;
|
|
|
dd89bb |
uint32_t base_priority;
|
|
|
dd89bb |
uint32_t context_switch_count;
|
|
|
dd89bb |
nt_thread_state state;
|
|
|
dd89bb |
nt_kwait_reason wait_reason;
|
|
|
dd89bb |
} nt_system_threads;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_processes {
|
|
|
dd89bb |
uint32_t next_entry_delta;
|
|
|
dd89bb |
uint32_t thread_count;
|
|
|
065693 |
uintptr_t reserved_1st[6];
|
|
|
065693 |
|
|
|
dd89bb |
nt_unicode_string process_name;
|
|
|
dd89bb |
uint32_t base_priority;
|
|
|
065693 |
|
|
|
065693 |
uintptr_t process_id;
|
|
|
065693 |
uintptr_t inherited_from_process_id;
|
|
|
065693 |
|
|
|
dd89bb |
uint32_t handle_count;
|
|
|
065693 |
uint32_t session_id;
|
|
|
065693 |
|
|
|
065693 |
void * reserved_2nd;
|
|
|
065693 |
size_t peak_virtual_size;
|
|
|
065693 |
size_t virtual_size;
|
|
|
065693 |
|
|
|
065693 |
|
|
|
065693 |
void * reserved_3rd;
|
|
|
065693 |
size_t peak_working_set_size;
|
|
|
065693 |
size_t working_set_size;
|
|
|
065693 |
|
|
|
065693 |
void * reserved_4th;
|
|
|
065693 |
size_t quota_paged_pool_usage;
|
|
|
065693 |
|
|
|
065693 |
void * reserved_5th;
|
|
|
065693 |
size_t quota_non_paged_pool_usage;
|
|
|
065693 |
|
|
|
065693 |
size_t pagefile_usage;
|
|
|
065693 |
size_t peak_pagefile_usage;
|
|
|
065693 |
size_t private_page_count;
|
|
|
065693 |
|
|
|
065693 |
nt_large_integer create_time;
|
|
|
065693 |
nt_large_integer user_time;
|
|
|
065693 |
nt_large_integer kernel_time;
|
|
|
065693 |
|
|
|
065693 |
nt_large_integer reserved_7th;
|
|
|
065693 |
nt_large_integer reserved_8th;
|
|
|
065693 |
nt_large_integer reserved_9th;
|
|
|
065693 |
|
|
|
dd89bb |
nt_system_threads threads[];
|
|
|
dd89bb |
} nt_system_processes;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_syscall_information {
|
|
|
dd89bb |
uint32_t size;
|
|
|
dd89bb |
uint32_t number_of_descriptor_tables;
|
|
|
dd89bb |
uint32_t number_of_routines_in_table[1];
|
|
|
dd89bb |
uint32_t syscall_counts[];
|
|
|
dd89bb |
} nt_syscall_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_configuration_information {
|
|
|
dd89bb |
uint32_t disk_count;
|
|
|
dd89bb |
uint32_t floppy_count;
|
|
|
dd89bb |
uint32_t cd_rom_count;
|
|
|
dd89bb |
uint32_t tape_count;
|
|
|
dd89bb |
uint32_t serial_count;
|
|
|
dd89bb |
uint32_t parallel_count;
|
|
|
dd89bb |
} nt_system_configuration_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_process_times {
|
|
|
dd89bb |
nt_large_integer idle_time;
|
|
|
dd89bb |
nt_large_integer kernel_time;
|
|
|
dd89bb |
nt_large_integer user_time;
|
|
|
dd89bb |
nt_large_integer dpc_time;
|
|
|
dd89bb |
nt_large_integer interrupt_time;
|
|
|
dd89bb |
uint32_t interrupt_count;
|
|
|
dd89bb |
} nt_system_process_times;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_global_flag {
|
|
|
dd89bb |
uint32_t global_flag;
|
|
|
dd89bb |
} nt_system_global_flag;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_module_information {
|
|
|
dd89bb |
uint32_t reserved_1st;
|
|
|
dd89bb |
uint32_t reserved_2nd;
|
|
|
dd89bb |
void * base;
|
|
|
dd89bb |
uint32_t size;
|
|
|
dd89bb |
uint32_t flags;
|
|
|
dd89bb |
uint16_t index;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
uint16_t load_count;
|
|
|
dd89bb |
uint16_t path_length;
|
|
|
dd89bb |
char image_name[256];
|
|
|
dd89bb |
} nt_system_module_information_entry;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_lock_information {
|
|
|
dd89bb |
void * address;
|
|
|
dd89bb |
uint16_t type;
|
|
|
dd89bb |
uint16_t reserved_1st;
|
|
|
dd89bb |
uint32_t exclusive_owner_thread_id;
|
|
|
dd89bb |
uint32_t active_count;
|
|
|
dd89bb |
uint32_t contention_count;
|
|
|
dd89bb |
uint32_t reserved_2nd;
|
|
|
dd89bb |
uint32_t reserved_3rd;
|
|
|
dd89bb |
uint32_t number_of_shared_waiters;
|
|
|
dd89bb |
uint32_t number_of_exclusive_waiters;
|
|
|
dd89bb |
} nt_system_lock_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_handle_information {
|
|
|
dd89bb |
uint32_t process_id;
|
|
|
dd89bb |
unsigned char object_type_number;
|
|
|
dd89bb |
unsigned char flags;
|
|
|
dd89bb |
uint16_t handle;
|
|
|
dd89bb |
void * object;
|
|
|
dd89bb |
uint32_t granted_access;
|
|
|
7f8d50 |
#if (__SIZEOF_POINTER__ == 8)
|
|
|
dd89bb |
uint32_t granted_access_padding;
|
|
|
dd89bb |
#endif
|
|
|
dd89bb |
} nt_system_handle_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_object_type_information {
|
|
|
dd89bb |
nt_unicode_string name;
|
|
|
dd89bb |
uint32_t object_count;
|
|
|
dd89bb |
uint32_t handle_count;
|
|
|
dd89bb |
uint32_t reserved1[4];
|
|
|
dd89bb |
uint32_t peak_object_count;
|
|
|
dd89bb |
uint32_t peak_handle_count;
|
|
|
dd89bb |
uint32_t reserved2[4];
|
|
|
dd89bb |
uint32_t invalid_attributes;
|
|
|
dd89bb |
nt_generic_mapping generic_mapping;
|
|
|
dd89bb |
uint32_t valid_access;
|
|
|
dd89bb |
unsigned char unknown;
|
|
|
dd89bb |
unsigned char maintain_handle_database;
|
|
|
dd89bb |
nt_pool_type pool_type;
|
|
|
dd89bb |
uint32_t paged_pool_usage;
|
|
|
dd89bb |
uint32_t non_paged_pool_usage;
|
|
|
dd89bb |
} nt_object_type_information, nt_oti;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_object_type_information {
|
|
|
dd89bb |
uint32_t next_entry_offset;
|
|
|
dd89bb |
uint32_t object_count;
|
|
|
dd89bb |
uint32_t handle_count;
|
|
|
dd89bb |
uint32_t type_number;
|
|
|
dd89bb |
uint32_t invalid_attributes;
|
|
|
dd89bb |
nt_generic_mapping generic_mapping;
|
|
|
dd89bb |
uint32_t valid_access_mask;
|
|
|
dd89bb |
unsigned char pool_type;
|
|
|
dd89bb |
unsigned char unknown;
|
|
|
dd89bb |
nt_unicode_string name;
|
|
|
dd89bb |
} nt_system_object_type_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_object_information {
|
|
|
dd89bb |
uint32_t next_entry_offset;
|
|
|
dd89bb |
void * object;
|
|
|
dd89bb |
uint32_t creator_process_id;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
uint16_t flags;
|
|
|
dd89bb |
uint32_t pointer_count;
|
|
|
dd89bb |
uint32_t handle_count;
|
|
|
dd89bb |
uint32_t paged_pool_usage;
|
|
|
dd89bb |
uint32_t non_paged_pool_usage;
|
|
|
dd89bb |
uint32_t exclusive_process_id;
|
|
|
dd89bb |
nt_security_descriptor *security_descriptor;
|
|
|
dd89bb |
nt_unicode_string name;
|
|
|
dd89bb |
} nt_system_object_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_pagefile_information {
|
|
|
dd89bb |
uint32_t next_entry_offset;
|
|
|
dd89bb |
uint32_t current_size;
|
|
|
dd89bb |
uint32_t total_used;
|
|
|
dd89bb |
uint32_t peak_used;
|
|
|
dd89bb |
nt_unicode_string file_name;
|
|
|
dd89bb |
} nt_system_pagefile_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_instruction_emulation_information {
|
|
|
dd89bb |
uint32_t segment_not_present;
|
|
|
dd89bb |
uint32_t two_byte_opcode;
|
|
|
dd89bb |
uint32_t es_prefix;
|
|
|
dd89bb |
uint32_t cs_prefix;
|
|
|
dd89bb |
uint32_t ss_prefix;
|
|
|
dd89bb |
uint32_t ds_prefix;
|
|
|
dd89bb |
uint32_t fs_Prefix;
|
|
|
dd89bb |
uint32_t gs_prefix;
|
|
|
dd89bb |
uint32_t oper32_prefix;
|
|
|
dd89bb |
uint32_t addr32_prefix;
|
|
|
dd89bb |
uint32_t insb;
|
|
|
dd89bb |
uint32_t insw;
|
|
|
dd89bb |
uint32_t outsb;
|
|
|
dd89bb |
uint32_t outsw;
|
|
|
dd89bb |
uint32_t pushfd;
|
|
|
dd89bb |
uint32_t popfd;
|
|
|
dd89bb |
uint32_t int_nn;
|
|
|
dd89bb |
uint32_t into;
|
|
|
dd89bb |
uint32_t iretd;
|
|
|
dd89bb |
uint32_t inb_imm;
|
|
|
dd89bb |
uint32_t inw_imm;
|
|
|
dd89bb |
uint32_t outb_imm;
|
|
|
dd89bb |
uint32_t outw_imm;
|
|
|
dd89bb |
uint32_t inb;
|
|
|
dd89bb |
uint32_t inw;
|
|
|
dd89bb |
uint32_t outb;
|
|
|
dd89bb |
uint32_t outw;
|
|
|
dd89bb |
uint32_t lock_prefix;
|
|
|
dd89bb |
uint32_t repne_prefix;
|
|
|
dd89bb |
uint32_t rep_prefix;
|
|
|
dd89bb |
uint32_t hlt;
|
|
|
dd89bb |
uint32_t cli;
|
|
|
dd89bb |
uint32_t sti;
|
|
|
dd89bb |
uint32_t generic_invalid_opcode;
|
|
|
dd89bb |
} nt_system_instruction_emulation_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_pool_tag_information {
|
|
|
dd89bb |
char tag[4];
|
|
|
dd89bb |
uint32_t paged_pool_allocs;
|
|
|
dd89bb |
uint32_t paged_pool_frees;
|
|
|
dd89bb |
uint32_t paged_pool_usage;
|
|
|
dd89bb |
uint32_t non_paged_pool_allocs;
|
|
|
dd89bb |
uint32_t non_paged_pool_frees;
|
|
|
dd89bb |
uint32_t non_paged_pool_usage;
|
|
|
dd89bb |
} nt_system_pool_tag_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_processor_statistics {
|
|
|
dd89bb |
uint32_t context_switches;
|
|
|
dd89bb |
uint32_t dpc_count;
|
|
|
dd89bb |
uint32_t dpc_request_rate;
|
|
|
dd89bb |
uint32_t time_increment;
|
|
|
dd89bb |
uint32_t dpc_bypass_count;
|
|
|
dd89bb |
uint32_t apc_bypass_count;
|
|
|
dd89bb |
} nt_system_processor_statistics;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_dpc_information {
|
|
|
dd89bb |
uint32_t reserved;
|
|
|
dd89bb |
uint32_t maximum_dpc_queue_depth;
|
|
|
dd89bb |
uint32_t minimum_dpc_rate;
|
|
|
dd89bb |
uint32_t adjust_dpc_threshold;
|
|
|
dd89bb |
uint32_t ideal_dpc_rate;
|
|
|
dd89bb |
} nt_system_dpc_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_load_image {
|
|
|
dd89bb |
nt_unicode_string module_name;
|
|
|
dd89bb |
void * module_base;
|
|
|
dd89bb |
void * section_pointer;
|
|
|
dd89bb |
void * entry_point;
|
|
|
dd89bb |
void * export_directory;
|
|
|
dd89bb |
} nt_system_load_image;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_unload_image {
|
|
|
dd89bb |
void * module_base;
|
|
|
dd89bb |
} nt_system_unload_image;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_query_time_adjustment {
|
|
|
dd89bb |
uint32_t time_adjustment;
|
|
|
dd89bb |
uint32_t maximum_increment;
|
|
|
dd89bb |
int32_t time_synchronization;
|
|
|
dd89bb |
} nt_system_query_time_adjustment;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_set_time_adjustment {
|
|
|
dd89bb |
uint32_t time_adjustment;
|
|
|
dd89bb |
int32_t time_synchronization;
|
|
|
dd89bb |
} nt_system_set_time_adjustment;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_crash_dump_information {
|
|
|
dd89bb |
void * crash_dump_section_handle;
|
|
|
dd89bb |
void * unknown;
|
|
|
dd89bb |
} nt_system_crash_dump_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_exception_information {
|
|
|
dd89bb |
uint32_t alignment_fixup_count;
|
|
|
dd89bb |
uint32_t exception_dispatch_count;
|
|
|
dd89bb |
uint32_t floating_emulation_count;
|
|
|
dd89bb |
uint32_t reserved;
|
|
|
dd89bb |
} nt_system_exception_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_crash_dump_state_information {
|
|
|
dd89bb |
uint32_t crash_dump_section_exists;
|
|
|
dd89bb |
uint32_t unknown;
|
|
|
dd89bb |
} nt_system_crash_dump_state_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_kernel_debugger_information {
|
|
|
dd89bb |
unsigned char debugger_enabled;
|
|
|
dd89bb |
unsigned char debugger_not_present;
|
|
|
dd89bb |
} nt_system_kernel_debugger_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_context_switch_information {
|
|
|
dd89bb |
uint32_t context_switches;
|
|
|
dd89bb |
uint32_t context_switch_counters[11];
|
|
|
dd89bb |
} nt_system_context_switch_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_registry_quota_information {
|
|
|
dd89bb |
uint32_t registry_quota;
|
|
|
dd89bb |
uint32_t registry_quota_in_use;
|
|
|
dd89bb |
uint32_t paged_pool_size;
|
|
|
dd89bb |
} nt_system_registry_quota_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_load_and_call_image {
|
|
|
dd89bb |
nt_unicode_string module_name;
|
|
|
dd89bb |
} nt_system_load_and_call_image;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_priority_separation {
|
|
|
dd89bb |
uint32_t priority_separation;
|
|
|
dd89bb |
} nt_system_priority_separation;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_time_zone_information {
|
|
|
dd89bb |
int32_t bias;
|
|
|
dd89bb |
wchar16_t standard_name[32];
|
|
|
dd89bb |
nt_large_integer standard_date;
|
|
|
dd89bb |
int32_t standard_bias;
|
|
|
dd89bb |
wchar16_t daylight_name[32];
|
|
|
dd89bb |
nt_large_integer daylight_date;
|
|
|
dd89bb |
int32_t daylight_bias;
|
|
|
dd89bb |
} nt_system_time_zone_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_lookaside_information {
|
|
|
dd89bb |
uint16_t depth;
|
|
|
dd89bb |
uint16_t maximum_depth;
|
|
|
dd89bb |
uint32_t total_allocates;
|
|
|
dd89bb |
uint32_t allocate_misses;
|
|
|
dd89bb |
uint32_t total_frees;
|
|
|
dd89bb |
uint32_t free_misses;
|
|
|
dd89bb |
nt_pool_type type;
|
|
|
dd89bb |
uint32_t tag;
|
|
|
dd89bb |
uint32_t size;
|
|
|
dd89bb |
} nt_system_lookaside_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_set_time_slip_event {
|
|
|
dd89bb |
void * time_slip_event;
|
|
|
dd89bb |
} nt_system_set_time_slip_event;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_create_session {
|
|
|
dd89bb |
uint32_t session_id;
|
|
|
dd89bb |
} nt_system_create_session;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_delete_session {
|
|
|
dd89bb |
uint32_t session_id;
|
|
|
dd89bb |
} nt_system_delete_session;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_range_start_information {
|
|
|
dd89bb |
void * system_range_start;
|
|
|
dd89bb |
} nt_system_range_start_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_session_processes_information {
|
|
|
dd89bb |
uint32_t session_id;
|
|
|
dd89bb |
uint32_t buffer_size;
|
|
|
dd89bb |
void * buffer;
|
|
|
dd89bb |
} nt_system_session_processes_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_pool_block {
|
|
|
dd89bb |
int32_t allocated;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
uint32_t size;
|
|
|
dd89bb |
char tag[4];
|
|
|
dd89bb |
} nt_system_pool_block;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_pool_blocks_information {
|
|
|
dd89bb |
uint32_t pool_size;
|
|
|
dd89bb |
void * pool_base;
|
|
|
dd89bb |
uint16_t unknown;
|
|
|
dd89bb |
uint32_t number_of_blocks;
|
|
|
dd89bb |
nt_system_pool_block pool_blocks[];
|
|
|
dd89bb |
} nt_system_pool_blocks_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_memory_usage {
|
|
|
dd89bb |
void * name;
|
|
|
dd89bb |
uint16_t valid;
|
|
|
dd89bb |
uint16_t standby;
|
|
|
dd89bb |
uint16_t modified;
|
|
|
dd89bb |
uint16_t page_tables;
|
|
|
dd89bb |
} nt_system_memory_usage;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef struct _nt_system_memory_usage_information {
|
|
|
dd89bb |
uint32_t reserved;
|
|
|
dd89bb |
void * end_of_data;
|
|
|
dd89bb |
nt_system_memory_usage memory_usage[];
|
|
|
dd89bb |
} nt_system_memory_usage_information;
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_system_information(
|
|
|
dd89bb |
__in nt_system_info_class sys_info_class,
|
|
|
dd89bb |
__in_out void * sys_info,
|
|
|
dd89bb |
__in size_t sys_info_length,
|
|
|
dd89bb |
__out size_t * returned_length __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_set_system_information(
|
|
|
dd89bb |
__in nt_system_info_class sys_info_class,
|
|
|
dd89bb |
__in_out void * sys_info,
|
|
|
dd89bb |
__in uint32_t sys_info_length);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_query_system_environment_value(
|
|
|
dd89bb |
__in nt_unicode_string * name,
|
|
|
dd89bb |
__out void * value,
|
|
|
dd89bb |
__in size_t value_length,
|
|
|
dd89bb |
__out size_t * returned_length __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_set_system_environment_value(
|
|
|
dd89bb |
__in nt_unicode_string * name,
|
|
|
dd89bb |
__in nt_unicode_string * value);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_shutdown_system(
|
|
|
dd89bb |
__in nt_shutdown_action action);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_zw_system_debug_control(
|
|
|
dd89bb |
__in nt_debug_control_code control_code,
|
|
|
dd89bb |
__in void * input_buffer __optional,
|
|
|
dd89bb |
__in uint32_t input_buffer_length,
|
|
|
dd89bb |
__out void * output_buffer __optional,
|
|
|
dd89bb |
__in uint32_t output_buffer_length,
|
|
|
dd89bb |
__out uint32_t * returned_length __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
/* extension functions */
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_get_system_directory_native_path(
|
|
|
dd89bb |
__out nt_mem_sec_name * buffer,
|
|
|
dd89bb |
__in uint32_t buffer_size,
|
|
|
dd89bb |
__in wchar16_t * base_name,
|
|
|
dd89bb |
__in uint32_t base_name_size,
|
|
|
dd89bb |
__out nt_unicode_string * nt_path __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_get_system_directory_dos_path(
|
|
|
dd89bb |
__in void * hsysdir __optional,
|
|
|
dd89bb |
__out wchar16_t * buffer,
|
|
|
dd89bb |
__in uint32_t buffer_size,
|
|
|
dd89bb |
__in wchar16_t * base_name,
|
|
|
dd89bb |
__in uint32_t base_name_size,
|
|
|
dd89bb |
__out nt_unicode_string * nt_path __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_get_system_directory_handle(
|
|
|
dd89bb |
__out void ** hsysdir,
|
|
|
dd89bb |
__out nt_mem_sec_name * buffer __optional,
|
|
|
dd89bb |
__in uint32_t buffer_size __optional);
|
|
|
dd89bb |
|
|
|
dd89bb |
|
|
|
dd89bb |
typedef int32_t __stdcall ntapi_tt_get_system_info_snapshot(
|
|
|
dd89bb |
__in_out nt_system_information_snapshot * sys_info_snapshot);
|
|
|
dd89bb |
|
|
|
dd89bb |
#endif
|