|
 |
393c20 |
#ifndef PE_OS_H
|
|
|
393c20 |
#define PE_OS_H
|
|
|
393c20 |
|
|
|
393c20 |
#include <pemagine/pe_structs.h>
|
|
|
393c20 |
|
|
|
393c20 |
#define OS_STATUS_INTERNAL_ERROR 0xC00000E5
|
|
|
393c20 |
#define OS_STATUS_BAD_FILE_TYPE 0xC0000903
|
|
|
393c20 |
#define OS_STATUS_OBJECT_NAME_NOT_FOUND 0xC0000034
|
|
|
393c20 |
#define OS_STATUS_MORE_PROCESSING_REQUIRED 0xC0000016
|
|
|
393c20 |
|
|
|
393c20 |
#define OS_SEC_SYNCHRONIZE 0x00100000
|
|
|
393c20 |
#define OS_FILE_READ_ACCESS 0x00000001
|
|
|
393c20 |
#define OS_FILE_READ_ATTRIBUTES 0x00000080
|
|
|
393c20 |
|
|
|
393c20 |
#define OS_FILE_DIRECTORY_FILE 0x00000001
|
|
|
393c20 |
#define OS_FILE_NON_DIRECTORY_FILE 0x00000040
|
|
|
393c20 |
|
|
|
393c20 |
#define OS_FILE_SHARE_READ 0x00000001
|
|
|
393c20 |
#define OS_FILE_SHARE_WRITE 0x00000002
|
|
|
393c20 |
#define OS_FILE_SHARE_DELETE 0x00000004
|
|
|
393c20 |
|
|
|
6d58d9 |
#define OS_CURRENT_PROCESS_HANDLE (void *)(uintptr_t)(-1)
|
|
|
6d58d9 |
#define OS_CURRENT_THREAD_HANDLE (void *)(uintptr_t)(-2)
|
|
|
6d58d9 |
|
|
|
393c20 |
|
|
|
393c20 |
enum os_object_info_class {
|
|
|
393c20 |
OS_OBJECT_BASIC_INFORMATION = 0,
|
|
|
393c20 |
OS_OBJECT_NAME_INFORMATION = 1,
|
|
|
393c20 |
OS_OBJECT_TYPE_INFORMATION = 2,
|
|
|
393c20 |
OS_OBJECT_ALL_TYPES_INFORMATION = 3,
|
|
|
393c20 |
OS_OBJECT_HANDLE_INFORMATION = 4
|
|
|
393c20 |
};
|
|
|
393c20 |
|
|
|
393c20 |
|
|
|
6d58d9 |
enum os_memory_info_class {
|
|
|
6d58d9 |
OS_MEMORY_BASIC_INFORMATION,
|
|
|
6d58d9 |
OS_MEMORY_WORKING_SET_LIST,
|
|
|
6d58d9 |
OS_MEMORY_SECTION_NAME,
|
|
|
6d58d9 |
OS_MEMORY_BASIC_VLM_INFORMATION
|
|
|
6d58d9 |
};
|
|
|
6d58d9 |
|
|
|
6d58d9 |
|
|
|
393c20 |
struct os_oa {
|
|
|
393c20 |
uint32_t len;
|
|
|
393c20 |
void * root_dir;
|
|
|
393c20 |
struct pe_unicode_str * obj_name;
|
|
|
393c20 |
uint32_t obj_attr;
|
|
|
393c20 |
void * sec_desc;
|
|
|
393c20 |
void * sec_qos;
|
|
|
393c20 |
};
|
|
|
393c20 |
|
|
|
393c20 |
|
|
|
393c20 |
struct os_iosb {
|
|
|
393c20 |
union {
|
|
|
393c20 |
int32_t status;
|
|
|
393c20 |
void * pointer;
|
|
|
393c20 |
};
|
|
|
393c20 |
intptr_t info;
|
|
|
393c20 |
};
|
|
|
393c20 |
|
|
|
393c20 |
|
|
|
393c20 |
typedef int32_t __stdcall os_zw_query_object(
|
|
|
393c20 |
__in void * handle,
|
|
|
393c20 |
__in int obj_info_class,
|
|
|
393c20 |
__out void * obj_info,
|
|
|
393c20 |
__in size_t obj_info_length,
|
|
|
393c20 |
__out uint32_t * returned_length __optional);
|
|
|
393c20 |
|
|
|
393c20 |
|
|
|
6d58d9 |
typedef int32_t __stdcall os_zw_query_virtual_memory(
|
|
|
6d58d9 |
__in void * hprocess,
|
|
|
6d58d9 |
__in void * base_address,
|
|
|
6d58d9 |
__in int mem_info_class,
|
|
|
6d58d9 |
__out void * mem_info,
|
|
|
6d58d9 |
__in uint32_t mem_info_length,
|
|
|
6d58d9 |
__out uint32_t * returned_length __optional);
|
|
|
6d58d9 |
|
|
|
6d58d9 |
|
|
|
393c20 |
typedef int32_t __stdcall os_zw_open_file(
|
|
|
393c20 |
__out void ** hfile,
|
|
|
393c20 |
__in uint32_t desired_access,
|
|
|
393c20 |
__in struct os_oa * obj_attr,
|
|
|
393c20 |
__out struct os_iosb * io_status_block,
|
|
|
393c20 |
__in uint32_t share_access,
|
|
|
393c20 |
__in uint32_t open_options);
|
|
|
393c20 |
|
|
|
393c20 |
#endif
|