1 /*++ NDK Version: 0098 2 3 Copyright (c) Alex Ionescu. All rights reserved. 4 5 Header Name: 6 7 rtltypes.h 8 9 Abstract: 10 11 Type definitions for the Run-Time Library 12 13 Author: 14 15 Alex Ionescu (alexi@tinykrnl.org) - Updated - 27-Feb-2006 16 17 --*/ 18 19 #ifndef _RTLTYPES_H 20 #define _RTLTYPES_H 21 22 // 23 // Dependencies 24 // 25 #include <umtypes.h> 26 #include <mmtypes.h> 27 #include <ldrtypes.h> 28 29 #ifdef __cplusplus 30 extern "C" { 31 #endif 32 33 // 34 // Maximum Atom Length 35 // 36 #define RTL_MAXIMUM_ATOM_LENGTH 255 37 38 // 39 // Process Parameters Flags 40 // 41 #define RTL_USER_PROCESS_PARAMETERS_NORMALIZED 0x01 42 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_USER 0x02 43 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_KERNEL 0x04 44 #define RTL_USER_PROCESS_PARAMETERS_PROFILE_SERVER 0x08 45 #define RTL_USER_PROCESS_PARAMETERS_UNKNOWN 0x10 46 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_1MB 0x20 47 #define RTL_USER_PROCESS_PARAMETERS_RESERVE_16MB 0x40 48 #define RTL_USER_PROCESS_PARAMETERS_CASE_SENSITIVE 0x80 49 #define RTL_USER_PROCESS_PARAMETERS_DISABLE_HEAP_CHECKS 0x100 50 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_1 0x200 51 #define RTL_USER_PROCESS_PARAMETERS_PROCESS_OR_2 0x400 52 #define RTL_USER_PROCESS_PARAMETERS_PRIVATE_DLL_PATH 0x1000 53 #define RTL_USER_PROCESS_PARAMETERS_LOCAL_DLL_PATH 0x2000 54 #define RTL_USER_PROCESS_PARAMETERS_IMAGE_KEY_MISSING 0x4000 55 #define RTL_USER_PROCESS_PARAMETERS_NX 0x20000 56 57 #define RTL_MAX_DRIVE_LETTERS 32 58 #define RTL_DRIVE_LETTER_VALID (USHORT)0x0001 59 60 // 61 // End of Exception List 62 // 63 #define EXCEPTION_CHAIN_END ((PEXCEPTION_REGISTRATION_RECORD)-1) 64 65 // 66 // Thread Error Mode Flags 67 // 68 /* Also defined in psdk/winbase.h */ 69 #define SEM_FAILCRITICALERRORS 0x0001 70 #define SEM_NOGPFAULTERRORBOX 0x0002 71 #define SEM_NOALIGNMENTFAULTEXCEPT 0x0004 72 #define SEM_NOOPENFILEERRORBOX 0x8000 73 74 #define RTL_SEM_FAILCRITICALERRORS (SEM_FAILCRITICALERRORS << 4) 75 #define RTL_SEM_NOGPFAULTERRORBOX (SEM_NOGPFAULTERRORBOX << 4) 76 #define RTL_SEM_NOALIGNMENTFAULTEXCEPT (SEM_NOALIGNMENTFAULTEXCEPT << 4) 77 78 // 79 // Range and Range List Flags 80 // 81 #define RTL_RANGE_LIST_ADD_IF_CONFLICT 0x00000001 82 #define RTL_RANGE_LIST_ADD_SHARED 0x00000002 83 84 #define RTL_RANGE_SHARED 0x01 85 #define RTL_RANGE_CONFLICT 0x02 86 87 // 88 // Flags in RTL_ACTIVATION_CONTEXT_STACK_FRAME (from Checked NTDLL) 89 // 90 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_RELEASE_ON_DEACTIVATION 0x01 91 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NO_DEACTIVATE 0x02 92 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ON_FREE_LIST 0x04 93 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_HEAP_ALLOCATED 0x08 94 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_NOT_REALLY_ACTIVATED 0x10 95 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_ACTIVATED 0x20 96 #define RTL_ACTIVATION_CONTEXT_STACK_FRAME_FLAG_DEACTIVATED 0x40 97 98 // 99 // Activation Context Frame Flags (from Checked NTDLL) 100 // 101 #define RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_FORMAT_WHISTLER 0x01 102 103 // 104 // RtlActivateActivationContextEx Flags (from Checked NTDLL) 105 // 106 #define RTL_ACTIVATE_ACTIVATION_CONTEXT_EX_FLAG_RELEASE_ON_STACK_DEALLOCATION 0x01 107 108 // 109 // RtlDeactivateActivationContext Flags (based on Win32 flag and name of above) 110 // 111 #define RTL_DEACTIVATE_ACTIVATION_CONTEXT_FLAG_FORCE_EARLY_DEACTIVATION 0x01 112 113 // 114 // RtlQueryActivationContext Flags (based on Win32 flag and name of above) 115 // 116 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_USE_ACTIVE_ACTIVATION_CONTEXT 0x01 117 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_IS_HMODULE 0x02 118 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_IS_ADDRESS 0x04 119 #define RTL_QUERY_ACTIVATION_CONTEXT_FLAG_NO_ADDREF 0x80000000 120 121 // 122 // Public Heap Flags 123 // 124 #if !defined(NTOS_MODE_USER) && !defined(_NTIFS_) 125 #define HEAP_NO_SERIALIZE 0x00000001 126 #define HEAP_GROWABLE 0x00000002 127 #define HEAP_GENERATE_EXCEPTIONS 0x00000004 128 #define HEAP_ZERO_MEMORY 0x00000008 129 #define HEAP_REALLOC_IN_PLACE_ONLY 0x00000010 130 #define HEAP_TAIL_CHECKING_ENABLED 0x00000020 131 #define HEAP_FREE_CHECKING_ENABLED 0x00000040 132 #define HEAP_DISABLE_COALESCE_ON_FREE 0x00000080 133 #define HEAP_CREATE_ALIGN_16 0x00010000 134 #define HEAP_CREATE_ENABLE_TRACING 0x00020000 135 #define HEAP_CREATE_ENABLE_EXECUTE 0x00040000 136 #endif 137 138 // 139 // User-Defined Heap Flags and Classes 140 // 141 #define HEAP_SETTABLE_USER_VALUE 0x00000100 142 #define HEAP_SETTABLE_USER_FLAG1 0x00000200 143 #define HEAP_SETTABLE_USER_FLAG2 0x00000400 144 #define HEAP_SETTABLE_USER_FLAG3 0x00000800 145 #define HEAP_SETTABLE_USER_FLAGS 0x00000E00 146 #define HEAP_CLASS_0 0x00000000 147 #define HEAP_CLASS_1 0x00001000 148 #define HEAP_CLASS_2 0x00002000 149 #define HEAP_CLASS_3 0x00003000 150 #define HEAP_CLASS_4 0x00004000 151 #define HEAP_CLASS_5 0x00005000 152 #define HEAP_CLASS_6 0x00006000 153 #define HEAP_CLASS_7 0x00007000 154 #define HEAP_CLASS_8 0x00008000 155 #define HEAP_CLASS_MASK 0x0000F000 156 157 // 158 // Internal HEAP Structure Flags 159 // 160 #define HEAP_FLAG_PAGE_ALLOCS 0x01000000 161 #define HEAP_PROTECTION_ENABLED 0x02000000 162 #define HEAP_BREAK_WHEN_OUT_OF_VM 0x04000000 163 #define HEAP_NO_ALIGNMENT 0x08000000 164 #define HEAP_CAPTURE_STACK_BACKTRACES 0x08000000 165 #define HEAP_SKIP_VALIDATION_CHECKS 0x10000000 166 #define HEAP_VALIDATE_ALL_ENABLED 0x20000000 167 #define HEAP_VALIDATE_PARAMETERS_ENABLED 0x40000000 168 #define HEAP_LOCK_USER_ALLOCATED 0x80000000 169 170 // 171 // Heap Validation Flags 172 // 173 #define HEAP_CREATE_VALID_MASK \ 174 (HEAP_NO_SERIALIZE | \ 175 HEAP_GROWABLE | \ 176 HEAP_GENERATE_EXCEPTIONS | \ 177 HEAP_ZERO_MEMORY | \ 178 HEAP_REALLOC_IN_PLACE_ONLY | \ 179 HEAP_TAIL_CHECKING_ENABLED | \ 180 HEAP_FREE_CHECKING_ENABLED | \ 181 HEAP_DISABLE_COALESCE_ON_FREE | \ 182 HEAP_CLASS_MASK | \ 183 HEAP_CREATE_ALIGN_16 | \ 184 HEAP_CREATE_ENABLE_TRACING | \ 185 HEAP_CREATE_ENABLE_EXECUTE) 186 #ifdef C_ASSERT 187 C_ASSERT(HEAP_CREATE_VALID_MASK == 0x0007F0FF); 188 #endif 189 190 // 191 // Native image architecture 192 // 193 #if defined(_M_IX86) 194 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_I386 195 #elif defined(_M_ARM) 196 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_ARM 197 #elif defined(_M_AMD64) 198 #define IMAGE_FILE_MACHINE_NATIVE IMAGE_FILE_MACHINE_AMD64 199 #else 200 #error Define these please! 201 #endif 202 203 // 204 // Registry Keys 205 // 206 #define RTL_REGISTRY_ABSOLUTE 0 207 #define RTL_REGISTRY_SERVICES 1 208 #define RTL_REGISTRY_CONTROL 2 209 #define RTL_REGISTRY_WINDOWS_NT 3 210 #define RTL_REGISTRY_DEVICEMAP 4 211 #define RTL_REGISTRY_USER 5 212 #define RTL_REGISTRY_MAXIMUM 6 213 #define RTL_REGISTRY_HANDLE 0x40000000 214 #define RTL_REGISTRY_OPTIONAL 0x80000000 215 #define RTL_QUERY_REGISTRY_SUBKEY 0x00000001 216 #define RTL_QUERY_REGISTRY_TOPKEY 0x00000002 217 #define RTL_QUERY_REGISTRY_REQUIRED 0x00000004 218 #define RTL_QUERY_REGISTRY_NOVALUE 0x00000008 219 #define RTL_QUERY_REGISTRY_NOEXPAND 0x00000010 220 #define RTL_QUERY_REGISTRY_DIRECT 0x00000020 221 #define RTL_QUERY_REGISTRY_DELETE 0x00000040 222 223 // 224 // Versioning 225 // 226 #define VER_MINORVERSION 0x0000001 227 #define VER_MAJORVERSION 0x0000002 228 #define VER_BUILDNUMBER 0x0000004 229 #define VER_PLATFORMID 0x0000008 230 #define VER_SERVICEPACKMINOR 0x0000010 231 #define VER_SERVICEPACKMAJOR 0x0000020 232 #define VER_SUITENAME 0x0000040 233 #define VER_PRODUCT_TYPE 0x0000080 234 #define VER_PLATFORM_WIN32s 0 235 #define VER_PLATFORM_WIN32_WINDOWS 1 236 #define VER_PLATFORM_WIN32_NT 2 237 #define VER_EQUAL 1 238 #define VER_GREATER 2 239 #define VER_GREATER_EQUAL 3 240 #define VER_LESS 4 241 #define VER_LESS_EQUAL 5 242 #define VER_AND 6 243 #define VER_OR 7 244 #define VER_CONDITION_MASK 7 245 #define VER_NUM_BITS_PER_CONDITION_MASK 3 246 247 // 248 // Timezone IDs 249 // 250 #define TIME_ZONE_ID_UNKNOWN 0 251 #define TIME_ZONE_ID_STANDARD 1 252 #define TIME_ZONE_ID_DAYLIGHT 2 253 254 // 255 // Maximum Path Length 256 // 257 #define MAX_PATH 260 258 259 // 260 // RTL Lock Type (Critical Section or Resource) 261 // 262 #define RTL_CRITSECT_TYPE 0 263 #define RTL_RESOURCE_TYPE 1 264 265 // 266 // RtlAcquirePrivileges Flags 267 // 268 #define RTL_ACQUIRE_PRIVILEGE_IMPERSONATE 1 269 #define RTL_ACQUIRE_PRIVILEGE_PROCESS 2 270 271 #ifdef NTOS_MODE_USER 272 273 // 274 // String Hash Algorithms 275 // 276 #define HASH_STRING_ALGORITHM_DEFAULT 0 277 #define HASH_STRING_ALGORITHM_X65599 1 278 #define HASH_STRING_ALGORITHM_INVALID 0xffffffff 279 280 // 281 // RtlDuplicateString Flags 282 // 283 #define RTL_DUPLICATE_UNICODE_STRING_NULL_TERMINATE 1 284 #define RTL_DUPLICATE_UNICODE_STRING_ALLOCATE_NULL_STRING 2 285 286 // 287 // RtlFindCharInUnicodeString Flags 288 // 289 #define RTL_FIND_CHAR_IN_UNICODE_STRING_START_AT_END 1 290 #define RTL_FIND_CHAR_IN_UNICODE_STRING_COMPLEMENT_CHAR_SET 2 291 #define RTL_FIND_CHAR_IN_UNICODE_STRING_CASE_INSENSITIVE 4 292 293 // 294 // RtlImageNtHeaderEx Flags 295 // 296 #define RTL_IMAGE_NT_HEADER_EX_FLAG_NO_RANGE_CHECK 0x00000001 297 298 // 299 // RtlDosApplyFileIsolationRedirection_Ustr Flags 300 // 301 #define RTL_DOS_APPLY_FILE_REDIRECTION_USTR_FLAG_RESPECT_DOT_LOCAL 0x01 302 303 // 304 // Codepages 305 // 306 #define NLS_MB_CODE_PAGE_TAG NlsMbCodePageTag 307 #define NLS_MB_OEM_CODE_PAGE_TAG NlsMbOemCodePageTag 308 #define NLS_OEM_LEAD_BYTE_INFO NlsOemLeadByteInfo 309 310 // 311 // Activation Contexts 312 // 313 #define INVALID_ACTIVATION_CONTEXT ((PVOID)(LONG_PTR)-1) 314 315 // 316 // C++ CONST casting 317 // 318 #if defined(__cplusplus) 319 #define RTL_CONST_CAST(type) const_cast<type> 320 #else 321 #define RTL_CONST_CAST(type) (type) 322 #endif 323 324 // 325 // Constant String Macro 326 // 327 #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ 328 { \ 329 sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ 330 sizeof(__SOURCE_STRING__), \ 331 (__SOURCE_STRING__) \ 332 } 333 334 // 335 // Constant Object Attributes Macro 336 // 337 #define RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) \ 338 { \ 339 sizeof(OBJECT_ATTRIBUTES), \ 340 NULL, \ 341 RTL_CONST_CAST(PUNICODE_STRING)(n), \ 342 a, \ 343 NULL, \ 344 NULL \ 345 } 346 347 #define RTL_INIT_OBJECT_ATTRIBUTES(n, a) \ 348 RTL_CONSTANT_OBJECT_ATTRIBUTES(n, a) 349 350 #else /* NTOS_MODE_USER */ 351 // 352 // Message Resource Flag 353 // 354 #define MESSAGE_RESOURCE_UNICODE 0x0001 355 356 #endif /* !NTOS_MODE_USER */ 357 #define MAXIMUM_LEADBYTES 12 358 359 // 360 // RTL Debug Queries 361 // 362 #define RTL_DEBUG_QUERY_MODULES 0x01 363 #define RTL_DEBUG_QUERY_BACKTRACES 0x02 364 #define RTL_DEBUG_QUERY_HEAPS 0x04 365 #define RTL_DEBUG_QUERY_HEAP_TAGS 0x08 366 #define RTL_DEBUG_QUERY_HEAP_BLOCKS 0x10 367 #define RTL_DEBUG_QUERY_LOCKS 0x20 368 369 // 370 // RTL Handle Flags 371 // 372 #define RTL_HANDLE_VALID 0x1 373 374 // 375 // RTL Atom Flags 376 // 377 #define RTL_ATOM_IS_PINNED 0x1 378 379 // 380 // Critical section lock bits 381 // 382 #define CS_LOCK_BIT 0x1 383 #define CS_LOCK_BIT_V 0x0 384 #define CS_LOCK_WAITER_WOKEN 0x2 385 #define CS_LOCK_WAITER_INC 0x4 386 387 // 388 // Codepage Tags 389 // 390 #ifdef NTOS_MODE_USER 391 extern BOOLEAN NTSYSAPI NLS_MB_CODE_PAGE_TAG; 392 extern BOOLEAN NTSYSAPI NLS_MB_OEM_CODE_PAGE_TAG; 393 394 // 395 // Constant String Macro 396 // 397 #define RTL_CONSTANT_STRING(__SOURCE_STRING__) \ 398 { \ 399 sizeof(__SOURCE_STRING__) - sizeof((__SOURCE_STRING__)[0]), \ 400 sizeof(__SOURCE_STRING__), \ 401 (__SOURCE_STRING__) \ 402 } 403 404 #endif /* NTOS_MODE_USER */ 405 406 // 407 // Constant Large Integer Macro 408 // 409 #ifdef NONAMELESSUNION 410 C_ASSERT(FIELD_OFFSET(LARGE_INTEGER, u.LowPart) == 0); 411 #else 412 C_ASSERT(FIELD_OFFSET(LARGE_INTEGER, LowPart) == 0); 413 #endif 414 #define RTL_CONSTANT_LARGE_INTEGER(quad_part) { { (quad_part), (quad_part)>>32 } } 415 #define RTL_MAKE_LARGE_INTEGER(low_part, high_part) { { (low_part), (high_part) } } 416 417 // 418 // Boot Status Data Field Types 419 // 420 typedef enum _RTL_BSD_ITEM_TYPE 421 { 422 RtlBsdItemVersionNumber, 423 RtlBsdItemProductType, 424 RtlBsdItemAabEnabled, 425 RtlBsdItemAabTimeout, 426 RtlBsdItemBootGood, 427 RtlBsdItemBootShutdown, 428 RtlBsdSleepInProgress, 429 RtlBsdPowerTransition, 430 RtlBsdItemBootAttemptCount, 431 RtlBsdItemBootCheckpoint, 432 RtlBsdItemBootId, 433 RtlBsdItemShutdownBootId, 434 RtlBsdItemReportedAbnormalShutdownBootId, 435 RtlBsdItemErrorInfo, 436 RtlBsdItemPowerButtonPressInfo, 437 RtlBsdItemChecksum, 438 RtlBsdItemMax 439 } RTL_BSD_ITEM_TYPE, *PRTL_BSD_ITEM_TYPE; 440 441 #ifdef NTOS_MODE_USER 442 // 443 // Table and Compare result types 444 // 445 typedef enum _TABLE_SEARCH_RESULT 446 { 447 TableEmptyTree, 448 TableFoundNode, 449 TableInsertAsLeft, 450 TableInsertAsRight 451 } TABLE_SEARCH_RESULT; 452 453 typedef enum _RTL_GENERIC_COMPARE_RESULTS 454 { 455 GenericLessThan, 456 GenericGreaterThan, 457 GenericEqual 458 } RTL_GENERIC_COMPARE_RESULTS; 459 460 #endif /* NTOS_MODE_USER */ 461 462 // 463 // RTL Path Types 464 // 465 typedef enum _RTL_PATH_TYPE 466 { 467 RtlPathTypeUnknown, 468 RtlPathTypeUncAbsolute, 469 RtlPathTypeDriveAbsolute, 470 RtlPathTypeDriveRelative, 471 RtlPathTypeRooted, 472 RtlPathTypeRelative, 473 RtlPathTypeLocalDevice, 474 RtlPathTypeRootLocalDevice, 475 } RTL_PATH_TYPE; 476 477 #ifndef NTOS_MODE_USER 478 479 // 480 // Heap Information Class 481 // 482 typedef enum _HEAP_INFORMATION_CLASS 483 { 484 HeapCompatibilityInformation, 485 HeapEnableTerminationOnCorruption 486 } HEAP_INFORMATION_CLASS; 487 488 // 489 // Callback function for RTL Timers or Registered Waits 490 // 491 typedef VOID 492 (NTAPI *WAITORTIMERCALLBACKFUNC)( 493 PVOID pvContext, 494 BOOLEAN fTimerOrWaitFired 495 ); 496 497 // 498 // Handler during Vectored RTL Exceptions 499 // 500 typedef LONG 501 (NTAPI *PVECTORED_EXCEPTION_HANDLER)( 502 PEXCEPTION_POINTERS ExceptionPointers 503 ); 504 505 // 506 // Worker Thread Callback for Rtl 507 // 508 typedef VOID 509 (NTAPI *WORKERCALLBACKFUNC)( 510 _In_ PVOID Context 511 ); 512 513 #else /* !NTOS_MODE_USER */ 514 515 // 516 // RTL Library Allocation/Free Routines 517 // 518 typedef PVOID 519 (NTAPI *PRTL_ALLOCATE_STRING_ROUTINE)( 520 SIZE_T NumberOfBytes 521 ); 522 523 typedef PVOID 524 (NTAPI *PRTL_REALLOCATE_STRING_ROUTINE)( 525 SIZE_T NumberOfBytes, 526 PVOID Buffer 527 ); 528 529 typedef 530 VOID 531 (NTAPI *PRTL_FREE_STRING_ROUTINE)( 532 PVOID Buffer 533 ); 534 535 extern const PRTL_ALLOCATE_STRING_ROUTINE RtlAllocateStringRoutine; 536 extern const PRTL_FREE_STRING_ROUTINE RtlFreeStringRoutine; 537 extern const PRTL_REALLOCATE_STRING_ROUTINE RtlReallocateStringRoutine; 538 539 #endif /* NTOS_MODE_USER */ 540 541 // 542 // Unhandled Exception Filter 543 // 544 typedef ULONG 545 (NTAPI *RTLP_UNHANDLED_EXCEPTION_FILTER)( 546 _In_ struct _EXCEPTION_POINTERS *ExceptionInfo 547 ); 548 typedef RTLP_UNHANDLED_EXCEPTION_FILTER *PRTLP_UNHANDLED_EXCEPTION_FILTER; 549 550 // 551 // Callback for RTL Heap Enumeration 552 // 553 typedef NTSTATUS 554 (NTAPI *PHEAP_ENUMERATION_ROUTINE)( 555 _In_ PVOID HeapHandle, 556 _In_ PVOID UserParam 557 ); 558 559 // 560 // Thread and Process Start Routines for RtlCreateUserThread/Process 561 // 562 typedef ULONG (NTAPI *PTHREAD_START_ROUTINE)( 563 PVOID Parameter 564 ); 565 566 typedef VOID 567 (NTAPI *PRTL_BASE_PROCESS_START_ROUTINE)( 568 PTHREAD_START_ROUTINE StartAddress, 569 PVOID Parameter 570 ); 571 572 // 573 // Worker Start/Exit Function 574 // 575 typedef NTSTATUS 576 (NTAPI *PRTL_START_POOL_THREAD)( 577 _In_ PTHREAD_START_ROUTINE Function, 578 _In_ PVOID Parameter, 579 _Out_ PHANDLE ThreadHandle 580 ); 581 582 typedef NTSTATUS 583 (NTAPI *PRTL_EXIT_POOL_THREAD)( 584 _In_ NTSTATUS ExitStatus 585 ); 586 587 // 588 // Declare empty structure definitions so that they may be referenced by 589 // routines before they are defined 590 // 591 struct _RTL_AVL_TABLE; 592 struct _RTL_GENERIC_TABLE; 593 struct _RTL_RANGE; 594 595 // 596 // Routines and callbacks for the RTL AVL/Generic Table package 597 // 598 #ifdef NTOS_MODE_USER 599 typedef NTSTATUS 600 (NTAPI RTL_AVL_MATCH_FUNCTION)( 601 struct _RTL_AVL_TABLE *Table, 602 PVOID UserData, 603 PVOID MatchData 604 ); 605 typedef RTL_AVL_MATCH_FUNCTION *PRTL_AVL_MATCH_FUNCTION; 606 607 typedef RTL_GENERIC_COMPARE_RESULTS 608 (NTAPI RTL_AVL_COMPARE_ROUTINE) ( 609 struct _RTL_AVL_TABLE *Table, 610 PVOID FirstStruct, 611 PVOID SecondStruct 612 ); 613 typedef RTL_AVL_COMPARE_ROUTINE *PRTL_AVL_COMPARE_ROUTINE; 614 615 typedef RTL_GENERIC_COMPARE_RESULTS 616 (NTAPI RTL_GENERIC_COMPARE_ROUTINE) ( 617 struct _RTL_GENERIC_TABLE *Table, 618 PVOID FirstStruct, 619 PVOID SecondStruct 620 ); 621 typedef RTL_GENERIC_COMPARE_ROUTINE *PRTL_GENERIC_COMPARE_ROUTINE; 622 623 typedef PVOID 624 (NTAPI RTL_GENERIC_ALLOCATE_ROUTINE) ( 625 struct _RTL_GENERIC_TABLE *Table, 626 CLONG ByteSize 627 ); 628 typedef RTL_GENERIC_ALLOCATE_ROUTINE *PRTL_GENERIC_ALLOCATE_ROUTINE; 629 630 typedef PVOID 631 (NTAPI RTL_AVL_ALLOCATE_ROUTINE) ( 632 struct _RTL_AVL_TABLE *Table, 633 CLONG ByteSize 634 ); 635 typedef RTL_AVL_ALLOCATE_ROUTINE *PRTL_AVL_ALLOCATE_ROUTINE; 636 637 typedef VOID 638 (NTAPI RTL_GENERIC_FREE_ROUTINE) ( 639 struct _RTL_GENERIC_TABLE *Table, 640 PVOID Buffer 641 ); 642 typedef RTL_GENERIC_FREE_ROUTINE *PRTL_GENERIC_FREE_ROUTINE; 643 644 typedef VOID 645 (NTAPI RTL_AVL_FREE_ROUTINE) ( 646 struct _RTL_AVL_TABLE *Table, 647 PVOID Buffer 648 ); 649 typedef RTL_AVL_FREE_ROUTINE *PRTL_AVL_FREE_ROUTINE; 650 651 #ifdef RTL_USE_AVL_TABLES 652 #undef RTL_GENERIC_COMPARE_ROUTINE 653 #undef PRTL_GENERIC_COMPARE_ROUTINE 654 #undef RTL_GENERIC_ALLOCATE_ROUTINE 655 #undef PRTL_GENERIC_ALLOCATE_ROUTINE 656 #undef RTL_GENERIC_FREE_ROUTINE 657 #undef PRTL_GENERIC_FREE_ROUTINE 658 659 #define RTL_GENERIC_COMPARE_ROUTINE RTL_AVL_COMPARE_ROUTINE 660 #define PRTL_GENERIC_COMPARE_ROUTINE PRTL_AVL_COMPARE_ROUTINE 661 #define RTL_GENERIC_ALLOCATE_ROUTINE RTL_AVL_ALLOCATE_ROUTINE 662 #define PRTL_GENERIC_ALLOCATE_ROUTINE PRTL_AVL_ALLOCATE_ROUTINE 663 #define RTL_GENERIC_FREE_ROUTINE RTL_AVL_FREE_ROUTINE 664 #define PRTL_GENERIC_FREE_ROUTINE PRTL_AVL_FREE_ROUTINE 665 #endif /* RTL_USE_AVL_TABLES */ 666 667 #endif /* NTOS_MODE_USER */ 668 669 // 670 // RTL Query Registry callback 671 // 672 #ifdef NTOS_MODE_USER 673 typedef NTSTATUS 674 (NTAPI *PRTL_QUERY_REGISTRY_ROUTINE)( 675 _In_ PWSTR ValueName, 676 _In_ ULONG ValueType, 677 _In_ PVOID ValueData, 678 _In_ ULONG ValueLength, 679 _In_ PVOID Context, 680 _In_ PVOID EntryContext 681 ); 682 #endif 683 684 // 685 // RTL Secure Memory callbacks 686 // 687 #ifdef NTOS_MODE_USER 688 typedef NTSTATUS 689 (NTAPI *PRTL_SECURE_MEMORY_CACHE_CALLBACK)( 690 _In_ PVOID Address, 691 _In_ SIZE_T Length 692 ); 693 #endif 694 695 // 696 // RTL Range List callbacks 697 // 698 #ifdef NTOS_MODE_USER 699 typedef BOOLEAN 700 (NTAPI *PRTL_CONFLICT_RANGE_CALLBACK)( 701 PVOID Context, 702 struct _RTL_RANGE *Range 703 ); 704 705 // 706 // Custom Heap Commit Routine for RtlCreateHeap 707 // 708 typedef NTSTATUS 709 (NTAPI * PRTL_HEAP_COMMIT_ROUTINE)( 710 _In_ PVOID Base, 711 _Inout_ PVOID *CommitAddress, 712 _Inout_ PSIZE_T CommitSize 713 ); 714 715 // 716 // Parameters for RtlCreateHeap 717 // 718 typedef struct _RTL_HEAP_PARAMETERS 719 { 720 ULONG Length; 721 SIZE_T SegmentReserve; 722 SIZE_T SegmentCommit; 723 SIZE_T DeCommitFreeBlockThreshold; 724 SIZE_T DeCommitTotalFreeThreshold; 725 SIZE_T MaximumAllocationSize; 726 SIZE_T VirtualMemoryThreshold; 727 SIZE_T InitialCommit; 728 SIZE_T InitialReserve; 729 PRTL_HEAP_COMMIT_ROUTINE CommitRoutine; 730 SIZE_T Reserved[2]; 731 } RTL_HEAP_PARAMETERS, *PRTL_HEAP_PARAMETERS; 732 733 // 734 // RTL Bitmap structures 735 // 736 typedef struct _RTL_BITMAP 737 { 738 ULONG SizeOfBitMap; 739 PULONG Buffer; 740 } RTL_BITMAP, *PRTL_BITMAP; 741 742 typedef struct _RTL_BITMAP_RUN 743 { 744 ULONG StartingIndex; 745 ULONG NumberOfBits; 746 } RTL_BITMAP_RUN, *PRTL_BITMAP_RUN; 747 748 // 749 // RtlGenerateXxxName context 750 // 751 typedef struct _GENERATE_NAME_CONTEXT 752 { 753 USHORT Checksum; 754 BOOLEAN CheckSumInserted; 755 UCHAR NameLength; 756 WCHAR NameBuffer[8]; 757 ULONG ExtensionLength; 758 WCHAR ExtensionBuffer[4]; 759 ULONG LastIndexValue; 760 } GENERATE_NAME_CONTEXT, *PGENERATE_NAME_CONTEXT; 761 762 // 763 // RTL Splay and Balanced Links structures 764 // 765 typedef struct _RTL_SPLAY_LINKS 766 { 767 struct _RTL_SPLAY_LINKS *Parent; 768 struct _RTL_SPLAY_LINKS *LeftChild; 769 struct _RTL_SPLAY_LINKS *RightChild; 770 } RTL_SPLAY_LINKS, *PRTL_SPLAY_LINKS; 771 772 typedef struct _RTL_BALANCED_LINKS 773 { 774 struct _RTL_BALANCED_LINKS *Parent; 775 struct _RTL_BALANCED_LINKS *LeftChild; 776 struct _RTL_BALANCED_LINKS *RightChild; 777 CHAR Balance; 778 UCHAR Reserved[3]; 779 } RTL_BALANCED_LINKS, *PRTL_BALANCED_LINKS; 780 781 // 782 // RTL Avl/Generic Tables 783 // 784 #ifndef RTL_USE_AVL_TABLES 785 typedef struct _RTL_GENERIC_TABLE 786 { 787 PRTL_SPLAY_LINKS TableRoot; 788 LIST_ENTRY InsertOrderList; 789 PLIST_ENTRY OrderedPointer; 790 ULONG WhichOrderedElement; 791 ULONG NumberGenericTableElements; 792 PRTL_GENERIC_COMPARE_ROUTINE CompareRoutine; 793 PRTL_GENERIC_ALLOCATE_ROUTINE AllocateRoutine; 794 PRTL_GENERIC_FREE_ROUTINE FreeRoutine; 795 PVOID TableContext; 796 } RTL_GENERIC_TABLE, *PRTL_GENERIC_TABLE; 797 #endif /* !RTL_USE_AVL_TABLES */ 798 799 typedef struct _RTL_AVL_TABLE 800 { 801 RTL_BALANCED_LINKS BalancedRoot; 802 PVOID OrderedPointer; 803 ULONG WhichOrderedElement; 804 ULONG NumberGenericTableElements; 805 ULONG DepthOfTree; 806 PRTL_BALANCED_LINKS RestartKey; 807 ULONG DeleteCount; 808 PRTL_AVL_COMPARE_ROUTINE CompareRoutine; 809 PRTL_AVL_ALLOCATE_ROUTINE AllocateRoutine; 810 PRTL_AVL_FREE_ROUTINE FreeRoutine; 811 PVOID TableContext; 812 } RTL_AVL_TABLE, *PRTL_AVL_TABLE; 813 814 #ifdef RTL_USE_AVL_TABLES 815 #undef RTL_GENERIC_TABLE 816 #undef PRTL_GENERIC_TABLE 817 818 #define RTL_GENERIC_TABLE RTL_AVL_TABLE 819 #define PRTL_GENERIC_TABLE PRTL_AVL_TABLE 820 #endif /* RTL_USE_AVL_TABLES */ 821 822 // 823 // RTL Compression Buffer 824 // 825 typedef struct _COMPRESSED_DATA_INFO { 826 USHORT CompressionFormatAndEngine; 827 UCHAR CompressionUnitShift; 828 UCHAR ChunkShift; 829 UCHAR ClusterShift; 830 UCHAR Reserved; 831 USHORT NumberOfChunks; 832 ULONG CompressedChunkSizes[ANYSIZE_ARRAY]; 833 } COMPRESSED_DATA_INFO, *PCOMPRESSED_DATA_INFO; 834 835 // 836 // RtlQueryRegistry Data 837 // 838 typedef struct _RTL_QUERY_REGISTRY_TABLE 839 { 840 PRTL_QUERY_REGISTRY_ROUTINE QueryRoutine; 841 ULONG Flags; 842 PCWSTR Name; 843 PVOID EntryContext; 844 ULONG DefaultType; 845 PVOID DefaultData; 846 ULONG DefaultLength; 847 } RTL_QUERY_REGISTRY_TABLE, *PRTL_QUERY_REGISTRY_TABLE; 848 849 // 850 // RTL Unicode Table Structures 851 // 852 typedef struct _UNICODE_PREFIX_TABLE_ENTRY 853 { 854 CSHORT NodeTypeCode; 855 CSHORT NameLength; 856 struct _UNICODE_PREFIX_TABLE_ENTRY *NextPrefixTree; 857 struct _UNICODE_PREFIX_TABLE_ENTRY *CaseMatch; 858 RTL_SPLAY_LINKS Links; 859 PUNICODE_STRING Prefix; 860 } UNICODE_PREFIX_TABLE_ENTRY, *PUNICODE_PREFIX_TABLE_ENTRY; 861 862 typedef struct _UNICODE_PREFIX_TABLE 863 { 864 CSHORT NodeTypeCode; 865 CSHORT NameLength; 866 PUNICODE_PREFIX_TABLE_ENTRY NextPrefixTree; 867 PUNICODE_PREFIX_TABLE_ENTRY LastNextEntry; 868 } UNICODE_PREFIX_TABLE, *PUNICODE_PREFIX_TABLE; 869 870 // 871 // Pfx* routines' table structures 872 // 873 typedef struct _PREFIX_TABLE_ENTRY 874 { 875 CSHORT NodeTypeCode; 876 CSHORT NameLength; 877 struct _PREFIX_TABLE_ENTRY *NextPrefixTree; 878 RTL_SPLAY_LINKS Links; 879 PSTRING Prefix; 880 } PREFIX_TABLE_ENTRY, *PPREFIX_TABLE_ENTRY; 881 882 typedef struct _PREFIX_TABLE 883 { 884 CSHORT NodeTypeCode; 885 CSHORT NameLength; 886 PPREFIX_TABLE_ENTRY NextPrefixTree; 887 } PREFIX_TABLE, *PPREFIX_TABLE; 888 889 // 890 // Time Structure for RTL Time calls 891 // 892 typedef struct _TIME_FIELDS 893 { 894 CSHORT Year; 895 CSHORT Month; 896 CSHORT Day; 897 CSHORT Hour; 898 CSHORT Minute; 899 CSHORT Second; 900 CSHORT Milliseconds; 901 CSHORT Weekday; 902 } TIME_FIELDS, *PTIME_FIELDS; 903 904 // 905 // Activation Context Frame 906 // 907 typedef struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME 908 { 909 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *Previous; 910 PACTIVATION_CONTEXT ActivationContext; 911 ULONG Flags; 912 } RTL_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_ACTIVATION_CONTEXT_STACK_FRAME; 913 914 typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC 915 { 916 SIZE_T Size; 917 ULONG Format; 918 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 919 } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_BASIC; 920 921 typedef struct _RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED 922 { 923 SIZE_T Size; 924 ULONG Format; 925 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 926 PVOID Extra1; 927 PVOID Extra2; 928 PVOID Extra3; 929 PVOID Extra4; 930 } RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED, *PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED; 931 932 typedef RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED RTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 933 typedef PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME_EXTENDED PRTL_CALLER_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 934 935 typedef struct _RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME 936 { 937 RTL_ACTIVATION_CONTEXT_STACK_FRAME Frame; 938 ULONG_PTR Cookie; 939 PVOID ActivationStackBackTrace[8]; 940 } RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME, *PRTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME; 941 942 typedef struct _ACTIVATION_CONTEXT_DATA 943 { 944 ULONG Magic; 945 ULONG HeaderSize; 946 ULONG FormatVersion; 947 ULONG TotalSize; 948 ULONG DefaultTocOffset; 949 ULONG ExtendedTocOffset; 950 ULONG AssemblyRosterOffset; 951 ULONG Flags; 952 } ACTIVATION_CONTEXT_DATA, *PACTIVATION_CONTEXT_DATA; 953 954 typedef struct _ACTIVATION_CONTEXT_STACK_FRAMELIST 955 { 956 ULONG Magic; 957 ULONG FramesInUse; 958 LIST_ENTRY Links; 959 ULONG Flags; 960 ULONG NotFramesInUse; 961 RTL_HEAP_ALLOCATED_ACTIVATION_CONTEXT_STACK_FRAME Frames[32]; 962 } ACTIVATION_CONTEXT_STACK_FRAMELIST, *PACTIVATION_CONTEXT_STACK_FRAMELIST; 963 964 #endif /* NTOS_MODE_USER */ 965 966 #if (NTDDI_VERSION >= NTDDI_WS03SP1) 967 typedef struct _ACTIVATION_CONTEXT_STACK 968 { 969 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame; 970 LIST_ENTRY FrameListCache; 971 ULONG Flags; 972 ULONG NextCookieSequenceNumber; 973 ULONG StackId; 974 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 975 #else 976 typedef struct _ACTIVATION_CONTEXT_STACK 977 { 978 ULONG Flags; 979 ULONG NextCookieSequenceNumber; 980 struct _RTL_ACTIVATION_CONTEXT_STACK_FRAME *ActiveFrame; 981 LIST_ENTRY FrameListCache; 982 } ACTIVATION_CONTEXT_STACK, *PACTIVATION_CONTEXT_STACK; 983 #endif 984 985 // 986 // ACE Structure 987 // 988 typedef struct _ACE 989 { 990 ACE_HEADER Header; 991 ACCESS_MASK AccessMask; 992 } ACE, *PACE; 993 994 // 995 // Information Structures for RTL Debug Functions 996 // 997 typedef struct _RTL_PROCESS_MODULE_INFORMATION 998 { 999 ULONG Section; 1000 PVOID MappedBase; 1001 PVOID ImageBase; 1002 ULONG ImageSize; 1003 ULONG Flags; 1004 USHORT LoadOrderIndex; 1005 USHORT InitOrderIndex; 1006 USHORT LoadCount; 1007 USHORT OffsetToFileName; 1008 CHAR FullPathName[256]; 1009 } RTL_PROCESS_MODULE_INFORMATION, *PRTL_PROCESS_MODULE_INFORMATION; 1010 1011 typedef struct _RTL_PROCESS_MODULES 1012 { 1013 ULONG NumberOfModules; 1014 RTL_PROCESS_MODULE_INFORMATION Modules[1]; 1015 } RTL_PROCESS_MODULES, *PRTL_PROCESS_MODULES; 1016 1017 typedef struct _RTL_PROCESS_MODULE_INFORMATION_EX 1018 { 1019 ULONG NextOffset; 1020 RTL_PROCESS_MODULE_INFORMATION BaseInfo; 1021 ULONG ImageCheckSum; 1022 ULONG TimeDateStamp; 1023 PVOID DefaultBase; 1024 } RTL_PROCESS_MODULE_INFORMATION_EX, *PRTL_PROCESS_MODULE_INFORMATION_EX; 1025 1026 typedef struct _RTL_HEAP_TAG_INFO 1027 { 1028 ULONG NumberOfAllocations; 1029 ULONG NumberOfFrees; 1030 SIZE_T BytesAllocated; 1031 } RTL_HEAP_TAG_INFO, *PRTL_HEAP_TAG_INFO; 1032 1033 typedef struct _RTL_HEAP_USAGE_ENTRY 1034 { 1035 struct _RTL_HEAP_USAGE_ENTRY *Next; 1036 PVOID Address; 1037 SIZE_T Size; 1038 USHORT AllocatorBackTraceIndex; 1039 USHORT TagIndex; 1040 } RTL_HEAP_USAGE_ENTRY, *PRTL_HEAP_USAGE_ENTRY; 1041 1042 typedef struct _RTL_HEAP_USAGE 1043 { 1044 ULONG Length; 1045 SIZE_T BytesAllocated; 1046 SIZE_T BytesCommitted; 1047 SIZE_T BytesReserved; 1048 SIZE_T BytesReservedMaximum; 1049 PRTL_HEAP_USAGE_ENTRY Entries; 1050 PRTL_HEAP_USAGE_ENTRY AddedEntries; 1051 PRTL_HEAP_USAGE_ENTRY RemovedEntries; 1052 ULONG_PTR Reserved[8]; 1053 } RTL_HEAP_USAGE, *PRTL_HEAP_USAGE; 1054 1055 typedef struct _RTL_HEAP_WALK_ENTRY 1056 { 1057 PVOID DataAddress; 1058 SIZE_T DataSize; 1059 UCHAR OverheadBytes; 1060 UCHAR SegmentIndex; 1061 USHORT Flags; 1062 union 1063 { 1064 struct 1065 { 1066 SIZE_T Settable; 1067 USHORT TagIndex; 1068 USHORT AllocatorBackTraceIndex; 1069 ULONG Reserved[2]; 1070 } Block; 1071 struct 1072 { 1073 ULONG_PTR CommittedSize; 1074 ULONG_PTR UnCommittedSize; 1075 PVOID FirstEntry; 1076 PVOID LastEntry; 1077 } Segment; 1078 }; 1079 } RTL_HEAP_WALK_ENTRY, *PRTL_HEAP_WALK_ENTRY; 1080 1081 typedef struct _RTL_HEAP_ENTRY 1082 { 1083 SIZE_T Size; 1084 USHORT Flags; 1085 USHORT AllocatorBackTraceIndex; 1086 union 1087 { 1088 struct 1089 { 1090 SIZE_T Settable; 1091 ULONG Tag; 1092 } s1; 1093 struct 1094 { 1095 SIZE_T CommittedSize; 1096 PVOID FirstBlock; 1097 } s2; 1098 } u; 1099 } RTL_HEAP_ENTRY, *PRTL_HEAP_ENTRY; 1100 1101 typedef struct _RTL_HEAP_TAG 1102 { 1103 ULONG NumberOfAllocations; 1104 ULONG NumberOfFrees; 1105 SIZE_T BytesAllocated; 1106 USHORT TagIndex; 1107 USHORT CreatorBackTraceIndex; 1108 WCHAR TagName[24]; 1109 } RTL_HEAP_TAG, *PRTL_HEAP_TAG; 1110 1111 typedef struct _RTL_HEAP_INFORMATION 1112 { 1113 PVOID BaseAddress; 1114 ULONG Flags; 1115 USHORT EntryOverhead; 1116 USHORT CreatorBackTraceIndex; 1117 SIZE_T BytesAllocated; 1118 SIZE_T BytesCommitted; 1119 ULONG NumberOfTags; 1120 ULONG NumberOfEntries; 1121 ULONG NumberOfPseudoTags; 1122 ULONG PseudoTagGranularity; 1123 ULONG Reserved[5]; 1124 PRTL_HEAP_TAG Tags; 1125 PRTL_HEAP_ENTRY Entries; 1126 } RTL_HEAP_INFORMATION, *PRTL_HEAP_INFORMATION; 1127 1128 typedef struct _RTL_PROCESS_HEAPS 1129 { 1130 ULONG NumberOfHeaps; 1131 RTL_HEAP_INFORMATION Heaps[1]; 1132 } RTL_PROCESS_HEAPS, *PRTL_PROCESS_HEAPS; 1133 1134 typedef struct _RTL_PROCESS_LOCK_INFORMATION 1135 { 1136 PVOID Address; 1137 USHORT Type; 1138 USHORT CreatorBackTraceIndex; 1139 ULONG OwnerThreadId; 1140 ULONG ActiveCount; 1141 ULONG ContentionCount; 1142 ULONG EntryCount; 1143 ULONG RecursionCount; 1144 ULONG NumberOfSharedWaiters; 1145 ULONG NumberOfExclusiveWaiters; 1146 } RTL_PROCESS_LOCK_INFORMATION, *PRTL_PROCESS_LOCK_INFORMATION; 1147 1148 typedef struct _RTL_PROCESS_LOCKS 1149 { 1150 ULONG NumberOfLocks; 1151 RTL_PROCESS_LOCK_INFORMATION Locks[1]; 1152 } RTL_PROCESS_LOCKS, *PRTL_PROCESS_LOCKS; 1153 1154 typedef struct _RTL_PROCESS_BACKTRACE_INFORMATION 1155 { 1156 PVOID SymbolicBackTrace; 1157 ULONG TraceCount; 1158 USHORT Index; 1159 USHORT Depth; 1160 PVOID BackTrace[16]; 1161 } RTL_PROCESS_BACKTRACE_INFORMATION, *PRTL_PROCESS_BACKTRACE_INFORMATION; 1162 1163 typedef struct _RTL_PROCESS_BACKTRACES 1164 { 1165 ULONG CommittedMemory; 1166 ULONG ReservedMemory; 1167 ULONG NumberOfBackTraceLookups; 1168 ULONG NumberOfBackTraces; 1169 RTL_PROCESS_BACKTRACE_INFORMATION BackTraces[1]; 1170 } RTL_PROCESS_BACKTRACES, *PRTL_PROCESS_BACKTRACES; 1171 1172 typedef struct _RTL_PROCESS_VERIFIER_OPTIONS 1173 { 1174 ULONG SizeStruct; 1175 ULONG Option; 1176 UCHAR OptionData[1]; 1177 // 1178 // Option array continues below 1179 // 1180 } RTL_PROCESS_VERIFIER_OPTIONS, *PRTL_PROCESS_VERIFIER_OPTIONS; 1181 1182 typedef struct _RTL_DEBUG_INFORMATION 1183 { 1184 HANDLE SectionHandleClient; 1185 PVOID ViewBaseClient; 1186 PVOID ViewBaseTarget; 1187 ULONG ViewBaseDelta; 1188 HANDLE EventPairClient; 1189 PVOID EventPairTarget; 1190 HANDLE TargetProcessId; 1191 HANDLE TargetThreadHandle; 1192 ULONG Flags; 1193 ULONG OffsetFree; 1194 ULONG CommitSize; 1195 ULONG ViewSize; 1196 union 1197 { 1198 PRTL_PROCESS_MODULES Modules; 1199 PRTL_PROCESS_MODULE_INFORMATION_EX ModulesEx; 1200 }; 1201 PRTL_PROCESS_BACKTRACES BackTraces; 1202 PRTL_PROCESS_HEAPS Heaps; 1203 PRTL_PROCESS_LOCKS Locks; 1204 HANDLE SpecificHeap; 1205 HANDLE TargetProcessHandle; 1206 RTL_PROCESS_VERIFIER_OPTIONS VerifierOptions; 1207 HANDLE ProcessHeap; 1208 HANDLE CriticalSectionHandle; 1209 HANDLE CriticalSectionOwnerThread; 1210 PVOID Reserved[4]; 1211 } RTL_DEBUG_INFORMATION, *PRTL_DEBUG_INFORMATION; 1212 1213 // 1214 // Fiber local storage data 1215 // 1216 #define RTL_FLS_MAXIMUM_AVAILABLE 128 1217 typedef struct _RTL_FLS_DATA 1218 { 1219 LIST_ENTRY ListEntry; 1220 PVOID Data[RTL_FLS_MAXIMUM_AVAILABLE]; 1221 } RTL_FLS_DATA, *PRTL_FLS_DATA; 1222 1223 1224 // 1225 // Unload Event Trace Structure for RtlGetUnloadEventTrace 1226 // 1227 typedef struct _RTL_UNLOAD_EVENT_TRACE 1228 { 1229 PVOID BaseAddress; 1230 ULONG SizeOfImage; 1231 ULONG Sequence; 1232 ULONG TimeDateStamp; 1233 ULONG CheckSum; 1234 WCHAR ImageName[32]; 1235 } RTL_UNLOAD_EVENT_TRACE, *PRTL_UNLOAD_EVENT_TRACE; 1236 1237 // 1238 // RTL Handle Structures 1239 // 1240 typedef struct _RTL_HANDLE_TABLE_ENTRY 1241 { 1242 union 1243 { 1244 ULONG Flags; 1245 struct _RTL_HANDLE_TABLE_ENTRY *NextFree; 1246 }; 1247 } RTL_HANDLE_TABLE_ENTRY, *PRTL_HANDLE_TABLE_ENTRY; 1248 1249 typedef struct _RTL_HANDLE_TABLE 1250 { 1251 ULONG MaximumNumberOfHandles; 1252 ULONG SizeOfHandleTableEntry; 1253 ULONG Reserved[2]; 1254 PRTL_HANDLE_TABLE_ENTRY FreeHandles; 1255 PRTL_HANDLE_TABLE_ENTRY CommittedHandles; 1256 PRTL_HANDLE_TABLE_ENTRY UnCommittedHandles; 1257 PRTL_HANDLE_TABLE_ENTRY MaxReservedHandles; 1258 } RTL_HANDLE_TABLE, *PRTL_HANDLE_TABLE; 1259 1260 // 1261 // RTL Boot Status Data Item 1262 // 1263 typedef struct _RTL_BSD_ITEM 1264 { 1265 RTL_BSD_ITEM_TYPE Type; 1266 PVOID DataBuffer; 1267 ULONG DataLength; 1268 } RTL_BSD_ITEM, *PRTL_BSD_ITEM; 1269 1270 // 1271 // Data Sub-Structures for "bootstat.dat" RTL Data File 1272 // 1273 typedef struct _RTL_BSD_DATA_POWER_TRANSITION 1274 { 1275 LARGE_INTEGER PowerButtonTimestamp; 1276 struct 1277 { 1278 UCHAR SystemRunning : 1; 1279 UCHAR ConnectedStandbyInProgress : 1; 1280 UCHAR UserShutdownInProgress : 1; 1281 UCHAR SystemShutdownInProgress : 1; 1282 UCHAR SleepInProgress : 4; 1283 } Flags; 1284 UCHAR ConnectedStandbyScenarioInstanceId; 1285 UCHAR ConnectedStandbyEntryReason; 1286 UCHAR ConnectedStandbyExitReason; 1287 USHORT SystemSleepTransitionCount; 1288 LARGE_INTEGER LastReferenceTime; 1289 ULONG LastReferenceTimeChecksum; 1290 ULONG LastUpdateBootId; 1291 } RTL_BSD_DATA_POWER_TRANSITION, *PRTL_BSD_DATA_POWER_TRANSITION; 1292 1293 typedef struct _RTL_BSD_DATA_ERROR_INFO 1294 { 1295 ULONG BootId; 1296 ULONG RepeatCount; 1297 ULONG OtherErrorCount; 1298 ULONG Code; 1299 ULONG OtherErrorCount2; 1300 } RTL_BSD_DATA_ERROR_INFO, *PRTL_BSD_DATA_ERROR_INFO; 1301 1302 typedef struct _RTL_BSD_POWER_BUTTON_PRESS_INFO 1303 { 1304 LARGE_INTEGER LastPressTime; 1305 ULONG CumulativePressCount; 1306 USHORT LastPressBootId; 1307 UCHAR LastPowerWatchdogStage; 1308 struct 1309 { 1310 UCHAR WatchdogArmed : 1; 1311 UCHAR ShutdownInProgress : 1; 1312 } Flags; 1313 LARGE_INTEGER LastReleaseTime; 1314 ULONG CumulativeReleaseCount; 1315 USHORT LastReleaseBootId; 1316 USHORT ErrorCount; 1317 UCHAR CurrentConnectedStandbyPhase; 1318 ULONG TransitionLatestCheckpointId; 1319 ULONG TransitionLatestCheckpointType; 1320 ULONG TransitionLatestCheckpointSequenceNumber; 1321 } RTL_BSD_POWER_BUTTON_PRESS_INFO, *PRTL_BSD_POWER_BUTTON_PRESS_INFO; 1322 1323 // 1324 // Main Structure for "bootstat.dat" RTL Data File 1325 // 1326 typedef struct _RTL_BSD_DATA 1327 { 1328 ULONG Version; // RtlBsdItemVersionNumber 1329 ULONG ProductType; // RtlBsdItemProductType 1330 BOOLEAN AabEnabled; // RtlBsdItemAabEnabled 1331 UCHAR AabTimeout; // RtlBsdItemAabTimeout 1332 BOOLEAN LastBootSucceeded; // RtlBsdItemBootGood 1333 BOOLEAN LastBootShutdown; // RtlBsdItemBootShutdown 1334 BOOLEAN SleepInProgress; // RtlBsdSleepInProgress 1335 RTL_BSD_DATA_POWER_TRANSITION PowerTransition; // RtlBsdPowerTransition 1336 UCHAR BootAttemptCount; // RtlBsdItemBootAttemptCount 1337 UCHAR LastBootCheckpoint; // RtlBsdItemBootCheckpoint 1338 UCHAR Checksum; // RtlBsdItemChecksum 1339 ULONG LastBootId; // RtlBsdItemBootId 1340 ULONG LastSuccessfulShutdownBootId; // RtlBsdItemShutdownBootId 1341 ULONG LastReportedAbnormalShutdownBootId; // RtlBsdItemReportedAbnormalShutdownBootId 1342 RTL_BSD_DATA_ERROR_INFO ErrorInfo; // RtlBsdItemErrorInfo 1343 RTL_BSD_POWER_BUTTON_PRESS_INFO PowerButtonPressInfo; // RtlBsdItemPowerButtonPressInfo 1344 } RTL_BSD_DATA, *PRTL_BSD_DATA; 1345 1346 #ifdef NTOS_MODE_USER 1347 // 1348 // Exception Record 1349 // 1350 typedef struct _EXCEPTION_REGISTRATION_RECORD 1351 { 1352 struct _EXCEPTION_REGISTRATION_RECORD *Next; 1353 PEXCEPTION_ROUTINE Handler; 1354 } EXCEPTION_REGISTRATION_RECORD, *PEXCEPTION_REGISTRATION_RECORD; 1355 #endif /* NTOS_MODE_USER */ 1356 1357 // 1358 // Current Directory Structures 1359 // 1360 typedef struct _CURDIR 1361 { 1362 UNICODE_STRING DosPath; 1363 HANDLE Handle; 1364 } CURDIR, *PCURDIR; 1365 1366 typedef struct _RTLP_CURDIR_REF 1367 { 1368 LONG RefCount; 1369 HANDLE Handle; 1370 } RTLP_CURDIR_REF, *PRTLP_CURDIR_REF; 1371 1372 typedef struct _RTL_RELATIVE_NAME_U 1373 { 1374 UNICODE_STRING RelativeName; 1375 HANDLE ContainingDirectory; 1376 PRTLP_CURDIR_REF CurDirRef; 1377 } RTL_RELATIVE_NAME_U, *PRTL_RELATIVE_NAME_U; 1378 1379 typedef struct _RTL_DRIVE_LETTER_CURDIR 1380 { 1381 USHORT Flags; 1382 USHORT Length; 1383 ULONG TimeStamp; 1384 UNICODE_STRING DosPath; 1385 } RTL_DRIVE_LETTER_CURDIR, *PRTL_DRIVE_LETTER_CURDIR; 1386 1387 typedef struct _RTL_PERTHREAD_CURDIR 1388 { 1389 PRTL_DRIVE_LETTER_CURDIR CurrentDirectories; 1390 PUNICODE_STRING ImageName; 1391 PVOID Environment; 1392 } RTL_PERTHREAD_CURDIR, *PRTL_PERTHREAD_CURDIR; 1393 1394 // 1395 // Private State structure for RtlAcquirePrivilege/RtlReleasePrivilege 1396 // 1397 typedef struct _RTL_ACQUIRE_STATE 1398 { 1399 HANDLE Token; 1400 HANDLE OldImpersonationToken; 1401 PTOKEN_PRIVILEGES OldPrivileges; 1402 PTOKEN_PRIVILEGES NewPrivileges; 1403 ULONG Flags; 1404 UCHAR OldPrivBuffer[1024]; 1405 } RTL_ACQUIRE_STATE, *PRTL_ACQUIRE_STATE; 1406 1407 #ifndef NTOS_MODE_USER 1408 1409 // 1410 // RTL Critical Section Structures 1411 // 1412 typedef struct _RTL_CRITICAL_SECTION_DEBUG 1413 { 1414 USHORT Type; 1415 USHORT CreatorBackTraceIndex; 1416 struct _RTL_CRITICAL_SECTION *CriticalSection; 1417 LIST_ENTRY ProcessLocksList; 1418 ULONG EntryCount; 1419 ULONG ContentionCount; 1420 ULONG Spare[2]; 1421 } RTL_CRITICAL_SECTION_DEBUG, *PRTL_CRITICAL_SECTION_DEBUG, RTL_RESOURCE_DEBUG, *PRTL_RESOURCE_DEBUG; 1422 1423 typedef struct _RTL_CRITICAL_SECTION 1424 { 1425 PRTL_CRITICAL_SECTION_DEBUG DebugInfo; 1426 LONG LockCount; 1427 LONG RecursionCount; 1428 HANDLE OwningThread; 1429 HANDLE LockSemaphore; 1430 ULONG_PTR SpinCount; 1431 } RTL_CRITICAL_SECTION, *PRTL_CRITICAL_SECTION; 1432 1433 #endif /* !NTOS_MODE_USER */ 1434 1435 // 1436 // RTL Private Heap Structures 1437 // 1438 typedef struct _HEAP_LOCK 1439 { 1440 union 1441 { 1442 RTL_CRITICAL_SECTION CriticalSection; 1443 #ifndef NTOS_MODE_USER 1444 ERESOURCE Resource; 1445 #endif 1446 UCHAR Padding[0x68]; /* Max ERESOURCE size for x64 build. Needed because RTL is built only once */ 1447 }; 1448 } HEAP_LOCK, *PHEAP_LOCK; 1449 1450 // 1451 // RTL Range List Structures 1452 // 1453 typedef struct _RTL_RANGE_LIST 1454 { 1455 LIST_ENTRY ListHead; 1456 ULONG Flags; 1457 ULONG Count; 1458 ULONG Stamp; 1459 } RTL_RANGE_LIST, *PRTL_RANGE_LIST; 1460 1461 typedef struct _RTL_RANGE 1462 { 1463 ULONGLONG Start; 1464 ULONGLONG End; 1465 PVOID UserData; 1466 PVOID Owner; 1467 UCHAR Attributes; 1468 UCHAR Flags; 1469 } RTL_RANGE, *PRTL_RANGE; 1470 1471 typedef struct _RANGE_LIST_ITERATOR 1472 { 1473 PLIST_ENTRY RangeListHead; 1474 PLIST_ENTRY MergedHead; 1475 PVOID Current; 1476 ULONG Stamp; 1477 } RTL_RANGE_LIST_ITERATOR, *PRTL_RANGE_LIST_ITERATOR; 1478 1479 // 1480 // RTL Resource 1481 // 1482 #define RTL_RESOURCE_FLAG_LONG_TERM ((ULONG)0x00000001) 1483 1484 typedef struct _RTL_RESOURCE 1485 { 1486 RTL_CRITICAL_SECTION Lock; 1487 HANDLE SharedSemaphore; 1488 ULONG SharedWaiters; 1489 HANDLE ExclusiveSemaphore; 1490 ULONG ExclusiveWaiters; 1491 LONG NumberActive; 1492 HANDLE OwningThread; 1493 ULONG TimeoutBoost; 1494 PVOID DebugInfo; 1495 } RTL_RESOURCE, *PRTL_RESOURCE; 1496 1497 // 1498 // Structures for RtlCreateUserProcess 1499 // 1500 typedef struct _RTL_USER_PROCESS_PARAMETERS 1501 { 1502 ULONG MaximumLength; 1503 ULONG Length; 1504 ULONG Flags; 1505 ULONG DebugFlags; 1506 HANDLE ConsoleHandle; 1507 ULONG ConsoleFlags; 1508 HANDLE StandardInput; 1509 HANDLE StandardOutput; 1510 HANDLE StandardError; 1511 CURDIR CurrentDirectory; 1512 UNICODE_STRING DllPath; 1513 UNICODE_STRING ImagePathName; 1514 UNICODE_STRING CommandLine; 1515 PWSTR Environment; 1516 ULONG StartingX; 1517 ULONG StartingY; 1518 ULONG CountX; 1519 ULONG CountY; 1520 ULONG CountCharsX; 1521 ULONG CountCharsY; 1522 ULONG FillAttribute; 1523 ULONG WindowFlags; 1524 ULONG ShowWindowFlags; 1525 UNICODE_STRING WindowTitle; 1526 UNICODE_STRING DesktopInfo; 1527 UNICODE_STRING ShellInfo; 1528 UNICODE_STRING RuntimeData; 1529 RTL_DRIVE_LETTER_CURDIR CurrentDirectories[RTL_MAX_DRIVE_LETTERS]; 1530 #if (NTDDI_VERSION >= NTDDI_LONGHORN) 1531 SIZE_T EnvironmentSize; 1532 #endif 1533 #if (NTDDI_VERSION >= NTDDI_WIN7) 1534 SIZE_T EnvironmentVersion; 1535 #endif 1536 } RTL_USER_PROCESS_PARAMETERS, *PRTL_USER_PROCESS_PARAMETERS; 1537 1538 typedef struct _RTL_USER_PROCESS_INFORMATION 1539 { 1540 ULONG Size; 1541 HANDLE ProcessHandle; 1542 HANDLE ThreadHandle; 1543 CLIENT_ID ClientId; 1544 SECTION_IMAGE_INFORMATION ImageInformation; 1545 } RTL_USER_PROCESS_INFORMATION, *PRTL_USER_PROCESS_INFORMATION; 1546 1547 #if (NTDDI_VERSION >= NTDDI_WIN7) 1548 1549 typedef enum _RTL_UMS_SCHEDULER_REASON 1550 { 1551 UmsSchedulerStartup = 0, 1552 UmsSchedulerThreadBlocked = 1, 1553 UmsSchedulerThreadYield = 2, 1554 } RTL_UMS_SCHEDULER_REASON, *PRTL_UMS_SCHEDULER_REASON; 1555 1556 typedef enum _RTL_UMSCTX_FLAGS 1557 { 1558 UMSCTX_SCHEDULED_THREAD_BIT = 0, 1559 #if (NTDDI_VERSION < NTDDI_WIN8) 1560 UMSCTX_HAS_QUANTUM_REQ_BIT, 1561 UMSCTX_HAS_AFFINITY_REQ_BIT, 1562 UMSCTX_HAS_PRIORITY_REQ_BIT, 1563 #endif 1564 UMSCTX_SUSPENDED_BIT, 1565 UMSCTX_VOLATILE_CONTEXT_BIT, 1566 UMSCTX_TERMINATED_BIT, 1567 UMSCTX_DEBUG_ACTIVE_BIT, 1568 UMSCTX_RUNNING_ON_SELF_THREAD_BIT, 1569 UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT 1570 1571 } RTL_UMSCTX_FLAGS, *PRTL_UMSCTX_FLAGS; 1572 1573 #define UMSCTX_SCHEDULED_THREAD_MASK (1 << UMSCTX_SCHEDULED_THREAD_BIT) 1574 #define UMSCTX_SUSPENDED_MASK (1 << UMSCTX_SUSPENDED_BIT) 1575 #define UMSCTX_VOLATILE_CONTEXT_MASK (1 << UMSCTX_VOLATILE_CONTEXT_BIT) 1576 #define UMSCTX_TERMINATED_MASK (1 << UMSCTX_TERMINATED_BIT) 1577 #define UMSCTX_DEBUG_ACTIVE_MASK (1 << UMSCTX_DEBUG_ACTIVE_BIT) 1578 #define UMSCTX_RUNNING_ON_SELF_THREAD_MASK (1 << UMSCTX_RUNNING_ON_SELF_THREAD_BIT) 1579 #define UMSCTX_DENY_RUNNING_ON_SELF_THREAD_MASK (1 << UMSCTX_DENY_RUNNING_ON_SELF_THREAD_BIT) 1580 1581 // 1582 // UMS Context 1583 // 1584 typedef struct DECLSPEC_ALIGN(16) _RTL_UMS_CONTEXT 1585 { 1586 SINGLE_LIST_ENTRY Link; 1587 CONTEXT Context; 1588 PVOID Teb; 1589 PVOID UserContext; 1590 union 1591 { 1592 struct 1593 { 1594 ULONG ScheduledThread : 1; 1595 #if (NTDDI_VERSION < NTDDI_WIN8) 1596 ULONG HasQuantumReq : 1; 1597 ULONG HasAffinityReq : 1; 1598 ULONG HasPriorityReq : 1; 1599 #endif 1600 ULONG Suspended : 1; 1601 ULONG VolatileContext : 1; 1602 ULONG Terminated : 1; 1603 ULONG DebugActive : 1; 1604 ULONG RunningOnSelfThread : 1; 1605 ULONG DenyRunningOnSelfThread : 1; 1606 #if (NTDDI_VERSION < NTDDI_WIN8) 1607 ULONG ReservedFlags : 22; 1608 #endif 1609 }; 1610 LONG Flags; 1611 }; 1612 union 1613 { 1614 struct 1615 { 1616 #if (NTDDI_VERSION >= NTDDI_WIN8) 1617 ULONG64 KernelUpdateLock : 2; 1618 #else 1619 ULONG64 KernelUpdateLock : 1; 1620 ULONG64 Reserved : 1; 1621 #endif 1622 ULONG64 PrimaryClientID : 62; 1623 }; 1624 ULONG64 ContextLock; 1625 }; 1626 #if (NTDDI_VERSION < NTDDI_WIN8) 1627 ULONG64 QuantumValue; 1628 GROUP_AFFINITY AffinityMask; 1629 LONG Priority; 1630 #endif 1631 struct _RTL_UMS_CONTEXT* PrimaryUmsContext; 1632 ULONG SwitchCount; 1633 ULONG KernelYieldCount; 1634 ULONG MixedYieldCount; 1635 ULONG YieldCount; 1636 } RTL_UMS_CONTEXT, *PRTL_UMS_CONTEXT; 1637 #endif // #if (NTDDI_VERSION >= NTDDI_WIN7) 1638 1639 // 1640 // RTL Atom Table Structures 1641 // 1642 typedef struct _RTL_ATOM_TABLE_ENTRY 1643 { 1644 struct _RTL_ATOM_TABLE_ENTRY *HashLink; 1645 USHORT HandleIndex; 1646 USHORT Atom; 1647 USHORT ReferenceCount; 1648 UCHAR Flags; 1649 UCHAR NameLength; 1650 WCHAR Name[1]; 1651 } RTL_ATOM_TABLE_ENTRY, *PRTL_ATOM_TABLE_ENTRY; 1652 1653 typedef struct _RTL_ATOM_TABLE 1654 { 1655 ULONG Signature; 1656 union 1657 { 1658 #ifdef NTOS_MODE_USER 1659 RTL_CRITICAL_SECTION CriticalSection; 1660 #else 1661 FAST_MUTEX FastMutex; 1662 #endif 1663 }; 1664 union 1665 { 1666 #ifdef NTOS_MODE_USER 1667 RTL_HANDLE_TABLE RtlHandleTable; 1668 #else 1669 PHANDLE_TABLE ExHandleTable; 1670 #endif 1671 }; 1672 ULONG NumberOfBuckets; 1673 PRTL_ATOM_TABLE_ENTRY Buckets[1]; 1674 } RTL_ATOM_TABLE, *PRTL_ATOM_TABLE; 1675 1676 // 1677 // Timezone Information 1678 // 1679 typedef struct _RTL_TIME_ZONE_INFORMATION 1680 { 1681 LONG Bias; 1682 WCHAR StandardName[32]; 1683 TIME_FIELDS StandardDate; 1684 LONG StandardBias; 1685 WCHAR DaylightName[32]; 1686 TIME_FIELDS DaylightDate; 1687 LONG DaylightBias; 1688 } RTL_TIME_ZONE_INFORMATION, *PRTL_TIME_ZONE_INFORMATION; 1689 1690 // 1691 // Hotpatch Header 1692 // 1693 typedef struct _RTL_PATCH_HEADER 1694 { 1695 LIST_ENTRY PatchList; 1696 PVOID PatchImageBase; 1697 struct _RTL_PATCH_HEADER *NextPath; 1698 ULONG PatchFlags; 1699 LONG PatchRefCount; 1700 struct _HOTPATCH_HEADER *HotpatchHeader; 1701 UNICODE_STRING TargetDllName; 1702 PVOID TargetDllBase; 1703 PLDR_DATA_TABLE_ENTRY TargetLdrDataTableEntry; 1704 PLDR_DATA_TABLE_ENTRY PatchLdrDataTableEntry; 1705 struct _SYSTEM_HOTPATCH_CODE_INFORMATION *CodeInfo; 1706 } RTL_PATCH_HEADER, *PRTL_PATCH_HEADER; 1707 1708 // 1709 // Header for NLS Files 1710 // 1711 typedef struct _NLS_FILE_HEADER 1712 { 1713 USHORT HeaderSize; 1714 USHORT CodePage; 1715 USHORT MaximumCharacterSize; 1716 USHORT DefaultChar; 1717 USHORT UniDefaultChar; 1718 USHORT TransDefaultChar; 1719 USHORT TransUniDefaultChar; 1720 UCHAR LeadByte[MAXIMUM_LEADBYTES]; 1721 } NLS_FILE_HEADER, *PNLS_FILE_HEADER; 1722 1723 // 1724 // Stack Traces 1725 // 1726 typedef struct _RTL_STACK_TRACE_ENTRY 1727 { 1728 struct _RTL_STACK_TRACE_ENTRY *HashChain; 1729 ULONG TraceCount; 1730 USHORT Index; 1731 USHORT Depth; 1732 PVOID BackTrace[32]; 1733 } RTL_STACK_TRACE_ENTRY, *PRTL_STACK_TRACE_ENTRY; 1734 1735 typedef struct _STACK_TRACE_DATABASE 1736 { 1737 RTL_CRITICAL_SECTION CriticalSection; 1738 } STACK_TRACE_DATABASE, *PSTACK_TRACE_DATABASE; 1739 1740 // 1741 // Trace Database 1742 // 1743 1744 typedef ULONG (NTAPI *RTL_TRACE_HASH_FUNCTION) (ULONG Count, PVOID *Trace); 1745 1746 typedef struct _RTL_TRACE_BLOCK 1747 { 1748 ULONG Magic; 1749 ULONG Count; 1750 ULONG Size; 1751 ULONG UserCount; 1752 ULONG UserSize; 1753 PVOID UserContext; 1754 struct _RTL_TRACE_BLOCK *Next; 1755 PVOID *Trace; 1756 } RTL_TRACE_BLOCK, *PRTL_TRACE_BLOCK; 1757 1758 typedef struct _RTL_TRACE_DATABASE 1759 { 1760 ULONG Magic; 1761 ULONG Flags; 1762 ULONG Tag; 1763 struct _RTL_TRACE_SEGMENT *SegmentList; 1764 SIZE_T MaximumSize; 1765 SIZE_T CurrentSize; 1766 PVOID Owner; 1767 #ifdef NTOS_MODE_USER 1768 RTL_CRITICAL_SECTION Lock; 1769 #else 1770 union 1771 { 1772 KSPIN_LOCK SpinLock; 1773 FAST_MUTEX FastMutex; 1774 } u; 1775 #endif 1776 ULONG NoOfBuckets; 1777 struct _RTL_TRACE_BLOCK **Buckets; 1778 RTL_TRACE_HASH_FUNCTION HashFunction; 1779 SIZE_T NoOfTraces; 1780 SIZE_T NoOfHits; 1781 ULONG HashCounter[16]; 1782 } RTL_TRACE_DATABASE, *PRTL_TRACE_DATABASE; 1783 1784 typedef struct _RTL_TRACE_SEGMENT 1785 { 1786 ULONG Magic; 1787 struct _RTL_TRACE_DATABASE *Database; 1788 struct _RTL_TRACE_SEGMENT *NextSegment; 1789 SIZE_T TotalSize; 1790 PCHAR SegmentStart; 1791 PCHAR SegmentEnd; 1792 PCHAR SegmentFree; 1793 } RTL_TRACE_SEGMENT, *PRTL_TRACE_SEGMENT; 1794 1795 typedef struct _RTL_TRACE_ENUMERATE 1796 { 1797 struct _RTL_TRACE_DATABASE *Database; 1798 ULONG Index; 1799 struct _RTL_TRACE_BLOCK *Block; 1800 } RTL_TRACE_ENUMERATE, * PRTL_TRACE_ENUMERATE; 1801 1802 // 1803 // Auto-Managed Rtl* String Buffer 1804 // 1805 typedef struct _RTL_BUFFER 1806 { 1807 PUCHAR Buffer; 1808 PUCHAR StaticBuffer; 1809 SIZE_T Size; 1810 SIZE_T StaticSize; 1811 SIZE_T ReservedForAllocatedSize; 1812 PVOID ReservedForIMalloc; 1813 } RTL_BUFFER, *PRTL_BUFFER; 1814 1815 typedef struct _RTL_UNICODE_STRING_BUFFER 1816 { 1817 UNICODE_STRING String; 1818 RTL_BUFFER ByteBuffer; 1819 WCHAR MinimumStaticBufferForTerminalNul; 1820 } RTL_UNICODE_STRING_BUFFER, *PRTL_UNICODE_STRING_BUFFER; 1821 1822 #ifndef NTOS_MODE_USER 1823 1824 // 1825 // Message Resource Entry, Block and Data 1826 // 1827 typedef struct _MESSAGE_RESOURCE_ENTRY 1828 { 1829 USHORT Length; 1830 USHORT Flags; 1831 UCHAR Text[ANYSIZE_ARRAY]; 1832 } MESSAGE_RESOURCE_ENTRY, *PMESSAGE_RESOURCE_ENTRY; 1833 1834 typedef struct _MESSAGE_RESOURCE_BLOCK 1835 { 1836 ULONG LowId; 1837 ULONG HighId; 1838 ULONG OffsetToEntries; 1839 } MESSAGE_RESOURCE_BLOCK, *PMESSAGE_RESOURCE_BLOCK; 1840 1841 typedef struct _MESSAGE_RESOURCE_DATA 1842 { 1843 ULONG NumberOfBlocks; 1844 MESSAGE_RESOURCE_BLOCK Blocks[ANYSIZE_ARRAY]; 1845 } MESSAGE_RESOURCE_DATA, *PMESSAGE_RESOURCE_DATA; 1846 1847 #endif /* !NTOS_MODE_USER */ 1848 1849 #ifdef NTOS_MODE_USER 1850 1851 // 1852 // Memory Stream 1853 // 1854 #ifndef CONST_VTBL 1855 #ifdef CONST_VTABLE 1856 #define CONST_VTBL const 1857 #else 1858 #define CONST_VTBL 1859 #endif 1860 #endif 1861 1862 struct IStreamVtbl; 1863 struct IStream; 1864 struct tagSTATSTG; 1865 1866 typedef struct _RTL_MEMORY_STREAM RTL_MEMORY_STREAM, *PRTL_MEMORY_STREAM; 1867 1868 typedef VOID 1869 (NTAPI *PRTL_MEMORY_STREAM_FINAL_RELEASE_ROUTINE)( 1870 _In_ PRTL_MEMORY_STREAM Stream 1871 ); 1872 1873 struct _RTL_MEMORY_STREAM 1874 { 1875 CONST_VTBL struct IStreamVtbl *Vtbl; 1876 LONG RefCount; 1877 ULONG Unk1; 1878 PVOID Current; 1879 PVOID Start; 1880 PVOID End; 1881 PRTL_MEMORY_STREAM_FINAL_RELEASE_ROUTINE FinalRelease; 1882 HANDLE ProcessHandle; 1883 }; 1884 1885 #endif /* NTOS_MODE_USER */ 1886 1887 #ifdef __cplusplus 1888 } 1889 #endif 1890 1891 #endif /* !_RTLTYPES_H */ 1892