#ifndef _NT_OBJECT_H_
#define _NT_OBJECT_H_
#include "nt_abi.h"
typedef enum _nt_object_info_class {
NT_OBJECT_BASIC_INFORMATION = 0,
NT_OBJECT_NAME_INFORMATION = 1,
NT_OBJECT_TYPE_INFORMATION = 2,
NT_OBJECT_ALL_TYPES_INFORMATION = 3,
NT_OBJECT_HANDLE_INFORMATION = 4
} nt_object_info_class;
typedef enum _nt_security_impersonation_level {
NT_SECURITY_ANONYMOUS = 0,
NT_SECURITY_IDENTIFICATION = 1,
NT_SECURITY_IMPERSONATION = 2,
NT_SECURITY_DELEGATION = 3
} nt_security_impersonation_level;
typedef enum _nt_security_information {
NT_OWNER_SECURITY_INFORMATION = 0x01,
NT_GROUP_SECURITY_INFORMATION = 0x02,
NT_DACL_SECURITY_INFORMATION = 0x04,
NT_SACL_SECURITY_INFORMATION = 0x08
} nt_security_information;
/* generic access rights */
#define NT_SEC_DELETE (0x00010000u)
#define NT_SEC_READ_CONTROL (0x00020000u)
#define NT_SEC_WRITE_DAC (0x00040000u)
#define NT_SEC_WRITE_OWNER (0x00080000u)
#define NT_SEC_SYNCHRONIZE (0x00100000u)
#define NT_SEC_STANDARD_RIGHTS_REQUIRED (0x000F0000u)
#define NT_SEC_STANDARD_RIGHTS_READ NT_SEC_READ_CONTROL
#define NT_SEC_STANDARD_RIGHTS_WRITE NT_SEC_READ_CONTROL
#define NT_SEC_STANDARD_RIGHTS_EXECUTE NT_SEC_READ_CONTROL
#define NT_SEC_STANDARD_RIGHTS_ALL (0x001F0000u)
#define NT_SEC_SPECIFIC_RIGHTS_ALL (0x0000FFFFu)
#define NT_GENERIC_ALL (0x10000000u)
#define NT_GENERIC_EXECUTE (0x20000000u)
#define NT_GENERIC_WRITE (0x40000000u)
#define NT_GENERIC_READ (0x80000000u)
/* zw_open_directory access rights */
#define NT_DIRECTORY_QUERY (0x0001u)
#define NT_DIRECTORY_TRAVERSE (0x0002u)
#define NT_DIRECTORY_CREATE_OBJECT (0x0004u)
#define NT_DIRECTORY_CREATE_SUBDIRECTORY (0x0008u)
#define NT_DIRECTORY_ALL_ACCESS NT_DIRECTORY_QUERY \
| NT_DIRECTORY_TRAVERSE \
| NT_DIRECTORY_CREATE_OBJECT \
| NT_DIRECTORY_CREATE_SUBDIRECTORY \
| NT_SEC_STANDARD_RIGHTS_REQUIRED
/* zw_open_symbolic_link_object access rights */
#define NT_SYMBOLIC_LINK_QUERY (0x0001u)
#define NT_SYMBOLIC_LINK_ALL_ACCESS NT_SYMBOLIC_LINK_QUERY \
| NT_SEC_STANDARD_RIGHTS_REQUIRED
/* object handles */
#define NT_HANDLE_FLAG_INHERIT (0x0001u)
#define NT_HANDLE_FLAG_PROTECT_FROM_CLOSE (0x0002u)
#define NT_HANDLE_PERMANENT (0x0010u)
#define NT_HANDLE_EXCLUSIVE (0x0020u)
#define NT_INVALID_HANDLE_VALUE ((void *)(intptr_t)-1)
/* object attribute bits */
#define NT_OBJ_INHERIT (0x0002u)
#define NT_OBJ_PERMANENT (0x0010u)
#define NT_OBJ_EXCLUSIVE (0x0020u)
#define NT_OBJ_CASE_INSENSITIVE (0x0040u)
#define NT_OBJ_OPENIF (0x0080u)
#define NT_OBJ_OPENLINK (0x0100u)
#define NT_OBJ_KERNEL_HANDLE (0x0200u)
/* duplicate object bits */
#define NT_DUPLICATE_CLOSE_SOURCE (0x0001u)
#define NT_DUPLICATE_SAME_ACCESS (0x0002u)
#define NT_DUPLICATE_SAME_ATTRIBUTES (0x0004u)
/* nt_security_descriptor constants (IFS open specification) */
#define NT_SE_OWNER_DEFAULTED (int16_t)0x0001
#define NT_SE_GROUP_DEFAULTED (int16_t)0x0002
#define NT_SE_DACL_PRESENT (int16_t)0x0004
#define NT_SE_DACL_DEFAULTED (int16_t)0x0008
#define NT_SE_SACL_PRESENT (int16_t)0x0010
#define NT_SE_SACL_DEFAULTED (int16_t)0x0020
#define NT_SE_DACL_AUTO_INHERIT_REQ (int16_t)0x0100
#define NT_SE_SACL_AUTO_INHERIT_REQ (int16_t)0x0200
#define NT_SE_DACL_AUTO_INHERITED (int16_t)0x0400
#define NT_SE_SACL_AUTO_INHERITED (int16_t)0x0800
#define NT_SE_DACL_PROTECTED (int16_t)0x1000
#define NT_SE_SACL_PROTECTED (int16_t)0x2000
#define NT_SE_RM_CONTROL_VALID (int16_t)0x4000
#define NT_SE_SELF_RELATIVE (int16_t)0x8000
/* security tracking */
#define NT_SECURITY_TRACKING_STATIC 0
#define NT_SECURITY_TRACKING_DYNAMIC 1
/* predefined security authorities */
#define NT_SECURITY_NULL_SID_AUTHORITY 0
#define NT_SECURITY_WORLD_SID_AUTHORITY 1
#define NT_SECURITY_LOCAL_SID_AUTHORITY 2
#define NT_SECURITY_CREATOR_SID_AUTHORITY 3
#define NT_SECURITY_NON_UNIQUE_AUTHORITY 4
#define NT_SECURITY_NT_AUTHORITY 5
/* token source length */
#define NT_TOKEN_SOURCE_LENGTH 8
typedef struct _nt_unicode_string {
uint16_t strlen;
uint16_t maxlen;
uint16_t * buffer;
} nt_unicode_string;
typedef union _nt_large_integer {
struct {
uint32_t ulow;
int32_t ihigh;
};
long long quad;
} nt_large_integer, nt_timeout, nt_filetime, nt_sec_size;
typedef struct _nt_io_status_block {
union {
int32_t status;
void * pointer;
};
intptr_t info;
} nt_io_status_block, nt_iosb;
typedef struct _nt_quota_limits {
size_t paged_pool_limit;
size_t non_paged_pool_limit;
size_t minimum_working_set_size;
size_t maximum_working_set_size;
size_t pagefile_limit;
nt_large_integer time_limit;
} nt_quota_limits, nt_ql;
typedef struct _nt_kernel_user_times {
nt_large_integer create_time;
nt_large_integer exit_time;
nt_large_integer kernel_time;
nt_large_integer user_time;
} nt_kernel_user_times, nt_kut;
typedef struct _nt_io_counters {
nt_large_integer read_operation_count;
nt_large_integer write_operation_count;
nt_large_integer other_operation_count;
nt_large_integer read_transfer_count;
nt_large_integer write_transfer_count;
nt_large_integer other_transfer_count;
} nt_io_counters;
typedef struct _nt_vm_counters {
size_t peak_virtual_size;
size_t virtual_size;
size_t page_fault_count;
size_t peak_working_set_size;
size_t working_set_size;
size_t quota_peak_paged_pool_usage;
size_t quota_paged_pool_usage;
size_t quota_peak_non_paged_pool_usage;
size_t quota_non_paged_pool_usage;
size_t pagefile_usage;
size_t peak_pagefile_usage;
} nt_vm_counters;
typedef struct _nt_pooled_usage_and_limits {
size_t peak_paged_pool_usage;
size_t paged_pool_usage;
size_t paged_pool_limit;
size_t peak_non_paged_pool_usage;
size_t non_paged_pool_usage;
size_t non_paged_pool_limit;
size_t peak_pagefile_usage;
size_t pagefile_usage;
size_t pagefile_limit;
} nt_pooled_usage_and_limits, nt_pual;
typedef struct _nt_client_id {
uintptr_t process_id;
uintptr_t thread_id;
} nt_client_id, nt_cid;
typedef struct _nt_generic_mapping {
uint32_t generic_read;
uint32_t generic_write;
uint32_t generic_execute;
uint32_t generic_all;
} nt_generic_mapping, nt_gmap;
typedef struct _nt_security_attributes {
uint32_t length;
void * security_descriptor;
int32_t inherit_handle;
} nt_security_attributes, nt_sa;
typedef struct _nt_guid {
uint32_t data1;
uint16_t data2;
uint16_t data3;
unsigned char data4[8];
} nt_guid, nt_uuid;
typedef struct _nt_uuid_vector {
uint32_t count;
nt_uuid * uuid[];
} nt_uuid_vector;
typedef struct _nt_acl {
unsigned char acl_revision;
unsigned char sbz_1st;
uint16_t acl_size;
uint16_t ace_count;
uint16_t sbz_2nd;
} nt_acl;
typedef struct _nt_security_descriptor {
unsigned char revision;
unsigned char sbz_1st;
uint16_t control;
uint32_t offset_owner;
uint32_t offset_group;
uint32_t offset_sacl;
uint32_t offset_dacl;
} nt_security_descriptor, nt_sd;
typedef struct _nt_security_quality_of_service {
uint32_t length;
int32_t impersonation_level;
int32_t context_tracking_mode;
int32_t effective_only;
} nt_security_quality_of_service, nt_sqos;
typedef struct _nt_sid_identifier_authority {
unsigned char value[6];
} nt_sid_identifier_authority;
typedef struct _nt_sid {
unsigned char revision;
unsigned char sub_authority_count;
nt_sid_identifier_authority identifier_authority;
uint32_t sub_authority[1];
} nt_sid;
typedef struct _nt_sid_os {
unsigned char revision;
unsigned char sub_authority_count;
nt_sid_identifier_authority identifier_authority;
uint32_t sub_authority[2];
} nt_sid_os;
typedef struct _nt_sid_user {
unsigned char revision;
unsigned char sub_authority_count;
nt_sid_identifier_authority identifier_authority;
uint32_t sub_authority[5];
} nt_sid_user;
typedef struct _nt_sid_any {
unsigned char revision;
unsigned char sub_authority_count;
nt_sid_identifier_authority identifier_authority;
uint32_t sub_authority[15];
} nt_sid_any;
typedef struct _nt_sid_and_attributes {
nt_sid * sid;
uint32_t attributes;
} nt_sid_and_attributes;
typedef struct _nt_token_user {
nt_sid_and_attributes user;
} nt_token_user;
typedef struct _nt_token_owner {
nt_sid * owner;
} nt_token_owner;
typedef struct _nt_token_primary_group {
nt_sid * primary_group;
} nt_token_primary_group;
typedef struct _nt_token_groups {
uint32_t group_count;
nt_sid_and_attributes groups[];
} nt_token_groups;
typedef struct _nt_token_default_dacl {
nt_acl * default_dacl;
} nt_token_default_dacl;
typedef struct _nt_luid {
uint32_t low;
int32_t high;
} nt_luid;
typedef struct _nt_token_origin {
nt_luid originating_logon_session;
} nt_token_origin;
typedef struct _nt_token_source {
char source_name[NT_TOKEN_SOURCE_LENGTH];
nt_luid source_identifier;
} nt_token_source;
typedef struct _nt_luid_and_attributes {
nt_luid luid;
uint32_t attributes;
} nt_luid_and_attributes;
typedef struct _nt_token_privileges {
uint32_t privilege_count;
nt_luid_and_attributes privileges[];
} nt_token_privileges;
typedef struct _nt_object_attributes {
uint32_t len;
void * root_dir;
nt_unicode_string * obj_name;
uint32_t obj_attr;
nt_security_descriptor *sec_desc;
nt_sqos * sec_qos;
} nt_object_attributes, nt_oa;
typedef struct _nt_object_basic_information {
uint32_t attributes;
uint32_t granted_access;
uint32_t handle_count;
uint32_t pointer_count;
uint32_t paged_pool_usage;
uint32_t non_paged_pool_usage;
uint32_t reserved[3];
uint32_t name_information_length;
uint32_t type_information_length;
uint32_t security_descriptor_length;
nt_large_integer create_time;
} nt_object_basic_information;
typedef struct _nt_object_name_information {
nt_unicode_string name;
} nt_object_name_information;
typedef struct _nt_object_handle_information {
unsigned char inherit;
unsigned char protect_from_close;
} nt_object_handle_information, nt_ohio;
typedef struct _nt_object_directory_information {
nt_unicode_string object_name;
nt_unicode_string object_type_name;
} nt_object_directory_information, nt_objdirent;
typedef struct _nt_ipc_object_directory_name {
wchar16_t base_named_objects[17];
wchar16_t backslash;
wchar16_t prefix[6];
wchar16_t uscore;
wchar16_t guid[36];
} nt_ipc_object_directory_name, nt_ipc_objdir_name;
typedef void __stdcall nt_io_apc_routine(
void * apc_context,
nt_io_status_block * io_status_block,
uint32_t reserved);
typedef int32_t __stdcall ntapi_zw_query_object(
__in void * handle,
__in nt_object_info_class obj_info_class,
__out void * obj_info,
__in size_t obj_info_length,
__out uint32_t * returned_length __optional);
typedef int32_t __stdcall ntapi_zw_set_information_object(
__in void * handle,
__in nt_object_info_class obj_info_class,
__in void * obj_info,
__in size_t obj_info_length);
typedef int32_t __stdcall ntapi_zw_duplicate_object(
__in void * hprocess_src,
__in void * handle_src,
__in void * hprocess_dst,
__out void ** handle_dst __optional,
__in uint32_t desired_access,
__in uint32_t attributes,
__in uint32_t options);
typedef int32_t __stdcall ntapi_zw_make_temporary_object(
__in void * handle);
typedef int32_t __stdcall ntapi_zw_close(
__in void * handle);
typedef int32_t __stdcall ntapi_zw_query_security_object(
__in void * handle,
__in nt_security_information security_info,
__out nt_security_descriptor * security_descriptor,
__in size_t security_descriptor_length,
__out size_t * returned_length);
typedef int32_t __stdcall ntapi_zw_set_security_object(
__in void * handle,
__in nt_security_information security_info,
__out nt_security_descriptor * security_descriptor);
typedef int32_t __stdcall ntapi_zw_create_directory_object(
__out void ** directory_handle,
__in uint32_t desired_access,
__in nt_object_attributes * obj_attr);
typedef int32_t __stdcall ntapi_zw_open_directory_object(
__out void ** directory_handle,
__in uint32_t desired_access,
__in nt_object_attributes * obj_attr);
typedef int32_t __stdcall ntapi_zw_query_directory_object(
__in void * directory_handle,
__out void * buffer,
__in size_t buffer_length,
__in int32_t return_single_entry,
__in int32_t return_scan,
__in_out uint32_t * context,
__out uint32_t * returned_length);
typedef int32_t __stdcall ntapi_zw_create_symbolic_link_object(
__out void ** symbolic_link_handle,
__in uint32_t desired_access,
__in nt_object_attributes * obj_attr,
__in nt_unicode_string * target_name);
typedef int32_t __stdcall ntapi_zw_open_symbolic_link_object(
__out void ** symbolic_link_handle,
__in uint32_t desired_access,
__in nt_object_attributes * obj_attr);
typedef int32_t __stdcall ntapi_zw_query_symbolic_link_object(
__in void * symbolic_link_handle,
__in_out nt_unicode_string * target_name,
__out size_t * returned_length);
/* extension functions */
typedef int32_t __stdcall ntapi_tt_open_ipc_object_directory(
__out void ** hdir,
__in uint32_t desired_access,
__in const wchar16_t prefix[6],
__in const nt_guid * guid);
typedef int32_t __stdcall ntapi_tt_create_ipc_object_directory_entry(
__out void ** hentry,
__in uint32_t desired_access,
__in void * hdir,
__in void * htarget,
__in nt_unicode_string * target_name,
__in uint32_t key);
typedef int32_t __stdcall ntapi_tt_open_dev_object_directory(
__out void ** hdir,
__in uint32_t desired_access,
__in const wchar16_t prefix[6],
__in const nt_guid * ipc_guid);
typedef int32_t __stdcall ntapi_tt_create_dev_object_directory_entry(
__out void ** hentry,
__in uint32_t desired_access,
__in void * hdir,
__in void * htarget,
__in nt_unicode_string * target_name,
__in const nt_guid * dev_guid);
typedef int32_t __stdcall ntapi_tt_create_keyed_object_directory(
__out void ** hdir,
__in uint32_t desired_access,
__in void * hparent,
__in uint32_t key);
typedef int32_t __stdcall ntapi_tt_open_keyed_object_directory(
__out void ** hdir,
__in uint32_t desired_access,
__in void * hparent,
__in uint32_t key);
typedef int32_t __stdcall ntapi_tt_create_keyed_object_directory_entry(
__out void ** hentry,
__in uint32_t desired_access,
__in void * hdir,
__in void * htarget,
__in nt_unicode_string * target_name,
__in uint32_t key);
typedef int32_t __stdcall ntapi_tt_keyed_object_to_key(
__in void * hentry,
__out uint32_t * key,
__out void * buffer,
__in size_t buflen);
typedef void __stdcall ntapi_tt_sid_copy(
__out nt_sid * dst,
__in const nt_sid * src);
typedef int32_t __stdcall ntapi_tt_sid_compare(
__in const nt_sid * sida,
__in const nt_sid * sidb);
#endif