#ifndef _NT_SYSINFO_H_
#define _NT_SYSINFO_H_
#include "nt_abi.h"
#include "nt_object.h"
#include "nt_memory.h"
typedef enum _nt_system_info_class {
NT_SYSTEM_INFORMATION_CLASS_MIN = 0,
NT_SYSTEM_BASIC_INFORMATION = 0,
NT_SYSTEM_PROCESSOR_INFORMATION = 1,
NT_SYSTEM_PERFORMANCE_INFORMATION = 2,
NT_SYSTEM_TIME_OF_DAY_INFORMATION = 3,
NT_SYSTEM_NOT_IMPLEMENTED1 = 4,
NT_SYSTEM_PROCESS_INFORMATION = 5,
NT_SYSTEM_PROCESS_AND_THREAD_INFORMATION = 5,
NT_SYSTEM_CALL_COUNTS = 6,
NT_SYSTEM_DEVICE_INFORMATION = 7,
NT_SYSTEM_PROCESSOR_TIMES = 8,
NT_SYSTEM_GLOBAL_FLAG = 9,
NT_SYSTEM_NOT_IMPLEMENTED2 = 10,
NT_SYSTEM_CALL_TIME_INFORMATION = 10,
NT_SYSTEM_MODULE_INFORMATION = 11,
NT_SYSTEM_LOCK_INFORMATION = 12,
NT_SYSTEM_NOT_IMPLEMENTED3 = 13,
NT_SYSTEM_NOT_IMPLEMENTED4 = 14,
NT_SYSTEM_NOT_IMPLEMENTED5 = 15,
NT_SYSTEM_HANDLE_INFORMATION = 16,
NT_SYSTEM_OBJECT_INFORMATION = 17,
NT_SYSTEM_PAGE_FILE_INFORMATION = 18,
NT_SYSTEM_INSTRUCTION_EMULATION_COUNTS = 19,
NT_SYSTEM_INVALID_INFO_CLASS1 = 20,
NT_SYSTEM_CACHE_INFORMATION = 21,
NT_SYSTEM_POOL_TAG_INFORMATION = 22,
NT_SYSTEM_PROCESSOR_STATISTICS = 23,
NT_SYSTEM_DPC_INFORMATION = 24,
NT_SYSTEM_NOT_IMPLEMENTED6 = 25,
NT_SYSTEM_LOAD_IMAGE = 26,
NT_SYSTEM_UNLOAD_IMAGE = 27,
NT_SYSTEM_TIME_ADJUSTMENT = 28,
NT_SYSTEM_NOT_IMPLEMENTED7 = 29,
NT_SYSTEM_NOT_IMPLEMENTED8 = 30,
NT_SYSTEM_NOT_IMPLEMENTED9 = 31,
NT_SYSTEM_CRASH_DUMP_INFORMATION = 32,
NT_SYSTEM_EXCEPTION_INFORMATION = 33,
NT_SYSTEM_CRASH_DUMP_STATE_INFORMATION = 34,
NT_SYSTEM_KERNEL_DEBUGGER_INFORMATION = 35,
NT_SYSTEM_CONTEXT_SWITCH_INFORMATION = 36,
NT_SYSTEM_REGISTRY_QUOTA_INFORMATION = 37,
NT_SYSTEM_LOAD_AND_CALL_IMAGE = 38,
NT_SYSTEM_PRIORITY_SEPARATION = 39,
NT_SYSTEM_NOT_IMPLEMENTED10 = 40,
NT_SYSTEM_NOT_IMPLEMENTED11 = 41,
NT_SYSTEM_INVALID_INFO_CLASS2 = 42,
NT_SYSTEM_INVALID_INFO_CLASS3 = 43,
NT_SYSTEM_CURRENT_TIME_ZONE_INFORMATION = 44,
NT_SYSTEM_TIME_ZONE_INFORMATION = 44,
NT_SYSTEM_LOOKASIDE_INFORMATION = 45,
NT_SYSTEM_SET_TIME_SLIP_EVENT = 46,
NT_SYSTEM_CREATE_SESSION = 47,
NT_SYSTEM_DELETE_SESSION = 48,
NT_SYSTEM_INVALID_INFO_CLASS4 = 49,
NT_SYSTEM_RANGE_START_INFORMATION = 50,
NT_SYSTEM_VERIFIER_INFORMATION = 51,
NT_SYSTEM_ADD_VERIFIER = 52,
NT_SYSTEM_SESSION_PROCESSES_INFORMATION = 53,
NT_SYSTEM_INFORMATION_CLASS_MAX
} nt_system_info_class;
typedef enum _nt_thread_state {
NT_THREAD_STATE_INITIALIZED = 0,
NT_THREAD_STATE_READY = 1,
NT_THREAD_STATE_RUNNING = 2,
NT_THREAD_STATE_STANDBY = 3,
NT_THREAD_STATE_TERMINATED = 4,
NT_THREAD_STATE_WAIT = 5,
NT_THREAD_STATE_TRANSITION = 6,
NT_THREAD_STATE_UNKNOWN = 7
} nt_thread_state;
typedef enum _nt_kwait_reason {
NT_KWAIT_EXECUTIVE = 0,
NT_KWAIT_FREE_PAGE = 1,
NT_KWAIT_PAGE_IN = 2,
NT_KWAIT_POOL_ALLOCATION = 3,
NT_KWAIT_DELAY_EXECUTION = 4,
NT_KWAIT_SUSPENDED = 5,
NT_KWAIT_USER_REQUEST = 6,
NT_KWAIT_WR_EXECUTIVE = 7,
NT_KWAIT_WR_FREE_PAGE = 8,
NT_KWAIT_WR_PAGE_IN = 9,
NT_KWAIT_WR_POOL_ALLOCATION = 10,
NT_KWAIT_WR_DELAY_EXECUTION = 11,
NT_KWAIT_WR_SUSPENDED = 12,
NT_KWAIT_WR_USER_REQUEST = 13,
NT_KWAIT_WR_EVENT_PAIR = 14,
NT_KWAIT_WR_QUEUE = 15,
NT_KWAIT_WR_LPC_RECEIVE = 16,
NT_KWAIT_WR_LPC_REPLY = 17,
NT_KWAIT_WR_VIRTUAL_MEMORY = 18,
NT_KWAIT_WR_PAGE_OUT = 19,
NT_KWAIT_WR_RENDEZVOUS = 20,
NT_KWAIT_SPARE2 = 21,
NT_KWAIT_SPARE3 = 22,
NT_KWAIT_SPARE4 = 23,
NT_KWAIT_SPARE5 = 24,
NT_KWAIT_WR_CALLOUT_STACK = 25,
NT_KWAIT_WR_KERNEL = 26,
NT_KWAIT_WR_RESOURCE = 27,
NT_KWAIT_WR_PUSH_LOCK = 28,
NT_KWAIT_WR_MUTEX = 29,
NT_KWAIT_WR_QUANTUM_END = 30,
NT_KWAIT_WR_DISPATCH_INT = 31,
NT_KWAIT_WR_PREEMPTED = 32,
NT_KWAIT_WR_YIELD_EXECUTION = 33,
NT_KWAIT_WR_FAST_MUTEX = 34,
NT_KWAIT_WR_GUARDED_MUTEX = 35,
NT_KWAIT_WR_RUNDOWN = 36,
NT_KWAIT_MAXIMUM_WAIT_REASON = 37
} nt_kwait_reason;
typedef enum _nt_pool_type {
NT_NON_PAGED_POOL,
NT_NON_PAGED_POOL_EXECUTE = 0x0000 + NT_NON_PAGED_POOL,
NT_PAGED_POOL,
NT_NON_PAGED_POOL_MUST_SUCCEED = 0x0002 + NT_NON_PAGED_POOL,
NT_DONT_USE_THIS_TYPE,
NT_NON_PAGED_POOL_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL,
NT_PAGED_POOL_CACHE_ALIGNED,
NT_NON_PAGED_POOL_CACHE_ALIGNED_MUST_S = 0x0006 + NT_NON_PAGED_POOL,
NT_MAX_POOL_TYPE,
NT_NON_PAGED_POOL_BASE = 0x0000,
NT_NON_PAGED_POOL_BASE_MUST_SUCCEED = 0x0002 + NT_NON_PAGED_POOL_BASE,
NT_NON_PAGED_POOL_BASE_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL_BASE,
NT_NON_PAGED_POOL_BASE_CACHE_ALIGNED_MUST_S = 0x0006 + NT_NON_PAGED_POOL_BASE,
NT_NON_PAGED_POOL_SESSION = 0x0020,
NT_PAGED_POOL_SESSION = 0x0001 + NT_NON_PAGED_POOL_SESSION,
NT_NON_PAGED_POOL_MUST_SUCCEED_SESSION = 0x0001 + NT_PAGED_POOL_SESSION,
NT_DONT_USE_THIS_TYPE_SESSION = 0x0001 + NT_NON_PAGED_POOL_MUST_SUCCEED_SESSION,
NT_NON_PAGED_POOL_CACHE_ALIGNED_SESSION = 0x0001 + NT_DONT_USE_THIS_TYPE_SESSION,
NT_PAGED_POOL_CACHE_ALIGNED_SESSION = 0x0001 + NT_NON_PAGED_POOL_CACHE_ALIGNED_SESSION,
NT_NON_PAGED_POOL_CACHE_ALIGNED_MUST_S_SESSION = 0x0001 + NT_PAGED_POOL_CACHE_ALIGNED_SESSION,
NT_NON_PAGED_POOL_NX = 0x0200,
NT_NON_PAGED_POOL_NX_CACHE_ALIGNED = 0x0004 + NT_NON_PAGED_POOL_NX,
NT_NON_PAGED_POOL_SESSION_NX = 0x0020 + NT_NON_PAGED_POOL_NX
} nt_pool_type;
typedef enum _nt_shutdown_action {
NT_SHUTDOWN_NO_REBOOT,
NT_SHUTDOWN_REBOOT,
NT_SHUTDOWN_POWER_OFF
} nt_shutdown_action;
typedef enum _nt_debug_control_code {
NT_DEBUG_GET_TRACE_INFORMATION = 1,
NT_DEBUG_SET_INTERNAL_BREAKPOINT,
NT_DEBUG_SET_SPECIAL_CALL,
NT_DEBUG_CLEAR_SPECIAL_CALLS,
NT_DEBUG_QUERY_SPECIAL_CALLS,
NT_DEBUG_DBG_BREAK_POINT,
NT_DEBUG_MAXIMUM
} nt_debug_control_code;
/* nt_system_global_flag constants */
#define NT_FLGSTOP_ON_EXCEPTION (uint32_t)0x00000001
#define NT_FLGSHOW_LDR_SNAPS (uint32_t)0x00000002
#define NT_FLGDEBUG_INITIAL_COMMAND (uint32_t)0x00000004
#define NT_FLGSTOP_ON_HUNG_GUI (uint32_t)0x00000008
#define NT_FLGHEAP_ENABLE_TAIL_CHECK (uint32_t)0x00000010
#define NT_FLGHEAP_ENABLE_FREE_CHECK (uint32_t)0x00000020
#define NT_FLGHEAP_VALIDATE_PARAMETERS (uint32_t)0x00000040
#define NT_FLGHEAP_VALIDATE_ALL (uint32_t)0x00000080
#define NT_FLGPOOL_ENABLE_TAIL_CHECK (uint32_t)0x00000100
#define NT_FLGPOOL_ENABLE_FREE_CHECK (uint32_t)0x00000200
#define NT_FLGPOOL_ENABLE_TAGGING (uint32_t)0x00000400
#define NT_FLGHEAP_ENABLE_TAGGING (uint32_t)0x00000800
#define NT_FLGUSER_STACK_TRACE_DB (uint32_t)0x00001000
#define NT_FLGKERNEL_STACK_TRACE_DB (uint32_t)0x00002000
#define NT_FLGMAINTAIN_OBJECT_TYPELIST (uint32_t)0x00004000
#define NT_FLGHEAP_ENABLE_TAG_BY_DLL (uint32_t)0x00008000
#define NT_FLGIGNORE_DEBUG_PRIV (uint32_t)0x00010000
#define NT_FLGENABLE_CSRDEBUG (uint32_t)0x00020000
#define NT_FLGENABLE_KDEBUG_SYMBOL_LOAD (uint32_t)0x00040000
#define NT_FLGDISABLE_PAGE_KERNEL_STACKS (uint32_t)0x00080000
#define NT_FLGHEAP_ENABLE_CALL_TRACING (uint32_t)0x00100000
#define NT_FLGHEAP_DISABLE_COALESCING (uint32_t)0x00200000
#define NT_FLGENABLE_CLOSE_EXCEPTIONS (uint32_t)0x00400000
#define NT_FLGENABLE_EXCEPTION_LOGGING (uint32_t)0x00800000
#define NT_FLGENABLE_DBGPRINT_BUFFERING (uint32_t)0x08000000
/* nt_system_handle_information constants */
/* FIXME: verify that these values are indeed reversed when compared with the flags returned by zw_query_object */
#define NT_HANDLE_PROTECT_FROM_CLOSE (unsigned char)0x01
#define NT_HANDLE_INHERIT (unsigned char)0x02
/* nt_system_object flag constants */
#define NT_FLG_SYSTEM_OBJECT_KERNEL_MODE (uint32_t)0x02
#define NT_FLG_SYSTEM_OBJECT_CREATOR_INFO (uint32_t)0x04
#define NT_FLG_SYSTEM_OBJECT_EXCLUSIVE (uint32_t)0x08
#define NT_FLG_SYSTEM_OBJECT_PERMANENT (uint32_t)0x10
#define NT_FLG_SYSTEM_OBJECT_DEFAULT_SECURITY_QUOTA (uint32_t)0x20
#define NT_FLG_SYSTEM_OBJECT_SINGLE_HANDLE_ENTRY (uint32_t)0x40
typedef struct _nt_system_information_buffer {
size_t count;
size_t mark;
} nt_system_information_buffer;
typedef struct _nt_system_information_snapshot {
nt_system_information_buffer * buffer;
void * pcurrent;
size_t info_len;
size_t max_len;
nt_system_info_class sys_info_class;
} nt_system_information_snapshot;
typedef struct _nt_system_basic_information {
uint32_t unknown;
uint32_t max_increment;
uint32_t physical_page_size;
uint32_t physical_page_count;
uint32_t physical_page_lowest;
uint32_t physical_page_highest;
uint32_t allocation_granularity;
uint32_t user_address_lowest;
uint32_t user_address_highest;
uint32_t active_processors;
unsigned char processor_count;
} nt_system_basic_information;
typedef struct _nt_system_processor_information {
uint16_t processor_architecture;
uint16_t processor_level;
uint16_t processor_revision;
uint16_t unknown;
uint32_t feature_bits;
} nt_system_processor_information;
typedef struct _nt_system_performance_information {
nt_large_integer idle_time;
nt_large_integer read_transfer_count;
nt_large_integer write_transfer_count;
nt_large_integer other_transfer_count;
uint32_t read_operation_count;
uint32_t write_operation_count;
uint32_t other_operation_count;
uint32_t available_pages;
uint32_t total_committed_pages;
uint32_t total_commit_limit;
uint32_t peak_commitment;
uint32_t page_faults;
uint32_t write_copy_faults;
uint32_t transition_faults;
uint32_t cache_transition_faults;
uint32_t demand_zero_faults;
uint32_t pages_read;
uint32_t page_read_ios;
uint32_t cache_reads;
uint32_t cache_ios;
uint32_t pagefile_pages_written;
uint32_t pagefile_page_write_ios;
uint32_t mapped_file_pages_written;
uint32_t mapped_file_page_write_ios;
uint32_t paged_pool_usage;
uint32_t non_paged_pool_usage;
uint32_t paged_pool_allocs;
uint32_t paged_pool_frees;
uint32_t non_paged_pool_allocs;
uint32_t non_paged_pool_frees;
uint32_t total_free_system_ptes;
uint32_t system_code_page;
uint32_t total_system_driver_pages;
uint32_t total_system_code_pages;
uint32_t small_non_paged_lookaside_list_allocate_hits;
uint32_t small_paged_lookaside_list_allocate_hits;
uint32_t reserved3;
uint32_t mm_system_cache_page;
uint32_t paged_pool_page;
uint32_t system_driver_page;
uint32_t fast_read_no_wait;
uint32_t fast_read_wait;
uint32_t fast_read_resource_miss;
uint32_t fast_read_not_possible;
uint32_t fast_mdl_read_no_wait;
uint32_t fast_mdl_read_wait;
uint32_t fast_mdl_read_resource_miss;
uint32_t fast_mdl_read_not_possible;
uint32_t map_data_no_wait;
uint32_t map_data_wait;
uint32_t map_data_no_wait_miss;
uint32_t map_data_wait_miss;
uint32_t pin_mapped_data_count;
uint32_t pin_read_no_wait;
uint32_t pin_read_wait;
uint32_t pin_read_no_wait_miss;
uint32_t pin_read_wait_miss;
uint32_t copy_read_no_wait;
uint32_t copy_read_wait;
uint32_t copy_read_no_wait_miss;
uint32_t copy_read_wait_miss;
uint32_t mdl_read_no_wait;
uint32_t mdl_read_wait;
uint32_t mdl_read_no_wait_miss;
uint32_t mdl_read_wait_miss;
uint32_t read_ahead_ios;
uint32_t lazy_write_ios;
uint32_t lazy_write_pages;
uint32_t data_flushes;
uint32_t data_pages;
uint32_t context_switches;
uint32_t first_level_tb_fills;
uint32_t second_level_tb_fills;
uint32_t system_calls;
} nt_system_performance_information;
typedef struct _nt_system_time_of_day_information {
nt_large_integer boot_time;
nt_large_integer current_time;
nt_large_integer time_zone_bias;
uint32_t current_time_zone_id;
} nt_system_time_of_day_information;
typedef struct _nt_system_threads {
nt_large_integer kernel_time;
nt_large_integer user_time;
nt_large_integer create_time;
uint32_t wait_time;
void * start_address;
nt_client_id client_id;
uint32_t priority;
uint32_t base_priority;
uint32_t context_switch_count;
nt_thread_state state;
nt_kwait_reason wait_reason;
} nt_system_threads;
typedef struct _nt_system_processes {
uint32_t next_entry_delta;
uint32_t thread_count;
uint32_t reserved_1st[6];
nt_large_integer create_time;
nt_large_integer user_time;
nt_large_integer kernel_time;
nt_unicode_string process_name;
uint32_t base_priority;
uint32_t process_id;
uint32_t inherited_from_process_id;
uint32_t handle_count;
uint32_t reserved_2nd[2];
nt_vm_counters vm_counters;
nt_io_counters io_counters;
nt_system_threads threads[];
} nt_system_processes;
typedef struct _nt_syscall_information {
uint32_t size;
uint32_t number_of_descriptor_tables;
uint32_t number_of_routines_in_table[1];
uint32_t syscall_counts[];
} nt_syscall_information;
typedef struct _nt_system_configuration_information {
uint32_t disk_count;
uint32_t floppy_count;
uint32_t cd_rom_count;
uint32_t tape_count;
uint32_t serial_count;
uint32_t parallel_count;
} nt_system_configuration_information;
typedef struct _nt_system_process_times {
nt_large_integer idle_time;
nt_large_integer kernel_time;
nt_large_integer user_time;
nt_large_integer dpc_time;
nt_large_integer interrupt_time;
uint32_t interrupt_count;
} nt_system_process_times;
typedef struct _nt_system_global_flag {
uint32_t global_flag;
} nt_system_global_flag;
typedef struct _nt_system_module_information {
uint32_t reserved_1st;
uint32_t reserved_2nd;
void * base;
uint32_t size;
uint32_t flags;
uint16_t index;
uint16_t unknown;
uint16_t load_count;
uint16_t path_length;
char image_name[256];
} nt_system_module_information_entry;
typedef struct _nt_system_lock_information {
void * address;
uint16_t type;
uint16_t reserved_1st;
uint32_t exclusive_owner_thread_id;
uint32_t active_count;
uint32_t contention_count;
uint32_t reserved_2nd;
uint32_t reserved_3rd;
uint32_t number_of_shared_waiters;
uint32_t number_of_exclusive_waiters;
} nt_system_lock_information;
typedef struct _nt_system_handle_information {
uint32_t process_id;
unsigned char object_type_number;
unsigned char flags;
uint16_t handle;
void * object;
uint32_t granted_access;
#if (__SIZEOF_POINTER__ == 8)
uint32_t granted_access_padding;
#endif
} nt_system_handle_information;
typedef struct _nt_object_type_information {
nt_unicode_string name;
uint32_t object_count;
uint32_t handle_count;
uint32_t reserved1[4];
uint32_t peak_object_count;
uint32_t peak_handle_count;
uint32_t reserved2[4];
uint32_t invalid_attributes;
nt_generic_mapping generic_mapping;
uint32_t valid_access;
unsigned char unknown;
unsigned char maintain_handle_database;
nt_pool_type pool_type;
uint32_t paged_pool_usage;
uint32_t non_paged_pool_usage;
} nt_object_type_information, nt_oti;
typedef struct _nt_system_object_type_information {
uint32_t next_entry_offset;
uint32_t object_count;
uint32_t handle_count;
uint32_t type_number;
uint32_t invalid_attributes;
nt_generic_mapping generic_mapping;
uint32_t valid_access_mask;
unsigned char pool_type;
unsigned char unknown;
nt_unicode_string name;
} nt_system_object_type_information;
typedef struct _nt_system_object_information {
uint32_t next_entry_offset;
void * object;
uint32_t creator_process_id;
uint16_t unknown;
uint16_t flags;
uint32_t pointer_count;
uint32_t handle_count;
uint32_t paged_pool_usage;
uint32_t non_paged_pool_usage;
uint32_t exclusive_process_id;
nt_security_descriptor *security_descriptor;
nt_unicode_string name;
} nt_system_object_information;
typedef struct _nt_system_pagefile_information {
uint32_t next_entry_offset;
uint32_t current_size;
uint32_t total_used;
uint32_t peak_used;
nt_unicode_string file_name;
} nt_system_pagefile_information;
typedef struct _nt_system_instruction_emulation_information {
uint32_t segment_not_present;
uint32_t two_byte_opcode;
uint32_t es_prefix;
uint32_t cs_prefix;
uint32_t ss_prefix;
uint32_t ds_prefix;
uint32_t fs_Prefix;
uint32_t gs_prefix;
uint32_t oper32_prefix;
uint32_t addr32_prefix;
uint32_t insb;
uint32_t insw;
uint32_t outsb;
uint32_t outsw;
uint32_t pushfd;
uint32_t popfd;
uint32_t int_nn;
uint32_t into;
uint32_t iretd;
uint32_t inb_imm;
uint32_t inw_imm;
uint32_t outb_imm;
uint32_t outw_imm;
uint32_t inb;
uint32_t inw;
uint32_t outb;
uint32_t outw;
uint32_t lock_prefix;
uint32_t repne_prefix;
uint32_t rep_prefix;
uint32_t hlt;
uint32_t cli;
uint32_t sti;
uint32_t generic_invalid_opcode;
} nt_system_instruction_emulation_information;
typedef struct _nt_system_pool_tag_information {
char tag[4];
uint32_t paged_pool_allocs;
uint32_t paged_pool_frees;
uint32_t paged_pool_usage;
uint32_t non_paged_pool_allocs;
uint32_t non_paged_pool_frees;
uint32_t non_paged_pool_usage;
} nt_system_pool_tag_information;
typedef struct _nt_system_processor_statistics {
uint32_t context_switches;
uint32_t dpc_count;
uint32_t dpc_request_rate;
uint32_t time_increment;
uint32_t dpc_bypass_count;
uint32_t apc_bypass_count;
} nt_system_processor_statistics;
typedef struct _nt_system_dpc_information {
uint32_t reserved;
uint32_t maximum_dpc_queue_depth;
uint32_t minimum_dpc_rate;
uint32_t adjust_dpc_threshold;
uint32_t ideal_dpc_rate;
} nt_system_dpc_information;
typedef struct _nt_system_load_image {
nt_unicode_string module_name;
void * module_base;
void * section_pointer;
void * entry_point;
void * export_directory;
} nt_system_load_image;
typedef struct _nt_system_unload_image {
void * module_base;
} nt_system_unload_image;
typedef struct _nt_system_query_time_adjustment {
uint32_t time_adjustment;
uint32_t maximum_increment;
int32_t time_synchronization;
} nt_system_query_time_adjustment;
typedef struct _nt_system_set_time_adjustment {
uint32_t time_adjustment;
int32_t time_synchronization;
} nt_system_set_time_adjustment;
typedef struct _nt_system_crash_dump_information {
void * crash_dump_section_handle;
void * unknown;
} nt_system_crash_dump_information;
typedef struct _nt_system_exception_information {
uint32_t alignment_fixup_count;
uint32_t exception_dispatch_count;
uint32_t floating_emulation_count;
uint32_t reserved;
} nt_system_exception_information;
typedef struct _nt_system_crash_dump_state_information {
uint32_t crash_dump_section_exists;
uint32_t unknown;
} nt_system_crash_dump_state_information;
typedef struct _nt_system_kernel_debugger_information {
unsigned char debugger_enabled;
unsigned char debugger_not_present;
} nt_system_kernel_debugger_information;
typedef struct _nt_system_context_switch_information {
uint32_t context_switches;
uint32_t context_switch_counters[11];
} nt_system_context_switch_information;
typedef struct _nt_system_registry_quota_information {
uint32_t registry_quota;
uint32_t registry_quota_in_use;
uint32_t paged_pool_size;
} nt_system_registry_quota_information;
typedef struct _nt_system_load_and_call_image {
nt_unicode_string module_name;
} nt_system_load_and_call_image;
typedef struct _nt_system_priority_separation {
uint32_t priority_separation;
} nt_system_priority_separation;
typedef struct _nt_system_time_zone_information {
int32_t bias;
wchar16_t standard_name[32];
nt_large_integer standard_date;
int32_t standard_bias;
wchar16_t daylight_name[32];
nt_large_integer daylight_date;
int32_t daylight_bias;
} nt_system_time_zone_information;
typedef struct _nt_system_lookaside_information {
uint16_t depth;
uint16_t maximum_depth;
uint32_t total_allocates;
uint32_t allocate_misses;
uint32_t total_frees;
uint32_t free_misses;
nt_pool_type type;
uint32_t tag;
uint32_t size;
} nt_system_lookaside_information;
typedef struct _nt_system_set_time_slip_event {
void * time_slip_event;
} nt_system_set_time_slip_event;
typedef struct _nt_system_create_session {
uint32_t session_id;
} nt_system_create_session;
typedef struct _nt_system_delete_session {
uint32_t session_id;
} nt_system_delete_session;
typedef struct _nt_system_range_start_information {
void * system_range_start;
} nt_system_range_start_information;
typedef struct _nt_system_session_processes_information {
uint32_t session_id;
uint32_t buffer_size;
void * buffer;
} nt_system_session_processes_information;
typedef struct _nt_system_pool_block {
int32_t allocated;
uint16_t unknown;
uint32_t size;
char tag[4];
} nt_system_pool_block;
typedef struct _nt_system_pool_blocks_information {
uint32_t pool_size;
void * pool_base;
uint16_t unknown;
uint32_t number_of_blocks;
nt_system_pool_block pool_blocks[];
} nt_system_pool_blocks_information;
typedef struct _nt_system_memory_usage {
void * name;
uint16_t valid;
uint16_t standby;
uint16_t modified;
uint16_t page_tables;
} nt_system_memory_usage;
typedef struct _nt_system_memory_usage_information {
uint32_t reserved;
void * end_of_data;
nt_system_memory_usage memory_usage[];
} nt_system_memory_usage_information;
typedef int32_t __stdcall ntapi_zw_query_system_information(
__in nt_system_info_class sys_info_class,
__in_out void * sys_info,
__in size_t sys_info_length,
__out size_t * returned_length __optional);
typedef int32_t __stdcall ntapi_zw_set_system_information(
__in nt_system_info_class sys_info_class,
__in_out void * sys_info,
__in uint32_t sys_info_length);
typedef int32_t __stdcall ntapi_zw_query_system_environment_value(
__in nt_unicode_string * name,
__out void * value,
__in size_t value_length,
__out size_t * returned_length __optional);
typedef int32_t __stdcall ntapi_zw_set_system_environment_value(
__in nt_unicode_string * name,
__in nt_unicode_string * value);
typedef int32_t __stdcall ntapi_zw_shutdown_system(
__in nt_shutdown_action action);
typedef int32_t __stdcall ntapi_zw_system_debug_control(
__in nt_debug_control_code control_code,
__in void * input_buffer __optional,
__in uint32_t input_buffer_length,
__out void * output_buffer __optional,
__in uint32_t output_buffer_length,
__out uint32_t * returned_length __optional);
/* extension functions */
typedef int32_t __stdcall ntapi_tt_get_system_directory_native_path(
__out nt_mem_sec_name * buffer,
__in uint32_t buffer_size,
__in wchar16_t * base_name,
__in uint32_t base_name_size,
__out nt_unicode_string * nt_path __optional);
typedef int32_t __stdcall ntapi_tt_get_system_directory_dos_path(
__in void * hsysdir __optional,
__out wchar16_t * buffer,
__in uint32_t buffer_size,
__in wchar16_t * base_name,
__in uint32_t base_name_size,
__out nt_unicode_string * nt_path __optional);
typedef int32_t __stdcall ntapi_tt_get_system_directory_handle(
__out void ** hsysdir,
__out nt_mem_sec_name * buffer __optional,
__in uint32_t buffer_size __optional);
typedef int32_t __stdcall ntapi_tt_get_system_info_snapshot(
__in_out nt_system_information_snapshot * sys_info_snapshot);
#endif