1 // Copyright 2013 The Chromium Authors. All rights reserved. 2 // Use of this source code is governed by a BSD-style license that can be 3 // found in the LICENSE file. 4 5 // This file holds definitions related to the ntdll API. 6 7 #ifndef SANDBOX_WIN_SRC_NT_INTERNALS_H__ 8 #define SANDBOX_WIN_SRC_NT_INTERNALS_H__ 9 10 #include <windows.h> 11 12 #include <stddef.h> 13 14 typedef LONG NTSTATUS; 15 #define NT_SUCCESS(st) (st >= 0) 16 17 #define STATUS_SUCCESS ((NTSTATUS)0x00000000L) 18 #define STATUS_BUFFER_OVERFLOW ((NTSTATUS)0x80000005L) 19 #define STATUS_UNSUCCESSFUL ((NTSTATUS)0xC0000001L) 20 #define STATUS_NOT_IMPLEMENTED ((NTSTATUS)0xC0000002L) 21 #define STATUS_INFO_LENGTH_MISMATCH ((NTSTATUS)0xC0000004L) 22 #ifndef STATUS_INVALID_PARAMETER 23 // It is now defined in Windows 2008 SDK. 24 #define STATUS_INVALID_PARAMETER ((NTSTATUS)0xC000000DL) 25 #endif 26 #define STATUS_CONFLICTING_ADDRESSES ((NTSTATUS)0xC0000018L) 27 #define STATUS_ACCESS_DENIED ((NTSTATUS)0xC0000022L) 28 #define STATUS_BUFFER_TOO_SMALL ((NTSTATUS)0xC0000023L) 29 #define STATUS_OBJECT_NAME_NOT_FOUND ((NTSTATUS)0xC0000034L) 30 #define STATUS_OBJECT_NAME_COLLISION ((NTSTATUS)0xC0000035L) 31 #define STATUS_PROCEDURE_NOT_FOUND ((NTSTATUS)0xC000007AL) 32 #define STATUS_INVALID_IMAGE_FORMAT ((NTSTATUS)0xC000007BL) 33 #define STATUS_NO_TOKEN ((NTSTATUS)0xC000007CL) 34 #define STATUS_NOT_SUPPORTED ((NTSTATUS)0xC00000BBL) 35 36 #define CURRENT_PROCESS ((HANDLE)-1) 37 #define CURRENT_THREAD ((HANDLE)-2) 38 #define NtCurrentProcess CURRENT_PROCESS 39 40 typedef struct _UNICODE_STRING { 41 USHORT Length; 42 USHORT MaximumLength; 43 PWSTR Buffer; 44 } UNICODE_STRING; 45 typedef UNICODE_STRING* PUNICODE_STRING; 46 typedef const UNICODE_STRING* PCUNICODE_STRING; 47 48 typedef struct _STRING { 49 USHORT Length; 50 USHORT MaximumLength; 51 PCHAR Buffer; 52 } STRING; 53 typedef STRING* PSTRING; 54 55 typedef STRING ANSI_STRING; 56 typedef PSTRING PANSI_STRING; 57 typedef CONST PSTRING PCANSI_STRING; 58 59 typedef STRING OEM_STRING; 60 typedef PSTRING POEM_STRING; 61 typedef CONST STRING* PCOEM_STRING; 62 63 #define OBJ_CASE_INSENSITIVE 0x00000040L 64 #define OBJ_OPENIF 0x00000080L 65 66 typedef struct _OBJECT_ATTRIBUTES { 67 ULONG Length; 68 HANDLE RootDirectory; 69 PUNICODE_STRING ObjectName; 70 ULONG Attributes; 71 PVOID SecurityDescriptor; 72 PVOID SecurityQualityOfService; 73 } OBJECT_ATTRIBUTES; 74 typedef OBJECT_ATTRIBUTES* POBJECT_ATTRIBUTES; 75 76 #define InitializeObjectAttributes(p, n, a, r, s) \ 77 { \ 78 (p)->Length = sizeof(OBJECT_ATTRIBUTES); \ 79 (p)->RootDirectory = r; \ 80 (p)->Attributes = a; \ 81 (p)->ObjectName = n; \ 82 (p)->SecurityDescriptor = s; \ 83 (p)->SecurityQualityOfService = nullptr; \ 84 } 85 86 typedef struct _IO_STATUS_BLOCK { 87 union { 88 NTSTATUS Status; 89 PVOID Pointer; 90 }; 91 ULONG_PTR Information; 92 } IO_STATUS_BLOCK, *PIO_STATUS_BLOCK; 93 94 // ----------------------------------------------------------------------- 95 // File IO 96 97 // Create disposition values. 98 99 #define FILE_SUPERSEDE 0x00000000 100 #define FILE_OPEN 0x00000001 101 #define FILE_CREATE 0x00000002 102 #define FILE_OPEN_IF 0x00000003 103 #define FILE_OVERWRITE 0x00000004 104 #define FILE_OVERWRITE_IF 0x00000005 105 #define FILE_MAXIMUM_DISPOSITION 0x00000005 106 107 // Create/open option flags. 108 109 #define FILE_DIRECTORY_FILE 0x00000001 110 #define FILE_WRITE_THROUGH 0x00000002 111 #define FILE_SEQUENTIAL_ONLY 0x00000004 112 #define FILE_NO_INTERMEDIATE_BUFFERING 0x00000008 113 114 #define FILE_SYNCHRONOUS_IO_ALERT 0x00000010 115 #define FILE_SYNCHRONOUS_IO_NONALERT 0x00000020 116 #define FILE_NON_DIRECTORY_FILE 0x00000040 117 #define FILE_CREATE_TREE_CONNECTION 0x00000080 118 119 #define FILE_COMPLETE_IF_OPLOCKED 0x00000100 120 #define FILE_NO_EA_KNOWLEDGE 0x00000200 121 #define FILE_OPEN_REMOTE_INSTANCE 0x00000400 122 #define FILE_RANDOM_ACCESS 0x00000800 123 124 #define FILE_DELETE_ON_CLOSE 0x00001000 125 #define FILE_OPEN_BY_FILE_ID 0x00002000 126 #define FILE_OPEN_FOR_BACKUP_INTENT 0x00004000 127 #define FILE_NO_COMPRESSION 0x00008000 128 129 #define FILE_RESERVE_OPFILTER 0x00100000 130 #define FILE_OPEN_REPARSE_POINT 0x00200000 131 #define FILE_OPEN_NO_RECALL 0x00400000 132 #define FILE_OPEN_FOR_FREE_SPACE_QUERY 0x00800000 133 134 // Create/open result values. These are the disposition values returned on the 135 // io status information. 136 #define FILE_SUPERSEDED 0x00000000 137 #define FILE_OPENED 0x00000001 138 #define FILE_CREATED 0x00000002 139 #define FILE_OVERWRITTEN 0x00000003 140 #define FILE_EXISTS 0x00000004 141 #define FILE_DOES_NOT_EXIST 0x00000005 142 143 typedef NTSTATUS(WINAPI* NtCreateFileFunction)( 144 OUT PHANDLE FileHandle, 145 IN ACCESS_MASK DesiredAccess, 146 IN POBJECT_ATTRIBUTES ObjectAttributes, 147 OUT PIO_STATUS_BLOCK IoStatusBlock, 148 IN PLARGE_INTEGER AllocationSize OPTIONAL, 149 IN ULONG FileAttributes, 150 IN ULONG ShareAccess, 151 IN ULONG CreateDisposition, 152 IN ULONG CreateOptions, 153 IN PVOID EaBuffer OPTIONAL, 154 IN ULONG EaLength); 155 156 typedef NTSTATUS(WINAPI* NtOpenFileFunction)(OUT PHANDLE FileHandle, 157 IN ACCESS_MASK DesiredAccess, 158 IN POBJECT_ATTRIBUTES 159 ObjectAttributes, 160 OUT PIO_STATUS_BLOCK IoStatusBlock, 161 IN ULONG ShareAccess, 162 IN ULONG OpenOptions); 163 164 typedef NTSTATUS(WINAPI* NtCloseFunction)(IN HANDLE Handle); 165 166 typedef enum _FILE_INFORMATION_CLASS { 167 FileRenameInformation = 10 168 } FILE_INFORMATION_CLASS, 169 *PFILE_INFORMATION_CLASS; 170 171 typedef struct _FILE_RENAME_INFORMATION { 172 BOOLEAN ReplaceIfExists; 173 HANDLE RootDirectory; 174 ULONG FileNameLength; 175 WCHAR FileName[1]; 176 } FILE_RENAME_INFORMATION, *PFILE_RENAME_INFORMATION; 177 178 typedef NTSTATUS(WINAPI* NtSetInformationFileFunction)( 179 IN HANDLE FileHandle, 180 OUT PIO_STATUS_BLOCK IoStatusBlock, 181 IN PVOID FileInformation, 182 IN ULONG Length, 183 IN FILE_INFORMATION_CLASS FileInformationClass); 184 185 typedef struct FILE_BASIC_INFORMATION { 186 LARGE_INTEGER CreationTime; 187 LARGE_INTEGER LastAccessTime; 188 LARGE_INTEGER LastWriteTime; 189 LARGE_INTEGER ChangeTime; 190 ULONG FileAttributes; 191 } FILE_BASIC_INFORMATION, *PFILE_BASIC_INFORMATION; 192 193 typedef NTSTATUS(WINAPI* NtQueryAttributesFileFunction)( 194 IN POBJECT_ATTRIBUTES ObjectAttributes, 195 OUT PFILE_BASIC_INFORMATION FileAttributes); 196 197 typedef struct _FILE_NETWORK_OPEN_INFORMATION { 198 LARGE_INTEGER CreationTime; 199 LARGE_INTEGER LastAccessTime; 200 LARGE_INTEGER LastWriteTime; 201 LARGE_INTEGER ChangeTime; 202 LARGE_INTEGER AllocationSize; 203 LARGE_INTEGER EndOfFile; 204 ULONG FileAttributes; 205 } FILE_NETWORK_OPEN_INFORMATION, *PFILE_NETWORK_OPEN_INFORMATION; 206 207 typedef NTSTATUS(WINAPI* NtQueryFullAttributesFileFunction)( 208 IN POBJECT_ATTRIBUTES ObjectAttributes, 209 OUT PFILE_NETWORK_OPEN_INFORMATION FileAttributes); 210 211 // ----------------------------------------------------------------------- 212 // Sections 213 214 typedef NTSTATUS(WINAPI* NtCreateSectionFunction)( 215 OUT PHANDLE SectionHandle, 216 IN ACCESS_MASK DesiredAccess, 217 IN POBJECT_ATTRIBUTES ObjectAttributes OPTIONAL, 218 IN PLARGE_INTEGER MaximumSize OPTIONAL, 219 IN ULONG SectionPageProtection, 220 IN ULONG AllocationAttributes, 221 IN HANDLE FileHandle OPTIONAL); 222 223 typedef ULONG SECTION_INHERIT; 224 #define ViewShare 1 225 #define ViewUnmap 2 226 227 typedef NTSTATUS(WINAPI* NtMapViewOfSectionFunction)( 228 IN HANDLE SectionHandle, 229 IN HANDLE ProcessHandle, 230 IN OUT PVOID* BaseAddress, 231 IN ULONG_PTR ZeroBits, 232 IN SIZE_T CommitSize, 233 IN OUT PLARGE_INTEGER SectionOffset OPTIONAL, 234 IN OUT PSIZE_T ViewSize, 235 IN SECTION_INHERIT InheritDisposition, 236 IN ULONG AllocationType, 237 IN ULONG Win32Protect); 238 239 typedef NTSTATUS(WINAPI* NtUnmapViewOfSectionFunction)(IN HANDLE ProcessHandle, 240 IN PVOID BaseAddress); 241 242 typedef enum _SECTION_INFORMATION_CLASS { 243 SectionBasicInformation = 0, 244 SectionImageInformation 245 } SECTION_INFORMATION_CLASS; 246 247 typedef struct _SECTION_BASIC_INFORMATION { 248 PVOID BaseAddress; 249 ULONG Attributes; 250 LARGE_INTEGER Size; 251 } SECTION_BASIC_INFORMATION, *PSECTION_BASIC_INFORMATION; 252 253 typedef NTSTATUS(WINAPI* NtQuerySectionFunction)( 254 IN HANDLE SectionHandle, 255 IN SECTION_INFORMATION_CLASS SectionInformationClass, 256 OUT PVOID SectionInformation, 257 IN SIZE_T SectionInformationLength, 258 OUT PSIZE_T ReturnLength OPTIONAL); 259 260 // ----------------------------------------------------------------------- 261 // Process and Thread 262 263 typedef struct _CLIENT_ID { 264 PVOID UniqueProcess; 265 PVOID UniqueThread; 266 } CLIENT_ID, *PCLIENT_ID; 267 268 typedef NTSTATUS(WINAPI* NtOpenThreadFunction)(OUT PHANDLE ThreadHandle, 269 IN ACCESS_MASK DesiredAccess, 270 IN POBJECT_ATTRIBUTES 271 ObjectAttributes, 272 IN PCLIENT_ID ClientId); 273 274 typedef NTSTATUS(WINAPI* NtOpenProcessFunction)(OUT PHANDLE ProcessHandle, 275 IN ACCESS_MASK DesiredAccess, 276 IN POBJECT_ATTRIBUTES 277 ObjectAttributes, 278 IN PCLIENT_ID ClientId); 279 280 typedef enum _NT_THREAD_INFORMATION_CLASS { 281 ThreadBasicInformation, 282 ThreadTimes, 283 ThreadPriority, 284 ThreadBasePriority, 285 ThreadAffinityMask, 286 ThreadImpersonationToken, 287 ThreadDescriptorTableEntry, 288 ThreadEnableAlignmentFaultFixup, 289 ThreadEventPair, 290 ThreadQuerySetWin32StartAddress, 291 ThreadZeroTlsCell, 292 ThreadPerformanceCount, 293 ThreadAmILastThread, 294 ThreadIdealProcessor, 295 ThreadPriorityBoost, 296 ThreadSetTlsArrayAddress, 297 ThreadIsIoPending, 298 ThreadHideFromDebugger 299 } NT_THREAD_INFORMATION_CLASS, 300 *PNT_THREAD_INFORMATION_CLASS; 301 302 typedef NTSTATUS(WINAPI* NtSetInformationThreadFunction)( 303 IN HANDLE ThreadHandle, 304 IN NT_THREAD_INFORMATION_CLASS ThreadInformationClass, 305 IN PVOID ThreadInformation, 306 IN ULONG ThreadInformationLength); 307 308 // Partial definition only: 309 typedef enum _PROCESSINFOCLASS { 310 ProcessBasicInformation = 0, 311 ProcessExecuteFlags = 0x22 312 } PROCESSINFOCLASS; 313 314 // Partial definition only. 315 typedef struct _PEB { 316 BYTE InheritedAddressSpace; 317 BYTE ReadImageFileExecOptions; 318 BYTE BeingDebugged; 319 BYTE SpareBool; 320 PVOID Mutant; 321 PVOID ImageBaseAddress; 322 PVOID Ldr; 323 PVOID ProcessParameters; 324 } PEB, *PPEB; 325 326 typedef LONG KPRIORITY; 327 328 typedef struct _PROCESS_BASIC_INFORMATION { 329 union { 330 NTSTATUS ExitStatus; 331 PVOID padding_for_x64_0; 332 }; 333 PPEB PebBaseAddress; 334 KAFFINITY AffinityMask; 335 union { 336 KPRIORITY BasePriority; 337 PVOID padding_for_x64_1; 338 }; 339 union { 340 DWORD UniqueProcessId; 341 PVOID padding_for_x64_2; 342 }; 343 union { 344 DWORD InheritedFromUniqueProcessId; 345 PVOID padding_for_x64_3; 346 }; 347 } PROCESS_BASIC_INFORMATION, *PPROCESS_BASIC_INFORMATION; 348 349 typedef NTSTATUS(WINAPI* NtQueryInformationProcessFunction)( 350 IN HANDLE ProcessHandle, 351 IN PROCESSINFOCLASS ProcessInformationClass, 352 OUT PVOID ProcessInformation, 353 IN ULONG ProcessInformationLength, 354 OUT PULONG ReturnLength OPTIONAL); 355 356 typedef NTSTATUS(WINAPI* NtSetInformationProcessFunction)( 357 HANDLE ProcessHandle, 358 IN PROCESSINFOCLASS ProcessInformationClass, 359 IN PVOID ProcessInformation, 360 IN ULONG ProcessInformationLength); 361 362 typedef NTSTATUS(WINAPI* NtOpenThreadTokenFunction)(IN HANDLE ThreadHandle, 363 IN ACCESS_MASK 364 DesiredAccess, 365 IN BOOLEAN OpenAsSelf, 366 OUT PHANDLE TokenHandle); 367 368 typedef NTSTATUS(WINAPI* NtOpenThreadTokenExFunction)(IN HANDLE ThreadHandle, 369 IN ACCESS_MASK 370 DesiredAccess, 371 IN BOOLEAN OpenAsSelf, 372 IN ULONG HandleAttributes, 373 OUT PHANDLE TokenHandle); 374 375 typedef NTSTATUS(WINAPI* NtOpenProcessTokenFunction)(IN HANDLE ProcessHandle, 376 IN ACCESS_MASK 377 DesiredAccess, 378 OUT PHANDLE TokenHandle); 379 380 typedef NTSTATUS(WINAPI* NtOpenProcessTokenExFunction)( 381 IN HANDLE ProcessHandle, 382 IN ACCESS_MASK DesiredAccess, 383 IN ULONG HandleAttributes, 384 OUT PHANDLE TokenHandle); 385 386 typedef NTSTATUS(WINAPI* NtQueryInformationTokenFunction)( 387 IN HANDLE TokenHandle, 388 IN TOKEN_INFORMATION_CLASS TokenInformationClass, 389 OUT PVOID TokenInformation, 390 IN ULONG TokenInformationLength, 391 OUT PULONG ReturnLength); 392 393 typedef NTSTATUS(WINAPI* RtlCreateUserThreadFunction)( 394 IN HANDLE Process, 395 IN PSECURITY_DESCRIPTOR ThreadSecurityDescriptor, 396 IN BOOLEAN CreateSuspended, 397 IN ULONG ZeroBits, 398 IN SIZE_T MaximumStackSize, 399 IN SIZE_T CommittedStackSize, 400 IN LPTHREAD_START_ROUTINE StartAddress, 401 IN PVOID Parameter, 402 OUT PHANDLE Thread, 403 OUT PCLIENT_ID ClientId); 404 405 typedef NTSTATUS(WINAPI* RtlConvertSidToUnicodeStringFunction)( 406 OUT PUNICODE_STRING UnicodeString, 407 IN PSID Sid, 408 IN BOOLEAN AllocateDestinationString); 409 410 typedef VOID(WINAPI* RtlFreeUnicodeStringFunction)( 411 IN OUT PUNICODE_STRING UnicodeString); 412 413 // ----------------------------------------------------------------------- 414 // Registry 415 416 typedef enum _KEY_INFORMATION_CLASS { 417 KeyBasicInformation = 0, 418 KeyFullInformation = 2 419 } KEY_INFORMATION_CLASS, 420 *PKEY_INFORMATION_CLASS; 421 422 typedef struct _KEY_BASIC_INFORMATION { 423 LARGE_INTEGER LastWriteTime; 424 ULONG TitleIndex; 425 ULONG NameLength; 426 WCHAR Name[1]; 427 } KEY_BASIC_INFORMATION, *PKEY_BASIC_INFORMATION; 428 429 typedef struct _KEY_FULL_INFORMATION { 430 LARGE_INTEGER LastWriteTime; 431 ULONG TitleIndex; 432 ULONG ClassOffset; 433 ULONG ClassLength; 434 ULONG SubKeys; 435 ULONG MaxNameLen; 436 ULONG MaxClassLen; 437 ULONG Values; 438 ULONG MaxValueNameLen; 439 ULONG MaxValueDataLen; 440 WCHAR Class[1]; 441 } KEY_FULL_INFORMATION, *PKEY_FULL_INFORMATION; 442 443 typedef enum _KEY_VALUE_INFORMATION_CLASS { 444 KeyValueFullInformation = 1 445 } KEY_VALUE_INFORMATION_CLASS, 446 *PKEY_VALUE_INFORMATION_CLASS; 447 448 typedef struct _KEY_VALUE_FULL_INFORMATION { 449 ULONG TitleIndex; 450 ULONG Type; 451 ULONG DataOffset; 452 ULONG DataLength; 453 ULONG NameLength; 454 WCHAR Name[1]; 455 } KEY_VALUE_FULL_INFORMATION, *PKEY_VALUE_FULL_INFORMATION; 456 457 typedef NTSTATUS(WINAPI* NtCreateKeyFunction)(OUT PHANDLE KeyHandle, 458 IN ACCESS_MASK DesiredAccess, 459 IN POBJECT_ATTRIBUTES 460 ObjectAttributes, 461 IN ULONG TitleIndex, 462 IN PUNICODE_STRING Class OPTIONAL, 463 IN ULONG CreateOptions, 464 OUT PULONG Disposition OPTIONAL); 465 466 typedef NTSTATUS(WINAPI* NtOpenKeyFunction)(OUT PHANDLE KeyHandle, 467 IN ACCESS_MASK DesiredAccess, 468 IN POBJECT_ATTRIBUTES 469 ObjectAttributes); 470 471 typedef NTSTATUS(WINAPI* NtOpenKeyExFunction)(OUT PHANDLE KeyHandle, 472 IN ACCESS_MASK DesiredAccess, 473 IN POBJECT_ATTRIBUTES 474 ObjectAttributes, 475 IN DWORD open_options); 476 477 typedef NTSTATUS(WINAPI* NtDeleteKeyFunction)(IN HANDLE KeyHandle); 478 479 typedef NTSTATUS(WINAPI* RtlFormatCurrentUserKeyPathFunction)( 480 OUT PUNICODE_STRING RegistryPath); 481 482 typedef NTSTATUS(WINAPI* NtQueryKeyFunction)(IN HANDLE KeyHandle, 483 IN KEY_INFORMATION_CLASS 484 KeyInformationClass, 485 OUT PVOID KeyInformation, 486 IN ULONG Length, 487 OUT PULONG ResultLength); 488 489 typedef NTSTATUS(WINAPI* NtEnumerateKeyFunction)(IN HANDLE KeyHandle, 490 IN ULONG Index, 491 IN KEY_INFORMATION_CLASS 492 KeyInformationClass, 493 OUT PVOID KeyInformation, 494 IN ULONG Length, 495 OUT PULONG ResultLength); 496 497 typedef NTSTATUS(WINAPI* NtQueryValueKeyFunction)(IN HANDLE KeyHandle, 498 IN PUNICODE_STRING ValueName, 499 IN KEY_VALUE_INFORMATION_CLASS 500 KeyValueInformationClass, 501 OUT PVOID KeyValueInformation, 502 IN ULONG Length, 503 OUT PULONG ResultLength); 504 505 typedef NTSTATUS(WINAPI* NtSetValueKeyFunction)(IN HANDLE KeyHandle, 506 IN PUNICODE_STRING ValueName, 507 IN ULONG TitleIndex OPTIONAL, 508 IN ULONG Type, 509 IN PVOID Data, 510 IN ULONG DataSize); 511 512 // ----------------------------------------------------------------------- 513 // Memory 514 515 // Don't really need this structure right now. 516 typedef PVOID PRTL_HEAP_PARAMETERS; 517 518 typedef PVOID(WINAPI* RtlCreateHeapFunction)(IN ULONG Flags, 519 IN PVOID HeapBase OPTIONAL, 520 IN SIZE_T ReserveSize OPTIONAL, 521 IN SIZE_T CommitSize OPTIONAL, 522 IN PVOID Lock OPTIONAL, 523 IN PRTL_HEAP_PARAMETERS Parameters 524 OPTIONAL); 525 526 typedef PVOID(WINAPI* RtlDestroyHeapFunction)(IN PVOID HeapHandle); 527 528 typedef PVOID(WINAPI* RtlAllocateHeapFunction)(IN PVOID HeapHandle, 529 IN ULONG Flags, 530 IN SIZE_T Size); 531 532 typedef BOOLEAN(WINAPI* RtlFreeHeapFunction)(IN PVOID HeapHandle, 533 IN ULONG Flags, 534 IN PVOID HeapBase); 535 536 typedef NTSTATUS(WINAPI* NtAllocateVirtualMemoryFunction)( 537 IN HANDLE ProcessHandle, 538 IN OUT PVOID* BaseAddress, 539 IN ULONG_PTR ZeroBits, 540 IN OUT PSIZE_T RegionSize, 541 IN ULONG AllocationType, 542 IN ULONG Protect); 543 544 typedef NTSTATUS(WINAPI* NtFreeVirtualMemoryFunction)(IN HANDLE ProcessHandle, 545 IN OUT PVOID* BaseAddress, 546 IN OUT PSIZE_T RegionSize, 547 IN ULONG FreeType); 548 549 typedef enum _MEMORY_INFORMATION_CLASS { 550 MemoryBasicInformation = 0, 551 MemoryWorkingSetList, 552 MemorySectionName, 553 MemoryBasicVlmInformation 554 } MEMORY_INFORMATION_CLASS; 555 556 typedef struct _MEMORY_SECTION_NAME { // Information Class 2 557 UNICODE_STRING SectionFileName; 558 } MEMORY_SECTION_NAME, *PMEMORY_SECTION_NAME; 559 560 typedef NTSTATUS(WINAPI* NtQueryVirtualMemoryFunction)( 561 IN HANDLE ProcessHandle, 562 IN PVOID BaseAddress, 563 IN MEMORY_INFORMATION_CLASS MemoryInformationClass, 564 OUT PVOID MemoryInformation, 565 IN SIZE_T MemoryInformationLength, 566 OUT PSIZE_T ReturnLength OPTIONAL); 567 568 typedef NTSTATUS(WINAPI* NtProtectVirtualMemoryFunction)( 569 IN HANDLE ProcessHandle, 570 IN OUT PVOID* BaseAddress, 571 IN OUT PSIZE_T ProtectSize, 572 IN ULONG NewProtect, 573 OUT PULONG OldProtect); 574 575 // ----------------------------------------------------------------------- 576 // Objects 577 578 typedef enum _OBJECT_INFORMATION_CLASS { 579 ObjectBasicInformation, 580 ObjectNameInformation, 581 ObjectTypeInformation, 582 ObjectAllInformation, 583 ObjectDataInformation 584 } OBJECT_INFORMATION_CLASS, 585 *POBJECT_INFORMATION_CLASS; 586 587 typedef struct _OBJDIR_INFORMATION { 588 UNICODE_STRING ObjectName; 589 UNICODE_STRING ObjectTypeName; 590 BYTE Data[1]; 591 } OBJDIR_INFORMATION; 592 593 typedef struct _PUBLIC_OBJECT_BASIC_INFORMATION { 594 ULONG Attributes; 595 ACCESS_MASK GrantedAccess; 596 ULONG HandleCount; 597 ULONG PointerCount; 598 ULONG Reserved[10]; // reserved for internal use 599 } PUBLIC_OBJECT_BASIC_INFORMATION, *PPUBLIC_OBJECT_BASIC_INFORMATION; 600 601 typedef struct __PUBLIC_OBJECT_TYPE_INFORMATION { 602 UNICODE_STRING TypeName; 603 ULONG Reserved[22]; // reserved for internal use 604 } PUBLIC_OBJECT_TYPE_INFORMATION, *PPUBLIC_OBJECT_TYPE_INFORMATION; 605 606 typedef enum _POOL_TYPE { 607 NonPagedPool, 608 PagedPool, 609 NonPagedPoolMustSucceed, 610 ReservedType, 611 NonPagedPoolCacheAligned, 612 PagedPoolCacheAligned, 613 NonPagedPoolCacheAlignedMustS 614 } POOL_TYPE; 615 616 typedef struct _OBJECT_BASIC_INFORMATION { 617 ULONG Attributes; 618 ACCESS_MASK GrantedAccess; 619 ULONG HandleCount; 620 ULONG PointerCount; 621 ULONG PagedPoolUsage; 622 ULONG NonPagedPoolUsage; 623 ULONG Reserved[3]; 624 ULONG NameInformationLength; 625 ULONG TypeInformationLength; 626 ULONG SecurityDescriptorLength; 627 LARGE_INTEGER CreateTime; 628 } OBJECT_BASIC_INFORMATION, *POBJECT_BASIC_INFORMATION; 629 630 typedef struct _OBJECT_TYPE_INFORMATION { 631 UNICODE_STRING Name; 632 ULONG TotalNumberOfObjects; 633 ULONG TotalNumberOfHandles; 634 ULONG TotalPagedPoolUsage; 635 ULONG TotalNonPagedPoolUsage; 636 ULONG TotalNamePoolUsage; 637 ULONG TotalHandleTableUsage; 638 ULONG HighWaterNumberOfObjects; 639 ULONG HighWaterNumberOfHandles; 640 ULONG HighWaterPagedPoolUsage; 641 ULONG HighWaterNonPagedPoolUsage; 642 ULONG HighWaterNamePoolUsage; 643 ULONG HighWaterHandleTableUsage; 644 ULONG InvalidAttributes; 645 GENERIC_MAPPING GenericMapping; 646 ULONG ValidAccess; 647 BOOLEAN SecurityRequired; 648 BOOLEAN MaintainHandleCount; 649 USHORT MaintainTypeList; 650 POOL_TYPE PoolType; 651 ULONG PagedPoolUsage; 652 ULONG NonPagedPoolUsage; 653 } OBJECT_TYPE_INFORMATION, *POBJECT_TYPE_INFORMATION; 654 655 typedef enum _SYSTEM_INFORMATION_CLASS { 656 SystemHandleInformation = 16 657 } SYSTEM_INFORMATION_CLASS; 658 659 typedef struct _SYSTEM_HANDLE_INFORMATION { 660 USHORT ProcessId; 661 USHORT CreatorBackTraceIndex; 662 UCHAR ObjectTypeNumber; 663 UCHAR Flags; 664 USHORT Handle; 665 PVOID Object; 666 ACCESS_MASK GrantedAccess; 667 } SYSTEM_HANDLE_INFORMATION, *PSYSTEM_HANDLE_INFORMATION; 668 669 typedef struct _SYSTEM_HANDLE_INFORMATION_EX { 670 ULONG NumberOfHandles; 671 SYSTEM_HANDLE_INFORMATION Information[1]; 672 } SYSTEM_HANDLE_INFORMATION_EX, *PSYSTEM_HANDLE_INFORMATION_EX; 673 674 typedef struct _OBJECT_NAME_INFORMATION { 675 UNICODE_STRING ObjectName; 676 } OBJECT_NAME_INFORMATION, *POBJECT_NAME_INFORMATION; 677 678 typedef NTSTATUS(WINAPI* NtQueryObjectFunction)( 679 IN HANDLE Handle, 680 IN OBJECT_INFORMATION_CLASS ObjectInformationClass, 681 OUT PVOID ObjectInformation OPTIONAL, 682 IN ULONG ObjectInformationLength, 683 OUT PULONG ReturnLength OPTIONAL); 684 685 typedef NTSTATUS(WINAPI* NtDuplicateObjectFunction)(IN HANDLE SourceProcess, 686 IN HANDLE SourceHandle, 687 IN HANDLE TargetProcess, 688 OUT PHANDLE TargetHandle, 689 IN ACCESS_MASK 690 DesiredAccess, 691 IN ULONG Attributes, 692 IN ULONG Options); 693 694 typedef NTSTATUS(WINAPI* NtSignalAndWaitForSingleObjectFunction)( 695 IN HANDLE HandleToSignal, 696 IN HANDLE HandleToWait, 697 IN BOOLEAN Alertable, 698 IN PLARGE_INTEGER Timeout OPTIONAL); 699 700 typedef NTSTATUS(WINAPI* NtQuerySystemInformation)( 701 IN SYSTEM_INFORMATION_CLASS SystemInformationClass, 702 OUT PVOID SystemInformation, 703 IN ULONG SystemInformationLength, 704 OUT PULONG ReturnLength); 705 706 typedef NTSTATUS(WINAPI* NtQueryObject)(IN HANDLE Handle, 707 IN OBJECT_INFORMATION_CLASS 708 ObjectInformationClass, 709 OUT PVOID ObjectInformation, 710 IN ULONG ObjectInformationLength, 711 OUT PULONG ReturnLength); 712 713 // ----------------------------------------------------------------------- 714 // Strings 715 716 typedef int(__cdecl* _strnicmpFunction)(IN const char* _Str1, 717 IN const char* _Str2, 718 IN size_t _MaxCount); 719 720 typedef size_t(__cdecl* strlenFunction)(IN const char* _Str); 721 722 typedef size_t(__cdecl* wcslenFunction)(IN const wchar_t* _Str); 723 724 typedef void*(__cdecl* memcpyFunction)(IN void* dest, 725 IN const void* src, 726 IN size_t count); 727 728 typedef NTSTATUS(WINAPI* RtlAnsiStringToUnicodeStringFunction)( 729 IN OUT PUNICODE_STRING DestinationString, 730 IN PANSI_STRING SourceString, 731 IN BOOLEAN AllocateDestinationString); 732 733 typedef LONG(WINAPI* RtlCompareUnicodeStringFunction)( 734 IN PCUNICODE_STRING String1, 735 IN PCUNICODE_STRING String2, 736 IN BOOLEAN CaseInSensitive); 737 738 typedef VOID(WINAPI* RtlInitUnicodeStringFunction)(IN OUT PUNICODE_STRING 739 DestinationString, 740 IN PCWSTR SourceString); 741 742 typedef ULONG(WINAPI* RtlNtStatusToDosErrorFunction)(NTSTATUS status); 743 744 typedef enum _EVENT_TYPE { 745 NotificationEvent, 746 SynchronizationEvent 747 } EVENT_TYPE, 748 *PEVENT_TYPE; 749 750 typedef NTSTATUS(WINAPI* NtCreateDirectoryObjectFunction)( 751 PHANDLE DirectoryHandle, 752 ACCESS_MASK DesiredAccess, 753 POBJECT_ATTRIBUTES ObjectAttributes); 754 755 typedef NTSTATUS(WINAPI* NtOpenDirectoryObjectFunction)( 756 PHANDLE DirectoryHandle, 757 ACCESS_MASK DesiredAccess, 758 POBJECT_ATTRIBUTES ObjectAttributes); 759 760 typedef NTSTATUS(WINAPI* NtQuerySymbolicLinkObjectFunction)( 761 HANDLE LinkHandle, 762 PUNICODE_STRING LinkTarget, 763 PULONG ReturnedLength); 764 765 typedef NTSTATUS(WINAPI* NtOpenSymbolicLinkObjectFunction)( 766 PHANDLE LinkHandle, 767 ACCESS_MASK DesiredAccess, 768 POBJECT_ATTRIBUTES ObjectAttributes); 769 770 #define DIRECTORY_QUERY 0x0001 771 #define DIRECTORY_TRAVERSE 0x0002 772 #define DIRECTORY_CREATE_OBJECT 0x0004 773 #define DIRECTORY_CREATE_SUBDIRECTORY 0x0008 774 #define DIRECTORY_ALL_ACCESS 0x000F 775 776 typedef NTSTATUS(WINAPI* NtCreateLowBoxToken)( 777 OUT PHANDLE token, 778 IN HANDLE original_handle, 779 IN ACCESS_MASK access, 780 IN POBJECT_ATTRIBUTES object_attribute, 781 IN PSID appcontainer_sid, 782 IN DWORD capabilityCount, 783 IN PSID_AND_ATTRIBUTES capabilities, 784 IN DWORD handle_count, 785 IN PHANDLE handles); 786 787 typedef NTSTATUS(WINAPI* NtSetInformationProcess)(IN HANDLE process_handle, 788 IN ULONG info_class, 789 IN PVOID process_information, 790 IN ULONG information_length); 791 792 struct PROCESS_ACCESS_TOKEN { 793 HANDLE token; 794 HANDLE thread; 795 }; 796 797 const unsigned int NtProcessInformationAccessToken = 9; 798 799 typedef NTSTATUS(WINAPI* RtlDeriveCapabilitySidsFromNameFunction)( 800 PCUNICODE_STRING SourceString, 801 PSID CapabilityGroupSid, 802 PSID CapabilitySid); 803 804 // ----------------------------------------------------------------------- 805 // GDI OPM API and Supported Calls 806 807 #define DXGKMDT_OPM_OMAC_SIZE 16 808 #define DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE 16 809 #define DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE 256 810 #define DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE 4056 811 #define DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE 4056 812 #define DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE 4076 813 #define DXGKMDT_OPM_HDCP_KEY_SELECTION_VECTOR_SIZE 5 814 #define DXGKMDT_OPM_PROTECTION_TYPE_SIZE 4 815 816 enum DXGKMDT_CERTIFICATE_TYPE { 817 DXGKMDT_OPM_CERTIFICATE = 0, 818 DXGKMDT_COPP_CERTIFICATE = 1, 819 DXGKMDT_UAB_CERTIFICATE = 2, 820 DXGKMDT_FORCE_ULONG = 0xFFFFFFFF 821 }; 822 823 enum DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS { 824 DXGKMDT_OPM_VOS_COPP_SEMANTICS = 0, 825 DXGKMDT_OPM_VOS_OPM_SEMANTICS = 1 826 }; 827 828 enum DXGKMDT_DPCP_PROTECTION_LEVEL { 829 DXGKMDT_OPM_DPCP_OFF = 0, 830 DXGKMDT_OPM_DPCP_ON = 1, 831 DXGKMDT_OPM_DPCP_FORCE_ULONG = 0x7fffffff 832 }; 833 834 enum DXGKMDT_OPM_HDCP_PROTECTION_LEVEL { 835 DXGKMDT_OPM_HDCP_OFF = 0, 836 DXGKMDT_OPM_HDCP_ON = 1, 837 DXGKMDT_OPM_HDCP_FORCE_ULONG = 0x7fffffff 838 }; 839 840 enum DXGKMDT_OPM_HDCP_FLAG { 841 DXGKMDT_OPM_HDCP_FLAG_NONE = 0x00, 842 DXGKMDT_OPM_HDCP_FLAG_REPEATER = 0x01 843 }; 844 845 enum DXGKMDT_OPM_PROTECTION_TYPE { 846 DXGKMDT_OPM_PROTECTION_TYPE_OTHER = 0x80000000, 847 DXGKMDT_OPM_PROTECTION_TYPE_NONE = 0x00000000, 848 DXGKMDT_OPM_PROTECTION_TYPE_COPP_COMPATIBLE_HDCP = 0x00000001, 849 DXGKMDT_OPM_PROTECTION_TYPE_ACP = 0x00000002, 850 DXGKMDT_OPM_PROTECTION_TYPE_CGMSA = 0x00000004, 851 DXGKMDT_OPM_PROTECTION_TYPE_HDCP = 0x00000008, 852 DXGKMDT_OPM_PROTECTION_TYPE_DPCP = 0x00000010, 853 DXGKMDT_OPM_PROTECTION_TYPE_MASK = 0x8000001F 854 }; 855 856 typedef void* OPM_PROTECTED_OUTPUT_HANDLE; 857 858 struct DXGKMDT_OPM_ENCRYPTED_PARAMETERS { 859 BYTE abEncryptedParameters[DXGKMDT_OPM_ENCRYPTED_PARAMETERS_SIZE]; 860 }; 861 862 struct DXGKMDT_OPM_OMAC { 863 BYTE abOMAC[DXGKMDT_OPM_OMAC_SIZE]; 864 }; 865 866 struct DXGKMDT_OPM_CONFIGURE_PARAMETERS { 867 DXGKMDT_OPM_OMAC omac; 868 GUID guidSetting; 869 ULONG ulSequenceNumber; 870 ULONG cbParametersSize; 871 BYTE abParameters[DXGKMDT_OPM_CONFIGURE_SETTING_DATA_SIZE]; 872 }; 873 874 struct DXGKMDT_OPM_RANDOM_NUMBER { 875 BYTE abRandomNumber[DXGKMDT_OPM_128_BIT_RANDOM_NUMBER_SIZE]; 876 }; 877 878 struct DXGKMDT_OPM_GET_INFO_PARAMETERS { 879 DXGKMDT_OPM_OMAC omac; 880 DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber; 881 GUID guidInformation; 882 ULONG ulSequenceNumber; 883 ULONG cbParametersSize; 884 BYTE abParameters[DXGKMDT_OPM_GET_INFORMATION_PARAMETERS_SIZE]; 885 }; 886 887 struct DXGKMDT_OPM_REQUESTED_INFORMATION { 888 DXGKMDT_OPM_OMAC omac; 889 ULONG cbRequestedInformationSize; 890 BYTE abRequestedInformation[DXGKMDT_OPM_REQUESTED_INFORMATION_SIZE]; 891 }; 892 893 struct DXGKMDT_OPM_SET_PROTECTION_LEVEL_PARAMETERS { 894 ULONG ulProtectionType; 895 ULONG ulProtectionLevel; 896 ULONG Reserved; 897 ULONG Reserved2; 898 }; 899 900 struct DXGKMDT_OPM_STANDARD_INFORMATION { 901 DXGKMDT_OPM_RANDOM_NUMBER rnRandomNumber; 902 ULONG ulStatusFlags; 903 ULONG ulInformation; 904 ULONG ulReserved; 905 ULONG ulReserved2; 906 }; 907 908 typedef NTSTATUS(WINAPI* GetSuggestedOPMProtectedOutputArraySizeFunction)( 909 PUNICODE_STRING device_name, 910 DWORD* suggested_output_array_size); 911 912 typedef NTSTATUS(WINAPI* CreateOPMProtectedOutputsFunction)( 913 PUNICODE_STRING device_name, 914 DXGKMDT_OPM_VIDEO_OUTPUT_SEMANTICS vos, 915 DWORD output_array_size, 916 DWORD* num_in_output_array, 917 OPM_PROTECTED_OUTPUT_HANDLE* output_array); 918 919 typedef NTSTATUS(WINAPI* GetCertificateFunction)( 920 PUNICODE_STRING device_name, 921 DXGKMDT_CERTIFICATE_TYPE certificate_type, 922 BYTE* certificate, 923 ULONG certificate_length); 924 925 typedef NTSTATUS(WINAPI* GetCertificateSizeFunction)( 926 PUNICODE_STRING device_name, 927 DXGKMDT_CERTIFICATE_TYPE certificate_type, 928 ULONG* certificate_length); 929 930 typedef NTSTATUS(WINAPI* GetCertificateByHandleFunction)( 931 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 932 DXGKMDT_CERTIFICATE_TYPE certificate_type, 933 BYTE* certificate, 934 ULONG certificate_length); 935 936 typedef NTSTATUS(WINAPI* GetCertificateSizeByHandleFunction)( 937 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 938 DXGKMDT_CERTIFICATE_TYPE certificate_type, 939 ULONG* certificate_length); 940 941 typedef NTSTATUS(WINAPI* DestroyOPMProtectedOutputFunction)( 942 OPM_PROTECTED_OUTPUT_HANDLE protected_output); 943 944 typedef NTSTATUS(WINAPI* ConfigureOPMProtectedOutputFunction)( 945 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 946 const DXGKMDT_OPM_CONFIGURE_PARAMETERS* parameters, 947 ULONG additional_parameters_size, 948 const BYTE* additional_parameters); 949 950 typedef NTSTATUS(WINAPI* GetOPMInformationFunction)( 951 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 952 const DXGKMDT_OPM_GET_INFO_PARAMETERS* parameters, 953 DXGKMDT_OPM_REQUESTED_INFORMATION* requested_information); 954 955 typedef NTSTATUS(WINAPI* GetOPMRandomNumberFunction)( 956 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 957 DXGKMDT_OPM_RANDOM_NUMBER* random_number); 958 959 typedef NTSTATUS(WINAPI* SetOPMSigningKeyAndSequenceNumbersFunction)( 960 OPM_PROTECTED_OUTPUT_HANDLE protected_output, 961 const DXGKMDT_OPM_ENCRYPTED_PARAMETERS* parameters); 962 963 #endif // SANDBOX_WIN_SRC_NT_INTERNALS_H__ 964