1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 extypes.h 8 9 Abstract: 10 11 Type definitions for the Executive. 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _EXTYPES_H 20 #define _EXTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <cfg.h> 27 #if !defined(NTOS_MODE_USER) 28 #include <ntimage.h> 29 #endif 30 #include <cmtypes.h> 31 #include <ketypes.h> 32 #include <potypes.h> 33 #include <lpctypes.h> 34 #ifdef NTOS_MODE_USER 35 #include <obtypes.h> 36 #endif 37 38 #ifdef __cplusplus 39 extern "C" { 40 #endif 41 42 // 43 // GCC compatibility 44 // 45 #if defined(__GNUC__) 46 #define __ALIGNED(n) __attribute__((aligned (n))) 47 #elif defined(_MSC_VER) 48 #define __ALIGNED(n) __declspec(align(n)) 49 #else 50 #error __ALIGNED not defined for your compiler! 51 #endif 52 53 // 54 // Rtl Atom 55 // 56 typedef USHORT RTL_ATOM, *PRTL_ATOM; 57 58 #ifndef NTOS_MODE_USER 59 60 // 61 // Kernel Exported Object Types 62 // 63 extern POBJECT_TYPE NTSYSAPI ExDesktopObjectType; 64 extern POBJECT_TYPE NTSYSAPI ExWindowStationObjectType; 65 extern POBJECT_TYPE NTSYSAPI ExIoCompletionType; 66 extern POBJECT_TYPE NTSYSAPI ExMutantObjectType; 67 extern POBJECT_TYPE NTSYSAPI ExTimerType; 68 69 // 70 // Exported NT Build Number 71 // 72 extern ULONG NTSYSAPI NtBuildNumber; 73 74 // 75 // Invalid Handle Value Constant 76 // 77 #define INVALID_HANDLE_VALUE (HANDLE)-1 78 79 #endif 80 81 // 82 // Increments 83 // 84 #define MUTANT_INCREMENT 1 85 86 // 87 // Callback Object Access Mask 88 // 89 #define CALLBACK_MODIFY_STATE 0x0001 90 #define CALLBACK_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 91 SYNCHRONIZE | \ 92 CALLBACK_MODIFY_STATE) 93 94 // 95 // Event Object Access Masks 96 // 97 #ifdef NTOS_MODE_USER 98 #define EVENT_QUERY_STATE 0x0001 99 100 // 101 // Semaphore Object Access Masks 102 // 103 #define SEMAPHORE_QUERY_STATE 0x0001 104 #else 105 106 // 107 // Mutant Object Access Masks 108 // 109 #define MUTANT_QUERY_STATE 0x0001 110 #define MUTANT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 111 SYNCHRONIZE | \ 112 MUTANT_QUERY_STATE) 113 114 #define TIMER_QUERY_STATE 0x0001 115 #define TIMER_MODIFY_STATE 0x0002 116 #define TIMER_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 117 SYNCHRONIZE | \ 118 TIMER_QUERY_STATE | \ 119 TIMER_MODIFY_STATE) 120 #endif 121 122 // 123 // Event Pair Access Masks 124 // 125 #define EVENT_PAIR_ALL_ACCESS 0x1F0000L 126 127 // 128 // Profile Object Access Masks 129 // 130 #define PROFILE_CONTROL 0x0001 131 #define PROFILE_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | PROFILE_CONTROL) 132 133 // 134 // Keyed Event Object Access Masks 135 // 136 #define KEYEDEVENT_WAIT 0x0001 137 #define KEYEDEVENT_WAKE 0x0002 138 #define KEYEDEVENT_ALL_ACCESS (STANDARD_RIGHTS_REQUIRED | \ 139 KEYEDEVENT_WAIT | \ 140 KEYEDEVENT_WAKE) 141 142 // 143 // NtRaiseHardError-related parameters 144 // 145 #define MAXIMUM_HARDERROR_PARAMETERS 5 146 #define HARDERROR_OVERRIDE_ERRORMODE 0x10000000 147 148 // 149 // Pushlock bits 150 // 151 #define EX_PUSH_LOCK_LOCK_V ((ULONG_PTR)0x0) 152 #define EX_PUSH_LOCK_LOCK ((ULONG_PTR)0x1) 153 #define EX_PUSH_LOCK_WAITING ((ULONG_PTR)0x2) 154 #define EX_PUSH_LOCK_WAKING ((ULONG_PTR)0x4) 155 #define EX_PUSH_LOCK_MULTIPLE_SHARED ((ULONG_PTR)0x8) 156 #define EX_PUSH_LOCK_SHARE_INC ((ULONG_PTR)0x10) 157 #define EX_PUSH_LOCK_PTR_BITS ((ULONG_PTR)0xf) 158 159 // 160 // Pushlock Wait Block Flags 161 // 162 #define EX_PUSH_LOCK_FLAGS_EXCLUSIVE 1 163 #define EX_PUSH_LOCK_FLAGS_WAIT_V 1 164 #define EX_PUSH_LOCK_FLAGS_WAIT 2 165 166 // 167 // Resource (ERESOURCE) Flags 168 // 169 #define ResourceHasDisabledPriorityBoost 0x08 170 171 // 172 // Shutdown types for NtShutdownSystem 173 // 174 typedef enum _SHUTDOWN_ACTION 175 { 176 ShutdownNoReboot, 177 ShutdownReboot, 178 ShutdownPowerOff 179 } SHUTDOWN_ACTION; 180 181 // 182 // Responses for NtRaiseHardError 183 // 184 typedef enum _HARDERROR_RESPONSE_OPTION 185 { 186 OptionAbortRetryIgnore, 187 OptionOk, 188 OptionOkCancel, 189 OptionRetryCancel, 190 OptionYesNo, 191 OptionYesNoCancel, 192 OptionShutdownSystem, 193 OptionOkNoWait, 194 OptionCancelTryContinue 195 } HARDERROR_RESPONSE_OPTION, *PHARDERROR_RESPONSE_OPTION; 196 197 typedef enum _HARDERROR_RESPONSE 198 { 199 ResponseReturnToCaller, 200 ResponseNotHandled, 201 ResponseAbort, 202 ResponseCancel, 203 ResponseIgnore, 204 ResponseNo, 205 ResponseOk, 206 ResponseRetry, 207 ResponseYes, 208 ResponseTryAgain, 209 ResponseContinue 210 } HARDERROR_RESPONSE, *PHARDERROR_RESPONSE; 211 212 // 213 // System Information Classes for NtQuerySystemInformation 214 // 215 typedef enum _SYSTEM_INFORMATION_CLASS 216 { 217 SystemBasicInformation, 218 SystemProcessorInformation, 219 SystemPerformanceInformation, 220 SystemTimeOfDayInformation, 221 SystemPathInformation, /// Obsolete: Use KUSER_SHARED_DATA 222 SystemProcessInformation, 223 SystemCallCountInformation, 224 SystemDeviceInformation, 225 SystemProcessorPerformanceInformation, 226 SystemFlagsInformation, 227 SystemCallTimeInformation, 228 SystemModuleInformation, 229 SystemLocksInformation, 230 SystemStackTraceInformation, 231 SystemPagedPoolInformation, 232 SystemNonPagedPoolInformation, 233 SystemHandleInformation, 234 SystemObjectInformation, 235 SystemPageFileInformation, 236 SystemVdmInstemulInformation, 237 SystemVdmBopInformation, 238 SystemFileCacheInformation, 239 SystemPoolTagInformation, 240 SystemInterruptInformation, 241 SystemDpcBehaviorInformation, 242 SystemFullMemoryInformation, 243 SystemLoadGdiDriverInformation, 244 SystemUnloadGdiDriverInformation, 245 SystemTimeAdjustmentInformation, 246 SystemSummaryMemoryInformation, 247 SystemMirrorMemoryInformation, 248 SystemPerformanceTraceInformation, 249 SystemObsolete0, 250 SystemExceptionInformation, 251 SystemCrashDumpStateInformation, 252 SystemKernelDebuggerInformation, 253 SystemContextSwitchInformation, 254 SystemRegistryQuotaInformation, 255 SystemExtendServiceTableInformation, 256 SystemPrioritySeperation, 257 SystemPlugPlayBusInformation, 258 SystemDockInformation, 259 SystemPowerInformationNative, 260 SystemProcessorSpeedInformation, 261 SystemCurrentTimeZoneInformation, 262 SystemLookasideInformation, 263 SystemTimeSlipNotification, 264 SystemSessionCreate, 265 SystemSessionDetach, 266 SystemSessionInformation, 267 SystemRangeStartInformation, 268 SystemVerifierInformation, 269 SystemAddVerifier, 270 SystemSessionProcessesInformation, 271 SystemLoadGdiDriverInSystemSpaceInformation, 272 SystemNumaProcessorMap, 273 SystemPrefetcherInformation, 274 SystemExtendedProcessInformation, 275 SystemRecommendedSharedDataAlignment, 276 SystemComPlusPackage, 277 SystemNumaAvailableMemory, 278 SystemProcessorPowerInformation, 279 SystemEmulationBasicInformation, 280 SystemEmulationProcessorInformation, 281 SystemExtendedHandleInformation, 282 SystemLostDelayedWriteInformation, 283 SystemBigPoolInformation, 284 SystemSessionPoolTagInformation, 285 SystemSessionMappedViewInformation, 286 SystemHotpatchInformation, 287 SystemObjectSecurityMode, 288 SystemWatchDogTimerHandler, 289 SystemWatchDogTimerInformation, 290 SystemLogicalProcessorInformation, 291 SystemWow64SharedInformationObsolete, 292 SystemRegisterFirmwareTableInformationHandler, 293 SystemFirmwareTableInformation, 294 SystemModuleInformationEx, 295 SystemVerifierTriageInformation, 296 SystemSuperfetchInformation, 297 SystemMemoryListInformation, 298 SystemFileCacheInformationEx, 299 SystemThreadPriorityClientIdInformation, 300 SystemProcessorIdleCycleTimeInformation, 301 SystemVerifierCancellationInformation, 302 SystemProcessorPowerInformationEx, 303 SystemRefTraceInformation, 304 SystemSpecialPoolInformation, 305 SystemProcessIdInformation, 306 SystemErrorPortInformation, 307 SystemBootEnvironmentInformation, 308 SystemHypervisorInformation, 309 SystemVerifierInformationEx, 310 SystemTimeZoneInformation, 311 SystemImageFileExecutionOptionsInformation, 312 SystemCoverageInformation, 313 SystemPrefetchPathInformation, 314 SystemVerifierFaultsInformation, 315 MaxSystemInfoClass, 316 } SYSTEM_INFORMATION_CLASS; 317 318 // 319 // System Information Classes for NtQueryMutant 320 // 321 typedef enum _MUTANT_INFORMATION_CLASS 322 { 323 MutantBasicInformation, 324 MutantOwnerInformation 325 } MUTANT_INFORMATION_CLASS; 326 327 // 328 // System Information Classes for NtQueryAtom 329 // 330 typedef enum _ATOM_INFORMATION_CLASS 331 { 332 AtomBasicInformation, 333 AtomTableInformation, 334 } ATOM_INFORMATION_CLASS; 335 336 // 337 // System Information Classes for NtQueryTimer 338 // 339 typedef enum _TIMER_INFORMATION_CLASS 340 { 341 TimerBasicInformation 342 } TIMER_INFORMATION_CLASS; 343 344 // 345 // System Information Classes for NtQuerySemaphore 346 // 347 typedef enum _SEMAPHORE_INFORMATION_CLASS 348 { 349 SemaphoreBasicInformation 350 } SEMAPHORE_INFORMATION_CLASS; 351 352 // 353 // System Information Classes for NtQueryEvent 354 // 355 typedef enum _EVENT_INFORMATION_CLASS 356 { 357 EventBasicInformation 358 } EVENT_INFORMATION_CLASS; 359 360 #ifdef NTOS_MODE_USER 361 362 // 363 // Firmware Table Actions for SystemFirmwareTableInformation 364 // 365 typedef enum _SYSTEM_FIRMWARE_TABLE_ACTION 366 { 367 SystemFirmwareTable_Enumerate = 0, 368 SystemFirmwareTable_Get = 1, 369 } SYSTEM_FIRMWARE_TABLE_ACTION, *PSYSTEM_FIRMWARE_TABLE_ACTION; 370 371 // 372 // Firmware Handler Callback 373 // 374 struct _SYSTEM_FIRMWARE_TABLE_INFORMATION; 375 typedef 376 NTSTATUS 377 (__cdecl *PFNFTH)( 378 _In_ struct _SYSTEM_FIRMWARE_TABLE_INFORMATION *FirmwareTableInformation 379 ); 380 381 #else 382 383 // 384 // Handle Enumeration Callback 385 // 386 struct _HANDLE_TABLE_ENTRY; 387 typedef BOOLEAN 388 (NTAPI *PEX_ENUM_HANDLE_CALLBACK)( 389 _In_ struct _HANDLE_TABLE_ENTRY *HandleTableEntry, 390 _In_ HANDLE Handle, 391 _In_ PVOID Context 392 ); 393 394 // 395 // Executive Work Queue Structures 396 // 397 typedef struct _EX_QUEUE_WORKER_INFO 398 { 399 ULONG QueueDisabled:1; 400 ULONG MakeThreadsAsNecessary:1; 401 ULONG WaitMode:1; 402 ULONG WorkerCount:29; 403 } EX_QUEUE_WORKER_INFO, *PEX_QUEUE_WORKER_INFO; 404 405 typedef struct _EX_WORK_QUEUE 406 { 407 KQUEUE WorkerQueue; 408 LONG DynamicThreadCount; 409 ULONG WorkItemsProcessed; 410 ULONG WorkItemsProcessedLastPass; 411 ULONG QueueDepthLastPass; 412 EX_QUEUE_WORKER_INFO Info; 413 } EX_WORK_QUEUE, *PEX_WORK_QUEUE; 414 415 // 416 // Executive Fast Reference Structure 417 // 418 typedef struct _EX_FAST_REF 419 { 420 union 421 { 422 PVOID Object; 423 ULONG_PTR RefCnt:3; 424 ULONG_PTR Value; 425 }; 426 } EX_FAST_REF, *PEX_FAST_REF; 427 428 // 429 // Executive Cache-Aware Rundown Reference Descriptor 430 // 431 typedef struct _EX_RUNDOWN_REF_CACHE_AWARE 432 { 433 PEX_RUNDOWN_REF RunRefs; 434 PVOID PoolToFree; 435 ULONG RunRefSize; 436 ULONG Number; 437 } EX_RUNDOWN_REF_CACHE_AWARE; 438 439 // 440 // Executive Rundown Wait Block 441 // 442 typedef struct _EX_RUNDOWN_WAIT_BLOCK 443 { 444 ULONG_PTR Count; 445 KEVENT WakeEvent; 446 } EX_RUNDOWN_WAIT_BLOCK, *PEX_RUNDOWN_WAIT_BLOCK; 447 448 // 449 // Executive Pushlock 450 // 451 #undef EX_PUSH_LOCK 452 #undef PEX_PUSH_LOCK 453 typedef struct _EX_PUSH_LOCK 454 { 455 union 456 { 457 struct 458 { 459 ULONG_PTR Locked:1; 460 ULONG_PTR Waiting:1; 461 ULONG_PTR Waking:1; 462 ULONG_PTR MultipleShared:1; 463 ULONG_PTR Shared:sizeof (ULONG_PTR) * 8 - 4; 464 }; 465 ULONG_PTR Value; 466 PVOID Ptr; 467 }; 468 } EX_PUSH_LOCK, *PEX_PUSH_LOCK; 469 470 // 471 // Executive Pushlock Wait Block 472 // 473 474 // 475 // The wait block has to be properly aligned 476 // on a non-checked build even if the debug data isn't there. 477 // 478 #if defined(_MSC_VER) 479 #pragma warning(push) 480 #pragma warning(disable:4324) 481 #endif 482 483 typedef __ALIGNED(16) struct _EX_PUSH_LOCK_WAIT_BLOCK 484 { 485 union 486 { 487 KGATE WakeGate; 488 KEVENT WakeEvent; 489 }; 490 struct _EX_PUSH_LOCK_WAIT_BLOCK *Next; 491 struct _EX_PUSH_LOCK_WAIT_BLOCK *Last; 492 struct _EX_PUSH_LOCK_WAIT_BLOCK *Previous; 493 LONG ShareCount; 494 LONG Flags; 495 #if DBG 496 BOOLEAN Signaled; 497 EX_PUSH_LOCK NewValue; 498 EX_PUSH_LOCK OldValue; 499 PEX_PUSH_LOCK PushLock; 500 #endif 501 } EX_PUSH_LOCK_WAIT_BLOCK, *PEX_PUSH_LOCK_WAIT_BLOCK; 502 503 #if defined(_MSC_VER) 504 #pragma warning(pop) 505 #endif 506 507 // 508 // Callback Object 509 // 510 typedef struct _CALLBACK_OBJECT 511 { 512 ULONG Signature; 513 KSPIN_LOCK Lock; 514 LIST_ENTRY RegisteredCallbacks; 515 BOOLEAN AllowMultipleCallbacks; 516 UCHAR reserved[3]; 517 } CALLBACK_OBJECT; 518 519 // 520 // Callback Handle 521 // 522 typedef struct _CALLBACK_REGISTRATION 523 { 524 LIST_ENTRY Link; 525 PCALLBACK_OBJECT CallbackObject; 526 PCALLBACK_FUNCTION CallbackFunction; 527 PVOID CallbackContext; 528 ULONG Busy; 529 BOOLEAN UnregisterWaiting; 530 } CALLBACK_REGISTRATION, *PCALLBACK_REGISTRATION; 531 532 // 533 // Internal Callback Object 534 // 535 typedef struct _EX_CALLBACK_ROUTINE_BLOCK 536 { 537 EX_RUNDOWN_REF RundownProtect; 538 PEX_CALLBACK_FUNCTION Function; 539 PVOID Context; 540 } EX_CALLBACK_ROUTINE_BLOCK, *PEX_CALLBACK_ROUTINE_BLOCK; 541 542 // 543 // Internal Callback Handle 544 // 545 typedef struct _EX_CALLBACK 546 { 547 EX_FAST_REF RoutineBlock; 548 } EX_CALLBACK, *PEX_CALLBACK; 549 550 // 551 // Profile Object 552 // 553 typedef struct _EPROFILE 554 { 555 PEPROCESS Process; 556 PVOID RangeBase; 557 SIZE_T RangeSize; 558 PVOID Buffer; 559 ULONG BufferSize; 560 ULONG BucketSize; 561 PKPROFILE ProfileObject; 562 PVOID LockedBufferAddress; 563 PMDL Mdl; 564 ULONG_PTR Segment; 565 KPROFILE_SOURCE ProfileSource; 566 KAFFINITY Affinity; 567 } EPROFILE, *PEPROFILE; 568 569 // 570 // Handle Table Structures 571 // 572 typedef struct _HANDLE_TRACE_DB_ENTRY 573 { 574 CLIENT_ID ClientId; 575 HANDLE Handle; 576 ULONG Type; 577 PVOID StackTrace[16]; 578 } HANDLE_TRACE_DB_ENTRY, *PHANDLE_TRACE_DB_ENTRY; 579 580 typedef struct _HANDLE_TRACE_DEBUG_INFO 581 { 582 LONG RefCount; 583 ULONG TableSize; 584 ULONG BitMaskFlags; 585 FAST_MUTEX CloseCompactionLock; 586 ULONG CurrentStackIndex; 587 HANDLE_TRACE_DB_ENTRY TraceDb[1]; 588 } HANDLE_TRACE_DEBUG_INFO, *PHANDLE_TRACE_DEBUG_INFO; 589 590 typedef struct _HANDLE_TABLE_ENTRY_INFO 591 { 592 ULONG AuditMask; 593 } HANDLE_TABLE_ENTRY_INFO, *PHANDLE_TABLE_ENTRY_INFO; 594 595 typedef struct _HANDLE_TABLE_ENTRY 596 { 597 union 598 { 599 PVOID Object; 600 ULONG_PTR ObAttributes; 601 PHANDLE_TABLE_ENTRY_INFO InfoTable; 602 ULONG_PTR Value; 603 }; 604 union 605 { 606 ULONG GrantedAccess; 607 struct 608 { 609 USHORT GrantedAccessIndex; 610 USHORT CreatorBackTraceIndex; 611 }; 612 LONG NextFreeTableEntry; 613 }; 614 } HANDLE_TABLE_ENTRY, *PHANDLE_TABLE_ENTRY; 615 616 typedef struct _HANDLE_TABLE 617 { 618 #if (NTDDI_VERSION >= NTDDI_WINXP) 619 ULONG_PTR TableCode; 620 #else 621 PHANDLE_TABLE_ENTRY **Table; 622 #endif 623 PEPROCESS QuotaProcess; 624 PVOID UniqueProcessId; 625 #if (NTDDI_VERSION >= NTDDI_WINXP) 626 EX_PUSH_LOCK HandleTableLock[4]; 627 LIST_ENTRY HandleTableList; 628 EX_PUSH_LOCK HandleContentionEvent; 629 #else 630 ERESOURCE HandleLock; 631 LIST_ENTRY HandleTableList; 632 KEVENT HandleContentionEvent; 633 #endif 634 PHANDLE_TRACE_DEBUG_INFO DebugInfo; 635 LONG ExtraInfoPages; 636 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 637 union 638 { 639 ULONG Flags; 640 UCHAR StrictFIFO:1; 641 }; 642 LONG FirstFreeHandle; 643 PHANDLE_TABLE_ENTRY LastFreeHandleEntry; 644 LONG HandleCount; 645 ULONG NextHandleNeedingPool; 646 #else 647 ULONG FirstFree; 648 ULONG LastFree; 649 ULONG NextHandleNeedingPool; 650 LONG HandleCount; 651 union 652 { 653 ULONG Flags; 654 UCHAR StrictFIFO:1; 655 }; 656 #endif 657 } HANDLE_TABLE, *PHANDLE_TABLE; 658 659 #endif 660 661 // 662 // Hard Error LPC Message 663 // 664 typedef struct _HARDERROR_MSG 665 { 666 PORT_MESSAGE h; 667 NTSTATUS Status; 668 LARGE_INTEGER ErrorTime; 669 ULONG ValidResponseOptions; 670 ULONG Response; 671 ULONG NumberOfParameters; 672 ULONG UnicodeStringParameterMask; 673 ULONG_PTR Parameters[MAXIMUM_HARDERROR_PARAMETERS]; 674 } HARDERROR_MSG, *PHARDERROR_MSG; 675 676 // 677 // Information Structures for NtQueryMutant 678 // 679 typedef struct _MUTANT_BASIC_INFORMATION 680 { 681 LONG CurrentCount; 682 BOOLEAN OwnedByCaller; 683 BOOLEAN AbandonedState; 684 } MUTANT_BASIC_INFORMATION, *PMUTANT_BASIC_INFORMATION; 685 686 typedef struct _MUTANT_OWNER_INFORMATION 687 { 688 CLIENT_ID ClientId; 689 } MUTANT_OWNER_INFORMATION, *PMUTANT_OWNER_INFORMATION; 690 691 // 692 // Information Structures for NtQueryAtom 693 // 694 typedef struct _ATOM_BASIC_INFORMATION 695 { 696 USHORT UsageCount; 697 USHORT Flags; 698 USHORT NameLength; 699 WCHAR Name[1]; 700 } ATOM_BASIC_INFORMATION, *PATOM_BASIC_INFORMATION; 701 702 typedef struct _ATOM_TABLE_INFORMATION 703 { 704 ULONG NumberOfAtoms; 705 USHORT Atoms[1]; 706 } ATOM_TABLE_INFORMATION, *PATOM_TABLE_INFORMATION; 707 708 // 709 // Information Structures for NtQueryTimer 710 // 711 typedef struct _TIMER_BASIC_INFORMATION 712 { 713 LARGE_INTEGER TimeRemaining; 714 BOOLEAN SignalState; 715 } TIMER_BASIC_INFORMATION, *PTIMER_BASIC_INFORMATION; 716 717 // 718 // Information Structures for NtQuerySemaphore 719 // 720 typedef struct _SEMAPHORE_BASIC_INFORMATION 721 { 722 LONG CurrentCount; 723 LONG MaximumCount; 724 } SEMAPHORE_BASIC_INFORMATION, *PSEMAPHORE_BASIC_INFORMATION; 725 726 // 727 // Information Structures for NtQueryEvent 728 // 729 typedef struct _EVENT_BASIC_INFORMATION 730 { 731 EVENT_TYPE EventType; 732 LONG EventState; 733 } EVENT_BASIC_INFORMATION, *PEVENT_BASIC_INFORMATION; 734 735 // 736 // Information Structures for NtQuerySystemInformation 737 // 738 typedef struct _SYSTEM_BASIC_INFORMATION 739 { 740 ULONG Reserved; 741 ULONG TimerResolution; 742 ULONG PageSize; 743 ULONG NumberOfPhysicalPages; 744 ULONG LowestPhysicalPageNumber; 745 ULONG HighestPhysicalPageNumber; 746 ULONG AllocationGranularity; 747 ULONG_PTR MinimumUserModeAddress; 748 ULONG_PTR MaximumUserModeAddress; 749 ULONG_PTR ActiveProcessorsAffinityMask; 750 CCHAR NumberOfProcessors; 751 } SYSTEM_BASIC_INFORMATION, *PSYSTEM_BASIC_INFORMATION; 752 753 // Class 1 754 typedef struct _SYSTEM_PROCESSOR_INFORMATION 755 { 756 USHORT ProcessorArchitecture; 757 USHORT ProcessorLevel; 758 USHORT ProcessorRevision; 759 #if (NTDDI_VERSION < NTDDI_WIN8) 760 USHORT Reserved; 761 #else 762 USHORT MaximumProcessors; 763 #endif 764 ULONG ProcessorFeatureBits; 765 } SYSTEM_PROCESSOR_INFORMATION, *PSYSTEM_PROCESSOR_INFORMATION; 766 767 // Class 2 768 typedef struct _SYSTEM_PERFORMANCE_INFORMATION 769 { 770 LARGE_INTEGER IdleProcessTime; 771 LARGE_INTEGER IoReadTransferCount; 772 LARGE_INTEGER IoWriteTransferCount; 773 LARGE_INTEGER IoOtherTransferCount; 774 ULONG IoReadOperationCount; 775 ULONG IoWriteOperationCount; 776 ULONG IoOtherOperationCount; 777 ULONG AvailablePages; 778 ULONG CommittedPages; 779 ULONG CommitLimit; 780 ULONG PeakCommitment; 781 ULONG PageFaultCount; 782 ULONG CopyOnWriteCount; 783 ULONG TransitionCount; 784 ULONG CacheTransitionCount; 785 ULONG DemandZeroCount; 786 ULONG PageReadCount; 787 ULONG PageReadIoCount; 788 ULONG CacheReadCount; 789 ULONG CacheIoCount; 790 ULONG DirtyPagesWriteCount; 791 ULONG DirtyWriteIoCount; 792 ULONG MappedPagesWriteCount; 793 ULONG MappedWriteIoCount; 794 ULONG PagedPoolPages; 795 ULONG NonPagedPoolPages; 796 ULONG PagedPoolAllocs; 797 ULONG PagedPoolFrees; 798 ULONG NonPagedPoolAllocs; 799 ULONG NonPagedPoolFrees; 800 ULONG FreeSystemPtes; 801 ULONG ResidentSystemCodePage; 802 ULONG TotalSystemDriverPages; 803 ULONG TotalSystemCodePages; 804 ULONG NonPagedPoolLookasideHits; 805 ULONG PagedPoolLookasideHits; 806 ULONG Spare3Count; 807 ULONG ResidentSystemCachePage; 808 ULONG ResidentPagedPoolPage; 809 ULONG ResidentSystemDriverPage; 810 ULONG CcFastReadNoWait; 811 ULONG CcFastReadWait; 812 ULONG CcFastReadResourceMiss; 813 ULONG CcFastReadNotPossible; 814 ULONG CcFastMdlReadNoWait; 815 ULONG CcFastMdlReadWait; 816 ULONG CcFastMdlReadResourceMiss; 817 ULONG CcFastMdlReadNotPossible; 818 ULONG CcMapDataNoWait; 819 ULONG CcMapDataWait; 820 ULONG CcMapDataNoWaitMiss; 821 ULONG CcMapDataWaitMiss; 822 ULONG CcPinMappedDataCount; 823 ULONG CcPinReadNoWait; 824 ULONG CcPinReadWait; 825 ULONG CcPinReadNoWaitMiss; 826 ULONG CcPinReadWaitMiss; 827 ULONG CcCopyReadNoWait; 828 ULONG CcCopyReadWait; 829 ULONG CcCopyReadNoWaitMiss; 830 ULONG CcCopyReadWaitMiss; 831 ULONG CcMdlReadNoWait; 832 ULONG CcMdlReadWait; 833 ULONG CcMdlReadNoWaitMiss; 834 ULONG CcMdlReadWaitMiss; 835 ULONG CcReadAheadIos; 836 ULONG CcLazyWriteIos; 837 ULONG CcLazyWritePages; 838 ULONG CcDataFlushes; 839 ULONG CcDataPages; 840 ULONG ContextSwitches; 841 ULONG FirstLevelTbFills; 842 ULONG SecondLevelTbFills; 843 ULONG SystemCalls; 844 #if (NTDDI_VERSION >= NTDDI_WIN7) 845 ULONGLONG CcTotalDirtyPages; 846 ULONGLONG CcDirtyPageThreshold; 847 #endif 848 #if (NTDDI_VERSION >= NTDDI_WIN8) 849 LONGLONG ResidentAvailablePages; 850 ULONGLONG SharedCommittedPages; 851 #endif 852 } SYSTEM_PERFORMANCE_INFORMATION, *PSYSTEM_PERFORMANCE_INFORMATION; 853 854 // Class 3 855 typedef struct _SYSTEM_TIMEOFDAY_INFORMATION 856 { 857 LARGE_INTEGER BootTime; 858 LARGE_INTEGER CurrentTime; 859 LARGE_INTEGER TimeZoneBias; 860 ULONG TimeZoneId; 861 ULONG Reserved; 862 #if (NTDDI_VERSION >= NTDDI_WIN2K) 863 ULONGLONG BootTimeBias; 864 ULONGLONG SleepTimeBias; 865 #endif 866 } SYSTEM_TIMEOFDAY_INFORMATION, *PSYSTEM_TIMEOFDAY_INFORMATION; 867 868 // Class 4 869 // This class is obsolete, please use KUSER_SHARED_DATA instead 870 871 // Class 5 872 typedef struct _SYSTEM_THREAD_INFORMATION 873 { 874 LARGE_INTEGER KernelTime; 875 LARGE_INTEGER UserTime; 876 LARGE_INTEGER CreateTime; 877 ULONG WaitTime; 878 PVOID StartAddress; 879 CLIENT_ID ClientId; 880 KPRIORITY Priority; 881 LONG BasePriority; 882 ULONG ContextSwitches; 883 ULONG ThreadState; 884 ULONG WaitReason; 885 ULONG PadPadAlignment; 886 } SYSTEM_THREAD_INFORMATION, *PSYSTEM_THREAD_INFORMATION; 887 #ifndef _WIN64 888 C_ASSERT(sizeof(SYSTEM_THREAD_INFORMATION) == 0x40); // Must be 8-byte aligned 889 #endif 890 891 typedef struct _SYSTEM_PROCESS_INFORMATION 892 { 893 ULONG NextEntryOffset; 894 ULONG NumberOfThreads; 895 LARGE_INTEGER WorkingSetPrivateSize; //VISTA 896 ULONG HardFaultCount; //WIN7 897 ULONG NumberOfThreadsHighWatermark; //WIN7 898 ULONGLONG CycleTime; //WIN7 899 LARGE_INTEGER CreateTime; 900 LARGE_INTEGER UserTime; 901 LARGE_INTEGER KernelTime; 902 UNICODE_STRING ImageName; 903 KPRIORITY BasePriority; 904 HANDLE UniqueProcessId; 905 HANDLE InheritedFromUniqueProcessId; 906 ULONG HandleCount; 907 ULONG SessionId; 908 ULONG_PTR PageDirectoryBase; 909 910 // 911 // This part corresponds to VM_COUNTERS_EX. 912 // NOTE: *NOT* THE SAME AS VM_COUNTERS! 913 // 914 SIZE_T PeakVirtualSize; 915 SIZE_T VirtualSize; 916 ULONG PageFaultCount; 917 SIZE_T PeakWorkingSetSize; 918 SIZE_T WorkingSetSize; 919 SIZE_T QuotaPeakPagedPoolUsage; 920 SIZE_T QuotaPagedPoolUsage; 921 SIZE_T QuotaPeakNonPagedPoolUsage; 922 SIZE_T QuotaNonPagedPoolUsage; 923 SIZE_T PagefileUsage; 924 SIZE_T PeakPagefileUsage; 925 SIZE_T PrivatePageCount; 926 927 // 928 // This part corresponds to IO_COUNTERS 929 // 930 LARGE_INTEGER ReadOperationCount; 931 LARGE_INTEGER WriteOperationCount; 932 LARGE_INTEGER OtherOperationCount; 933 LARGE_INTEGER ReadTransferCount; 934 LARGE_INTEGER WriteTransferCount; 935 LARGE_INTEGER OtherTransferCount; 936 // SYSTEM_THREAD_INFORMATION TH[1]; 937 } SYSTEM_PROCESS_INFORMATION, *PSYSTEM_PROCESS_INFORMATION; 938 #ifndef _WIN64 939 C_ASSERT(sizeof(SYSTEM_PROCESS_INFORMATION) == 0xB8); // Must be 8-byte aligned 940 #endif 941 942 // 943 // Class 6 944 typedef struct _SYSTEM_CALL_COUNT_INFORMATION 945 { 946 ULONG Length; 947 ULONG NumberOfTables; 948 } SYSTEM_CALL_COUNT_INFORMATION, *PSYSTEM_CALL_COUNT_INFORMATION; 949 950 // Class 7 951 typedef struct _SYSTEM_DEVICE_INFORMATION 952 { 953 ULONG NumberOfDisks; 954 ULONG NumberOfFloppies; 955 ULONG NumberOfCdRoms; 956 ULONG NumberOfTapes; 957 ULONG NumberOfSerialPorts; 958 ULONG NumberOfParallelPorts; 959 } SYSTEM_DEVICE_INFORMATION, *PSYSTEM_DEVICE_INFORMATION; 960 961 // Class 8 962 typedef struct _SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION 963 { 964 LARGE_INTEGER IdleTime; 965 LARGE_INTEGER KernelTime; 966 LARGE_INTEGER UserTime; 967 LARGE_INTEGER DpcTime; 968 LARGE_INTEGER InterruptTime; 969 ULONG InterruptCount; 970 } SYSTEM_PROCESSOR_PERFORMANCE_INFORMATION, *PSYSTEM_PROCESSOR_PERFORMANCE_INFORMATION; 971 972 // Class 9 973 typedef struct _SYSTEM_FLAGS_INFORMATION 974 { 975 ULONG Flags; 976 } SYSTEM_FLAGS_INFORMATION, *PSYSTEM_FLAGS_INFORMATION; 977 978 // Class 10 979 typedef struct _SYSTEM_CALL_TIME_INFORMATION 980 { 981 ULONG Length; 982 ULONG TotalCalls; 983 LARGE_INTEGER TimeOfCalls[1]; 984 } SYSTEM_CALL_TIME_INFORMATION, *PSYSTEM_CALL_TIME_INFORMATION; 985 986 // Class 11 - See RTL_PROCESS_MODULES 987 988 // Class 12 - See RTL_PROCESS_LOCKS 989 990 // Class 13 - See RTL_PROCESS_BACKTRACES 991 992 // Class 14 - 15 993 typedef struct _SYSTEM_POOL_ENTRY 994 { 995 BOOLEAN Allocated; 996 BOOLEAN Spare0; 997 USHORT AllocatorBackTraceIndex; 998 ULONG Size; 999 union 1000 { 1001 UCHAR Tag[4]; 1002 ULONG TagUlong; 1003 PVOID ProcessChargedQuota; 1004 }; 1005 } SYSTEM_POOL_ENTRY, *PSYSTEM_POOL_ENTRY; 1006 1007 typedef struct _SYSTEM_POOL_INFORMATION 1008 { 1009 SIZE_T TotalSize; 1010 PVOID FirstEntry; 1011 USHORT EntryOverhead; 1012 BOOLEAN PoolTagPresent; 1013 BOOLEAN Spare0; 1014 ULONG NumberOfEntries; 1015 SYSTEM_POOL_ENTRY Entries[1]; 1016 } SYSTEM_POOL_INFORMATION, *PSYSTEM_POOL_INFORMATION; 1017 1018 // Class 16 1019 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO 1020 { 1021 USHORT UniqueProcessId; 1022 USHORT CreatorBackTraceIndex; 1023 UCHAR ObjectTypeIndex; 1024 UCHAR HandleAttributes; 1025 USHORT HandleValue; 1026 PVOID Object; 1027 ULONG GrantedAccess; 1028 } SYSTEM_HANDLE_TABLE_ENTRY_INFO, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO; 1029 1030 typedef struct _SYSTEM_HANDLE_INFORMATION 1031 { 1032 ULONG NumberOfHandles; 1033 SYSTEM_HANDLE_TABLE_ENTRY_INFO Handles[1]; 1034 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 1035 1036 // Class 17 1037 typedef struct _SYSTEM_OBJECTTYPE_INFORMATION 1038 { 1039 ULONG NextEntryOffset; 1040 ULONG NumberOfObjects; 1041 ULONG NumberOfHandles; 1042 ULONG TypeIndex; 1043 ULONG InvalidAttributes; 1044 GENERIC_MAPPING GenericMapping; 1045 ULONG ValidAccessMask; 1046 ULONG PoolType; 1047 BOOLEAN SecurityRequired; 1048 BOOLEAN WaitableObject; 1049 UNICODE_STRING TypeName; 1050 } SYSTEM_OBJECTTYPE_INFORMATION, *PSYSTEM_OBJECTTYPE_INFORMATION; 1051 1052 typedef struct _SYSTEM_OBJECT_INFORMATION 1053 { 1054 ULONG NextEntryOffset; 1055 PVOID Object; 1056 HANDLE CreatorUniqueProcess; 1057 USHORT CreatorBackTraceIndex; 1058 USHORT Flags; 1059 LONG PointerCount; 1060 LONG HandleCount; 1061 ULONG PagedPoolCharge; 1062 ULONG NonPagedPoolCharge; 1063 HANDLE ExclusiveProcessId; 1064 PVOID SecurityDescriptor; 1065 OBJECT_NAME_INFORMATION NameInfo; 1066 } SYSTEM_OBJECT_INFORMATION, *PSYSTEM_OBJECT_INFORMATION; 1067 1068 // Class 18 1069 typedef struct _SYSTEM_PAGEFILE_INFORMATION 1070 { 1071 ULONG NextEntryOffset; 1072 ULONG TotalSize; 1073 ULONG TotalInUse; 1074 ULONG PeakUsage; 1075 UNICODE_STRING PageFileName; 1076 } SYSTEM_PAGEFILE_INFORMATION, *PSYSTEM_PAGEFILE_INFORMATION; 1077 1078 // Class 19 1079 typedef struct _SYSTEM_VDM_INSTEMUL_INFO 1080 { 1081 ULONG SegmentNotPresent; 1082 ULONG VdmOpcode0F; 1083 ULONG OpcodeESPrefix; 1084 ULONG OpcodeCSPrefix; 1085 ULONG OpcodeSSPrefix; 1086 ULONG OpcodeDSPrefix; 1087 ULONG OpcodeFSPrefix; 1088 ULONG OpcodeGSPrefix; 1089 ULONG OpcodeOPER32Prefix; 1090 ULONG OpcodeADDR32Prefix; 1091 ULONG OpcodeINSB; 1092 ULONG OpcodeINSW; 1093 ULONG OpcodeOUTSB; 1094 ULONG OpcodeOUTSW; 1095 ULONG OpcodePUSHF; 1096 ULONG OpcodePOPF; 1097 ULONG OpcodeINTnn; 1098 ULONG OpcodeINTO; 1099 ULONG OpcodeIRET; 1100 ULONG OpcodeINBimm; 1101 ULONG OpcodeINWimm; 1102 ULONG OpcodeOUTBimm; 1103 ULONG OpcodeOUTWimm ; 1104 ULONG OpcodeINB; 1105 ULONG OpcodeINW; 1106 ULONG OpcodeOUTB; 1107 ULONG OpcodeOUTW; 1108 ULONG OpcodeLOCKPrefix; 1109 ULONG OpcodeREPNEPrefix; 1110 ULONG OpcodeREPPrefix; 1111 ULONG OpcodeHLT; 1112 ULONG OpcodeCLI; 1113 ULONG OpcodeSTI; 1114 ULONG BopCount; 1115 } SYSTEM_VDM_INSTEMUL_INFO, *PSYSTEM_VDM_INSTEMUL_INFO; 1116 1117 // Class 20 - ULONG VDMBOPINFO 1118 1119 // Class 21 1120 typedef struct _SYSTEM_FILECACHE_INFORMATION 1121 { 1122 SIZE_T CurrentSize; 1123 SIZE_T PeakSize; 1124 ULONG PageFaultCount; 1125 SIZE_T MinimumWorkingSet; 1126 SIZE_T MaximumWorkingSet; 1127 SIZE_T CurrentSizeIncludingTransitionInPages; 1128 SIZE_T PeakSizeIncludingTransitionInPages; 1129 ULONG TransitionRePurposeCount; 1130 ULONG Flags; 1131 } SYSTEM_FILECACHE_INFORMATION, *PSYSTEM_FILECACHE_INFORMATION; 1132 1133 // Class 22 1134 typedef struct _SYSTEM_POOLTAG 1135 { 1136 union 1137 { 1138 UCHAR Tag[4]; 1139 ULONG TagUlong; 1140 }; 1141 ULONG PagedAllocs; 1142 ULONG PagedFrees; 1143 SIZE_T PagedUsed; 1144 ULONG NonPagedAllocs; 1145 ULONG NonPagedFrees; 1146 SIZE_T NonPagedUsed; 1147 } SYSTEM_POOLTAG, *PSYSTEM_POOLTAG; 1148 1149 typedef struct _SYSTEM_POOLTAG_INFORMATION 1150 { 1151 ULONG Count; 1152 SYSTEM_POOLTAG TagInfo[1]; 1153 } SYSTEM_POOLTAG_INFORMATION, *PSYSTEM_POOLTAG_INFORMATION; 1154 1155 // Class 23 1156 typedef struct _SYSTEM_INTERRUPT_INFORMATION 1157 { 1158 ULONG ContextSwitches; 1159 ULONG DpcCount; 1160 ULONG DpcRate; 1161 ULONG TimeIncrement; 1162 ULONG DpcBypassCount; 1163 ULONG ApcBypassCount; 1164 } SYSTEM_INTERRUPT_INFORMATION, *PSYSTEM_INTERRUPT_INFORMATION; 1165 1166 // Class 24 1167 typedef struct _SYSTEM_DPC_BEHAVIOR_INFORMATION 1168 { 1169 ULONG Spare; 1170 ULONG DpcQueueDepth; 1171 ULONG MinimumDpcRate; 1172 ULONG AdjustDpcThreshold; 1173 ULONG IdealDpcRate; 1174 } SYSTEM_DPC_BEHAVIOR_INFORMATION, *PSYSTEM_DPC_BEHAVIOR_INFORMATION; 1175 1176 // Class 25 1177 typedef struct _SYSTEM_MEMORY_INFO 1178 { 1179 PUCHAR StringOffset; 1180 USHORT ValidCount; 1181 USHORT TransitionCount; 1182 USHORT ModifiedCount; 1183 USHORT PageTableCount; 1184 } SYSTEM_MEMORY_INFO, *PSYSTEM_MEMORY_INFO; 1185 1186 typedef struct _SYSTEM_MEMORY_INFORMATION 1187 { 1188 ULONG InfoSize; 1189 ULONG StringStart; 1190 SYSTEM_MEMORY_INFO Memory[1]; 1191 } SYSTEM_MEMORY_INFORMATION, *PSYSTEM_MEMORY_INFORMATION; 1192 1193 // Class 26 1194 typedef struct _SYSTEM_GDI_DRIVER_INFORMATION 1195 { 1196 UNICODE_STRING DriverName; 1197 PVOID ImageAddress; 1198 PVOID SectionPointer; 1199 PVOID EntryPoint; 1200 PIMAGE_EXPORT_DIRECTORY ExportSectionPointer; 1201 ULONG ImageLength; 1202 } SYSTEM_GDI_DRIVER_INFORMATION, *PSYSTEM_GDI_DRIVER_INFORMATION; 1203 1204 // Class 27 1205 // Not an actually class, simply a PVOID to the ImageAddress 1206 1207 // Class 28 1208 typedef struct _SYSTEM_QUERY_TIME_ADJUST_INFORMATION 1209 { 1210 ULONG TimeAdjustment; 1211 ULONG TimeIncrement; 1212 BOOLEAN Enable; 1213 } SYSTEM_QUERY_TIME_ADJUST_INFORMATION, *PSYSTEM_QUERY_TIME_ADJUST_INFORMATION; 1214 1215 typedef struct _SYSTEM_SET_TIME_ADJUST_INFORMATION 1216 { 1217 ULONG TimeAdjustment; 1218 BOOLEAN Enable; 1219 } SYSTEM_SET_TIME_ADJUST_INFORMATION, *PSYSTEM_SET_TIME_ADJUST_INFORMATION; 1220 1221 // Class 29 - Same as 25 1222 1223 // FIXME: Class 30 1224 1225 // Class 31 1226 typedef struct _SYSTEM_REF_TRACE_INFORMATION 1227 { 1228 UCHAR TraceEnable; 1229 UCHAR TracePermanent; 1230 UNICODE_STRING TraceProcessName; 1231 UNICODE_STRING TracePoolTags; 1232 } SYSTEM_REF_TRACE_INFORMATION, *PSYSTEM_REF_TRACE_INFORMATION; 1233 1234 // Class 32 - OBSOLETE 1235 1236 // Class 33 1237 typedef struct _SYSTEM_EXCEPTION_INFORMATION 1238 { 1239 ULONG AlignmentFixupCount; 1240 ULONG ExceptionDispatchCount; 1241 ULONG FloatingEmulationCount; 1242 ULONG ByteWordEmulationCount; 1243 } SYSTEM_EXCEPTION_INFORMATION, *PSYSTEM_EXCEPTION_INFORMATION; 1244 1245 // Class 34 1246 typedef struct _SYSTEM_CRASH_STATE_INFORMATION 1247 { 1248 ULONG ValidCrashDump; 1249 } SYSTEM_CRASH_STATE_INFORMATION, *PSYSTEM_CRASH_STATE_INFORMATION; 1250 1251 // Class 35 1252 typedef struct _SYSTEM_KERNEL_DEBUGGER_INFORMATION 1253 { 1254 BOOLEAN KernelDebuggerEnabled; 1255 BOOLEAN KernelDebuggerNotPresent; 1256 } SYSTEM_KERNEL_DEBUGGER_INFORMATION, *PSYSTEM_KERNEL_DEBUGGER_INFORMATION; 1257 1258 // Class 36 1259 typedef struct _SYSTEM_CONTEXT_SWITCH_INFORMATION 1260 { 1261 ULONG ContextSwitches; 1262 ULONG FindAny; 1263 ULONG FindLast; 1264 ULONG FindIdeal; 1265 ULONG IdleAny; 1266 ULONG IdleCurrent; 1267 ULONG IdleLast; 1268 ULONG IdleIdeal; 1269 ULONG PreemptAny; 1270 ULONG PreemptCurrent; 1271 ULONG PreemptLast; 1272 ULONG SwitchToIdle; 1273 } SYSTEM_CONTEXT_SWITCH_INFORMATION, *PSYSTEM_CONTEXT_SWITCH_INFORMATION; 1274 1275 // Class 37 1276 typedef struct _SYSTEM_REGISTRY_QUOTA_INFORMATION 1277 { 1278 ULONG RegistryQuotaAllowed; 1279 ULONG RegistryQuotaUsed; 1280 SIZE_T PagedPoolSize; 1281 } SYSTEM_REGISTRY_QUOTA_INFORMATION, *PSYSTEM_REGISTRY_QUOTA_INFORMATION; 1282 1283 // Class 38 1284 // Not a structure, simply send the UNICODE_STRING 1285 1286 // Class 39 1287 // Not a structure, simply send a ULONG containing the new separation 1288 1289 // Class 40 1290 typedef struct _SYSTEM_PLUGPLAY_BUS_INFORMATION 1291 { 1292 ULONG BusCount; 1293 PLUGPLAY_BUS_INSTANCE BusInstance[1]; 1294 } SYSTEM_PLUGPLAY_BUS_INFORMATION, *PSYSTEM_PLUGPLAY_BUS_INFORMATION; 1295 1296 // Class 41 1297 typedef struct _SYSTEM_DOCK_INFORMATION 1298 { 1299 SYSTEM_DOCK_STATE DockState; 1300 INTERFACE_TYPE DeviceBusType; 1301 ULONG DeviceBusNumber; 1302 ULONG SlotNumber; 1303 } SYSTEM_DOCK_INFORMATION, *PSYSTEM_DOCK_INFORMATION; 1304 1305 // Class 42 1306 typedef struct _SYSTEM_POWER_INFORMATION_NATIVE 1307 { 1308 BOOLEAN SystemSuspendSupported; 1309 BOOLEAN SystemHibernateSupported; 1310 BOOLEAN ResumeTimerSupportsSuspend; 1311 BOOLEAN ResumeTimerSupportsHibernate; 1312 BOOLEAN LidSupported; 1313 BOOLEAN TurboSettingSupported; 1314 BOOLEAN TurboMode; 1315 BOOLEAN SystemAcOrDc; 1316 BOOLEAN PowerDownDisabled; 1317 LARGE_INTEGER SpindownDrives; 1318 } SYSTEM_POWER_INFORMATION_NATIVE, *PSYSTEM_POWER_INFORMATION_NATIVE; 1319 1320 // Class 43 1321 typedef struct _SYSTEM_LEGACY_DRIVER_INFORMATION 1322 { 1323 PNP_VETO_TYPE VetoType; 1324 UNICODE_STRING VetoDriver; 1325 } SYSTEM_LEGACY_DRIVER_INFORMATION, *PSYSTEM_LEGACY_DRIVER_INFORMATION; 1326 1327 // Class 44 1328 //typedef struct _TIME_ZONE_INFORMATION RTL_TIME_ZONE_INFORMATION; 1329 1330 // Class 45 1331 typedef struct _SYSTEM_LOOKASIDE_INFORMATION 1332 { 1333 USHORT CurrentDepth; 1334 USHORT MaximumDepth; 1335 ULONG TotalAllocates; 1336 ULONG AllocateMisses; 1337 ULONG TotalFrees; 1338 ULONG FreeMisses; 1339 ULONG Type; 1340 ULONG Tag; 1341 ULONG Size; 1342 } SYSTEM_LOOKASIDE_INFORMATION, *PSYSTEM_LOOKASIDE_INFORMATION; 1343 1344 // Class 46 1345 // Not a structure. Only a HANDLE for the SlipEvent; 1346 1347 // Class 47 1348 // Not a structure. Only a ULONG for the SessionId; 1349 1350 // Class 48 1351 // Not a structure. Only a ULONG for the SessionId; 1352 1353 // FIXME: Class 49 1354 1355 // Class 50 1356 // Not a structure. Only a ULONG_PTR for the SystemRangeStart 1357 1358 // Class 51 1359 typedef struct _SYSTEM_VERIFIER_INFORMATION 1360 { 1361 ULONG NextEntryOffset; 1362 ULONG Level; 1363 UNICODE_STRING DriverName; 1364 ULONG RaiseIrqls; 1365 ULONG AcquireSpinLocks; 1366 ULONG SynchronizeExecutions; 1367 ULONG AllocationsAttempted; 1368 ULONG AllocationsSucceeded; 1369 ULONG AllocationsSucceededSpecialPool; 1370 ULONG AllocationsWithNoTag; 1371 ULONG TrimRequests; 1372 ULONG Trims; 1373 ULONG AllocationsFailed; 1374 ULONG AllocationsFailedDeliberately; 1375 ULONG Loads; 1376 ULONG Unloads; 1377 ULONG UnTrackedPool; 1378 ULONG CurrentPagedPoolAllocations; 1379 ULONG CurrentNonPagedPoolAllocations; 1380 ULONG PeakPagedPoolAllocations; 1381 ULONG PeakNonPagedPoolAllocations; 1382 SIZE_T PagedPoolUsageInBytes; 1383 SIZE_T NonPagedPoolUsageInBytes; 1384 SIZE_T PeakPagedPoolUsageInBytes; 1385 SIZE_T PeakNonPagedPoolUsageInBytes; 1386 } SYSTEM_VERIFIER_INFORMATION, *PSYSTEM_VERIFIER_INFORMATION; 1387 1388 // FIXME: Class 52 1389 1390 // Class 53 1391 typedef struct _SYSTEM_SESSION_PROCESS_INFORMATION 1392 { 1393 ULONG SessionId; 1394 ULONG SizeOfBuf; 1395 PVOID Buffer; // Same format as in SystemProcessInformation 1396 } SYSTEM_SESSION_PROCESS_INFORMATION, *PSYSTEM_SESSION_PROCESS_INFORMATION; 1397 1398 // FIXME: Class 54 1399 1400 // Class 55 1401 #define MAXIMUM_NUMA_NODES 16 1402 typedef struct _SYSTEM_NUMA_INFORMATION 1403 { 1404 ULONG HighestNodeNumber; 1405 ULONG Reserved; 1406 union 1407 { 1408 ULONGLONG ActiveProcessorsAffinityMask[MAXIMUM_NUMA_NODES]; 1409 ULONGLONG AvailableMemory[MAXIMUM_NUMA_NODES]; 1410 }; 1411 } SYSTEM_NUMA_INFORMATION, *PSYSTEM_NUMA_INFORMATION; 1412 1413 // FIXME: Class 56-63 1414 1415 // Class 64 1416 typedef struct _SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX 1417 { 1418 PVOID Object; 1419 ULONG_PTR UniqueProcessId; 1420 ULONG_PTR HandleValue; 1421 ULONG GrantedAccess; 1422 USHORT CreatorBackTraceIndex; 1423 USHORT ObjectTypeIndex; 1424 ULONG HandleAttributes; 1425 ULONG Reserved; 1426 } SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX, *PSYSTEM_HANDLE_TABLE_ENTRY_INFO_EX; 1427 1428 typedef struct _SYSTEM_HANDLE_INFORMATION_EX 1429 { 1430 ULONG_PTR Count; 1431 ULONG_PTR Reserved; 1432 SYSTEM_HANDLE_TABLE_ENTRY_INFO_EX Handle[1]; 1433 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 1434 1435 // FIXME: Class 65-89 1436 1437 // Class 90 1438 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1439 typedef struct _SYSTEM_BOOT_ENVIRONMENT_INFORMATION 1440 { 1441 GUID BootIdentifier; 1442 FIRMWARE_TYPE FirmwareType; 1443 #if (NTDDI_VERSION >= NTDDI_WIN8) 1444 ULONGLONG BootFlags; 1445 #endif 1446 } SYSTEM_BOOT_ENVIRONMENT_INFORMATION, *PSYSTEM_BOOT_ENVIRONMENT_INFORMATION; 1447 #endif 1448 1449 #if (NTDDI_VERSION >= NTDDI_WIN8) 1450 typedef struct _SYSTEM_BOOT_ENVIRONMENT_V1 1451 { 1452 GUID BootIdentifier; 1453 FIRMWARE_TYPE FirmwareType; 1454 } SYSTEM_BOOT_ENVIRONMENT_V1, *PSYSTEM_BOOT_ENVIRONMENT_V1; 1455 #endif 1456 1457 // FIXME: Class 91-97 1458 1459 // 1460 // Hotpatch flags 1461 // 1462 #define RTL_HOTPATCH_SUPPORTED_FLAG 0x01 1463 #define RTL_HOTPATCH_SWAP_OBJECT_NAMES 0x08 << 24 1464 #define RTL_HOTPATCH_SYNC_RENAME_FILES 0x10 << 24 1465 #define RTL_HOTPATCH_PATCH_USER_MODE 0x20 << 24 1466 #define RTL_HOTPATCH_REMAP_SYSTEM_DLL 0x40 << 24 1467 #define RTL_HOTPATCH_PATCH_KERNEL_MODE 0x80 << 24 1468 1469 1470 // Class 69 1471 typedef struct _SYSTEM_HOTPATCH_CODE_INFORMATION 1472 { 1473 ULONG Flags; 1474 ULONG InfoSize; 1475 union 1476 { 1477 struct 1478 { 1479 ULONG Foo; 1480 } CodeInfo; 1481 struct 1482 { 1483 USHORT NameOffset; 1484 USHORT NameLength; 1485 } KernelInfo; 1486 struct 1487 { 1488 USHORT NameOffset; 1489 USHORT NameLength; 1490 USHORT TargetNameOffset; 1491 USHORT TargetNameLength; 1492 UCHAR PatchingFinished; 1493 } UserModeInfo; 1494 struct 1495 { 1496 USHORT NameOffset; 1497 USHORT NameLength; 1498 USHORT TargetNameOffset; 1499 USHORT TargetNameLength; 1500 UCHAR PatchingFinished; 1501 NTSTATUS ReturnCode; 1502 HANDLE TargetProcess; 1503 } InjectionInfo; 1504 struct 1505 { 1506 HANDLE FileHandle1; 1507 PIO_STATUS_BLOCK IoStatusBlock1; 1508 PVOID RenameInformation1; 1509 PVOID RenameInformationLength1; 1510 HANDLE FileHandle2; 1511 PIO_STATUS_BLOCK IoStatusBlock2; 1512 PVOID RenameInformation2; 1513 PVOID RenameInformationLength2; 1514 } RenameInfo; 1515 struct 1516 { 1517 HANDLE ParentDirectory; 1518 HANDLE ObjectHandle1; 1519 HANDLE ObjectHandle2; 1520 } AtomicSwap; 1521 }; 1522 } SYSTEM_HOTPATCH_CODE_INFORMATION, *PSYSTEM_HOTPATCH_CODE_INFORMATION; 1523 1524 // 1525 // Class 75 1526 // 1527 #ifdef NTOS_MODE_USER 1528 typedef struct _SYSTEM_FIRMWARE_TABLE_HANDLER 1529 { 1530 ULONG ProviderSignature; 1531 BOOLEAN Register; 1532 PFNFTH FirmwareTableHandler; 1533 PVOID DriverObject; 1534 } SYSTEM_FIRMWARE_TABLE_HANDLER, *PSYSTEM_FIRMWARE_TABLE_HANDLER; 1535 1536 // 1537 // Class 76 1538 // 1539 typedef struct _SYSTEM_FIRMWARE_TABLE_INFORMATION 1540 { 1541 ULONG ProviderSignature; 1542 SYSTEM_FIRMWARE_TABLE_ACTION Action; 1543 ULONG TableID; 1544 ULONG TableBufferLength; 1545 UCHAR TableBuffer[1]; 1546 } SYSTEM_FIRMWARE_TABLE_INFORMATION, *PSYSTEM_FIRMWARE_TABLE_INFORMATION; 1547 1548 #endif // !NTOS_MODE_USER 1549 1550 // 1551 // Class 80 1552 // 1553 typedef struct _SYSTEM_MEMORY_LIST_INFORMATION 1554 { 1555 SIZE_T ZeroPageCount; 1556 SIZE_T FreePageCount; 1557 SIZE_T ModifiedPageCount; 1558 SIZE_T ModifiedNoWritePageCount; 1559 SIZE_T BadPageCount; 1560 SIZE_T PageCountByPriority[8]; 1561 SIZE_T RepurposedPagesByPriority[8]; 1562 SIZE_T ModifiedPageCountPageFile; 1563 } SYSTEM_MEMORY_LIST_INFORMATION, *PSYSTEM_MEMORY_LIST_INFORMATION; 1564 1565 // 1566 // Firmware variable attributes 1567 // 1568 #define VARIABLE_ATTRIBUTE_NON_VOLATILE 0x00000001 1569 #define VARIABLE_ATTRIBUTE_BOOTSERVICE_ACCESS 0x00000002 1570 #define VARIABLE_ATTRIBUTE_RUNTIME_ACCESS 0x00000004 1571 #define VARIABLE_ATTRIBUTE_HARDWARE_ERROR_RECORD 0x00000008 1572 #define VARIABLE_ATTRIBUTE_AUTHENTICATED_WRITE_ACCESS 0x00000010 1573 #define VARIABLE_ATTRIBUTE_TIME_BASED_AUTHENTICATED_WRITE_ACCESS 0x00000020 1574 #define VARIABLE_ATTRIBUTE_APPEND_WRITE 0x00000040 1575 1576 #ifdef __cplusplus 1577 }; // extern "C" 1578 #endif 1579 1580 #endif // !_EXTYPES_H 1581