1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 rtltypes.h 8 9 Abstract: 10 11 Type definitions for the Run-Time Library 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _RTLTYPES_H 20 #define _RTLTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <mmtypes.h> 27 #include <ldrtypes.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 // 34 // Maximum Atom Length 35 // 36 #define RTL_MAXIMUM_ATOM_LENGTH 255 37 38 // 39 // Process Parameters Flags 40 // 41 #define RTL_USER_PROCESS_PARAMETERS_NORMALIZED 0x01 42 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_USER 0x02 43 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_KERNEL 0x04 44 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_SERVER 0x08 45 #define RTL_USER_PROCESS_PARAMETERS_UNKNOWN 0x10 46 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB 0x20 47 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_16MB 0x40 48 #define RTL_USER_PROCESS_PARAMETERS_CASE_SENSITIVE 0x80 49 #define RTL_USER_PROCESS_PARAMETERS_DISABLE_HEAP_CHECKS 0x100 50 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_1 0x200 51 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_2 0x400 52 #define RTL_USER_PROCESS_PARAMETERS_PRIVATE_DLL_PATH 0x1000 53 #define RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH 0x2000 54 #define RTL_USER_PROCESS_PARAMETERS_IMAGE_KEY_MISSING 0x4000 55 #define RTL_USER_PROCESS_PARAMETERS_NX 0x20000 56 57 #define RTL_MAX_DRIVE_LETTERS 32 58 #define RTL_DRIVE_LETTER_VALID (USHORT)0x0001 59 60 // 61 // End of Exception List 62 // 63 #define EXCEPTION_CHAIN_END ((PEXCEPTION_REGISTRATION_RECORD)-1) 64 65 // 66 // Thread Error Mode Flags 67 // 68 /* Also defined in psdk/winbase.h */ 69 #define SEM_FAILCRITICALERRORS 0x0001 70 #define SEM_NOGPFAULTERRORBOX 0x0002 71 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 72 #define SEM_NOOPENFILEERRORBOX 0x8000 73 74 #define RTL_SEM_FAILCRITICALERRORS (SEM_FAILCRITICALERRORS << 4) 75 #define RTL_SEM_NOGPFAULTERRORBOX (SEM_NOGPFAULTERRORBOX << 4) 76 #define RTL_SEM_NOALIGNMENTFAULTEXCEPT (SEM_NOALIGNMENTFAULTEXCEPT << 4) 77 78 // 79 // Range and Range List Flags 80 // 81 #define RTL_RANGE_LIST_ADD_IF_CONFLICT 0x00000001 82 #define RTL_RANGE_LIST_ADD_SHARED 0x00000002 83 84 #define RTL_RANGE_SHARED 0x01 85 #define RTL_RANGE_CONFLICT 0x02 86 87 // 88 // Flags in RTL_ACTIVATION_CONTEXT_STACK_FRAME (from Checked NTDLL) 89 // 90 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION 0x01 91 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE 0x02 92 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST 0x04 93 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED 0x08 94 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NOT_REALLY_ACTIVATED 0x10 95 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ACTIVATED 0x20 96 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_DEACTIVATED 0x40 97 98 // 99 // Activation Context Frame Flags (from Checked NTDLL) 100 // 101 #define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER 0x01 102 103 // 104 // RtlActivateActivationContextEx Flags (from Checked NTDLL) 105 // 106 #define RTL_ACTIVATE_ACTIVATION_CONTEXT_EX_FLAG_RELEASE_ON_STACK_DEALLOCATION 0x01 107 108 // 109 // RtlDeactivateActivationContext Flags (based on Win32 flag and name of above) 110 // 111 #define RTL_DEACTIVATE_ACTIVATION_CONTEXT_FLAG_FORCE_EARLY_DEACTIVATION 0x01 112 113 // 114 // RtlQueryActivationContext Flags (based on Win32 flag and name of above) 115 // 116 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT 0x01 117 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_IS_HMODULE 0x02 118 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_IS_ADDRESS 0x04 119 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_NO_ADDREF 0x80000000 120 121 // 122 // Public Heap Flags 123 // 124 #if !defined(NTOS_MODE_USER) && !defined(_NTIFS_) 125 #define HEAP_NO_SERIALIZE 0x00000001 126 #define HEAP_GROWABLE 0x00000002 127 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 128 #define HEAP_ZERO_MEMORY 0x00000008 129 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 130 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 131 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 132 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 133 #define HEAP_CREATE_ALIGN_16 0x00010000 134 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 135 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 136 #endif 137 138 // 139 // User-Defined Heap Flags and Classes 140 // 141 #define HEAP_SETTABLE_USER_VALUE 0x00000100 142 #define HEAP_SETTABLE_USER_FLAG1 0x00000200 143 #define HEAP_SETTABLE_USER_FLAG2 0x00000400 144 #define HEAP_SETTABLE_USER_FLAG3 0x00000800 145 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 146 #define HEAP_CLASS_0 0x00000000 147 #define HEAP_CLASS_1 0x00001000 148 #define HEAP_CLASS_2 0x00002000 149 #define HEAP_CLASS_3 0x00003000 150 #define HEAP_CLASS_4 0x00004000 151 #define HEAP_CLASS_5 0x00005000 152 #define HEAP_CLASS_6 0x00006000 153 #define HEAP_CLASS_7 0x00007000 154 #define HEAP_CLASS_8 0x00008000 155 #define HEAP_CLASS_MASK 0x0000F000 156 157 // 158 // Internal HEAP Structure Flags 159 // 160 #define HEAP_FLAG_PAGE_ALLOCS 0x01000000 161 #define HEAP_PROTECTION_ENABLED 0x02000000 162 #define HEAP_BREAK_WHEN_OUT_OF_VM 0x04000000 163 #define HEAP_NO_ALIGNMENT 0x08000000 164 #define HEAP_CAPTURE_STACK_BACKTRACES 0x08000000 165 #define HEAP_SKIP_VALIDATION_CHECKS 0x10000000 166 #define HEAP_VALIDATE_ALL_ENABLED 0x20000000 167 #define HEAP_VALIDATE_PARAMETERS_ENABLED 0x40000000 168 #define HEAP_LOCK_USER_ALLOCATED 0x80000000 169 170 // 171 // Heap Validation Flags 172 // 173 #define HEAP_CREATE_VALID_MASK \ 174 (HEAP_NO_SERIALIZE | \ 175 HEAP_GROWABLE | \ 176 HEAP_GENERATE_EXCEPTIONS | \ 177 HEAP_ZERO_MEMORY | \ 178 HEAP_REALLOC_IN_PLACE_ONLY | \ 179 HEAP_TAIL_CHECKING_ENABLED | \ 180 HEAP_FREE_CHECKING_ENABLED | \ 181 HEAP_DISABLE_COALESCE_ON_FREE | \ 182 HEAP_CLASS_MASK | \ 183 HEAP_CREATE_ALIGN_16 | \ 184 HEAP_CREATE_ENABLE_TRACING | \ 185 HEAP_CREATE_ENABLE_EXECUTE) 186 #ifdef C_ASSERT 187 C_ASSERT(HEAP_CREATE_VALID_MASK == 0x0007F0FF); 188 #endif 189 190 // 191 // Native image architecture 192 // 193 #if defined(_M_IX86) 194 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_I386 195 #elif defined(_M_ARM) 196 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_ARM 197 #elif defined(_M_AMD64) 198 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_AMD64 199 #elif defined(_M_ARM64) 200 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_ARM64 201 #else 202 #error Define these please! 203 #endif 204 205 // 206 // Registry Keys 207 // 208 #define RTL_REGISTRY_ABSOLUTE 0 209 #define RTL_REGISTRY_SERVICES 1 210 #define RTL_REGISTRY_CONTROL 2 211 #define RTL_REGISTRY_WINDOWS_NT 3 212 #define RTL_REGISTRY_DEVICEMAP 4 213 #define RTL_REGISTRY_USER 5 214 #define RTL_REGISTRY_MAXIMUM 6 215 #define RTL_REGISTRY_HANDLE 0x40000000 216 #define RTL_REGISTRY_OPTIONAL 0x80000000 217 #define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 218 #define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 219 #define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 220 #define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 221 #define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 222 #define RTL_QUERY_REGISTRY_DIRECT 0x00000020 223 #define RTL_QUERY_REGISTRY_DELETE 0x00000040 224 225 // 226 // Versioning 227 // 228 #define VER_MINORVERSION 0x0000001 229 #define VER_MAJORVERSION 0x0000002 230 #define VER_BUILDNUMBER 0x0000004 231 #define VER_PLATFORMID 0x0000008 232 #define VER_SERVICEPACKMINOR 0x0000010 233 #define VER_SERVICEPACKMAJOR 0x0000020 234 #define VER_SUITENAME 0x0000040 235 #define VER_PRODUCT_TYPE 0x0000080 236 #define VER_PLATFORM_WIN32s 0 237 #define VER_PLATFORM_WIN32_WINDOWS 1 238 #define VER_PLATFORM_WIN32_NT 2 239 #define VER_EQUAL 1 240 #define VER_GREATER 2 241 #define VER_GREATER_EQUAL 3 242 #define VER_LESS 4 243 #define VER_LESS_EQUAL 5 244 #define VER_AND 6 245 #define VER_OR 7 246 #define VER_CONDITION_MASK 7 247 #define VER_NUM_BITS_PER_CONDITION_MASK 3 248 249 // 250 // Timezone IDs 251 // 252 #define TIME_ZONE_ID_UNKNOWN 0 253 #define TIME_ZONE_ID_STANDARD 1 254 #define TIME_ZONE_ID_DAYLIGHT 2 255 256 // 257 // Maximum Path Length 258 // 259 #define MAX_PATH 260 260 261 // 262 // RTL Lock Type (Critical Section or Resource) 263 // 264 #define RTL_CRITSECT_TYPE 0 265 #define RTL_RESOURCE_TYPE 1 266 267 // 268 // RtlAcquirePrivileges Flags 269 // 270 #define RTL_ACQUIRE_PRIVILEGE_IMPERSONATE 1 271 #define RTL_ACQUIRE_PRIVILEGE_PROCESS 2 272 273 #ifdef NTOS_MODE_USER 274 275 // 276 // String Hash Algorithms 277 // 278 #define HASH_STRING_ALGORITHM_DEFAULT 0 279 #define HASH_STRING_ALGORITHM_X65599 1 280 #define HASH_STRING_ALGORITHM_INVALID 0xffffffff 281 282 // 283 // RtlDuplicateString Flags 284 // 285 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 286 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 287 288 // 289 // RtlFindCharInUnicodeString Flags 290 // 291 #define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END 1 292 #define RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET 2 293 #define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 4 294 295 // 296 // RtlDosApplyFileIsolationRedirection_Ustr Flags 297 // 298 #define RTL_DOS_APPLY_FILE_REDIRECTION_USTR_FLAG_RESPECT_DOT_LOCAL 0x01 299 300 // 301 // Codepages 302 // 303 #define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag 304 #define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag 305 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 306 307 // 308 // Activation Contexts 309 // 310 #define INVALID_ACTIVATION_CONTEXT ((PVOID)(LONG_PTR)-1) 311 312 // 313 // C++ CONST casting 314 // 315 #if defined(__cplusplus) 316 #define RTL_CONST_CAST(type) const_cast<type> 317 #else 318 #define RTL_CONST_CAST(type) (type) 319 #endif 320 321 // 322 // Constant String Macro 323 // 324 #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ 325 { \ 326 sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ 327 sizeof(__SOURCE_STRING__), \ 328 (__SOURCE_STRING__) \ 329 } 330 331 // 332 // Constant Object Attributes Macro 333 // 334 #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) \ 335 { \ 336 sizeof(OBJECT_ATTRIBUTES), \ 337 NULL, \ 338 RTL_CONST_CAST(PUNICODE_STRING)(n), \ 339 a, \ 340 NULL, \ 341 NULL \ 342 } 343 344 #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) \ 345 RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) 346 347 #else /* NTOS_MODE_USER */ 348 // 349 // Message Resource Flag 350 // 351 #define MESSAGE_RESOURCE_UNICODE 0x0001 352 353 #endif /* !NTOS_MODE_USER */ 354 355 // 356 // RtlImageNtHeaderEx Flags 357 // 358 #define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK 0x00000001 359 360 361 #define MAXIMUM_LEADBYTES 12 362 363 // 364 // RTL Debug Queries 365 // 366 #define RTL_DEBUG_QUERY_MODULES 0x01 367 #define RTL_DEBUG_QUERY_BACKTRACES 0x02 368 #define RTL_DEBUG_QUERY_HEAPS 0x04 369 #define RTL_DEBUG_QUERY_HEAP_TAGS 0x08 370 #define RTL_DEBUG_QUERY_HEAP_BLOCKS 0x10 371 #define RTL_DEBUG_QUERY_LOCKS 0x20 372 373 // 374 // RTL Handle Flags 375 // 376 #define RTL_HANDLE_VALID 0x1 377 378 // 379 // RTL Atom Flags 380 // 381 #define RTL_ATOM_IS_PINNED 0x1 382 383 // 384 // Critical section lock bits 385 // 386 #define CS_LOCK_BIT 0x1 387 #define CS_LOCK_BIT_V 0x0 388 #define CS_LOCK_WAITER_WOKEN 0x2 389 #define CS_LOCK_WAITER_INC 0x4 390 391 // 392 // Codepage Tags 393 // 394 #ifdef NTOS_MODE_USER 395 extern BOOLEAN NTSYSAPI NLS_MB_CODE_PAGE_TAG; 396 extern BOOLEAN NTSYSAPI NLS_MB_OEM_CODE_PAGE_TAG; 397 398 // 399 // Constant String Macro 400 // 401 #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ 402 { \ 403 sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ 404 sizeof(__SOURCE_STRING__), \ 405 (__SOURCE_STRING__) \ 406 } 407 408 #endif /* NTOS_MODE_USER */ 409 410 // 411 // Constant Large Integer Macro 412 // 413 #ifdef NONAMELESSUNION 414 C_ASSERT(FIELD_OFFSET(LARGE_INTEGER, u.LowPart) == 0); 415 #else 416 C_ASSERT(FIELD_OFFSET(LARGE_INTEGER, LowPart) == 0); 417 #endif 418 #define RTL_CONSTANT_LARGE_INTEGER(quad_part) { { (quad_part), (quad_part)>>32 } } 419 #define RTL_MAKE_LARGE_INTEGER(low_part, high_part) { { (low_part), (high_part) } } 420 421 // 422 // Boot Status Data Field Types 423 // 424 typedef enum _RTL_BSD_ITEM_TYPE 425 { 426 RtlBsdItemVersionNumber, 427 RtlBsdItemProductType, 428 RtlBsdItemAabEnabled, 429 RtlBsdItemAabTimeout, 430 RtlBsdItemBootGood, 431 RtlBsdItemBootShutdown, 432 RtlBsdSleepInProgress, 433 RtlBsdPowerTransition, 434 RtlBsdItemBootAttemptCount, 435 RtlBsdItemBootCheckpoint, 436 RtlBsdItemBootId, 437 RtlBsdItemShutdownBootId, 438 RtlBsdItemReportedAbnormalShutdownBootId, 439 RtlBsdItemErrorInfo, 440 RtlBsdItemPowerButtonPressInfo, 441 RtlBsdItemChecksum, 442 RtlBsdItemMax 443 } RTL_BSD_ITEM_TYPE, *PRTL_BSD_ITEM_TYPE; 444 445 #ifdef NTOS_MODE_USER 446 // 447 // Table and Compare result types 448 // 449 typedef enum _TABLE_SEARCH_RESULT 450 { 451 TableEmptyTree, 452 TableFoundNode, 453 TableInsertAsLeft, 454 TableInsertAsRight 455 } TABLE_SEARCH_RESULT; 456 457 typedef enum _RTL_GENERIC_COMPARE_RESULTS 458 { 459 GenericLessThan, 460 GenericGreaterThan, 461 GenericEqual 462 } RTL_GENERIC_COMPARE_RESULTS; 463 464 #endif /* NTOS_MODE_USER */ 465 466 // 467 // RTL Path Types 468 // 469 typedef enum _RTL_PATH_TYPE 470 { 471 RtlPathTypeUnknown, 472 RtlPathTypeUncAbsolute, 473 RtlPathTypeDriveAbsolute, 474 RtlPathTypeDriveRelative, 475 RtlPathTypeRooted, 476 RtlPathTypeRelative, 477 RtlPathTypeLocalDevice, 478 RtlPathTypeRootLocalDevice, 479 } RTL_PATH_TYPE; 480 481 #ifndef NTOS_MODE_USER 482 483 // 484 // Heap Information Class 485 // 486 typedef enum _HEAP_INFORMATION_CLASS 487 { 488 HeapCompatibilityInformation, 489 HeapEnableTerminationOnCorruption 490 } HEAP_INFORMATION_CLASS; 491 492 // 493 // Callback function for RTL Timers or Registered Waits 494 // 495 typedef VOID 496 (NTAPI *WAITORTIMERCALLBACKFUNC)( 497 PVOID pvContext, 498 BOOLEAN fTimerOrWaitFired 499 ); 500 501 // 502 // Handler during Vectored RTL Exceptions 503 // 504 typedef LONG 505 (NTAPI *PVECTORED_EXCEPTION_HANDLER)( 506 PEXCEPTION_POINTERS ExceptionPointers 507 ); 508 509 // 510 // Worker Thread Callback for Rtl 511 // 512 typedef VOID 513 (NTAPI *WORKERCALLBACKFUNC)( 514 _In_ PVOID Context 515 ); 516 517 #else /* !NTOS_MODE_USER */ 518 519 // 520 // RTL Library Allocation/Free Routines 521 // 522 typedef PVOID 523 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( 524 SIZE_T NumberOfBytes 525 ); 526 527 typedef PVOID 528 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( 529 SIZE_T NumberOfBytes, 530 PVOID Buffer 531 ); 532 533 typedef 534 VOID 535 (NTAPI *PRTL_FREE_STRING_ROUTINE)( 536 PVOID Buffer 537 ); 538 539 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; 540 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; 541 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; 542 543 #endif /* NTOS_MODE_USER */ 544 545 // 546 // Unhandled Exception Filter 547 // 548 typedef ULONG 549 (NTAPI *RTLP_UNHANDLED_EXCEPTION_FILTER)( 550 _In_ struct _EXCEPTION_POINTERS *ExceptionInfo 551 ); 552 typedef RTLP_UNHANDLED_EXCEPTION_FILTER *PRTLP_UNHANDLED_EXCEPTION_FILTER; 553 554 // 555 // Callback for RTL Heap Enumeration 556 // 557 typedef NTSTATUS 558 (NTAPI *PHEAP_ENUMERATION_ROUTINE)( 559 _In_ PVOID HeapHandle, 560 _In_ PVOID UserParam 561 ); 562 563 // 564 // Thread and Process Start Routines for RtlCreateUserThread/Process 565 // 566 typedef ULONG (NTAPI *PTHREAD_START_ROUTINE)( 567 PVOID Parameter 568 ); 569 570 typedef VOID 571 (NTAPI *PRTL_BASE_PROCESS_START_ROUTINE)( 572 PTHREAD_START_ROUTINE StartAddress, 573 PVOID Parameter 574 ); 575 576 // 577 // Worker Start/Exit Function 578 // 579 typedef NTSTATUS 580 (NTAPI *PRTL_START_POOL_THREAD)( 581 _In_ PTHREAD_START_ROUTINE Function, 582 _In_ PVOID Parameter, 583 _Out_ PHANDLE ThreadHandle 584 ); 585 586 typedef NTSTATUS 587 (NTAPI *PRTL_EXIT_POOL_THREAD)( 588 _In_ NTSTATUS ExitStatus 589 ); 590 591 // 592 // Declare empty structure definitions so that they may be referenced by 593 // routines before they are defined 594 // 595 struct _RTL_AVL_TABLE; 596 struct _RTL_GENERIC_TABLE; 597 struct _RTL_RANGE; 598 599 // 600 // Routines and callbacks for the RTL AVL/Generic Table package 601 // 602 #ifdef NTOS_MODE_USER 603 typedef NTSTATUS 604 (NTAPI RTL_AVL_MATCH_FUNCTION)( 605 struct _RTL_AVL_TABLE *Table, 606 PVOID UserData, 607 PVOID MatchData 608 ); 609 typedef RTL_AVL_MATCH_FUNCTION *PRTL_AVL_MATCH_FUNCTION; 610 611 typedef RTL_GENERIC_COMPARE_RESULTS 612 (NTAPI RTL_AVL_COMPARE_ROUTINE) ( 613 struct _RTL_AVL_TABLE *Table, 614 PVOID FirstStruct, 615 PVOID SecondStruct 616 ); 617 typedef RTL_AVL_COMPARE_ROUTINE *PRTL_AVL_COMPARE_ROUTINE; 618 619 typedef RTL_GENERIC_COMPARE_RESULTS 620 (NTAPI RTL_GENERIC_COMPARE_ROUTINE) ( 621 struct _RTL_GENERIC_TABLE *Table, 622 PVOID FirstStruct, 623 PVOID SecondStruct 624 ); 625 typedef RTL_GENERIC_COMPARE_ROUTINE *PRTL_GENERIC_COMPARE_ROUTINE; 626 627 typedef PVOID 628 (NTAPI RTL_GENERIC_ALLOCATE_ROUTINE) ( 629 struct _RTL_GENERIC_TABLE *Table, 630 CLONG ByteSize 631 ); 632 typedef RTL_GENERIC_ALLOCATE_ROUTINE *PRTL_GENERIC_ALLOCATE_ROUTINE; 633 634 typedef PVOID 635 (NTAPI RTL_AVL_ALLOCATE_ROUTINE) ( 636 struct _RTL_AVL_TABLE *Table, 637 CLONG ByteSize 638 ); 639 typedef RTL_AVL_ALLOCATE_ROUTINE *PRTL_AVL_ALLOCATE_ROUTINE; 640 641 typedef VOID 642 (NTAPI RTL_GENERIC_FREE_ROUTINE) ( 643 struct _RTL_GENERIC_TABLE *Table, 644 PVOID Buffer 645 ); 646 typedef RTL_GENERIC_FREE_ROUTINE *PRTL_GENERIC_FREE_ROUTINE; 647 648 typedef VOID 649 (NTAPI RTL_AVL_FREE_ROUTINE) ( 650 struct _RTL_AVL_TABLE *Table, 651 PVOID Buffer 652 ); 653 typedef RTL_AVL_FREE_ROUTINE *PRTL_AVL_FREE_ROUTINE; 654 655 #ifdef RTL_USE_AVL_TABLES 656 #undef RTL_GENERIC_COMPARE_ROUTINE 657 #undef PRTL_GENERIC_COMPARE_ROUTINE 658 #undef RTL_GENERIC_ALLOCATE_ROUTINE 659 #undef PRTL_GENERIC_ALLOCATE_ROUTINE 660 #undef RTL_GENERIC_FREE_ROUTINE 661 #undef PRTL_GENERIC_FREE_ROUTINE 662 663 #define RTL_GENERIC_COMPARE_ROUTINE RTL_AVL_COMPARE_ROUTINE 664 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE 665 #define RTL_GENERIC_ALLOCATE_ROUTINE RTL_AVL_ALLOCATE_ROUTINE 666 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE 667 #define RTL_GENERIC_FREE_ROUTINE RTL_AVL_FREE_ROUTINE 668 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE 669 #endif /* RTL_USE_AVL_TABLES */ 670 671 #endif /* NTOS_MODE_USER */ 672 673 // 674 // RTL Query Registry callback 675 // 676 #ifdef NTOS_MODE_USER 677 typedef NTSTATUS 678 (NTAPI *PRTL_QUERY_REGISTRY_ROUTINE)( 679 _In_ PWSTR ValueName, 680 _In_ ULONG ValueType, 681 _In_ PVOID ValueData, 682 _In_ ULONG ValueLength, 683 _In_ PVOID Context, 684 _In_ PVOID EntryContext 685 ); 686 #endif 687 688 // 689 // RTL Secure Memory callbacks 690 // 691 #ifdef NTOS_MODE_USER 692 typedef NTSTATUS 693 (NTAPI *PRTL_SECURE_MEMORY_CACHE_CALLBACK)( 694 _In_ PVOID Address, 695 _In_ SIZE_T Length 696 ); 697 #endif 698 699 // 700 // RTL Range List callbacks 701 // 702 typedef BOOLEAN 703 (NTAPI *PRTL_CONFLICT_RANGE_CALLBACK)( 704 PVOID Context, 705 struct _RTL_RANGE *Range 706 ); 707 708 // 709 // Custom Heap Commit Routine for RtlCreateHeap 710 // 711 #ifdef NTOS_MODE_USER 712 typedef NTSTATUS 713 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE)( 714 _In_ PVOID Base, 715 _Inout_ PVOID *CommitAddress, 716 _Inout_ PSIZE_T CommitSize 717 ); 718 719 // 720 // Parameters for RtlCreateHeap 721 // 722 typedef struct _RTL_HEAP_PARAMETERS 723 { 724 ULONG Length; 725 SIZE_T SegmentReserve; 726 SIZE_T SegmentCommit; 727 SIZE_T DeCommitFreeBlockThreshold; 728 SIZE_T DeCommitTotalFreeThreshold; 729 SIZE_T MaximumAllocationSize; 730 SIZE_T VirtualMemoryThreshold; 731 SIZE_T InitialCommit; 732 SIZE_T InitialReserve; 733 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; 734 SIZE_T Reserved[2]; 735 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 736 737 // 738 // RTL Bitmap structures 739 // 740 typedef struct _RTL_BITMAP 741 { 742 ULONG SizeOfBitMap; 743 PULONG Buffer; 744 } RTL_BITMAP, *PRTL_BITMAP; 745 746 typedef struct _RTL_BITMAP_RUN 747 { 748 ULONG StartingIndex; 749 ULONG NumberOfBits; 750 } RTL_BITMAP_RUN, *PRTL_BITMAP_RUN; 751 752 // 753 // RtlGenerateXxxName context 754 // 755 typedef struct _GENERATE_NAME_CONTEXT 756 { 757 USHORT Checksum; 758 BOOLEAN CheckSumInserted; 759 UCHAR NameLength; 760 WCHAR NameBuffer[8]; 761 ULONG ExtensionLength; 762 WCHAR ExtensionBuffer[4]; 763 ULONG LastIndexValue; 764 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; 765 766 // 767 // RTL Splay and Balanced Links structures 768 // 769 typedef struct _RTL_SPLAY_LINKS 770 { 771 struct _RTL_SPLAY_LINKS *Parent; 772 struct _RTL_SPLAY_LINKS *LeftChild; 773 struct _RTL_SPLAY_LINKS *RightChild; 774 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; 775 776 typedef struct _RTL_BALANCED_LINKS 777 { 778 struct _RTL_BALANCED_LINKS *Parent; 779 struct _RTL_BALANCED_LINKS *LeftChild; 780 struct _RTL_BALANCED_LINKS *RightChild; 781 CHAR Balance; 782 UCHAR Reserved[3]; 783 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS; 784 785 // 786 // RTL Avl/Generic Tables 787 // 788 #ifndef RTL_USE_AVL_TABLES 789 typedef struct _RTL_GENERIC_TABLE 790 { 791 PRTL_SPLAY_LINKS TableRoot; 792 LIST_ENTRY InsertOrderList; 793 PLIST_ENTRY OrderedPointer; 794 ULONG WhichOrderedElement; 795 ULONG NumberGenericTableElements; 796 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine; 797 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine; 798 PRTL_GENERIC_FREE_ROUTINE FreeRoutine; 799 PVOID TableContext; 800 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE; 801 #endif /* !RTL_USE_AVL_TABLES */ 802 803 typedef struct _RTL_AVL_TABLE 804 { 805 RTL_BALANCED_LINKS BalancedRoot; 806 PVOID OrderedPointer; 807 ULONG WhichOrderedElement; 808 ULONG NumberGenericTableElements; 809 ULONG DepthOfTree; 810 PRTL_BALANCED_LINKS RestartKey; 811 ULONG DeleteCount; 812 PRTL_AVL_COMPARE_ROUTINE CompareRoutine; 813 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine; 814 PRTL_AVL_FREE_ROUTINE FreeRoutine; 815 PVOID TableContext; 816 } RTL_AVL_TABLE, *PRTL_AVL_TABLE; 817 818 #ifdef RTL_USE_AVL_TABLES 819 #undef RTL_GENERIC_TABLE 820 #undef PRTL_GENERIC_TABLE 821 822 #define RTL_GENERIC_TABLE RTL_AVL_TABLE 823 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE 824 #endif /* RTL_USE_AVL_TABLES */ 825 826 // 827 // RTL Compression Buffer 828 // 829 typedef struct _COMPRESSED_DATA_INFO { 830 USHORT CompressionFormatAndEngine; 831 UCHAR CompressionUnitShift; 832 UCHAR ChunkShift; 833 UCHAR ClusterShift; 834 UCHAR Reserved; 835 USHORT NumberOfChunks; 836 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; 837 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; 838 839 // 840 // RtlQueryRegistry Data 841 // 842 typedef struct _RTL_QUERY_REGISTRY_TABLE 843 { 844 PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine; 845 ULONG Flags; 846 PCWSTR Name; 847 PVOID EntryContext; 848 ULONG DefaultType; 849 PVOID DefaultData; 850 ULONG DefaultLength; 851 } RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE; 852 853 // 854 // RTL Unicode Table Structures 855 // 856 typedef struct _UNICODE_PREFIX_TABLE_ENTRY 857 { 858 CSHORT NodeTypeCode; 859 CSHORT NameLength; 860 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; 861 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; 862 RTL_SPLAY_LINKS Links; 863 PUNICODE_STRING Prefix; 864 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; 865 866 typedef struct _UNICODE_PREFIX_TABLE 867 { 868 CSHORT NodeTypeCode; 869 CSHORT NameLength; 870 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; 871 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; 872 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; 873 874 // 875 // Pfx* routines' table structures 876 // 877 typedef struct _PREFIX_TABLE_ENTRY 878 { 879 CSHORT NodeTypeCode; 880 CSHORT NameLength; 881 struct _PREFIX_TABLE_ENTRY *NextPrefixTree; 882 RTL_SPLAY_LINKS Links; 883 PSTRING Prefix; 884 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; 885 886 typedef struct _PREFIX_TABLE 887 { 888 CSHORT NodeTypeCode; 889 CSHORT NameLength; 890 PPREFIX_TABLE_ENTRY NextPrefixTree; 891 } PREFIX_TABLE, *PPREFIX_TABLE; 892 893 // 894 // Time Structure for RTL Time calls 895 // 896 typedef struct _TIME_FIELDS 897 { 898 CSHORT Year; 899 CSHORT Month; 900 CSHORT Day; 901 CSHORT Hour; 902 CSHORT Minute; 903 CSHORT Second; 904 CSHORT Milliseconds; 905 CSHORT Weekday; 906 } TIME_FIELDS, *PTIME_FIELDS; 907 908 // 909 // Activation Context Frame 910 // 911 typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME 912 { 913 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous; 914 PACTIVATION_CONTEXT ActivationContext; 915 ULONG Flags; 916 } RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME; 917 918 typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC 919 { 920 SIZE_T Size; 921 ULONG Format; 922 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 923 } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC; 924 925 typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED 926 { 927 SIZE_T Size; 928 ULONG Format; 929 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 930 PVOID Extra1; 931 PVOID Extra2; 932 PVOID Extra3; 933 PVOID Extra4; 934 } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED; 935 936 typedef RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 937 typedef PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 938 939 typedef struct _RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME 940 { 941 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 942 ULONG_PTR Cookie; 943 PVOID ActivationStackBackTrace[8]; 944 } RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 945 946 typedef struct _ACTIVATION_CONTEXT_DATA 947 { 948 ULONG Magic; 949 ULONG HeaderSize; 950 ULONG FormatVersion; 951 ULONG TotalSize; 952 ULONG DefaultTocOffset; 953 ULONG ExtendedTocOffset; 954 ULONG AssemblyRosterOffset; 955 ULONG Flags; 956 } ACTIVATION_CONTEXT_DATA, *PACTIVATION_CONTEXT_DATA; 957 958 typedef struct _ACTIVATION_CONTEXT_STACK_FRAMELIST 959 { 960 ULONG Magic; 961 ULONG FramesInUse; 962 LIST_ENTRY Links; 963 ULONG Flags; 964 ULONG NotFramesInUse; 965 RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME Frames[32]; 966 } ACTIVATION_CONTEXT_STACK_FRAMELIST, *PACTIVATION_CONTEXT_STACK_FRAMELIST; 967 968 #endif /* NTOS_MODE_USER */ 969 970 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 971 typedef struct _ACTIVATION_CONTEXT_STACK 972 { 973 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame; 974 LIST_ENTRY FrameListCache; 975 ULONG Flags; 976 ULONG NextCookieSequenceNumber; 977 ULONG StackId; 978 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 979 #else 980 typedef struct _ACTIVATION_CONTEXT_STACK 981 { 982 ULONG Flags; 983 ULONG NextCookieSequenceNumber; 984 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame; 985 LIST_ENTRY FrameListCache; 986 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 987 #endif 988 989 // 990 // ACE Structure 991 // 992 typedef struct _ACE 993 { 994 ACE_HEADER Header; 995 ACCESS_MASK AccessMask; 996 } ACE, *PACE; 997 998 // 999 // Information Structures for RTL Debug Functions 1000 // 1001 typedef struct _RTL_PROCESS_MODULE_INFORMATION 1002 { 1003 ULONG Section; 1004 PVOID MappedBase; 1005 PVOID ImageBase; 1006 ULONG ImageSize; 1007 ULONG Flags; 1008 USHORT LoadOrderIndex; 1009 USHORT InitOrderIndex; 1010 USHORT LoadCount; 1011 USHORT OffsetToFileName; 1012 CHAR FullPathName[256]; 1013 } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 1014 1015 typedef struct _RTL_PROCESS_MODULES 1016 { 1017 ULONG NumberOfModules; 1018 RTL_PROCESS_MODULE_INFORMATION Modules[1]; 1019 } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 1020 1021 typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX 1022 { 1023 ULONG NextOffset; 1024 RTL_PROCESS_MODULE_INFORMATION BaseInfo; 1025 ULONG ImageCheckSum; 1026 ULONG TimeDateStamp; 1027 PVOID DefaultBase; 1028 } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX; 1029 1030 typedef struct _RTL_HEAP_TAG_INFO 1031 { 1032 ULONG NumberOfAllocations; 1033 ULONG NumberOfFrees; 1034 SIZE_T BytesAllocated; 1035 } RTL_HEAP_TAG_INFO, *PRTL_HEAP_TAG_INFO; 1036 1037 typedef struct _RTL_HEAP_USAGE_ENTRY 1038 { 1039 struct _RTL_HEAP_USAGE_ENTRY *Next; 1040 PVOID Address; 1041 SIZE_T Size; 1042 USHORT AllocatorBackTraceIndex; 1043 USHORT TagIndex; 1044 } RTL_HEAP_USAGE_ENTRY, *PRTL_HEAP_USAGE_ENTRY; 1045 1046 typedef struct _RTL_HEAP_USAGE 1047 { 1048 ULONG Length; 1049 SIZE_T BytesAllocated; 1050 SIZE_T BytesCommitted; 1051 SIZE_T BytesReserved; 1052 SIZE_T BytesReservedMaximum; 1053 PRTL_HEAP_USAGE_ENTRY Entries; 1054 PRTL_HEAP_USAGE_ENTRY AddedEntries; 1055 PRTL_HEAP_USAGE_ENTRY RemovedEntries; 1056 ULONG_PTR Reserved[8]; 1057 } RTL_HEAP_USAGE, *PRTL_HEAP_USAGE; 1058 1059 typedef struct _RTL_HEAP_WALK_ENTRY 1060 { 1061 PVOID DataAddress; 1062 SIZE_T DataSize; 1063 UCHAR OverheadBytes; 1064 UCHAR SegmentIndex; 1065 USHORT Flags; 1066 union 1067 { 1068 struct 1069 { 1070 SIZE_T Settable; 1071 USHORT TagIndex; 1072 USHORT AllocatorBackTraceIndex; 1073 ULONG Reserved[2]; 1074 } Block; 1075 struct 1076 { 1077 ULONG_PTR CommittedSize; 1078 ULONG_PTR UnCommittedSize; 1079 PVOID FirstEntry; 1080 PVOID LastEntry; 1081 } Segment; 1082 }; 1083 } RTL_HEAP_WALK_ENTRY, *PRTL_HEAP_WALK_ENTRY; 1084 1085 typedef struct _RTL_HEAP_ENTRY 1086 { 1087 SIZE_T Size; 1088 USHORT Flags; 1089 USHORT AllocatorBackTraceIndex; 1090 union 1091 { 1092 struct 1093 { 1094 SIZE_T Settable; 1095 ULONG Tag; 1096 } s1; 1097 struct 1098 { 1099 SIZE_T CommittedSize; 1100 PVOID FirstBlock; 1101 } s2; 1102 } u; 1103 } RTL_HEAP_ENTRY, *PRTL_HEAP_ENTRY; 1104 1105 typedef struct _RTL_HEAP_TAG 1106 { 1107 ULONG NumberOfAllocations; 1108 ULONG NumberOfFrees; 1109 SIZE_T BytesAllocated; 1110 USHORT TagIndex; 1111 USHORT CreatorBackTraceIndex; 1112 WCHAR TagName[24]; 1113 } RTL_HEAP_TAG, *PRTL_HEAP_TAG; 1114 1115 typedef struct _RTL_HEAP_INFORMATION 1116 { 1117 PVOID BaseAddress; 1118 ULONG Flags; 1119 USHORT EntryOverhead; 1120 USHORT CreatorBackTraceIndex; 1121 SIZE_T BytesAllocated; 1122 SIZE_T BytesCommitted; 1123 ULONG NumberOfTags; 1124 ULONG NumberOfEntries; 1125 ULONG NumberOfPseudoTags; 1126 ULONG PseudoTagGranularity; 1127 ULONG Reserved[5]; 1128 PRTL_HEAP_TAG Tags; 1129 PRTL_HEAP_ENTRY Entries; 1130 } RTL_HEAP_INFORMATION, *PRTL_HEAP_INFORMATION; 1131 1132 typedef struct _RTL_PROCESS_HEAPS 1133 { 1134 ULONG NumberOfHeaps; 1135 RTL_HEAP_INFORMATION Heaps[1]; 1136 } RTL_PROCESS_HEAPS, *PRTL_PROCESS_HEAPS; 1137 1138 typedef struct _RTL_PROCESS_LOCK_INFORMATION 1139 { 1140 PVOID Address; 1141 USHORT Type; 1142 USHORT CreatorBackTraceIndex; 1143 ULONG OwnerThreadId; 1144 ULONG ActiveCount; 1145 ULONG ContentionCount; 1146 ULONG EntryCount; 1147 ULONG RecursionCount; 1148 ULONG NumberOfSharedWaiters; 1149 ULONG NumberOfExclusiveWaiters; 1150 } RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION; 1151 1152 typedef struct _RTL_PROCESS_LOCKS 1153 { 1154 ULONG NumberOfLocks; 1155 RTL_PROCESS_LOCK_INFORMATION Locks[1]; 1156 } RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS; 1157 1158 typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION 1159 { 1160 PVOID SymbolicBackTrace; 1161 ULONG TraceCount; 1162 USHORT Index; 1163 USHORT Depth; 1164 PVOID BackTrace[32]; 1165 } RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION; 1166 1167 typedef struct _RTL_PROCESS_BACKTRACES 1168 { 1169 ULONG CommittedMemory; 1170 ULONG ReservedMemory; 1171 ULONG NumberOfBackTraceLookups; 1172 ULONG NumberOfBackTraces; 1173 RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1]; 1174 } RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES; 1175 1176 typedef struct _RTL_PROCESS_VERIFIER_OPTIONS 1177 { 1178 ULONG SizeStruct; 1179 ULONG Option; 1180 UCHAR OptionData[1]; 1181 // 1182 // Option array continues below 1183 // 1184 } RTL_PROCESS_VERIFIER_OPTIONS, *PRTL_PROCESS_VERIFIER_OPTIONS; 1185 1186 typedef struct _RTL_DEBUG_INFORMATION 1187 { 1188 HANDLE SectionHandleClient; 1189 PVOID ViewBaseClient; 1190 PVOID ViewBaseTarget; 1191 ULONG ViewBaseDelta; 1192 HANDLE EventPairClient; 1193 PVOID EventPairTarget; 1194 HANDLE TargetProcessId; 1195 HANDLE TargetThreadHandle; 1196 ULONG Flags; 1197 ULONG OffsetFree; 1198 ULONG CommitSize; 1199 ULONG ViewSize; 1200 union 1201 { 1202 PRTL_PROCESS_MODULES Modules; 1203 PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx; 1204 }; 1205 PRTL_PROCESS_BACKTRACES BackTraces; 1206 PRTL_PROCESS_HEAPS Heaps; 1207 PRTL_PROCESS_LOCKS Locks; 1208 HANDLE SpecificHeap; 1209 HANDLE TargetProcessHandle; 1210 PRTL_PROCESS_VERIFIER_OPTIONS VerifierOptions; 1211 HANDLE ProcessHeap; 1212 HANDLE CriticalSectionHandle; 1213 HANDLE CriticalSectionOwnerThread; 1214 PVOID Reserved[4]; 1215 } RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION; 1216 1217 // 1218 // Fiber local storage data 1219 // 1220 #define RTL_FLS_MAXIMUM_AVAILABLE 128 1221 typedef struct _RTL_FLS_DATA 1222 { 1223 LIST_ENTRY ListEntry; 1224 PVOID Data[RTL_FLS_MAXIMUM_AVAILABLE]; 1225 } RTL_FLS_DATA, *PRTL_FLS_DATA; 1226 1227 1228 // 1229 // Unload Event Trace Structure for RtlGetUnloadEventTrace 1230 // 1231 #define RTL_UNLOAD_EVENT_TRACE_NUMBER 16 1232 1233 typedef struct _RTL_UNLOAD_EVENT_TRACE 1234 { 1235 PVOID BaseAddress; 1236 ULONG SizeOfImage; 1237 ULONG Sequence; 1238 ULONG TimeDateStamp; 1239 ULONG CheckSum; 1240 WCHAR ImageName[32]; 1241 } RTL_UNLOAD_EVENT_TRACE, *PRTL_UNLOAD_EVENT_TRACE; 1242 1243 // 1244 // RTL Handle Structures 1245 // 1246 typedef struct _RTL_HANDLE_TABLE_ENTRY 1247 { 1248 union 1249 { 1250 ULONG Flags; 1251 struct _RTL_HANDLE_TABLE_ENTRY *NextFree; 1252 }; 1253 } RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY; 1254 1255 typedef struct _RTL_HANDLE_TABLE 1256 { 1257 ULONG MaximumNumberOfHandles; 1258 ULONG SizeOfHandleTableEntry; 1259 ULONG Reserved[2]; 1260 PRTL_HANDLE_TABLE_ENTRY FreeHandles; 1261 PRTL_HANDLE_TABLE_ENTRY CommittedHandles; 1262 PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles; 1263 PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles; 1264 } RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE; 1265 1266 // 1267 // RTL Boot Status Data Item 1268 // 1269 typedef struct _RTL_BSD_ITEM 1270 { 1271 RTL_BSD_ITEM_TYPE Type; 1272 PVOID DataBuffer; 1273 ULONG DataLength; 1274 } RTL_BSD_ITEM, *PRTL_BSD_ITEM; 1275 1276 // 1277 // Data Sub-Structures for "bootstat.dat" RTL Data File 1278 // 1279 typedef struct _RTL_BSD_DATA_POWER_TRANSITION 1280 { 1281 LARGE_INTEGER PowerButtonTimestamp; 1282 struct 1283 { 1284 UCHAR SystemRunning : 1; 1285 UCHAR ConnectedStandbyInProgress : 1; 1286 UCHAR UserShutdownInProgress : 1; 1287 UCHAR SystemShutdownInProgress : 1; 1288 UCHAR SleepInProgress : 4; 1289 } Flags; 1290 UCHAR ConnectedStandbyScenarioInstanceId; 1291 UCHAR ConnectedStandbyEntryReason; 1292 UCHAR ConnectedStandbyExitReason; 1293 USHORT SystemSleepTransitionCount; 1294 LARGE_INTEGER LastReferenceTime; 1295 ULONG LastReferenceTimeChecksum; 1296 ULONG LastUpdateBootId; 1297 } RTL_BSD_DATA_POWER_TRANSITION, *PRTL_BSD_DATA_POWER_TRANSITION; 1298 1299 typedef struct _RTL_BSD_DATA_ERROR_INFO 1300 { 1301 ULONG BootId; 1302 ULONG RepeatCount; 1303 ULONG OtherErrorCount; 1304 ULONG Code; 1305 ULONG OtherErrorCount2; 1306 } RTL_BSD_DATA_ERROR_INFO, *PRTL_BSD_DATA_ERROR_INFO; 1307 1308 typedef struct _RTL_BSD_POWER_BUTTON_PRESS_INFO 1309 { 1310 LARGE_INTEGER LastPressTime; 1311 ULONG CumulativePressCount; 1312 USHORT LastPressBootId; 1313 UCHAR LastPowerWatchdogStage; 1314 struct 1315 { 1316 UCHAR WatchdogArmed : 1; 1317 UCHAR ShutdownInProgress : 1; 1318 } Flags; 1319 LARGE_INTEGER LastReleaseTime; 1320 ULONG CumulativeReleaseCount; 1321 USHORT LastReleaseBootId; 1322 USHORT ErrorCount; 1323 UCHAR CurrentConnectedStandbyPhase; 1324 ULONG TransitionLatestCheckpointId; 1325 ULONG TransitionLatestCheckpointType; 1326 ULONG TransitionLatestCheckpointSequenceNumber; 1327 } RTL_BSD_POWER_BUTTON_PRESS_INFO, *PRTL_BSD_POWER_BUTTON_PRESS_INFO; 1328 1329 // 1330 // Main Structure for "bootstat.dat" RTL Data File 1331 // 1332 typedef struct _RTL_BSD_DATA 1333 { 1334 ULONG Version; // RtlBsdItemVersionNumber 1335 ULONG ProductType; // RtlBsdItemProductType 1336 BOOLEAN AabEnabled; // RtlBsdItemAabEnabled 1337 UCHAR AabTimeout; // RtlBsdItemAabTimeout 1338 BOOLEAN LastBootSucceeded; // RtlBsdItemBootGood 1339 BOOLEAN LastBootShutdown; // RtlBsdItemBootShutdown 1340 BOOLEAN SleepInProgress; // RtlBsdSleepInProgress 1341 RTL_BSD_DATA_POWER_TRANSITION PowerTransition; // RtlBsdPowerTransition 1342 UCHAR BootAttemptCount; // RtlBsdItemBootAttemptCount 1343 UCHAR LastBootCheckpoint; // RtlBsdItemBootCheckpoint 1344 UCHAR Checksum; // RtlBsdItemChecksum 1345 ULONG LastBootId; // RtlBsdItemBootId 1346 ULONG LastSuccessfulShutdownBootId; // RtlBsdItemShutdownBootId 1347 ULONG LastReportedAbnormalShutdownBootId; // RtlBsdItemReportedAbnormalShutdownBootId 1348 RTL_BSD_DATA_ERROR_INFO ErrorInfo; // RtlBsdItemErrorInfo 1349 RTL_BSD_POWER_BUTTON_PRESS_INFO PowerButtonPressInfo; // RtlBsdItemPowerButtonPressInfo 1350 } RTL_BSD_DATA, *PRTL_BSD_DATA; 1351 1352 #ifdef NTOS_MODE_USER 1353 // 1354 // Exception Record 1355 // 1356 typedef struct _EXCEPTION_REGISTRATION_RECORD 1357 { 1358 struct _EXCEPTION_REGISTRATION_RECORD *Next; 1359 PEXCEPTION_ROUTINE Handler; 1360 } EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD; 1361 #endif /* NTOS_MODE_USER */ 1362 1363 // 1364 // Current Directory Structures 1365 // 1366 typedef struct _CURDIR 1367 { 1368 UNICODE_STRING DosPath; 1369 HANDLE Handle; 1370 } CURDIR, *PCURDIR; 1371 1372 typedef struct _RTLP_CURDIR_REF 1373 { 1374 LONG RefCount; 1375 HANDLE Handle; 1376 } RTLP_CURDIR_REF, *PRTLP_CURDIR_REF; 1377 1378 typedef struct _RTL_RELATIVE_NAME_U 1379 { 1380 UNICODE_STRING RelativeName; 1381 HANDLE ContainingDirectory; 1382 PRTLP_CURDIR_REF CurDirRef; 1383 } RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U; 1384 1385 typedef struct _RTL_DRIVE_LETTER_CURDIR 1386 { 1387 USHORT Flags; 1388 USHORT Length; 1389 ULONG TimeStamp; 1390 UNICODE_STRING DosPath; 1391 } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; 1392 1393 typedef struct _RTL_PERTHREAD_CURDIR 1394 { 1395 PRTL_DRIVE_LETTER_CURDIR CurrentDirectories; 1396 PUNICODE_STRING ImageName; 1397 PVOID Environment; 1398 } RTL_PERTHREAD_CURDIR, *PRTL_PERTHREAD_CURDIR; 1399 1400 // 1401 // Private State structure for RtlAcquirePrivilege/RtlReleasePrivilege 1402 // 1403 typedef struct _RTL_ACQUIRE_STATE 1404 { 1405 HANDLE Token; 1406 HANDLE OldImpersonationToken; 1407 PTOKEN_PRIVILEGES OldPrivileges; 1408 PTOKEN_PRIVILEGES NewPrivileges; 1409 ULONG Flags; 1410 UCHAR OldPrivBuffer[1024]; 1411 } RTL_ACQUIRE_STATE, *PRTL_ACQUIRE_STATE; 1412 1413 #ifndef NTOS_MODE_USER 1414 1415 // 1416 // RTL Critical Section Structures 1417 // 1418 typedef struct _RTL_CRITICAL_SECTION_DEBUG 1419 { 1420 USHORT Type; 1421 USHORT CreatorBackTraceIndex; 1422 struct _RTL_CRITICAL_SECTION *CriticalSection; 1423 LIST_ENTRY ProcessLocksList; 1424 ULONG EntryCount; 1425 ULONG ContentionCount; 1426 ULONG Spare[2]; 1427 } RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, *PRTL_RESOURCE_DEBUG; 1428 1429 typedef struct _RTL_CRITICAL_SECTION 1430 { 1431 PRTL_CRITICAL_SECTION_DEBUG DebugInfo; 1432 LONG LockCount; 1433 LONG RecursionCount; 1434 HANDLE OwningThread; 1435 HANDLE LockSemaphore; 1436 ULONG_PTR SpinCount; 1437 } RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION; 1438 1439 #endif /* !NTOS_MODE_USER */ 1440 1441 // 1442 // RTL Private Heap Structures 1443 // 1444 typedef struct _HEAP_LOCK 1445 { 1446 union 1447 { 1448 RTL_CRITICAL_SECTION CriticalSection; 1449 #ifndef NTOS_MODE_USER 1450 ERESOURCE Resource; 1451 #endif 1452 UCHAR Padding[0x68]; /* Max ERESOURCE size for x64 build. Needed because RTL is built only once */ 1453 }; 1454 } HEAP_LOCK, *PHEAP_LOCK; 1455 1456 // 1457 // RTL Range List Structures 1458 // 1459 typedef struct _RTL_RANGE_LIST 1460 { 1461 LIST_ENTRY ListHead; 1462 ULONG Flags; 1463 ULONG Count; 1464 ULONG Stamp; 1465 } RTL_RANGE_LIST, *PRTL_RANGE_LIST; 1466 1467 typedef struct _RTL_RANGE 1468 { 1469 ULONGLONG Start; 1470 ULONGLONG End; 1471 PVOID UserData; 1472 PVOID Owner; 1473 UCHAR Attributes; 1474 UCHAR Flags; 1475 } RTL_RANGE, *PRTL_RANGE; 1476 1477 typedef struct _RANGE_LIST_ITERATOR 1478 { 1479 PLIST_ENTRY RangeListHead; 1480 PLIST_ENTRY MergedHead; 1481 PVOID Current; 1482 ULONG Stamp; 1483 } RTL_RANGE_LIST_ITERATOR, *PRTL_RANGE_LIST_ITERATOR; 1484 1485 typedef struct _RTLP_RANGE_LIST_ENTRY 1486 { 1487 ULONGLONG Start; 1488 ULONGLONG End; 1489 union 1490 { 1491 struct 1492 { 1493 PVOID UserData; 1494 PVOID Owner; 1495 } Allocated; 1496 struct 1497 { 1498 LIST_ENTRY ListHead; 1499 } Merged; 1500 }; 1501 UCHAR Attributes; 1502 UCHAR PublicFlags; 1503 USHORT PrivateFlags; 1504 LIST_ENTRY ListEntry; 1505 } RTLP_RANGE_LIST_ENTRY, *PRTLP_RANGE_LIST_ENTRY; 1506 C_ASSERT(RTL_SIZEOF_THROUGH_FIELD(RTL_RANGE, Flags) == RTL_SIZEOF_THROUGH_FIELD(RTLP_RANGE_LIST_ENTRY, PublicFlags)); 1507 1508 // 1509 // RTL Resource 1510 // 1511 #define RTL_RESOURCE_FLAG_LONG_TERM ((ULONG)0x00000001) 1512 1513 typedef struct _RTL_RESOURCE 1514 { 1515 RTL_CRITICAL_SECTION Lock; 1516 HANDLE SharedSemaphore; 1517 ULONG SharedWaiters; 1518 HANDLE ExclusiveSemaphore; 1519 ULONG ExclusiveWaiters; 1520 LONG NumberActive; 1521 HANDLE OwningThread; 1522 ULONG TimeoutBoost; 1523 PVOID DebugInfo; 1524 } RTL_RESOURCE, *PRTL_RESOURCE; 1525 1526 // 1527 // Structures for RtlCreateUserProcess 1528 // 1529 typedef struct _RTL_USER_PROCESS_PARAMETERS 1530 { 1531 ULONG MaximumLength; 1532 ULONG Length; 1533 ULONG Flags; 1534 ULONG DebugFlags; 1535 HANDLE ConsoleHandle; 1536 ULONG ConsoleFlags; 1537 HANDLE StandardInput; 1538 HANDLE StandardOutput; 1539 HANDLE StandardError; 1540 CURDIR CurrentDirectory; 1541 UNICODE_STRING DllPath; 1542 UNICODE_STRING ImagePathName; 1543 UNICODE_STRING CommandLine; 1544 PWSTR Environment; 1545 ULONG StartingX; 1546 ULONG StartingY; 1547 ULONG CountX; 1548 ULONG CountY; 1549 ULONG CountCharsX; 1550 ULONG CountCharsY; 1551 ULONG FillAttribute; 1552 ULONG WindowFlags; 1553 ULONG ShowWindowFlags; 1554 UNICODE_STRING WindowTitle; 1555 UNICODE_STRING DesktopInfo; 1556 UNICODE_STRING ShellInfo; 1557 UNICODE_STRING RuntimeData; 1558 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS]; 1559 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1560 SIZE_T EnvironmentSize; 1561 #endif 1562 #if (NTDDI_VERSION >= NTDDI_WIN7) 1563 SIZE_T EnvironmentVersion; 1564 #endif 1565 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 1566 1567 typedef struct _RTL_USER_PROCESS_INFORMATION 1568 { 1569 ULONG Size; 1570 HANDLE ProcessHandle; 1571 HANDLE ThreadHandle; 1572 CLIENT_ID ClientId; 1573 SECTION_IMAGE_INFORMATION ImageInformation; 1574 } RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; 1575 1576 #if (NTDDI_VERSION >= NTDDI_WIN7) 1577 1578 typedef enum _RTL_UMS_SCHEDULER_REASON 1579 { 1580 UmsSchedulerStartup = 0, 1581 UmsSchedulerThreadBlocked = 1, 1582 UmsSchedulerThreadYield = 2, 1583 } RTL_UMS_SCHEDULER_REASON, *PRTL_UMS_SCHEDULER_REASON; 1584 1585 typedef enum _RTL_UMSCTX_FLAGS 1586 { 1587 UMSCTX_SCHEDULED_THREAD_BIT = 0, 1588 #if (NTDDI_VERSION < NTDDI_WIN8) 1589 UMSCTX_HAS_QUANTUM_REQ_BIT, 1590 UMSCTX_HAS_AFFINITY_REQ_BIT, 1591 UMSCTX_HAS_PRIORITY_REQ_BIT, 1592 #endif 1593 UMSCTX_SUSPENDED_BIT, 1594 UMSCTX_VOLATILE_CONTEXT_BIT, 1595 UMSCTX_TERMINATED_BIT, 1596 UMSCTX_DEBUG_ACTIVE_BIT, 1597 UMSCTX_RUNNING_ON_SELF_THREAD_BIT, 1598 UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT 1599 1600 } RTL_UMSCTX_FLAGS, *PRTL_UMSCTX_FLAGS; 1601 1602 #define UMSCTX_SCHEDULED_THREAD_MASK (1 << UMSCTX_SCHEDULED_THREAD_BIT) 1603 #define UMSCTX_SUSPENDED_MASK (1 << UMSCTX_SUSPENDED_BIT) 1604 #define UMSCTX_VOLATILE_CONTEXT_MASK (1 << UMSCTX_VOLATILE_CONTEXT_BIT) 1605 #define UMSCTX_TERMINATED_MASK (1 << UMSCTX_TERMINATED_BIT) 1606 #define UMSCTX_DEBUG_ACTIVE_MASK (1 << UMSCTX_DEBUG_ACTIVE_BIT) 1607 #define UMSCTX_RUNNING_ON_SELF_THREAD_MASK (1 << UMSCTX_RUNNING_ON_SELF_THREAD_BIT) 1608 #define UMSCTX_DENY_RUNNING_ON_SELF_THREAD_MASK (1 << UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT) 1609 1610 // 1611 // UMS Context 1612 // 1613 typedef struct DECLSPEC_ALIGN(16) _RTL_UMS_CONTEXT 1614 { 1615 SINGLE_LIST_ENTRY Link; 1616 CONTEXT Context; 1617 PVOID Teb; 1618 PVOID UserContext; 1619 union 1620 { 1621 struct 1622 { 1623 ULONG ScheduledThread : 1; 1624 #if (NTDDI_VERSION < NTDDI_WIN8) 1625 ULONG HasQuantumReq : 1; 1626 ULONG HasAffinityReq : 1; 1627 ULONG HasPriorityReq : 1; 1628 #endif 1629 ULONG Suspended : 1; 1630 ULONG VolatileContext : 1; 1631 ULONG Terminated : 1; 1632 ULONG DebugActive : 1; 1633 ULONG RunningOnSelfThread : 1; 1634 ULONG DenyRunningOnSelfThread : 1; 1635 #if (NTDDI_VERSION < NTDDI_WIN8) 1636 ULONG ReservedFlags : 22; 1637 #endif 1638 }; 1639 LONG Flags; 1640 }; 1641 union 1642 { 1643 struct 1644 { 1645 #if (NTDDI_VERSION >= NTDDI_WIN8) 1646 ULONG64 KernelUpdateLock : 2; 1647 #else 1648 ULONG64 KernelUpdateLock : 1; 1649 ULONG64 Reserved : 1; 1650 #endif 1651 ULONG64 PrimaryClientID : 62; 1652 }; 1653 ULONG64 ContextLock; 1654 }; 1655 #if (NTDDI_VERSION < NTDDI_WIN8) 1656 ULONG64 QuantumValue; 1657 GROUP_AFFINITY AffinityMask; 1658 LONG Priority; 1659 #endif 1660 struct _RTL_UMS_CONTEXT* PrimaryUmsContext; 1661 ULONG SwitchCount; 1662 ULONG KernelYieldCount; 1663 ULONG MixedYieldCount; 1664 ULONG YieldCount; 1665 } RTL_UMS_CONTEXT, *PRTL_UMS_CONTEXT; 1666 #endif // #if (NTDDI_VERSION >= NTDDI_WIN7) 1667 1668 // 1669 // RTL Atom Table Structures 1670 // 1671 typedef struct _RTL_ATOM_TABLE_ENTRY 1672 { 1673 struct _RTL_ATOM_TABLE_ENTRY *HashLink; 1674 USHORT HandleIndex; 1675 USHORT Atom; 1676 USHORT ReferenceCount; 1677 UCHAR Flags; 1678 UCHAR NameLength; 1679 WCHAR Name[1]; 1680 } RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY; 1681 1682 typedef struct _RTL_ATOM_TABLE 1683 { 1684 ULONG Signature; 1685 union 1686 { 1687 #ifdef NTOS_MODE_USER 1688 RTL_CRITICAL_SECTION CriticalSection; 1689 #else 1690 FAST_MUTEX FastMutex; 1691 #endif 1692 }; 1693 union 1694 { 1695 #ifdef NTOS_MODE_USER 1696 RTL_HANDLE_TABLE RtlHandleTable; 1697 #else 1698 PHANDLE_TABLE ExHandleTable; 1699 #endif 1700 }; 1701 ULONG NumberOfBuckets; 1702 PRTL_ATOM_TABLE_ENTRY Buckets[1]; 1703 } RTL_ATOM_TABLE, *PRTL_ATOM_TABLE; 1704 1705 // 1706 // Timezone Information 1707 // 1708 typedef struct _RTL_TIME_ZONE_INFORMATION 1709 { 1710 LONG Bias; 1711 WCHAR StandardName[32]; 1712 TIME_FIELDS StandardDate; 1713 LONG StandardBias; 1714 WCHAR DaylightName[32]; 1715 TIME_FIELDS DaylightDate; 1716 LONG DaylightBias; 1717 } RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION; 1718 1719 // 1720 // Hotpatch Header 1721 // 1722 typedef struct _RTL_PATCH_HEADER 1723 { 1724 LIST_ENTRY PatchList; 1725 PVOID PatchImageBase; 1726 struct _RTL_PATCH_HEADER *NextPath; 1727 ULONG PatchFlags; 1728 LONG PatchRefCount; 1729 struct _HOTPATCH_HEADER *HotpatchHeader; 1730 UNICODE_STRING TargetDllName; 1731 PVOID TargetDllBase; 1732 PLDR_DATA_TABLE_ENTRY TargetLdrDataTableEntry; 1733 PLDR_DATA_TABLE_ENTRY PatchLdrDataTableEntry; 1734 struct _SYSTEM_HOTPATCH_CODE_INFORMATION *CodeInfo; 1735 } RTL_PATCH_HEADER, *PRTL_PATCH_HEADER; 1736 1737 // 1738 // Header for NLS Files 1739 // 1740 typedef struct _NLS_FILE_HEADER 1741 { 1742 USHORT HeaderSize; 1743 USHORT CodePage; 1744 USHORT MaximumCharacterSize; 1745 USHORT DefaultChar; 1746 USHORT UniDefaultChar; 1747 USHORT TransDefaultChar; 1748 USHORT TransUniDefaultChar; 1749 UCHAR LeadByte[MAXIMUM_LEADBYTES]; 1750 } NLS_FILE_HEADER, *PNLS_FILE_HEADER; 1751 1752 // 1753 // Stack Traces 1754 // 1755 typedef struct _RTL_STACK_TRACE_ENTRY 1756 { 1757 struct _RTL_STACK_TRACE_ENTRY *HashChain; 1758 ULONG TraceCount; 1759 USHORT Index; 1760 USHORT Depth; 1761 PVOID BackTrace[32]; 1762 } RTL_STACK_TRACE_ENTRY, *PRTL_STACK_TRACE_ENTRY; 1763 1764 1765 typedef struct _STACK_TRACE_DATABASE 1766 { 1767 union 1768 { 1769 PVOID Lock; 1770 1771 /* Padding for ERESOURCE */ 1772 #if defined(_M_AMD64) 1773 UCHAR Padding[0x68]; 1774 #else 1775 UCHAR Padding[56]; 1776 #endif 1777 } Lock; 1778 1779 BOOLEAN DumpInProgress; 1780 1781 PVOID CommitBase; 1782 PVOID CurrentLowerCommitLimit; 1783 PVOID CurrentUpperCommitLimit; 1784 1785 PCHAR NextFreeLowerMemory; 1786 PCHAR NextFreeUpperMemory; 1787 1788 ULONG NumberOfEntriesAdded; 1789 ULONG NumberOfAllocationFailures; 1790 PRTL_STACK_TRACE_ENTRY* EntryIndexArray; 1791 1792 ULONG NumberOfBuckets; 1793 PRTL_STACK_TRACE_ENTRY Buckets[ANYSIZE_ARRAY]; 1794 } STACK_TRACE_DATABASE, *PSTACK_TRACE_DATABASE; 1795 1796 // Validate that our padding is big enough: 1797 #ifndef NTOS_MODE_USER 1798 #if defined(_M_AMD64) 1799 C_ASSERT(sizeof(ERESOURCE) <= 0x68); 1800 #elif defined(_M_ARM64) 1801 C_ASSERT(sizeof(ERESOURCE) <= 0x68); 1802 #else 1803 C_ASSERT(sizeof(ERESOURCE) <= 56); 1804 #endif 1805 #endif 1806 1807 1808 // 1809 // Trace Database 1810 // 1811 1812 typedef ULONG (NTAPI *RTL_TRACE_HASH_FUNCTION) (ULONG Count, PVOID *Trace); 1813 1814 typedef struct _RTL_TRACE_BLOCK 1815 { 1816 ULONG Magic; 1817 ULONG Count; 1818 ULONG Size; 1819 ULONG UserCount; 1820 ULONG UserSize; 1821 PVOID UserContext; 1822 struct _RTL_TRACE_BLOCK *Next; 1823 PVOID *Trace; 1824 } RTL_TRACE_BLOCK, *PRTL_TRACE_BLOCK; 1825 1826 typedef struct _RTL_TRACE_DATABASE 1827 { 1828 ULONG Magic; 1829 ULONG Flags; 1830 ULONG Tag; 1831 struct _RTL_TRACE_SEGMENT *SegmentList; 1832 SIZE_T MaximumSize; 1833 SIZE_T CurrentSize; 1834 PVOID Owner; 1835 #ifdef NTOS_MODE_USER 1836 RTL_CRITICAL_SECTION Lock; 1837 #else 1838 union 1839 { 1840 KSPIN_LOCK SpinLock; 1841 FAST_MUTEX FastMutex; 1842 } u; 1843 #endif 1844 ULONG NoOfBuckets; 1845 struct _RTL_TRACE_BLOCK **Buckets; 1846 RTL_TRACE_HASH_FUNCTION HashFunction; 1847 SIZE_T NoOfTraces; 1848 SIZE_T NoOfHits; 1849 ULONG HashCounter[16]; 1850 } RTL_TRACE_DATABASE, *PRTL_TRACE_DATABASE; 1851 1852 typedef struct _RTL_TRACE_SEGMENT 1853 { 1854 ULONG Magic; 1855 struct _RTL_TRACE_DATABASE *Database; 1856 struct _RTL_TRACE_SEGMENT *NextSegment; 1857 SIZE_T TotalSize; 1858 PCHAR SegmentStart; 1859 PCHAR SegmentEnd; 1860 PCHAR SegmentFree; 1861 } RTL_TRACE_SEGMENT, *PRTL_TRACE_SEGMENT; 1862 1863 typedef struct _RTL_TRACE_ENUMERATE 1864 { 1865 struct _RTL_TRACE_DATABASE *Database; 1866 ULONG Index; 1867 struct _RTL_TRACE_BLOCK *Block; 1868 } RTL_TRACE_ENUMERATE, * PRTL_TRACE_ENUMERATE; 1869 1870 // 1871 // Auto-Managed Rtl* String Buffer 1872 // 1873 typedef struct _RTL_BUFFER 1874 { 1875 PUCHAR Buffer; 1876 PUCHAR StaticBuffer; 1877 SIZE_T Size; 1878 SIZE_T StaticSize; 1879 SIZE_T ReservedForAllocatedSize; 1880 PVOID ReservedForIMalloc; 1881 } RTL_BUFFER, *PRTL_BUFFER; 1882 1883 typedef struct _RTL_UNICODE_STRING_BUFFER 1884 { 1885 UNICODE_STRING String; 1886 RTL_BUFFER ByteBuffer; 1887 WCHAR MinimumStaticBufferForTerminalNul; 1888 } RTL_UNICODE_STRING_BUFFER, *PRTL_UNICODE_STRING_BUFFER; 1889 1890 #ifndef NTOS_MODE_USER 1891 1892 // 1893 // Message Resource Entry, Block and Data 1894 // 1895 typedef struct _MESSAGE_RESOURCE_ENTRY 1896 { 1897 USHORT Length; 1898 USHORT Flags; 1899 UCHAR Text[ANYSIZE_ARRAY]; 1900 } MESSAGE_RESOURCE_ENTRY, *PMESSAGE_RESOURCE_ENTRY; 1901 1902 typedef struct _MESSAGE_RESOURCE_BLOCK 1903 { 1904 ULONG LowId; 1905 ULONG HighId; 1906 ULONG OffsetToEntries; 1907 } MESSAGE_RESOURCE_BLOCK, *PMESSAGE_RESOURCE_BLOCK; 1908 1909 typedef struct _MESSAGE_RESOURCE_DATA 1910 { 1911 ULONG NumberOfBlocks; 1912 MESSAGE_RESOURCE_BLOCK Blocks[ANYSIZE_ARRAY]; 1913 } MESSAGE_RESOURCE_DATA, *PMESSAGE_RESOURCE_DATA; 1914 1915 #ifdef _M_AMD64 1916 1917 typedef struct _KNONVOLATILE_CONTEXT_POINTERS { 1918 union { 1919 PM128A FloatingContext[16]; 1920 struct { 1921 PM128A Xmm0; 1922 PM128A Xmm1; 1923 PM128A Xmm2; 1924 PM128A Xmm3; 1925 PM128A Xmm4; 1926 PM128A Xmm5; 1927 PM128A Xmm6; 1928 PM128A Xmm7; 1929 PM128A Xmm8; 1930 PM128A Xmm9; 1931 PM128A Xmm10; 1932 PM128A Xmm11; 1933 PM128A Xmm12; 1934 PM128A Xmm13; 1935 PM128A Xmm14; 1936 PM128A Xmm15; 1937 } DUMMYSTRUCTNAME; 1938 } DUMMYUNIONNAME; 1939 1940 union { 1941 PULONG64 IntegerContext[16]; 1942 struct { 1943 PULONG64 Rax; 1944 PULONG64 Rcx; 1945 PULONG64 Rdx; 1946 PULONG64 Rbx; 1947 PULONG64 Rsp; 1948 PULONG64 Rbp; 1949 PULONG64 Rsi; 1950 PULONG64 Rdi; 1951 PULONG64 R8; 1952 PULONG64 R9; 1953 PULONG64 R10; 1954 PULONG64 R11; 1955 PULONG64 R12; 1956 PULONG64 R13; 1957 PULONG64 R14; 1958 PULONG64 R15; 1959 } DUMMYSTRUCTNAME; 1960 } DUMMYUNIONNAME2; 1961 } KNONVOLATILE_CONTEXT_POINTERS, *PKNONVOLATILE_CONTEXT_POINTERS; 1962 1963 #define UNW_FLAG_NHANDLER 0x0 1964 #define UNW_FLAG_EHANDLER 0x1 1965 #define UNW_FLAG_UHANDLER 0x2 1966 #define UNW_FLAG_CHAININFO 0x4 1967 #define UNW_FLAG_NO_EPILOGUE 0x80000000UL 1968 1969 #define RUNTIME_FUNCTION_INDIRECT 0x1 1970 1971 typedef struct _RUNTIME_FUNCTION { 1972 ULONG BeginAddress; 1973 ULONG EndAddress; 1974 ULONG UnwindData; 1975 } RUNTIME_FUNCTION, *PRUNTIME_FUNCTION; 1976 1977 #define UNWIND_HISTORY_TABLE_SIZE 12 1978 1979 typedef struct _UNWIND_HISTORY_TABLE_ENTRY 1980 { 1981 ULONG64 ImageBase; 1982 PRUNTIME_FUNCTION FunctionEntry; 1983 } UNWIND_HISTORY_TABLE_ENTRY, *PUNWIND_HISTORY_TABLE_ENTRY; 1984 1985 typedef struct _UNWIND_HISTORY_TABLE 1986 { 1987 ULONG Count; 1988 UCHAR LocalHint; 1989 UCHAR GlobalHint; 1990 UCHAR Search; 1991 UCHAR Once; 1992 ULONG64 LowAddress; 1993 ULONG64 HighAddress; 1994 UNWIND_HISTORY_TABLE_ENTRY Entry[UNWIND_HISTORY_TABLE_SIZE]; 1995 } UNWIND_HISTORY_TABLE, *PUNWIND_HISTORY_TABLE; 1996 1997 #endif /* _M_AMD64 */ 1998 1999 #endif /* !NTOS_MODE_USER */ 2000 2001 #ifdef NTOS_MODE_USER 2002 2003 // 2004 // Memory Stream 2005 // 2006 #ifndef CONST_VTBL 2007 #ifdef CONST_VTABLE 2008 #define CONST_VTBL const 2009 #else 2010 #define CONST_VTBL 2011 #endif 2012 #endif 2013 2014 struct IStreamVtbl; 2015 struct IStream; 2016 struct tagSTATSTG; 2017 2018 typedef struct _RTL_MEMORY_STREAM RTL_MEMORY_STREAM, *PRTL_MEMORY_STREAM; 2019 2020 typedef VOID 2021 (NTAPI *PRTL_MEMORY_STREAM_FINAL_RELEASE_ROUTINE)( 2022 _In_ PRTL_MEMORY_STREAM Stream 2023 ); 2024 2025 struct _RTL_MEMORY_STREAM 2026 { 2027 CONST_VTBL struct IStreamVtbl *Vtbl; 2028 LONG RefCount; 2029 ULONG Unk1; 2030 PVOID Current; 2031 PVOID Start; 2032 PVOID End; 2033 PRTL_MEMORY_STREAM_FINAL_RELEASE_ROUTINE FinalRelease; 2034 HANDLE ProcessHandle; 2035 }; 2036 2037 #endif /* NTOS_MODE_USER */ 2038 2039 #ifdef __cplusplus 2040 } 2041 #endif 2042 2043 #endif /* !_RTLTYPES_H */ 2044